3.2.2. show¶
show vrfs¶
Note
requires a Product License.
vsr> show vrfs
Show VRFs on the machine.
Output Data¶
vrf VRFVRF name.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
show commands¶
vsr> show commands
Show all available nc-cli commands with the corresponding yang path.
Output Data¶
commandThe list of nc-cli commands.
path <string>The RPC path.
nc-cli-command <string>The corresponding nc-cli command name.
protected true|falseTrue if the RPC is protected.
show interface¶
vsr> show interface [vrf <string>] [l3vrf <string>] [type <identityref>] [LEVEL] \
... [name <string>]
Show interface information.
Input Parameters¶
vrf <string>VRF to look into.
l3vrf <string>L3vrf to look into.
type <identityref>Interface type.
LEVELThe level of information requested.
LEVELvaluesDescription
statisticsDisplay statistics.
detailsDisplay more details.
upDisplay UP interfaces only.
hardware-statisticsDisplay hardware statistics. Implies physical type.
hardware-featuresDisplay hardware features. Implies physical type.
hardware-informationDisplay hardware information. Implies physical type.
hardware-driver-informationDisplay hardware driver information. Implies physical type.
name <string>Display only one interface by this name.
show interface throughput¶
vsr> show interface throughput [vrf <string>] [type <identityref>] [name <string>] [count <1-65535>] \
... [raw]
Show interface throughput every second.
Input Parameters¶
vrf <string>VRF to look into.
type <identityref>Select all interfaces of this type.
name <string>Select this specific interface (may be specified multiple times).
count <1-65535>Stop after the given number of seconds. By default, the throughput is displayed every second until the command is interrupted with
ctrl-c.rawShow the exact number of packets/bits received/transmitted every second instead of human readable values.
show ipv4-routes¶
vsr> show ipv4-routes [vrf <string>] [l3vrf <string>] [protocol <identityref>] [table <1-4294967295>] \
... [to TO] [summary]
Show IPv4 routing table.
Input Parameters¶
vrf <string>Specify the VRF.
l3vrf <string>Specify the l3vrf.
protocol <identityref>Filter routes by protocol.
table <1-4294967295>Non-main Kernel Routing Table.
to TOFind the route entry used to reach an IP address or an exact network.
TOvaluesDescription
<A.B.C.D>An IPv4 address.
<A.B.C.D/M>An IPv4 prefix: address and CIDR mask.
summarySummary of all routes.
show ipv6-routes¶
vsr> show ipv6-routes [vrf <string>] [l3vrf <string>] [protocol <identityref>] [table <1-4294967295>] \
... [to TO] [summary]
Show IPv6 routing table.
Input Parameters¶
vrf <string>Specify the VRF.
l3vrf <string>Specify the l3vrf.
protocol <identityref>Filter routes by protocol.
table <1-4294967295>Non-main Kernel Routing Table.
to TOFind the route entry used to reach an IPv6 address or an exact network.
TOvaluesDescription
<X:X::X:X>An IPv6 address.
<X:X::X:X/M>An IPv6 prefix: address and CIDR mask.
summarySummary of all routes.
show mpls fec table¶
Note
requires a Product License.
vsr> show mpls fec table [vrf <string>] [entry ENTRY]
Show MPLS FEC table information.
Input Parameters¶
vrf <string>The VRF to look into.
entry ENTRYThe entry to display.
ENTRYvaluesDescription
<A.B.C.D/M>An IPv4 prefix: address and CIDR mask.
<X:X::X:X/M>An IPv6 prefix: address and CIDR mask.
show mpls table¶
Note
requires a Product License.
vsr> show mpls table [vrf <string>] [<16-1048575>]
Show MPLS table information.
Input Parameters¶
vrf <string>Specify the VRF.
<16-1048575>LSP to display information about.
show disk¶
Note
requires a Product License.
vsr> show disk
Show Linux system disk usage.
Output Data¶
disk-usageThe disk information per device.
name <string>The disk name.
label <string>The disk label.
total <uint64>[KMGT]The disk total size.
partitionThe partition information per disk.
name <string>The partition name.
label <string>The partition label.
fstype <string>The partition filesystem type.
total <uint64>[KMGT]The partition total size.
available <uint64>[KMGT]The partition free size.
show numa statistics¶
vsr> show numa statistics
Shows per-NUMA-node memory statistics for processes and the operating system.
Output Data¶
statisticsList of current NUMA-nodes and their statistics.
node <string>Numa node unique identifier.
numa-hit <uint64>Number of pages successfully allocated to this node as intended.
numa-miss <uint64>Number of pages allocated on this node despite the process preferring some different node.
numa-foreign <uint64>Number of pages intended for this node but actually allocated on some different node.
interleave-hit <uint64>Number of interleave policy pages successfully allocated to this node.
local-node <uint64>Number of pages successfully allocated on this node by a process on this node.
other-node <uint64>Number of pages allocated on this node by a process on another node.
show processes¶
vsr> show processes
Shows the list of processes in the system.
Output Data¶
processThe list of monitored processes on the system.
name <string>The name of the process.
pid <uint64>The pid of the process.
fds <uint32>The number of file descriptors opened by this process.
memory <uint64>The memory used by this process.
busy <decimal64>The busy percentage for this process.
voluntary-context-switches <uint64>The number of voluntary context switches.
involuntary-context-switches <uint64>The number of involuntary context switches.
show soft-interrupts¶
vsr> show soft-interrupts
Show soft interrupts statistics per CPU.
Output Data¶
statisticsThe list of soft interrupts statistics per CPU.
cpu <string>The CPU number.
hi <uint64>Number of high priority tasklets.
timer <uint64>Number of timer interrupts.
net-tx <uint64>Number of interrupts for transmitting packets to network cards.
net-rx <uint64>Number of interrupts for receiving packets from network cards.
irq-poll <uint64>Number of polling interrupts.
block <uint64>Number of block-device I/O interrupts.
tasklet <uint64>Number of regular tasklets interrupts.
high-resolution-timer <uint64>Number of high resolution timer interrupts.
sched <uint64>Number of scheduling interrupts.
rcu <uint64>Number of read-copy-update interrupts.
show hardware¶
vsr> show hardware [type TYPE]
Shows machine hardware informations.
Input Parameters¶
type TYPEHardware types used in lshw -class <type>.
TYPEvaluesDescription
cpuCPU type.
memoryMemory type.
networkNetwork type.
diskDisk type.
Output Data¶
system-serial <string>System serial number if present on the machine.
cpu-unitList of all CPU units on the machine.
model-name <string>CPU model name.
vendor-name <string>CPU vendor name.
frequency <uint64>CPU frequency.
serial <string>CPU serial number.
cores <uint32>Number of cores on this CPU.
threads <uint32>Number of threads on this CPU.
capabilities <string>Comma separated list of this CPU capabilities.
memory-unitList of all memory units on the machine.
storage-size <uint64>Memory unit storage size in bytes.
description <string>Memory unit description.
model-name <string>Memory unit model name.
vendor-name <string>Memory unit vendor name.
serial <string>Memory unit serial number.
network-unitList of all network interface units on the machine.
description <string>Network interface description.
model-name <string>Network interface model name.
vendor-name <string>Network interface vendor name.
mac-address MAC-ADDRESSNetwork interface mac address.
MAC-ADDRESSAn IEEE 802 unicast MAC address i.e. the second digit is an even number. Moreover the mac address must not be 00:00:00:00:00:00.
speed <uint64>Network interface speed.
driver <string>Network interface driver.
firmware <string>Network interface firmware.
port <string>Network interface port.
disk-unitList of all memory units on the machine.
storage-size <uint64>Disk storage size in bytes.
description <string>Disk description.
model-name <string>Disk model name.
vendor-name <string>Disk vendor name.
serial <string>Disk serial number.
show bgp¶
Note
requires a Product License.
vsr> show bgp nexthop-cache [nexthop NEXTHOP] pbr ipset [set <string>] iptable \
... [chain <string>] [vrf <string>] [l3vrf <string>] [l3vrfs] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] [neighbors] \
... neighbor [id ID] unnumbered-neighbor [interface INTERFACE] community-list \
... large-community-list extcommunity-list as-path-access-list [name <string>] \
... [route-map <string>] ipv4 ip [VALUE] [bestpath] [multipath] prefix \
... [value VALUE] [bestpath] [multipath] [longer-prefixes] [cidr-only] \
... [statistics] summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] \
... community-list [name <string>] [exact-match] community [VALUE] \
... [exact-match] large-community-list [name <string>] [exact-match] \
... large-community [VALUE] [exact-match] [route-map <string>] flowspec \
... ip [VALUE] [bestpath] [multipath] prefix [value VALUE] [bestpath] \
... [multipath] [longer-prefixes] [detail] [cidr-only] [statistics] \
... summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] unicast neighbor [id ID] \
... [prefix-counts] received [prefix-filter] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... ip [VALUE] [bestpath] [multipath] prefix [value VALUE] [bestpath] \
... [multipath] [longer-prefixes] [cidr-only] [statistics] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] multicast neighbor \
... [id ID] [prefix-counts] [dampened-routes] [flap-statistics] [routes] \
... [advertised-routes] [filtered-routes] [received-routes] ip [VALUE] \
... [bestpath] [multipath] prefix [value VALUE] [bestpath] [multipath] \
... [longer-prefixes] [cidr-only] [statistics] summary [STATE] [neighbor NEIGHBOR] \
... [remote-as REMOTE-AS] community-list [name <string>] [exact-match] \
... community [VALUE] [exact-match] large-community-list [name <string>] \
... [exact-match] large-community [VALUE] [exact-match] [route-map <string>] \
... labeled-unicast neighbor [id ID] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... ip [VALUE] [bestpath] [multipath] prefix [value VALUE] [bestpath] \
... [multipath] [longer-prefixes] [cidr-only] [statistics] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] vpn [route-distinguisher ROUTE-DISTINGUISHER] \
... neighbor [id ID] [prefix-counts] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... ip [VALUE] [bestpath] [multipath] prefix [value VALUE] [bestpath] \
... [multipath] [longer-prefixes] [cidr-only] [statistics] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] neighbor [id ID] [prefix-counts] \
... received [prefix-filter] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... [neighbors] ipv6 ip [value VALUE] [bestpath] [multipath] prefix \
... [VALUE] [bestpath] [multipath] [longer-prefixes] [cidr-only] \
... [statistics] summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] \
... community-list [name <string>] [exact-match] community [VALUE] \
... [exact-match] large-community-list [name <string>] [exact-match] \
... large-community [VALUE] [exact-match] [route-map <string>] flowspec \
... ip [value VALUE] [bestpath] [multipath] prefix [VALUE] [bestpath] \
... [multipath] [longer-prefixes] [detail] [cidr-only] [statistics] \
... summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] unicast neighbor [id ID] \
... [prefix-counts] received [prefix-filter] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... ip [value VALUE] [bestpath] [multipath] prefix [VALUE] [bestpath] \
... [multipath] [longer-prefixes] [cidr-only] [statistics] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] multicast neighbor \
... [id ID] [prefix-counts] [dampened-routes] [flap-statistics] [routes] \
... [advertised-routes] [filtered-routes] [received-routes] ip [value VALUE] \
... [bestpath] [multipath] prefix [VALUE] [bestpath] [multipath] \
... [longer-prefixes] [cidr-only] [statistics] summary [STATE] [neighbor NEIGHBOR] \
... [remote-as REMOTE-AS] community-list [name <string>] [exact-match] \
... community [VALUE] [exact-match] large-community-list [name <string>] \
... [exact-match] large-community [VALUE] [exact-match] [route-map <string>] \
... labeled-unicast neighbor [id ID] [dampened-routes] [flap-statistics] \
... [routes] [advertised-routes] [filtered-routes] [received-routes] \
... ip [value VALUE] [bestpath] [multipath] prefix [VALUE] [bestpath] \
... [multipath] [longer-prefixes] [cidr-only] [statistics] summary \
... [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] community-list \
... [name <string>] [exact-match] community [VALUE] [exact-match] \
... large-community-list [name <string>] [exact-match] large-community \
... [VALUE] [exact-match] [route-map <string>] vpn neighbor [id ID] \
... [prefix-counts] [dampened-routes] [flap-statistics] [routes] \
... [advertised-routes] [filtered-routes] [received-routes] ip [value VALUE] \
... [bestpath] [multipath] prefix [VALUE] [bestpath] [multipath] \
... [longer-prefixes] [cidr-only] [statistics] summary [STATE] [neighbor NEIGHBOR] \
... [remote-as REMOTE-AS] community-list [name <string>] [exact-match] \
... community [VALUE] [exact-match] large-community-list [name <string>] \
... [exact-match] large-community [VALUE] [exact-match] [route-map <string>] \
... neighbor [id ID] [prefix-counts] received [prefix-filter] [dampened-routes] \
... [flap-statistics] [routes] [advertised-routes] [filtered-routes] \
... [received-routes] [neighbors] l2vpn evpn [vnis] [vni VNI] [NET] \
... summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS] [overlay] \
... [tags] neighbor NEIGHBOR [advertised-routes] [routes] [route-distinguisher ROUTE-DISTINGUISHER] \
... route [type TYPE] [detail] l3vpn label-exported-nexthop-cache \
... [detail] label-incoming-nexthop-cache [detail] link-state non-vpn \
... neighbor [id ID] [advertised-routes] [filtered-routes] [received-routes] \
... [detail-routes] summary [STATE] [neighbor NEIGHBOR] [remote-as REMOTE-AS]
Show BGP information.
Input Parameters¶
nexthop-cacheDisplay the BGP nexthop cache information. This cache lists the BGP nexthops from the incoming BGP updates, and indicates how to reach those nexthops.
nexthop NEXTHOPDisplay the detailed information for the given BGP nexthop entry from the BGP nexthop cache. The Paths that use that nexthop are displayed.
NEXTHOPvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
pbrDisplay information about PBR configured by BGP.
ipsetDisplay information about PBR IPSETs configured by BGP.
set <string>Display information about this set.
iptableDisplay information about PBR IPTables chainsa configured by BGP.
chain <string>Display information about this chain.
vrf <string>Specify the VRF.
l3vrf <string>Specify the L3VRF.
l3vrfsShow BGP VRFs.
summaryDisplay summary of BGP neighbor(s) status, this includes the whole bgp context.
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
neighborsDisplay information about all BGP neighbors.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
unnumbered-neighborDisplay information about BGP unnumbered neighbor.
interface INTERFACEReferenced interface name.
INTERFACEAn interface name.
community-listDisplay information about BGP community lists (standard and expanded).
large-community-listDisplay information about BGP large community lists (standard and expanded).
extcommunity-listDisplay information about BGP extcommunity lists (standard and expanded).
as-path-access-listDisplay information about AS-path access lists.
name <string>Display information about a certain AS-Path access list.
route-map <string>Display information about this route map.
ipv4Display information about BGP IPv4.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
flowspecDisplay information for flowspec address family.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
detailDisplay detailed information on flowspec entries.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
unicastDisplay information for unicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
receivedDisplay information received from a BGP neighbor.
prefix-filterDisplay the prefixlist filter.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
multicastDisplay information for multicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
labeled-unicastDisplay information for labeled unicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
vpnDisplay information for VPN address family.
route-distinguisher ROUTE-DISTINGUISHERDisplay information for a route distinguisher.
ROUTE-DISTINGUISHERvaluesDescription
<uint32:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<1-65535.0-65535:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<uint16:uint32>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<0.1-65535:uint32>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<ipv4-address:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
VALUEDisplay this address in the BGP routing table.
VALUEAn IPv4 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
value VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv4 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
receivedDisplay information received from a BGP neighbor.
prefix-filterDisplay the prefixlist filter.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
neighborsDisplay information about all BGP neighbors.
ipv6Display information about BGP IPv6.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
flowspecDisplay information for flowspec address family.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
detailDisplay detailed information on flowspec entries.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
unicastDisplay information for unicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
receivedDisplay information received from a BGP neighbor.
prefix-filterDisplay the prefixlist filter.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
multicastDisplay information for multicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
labeled-unicastDisplay information for labeled unicast address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
vpnDisplay information for VPN address family.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
ipDisplay this address in the BGP routing table.
value VALUEDisplay this address in the BGP routing table.
VALUEAn IPv6 address.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
prefixDisplay this network in the BGP routing table.
VALUEDisplay this prefix in the BGP routing table.
VALUEAn IPv6 prefix: address and CIDR mask.
bestpathDisplay only the best path.
multipathDisplay only multipaths.
longer-prefixesDisplay route and more specific routes.
cidr-onlyDisplay only routes with non-natural netmask.
statisticsDisplay BGP RIB advertisement statistics.
summaryDisplay summary of BGP IPv4/IPv6 neighbors status. Can be filtered by subsequent address family (SAFI).
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
community-listDisplay routes matching the community-list.
name <string>BGP community list name.
exact-matchExact match of the communities.
communityDisplay routes matching the communities.
VALUEBGP community value.
VALUEvaluesDescription
local-ASLocal AS.
no-advertiseDo not advertise.
no-exportDo not export.
internetInternet.
graceful-shutdownGraceful-shutdown.
accept-ownAccept-own.
route-filter-translated-v4Route-filter-translated-v4.
route-filter-v4Route-filter-v4.
route-filter-translated-v6Route-filter-translated-v6.
route-filter-v6Route-filter-v6.
llgr-staleLlgr-stale.
no-llgrNo-llgr.
accept-own-nexthopAccept-own-nexthop.
blackholeBlackhole.
no-peerNo-peer.
<string>Community attribute.
exact-matchExact match of the communities.
large-community-listDisplay routes matching the large-community-list.
name <string>BGP large community list name.
exact-matchExact match of the large communities.
large-communityDisplay routes matching the large communities.
VALUEBGP large community value.
VALUELarge community attribute.
exact-matchExact match of the large communities.
route-map <string>Display information about this route map.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
prefix-countsDisplay detailed prefix count information.
receivedDisplay information received from a BGP neighbor.
prefix-filterDisplay the prefixlist filter.
dampened-routesDisplay the dampened routes received from neighbor.
flap-statisticsDisplay the flap statistics of the routes learned from neighbor.
routesDisplay routes learned from neighbor.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
neighborsDisplay information about all BGP neighbors.
l2vpnDisplay Layer 2 Virtual Private Network information.
evpnDisplay Ethernet Virtual Private Network information.
vnisDisplay all VNIs information.
vni VNIDisplay VNI information.
VNIType definition representing VXLAN Segment ID / VXLAN Network Identifier value.
NETNetwork in the BGP routing table to display.
NETvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
summaryDisplay the summary of l2vpn BGP neighbors status.
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
overlayDisplay BGP Overlay Information for prefixes.
tagsDisplay BGP tags for prefixes.
neighborDetailed information on TCP and BGP neighbor connections.
NEIGHBOR(mandatory)Neighbor to display information about.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
advertised-routesDisplay the routes advertised to a BGP neighbor.
routesDisplay routes learned from neighbor.
route-distinguisher ROUTE-DISTINGUISHERDisplay information for a route distinguisher.
ROUTE-DISTINGUISHERvaluesDescription
<uint32:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<1-65535.0-65535:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<uint16:uint32>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<0.1-65535:uint32>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
<ipv4-address:uint16>Type definition for extended community attributes. Possible formats: <4b AS>:<2b value>, <2b AS>:<4b value> or <4b IPv4>:<2b value> (see RFC4364 section 4.2). <2b AS> or <4b AS> can be expressed in plain, dot and dot+ format.
routeDetailed information BPG L2VPN EVPN routes.
type TYPESpecify route type.
TYPEvaluesDescription
macipMAC-IP (Type-2) route.
multicastMulticast (Type-3) route.
prefixPrefix (Type-5) route.
detailDisplay detail information.
l3vpnDisplay Layer 3 Virtual Private Network information.
label-exported-nexthop-cacheDisplay label nexthop cache for exported nexthops.
detailDisplay detail information.
label-incoming-nexthop-cacheDisplay label nexthop cache for incoming nexthops.
detailDisplay detail information.
link-stateDisplay link-state information.
non-vpnDisplay link-state non VPN information.
neighborDisplay information about one BGP neighbor.
id IDDisplay information about one BGP neighbor.
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
advertised-routesDisplay the routes advertised to a BGP neighbor.
filtered-routesDisplay the filtered routes received from neighbor.
received-routesDisplay the received routes from neighbor.
detail-routesDisplay link state routes with details.
summaryDisplay the summary of l2vpn BGP neighbors status.
STATEThe State of BGP neighbor(s).
STATEvaluesDescription
establishedSummary of BGP established neighbor(s).
failedSummary of BGP failed neighbor(s).
neighbor NEIGHBORDisplay information about one BGP neighbor.
NEIGHBORvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
remote-as REMOTE-ASThe Summary of BGP remote-as.
REMOTE-ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
externalSummary of BGP external remote-as.
internalSummary of BGP internal remote-as.
show bgp segment-routing ipv6¶
Note
requires a Product License.
vsr> show bgp segment-routing ipv6 [vrf <string>]
Show BGP segment routing IPv6 information.
Input Parameters¶
vrf <string>Specify the VRF.
show bgp bmp¶
vsr> show bgp bmp [vrf <string>]
Show BGP BMP information.
Input Parameters¶
vrf <string>VRF to look into.
Output Data¶
bmpBGP BMP operational state.
route-mirroringBGP BMP route mirroring information.
pending-bytes <uint32>Number of penting bytes.
pending-messages <uint32>Number of penting messages.
buffer-used <uint32>Number of bytes used in buffer.
targetsTarget group operational state.
name <string>Name of the BMP target group.
connectBGP BMP connection operational state.
host HOSTMonitoring station hostname or address.
HOSTvaluesDescription
<ipv4-address>The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
<ipv6-address>The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
<domain-name>{1,253}The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.
port PORT(mandatory)TCP port number.
PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
source-ip SOURCE-IPSource IP address.
SOURCE-IPvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
state STATEConnection state.
STATEvaluesDescription
upConnection is UP.
retry-waitWait before retry connecting.
connectingConnecting in progress.
resolvingTrying to resolve host name.
unknownUnknown state.
retry-timer <string>Time before reconnect to the client if previous try has failed (if state is RetryWait).
uptime <string>Time since the connection has been established (if state is Up).
monitor-sent <uint32>Number of monitor packets sent.
mirror-sent <uint32>Number of mirroring packets sent.
mirror-lost <uint32>Number of times this peer wasn’t fast enough in consuming the mirror queue.
byte-sent <uint32>Number of bytes sent to the peer.
byte-queue <uint32>Number of bytes in the output buffer.
byte-kernel-queue <uint32>Number of bytes in the kernel output buffer.
show bgp rpki cache-connection¶
Note
requires a Product License.
vsr> show bgp rpki cache-connection [vrf VRF] [l3vrf <string>]
Show which RPKI cache servers have a connection.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
l3vrf <string>Specify the L3VRF.
show bgp rpki cache-server¶
Note
requires a Product License.
vsr> show bgp rpki cache-server [vrf VRF] [l3vrf <string>]
Show RPKI configured cache server.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
l3vrf <string>Specify the L3VRF.
show bgp rpki prefix-table¶
Note
requires a Product License.
vsr> show bgp rpki prefix-table [vrf VRF] [l3vrf <string>] [PREFIX] [as AS]
Show validated prefixes which were received from RPKI Cache.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
l3vrf <string>Specify the L3VRF.
PREFIXLookup by IPv4/IPv6 prefix.
PREFIXvaluesDescription
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
as ASLookup by AS number.
ASvaluesDescription
<1-4294967295>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
<0-65535.0-65535>A numeric identifier for an autonomous system (AS). An AS is a single domain, under common administrative control, which forms a unit of routing policy. Autonomous systems can be assigned a 2-byte identifier, or a 4-byte identifier which may have public or private scope. Private ASNs are assigned from dedicated ranges. Public ASNs are assigned from ranges allocated by IANA to the regional internet registries (RIRs).
show isis¶
Note
requires a Product License.
vsr> show isis [vrf <string>] [l3vrf <string>] [hostname] fast-reroute summary \
... [level-1] [level-2] [summary] database [detail] neighbor [detail] \
... topology [level-1] [level-2] [flex-algorithm <128-255>] route \
... [level-1] [level-2] [prefix-sid] [backup] [flex-algorithm <128-255>] \
... interface [detail] [NAME] segment-routing node [flex-algorithm <128-255>] \
... te-database [detail] edge [id ID] subnet [id ID] vertex [id <string>] \
... [te-router] [te-interface] [ipv6] flex-algorithm [<128-255>]
Show IS-IS information.
Input Parameters¶
vrf <string>Specify the VRF.
l3vrf <string>Specify the L3VRF.
hostnameHostname information.
fast-rerouteShow information about the number of prefixes having LFA protection, and network-wideo LFA coverage.
summaryShow fast-reroute summary.
level-1Show summary of level 1 IS-IS.
level-2Show summary of level 2 IS-IS.
summaryHostname information.
databaseDatabase summary.
detailDatabase detail.
neighborNeighbors information.
detailNeighbors detail.
topologyTopology information.
level-1Level 1 topology.
level-2Level 2 topology.
flex-algorithm <128-255>Set Flex-Algorithm numeric identifier.
routeRoute information.
level-1Level 1 topology.
level-2Level 2 topology.
prefix-sidShow segment identifier (SID) prefix information.
backupShow backup routes.
flex-algorithm <128-255>Set Flex-Algorithm numeric identifier.
interfaceInterface information.
detailDetailed interface traffic information.
NAMEThe interface name. If not specified, show all interfaces.
NAMEAn interface name.
segment-routingShow segment routing information.
nodeShow detailed information about learned segment routing nodes.
flex-algorithm <128-255>Set Flex-Algorithm numeric identifier.
te-databaseShow information about MPLS-TE database.
detailDetailed information.
edgeMPLS-TE Edge.
id IDMPLS-TE Edge ID (as an IPv4 or IPv6 address).
IDvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
subnetMPLS-TE Subnet.
id IDMPLS-TE Subnet ID (as an IPv4 or IPv6 address).
IDvaluesDescription
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
vertexMPLS-TE Vertex.
id <string>MPLS-TE Vertex ID (as an ISO ID, hostname or “self”).
te-routerShow information about router.
te-interfaceShow information about interface.
ipv6Show information about SRv6.
flex-algorithmShow the IS-IS Flex-Algorithm definition state of the given or all algorithms.
<128-255>Set Flex-Algorithm numeric identifier.
show evpn¶
Note
requires a Product License.
vsr> show evpn [vrf <string>] [arp-cache] [mac] vni VNI [detail]
Show EVPN information.
Input Parameters¶
vrf <string>Specify the VRF.
arp-cacheShow ARP and ND cache information.
macShow MAC addresses information.
vni VNI(mandatory)Show EVPN information about a specific VNI or all.
VNIvaluesDescription
allShow all VNIs.
<0-16777215>Type definition representing VXLAN Segment ID / VXLAN Network Identifier value.
detailDetail information on each VNI.
show ospf¶
Note
requires a Product License.
vsr> show ospf [vrf <string>] [l3vrf <string>] [l3vrfs] [route] database [default] \
... [max-age] router [ADDRESS] [advertising-router ADVERTISING-ROUTER] \
... asbr-summary [ADDRESS] [advertising-router ADVERTISING-ROUTER] \
... external [ADDRESS] [advertising-router ADVERTISING-ROUTER] network \
... [ADDRESS] [advertising-router ADVERTISING-ROUTER] nssa-external \
... [ADDRESS] [advertising-router ADVERTISING-ROUTER] opaque-area \
... [ADDRESS] [advertising-router ADVERTISING-ROUTER] opaque-link \
... [ADDRESS] [advertising-router ADVERTISING-ROUTER] opaque-as [ADDRESS] \
... [advertising-router ADVERTISING-ROUTER] summary [ADDRESS] [advertising-router ADVERTISING-ROUTER] \
... interface [traffic] [NAME]
Show OSPF information.
Input Parameters¶
vrf <string>Specify the VRF.
l3vrf <string>Specify the L3VRF.
l3vrfsAvailable VRFs.
routeOSPF routing table.
databaseDatabase summary.
defaultDatabase summary.
max-ageDatabase maximum age.
routerDatabase Router link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
asbr-summaryDatabase ASBR summary link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
externalDatabase External link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
networkDatabase Network link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
nssa-externalDatabase NSSA external link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
opaque-areaDatabase Opaque link state area.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
opaque-linkDatabase Opaque link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
opaque-asDatabase Opaque AS link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
summaryDatabase Summary link states.
ADDRESSThe router address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
self-originateSelf-originated link states.
advertising-router ADVERTISING-ROUTERThe advertising router address.
ADVERTISING-ROUTERAn IPv4 address.
interfaceInterface information.
trafficInterface traffic information.
NAMEThe interface name. If not specified, show all interfaces.
NAMEAn interface name.
show rip¶
Note
requires a Product License.
vsr> show rip [vrf <string>] [status]
Show RIP information.
Input Parameters¶
vrf <string>Specify the VRF.
statusShow RIP status.
show ospf6¶
Note
requires a Product License.
vsr> show ospf6 [vrf <string>] route [DESTINATION] database [default] [router] \
... interface [NAME]
Show OSPFv3 information.
Input Parameters¶
vrf <string>Specify the VRF.
routeOSPFv3 routing table.
DESTINATIONThe route destination.
DESTINATIONvaluesDescription
<ipv6-address>An IPv6 address.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
detailDetailed information.
external-1Display Type-1 External routes.
external-2Display Type-2 External routes.
inter-areaDisplay Inter-Area routes.
intra-areaDisplay Intra-Area routes.
summaryRoute table summary.
databaseDatabase summary.
defaultDatabase summary.
routerDatabase Router link states.
interfaceInterface information.
NAMEThe interface name. If not specified, show all interfaces.
NAMEAn interface name.
show ripng¶
Note
requires a Product License.
vsr> show ripng [status]
Show RIPng information.
Input Parameters¶
statusShow RIPng status.
show mpls ldp¶
Note
requires a Product License.
vsr> show mpls ldp [vrf <string>] discovery [detail] [interface] [capabilities] \
... neighbor [LSR-ID] [capabilities] [detail] binding [PREFIX] [longer-prefixes] \
... [local-label <0-1048575>] [remote-label <0-1048575>] [neighbor NEIGHBOR] \
... [detail] [ipv4] [ipv6]
Show MPLS LDP information.
Input Parameters¶
vrf <string>Specify the VRF.
discoveryDiscovery Hello Information.
detailShow detailed information.
interfaceInterface information.
capabilitiesDisplay neighbor capability information.
neighborNeighbor information.
LSR-IDOSPF routing table.
LSR-IDAn IPv4 address.
capabilitiesDisplay neighbor capability information.
detailShow detailed information.
bindingLabel Information Base (LIB) information.
PREFIXDestination prefix.
PREFIXvaluesDescription
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
longer-prefixesInclude longer matches.
local-label <0-1048575>Locally assigned label value.
remote-label <0-1048575>Match remotely assigned label values.
neighbor NEIGHBORDisplay labels from LDP neighbor.
NEIGHBORAn IPv4 address.
detailShow detailed information.
ipv4IPv4 Address Family.
ipv6IPv6 Address Family.
show bfd¶
Note
requires a Product License.
vsr> show bfd [vrf VRF] [l3vrf <string>] [address ADDRESS] [HOP-TYPE] [source SOURCE] \
... [interface INTERFACE] [counters]
Show BFD information.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
l3vrf <string>Specify the L3VRF.
address ADDRESSIP address of the peer.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
HOP-TYPEShow single or multi hop session.
HOP-TYPEvaluesDescription
single-hopShow single-hop session.
multi-hopShow multi-hop session.
source SOURCELocal IP address.
SOURCEvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
anyAccept any source addresses.
interface INTERFACEInterface used to contact peer.
INTERFACEAn interface name.
countersShow BFD session counters information.
show path-monitoring¶
Note
requires a Product License.
vsr> show path-monitoring [vrf VRF] [address ADDRESS] [operational]
Show path monitoring information.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
address ADDRESSIP address of the peer.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
operationalShow session operational information.
show nhrp¶
Note
requires a Product License.
vsr> show nhrp [vrf <string>] [cache] [nhs] [opennhrp] [shortcut] [default]
Show NHRP IPv4 information.
Input Parameters¶
vrf <string>Specify the VRF.
cacheNHRP forwarding cache information.
nhsNHRP Next hop server information.
opennhrpNHRP opennhrpctl style cache dump.
shortcutNHRP shortcut information.
defaultNHRP default information.
show nhrp6¶
Note
requires a Product License.
vsr> show nhrp6 [vrf <string>] [cache] [nhs] [opennhrp] [shortcut] [default]
Show NHRP IPv6 information.
Input Parameters¶
vrf <string>Specify the VRF.
cacheNHRP forwarding cache information.
nhsNHRP Next hop server information.
opennhrpNHRP opennhrpctl style cache dump.
shortcutNHRP shortcut information.
defaultNHRP default information.
show pim¶
Note
requires a Product License.
vsr> show pim [vrf <string>] [detail] [assert] [assert-internal] [assert-metric] \
... [assert-winner-metric] [bsm-database] [bsr] [bsrp-info] [channel] \
... group-type [address ADDRESS] interface [traffic] [NAME] join \
... [source-address SOURCE-ADDRESS] [group-address GROUP-ADDRESS] \
... [join-prune-aggregation] [local-membership] neighbor [name <string>] \
... [nexthop] nexthop-lookup [source-address SOURCE-ADDRESS] [group-address GROUP-ADDRESS] \
... [rp-info] [rpf] [secondary] state [unicast-address UNICAST-ADDRESS] \
... [multicast-address MULTICAST-ADDRESS] statistics [interface-name INTERFACE-NAME] \
... upstream [source-address SOURCE-ADDRESS] [group-address GROUP-ADDRESS] \
... [upstream-join-desired] [upstream-rpf]
Show PIM information.
Input Parameters¶
vrf <string>Specify the VRF.
detailShow detailed output.
assertShow PIM interface assert message.
assert-internalShow PIM interface internal assert state.
assert-metricShow PIM interface assert message metric.
assert-winner-metricShow PIM interface assert winner metric.
bsm-databaseShow PIM cached BSM packets information.
bsrShow BSM (BootStrap Message) router information.
bsrp-infoShow BootStrap Rendezvous Point informations.
channelShow PIM downstream channel info.
group-typeShow multicast group type.
address ADDRESSShow group address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
interfaceShow interface information.
trafficShow protocol packet counters.
NAMESet the interface name. If not specified, show all interfaces.
NAMEAn interface name.
joinShow interface join information.
source-address SOURCE-ADDRESSSet source or group address.
SOURCE-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
group-address GROUP-ADDRESSSet group address.
GROUP-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
join-prune-aggregationShow join prune aggregation list.
local-membershipShow interface local-membership.
neighborShow neighbor information.
name <string>Set name of interface or neighbor.
nexthopShow cached nexthop RPF (Reverse Path Forwarding) information.
nexthop-lookupShow cached nexthop RPF (Reverse Path Forwarding) lookup.
source-address SOURCE-ADDRESSSet source/RP address.
SOURCE-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
group-address GROUP-ADDRESSSet multicast group address.
GROUP-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
rp-infoShow RP information.
rpfShow cached source RPF (Reverse Path Forwarding) information.
secondaryShow neighbor addresses.
stateShow state information.
unicast-address UNICAST-ADDRESSSet unicast or multicast address.
UNICAST-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
multicast-address MULTICAST-ADDRESSSet multicast address.
MULTICAST-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
statisticsShow statistics.
interface-name INTERFACE-NAMESet the interface name. If not specified, show all interfaces.
INTERFACE-NAMEAn interface name.
upstreamShow upstream information.
source-address SOURCE-ADDRESSSet source or group address.
SOURCE-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
group-address GROUP-ADDRESSSet group address.
GROUP-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
upstream-join-desiredShow upstream join-desired.
upstream-rpfShow upstream source RPF.
show pbr¶
Note
requires a Product License.
vsr> show pbr [family FAMILY] [vrf <string>]
Show policy based routing information.
Input Parameters¶
family FAMILYDisplay the policy based routing rules for this family type.
FAMILYvaluesDescription
ipv4IPV4 rules only.
ipv6IPV6 rules only.
<string>No description.
vrf <string>The VRF in which to show the policy based routing.
Output Data¶
ipv4-ruleIPv4 rule state.
priority <string>Priority of the rule. High number means lower priority.
notInvert the match.
matchConfigure the packet selector.
inbound-interface INBOUND-INTERFACEMatch this incoming interface.
INBOUND-INTERFACEAn interface name.
mark MARKMatch this mark filter.
MARKvaluesDescription
<mark>Firewall mark.
<mark-mask>Firewall mark filter.
source SOURCEMatch this source address or prefix.
SOURCEvaluesDescription
<ipv4-address>An IPv4 address.
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
destination DESTINATIONMatch this destination address or prefix.
DESTINATIONvaluesDescription
<ipv4-address>An IPv4 address.
<ipv4-prefix>An IPv4 prefix: address and CIDR mask.
outbound-interface OUTBOUND-INTERFACEMatch this outgoing interface.
OUTBOUND-INTERFACEAn interface name.
tos <uint32>Match this tos.
l3vrfMatch any l3vrf.
otherMatch a specific attribute.
attr <string>The attribute to match.
value <string>The value to match.
actionConfigure the action for packets matching the selector.
lookup LOOKUPLookup in this table.
LOOKUPvaluesDescription
<uint32>Table type.
localHigh priority control routes for local and broadcast addresses (table 255).
mainNormal routing table, containing all non-policy routes (table 254).
defaultReserved for some post-processing if no previous default rules selected the packet (table 253).
l3vrf-tableLookup in a l3vrf table (table 0 and l3vrf match).
goto <uint32>Jump to the specified priority rule.
other OTHEROther actions.
OTHERvaluesDescription
unknownUnknown action.
blackholeIndicates that the rule requires a silent drop.
prohibitIndicates that the rule requires a ‘Communication is administratively prohibited’ error.
unreachableIndicates that the rule requires a ‘Network is unreachable’ error.
natIndicates that a nat operation is requested.
ipv6-ruleIPv6 rule state.
priority <string>Priority of the rule. High number means lower priority.
notInvert the match.
matchConfigure the packet selector.
inbound-interface INBOUND-INTERFACEMatch this incoming interface.
INBOUND-INTERFACEAn interface name.
mark MARKMatch this mark filter.
MARKvaluesDescription
<mark>Firewall mark.
<mark-mask>Firewall mark filter.
source SOURCEMatch this source address or prefix.
SOURCEvaluesDescription
<ipv6-address>An IPv6 address.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
destination DESTINATIONMatch this destination address or prefix.
DESTINATIONvaluesDescription
<ipv6-address>An IPv6 address.
<ipv6-prefix>An IPv6 prefix: address and CIDR mask.
outbound-interface OUTBOUND-INTERFACEMatch this outgoing interface.
OUTBOUND-INTERFACEAn interface name.
tos <uint32>Match this tos.
l3vrfMatch any l3vrf.
otherMatch a specific attribute.
attr <string>The attribute to match.
value <string>The value to match.
actionConfigure the action for packets matching the selector.
lookup LOOKUPLookup in this table.
LOOKUPvaluesDescription
<uint32>Table type.
localHigh priority control routes for local and broadcast addresses (table 255).
mainNormal routing table, containing all non-policy routes (table 254).
defaultReserved for some post-processing if no previous default rules selected the packet (table 253).
l3vrf-tableLookup in a l3vrf table (table 0 and l3vrf match).
goto <uint32>Goto to the specified priority rule.
other OTHEROther actions.
OTHERvaluesDescription
unknownUnknown action.
blackholeIndicates that the rule requires a silent drop.
prohibitIndicates that the rule requires a ‘Communication is administratively prohibited’ error.
unreachableIndicates that the rule requires a ‘Network is unreachable’ error.
natIndicates that a nat operation is requested.
show segment-routing te-policies¶
Note
requires a Product License.
vsr> show segment-routing te-policies [vrf <string>] [installed] [detail]
Show the traffic engineering policies information.
Input Parameters¶
vrf <string>The VRF to look into.
installedShow the installed segment routing policies.
detailShow the detailed information of the segment routing policies.
show segment-routing te-database¶
Note
requires a Product License.
vsr> show segment-routing te-database [vrf <string>]
Show the traffic engineering database information.
Input Parameters¶
vrf <string>The VRF to look into.
show segment-routing ipv6¶
Note
requires a Product License.
vsr> show segment-routing ipv6 [vrf <string>] [locator LOCATOR]
Show segment routing IPv6 locators.
Input Parameters¶
vrf <string>VRF to look into.
locator LOCATORName of the locator.
LOCATORName format of an SRv6 locator.
Output Data¶
locatorList of configured SRv6 locators.
status STATUSThe locator status (up or down).
STATUSvaluesDescription
upThe locator status is up.
downThe locator status is down.
chunkSegment routing IPv6 block for this locator.
prefix PREFIXThe chunk prefix.
PREFIXAn IPv6 prefix: address and CIDR mask.
protocol <string>The protocol that uses the chunk.
name NAMEConfigure the name that will identify the locator.
NAMEName format of an SRv6 locator.
prefix PREFIX(mandatory)Configure the locator prefix.
PREFIXAn IPv6 prefix: address and CIDR mask.
block-length <16-64>Configure the locator block length. block-length + node-length must be <= to the prefix length.
node-length <16-64>Configure the SID locator node length. block-length + node-length must be <= to the prefix length.
function-length <0-20>Configure the function length. A function is the other part of the SID defines that is performed locally on the node that is specified by the locator.
show segment-routing pcep session¶
Note
requires a Product License.
vsr> show segment-routing pcep session [vrf VRF] [name <string>]
Show the Segment Routing Path Computation Element Protocol session default information.
Input Parameters¶
vrf VRFVRF to look into.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
name <string>The name of the PCE server.
Output Data¶
sessions-configured <uint32>Number of PCEP sessions configured.
sessions-connected <uint32>Number of PCEP sessions connected.
sessionList of all PCEP sessions.
name <string>The session name.
address ADDRESSThe session address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
port PORTThe session port.
PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
connection-status CONNECTION-STATUSThe session connection status.
CONNECTION-STATUSvaluesDescription
upThe session is up and running.
disconnectedThe session is disconnected.
initializedThe session is initialized.
connectingThe session is in the middle of connecting.
synchronizingThe session is synchronizing.
operatingThe session is operating.
connection-duration <uint32>The session connection duration in seconds.
pce-negotiated-keepalive <uint16>The time interval for session keep-alive in seconds.
pce-negotiated-dead-timer <uint16>The time duration within which the absence of messages indicates a dead session.
best-multi-pce true|falseThis option tells if the PCE connection is the primary one or a backup connection.
pce-confidence PCE-CONFIDENCEThe confidence in the PCE’s.
PCE-CONFIDENCEvaluesDescription
normalThe PCE’s are reliable.
lowThe PCE’s are not perfectly reliable (failover observed).
show segment-routing pcep session statistics¶
Note
requires a Product License.
vsr> show segment-routing pcep session statistics [vrf VRF] [name <string>]
Show the Segment Routing Path Computation Element Protocol session statistics.
Input Parameters¶
vrf VRFVRF to look into.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
name <string>The name of the PCE server.
Output Data¶
sessionList of all PCEP sessions.
name <string>The session name.
received-message-statisticsThe received messages statistics by message type.
open <uint32>The number of OPEN messages.
keepalive <uint32>The number of KEEPALIVE messages.
path-computation-request <uint32>The number of Path Computation requests.
path-computation-reply <uint32>The number of Path Computation replies.
notification <uint32>The number of NOTIFICATION messages.
error <uint32>The number of ERROR messages.
close <uint32>The number of CLOSE messages.
report <uint32>The number of REPORT messages.
update <uint32>The number of UPDATE messages.
initiate <uint32>The number of LSP INITIATE messages.
start-tls <uint32>The number of START TLS messages.
erroneous <uint32>The number of erroneous, unassigned messages.
total <uint32>The total number of messages.
sent-message-statisticsThe sent messages statistics by message type.
open <uint32>The number of OPEN messages.
keepalive <uint32>The number of KEEPALIVE messages.
path-computation-request <uint32>The number of Path Computation requests.
path-computation-reply <uint32>The number of Path Computation replies.
notification <uint32>The number of NOTIFICATION messages.
error <uint32>The number of ERROR messages.
close <uint32>The number of CLOSE messages.
report <uint32>The number of REPORT messages.
update <uint32>The number of UPDATE messages.
initiate <uint32>The number of LSP INITIATE messages.
start-tls <uint32>The number of START TLS messages.
erroneous <uint32>The number of erroneous, unassigned messages.
total <uint32>The total number of messages.
show boot-params¶
vsr> show boot-params
Show boot parameters. Image must be installed on disk.
Output Data¶
currentCurrent boot parameters.
intel-iommu true|falseEnable intel iommu driver. Control intel_iommu=on|off kernel option.
iommu-allow-unsafe-interrupts true|falseEnable PCI passthrough on hardware that does not support interrupt remapping, when VM are trusted. Control vfio_iommu_type1.allow_unsafe_interrupts=0|1 kernel option.
ixgbe-allow-unsupported-sfp true|falseBypass SFPs types restrictions on Intel ixgbe NICs. Control ixgbe.allow_unsupported_sfp=0|1 kernel option.
isolate-cpus ISOLATE-CPUSIsolate cpus from kernel threads, rcu callbacks, and reduce the scheduler ticks. A good value for this parameter is the fast path coremask.
ISOLATE-CPUSvaluesDescription
<coremask>A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.
noneUnset the coremask.
nextNext boot parameters.
intel-iommu true|falseEnable intel iommu driver. Control intel_iommu=on|off kernel option.
iommu-allow-unsafe-interrupts true|falseEnable PCI passthrough on hardware that does not support interrupt remapping, when VM are trusted. Control vfio_iommu_type1.allow_unsafe_interrupts=0|1 kernel option.
ixgbe-allow-unsupported-sfp true|falseBypass SFPs types restrictions on Intel ixgbe NICs. Control ixgbe.allow_unsupported_sfp=0|1 kernel option.
isolate-cpus ISOLATE-CPUSIsolate cpus from kernel threads, rcu callbacks, and reduce the scheduler ticks. A good value for this parameter is the fast path coremask.
ISOLATE-CPUSvaluesDescription
<coremask>A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.
noneUnset the coremask.
show log¶
vsr> show log [max-lines <uint16>] [service <identityref>] [vrf <string>] [facility FACILITY] \
... level [EQUAL] [greater-or-equal GREATER-OR-EQUAL] not [LEVEL]
Print log.
Input Parameters¶
max-lines <uint16>Log max lines.
service <identityref>Filter logs by service.
vrf <string>Filter logs by VRF.
facility FACILITYFilter logs by facility.
FACILITYvaluesDescription
kernelFilter kernel messages.
mailFilter mail system messages.
newsFilter network news subsystem messages.
userFilter random user-level messages.
authFilter security/authorization messages.
authprivFilter security/authorization messages (private).
cronFilter clock daemon messages.
daemonFilter system daemons messages.
line-printerFilter line printer subsystem messages.
FTPFilter FTP daemon messages.
syslogFilter messages generated internally by the syslog daemon.
uucpFilter UUCP subsystem messages.
local0Filter messages from local0.
local1Filter messages from local1.
local2Filter messages from local2.
local3Filter messages from local3.
local4Filter messages from local4.
local5Filter messages from local5.
local6Filter messages from local6.
local7Filter messages from local7.
anyFilter messages from any facilities.
levelFilter logs by level.
EQUALSelect levels to show.
EQUALvaluesDescription
emergencySystem is unusable.
alertAction must be taken immediately.
criticalCritical conditions.
errorError conditions.
warningWarning conditions.
noticeNormal but significant condition.
infoInformational messages.
debugDebug-level messages.
anyShow all messages from this facility.
greater-or-equal GREATER-OR-EQUALFilter messages with a greater or equal level than the selected one.
GREATER-OR-EQUALvaluesDescription
emergencySystem is unusable.
alertAction must be taken immediately.
criticalCritical conditions.
errorError conditions.
warningWarning conditions.
noticeNormal but significant condition.
infoInformational messages.
debugDebug-level messages.
notSelect levels to not show.
LEVELDo not show messages with this level.
LEVELvaluesDescription
emergencySystem is unusable.
alertAction must be taken immediately.
criticalCritical conditions.
errorError conditions.
warningWarning conditions.
noticeNormal but significant condition.
infoInformational messages.
debugDebug-level messages.
show logins¶
vsr> show logins [user <string>] [since SINCE] [until UNTIL] [present PRESENT] \
... [max-lines <uint32>] [status STATUS]
Show login events.
Input Parameters¶
user <string>Show login events for this user.
since SINCEShow login events since that time.
SINCEvaluesDescription
todayToday at 00:00:00.
yesterdayYesterday at 00:00:00.
tomorrowTomorrow at 00:00:00.
nowNow.
<YYYY-MM-DD>[ <HH:MM:SS>]A time filter.
until UNTILShow login events until that time.
UNTILvaluesDescription
todayToday at 00:00:00.
yesterdayYesterday at 00:00:00.
tomorrowTomorrow at 00:00:00.
nowNow.
<YYYY-MM-DD>[ <HH:MM:SS>]A time filter.
present PRESENTShow which users were present at that time.
PRESENTvaluesDescription
todayToday at 00:00:00.
yesterdayYesterday at 00:00:00.
tomorrowTomorrow at 00:00:00.
nowNow.
<YYYY-MM-DD>[ <HH:MM:SS>]A time filter.
max-lines <uint32>Limit the number of lines shown.
status STATUSShow login events with this status.
STATUSvaluesDescription
successLogin succeeded.
failureLogin failed.
Output Data¶
sessionThe list of the login events.
entry <uint32>A number to identify the list element.
user <string>The user that triggered the event.
source <string>The source IP used to trigger the event. ‘local’ means from console.
start-time START-TIMEThe time when the user session started.
START-TIMEThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
end-time END-TIMEThe time when the user session ended. If omitted, the session is still running.
END-TIMEThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
status STATUSThe status of the login.
STATUSvaluesDescription
successLogin succeeded.
failureLogin failed.
show ntp¶
vsr> show ntp [vrf <string>] [details]
Show NTP information.
Input Parameters¶
vrf <string>VRF to look into.
detailsShow per server details.
Output Data¶
enabled true|falseEnable or disable the NTP protocol and indicates that the system should attempt to synchronize the system clock with an NTP server from the servers defined in the ‘ntp/server’ list.
serverList of NTP servers to use for system clock synchronization. If ‘/system/ntp/enabled’ is ‘true’, then the system will attempt to contact and utilize the specified NTP servers.
address ADDRESSThe address or hostname of the NTP server.
ADDRESSvaluesDescription
<ipv4-address>The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
<ipv6-address>The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
<domain-name>{1,253}The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.
version <1-4>Version number to put in outgoing NTP packets.
association-type ASSOCIATION-TYPEThe desired association type for this NTP server.
ASSOCIATION-TYPEvaluesDescription
SERVERUse client association mode. This device will not provide synchronization to the configured NTP server.
PEERUse symmetric active association mode. This device may provide synchronization to the configured NTP server.
POOLUse client association mode with one or more of the NTP servers found by DNS resolution of the domain name given by the ‘address’ leaf. This device will not provide synchronization to the servers.
LOCAL-CLOCKUse a local reference clock.
INVALIDInvalid use of the client/symmetric active association mode. This device can not be synchronized or provide synchronization to the servers.
iburst true|falseIndicates whether this server should enable burst synchronization or not.
prefer true|falseIndicates whether this server should be preferred or not.
stratum <uint8>Indicates the level of the server in the NTP hierarchy. As stratum number increases, the accuracy is degraded. Primary servers are stratum while a maximum value of 16 indicates unsynchronized. The values have the following specific semantics: | 0 | unspecified or invalid | 1 | primary server (e.g., equipped with a GPS receiver) | 2-15 | secondary server (via NTP) | 16 | unsynchronized | 17-255 | reserved.
root-delay <uint32>The round-trip delay to the server, in milliseconds.
root-dispersion <uint64>Dispersion (epsilon) represents the maximum error inherent in the measurement.
offset <uint64>Estimate of the current time offset from the peer. This is the time difference between the local and reference clock.
poll-interval <uint32>Polling interval of the peer.
synchronized true|falseTrue if we are synchronized with this server.
state STATEThe server status in the clock selection process.
STATEvaluesDescription
rejectedNot synchronized. Indicates sources to which connectivity has been lost or whose packets do not pass all tests.
falsetickNot synchronized. Indicates a clock which chronyd thinks is a falseticker (i.e. its time is inconsistent with a majority of other sources).
candidateNot synchronized. Indicates acceptable sources which are combined with the selected source.
system-peerSynchronized. Indicates the source to which chronyd is currently synchronized.
excludedNot synchronized. Indicates acceptable sources which are excluded by the combining algorithm.
inconsistentNot synchronized. Indicates a source whose time appears to have too much variability.
auth-key-id <uint16>Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.
show ntp clients¶
vsr> show ntp clients [vrf <string>] [l3vrf <string>]
Show connected NTP clients.
Input Parameters¶
vrf <string>VRF to look into.
l3vrf <string>Specify the l3vrf.
Output Data¶
clientNTP client records.
host HOSTClient host.
HOSTvaluesDescription
<ipv4-address>The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format
<ipv6-address>The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.
<domain-name>{1,253}The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.
ntp-packets <uint32>Number of NTP packets sent to the server.
dropped-ntp-packets <uint32>Number of dropped NTP packets to limit response rate.
last-ntp-packet-time <uint32>Time since the last NTP packet was received.
cmd-packets <uint32>Number of command packets received from the client.
dropped-cmd-packets <uint32>Number of command packets dropped to limit response rate.
last-cmd-packet-time <uint32>Time since the last command packet was received.
show dhcp-relay¶
Note
requires a Product License.
vsr> show dhcp-relay [vrf VRF] [l3vrf L3VRF] [server SERVER] [TYPE]
Show DHCP relay statistics and leases.
Input Parameters¶
vrf VRFVRF to look into.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
l3vrf L3VRFSpecify the l3vrf.
L3VRFThe l3vrf name.
server SERVERDHCP server IP to which DHCP queries are relayed.
SERVERAn IPv4 address.
TYPEInformation to show.
TYPEvaluesDescription
statisticsShow DHCP relay statistics.
leasesShow DHCP relay leases.
Output Data¶
dhcp-serverDHCP relay operational state.
address ADDRESSIP address of DHCP server to which DHCP queries are relayed.
ADDRESSAn IPv4 address.
dhcp-server-leasesState of leases for DHCP server.
address ADDRESSLeased IP address.
ADDRESSAn IPv4 address.
starts STARTS(mandatory)Lease start time.
STARTSThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
ends ENDS(mandatory)Lease end time.
ENDSThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
hw-mac-address HW-MAC-ADDRESS(mandatory)MAC address of the network interface on which the lease will be used.
HW-MAC-ADDRESSAn IEEE 802 MAC address.
uid <string>Client identifier used by the client to acquire the lease.
client-hostname <string>Client host name sent using client-hostname statement.
binding-state BINDING-STATELease’s binding state.
BINDING-STATEvaluesDescription
activeThe lease is active.
freeThe lease is free.
abandonedThe lease is abandoned.
next-binding-state NEXT-BINDING-STATEState the lease will move to when the current state expires.
NEXT-BINDING-STATEvaluesDescription
activeThe lease is active.
freeThe lease is free.
abandonedThe lease is abandoned.
option-agent-circuit-id <string>Circuit ID option sent by the relay agent.
option-agent-remote-id <string>Remote ID option sent by the relay agent.
vendor-class-identifier <string>Client-supplied Vendor Class Identifier option.
countersStatistics for DHCP relay.
discover <uint32>Number of DHCP discover messages.
offer <uint32>Number of DHCP offer messages.
request <uint32>Number of DHCP request messages.
decline <uint32>Number of DHCP decline messages.
ack <uint32>Number of DHCP ack messages.
nack <uint32>Number of DHCP nack messages.
release <uint32>Number of DHCP release messages.
inform <uint32>Number of DHCP inform messages.
boot-request <uint32>Number of BOOTP BOOTREQUEST messages.
boot-reply <uint32>Number of BOOTP BOOTREPLY messages.
show dhcp-server¶
Note
requires a Product License.
vsr> show dhcp-server [vrf <string>] [l3vrf <string>]
Show DHCP server leases.
Input Parameters¶
vrf <string>Specify the VRF.
l3vrf <string>Specify the l3vrf.
Output Data¶
dhcp-leaseDHCP server lease information.
address ADDRESSClient IP address.
ADDRESSAn IPv4 address.
mac-address MAC-ADDRESSClient MAC address.
MAC-ADDRESSAn IEEE 802 MAC address.
start-date <string>DHCP lease start date.
end-date <string>DHCP lease end date.
binding-state BINDING-STATELease’s binding state.
BINDING-STATEvaluesDescription
activeThe lease is active.
freeThe lease is free.
abandonedThe lease is abandoned.
show neighbors¶
Note
requires a Product License.
vsr> show neighbors [FAMILY] [vrf <string>] [interface <ifname>]
Show neighbors information.
Input Parameters¶
FAMILYDisplay only this layer 3 family.
FAMILYvaluesDescription
ipv4IPv4 only.
ipv6IPv6 only.
vrf <string>The VRF in which to show the neighbors.
interface <ifname>Interface name.
Output Data¶
neighborNeighbor entries in ARP table.
neighbor <string>IPv4 or IPv6 address.
interface <string>Interface name.
state <string>System state (REACHABLE/PERMANENT/STATE/DELAY).
link-layer-address <string>The link-layer address.
show conntracks¶
vsr> show conntracks [vrf <string>] [family FAMILY] [protocol PROTOCOL]
Show conntracks.
Input Parameters¶
vrf <string>The VRF in which to show the conntracks.
family FAMILYDisplay only this layer 3 family.
FAMILYvaluesDescription
ipv4IPv4 only.
ipv6IPv6 only.
<string>No description.
protocol PROTOCOLDisplay only this layer 4 protocol.
PROTOCOLvaluesDescription
tcpTCP only.
udpUDP only.
<string>No description.
show product¶
vsr> show product [name] [version]
Show the product name and version.
Input Parameters¶
nameDisplay the product name.
versionDisplay the product version.
show fast-path cpu-usage¶
Note
requires a Product License.
vsr> show fast-path cpu-usage
Show the fast path CPU usage.
show fast-path table-usage¶
Note
requires a Product License.
vsr> show fast-path table-usage
Show the fastpath table usage.
show fast-path arp parameters¶
vsr> show fast-path arp parameters
Show the fast path ARP parameters.
Output Data¶
max-queue <uint32>Maximum number of packets queued for the whole address resolution engine (IPv4 and IPv6).
vrfList of vrf’s.
name <string>VRF name.
interfaceList of interfaces on the given VRF.
name <string>Interface name.
enabled true|falseTrue if fast path ARP is enabled.
reachable-timeout <uint32>Maximum duration for which an ARP entry may stay in ‘reachable’ state, before becoming ‘stale’.
delay-timeout <uint32>Maximum duration before sending an ARP Request when exiting the state STALE.
fail-timeout <uint32>Maximum duration for which an ARP entry may stay in a ‘fail’ state, before being deleted. Fail state begins when the fast path encountered some error with a specific ARP entry.
stale-attempts <uint8>Maximum number of times that a ‘stale’ state ARP entry can timeout before being deleted.
stale-timeout <uint32>This value multiplied by ‘stale-attempts’ is the maximum duration for which an ARP entry may stay in a ‘stale’ state.
probe-attempts <uint8>Maximum number of ARP requests sent for a target IPv4 address.
probe-timeout <uint32>Maximum duration for which the fast path should wait for a response to an ARP request.
max-queue <uint16>Maximum number of packets queued for a target IPv4 address.
reply-mode REPLY-MODESpecifies requests for which a reply is sent.
REPLY-MODEvaluesDescription
allReply to all requests.
interfaceReply to request if the requested IP address is configured on the incoming interface.
subnetReply to request if the requester is in the configured subnet of the requested IP address.
non-localDo not reply to requests for host scope IP addresses (not implemented).
noneDo not reply to any request.
port-filter true|falseTrue if fast path ARP should filter packets for which the reverse path port differs from the incoming port.
accept-gratuitous true|falseTrue if fast path should update its ARP cache based on received gratuitous ARP packets. Gratuitous ARP packets are used by hosts to update others system’s ARP caches.
notify-gratuitous true|falseTrue if the fast path should send gratuitous packets to other hosts when its own IP-to-MAC mapping is changed.
proxy true|falseTrue if proxy for the fast path ARP is enabled. It allows to respond to ARP requests for another IP address, using the current host MAC address. If it is enabled, the fast path ensures routing to the destination IP.
show fast-path ndp parameters¶
vsr> show fast-path ndp parameters
Show the fast path NDP parameters.
Output Data¶
max-queue <uint32>Maximum number of packets queued for the whole address resolution engine (IPv4 and IPv6).
garbage-collector-threshold <uint32>When the number of neighbors reaches this threshold, every entry older than 60 seconds is removed.
garbage-collector-aggressive-threshold <uint32>When the number of neighbors reaches this threshold, every entry older than 5 seconds is removed.
vrfList of VRF.
name <string>VRF name.
interfaceList of interfaces on the given VRF.
name <string>Interface name.
enabled true|falseTrue if fast path NDP is enabled.
reachable-timeout <uint32>Maximum duration for which an NDP entry may stay in ‘reachable’ state, before becoming ‘stale’.
delay-timeout <uint32>Maximum duration before sending an NDP Request when exiting the state STALE.
fail-timeout <uint32>Maximum duration for which an NDP entry may stay in a ‘fail’ state, before being deleted. Fail state begins when the fast path encountered some error with a specific NDP entry.
probe-attempts <uint8>Maximum number of NDP requests sent for a target IPv6 address.
probe-timeout <uint32>Maximum duration for which the fast path should wait for a response to an NDP request.
max-queue <uint16>Maximum number of packets queued for a target IPv6 address.
show fast-path conntrack¶
vsr> show fast-path conntrack [max-conntrack <1-1000>] [vrf <string>] origin [source SOURCE] \
... [destination DESTINATION] tcp [source-port <uint16>] [destination-port <uint16>] \
... udp [source-port <uint16>] [destination-port <uint16>] icmp [icmp-id <uint16>] \
... icmpv6 [icmp-id <uint16>] gre [key <uint32>] [direction DIRECTION] \
... [interface INTERFACE] [userid <uint32>] [name <string>] reply \
... [source SOURCE] [destination DESTINATION] tcp [source-port <uint16>] \
... [destination-port <uint16>] udp [source-port <uint16>] [destination-port <uint16>] \
... icmp [icmp-id <uint16>] icmpv6 [icmp-id <uint16>] gre [key <uint32>] \
... [direction DIRECTION] [interface INTERFACE] [userid <uint32>] \
... [name <string>]
Show fast-path conntracks.
Input Parameters¶
max-conntrack <1-1000>Number of conntracks to show.
vrf <string>Set the VRF.
originFilter only on origin conntracks.
source SOURCEFilter conntracks with this source address.
SOURCEvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
destination DESTINATIONFilter conntracks with this destination address.
DESTINATIONvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
tcpFilter on TCP protocol.
source-port <uint16>Filter on the source port.
destination-port <uint16>Filter on the destination port.
udpFilter on UDP protocol.
source-port <uint16>Filter on the source port.
destination-port <uint16>Filter on the destination port.
icmpFilter on ICMP protocol.
icmp-id <uint16>Filter on ICMP id.
icmpv6Filter on ICMPv6 protocol.
icmp-id <uint16>Filter on ICMPv6 id.
greFilter on GRE protocol.
key <uint32>Filter on GRE key.
direction DIRECTIONSpecify filtered direction for interface, rule userid and rule name.
DIRECTIONvaluesDescription
ingressFilter on ingress rule or interface.
egressFilter on egress rule or interface.
interface INTERFACEFilter on conntrack interface, according to direction if specified.
INTERFACEAn interface name.
userid <uint32>Filter on rule userid, according to direction if specified.
name <string>Filter on rule name, according to direction if specified.
replyFilter only on reply conntracks.
source SOURCEFilter conntracks with this source address.
SOURCEvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
destination DESTINATIONFilter conntracks with this destination address.
DESTINATIONvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
tcpFilter on TCP protocol.
source-port <uint16>Filter on the source port.
destination-port <uint16>Filter on the destination port.
udpFilter on UDP protocol.
source-port <uint16>Filter on the source port.
destination-port <uint16>Filter on the destination port.
icmpFilter on ICMP protocol.
icmp-id <uint16>Filter on ICMP id.
icmpv6Filter on ICMPv6 protocol.
icmp-id <uint16>Filter on ICMPv6 id.
greFilter on GRE protocol.
key <uint32>Filter on GRE key.
direction DIRECTIONSpecify filtered direction for interface, rule userid and rule name.
DIRECTIONvaluesDescription
ingressFilter on ingress rule or interface.
egressFilter on egress rule or interface.
interface INTERFACEFilter on conntrack interface, according to direction if specified.
INTERFACEAn interface name.
userid <uint32>Filter on rule userid, according to direction if specified.
name <string>Filter on rule name, according to direction if specified.
show fast-path conntrack statistics¶
vsr> show fast-path conntrack statistics
Show fp-firewall and CG-NAT conntrack statistics.
Output Data¶
conntrackConntrack statistics.
allocations <uint64>Number of conntrack allocations.
reverse-connections <uint64>Number of conntracks tracking a reverse connection.
destructions <uint64>Number of conntrack destructions.
allocation-failures <uint64>Number of conntrack allocation failures.
duplicate-races <uint64>Number of attempts to create a duplicate conntrack. This race occurs when a CPU attempts to create a new conntrack that has already been created by another CPU in the meantime.
dropped-packetsInvalid and dropped packet statistics.
tcpTCP invalid packet statistics.
non-syn-first-packet <uint64>Number of TCP conntracks failed due to a non-SYN first packet.
invalid-sequence-order-rst <uint64>Number of dropped out-of-order TCP RST packets (See RFC 5961).
invalid-state-transition <uint64>Number of TCP packets dropped due to invalid transitions in the TCP state machine based on the packet’s TCP flags.
out-of-upper-bound-window <uint64>Number of dropped out-of window TCP packets (upper boundary).
out-of-lower-bound-window <uint64>Number of dropped out-of window TCP packets (lower boundary).
out-of-window-ack <uint64>Number of TCP ACK packets dropped for acknowledging unsent packets.
ipIP invalid packet statistics.
malformed-header <uint64>Number of packets dropped due to a malformed IP header.
show fast-path hash-seed¶
vsr> show fast-path hash-seed
Show the fast-path hash seed.
Output Data¶
hash-seed <string>Hash seed of the fast path.
show fast-path statistics¶
Note
requires a Product License.
vsr> show fast-path statistics [all] [TYPE]
Show fast-path statistics.
Input Parameters¶
allShow all fast-path services statistics.
TYPEShow fast-path services statistics.
TYPEvaluesDescription
neighborShow neighbor fast-path service statistics.
ipv4Show ipv4 fast-path service statistics.
ipv6Show ipv6 fast-path service statistics.
ipsec-ipv4Show ipsec ipv4 fast-path service statistics.
ipsec-ipv6Show ipsec ipv6 fast-path service statistics.
vxlanShow vxlan fast-path service statistics.
vlanShow vlan fast-path service statistics.
bridgeShow bridge fast-path service statistics.
lagShow lag fast-path service statistics.
greShow GRE fast-path service statistics.
pppoeShow PPPoE fast-path service statistics.
mplsShow MPLS fast-path service statistics.
globalShow global fast-path service statistics.
interfaceShow interface fast-path service statistics.
exceptionShow exception fast-path service statistics.
qos-schedShow QoS scheduler fast-path service statistics.
qos-rate-limitShow QoS rate limit fast-path service statistics.
Output Data¶
neighborARP/NDP service statistics.
neighbor-arp-request-sent <uint64>Number of ARP request packets sent (neighArpRequestSent).
neighbor-arp-request-retries <uint64>Number of ARP request packets re-sent (neighArpRequestRetry).
neighbor-arp-reply-received <uint64>Number of ARP reply packets received (neighArpReplyReceived).
neighbor-arp-request-received <uint64>Number of ARP request packets received (neighArpRequestReceived).
neighbor-arp-reply-sent <uint64>Number of ARP reply packets sent (neighArpReplySent).
neighbor-arp-gratuitous-packets <uint64>Number of ARP gratuitous packets sent or received (neighArpGratuitous).
neighbor-arp-unhandled-packets <uint64>Number of ARP packets sent as exception because of an unsupported ARP option (neighArpUnhandled).
neighbor-arp-dropped-not-found <uint64>Number of unhonored ARP request packets because the IP address was not found or filtered (neighArpNotFound).
neighbor-arp-error-protocol <uint64>Number of ARP packets that were dropped because they were corrupted (neighErrorProto).
neighbor-arp-error-table-full <uint64>Number of ARP entries that were dropped because the table was full (neighArpTableFull).
neighbor-ndp-ns-sent <uint64>Number of NDP neighbor solicitation packets sent (neighNdpNsSent).
neighbor-ndp-ns-retries <uint64>Number of NDP neighbor solicitation packets re-sent (neighNdpNsRetry).
neighbor-ndp-ns-unicast-received <uint64>Number of unicast NDP neighbor solicitation packets received (neighNdpNsReceivedUcast).
neighbor-ndp-ns-multicast-received <uint64>Number of multicast NDP neighbor solicitation packets received (neighNdpNsReceivedMcast).
neighbor-ndp-na-received <uint64>Number of NDP neighbor advertisement packets received (neighNdpNaReceived).
neighbor-ndp-unhandled-packets <uint64>Number of NDP packets sent as exception because of an unsupported NDP option (neighNdpUnhandled).
neighbor-ndp-dropped-not-found <uint64>Number of unhonored NDP request packets because the IP address was not found or filtered (neighNdpNotFound).
neighbor-ndp-error-table-full <uint64>Number of NDP entries that were dropped because the table was full (neighNdpTableFull).
neighbor-ndp-error-protocol <uint64>Number of NDP packets that were dropped because they were corrupted (neighNdpErrorProto).
neighbor-error-no-mbuf <uint64>Number of ARP/NDP packets that could not be sent because no mbuf was available (neighErrorNoMbuf).
neighbor-delayed-packets <uint64>Number of packets sent after delay (waiting for an neighbor resolution) (neighPacketDelayed).
neighbor-error-no-source-address <uint64>Number of ARP/NDP packets that were not sent because no IP address was found on the output interface (neighErrorNoAddr).
neighbor-error-internal <uint64>Number of ARP/NDP packets that were dropped because of an internal processing error (neighErrorInternal).
neighbor-error-queue-full <uint64>Number of packets that were dropped while waiting for an neighbor resolution, because the queue was full (neighErrorQfull).
neighbor-error-queue-flushed <uint64>Number of packets that were dropped while waiting for an neighbor resolution, because it failed (neighErrorQflush).
neighbor-unexpected-events <uint64>Number of unexpected events in the neighbor state machine (neighUnexpEvent).
neighbor-unexpected-packets <uint64>Number of unexpected packets in the current state of the neighbor state machine, packets are dropped (neighUnexpPacket).
ipv4IPv4 service statistics.
ip-forwarded-datagrams <uint64>Number of IP packets forwarded (IpForwDatagrams).
ip-in-delivered <uint64>Number of IP packets delivered to user-protocols (IpInDelivers).
ip-in-received <uint64>Number of IP packets received (IpInReceives).
ip-in-truncated-packets <uint64>Number of IP packets discarded due to a truncate IP header (IpInTruncatedPkts).
ip-in-address-errors <uint64>Number of IP packets discarded due to invalid IP address (IpInAddrErrors).
ip-in-header-errors <uint64>Number of IP packets discarded due to errors in header (IpInHdrErrors).
ip-fragment-created <uint64>Number of IP fragment packets created on fragmentation processing (IpFragCreates).
ip-fragment-ok <uint64>Number of IP fragment packets sent successfully (IpFragOKs).
ip-fragment-failures <uint64>Number of IP packets discarded due to failures during fragmentation processing (IpFragFails).
ip-reassembly-ok <uint64>Number of IP packets successfully reassembled (IpReasmOKs).
ip-reassembly-required <uint64>Number of IP fragments packets submitted to reassembly processing (IpReasmReqds).
ip-reassembly-exceptions <uint64>Number of IP fragment packets sent in exception path (IpReasmExceptions).
ip-reassembly-failures <uint64>Number of IP packets discarded due to failures during reassembly processing (IpReasmFails).
ip-reassembly-dropped-duplicate <uint64>Number of IP packets dropped during reassembly considered as duplicate (IpReasmDroppedDuplicate).
ip-reassembly-dropped-session-complete <uint64>Number of IP packets dropped during reassembly because the session is complete (IpReasmDroppedSessionComplete).
ip-reassembly-dropped-session-full <uint64>Number of IP packets dropped during reassembly because the session is already full (IpReasmDroppedSessionAlreadyFull).
ip-reassembly-error-header-encapsulation <uint64>Number of IP packets discarded during reassembly due to header encapsulation error (IpReasmErrorHeaderEncap).
ip-reassembly-error-ip-option-unsupported <uint64>Number of IP packets discarded during reassembly due to unsupported IP option (IpReasmErrorIPOptionUnsupported).
ip-reassembly-error-last-already-received <uint64>Number of IP packets discarded during reassembly due to receive twice the last fragment (IpReasmErrorLastAlreadyReceived).
ip-reassembly-error-offset-too-large <uint64>Number of IP packets discarded during reassembly with offset due to an offset too big (IpReasmErrorOffsetTooLarge).
ip-reassembly-error-overlap-next <uint64>Number of IP packets discarded during reassembly due to receive overlapping fragment with next one (IpReasmErrorOverlapNext).
ip-reassembly-error-overlap-previous <uint64>Number of IP packets discarded during reassembly due to receive overlapping fragment with previous one (IpReasmErrorOverlapPrevious).
ip-reassembly-error-packet-too-short <uint64>Number of IP packets discarded during reassembly due to reception of a too short fragment (IpReasmErrorPacketTooShort).
ip-reassembly-error-queue-allocation <uint64>Number of IP packets discarded during reassembly due to reassembly queue allocation failure (IpReasmErrorQueueAlloc).
ip-reassembly-error-queue-full <uint64>Number of IP packets discarded during reassembly due to reassembly queue full (too many fragments have been received) (IpReasmErrorQueueFull).
ip-reassembly-error-size-exceed <uint64>Number of IP packets discarded during reassembly due to total received bytes greater than the maximal authorized value (65535) (IpReasmErrorSizeExceed).
ip-reassembly-error-size-overflow <uint64>Number of IP packets discarded during reassembly due to total received bytes greater than the expected value (IpReasmErrorSizeOverflow).
ip-reassembly-error-too-many-segments <uint64>Number of IP packets discarded during reassembly due to too many segments in IP packets (IpReasmErrorTooManySegments).
ip-reassembly-timeout <uint64>Number of IP packets discarded due to timeout in reassembly processing (IpReasmTimeout).
ip-checksum-errors <uint64>Number of IP packets discarded due to an invalid checksum (IpCsumErrors).
ip-dropped-blackhole <uint64>Number of IP packets discarded due to matching blackhole route (IpDroppedBlackhole).
ip-dropped-filtering <uint64>Number of IP packets discarded by filtering processing (IpDroppedNetfilter).
ip-dropped-forwarding <uint64>Number of IP packets discarded due to forwarding being disabled (IpDroppedForwarding).
ip-dropped-invalid-interface <uint64>Number of IP packets discarded due to invalid outgoing interface (IpDroppedInvalidInterface).
ip-dropped-ipsec <uint64>Number of IP packets discarded by IPsec processing (IpDroppedIPsec).
ip-dropped-no-arp <uint64>Number of IP packets discarded due to missing ARP resolution (IpDroppedNoArp).
ip-dropped-no-memory <uint64>Number of IP packets discarded due to memory allocation errors (IpDroppedNoMemory).
ip-dropped-out-operative <uint64>Number of IP packets discarded because the outgoing interface is down (IPDroppedOutOperative).
ip-dropped-route-exception <uint64>Number of IP packets sent to exception due to specific route (IpDroppedRouteException).
ip-nhrp-packet <uint64>Number of IP NHRP packets (IpNhrpPacket).
ip-nhrp-error-send <uint64>Number of discarded sent IP NHRP packets (IpNhrpErrorSend).
ipv6IPv6 service statistics.
ip6-forwarded-datagrams <uint64>Number of IPv6 packets forwarded (IpForwDatagrams).
ip6-in-delivered <uint64>Number of IPv6 packets delivered to user-protocols (IpInDelivers).
ip6-in-received <uint64>Number of IPv6 packets received (IpInReceives).
ip6-in-truncated-packets <uint64>Number of IPv6 packets discarded due to a truncate IP header (IpInTruncatedPkts).
ip6-in-address-errors <uint64>Number of IPv6 packets discarded due to invalid IPv6 address (IpInAddrErrors).
ip6-in-header-errors <uint64>Number of IPv6 packets discarded due to errors in header (IpInHdrErrors).
ip6-fragment-created <uint64>Number of IPv6 fragment packets created on fragmentation processing (IpFragCreates).
ip6-fragment-ok <uint64>Number of IPv6 fragment packets sent successfully (IpFragOKs).
ip6-fragment-failures <uint64>Number of IPv6 packets discarded due to failures during fragmentation processing (IpFragFails).
ip6-fragment-reassembly-exceptions <uint64>Number of IP fragment packets sent in exception path.
ip6-reassembly-ok <uint64>Number of IPv6 packets successfully reassembled (IpReasmOKs).
ip6-reassembly-required <uint64>Number of IPv6 fragments packets submitted to reassembly processing (IpReasmReqds).
ip6-reassembly-exceptions <uint64>Number of IPv6 fragment packets sent in exception path (IpReasmExceptions).
ip6-reassembly-failures <uint64>Number of IPv6 packets discarded due to failures during reassembly processing (IpReasmFails).
ip6-reassembly-dropped-session-complete <uint64>Number of IPv6 packets dropped during reassembly because the session is complete (IpReasmDroppedSessionComplete).
ip6-reassembly-dropped-session-full <uint64>Number of IPv6 packets dropped during reassembly because the session is already full (IpReasmDroppedSessionAlreadyFull).
ip6-reassembly-error-fragment-header <uint64>Number of IPv6 packets discarded during reassembly due to header reading error (IpReasmErrorFragmentHeader).
ip6-reassembly-error-header-encapsulation <uint64>Number of IPv6 packets discarded during reassembly due to header encapsulation error (IpReasmErrorHeaderEncap).
ip6-reassembly-error-ip6-option-too-large <uint64>Number of IPv6 packets discarded during reassembly due to IPv6 option too large (IpReasmErrorIPOptionTooLarge).
ip6-reassembly-error-last-already-received <uint64>Number of IPv6 packets discarded during reassembly due to receive twice the last fragment (IpReasmErrorLastAlreadyReceived).
ip6-reassembly-error-offset-too-large <uint64>Number of IPv6 packets discarded during reassembly with offset due to an offset too big (IpReasmErrorOffsetTooLarge).
ip6-reassembly-error-overlap-next <uint64>Number of IPv6 packets discarded during reassembly due to receive overlapping fragment with next one (IpReasmErrorOverlapNext).
ip6-reassembly-error-overlap-previous <uint64>Number of IPv6 packets discarded during reassembly due to receive overlapping fragment with previous one (IpReasmErrorOverlapPrevious).
ip6-reassembly-error-packet-too-short <uint64>Number of IPv6 packets discarded during reassembly due to reception of a too short fragment (IpReasmErrorPacketTooShort).
ip6-reassembly-error-queue-allocation <uint64>Number of IPv6 packets discarded during reassembly due to reassembly queue allocation failure (IpReasmErrorQueueAlloc).
ip6-reassembly-error-queue-full <uint64>Number of IPv6 packets discarded during reassembly due to reassembly queue full (too many fragments have been received) (IpReasmErrorQueueFull).
ip6-reassembly-error-size-exceed <uint64>Number of IPv6 packets discarded during reassembly due to total received bytes greater than the maximal authorized value (65535) (IpReasmErrorSizeExceed).
ip6-reassembly-error-size-overflow <uint64>Number of IPv6 packets discarded during reassembly due to total received bytes greater than the expected value (IpReasmErrorSizeOverflow).
ip6-reassembly-error-too-many-segments <uint64>Number of IPv6 packets discarded during reassembly due to too many segments in IP packets (IpReasmErrorTooManySegments).
ip6-reassembly-timeout <uint64>Number of IPv6 packets discarded due to timeout in reassembly processing (IpReasmTimeout).
ip6-dropped-blackhole <uint64>Number of IPv6 packets discarded due to matching blackhole route (IpDroppedBlackhole).
ip6-dropped-filtering <uint64>Number of IPv6 packets discarded by filtering processing (IpDroppedNetfilter).
ip6-dropped-forwarding <uint64>Number of IPv6 packets discarded due to forwarding being disabled (IpDroppedForwarding).
ip6-dropped-invalid-interface <uint64>Number of IPv6 packets discarded due to invalid outgoing interface (IpDroppedInvalidInterface).
ip6-dropped-ipsec <uint64>Number of IPv6 packets discarded by IPsec processing (IpDroppedIPsec).
ip6-dropped-no-arp <uint64>Number of IPv6 packets discarded due to missing ARP resolution (IpDroppedNoArp).
ip6-dropped-no-memory <uint64>Number of IPv6 packets discarded due to memory allocation errors (IpDroppedNoMemory).
ip6-dropped-out-operative <uint64>Number of IPv6 packets discarded because the outgoing interface is down (IPDroppedOutOperative).
ip6-dropped-route-exception <uint64>Number of IPv6 packets sent to exception due to specific route (IpDroppedRouteException).
ip6-nhrp-packet <uint64>Number of IPv6 NHRP packets (IpNhrpPacket).
ip6-nhrp-error-send <uint64>Number of discarded sent IPv6 NHRP packets (IpNhrpErrorSend).
ipsec-ipv4IPsec service statistics.
ipsec-ipv4-in-sa <uint64>Number of IPv4 packets decrypted with a security association (IpsecInSA).
ipsec-ipv4-out-sa <uint64>Number of IPv4 packets encrypted with a security association (IpsecOutSA).
ipsec-ipv6IPsec IPv6 service statistics.
ipsec-ipv6-in-sa <uint64>Number of IPv6 packets decrypted with a security association (Ipsec6InSA).
ipsec-ipv6-out-sa <uint64>Number of IPv6 packets encrypted with a security association (Ipsec6OutSA).
vxlanVXLAN service statistics.
vxlan-dropped-header-too-short <uint64>Number of input packets dropped in VXLAN due to a VXLAN header too short (VxlanDroppedHeaderTooShort).
vxlan-dropped-in-operative <uint64>Number of input packets dropped in VXLAN because the incoming interface is down (VxlanDroppedInOperative).
vxlan-dropped-invalid-ip-family <uint64>Number of output packets dropped in VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIpFamily).
vxlan-dropped-invalid-ipv4-checksum <uint64>Number of input packets dropped in IPv4 VXLAN due to an invalid checksum (VxlanDroppedInvalidIPv4Csum).
vxlan-dropped-invalid-ipv4-header <uint64>Number of input packets dropped in IPv4 VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIPv4Header).
vxlan-dropped-invalid-ipv6-checksum <uint64>Number of input packets dropped in IPv4 VXLAN due to an invalid checksum (VxlanDroppedInvalidIPv6Csum).
vxlan-dropped-invalid-ipv6-header <uint64>Number of input packets dropped in IPv6 VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIPv6Header).
vxlan-dropped-ipv4-no-destination <uint64>Number of output packets dropped in IPv4 VXLAN due to a null destination address (VxlanDroppedIPv4NoDst).
vxlan-dropped-ipv6-no-destination <uint64>Number of output packets dropped in IPv6 VXLAN due to a null destination address (VxlanDroppedIPv6NoDst).
vxlan-dropped-ovs-no-destination <uint64>Number of output packets dropped in OVS VXLAN due to a null destination address (VxlanDroppedOvsNoDst).
vxlan-dropped-prepend-ipv4-failure <uint64>Number of output packets dropped in IPv4 VXLAN due to add IP header (VxlanDroppedPrependIPv4Failure).
vxlan-dropped-prepend-ipv6-failure <uint64>Number of output packets dropped in IPv6 VXLAN due to add IP header (VxlanDroppedPrependIPv6Failure).
vxlan-dropped-prepend-ovs-failure <uint64>Number of output packets dropped in OVS VXLAN due to add IP header (VxlanDroppedPrependOvsFailure).
vxlan-dropped-unknown-iface <uint64>Number of input packets dropped in VXLAN due to an invalid interface (VxlanDroppedUnknownIface).
vxlan-dropped-unknown-vni <uint64>Number of input packets dropped in VXLAN due to an invalid VNI (VxlanDroppedUnknownVNI).
vxlan-exception-i-flag-not-set <uint64>Number of input packets sent to exception by VXLAN due a I flags not set (see rfc 7348) (VxlanExceptionIFlagNotSet).
vxlan-exception-ipv4-mtu-exceeded <uint64>Number of output packets sent to exception by IPv4 VXLAN due a MTU exceeded the authorized value (VxlanExceptionIPv4MtuExceeded).
vxlan-exception-ipv4-no-multicast-source <uint64>Number of output packets sent to exception by IPv4 VXLAN due to no valid src address found for a multicast packet (VxlanExceptionIPv4NoMcastSrc).
vxlan-exception-ipv4-route <uint64>Number of output packets sent to exception by IPv4 VXLAN due to specific route (VxlanExceptionIPv4Route).
vxlan-exception-ipv6-mtu-exceeded <uint64>Number of output packets sent to exception by IPv6 VXLAN due a MTU exceeded the authorized value (VxlanExceptionIPv6MtuExceeded).
vxlan-exception-ipv6-no-multicast-source <uint64>Number of output packets sent to exception by IPv6 VXLAN due to no valid src address found for a multicast packet (VxlanExceptionIPv6NoMcastSrc).
vxlan-exception-ipv6-route <uint64>Number of output packets sent to exception by IPv6 VXLAN due to specific route (VxlanExceptionIPv6Route).
vxlan-exception-no-input-fdb <uint64>Number of input packets sent to exception by VXLAN due to no valid fdb found (VxlanExceptionNoInputFdb).
vxlan-exception-no-output-fdb <uint64>Number of output packets sent to exception by VXLAN due to no valid fdb found (VxlanExceptionNoOutputFdb).
vxlan-exception-no-remote <uint64>Number of output packets sent to exception by VXLAN due to no remote found (VxlanExceptionNoRemote).
vxlan-exception-ovs-mtu-exceeded <uint64>Number of output packets sent to exception by Ovs VXLAN due a MTU exceeded the authorized value (VxlanExceptionOvsMtuExceeded).
vxlan-exception-ovs-route <uint64>Number of output packets sent to exception by Ovs VXLAN due to specific route (VxlanExceptionOvsRoute).
vxlan-exception-too-many-flags <uint64>Number of input packets sent to exception by VXLAN due to a presence of an unsupported flag (neither I and G ones, see rfc 7348) (VxlanExceptionTooManyFlags).
vxlan-fdb-forwarding-duplicate-error <uint64>Number of failure to duplicate a packet for fdb forwarding (VxlanFdbForwDuplicateError).
vlanVLAN service statistics.
vlan-dropped-in-operative <uint64>Number of input packets dropped in VLAN because the incoming interface is down (VlanDroppedInOperative).
vlan-dropped-input-unknown-interface <uint64>Number of input packets dropped in VLAN due to unknown interface (VlanDroppedInputUnknownIf).
vlan-dropped-invalid-tag <uint64>Number of input packets dropped in VLAN due to an invalid tag (VlanDroppedInvalidTag).
vlan-dropped-out-operative <uint64>Number of output packets dropped in VLAN because the outgoing interface is down (VlanDroppedOutOperative).
vlan-dropped-prepend-failure <uint64>Number of output packets dropped in VLAN due to a failure to add VLAN tag (VlanDroppedPrependFailure).
vlan-output-unknown-interface <uint64>Number of output packets with unknown interface (VlanOutputUnknownIf).
vlan-unknown-tag <uint64>Number of packets with unknown VLAN tag (VlanUnknownTag).
bridgeBridge service statistics.
l2-forwarded-frames <uint64>Number of packets forwarded at layer 2 (bridging processing) (L2ForwFrames).
bridge-dropped-forwarding-invalid <uint64>Number of output packets dropped in bridge due to forbidden forwarding (forwarding disable or originating port) (BridgeDroppedFwdInvalid).
bridge-dropped-input-lookup-error <uint64>Number of input packets dropped in bridge due to a lookup error (BridgeDroppedInputLookupError).
bridge-dropped-invalid-output-port <uint64>Number of output packets dropped in bridge because output port index is invalid (BridgeDroppedInvalidOutPort).
bridge-dropped-invalid-source <uint64>Number of input packets dropped in bridge due to invalid mac source (BridgeDroppedInvalidSrc).
bridge-dropped-invalid-state <uint64>Number of input packets dropped in bridge due to invalid state (not learning or forwarding) of the bridge (BridgeDroppedInvalidState).
bridge-dropped-learning <uint64>Number of output packets dropped in bridge while it is in learning state (BridgeDroppedLearning).
bridge-dropped-mtu-exceeded <uint64>Number of output packets dropped in bridge due to MTU greater than the authorized one (BridgeDroppedMtuExceeded).
bridge-dropped-no-output-port <uint64>Number of output packets dropped in bridge due to no valid output (BridgeDroppedNoOutputPort).
bridge-dropped-output-lookup-error <uint64>Number of output packets dropped in bridge due to a lookup error (BridgeDroppedOutputLookupError).
bridge-dropped-out-operative <uint64>Number of output packets dropped in bridge because the outgoing interface is down (BridgeDroppedOutOperative).
bridge-dropped-output-unknown <uint64>Number of output packets dropped in bridge due to an unknown output (BridgeDroppedOutputUnknown).
bridge-dropped-pause-frame <uint64>Number of input packets dropped in bridge because it is a pause frame (BridgeDroppedPauseFrame).
bridge-dropped-unknown-interface <uint64>Number of input packets dropped in bridge due to an invalid interface (BridgeDroppedUnknownIface).
bridge-fdb-synchronization-error <uint64>Number of packets dropped in bridge due to fdb synchronization error (BridgeFdbSyncError).
lagLag service statistics.
lag-dropped-inactive-port <uint64>Number of LAG dropped inactive ports (LagDroppedInactivePort).
greGRE service statistics.
gre-dropped-init-gre-ipv4-header-failure <uint64>Number of output packets dropped in GRE due to a failure to add the GRE header (GREDroppedInitGreIPv4HeaderFailure).
gre-dropped-init-gre-ipv6-header-failure <uint64>Number of output packets dropped in GRE6 due to a failure to add the GRE header (GREDroppedInitGreIPv6HeaderFailure).
gre-dropped-init-ipv4-header-failure <uint64>Number of output packets dropped in GRE due to a failure to add the IPv4 header (GREDroppedInitIPv4HeaderFailure).
gre-dropped-init-ipv6-header-failure <uint64>Number of output packets dropped in GRE due to a failure to add the IPv4 header (GREDroppedInitIPv6HeaderFailure).
gre-dropped-in-operative <uint64>Number of input packets dropped in GRE because the ingoing interface is down (GREDroppedInOperative).
gre-dropped-missing-checksum <uint64>Number of input packets dropped in GRE due to a missing checksum (GREDroppedMissingChecksum).
gre-dropped-out-operative <uint64>Number of output packets dropped in GRE because the outgoing interface is down (GREDroppedOutOperative).
gre-dropped-parse-ipv4-header-failure <uint64>Number of input packets dropped in GRE due to failure to parse IPv4 header (GREDroppedParseIPv4HeaderFailure).
gre-dropped-parse-ipv6-header-failure <uint64>Number of input packets dropped in GRE due to failure to parse IPv6 header (GREDroppedParseIPv6HeaderFailure).
gre-dropped-pullup-ipv4-header-failure <uint64>Number of input packets dropped in IPv4 GRE due to pullup failure on gre header (GREDroppedPullupIPv4HeaderFailure).
gre-dropped-pullup-ipv6-header-failure <uint64>Number of input packets dropped in IPv6 GRE due to pullup failure on gre header (GREDroppedPullupIPv6HeaderFailure).
gre-dropped-unexpected-checksum <uint64>Number of input packets dropped in GRE due to an unexpected checksum (GREDroppedUnexpectedChecksum).
gre-dropped-wrong-checksum <uint64>Number of input packets dropped in GRE due to an incorrect checksum (GREDroppedWrongChecksum).
gre-exception-input-unsupported-protocol <uint64>Number of input packets sent to exception by GRE due to unsupported GRE protocol (GREExceptionInputUnsupportedProtocol).
gre-exception-ipv4-route <uint64>Number of output packets sent to exception by GRE due to specific route (for IPv4 packet) (GREExceptionIPv4Route).
gre-exception-ipv4-source-select-failed <uint64>Number of output packets sent to exception by GRE due to no src address can be set (for IPv4 packet) (GREExceptionIPv4SourceSelectFailed).
gre-exception-ipv6-route <uint64>Number of output packets sent to exception by GRE due to specific route (for IPv6 packet) (GREExceptionIPv6Route).
gre-exception-output-unsupported-protocol <uint64>Number of output packets sent to exception by GRE due to unsupported GRE protocol (GREExceptionOutputUnsupportedProtocol).
gre-exception-unknown-iface <uint64>Number of output packets sent to exception by GRE due to an invalid GRE interface id (GREExceptionUnknownIface).
gre-exception-unsupported-ethernet-type <uint64>Number of output packets sent to exception by GRE due to unsupported ethernet type (GREExceptionUnsupportedEtherType).
gre-invalid-header <uint64>Number of input packets not managed by GRE due to routing flags set (see rfc 1701) or version number different to 0. The packet can be dropped or sent to exception later in other fast path processing part (GREInvalidHeader).
gre-protocol-not-supported <uint64>Number of input packets not supported by GRE (GREProtocolNotSupported).
gretap-dropped-out-operative <uint64>Number of output packets dropped in GRETAP because the outgoing interface is down (GRETAPDroppedOutOperative).
gretap-exception-unknown-iface <uint64>Number of output packets sent to exception by GRETAP due to an invalid GRE interface id (GRETAPExceptionUnknownIface).
mplsMPLS service statistics.
mpls-forwarding <uint64>Number of forwarding packets in MPLS (MplsForwarding).
mpls-input <uint64>Number of input packets in MPLS (MplsInput).
mpls-no-route <uint64>Number of packets in MPLS with no route (MplsNoRoute).
mpls-push <uint64>Number of push packets in MPLS (MplsPush).
mpls-in-header-errors <uint64>Number of packets in MPLS discarded due to errors in header (MplsInHdrErrors).
mpls-received-dropped <uint64>Number of received dropped packets in MPLS (MplsRxDrop).
mpls-dropped-invalid-interface <uint64>Number of packets dropped in MPLS due to invalid outgoing interface (MplsDroppedInvalidInterface).
mpls-dropped-mtu <uint64>Number of packets dropped in MPLS due to MTU greater than the authorized one (MplsDroppedMtu).
mpls-dropped-no-memory <uint64>Number of packets dropped in MPLS due to memory allocation errors (MplsDroppedNoMem).
mpls-dropped-no-neighbor <uint64>Number of dropped packets in MPLS due to no neighbor is found (MplsDroppedNoNeigh).
mpls-dropped-ttl-exceed <uint64>Number of packets dropped in MPLS due to ttl exceeded (MplsDroppedTtlExceed).
globalGlobal service statistics.
fast-path-dropped <uint64>Number of packets dropped by fast path (fp_dropped).
fast-path-dropped-neighbor <uint64>Number of packets dropped by fast path in ARP/NDP (fp_dropped_neigh).
fast-path-dropped-bonding <uint64>Number of packets dropped by fast path in bonding (fp_dropped_bonding).
fast-path-dropped-bridge <uint64>Number of packets dropped by fast path in bridge (fp_dropped_bridge).
fast-path-dropped-ebtables <uint64>Number of packets dropped by fast path in layer 2 filtering (fp_dropped_ebtables).
fast-path-dropped-ethernet <uint64>Number of packets dropped by fast path at the generic ethernet layer (fp_dropped_ether).
fast-path-dropped-exception <uint64>Number of packets dropped by fast path in exception path (fp_dropped_excp).
fast-path-dropped-exception-loop <uint64>Number of packets dropped by fast path due to exception loop (fp_dropped_excloop).
fast-path-dropped-filtering <uint64>Number of packets dropped by fast path in IPv4 filtering (fp_dropped_netfilter).
fast-path-dropped-filtering-ipv6 <uint64>Number of packets dropped by fast path in IPv6 filtering (fp_dropped_netfilter6).
fast-path-dropped-gre <uint64>Number of packets dropped by fast path in GRE (fp_dropped_gre).
fast-path-dropped-ip <uint64>Number of packets dropped by fast path in generic IPv4 (fp_dropped_ip).
fast-path-dropped-ipsec <uint64>Number of packets dropped by fast path in IPv4 IPsec (fp_dropped_ipsec).
fast-path-dropped-ipsec-ipv6 <uint64>Number of packets dropped by fast path in IPv6 IPsec (fp_dropped_ipsec6).
fast-path-dropped-ipv6 <uint64>Number of packets dropped by fast path in generic IPv6 (fp_dropped_ipv6).
fast-path-dropped-macvlan <uint64>Number of packets dropped by fast path in MACVLAN (fp_dropped_macvlan).
fast-path-dropped-mpls <uint64>Number of packets dropped by fast path in MultiProtocol Label Switching (fp_dropped_mpls).
fast-path-dropped-multicast <uint64>Number of packets dropped by fast path in IPv4 multicast (fp_dropped_mcast).
fast-path-dropped-multicast-ipv6 <uint64>Number of packets dropped by fast path in IPv6 multicast (fp_dropped_mcast6).
fast-path-dropped-npf <uint64>Number of packets dropped by fast path in Network Address Translation and Carrier-grade NAT (fp_dropped_npf).
fast-path-dropped-ovs <uint64>Number of packets dropped by fast path in Open vSwitch (fp_dropped_ovs).
fast-path-dropped-plugins <uint64>Number of packets dropped by fast path in plugin (fp_dropped_plugins).
fast-path-dropped-qos <uint64>Number of packets dropped by fast path in QoS (fp_dropped_qos).
fast-path-dropped-reassembly <uint64>Number of packets dropped by fast path in IPv4 reassembly (fp_dropped_reasm).
fast-path-dropped-reassembly-ipv6 <uint64>Number of packets dropped by fast path in IPv6 reassembly (fp_dropped_reasm6).
fast-path-dropped-system <uint64>Number of packets dropped by fast path in internal processing (fp_dropped_system).
fast-path-dropped-tc <uint64>Number of packets dropped by fast path in generic traffic conditioning (fp_dropped_tc).
fast-path-dropped-tc-erl <uint64>Number of packets dropped by fast path in traffic conditioning by exception rate limitation (fp_dropped_tc_erl).
fast-path-dropped-tunnel <uint64>Number of packets dropped by fast path in IPinIP tunnel (fp_dropped_tunnel).
fast-path-dropped-vethernet <uint64>Number of packets dropped by fast path in vEthernet (fp_dropped_veth).
fast-path-dropped-vlan <uint64>Number of packets dropped by fast path in VLAN (fp_dropped_vlan).
fast-path-dropped-vxlan <uint64>Number of packets dropped by fast path in VXLAN (fp_dropped_vxlan).
fast-path-missing-ipsec-license <uint64>Number of packets dropped in fast path due to missing ipsec license (fp_missing_ipsec_license).
fast-path-missing-product-license <uint64>Number of packets dropped in fast path due to missing product license (fp_missing_product_license).
interfaceInterface statistics.
name <string>Interface name.
accelerated true|falseTrue if the interface is managed by the fast-path, else false.
input-bytes <uint64>The number of input received bytes (ifs_ibytes).
input-errors <uint64>The number of input received errors (ifs_ierrors).
input-last-error <uint64>The number of input received last errors (ifs_ilasterror).
input-multicasts <uint64>The number of input received multicast packets (ifs_imcasts).
input-no-mbuf <uint64>The number of input packets dropped because no mbuf was available (ifs_inombuf).
input-packets <uint64>The number of input received packets (ifs_ipackets).
missed-input-packets <uint64>The number of missed input packets (ifs_imissed).
multicasts <uint64>The number of multicasts (ifs_mcasts).
output-bytes <uint64>The number of output sent bytes (ifs_obytes).
output-errors <uint64>The number of output sent errors (ifs_oerrors).
output-packets <uint64>The number of ouput sent packets (ifs_opackets).
exceptionException service statistics.
exception-by-moduleExceptions by module statistics.
fast-path-exception-bonding <uint64>Number of packets send in exception in bonding (fp_exception_bonding).
fast-path-exception-bridge <uint64>Number of packets send in exception in bridge (fp_exception_bridge).
fast-path-exception-ebtables <uint64>Number of packets send in exception in layer 2 filtering (fp_exception_ebtables).
fast-path-exception-ethernet <uint64>Number of packets send in exception in generic layer 2 (fp_exception_ether).
fast-path-exception-filtering <uint64>Number of packets send in exception in IPv4 filtering (fp_exception_netfilter).
fast-path-exception-filtering-ipv6 <uint64>Number of packets send in exception in IPv6 filtering (fp_exception_netfilter6).
fast-path-exception-gre <uint64>Number of packets send in exception in GRE (fp_exception_gre).
fast-path-exception-ifnet <uint64>Number of packets send in exception by a virtual interface (fp_exception_ifnet).
fast-path-exception-ip <uint64>Number of packets send in exception in generic IPv4 (fp_exception_ip).
fast-path-exception-ipsec <uint64>Number of packets send in exception in IPv4 IPsec (fp_exception_ipsec).
fast-path-exception-ipsec-ipv6 <uint64>Number of packets send in exception in IPv6 IPsec (fp_exception_ipsec6).
fast-path-exception-ipv6 <uint64>Number of packets send in exception in generic IPv6 (fp_exception_ipv6).
fast-path-exception-macvlan <uint64>Number of packets send in exception in MACVLAN (fp_exception_macvlan).
fast-path-exception-mpls <uint64>Number of packets send in exception in MPLS (fp_exception_mpls).
fast-path-exception-npf <uint64>Number of packets send in exception in NPF (fp_exception_npf).
fast-path-exception-reassembly <uint64>Number of packets send in exception in IPv4 reassembly (fp_exception_reass).
fast-path-exception-sflow <uint64>Number of packets sent in exception in sflow (fp_exception_sflow).
fast-path-exception-syslog <uint64>Number of packets send in exception for logging (for system without syslog) (fp_exception_syslog).
fast-path-exception-tap <uint64>Number of packets send in exception in eBPF (Enhanced Berkeley Packet Filtering), typically when there is a tcpdump or sflow (fp_exception_tap).
fast-path-exception-tunnel <uint64>Number of packets send in exception in IPinIP tunnel (fp_exception_tunnel).
fast-path-exception-unknown-ifnet <uint64>Number of packets sent in exception due to unknown ifnet (fp_exception_unknown_ifnet).
fast-path-exception-vethernet <uint64>Number of packets sent in exception in vEthernet (fp_exception_veth).
fast-path-exception-vlan <uint64>Number of packets sent in exception in VLAN (fp_exception_vlan).
fast-path-exception-vxlan <uint64>Number of packets send in exception in VXLAN (fp_exception_vxlan).
exception-dropped-fp-to-linux-add-mark-failure <uint64>Number of exception packets to Linux dropped due to a tag addition failure (ExcpDroppedFpToLinuxAddMarkFailure).
exception-dropped-fp-to-linux-fptun-failure <uint64>Number of ExcpDroppedFpToLinuxFptunFailure exceptions (ExcpDroppedFpToLinuxFptunFailure).
exception-dropped-fp-to-linux-no-ipv4-route-local <uint64>Number of exception packets to Linux dropped due to a failure to find the IPv4 route (ExcpDroppedFpToLinuxNoIPv4RouteLocal).
exception-dropped-fp-to-linux-no-ipv6-route-local <uint64>Number of exception packets to Linux dropped due to a failure to find the IPv6 route (ExcpDroppedFpToLinuxNoIPv6RouteLocal).
exception-dropped-fp-to-linux-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxPrependFailure exceptions (ExcpDroppedFpToLinuxPrependFailure).
exception-dropped-fp-to-linux-prepend-failure-detailedDetailed exceptions of the packets dropped from fast-path to linux with prepend failure.
exception-dropped-fp-to-linux-ecmp-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxEcmpPrependFailure exceptions (ExcpDroppedFpToLinuxEcmpPrependFailure).
exception-dropped-fp-to-linux-ecmp6-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxEcmp6PrependFailure exceptions (ExcpDroppedFpToLinuxEcmp6PrependFailure).
exception-dropped-fp-to-linux-eth-fptun-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxEthFptunPrependFailure exceptions (ExcpDroppedFpToLinuxEthFptunPrependFailure).
exception-dropped-fp-to-linux-eth-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxEthPrependFailure exceptions (ExcpDroppedFpToLinuxEthPrependFailure).
exception-dropped-fp-to-linux-ipsec-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxIPsecPrependFailure exceptions (ExcpDroppedFpToLinuxIPsecPrependFailure).
exception-dropped-fp-to-linux-restore-failure <uint64>Number of ExcpDroppedFpToLinuxRestoreFailure exceptions (ExcpDroppedFpToLinuxRestoreFailure).
exception-dropped-fp-to-linux-tuple-prepend-failure <uint64>Number of ExcpDroppedFpToLinuxTuplePrependFailure exceptions (ExcpDroppedFpToLinuxTuplePrependFailure).
exception-dropped-invalid-mtag <uint64>Number of ExcpDroppedInvalidMtag exceptions (ExcpDroppedInvalidMtag).
exception-dropped-linux-to-fp-generic-command-failure <uint64>Number of packets from Linux dropped due to a FPTUN internal error (ExcpDroppedLinuxToFpGenericCommandFailure).
exception-dropped-linux-to-fp-invalid-port-id <uint64>Number of packets from Linux dropped due to a reception of a FPTUN message on an unexpected port (ExcpDroppedLinuxToFpInvalidPortId).
exception-dropped-linux-to-fp-invalid-version <uint64>Number of packets from Linux dropped due to an invalid FPTUN version (ExcpDroppedLinuxToFpInvalidVersion).
exception-dropped-linux-to-fp-ipv4-pullup-failure <uint64>Number of packets from Linux dropped due to a failure when getting the IPv4 header of the FPTUN message (ExcpDroppedLinuxToFpIPv4PullupFailure).
exception-dropped-linux-to-fp-ipv6-pullup-failure <uint64>Number of packets from Linux dropped due to a failure when getting the IPv6 header of the FPTUN message (ExcpDroppedLinuxToFpIPv6PullupFailure).
exception-dropped-linux-to-fp-msg-too-short <uint64>Number of packets from Linux dropped due to an incomplete FPTUN message (ExcpDroppedLinuxToFpMsgTooShort).
exception-dropped-linux-to-fp-no-output-function <uint64>Number of packets from Linux dropped because no TX function has been registered (ExcpDroppedLinuxToFpNoOutputFunction).
exception-dropped-linux-to-fp-other-host <uint64>Number of packets from Linux dropped due to a reception of a FPTUN message marked as PACKET_OTHERHOST (ExcpDroppedLinuxToFpOtherHost).
exception-dropped-linux-to-fp-out-operative <uint64>Number of packets from Linux dropped because the destination interface is down (ExcpDroppedLinuxToFpOutOperative).
exception-dropped-linux-to-fp-tproxy-failure <uint64>Number of ExcpDroppedLinuxToFpTproxyFailure exceptions (ExcpDroppedLinuxToFpTproxyFailure).
exception-dropped-linux-to-fp-unknown-command <uint64>Number of packets from Linux dropped due to an invalid FPTUN command (ExcpDroppedLinuxToFpUnknownCommand).
exception-dropped-linux-to-fp-unknown-interface-uid <uint64>Number of packets from Linux dropped due to an invalid interface id for FPTUN (ExcpDroppedLinuxToFpUnknownIfUid).
exception-dropped-no-conntrack <uint64>Number of ExcpDroppedNoConntrack exceptions (ExcpDroppedNoConntrack).
local-basic-exceptions <uint64>The number of local basic exceptions (LocalBasicExceptions).
local-exception-classLocal exception class statistics.
fptun-exception-ecmp-ndisc-needed <uint64>The number of FPTUN_EXC_ECMP_NDISC_NEEDED exceptions (FPTUN_EXC_ECMP_NDISC_NEEDED).
fptun-exception-ether-dst <uint64>The number of FPTUN_EXC_ETHER_DST exceptions (FPTUN_EXC_ETHER_DST).
fptun-exception-fpc <uint64>The number of FPTUN_EXC_FPC exceptions (FPTUN_EXC_FPC).
fptun-exception-icmp-needed <uint64>The number of FPTUN_EXC_ICMP_NEEDED exceptions (FPTUN_EXC_ICMP_NEEDED).
fptun-exception-ike-needed <uint64>The number of FPTUN_EXC_IKE_NEEDED exceptions (FPTUN_EXC_IKE_NEEDED).
fptun-exception-ip-dst <uint64>The number of FPTUN_EXC_IP_DST exceptions (FPTUN_EXC_IP_DST).
fptun-exception-ip-pmtu <uint64>The number of FPTUN_EXC_IP_PMTU exceptions (FPTUN_EXC_IP_PMTU).
fptun-exception-ndisc-needed <uint64>The number of FPTUN_EXC_NDISC_NEEDED exceptions (FPTUN_EXC_NDISC_NEEDED).
fptun-exception-nf-func <uint64>The number of FPTUN_EXC_NF_FUNC exceptions (FPTUN_EXC_NF_FUNC).
fptun-exception-replaywin <uint64>The number of FPTUN_EXC_REPLAYWIN exceptions (FPTUN_EXC_REPLAYWIN).
fptun-exception-socket <uint64>The number of FPTUN_EXC_SOCKET exceptions (FPTUN_EXC_SOCKET).
fptun-exception-sp-func <uint64>The number of FPTUN_EXC_SP_FUNC exceptions (FPTUN_EXC_SP_FUNC).
fptun-exception-tap <uint64>The number of FPTUN_EXC_TAP exceptions (FPTUN_EXC_TAP).
fptun-exception-undef <uint64>The number of FPTUN_EXC_UNDEF exceptions (FPTUN_EXC_UNDEF).
fptun-exception-vnb-to-vnb <uint64>The number of FPTUN_EXC_VNB_TO_VNB exceptions (FPTUN_EXC_VNB_TO_VNB).
local-exception-typeLocal exception types statistics.
fptun-basic-exception <uint64>Number of basic exception packets for Linux reception processing (FPTUN_BASIC_EXCEPT).
fptun-eth-input-exception <uint64>Number of FPTUN exception packets for Linux ethernet input processing (FPTUN_ETH_INPUT_EXCEPT).
fptun-eth-novnb-input-exception <uint64>Number of FPTUN exception packets for Linux processing skipping VNB (FPTUN_ETH_NOVNB_INPUT_EXCEPT).
fptun-eth-sp-output-req <uint64>Number of FPTUN exception packets from Linux for fast path ethernet processing (FPTUN_ETH_SP_OUTPUT_REQ).
fptun-iface-input-exception <uint64>Number of FPTUN exception packets for Linux VNB iface processing (FPTUN_IFACE_INPUT_EXCEPT).
fptun-ipsec-sp-output-req <uint64>Number of FPTUN exception packets from Linux for fast path IPsec processing (FPTUN_IPSEC_SP_OUTPUT_REQ).
fptun-ipv4-ipsecdone-input-exception <uint64>Number of FPTUN exception packets for Linux IPv4 input after IPsec processing (FPTUN_IPV4_IPSECDONE_INPUT_EXCEPT).
fptun-ipv4-ipsecdone-output-exception <uint64>Number of FPTUN exception packets for Linux IPv4 output after IPsec processing (FPTUN_IPV4_IPSECDONE_OUTPUT_EXCEPT).
fptun-ipv4-natdone-input-exception <uint64>Number of FPTUN exception packets for Linux IPv4 input after NAT processing (FPTUN_IPV4_NATDONE_INPUT_EXCEPT).
fptun-ipv4-output-exception <uint64>Number of FPTUN exception packets for Linux IPv4 output (FPTUN_IPV4_OUTPUT_EXCEPT).
fptun-ipv4-sp-output-req <uint64>Number of FPTUN exception packets from Linux for fast path IPv4 processing (FPTUN_IPV4_SP_OUTPUT_REQ).
fptun-ipv6-ipsecdone-input-exception <uint64>Number of FPTUN exception packets for Linux IPv6 input after IPsec processing (FPTUN_IPV6_IPSECDONE_INPUT_EXCEPT).
fptun-ipv6-ipsecdone-output-exception <uint64>Number of FPTUN exception packets for Linux IPv6 output after IPsec processing (FPTUN_IPV6_IPSECDONE_OUTPUT_EXCEPT).
fptun-ipv6-output-exception <uint64>Number of FPTUN exception packets for Linux IPv6 output (FPTUN_IPV6_OUTPUT_EXCEPT).
fptun-ipv6-sp-output-req <uint64>Number of FPTUN exception packets from Linux for fast path IPv6 processing (FPTUN_IPV6_SP_OUTPUT_REQ).
fptun-output-exception <uint64>Number of FPTUN exception packets for Linux interface output processing (FPTUN_OUTPUT_EXCEPT).
fptun-rfps-update <uint64>Number of FPTUN exception packets for fast path statistics processing (FPTUN_RFPS_UPDATE).
fptun-tap <uint64>Number of FPTUN exception packets for Linux TAP (tcpdump) (FPTUN_TAP).
fptun-traffic-generator-msg <uint64>Number of FPTUN exception packets for fast path traffic generator processing (FPTUN_TRAFFIC_GEN_MSG).
fptun-vnb2vnb-fp-to-linux-exception <uint64>Number of FPTUN VNB exception packets for Linux VNB input processing (FPTUN_VNB2VNB_FP_TO_LINUX_EXCEPT).
fptun-vnb2vnb-linux-to-fp-exception <uint64>Number of FPTUN exception packets for Linux VNB processing (FPTUN_VNB2VNB_LINUX_TO_FP_EXCEPT).
local-fptun-exceptions <uint64>The number of local fptun exceptions (LocalFPTunExceptions).
qos-schedQoS scheduler service statistics.
interfaceInterface QoS statistics.
name <string>Interface name.
index <uint64>Interface index.
vrfid <uint64>Vrf Id.
enqueue-drop-no-class-packets <uint64>The number of packets that were dropped because they matched no class (enq_drop_noclass_pkts).
enqueue-drop-policer-packets <uint64>The number of packets that were dropped by a policer (enq_drop_meter_pkts).
enqueue-drop-queue-full-packets <uint64>The number of packets that were dropped because a queue was full (enq_drop_qfull_pkts).
enqueue-success-packets <uint64>The number of packets that were enqueued (enq_ok_pkts).
transmit-drop-packets <uint64>The number of packets that were dropped during transmission (xmit_drop_pkts).
transmit-success-packets <uint64>The number of packets that were transmitted (xmit_ok_pkts).
classFast-path class statistics.
class-id <uint64>Class Id.
index <uint64>Class index.
enqueue-drop-policer-packets <uint64>The number of packets that were dropped by a policer (enq_drop_meter_pkts).
enqueue-drop-queue-full-packets <uint64>The number of packets that were dropped because a queue was full (enq_drop_qfull_pkts).
enqueue-success-packets <uint64>The number of packets that were enqueued (enq_ok_pkts).
transmit-drop-packets <uint64>The number of packets that were dropped during transmission (xmit_drop_pkts).
transmit-success-packets <uint64>The number of packets that were transmitted (xmit_ok_pkts).
qos-rate-limitQoS rate limit service statistics.
greenGreen statistics.
packets <uint64>Number of green packets.
bytes <uint64>Number of green bytes.
yellowYellow statistics.
packets <uint64>Number of yellow packets.
bytes <uint64>Number of yellow bytes.
redRed statistics.
packets <uint64>Number of red packets.
bytes <uint64>Number of red bytes.
pppoePPPoE service statistics.
exc-in-unknown-channel <uint64>Number of input packets sent in exception due to an unknown channel (PppoeExcInUnknownChannel).
exc-out-unknown-ethernet <uint64>Number of output packets sent in exception due to an unknown ethernet interface (PppoeExcOutUnknownEthernet).
dropped-in-malformed-ppp-frame <uint64>Number of input packets dropped due to a malformed PPP frame (PppoeDroppedInMalformedPppFrame).
dropped-out-prepend-failure <uint64>Number of output packets dropped due to an mbuf prepend failure (PppoeDroppedOutPrependFailure).
dropped-in-operative <uint64>Number of input packets dropped due to an inoperative interface (PppoeDroppedInOperative).
dropped-out-operative <uint64>Number of output packets dropped due to an inoperative interface (PppoeDroppedOutOperative).
show fast-path ports¶
Note
requires a Product License.
vsr> show fast-path ports
Show the fast path handled ports.
Output Data¶
portList of fast-path ports.
id <uint32>Fast-path port identifier.
name <string>Physical port name.
interface INTERFACEInterface name.
INTERFACEAn interface name.
vrf VRFVRF name on which the port is configured.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
driver <string>Port driver name.
show ike¶
Note
requires a IPsec Application License.
vsr> show ike [vrf VRF] counters [vpn <string>] ike-sa [details] [with-keys] \
... [vpn <string>] [remote-ip <string>] [remote-id <string>] [state STATE] \
... ike-sa-count [state STATE] ipsec-sa-count [fastpath] ipsec-sa \
... [source-ip <string>] [destination-ip <string>] [protocol PROTOCOL] \
... [spi SPI] [mode MODE] [svti-id SVTI-ID] [with-keys] [fastpath] \
... ipsec-sp [direction DIRECTION] [svti-id SVTI-ID] [fastpath] certificate \
... [subject SUBJECT] [pem] [brief] [details] crl [issuer <distinguished-name>] \
... [pem] [brief] [details]
Show filtered SA state or general information.
Input Parameters¶
vrf VRFShow objects in selected netns only.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
countersShow IKE counters.
vpn <string>Show counters for selected VPN.
ike-saShow SA state.
detailsShow detailed output.
with-keysShow detailed output with IKE and IPsec keys.
vpn <string>Show SA for selected VPN.
remote-ip <string>Show SAs to selected remote-ip.
remote-id <string>Show SAs to selected remote-id.
state STATEShow SAs in selected state.
STATEvaluesDescription
createdIKE SA just got created, but is not initiating nor responding yet.
connectingIKE SA gets initiated actively or passively.
establishedIKE SA is fully established.
passiveIKE SA is managed externally and does not process messages.
rekeyingIKE SA rekeying in progress.
rekeyedIKE SA has been rekeyed (or is redundant).
deletingIKE SA deletion in progress.
destroyingIKE SA object gets destroyed.
ike-sa-countShow SA count.
state STATEOnly count SAs in selected state.
STATEvaluesDescription
createdIKE SA just got created, but is not initiating nor responding yet.
connectingIKE SA gets initiated actively or passively.
establishedIKE SA is fully established.
passiveIKE SA is managed externally and does not process messages.
rekeyingIKE SA rekeying in progress.
rekeyedIKE SA has been rekeyed (or is redundant).
deletingIKE SA deletion in progress.
destroyingIKE SA object gets destroyed.
ipsec-sa-countShow IPsec SA count (default is from Linux).
fastpathShow IPsec SA count from Fast-Path.
ipsec-saShow IPsec SAs (default is from Linux).
source-ip <string>Show SAs with specified source IP.
destination-ip <string>Show SAs with specified destination IP.
protocol PROTOCOLShow SAs with specified IPsec protocol.
PROTOCOLvaluesDescription
noneNone.
ikeIKE.
ahAH.
espESP.
ipcompIPComp.
spi SPIShow SAs with specified Security Parameters Index.
SPIvaluesDescription
<uint32>Integer (uint32) encoded in decimal or hexadecimal.
<0x-hex-string>Integer (uint32) encoded in decimal or hexadecimal.
mode MODEShow SAs with specified IPsec mode.
MODEvaluesDescription
tunnelTunnel mode.
transportTransport mode.
beetBound End to End Tunnel mode.
svti-id SVTI-IDShow SAs with the specified SVTI ID.
SVTI-IDvaluesDescription
<uint32>Integer (uint32) encoded in decimal or hexadecimal.
<0x-hex-string>Integer (uint32) encoded in decimal or hexadecimal.
anyShow SVTI SAs with any SVTI ID.
noneShow non-SVTI SAs.
with-keysShow IPsec keys.
fastpathShow IPsec SAs from Fast-Path.
ipsec-spShow IPsec SPs (default is from Linux).
direction DIRECTIONShow SPs in the specified direction.
DIRECTIONvaluesDescription
outOutbound SPs.
inInbound SPs.
forwardForward SPs.
svti-id SVTI-IDShow SPs with the specified SVTI ID.
SVTI-IDvaluesDescription
<uint32>Integer (uint32) encoded in decimal or hexadecimal.
<0x-hex-string>Integer (uint32) encoded in decimal or hexadecimal.
anyShow SVTI SPs with any SVTI ID.
noneShow non-SVTI SPs.
fastpathShow IPsec SPs from Fast-Path.
certificateShow cached certificates.
subject SUBJECTFilter by certificate Subject or Subject Alternative Name.
SUBJECTvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
<fqdn>{1,253}The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.
<user-fqdn>IKE ID (IP address, fqdn, e-mail address or distinguished name).
<distinguished-name>IKE ID (IP address, fqdn, e-mail address or distinguished name).
pemShow the certificate in PEM format.
briefShow brief information about the certificate.
detailsShow the certificate details.
crlShow cached Certificate Revocation Lists.
issuer <distinguished-name>Filter by CRL Issuer.
pemShow the CRL in PEM format.
briefShow brief information about the CRL.
detailsShow the CRL details.
show cg-nat pool-usage¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat pool-usage [vrf <string>] pool-name <string> [address ADDRESS]
Show address usage of a CG-NAT pool.
Input Parameters¶
vrf <string>VRF.
pool-name <string>(mandatory)IP address pool name.
address ADDRESSIP address in the pool.
ADDRESSAn IPv4 address.
show cg-nat port-usage¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat port-usage [vrf <string>] rule-id <uint16> user-address USER-ADDRESS
Show port usage of a CG-NAT user.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
user-address USER-ADDRESS(mandatory)User IP address.
USER-ADDRESSvaluesDescription
<ip-address>An IPv4 address.
<ip-address>An IPv6 address.
show cg-nat user¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat user [vrf <string>] rule-id <uint16> [user-address USER-ADDRESS] [threshold-errors <uint32>] \
... [usage-min <1-100>]
Show user(s) of a CG-NAT rule.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
user-address USER-ADDRESSUser IP address.
USER-ADDRESSvaluesDescription
<ip-address>An IPv4 address.
<ip-address>An IPv6 address.
threshold-errors <uint32>Users having more errors than a given threshold.
usage-min <1-100>Users usage by at least the given rate.
show cg-nat blocks¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat blocks [vrf <string>] rule-id <uint16> user-address USER-ADDRESS
Show blocks of a CG-NAT user.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
user-address USER-ADDRESS(mandatory)User IP address.
USER-ADDRESSvaluesDescription
<ip-address>An IPv4 address.
<ip-address>An IPv6 address.
show cg-nat conntracks¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat conntracks [vrf <string>] rule-id <uint16> user-address USER-ADDRESS forward \
... [peer-address PEER-ADDRESS] backward [peer-address PEER-ADDRESS] \
... protocol tcp [peer-port PEER-PORT] udp [peer-port PEER-PORT] \
... icmp [peer-id <uint16>] icmpv6 [peer-id <uint16>] gre-pptp [key <uint16>]
Show conntracks of a CG-NAT user.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
user-address USER-ADDRESS(mandatory)User IP address.
USER-ADDRESSvaluesDescription
<ip-address>An IPv4 address.
<ip-address>An IPv6 address.
forwardFilter by IP and/or port using the forward tuple (the default).
peer-address PEER-ADDRESSForward peer IPv4/IPv6 address.
PEER-ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
backwardFilter by IP and/or port using the backward tuple.
peer-address PEER-ADDRESSBackward peer IPv4 address.
PEER-ADDRESSAn IPv4 address.
protocolFilter contracks per protocol.
tcpShow only conntracks using the TCP protocol.
peer-port PEER-PORTPeer port.
PEER-PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
udpShow only conntracks using the UDP protocol.
peer-port PEER-PORTPeer port.
PEER-PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
icmpShow only conntracks using the ICMP protocol.
peer-id <uint16>ICMP peer identifier.
icmpv6Show only conntracks using the ICMPv6 protocol.
peer-id <uint16>ICMPv6 peer identifier.
gre-pptpShow only conntracks using the GRE-PPTP protocol.
key <uint16>GRE key.
show cg-nat conntrack-statistics¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat conntrack-statistics [vrf <string>] rule-id <uint16>
Show conntracks usage statistics of a CG-NAT rule.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
show cg-nat port-statistics¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat port-statistics [vrf <string>] rule-id <uint16> [protocol PROTOCOL]
Show port usage statistics of a CG-NAT rule.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
protocol PROTOCOLProtocol.
PROTOCOLvaluesDescription
tcpTransmission Control Protocol.
udpUser Datagram Protocol.
icmpInternet Control Message Protocol.
gre-pptpGeneric Routing Encapsulation for Point-to-Point Tunneling Protocol.
show cg-nat block-statistics¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat block-statistics [vrf <string>] rule-id <uint16> [protocol PROTOCOL]
Show block usage statistics of a CG-NAT rule.
Input Parameters¶
vrf <string>VRF.
rule-id <uint16>(mandatory)Rule id.
protocol PROTOCOLProtocol.
PROTOCOLvaluesDescription
tcpTransmission Control Protocol.
udpUser Datagram Protocol.
icmpInternet Control Message Protocol.
gre-pptpGeneric Routing Encapsulation for Point-to-Point Tunneling Protocol.
show cg-nat hash-table-statistics¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat hash-table-statistics
Show hash table statistics.
show cg-nat mempool-usage¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat mempool-usage
Show memory pool usage.
show cg-nat statistics¶
Note
requires a CG-NAT Application License.
vsr> show cg-nat statistics
Show CG-NAT statistics.
Output Data¶
hairpinningHairpinning statistics.
hairpinned-packets <uint32>Number of packets forwarded between two hosts under the same NAT device. The two hosts communicate with each other using their external IP address.
loop-hairpin-dropped-packets <uint32>Number of hairpinned packets dropped due to the detection of a routing loop.
self-hairpin-dropped-packets <uint32>Number of hairpinned packets dropped due to a host attempting to send packets to its own NATed address.
natNAT statistics.
allocations <uint32>Number of NAT allocations.
destructions <uint32>Number of NAT destructions.
allocation-failures <uint32>Number of NAT allocation failures.
association-races <uint32>Number of NAT association races. This race occurs when a CPU attempts to associate a NAT object with a conntrack object that has already been associated by another CPU in the meantime.
port-allocation-failures <uint32>Number of NAT port allocation failures.
port-overloading-allocations <uint32>Number of NAT port overloaded allocations.
port-overloading-destructions <uint32>Number of NAT port overloaded destructions.
nat64-udp-null-checksum-dropped-packets <uint32>Number of dropped IPv4 UDP packets with null checksums. While in IPv6, null checksums are not allowed for UDP. When nating from IPv4 to IPv6, if the UDP checksum is NULL, it cannot be modified. In this case, the packet is dropped. It is possible to compute a full checksum by setting an option for NAT64.
blockBlock statistics.
allocations <uint32>Number of block allocations.
destructions <uint32>Number of block destructions.
allocation-failures <uint32>Number of block allocation failures. It happens when there are no blocks available in the pool.
userUser statistics.
allocations <uint32>Number of user allocations.
destructions <uint32>Number of user destructions.
allocation-failures <uint32>Number of user allocation failures.
duplicate-races <uint32>Number of attempts to create a duplicate user. This race occurs when a CPU attempts to create a new user that has already been created by another CPU in the meantime.
association-races <uint32>Number of user association races. This race occurs when a CPU attempts to associate a NAT object with a user object, indicating that the user object has already been released by another CPU.
too-many-conntracks <uint32>Number of times a user attempts to create more conntracks than the maximum allowed (i.e. max-conntracks-per-user in the cgnat rule).
no-public-ip-errors <uint32>Number of user allocation failures due the depletion of all available public IPs.
full-public-ip-errors <uint32>Number of block allocation failures due to the unavailability of port blocks in the user’s public IP.
loggingLogging statistics.
enqueues-to-logging-thread <uint32>Number of enqueued logs to logging threads.
enqueue-failures <uint32>Number of enqueued log failures.
build-failures <uint32>Number of log generation failures.
local-serverLocal server statistics.
transmit <uint32>Number of logs successfully transmitted to the local server.
transmit-errors <uint32>Number of logs failed to transmit to the local server.
remote-serversRemote servers statistics.
transmit <uint32>Number of logs successfully transmitted to the remote servers.
transmit-errors <uint32>Number of logs failed to transmit to the remote servers.
show ha-neighbor¶
Note
requires a Product License.
vsr> show ha-neighbor [vrf VRF] state
Show high-availability neighbor state.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
state(mandatory)Show high-availability neighbor state.
show ha-conntrack¶
Note
requires a Product License.
vsr> show ha-conntrack [vrf VRF] [state] [cache CACHE]
Show high-availability conntrack state.
Input Parameters¶
vrf VRFSpecify the VRF.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
stateShow high-availability conntrack state.
cache CACHEDisplay cache content.
CACHEvaluesDescription
internalDisplay content of the internal cache.
externalDisplay content of the external cache.
show vxlan fdb¶
vsr> show vxlan fdb [vrf <string>] [name NAME]
Show VXLAN FDB information.
Input Parameters¶
vrf <string>VRF to look into.
name NAMEShow FDB per interface.
NAMEAn interface name.
Output Data¶
vxlanVXLAN interface list.
name NAMEVXLAN interface name.
NAMEAn interface name.
ipv4IPv4 FDB operational state data.
fdbIPv4 FDB operational state data.
link-layer-address LINK-LAYER-ADDRESSThe link-layer address of the FDB node.
LINK-LAYER-ADDRESSAn IEEE 802 MAC address.
ip IP(mandatory)The IP address of the destination VXLAN tunnel endpoint where the Ethernet MAC ADDRESS resides.
IPAn IPv4 address.
link-interface LINK-INTERFACEThe outgoing interface for the VXLAN device driver to reach the remote VXLAN tunnel endpoint.
LINK-INTERFACEAn interface name.
port PORTThe UDP destination PORT number to use to connect to the remote VXLAN tunnel endpoint (default: the VXLAN dst).
PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
vni VNIThe VXLAN VNI Network Identifier (or VXLAN Segment ID) to use to connect to the remote VXLAN tunnel endpoint (default: the VXLAN vni).
VNIType definition representing VXLAN Segment ID / VXLAN Network Identifier value.
state STATEFDB operational state.
STATEvaluesDescription
reachableThe neighbor is known to have been reachable recently (within tens of seconds ago).
staleThe neighbor is no longer known to be reachable, but until traffic is sent to the neighbor no attempt should be made to verify its reachability.
permanentThe FDB has been permanently configured.
staticThe FDB has been statically configured.
otherThe FDB state is none of the above.
ipv6IPv4 FDB operational state data.
fdbIPv6 FDB operational state data.
link-layer-address LINK-LAYER-ADDRESSThe link-layer address of the FDB node.
LINK-LAYER-ADDRESSAn IEEE 802 MAC address.
ip IP(mandatory)The IP address of the destination VXLAN tunnel endpoint where the Ethernet MAC ADDRESS resides.
IPAn IPv6 address.
link-interface LINK-INTERFACEThe outgoing interface for the VXLAN device driver to reach the remote VXLAN tunnel endpoint.
LINK-INTERFACEAn interface name.
port PORTThe UDP destination PORT number to use to connect to the remote VXLAN tunnel endpoint (default: the VXLAN dst).
PORTA 16-bit port number used by a transport protocol such as TCP or UDP.
vni VNIThe VXLAN VNI Network Identifier (or VXLAN Segment ID) to use to connect to the remote VXLAN tunnel endpoint (default: the VXLAN vni).
VNIType definition representing VXLAN Segment ID / VXLAN Network Identifier value.
state STATEFDB operational state.
STATEvaluesDescription
reachableThe neighbor is known to have been reachable recently (within tens of seconds ago).
staleThe neighbor is no longer known to be reachable, but until traffic is sent to the neighbor no attempt should be made to verify its reachability.
permanentThe FDB has been permanently configured.
staticThe FDB has been statically configured.
otherThe FDB state is none of the above.
show bridge fdb¶
vsr> show bridge fdb [vrf <string>] [name NAME]
Show bridge FDB information.
Input Parameters¶
vrf <string>The VRF to look into.
name NAMEThe name of the interface for which the FDB will be displayed.
NAMEAn interface name.
Output Data¶
bridgeBridge interface list.
name NAMEThe bridge interface name.
NAMEAn interface name.
fdbFDB operational state data.
link-layer-address LINK-LAYER-ADDRESSThe link-layer address of the FDB node.
LINK-LAYER-ADDRESSAn IEEE 802 MAC address.
link-interface LINK-INTERFACEThe slave interface of this bridge.
LINK-INTERFACEAn interface name.
state STATEThe FDB operational state.
STATEvaluesDescription
reachableThe neighbor is known to have been reachable recently (within tens of seconds ago).
staleThe neighbor is no longer known to be reachable, but until traffic is sent to the neighbor no attempt should be made to verify its reachability.
permanentThe FDB has been permanently configured.
staticThe FDB has been statically configured.
otherThe FDB state is none of the above.
show dns-server¶
Note
requires a Product License.
vsr> show dns-server [vrf <string>] [l3vrf <string>]
Show DNS server information.
Input Parameters¶
vrf <string>VRF to look into.
l3vrf <string>Specify the l3vrf.
Output Data¶
cacheDNS server cache operational state data.
size <uint32>DNS server cache size in bytes.
inserted <uint32>Number of records that have been inserted into the cache.
queryDNS server query operation state data.
total <uint32>Number of queries.
forwarded <uint32>Number of forwarded queries.
local <uint32>Number of queries answered locally.
tls <uint32>Number of TLS queries.
https <uint32>Number of HTTPS queries.
unwanted <uint32>Replies that were unwanted or unsolicited. Could have been random traffic, delayed duplicates, very late answers, or could be spoofing attempts. Some low level of late answers and delayed duplicates are to be expected with the UDP protocol. Very high values could indicate a threat (spoofing).
show certificate list¶
Note
requires a Product License.
vsr> show certificate list
Show X509 certificates list.
show certificate¶
vsr> show certificate name NAME [base64] [pem] [details]
Show X509 certificate details.
Input Parameters¶
name NAME(mandatory)The name of the certificate.
NAMECertificate name.
base64Show the certificate in PEM format.
pemShow the certificate in PEM format.
detailsShow the certificate details.
show certificate key¶
Note
requires a Product License.
vsr> show certificate key name NAME [pem] [details]
Show X509 certificate private key.
Input Parameters¶
name NAME(mandatory)The name of the certificate.
NAMECertificate name.
pemShow the keypair in PEM format.
detailsShow the keypair details.
show certificate-request list¶
Note
requires a Product License.
vsr> show certificate-request list
Show X509 certificate signing request (PKCS #10) list.
show certificate-request key¶
Note
requires a Product License.
vsr> show certificate-request key name NAME [pem] [details]
Show X509 certificate signing request (PKCS #10) key.
Input Parameters¶
name NAME(mandatory)The name of the certificate request.
NAMECertificate name.
pemShow the keypair in PEM format (default).
detailsShow the keypair details.
show certificate-request¶
vsr> show certificate-request name NAME [pem] [details]
Show an X509 certificate signing request (PKCS #10).
Input Parameters¶
name NAME(mandatory)The name of the certificate request.
NAMECertificate name.
pemShow the certificate-request in PEM format (default).
detailsShow the certificate-request details.
show certificate cmp scheduled-update¶
vsr> show certificate cmp scheduled-update name NAME
Show status of certificate scheduled updates via CMP.
Input Parameters¶
name NAME(mandatory)The name of the certificate.
NAMECertificate name.
show alarm list¶
vsr> show alarm list
Display the list of alarms.
Output Data¶
number-of-alarms NUMBER-OF-ALARMSThis object shows the total number of alarms in the system, i.e., the total number of entries in the alarm list.
NUMBER-OF-ALARMSThe gauge32 type represents a non-negative integer, which may increase or decrease, but shall never exceed a maximum value, nor fall below a minimum value. The maximum value cannot be greater than 2^32-1 (4294967295 decimal), and the minimum value cannot be smaller than 0. The value of a gauge32 has its maximum value whenever the information being modeled is greater than or equal to its maximum value, and has its minimum value whenever the information being modeled is smaller than or equal to its minimum value. If the information being modeled subsequently decreases below (increases above) the maximum (minimum) value, the gauge32 also decreases (increases). In the value set and its semantics, this type is equivalent to the Gauge32 type of the SMIv2.
last-changed LAST-CHANGEDA timestamp when the alarm list was last changed. The value can be used by a manager to initiate an alarm resynchronization procedure.
LAST-CHANGEDThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
alarmThe list of alarms. Each entry in the list holds one alarm for a given alarm type and resource. An alarm can be updated from the underlying resource or by the user. The following leafs are maintained by the resource: ‘is-cleared’, ‘last-change’, ‘perceived-severity’, and ‘alarm-text’. An operator can change ‘operator-state’ and ‘operator-text’. Entries appear in the alarm list the first time an alarm becomes active for a given alarm type and resource. Entries do not get deleted when the alarm is cleared. Clear status is represented as a boolean flag. Alarm entries are removed, i.e., purged, from the list by an explicit purge action. For example, purge all alarms that are cleared and in closed operator state that are older than 24 hours. Purged alarms are removed from the alarm list. If the alarm resource state changes after a purge, the alarm will reappear in the alarm list. Systems may also remove alarms based on locally configured policies; this is out of scope for this module.
resource RESOURCE(mandatory)The alarming resource. See also ‘alt-resource’. This could be, for example, a reference to the alarming interface.
RESOURCEvaluesDescription
<instance-identifier>References a data tree node
<object-identifier>The object-identifier type represents administratively assigned names in a registration-hierarchical-name tree. Values of this type are denoted as a sequence of numerical non-negative sub-identifier values. Each sub-identifier value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers are separated by single dots and without any intermediate whitespace. The ASN.1 standard restricts the value space of the first sub-identifier to 0, 1, or 2. Furthermore, the value space of the second sub-identifier is restricted to the range 0 to 39 if the first sub-identifier is 0 or 1. Finally, the ASN.1 standard requires that an object identifier has always at least two sub-identifiers. The pattern captures these restrictions. Although the number of sub-identifiers is not limited, module designers should realize that there may be implementations that stick with the SMIv2 limit of 128 sub-identifiers. This type is a superset of the SMIv2 OBJECT IDENTIFIER type since it is not restricted to 128 sub-identifiers. Hence, this type SHOULD NOT be used to represent the SMIv2 OBJECT IDENTIFIER type; the object-identifier-128 type SHOULD be used instead.
<string>This is an identification of the alarming resource, such as an interface. It should be as fine-grained as possible to both guide the operator and guarantee uniqueness of the alarms. If the alarming resource is modeled in YANG, this type will be an instance-identifier. If the resource is an SNMP object, the type will be an ‘object-identifier’. If the resource is anything else, for example, a distinguished name or a Common Information Model (CIM) path, this type will be a string. If the alarming object is identified by a Universally Unique Identifier (UUID), use the uuid type. Be cautious when using this type, since a UUID is hard to use for an operator. If the server supports several models, the precedence should be in the order as given in the union definition.
<uuid>A Universally Unique IDentifier in the string representation defined in RFC 4122. The canonical representation uses lowercase characters. The following is an example of a UUID in string representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
alarm-type-id ALARM-TYPE-ID(mandatory)This leaf and the leaf ‘alarm-type-qualifier’ together provide a unique identification of the alarm type.
ALARM-TYPE-IDIdentifies an alarm type. The description of the alarm type id MUST indicate whether or not the alarm type is abstract. An abstract alarm type is used as a base for other alarm type ids and will not be used as a value for an alarm or be present in the alarm inventory.
alarm-type-qualifier ALARM-TYPE-QUALIFIERThis leaf is used when the ‘alarm-type-id’ leaf cannot uniquely identify the alarm type. Normally, this is not the case, and this leaf is the empty string.
ALARM-TYPE-QUALIFIERIf an alarm type cannot be fully specified at design time by ‘alarm-type-id’, this string qualifier is used in addition to fully define a unique alarm type. The definition of alarm qualifiers is considered to be part of the instrumentation and is out of scope for this module. An empty string is used when this is part of a key.
alt-resource ALT-RESOURCEUsed if the alarming resource is available over other interfaces. This field can contain SNMP OIDs, CIM paths, or 3GPP distinguished names, for example.
ALT-RESOURCEvaluesDescription
<instance-identifier>References a data tree node
<object-identifier>The object-identifier type represents administratively assigned names in a registration-hierarchical-name tree. Values of this type are denoted as a sequence of numerical non-negative sub-identifier values. Each sub-identifier value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers are separated by single dots and without any intermediate whitespace. The ASN.1 standard restricts the value space of the first sub-identifier to 0, 1, or 2. Furthermore, the value space of the second sub-identifier is restricted to the range 0 to 39 if the first sub-identifier is 0 or 1. Finally, the ASN.1 standard requires that an object identifier has always at least two sub-identifiers. The pattern captures these restrictions. Although the number of sub-identifiers is not limited, module designers should realize that there may be implementations that stick with the SMIv2 limit of 128 sub-identifiers. This type is a superset of the SMIv2 OBJECT IDENTIFIER type since it is not restricted to 128 sub-identifiers. Hence, this type SHOULD NOT be used to represent the SMIv2 OBJECT IDENTIFIER type; the object-identifier-128 type SHOULD be used instead.
<string>This is an identification of the alarming resource, such as an interface. It should be as fine-grained as possible to both guide the operator and guarantee uniqueness of the alarms. If the alarming resource is modeled in YANG, this type will be an instance-identifier. If the resource is an SNMP object, the type will be an ‘object-identifier’. If the resource is anything else, for example, a distinguished name or a Common Information Model (CIM) path, this type will be a string. If the alarming object is identified by a Universally Unique Identifier (UUID), use the uuid type. Be cautious when using this type, since a UUID is hard to use for an operator. If the server supports several models, the precedence should be in the order as given in the union definition.
<uuid>A Universally Unique IDentifier in the string representation defined in RFC 4122. The canonical representation uses lowercase characters. The following is an example of a UUID in string representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
time-created TIME-CREATED(mandatory)The timestamp when this alarm entry was created. This represents the first time the alarm appeared; it can also represent that the alarm reappeared after a purge. Further state changes of the same alarm do not change this leaf; these changes will update the ‘last-changed’ leaf.
TIME-CREATEDThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
is-cleared true|false(mandatory)Indicates the current clearance state of the alarm. An alarm might toggle from active alarm to cleared alarm and back to active again.
last-raised LAST-RAISED(mandatory)An alarm may change severity level and toggle between active and cleared during its lifetime. This leaf indicates the last time it was raised (‘is-cleared’ = ‘false’).
LAST-RAISEDThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
last-changed LAST-CHANGED(mandatory)A timestamp when the ‘status-change’ or ‘operator-state-change’ list was last changed.
LAST-CHANGEDThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
perceived-severity PERCEIVED-SEVERITY(mandatory)The last severity of the alarm. If an alarm was raised with severity ‘warning’ but later changed to ‘major’, this leaf will show ‘major’.
PERCEIVED-SEVERITYvaluesDescription
indeterminateIndicates that the severity level could not be determined. This level SHOULD be avoided.
warningThe ‘warning’ severity level indicates the detection of a potential or impending service-affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service-affecting fault.
minorThe ‘minor’ severity level indicates the existence of a non-service-affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service-affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the resource.
majorThe ‘major’ severity level indicates that a service- affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the resource and its full capability must be restored.
criticalThe ‘critical’ severity level indicates that a service- affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a resource becomes totally out of service and its capability must be restored.
alarm-text ALARM-TEXT(mandatory)The last reported alarm text. This text should contain information for an operator to be able to understand the problem and how to resolve it.
ALARM-TEXTThe string used to inform operators about the alarm. This MUST contain enough information for an operator to be able to understand the problem and how to resolve it. If this string contains structure, this format should be clearly documented for programs to be able to parse that information.
show alarm inventory¶
vsr> show alarm inventory
Display an inventory of the possible alarms.
Output Data¶
alarm-typeAn entry in this list defines a possible alarm.
alarm-type-id ALARM-TYPE-IDThe statically defined alarm type identifier for this possible alarm.
ALARM-TYPE-IDIdentifies an alarm type. The description of the alarm type id MUST indicate whether or not the alarm type is abstract. An abstract alarm type is used as a base for other alarm type ids and will not be used as a value for an alarm or be present in the alarm inventory.
alarm-type-qualifier ALARM-TYPE-QUALIFIERThe optionally dynamically defined alarm type identifier for this possible alarm.
ALARM-TYPE-QUALIFIERIf an alarm type cannot be fully specified at design time by ‘alarm-type-id’, this string qualifier is used in addition to fully define a unique alarm type. The definition of alarm qualifiers is considered to be part of the instrumentation and is out of scope for this module. An empty string is used when this is part of a key.
severity-level-triggerAn entry in this list defines a possible severity level.
severity-level-id SEVERITY-LEVEL-IDThis leaf-list indicates the possible severity levels of this alarm type. Note well that ‘clear’ is not part of the severity type. In general, the severity level should be defined by the instrumentation based on the dynamic state, rather than being defined statically by the alarm type, in order to provide a relevant severity level based on dynamic state and context. However, most alarm types have a defined set of possible severity levels, and this should be provided here.
SEVERITY-LEVEL-IDvaluesDescription
clearedThe alarm is cleared by the instrumentation.
indeterminateIndicates that the severity level could not be determined. This level SHOULD be avoided.
warningThe ‘warning’ severity level indicates the detection of a potential or impending service-affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service-affecting fault.
minorThe ‘minor’ severity level indicates the existence of a non-service-affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service-affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the resource.
majorThe ‘major’ severity level indicates that a service- affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the resource and its full capability must be restored.
criticalThe ‘critical’ severity level indicates that a service- affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a resource becomes totally out of service and its capability must be restored.
text <string>(mandatory)A user-friendly text describing the alarm-state change. Some variables are available in the text {name} {description} {severity} {value}.
above <int64>The alarm will be triggered if the value is above.
below <int64>The alarm will be triggered if the value is below.
betweenThe alarm will be triggered if the value is between start and end.
start <int64>Set the start value.
end <int64>Set the end value.
equal EQUALThe alarm will be triggered if the value is equal.
EQUALvaluesDescription
<int64>No description.
<string>No description.
true|falseNo description.
different DIFFERENTThe alarm will be triggered if the value is different.
DIFFERENTvaluesDescription
<int64>No description.
<string>No description.
true|falseNo description.
resource RESOURCEOptionally, specifies for which resources the alarm type is valid.
RESOURCEvaluesDescription
<xpath1.0>This type represents an XPATH 1.0 expression. When a schema node is defined that uses this type, the description of the schema node MUST specify the XPath context in which the XPath expression is evaluated.
<object-identifier>The object-identifier type represents administratively assigned names in a registration-hierarchical-name tree. Values of this type are denoted as a sequence of numerical non-negative sub-identifier values. Each sub-identifier value MUST NOT exceed 2^32-1 (4294967295). Sub-identifiers are separated by single dots and without any intermediate whitespace. The ASN.1 standard restricts the value space of the first sub-identifier to 0, 1, or 2. Furthermore, the value space of the second sub-identifier is restricted to the range 0 to 39 if the first sub-identifier is 0 or 1. Finally, the ASN.1 standard requires that an object identifier has always at least two sub-identifiers. The pattern captures these restrictions. Although the number of sub-identifiers is not limited, module designers should realize that there may be implementations that stick with the SMIv2 limit of 128 sub-identifiers. This type is a superset of the SMIv2 OBJECT IDENTIFIER type since it is not restricted to 128 sub-identifiers. Hence, this type SHOULD NOT be used to represent the SMIv2 OBJECT IDENTIFIER type; the object-identifier-128 type SHOULD be used instead.
<string>This type is used to match resources of type ‘resource’. Since the type ‘resource’ is a union of different types, the ‘resource-match’ type is also a union of corresponding types. If the type is given as an XPath 1.0 expression, a resource of type ‘instance-identifier’ matches if the instance is part of the node set that is the result of evaluating the XPath 1.0 expression. For example, the XPath 1.0 expression: /ietf-interfaces:interfaces/ietf-interfaces:interface [ietf-interfaces:type=’ianaift:ethernetCsmacd’] would match the resource instance-identifier: /if:interfaces/if:interface[if:name=’eth1’], assuming that the interface ‘eth1’ is of type ‘ianaift:ethernetCsmacd’. If the type is given as an object identifier, a resource of type ‘object-identifier’ matches if the match object identifier is a prefix of the resource’s object identifier. For example, the value: 1.3.6.1.2.1.2.2 would match the resource object identifier: 1.3.6.1.2.1.2.2.1.1.5 If the type is given as an UUID or a string, it is interpreted as an XML Schema regular expression, which matches a resource of type ‘yang:uuid’ or ‘string’ if the given regular expression matches the resource string. If the type is given as an XPath expression, it is evaluated in the following XPath context: o The set of namespace declarations is the set of prefix and namespace pairs for all YANG modules implemented by the server, where the prefix is the YANG module name and the namespace is as defined by the ‘namespace’ statement in the YANG module. If a leaf of this type is encoded in XML, all namespace declarations in scope on the leaf element are added to the set of namespace declarations. If a prefix found in the XML is already present in the set of namespace declarations, the namespace in the XML is used. o The set of variable bindings is empty. o The function library is the core function library, and the functions are defined in Section 10 of RFC 7950. o The context node is the root node in the data tree.
description <string>(mandatory)A description of the possible alarm. It SHOULD include information on possible underlying root causes and corrective actions.
will-clear true|false(mandatory)This leaf tells the operator if the alarm will be cleared when the correct corrective action has been taken. Implementations SHOULD strive for detecting the cleared state for all alarm types. If this leaf is ‘true’, the operator can monitor the alarm until it becomes cleared after the corrective action has been taken. If this leaf is ‘false’, the operator needs to validate that the alarm is no longer active using other mechanisms. Alarms can lack a corresponding clear due to missing instrumentation or no logical corresponding clear state.
severity-level SEVERITY-LEVELThis leaf-list indicates the possible severity levels of this alarm type. Note well that ‘clear’ is not part of the severity type. In general, the severity level should be defined by the instrumentation based on the dynamic state, rather than being defined statically by the alarm type, in order to provide a relevant severity level based on dynamic state and context. However, most alarm types have a defined set of possible severity levels, and this should be provided here.
SEVERITY-LEVELvaluesDescription
indeterminateIndicates that the severity level could not be determined. This level SHOULD be avoided.
warningThe ‘warning’ severity level indicates the detection of a potential or impending service-affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service-affecting fault.
minorThe ‘minor’ severity level indicates the existence of a non-service-affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service-affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the resource.
majorThe ‘major’ severity level indicates that a service- affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the resource and its full capability must be restored.
criticalThe ‘critical’ severity level indicates that a service- affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a resource becomes totally out of service and its capability must be restored.
show alarm summary¶
vsr> show alarm summary
Display a summary of the alarms.
Output Data¶
alarm-summaryA global summary of all alarms in the system. The summary does not include shelved alarms.
severity SEVERITYAlarm summary for this severity level.
SEVERITYvaluesDescription
indeterminateIndicates that the severity level could not be determined. This level SHOULD be avoided.
warningThe ‘warning’ severity level indicates the detection of a potential or impending service-affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service-affecting fault.
minorThe ‘minor’ severity level indicates the existence of a non-service-affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service-affecting) fault. Such a severity can be reported, for example, when the detected alarm condition is not currently degrading the capacity of the resource.
majorThe ‘major’ severity level indicates that a service- affecting condition has developed and an urgent corrective action is required. Such a severity can be reported, for example, when there is a severe degradation in the capability of the resource and its full capability must be restored.
criticalThe ‘critical’ severity level indicates that a service- affecting condition has occurred and an immediate corrective action is required. Such a severity can be reported, for example, when a resource becomes totally out of service and its capability must be restored.
total TOTALTotal number of alarms of this severity level.
TOTALThe gauge32 type represents a non-negative integer, which may increase or decrease, but shall never exceed a maximum value, nor fall below a minimum value. The maximum value cannot be greater than 2^32-1 (4294967295 decimal), and the minimum value cannot be smaller than 0. The value of a gauge32 has its maximum value whenever the information being modeled is greater than or equal to its maximum value, and has its minimum value whenever the information being modeled is smaller than or equal to its minimum value. If the information being modeled subsequently decreases below (increases above) the maximum (minimum) value, the gauge32 also decreases (increases). In the value set and its semantics, this type is equivalent to the Gauge32 type of the SMIv2.
not-cleared NOT-CLEAREDTotal number of alarms of this severity level that are not cleared.
NOT-CLEAREDThe gauge32 type represents a non-negative integer, which may increase or decrease, but shall never exceed a maximum value, nor fall below a minimum value. The maximum value cannot be greater than 2^32-1 (4294967295 decimal), and the minimum value cannot be smaller than 0. The value of a gauge32 has its maximum value whenever the information being modeled is greater than or equal to its maximum value, and has its minimum value whenever the information being modeled is smaller than or equal to its minimum value. If the information being modeled subsequently decreases below (increases above) the maximum (minimum) value, the gauge32 also decreases (increases). In the value set and its semantics, this type is equivalent to the Gauge32 type of the SMIv2.
cleared CLEAREDFor this severity level, the number of alarms that are cleared.
CLEAREDThe gauge32 type represents a non-negative integer, which may increase or decrease, but shall never exceed a maximum value, nor fall below a minimum value. The maximum value cannot be greater than 2^32-1 (4294967295 decimal), and the minimum value cannot be smaller than 0. The value of a gauge32 has its maximum value whenever the information being modeled is greater than or equal to its maximum value, and has its minimum value whenever the information being modeled is smaller than or equal to its minimum value. If the information being modeled subsequently decreases below (increases above) the maximum (minimum) value, the gauge32 also decreases (increases). In the value set and its semantics, this type is equivalent to the Gauge32 type of the SMIv2.
show ipfix statistics¶
Note
requires a Product License.
vsr> show ipfix statistics [vrf VRF]
Get statistics from an IPFIX probe.
Input Parameters¶
vrf VRFThe VRF to look into.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
Output Data¶
probeStatistics list per probe in the same VRF.
interface INTERFACEInterface name.
INTERFACEAn interface name.
statsStatistics associated with the probe.
flow-received <uint64>The number of received flows from the dataplane.
flow-merged <uint64>The number of merged flows (updated since the last synchronization with the dataplane).
flow-expired <uint64>The number of expired flows due to a timeout (no new packet for this flow has been recently received). The expiration timeout is the sum of ‘active-flow-lifetime-interval-seconds’ and ‘idle-flow-lifetime-interval-seconds’ configured in the collector associated with this probe.
show commit¶
vsr> show commit
Show committed configurations.
Output Data¶
commit-historyCommit information.
id <uint32>ID of the commit in the list.
date DATEDate and time of the commit.
DATEThe date-and-time type is a profile of the ISO 8601 standard for representation of dates and times using the Gregorian calendar. The profile is defined by the date-time production in Section 5.6 of RFC 3339. The date-and-time type is compatible with the dateTime XML schema type with the following notable exceptions: (a) The date-and-time type does not allow negative years. (b) The date-and-time time-offset -00:00 indicates an unknown time zone (see RFC 3339) while -00:00 and +00:00 and Z all represent the same time zone in dateTime. (c) The canonical format (see below) of data-and-time values differs from the canonical format used by the dateTime XML schema type, which requires all times to be in UTC using the time-offset ‘Z’. This type is not equivalent to the DateAndTime textual convention of the SMIv2 since RFC 3339 uses a different separator between full-date and full-time and provides higher resolution of time-secfrac. The canonical format for date-and-time values with a known time zone uses a numeric time zone offset that is calculated using the device’s configured known offset to UTC time. A change of the device’s offset to UTC time will cause date-and-time values to change accordingly. Such changes might happen periodically in case a server follows automatically daylight saving time (DST) time zone offset changes. The canonical format for date-and-time values with an unknown time zone (usually referring to the notion of local time) uses the time-offset -00:00.
user <string>User who make the commit.
description <string>{0,1024}The description of the commit.
show ipoe-server session¶
Note
requires a BNG IPoE Application License.
vsr> show ipoe-server session [vrf VRF]
Display IPoE server sessions.
Input Parameters¶
vrf VRFThe VRF in which IPoE server is started.
VRFvaluesDescription
mainThe main vrf.
<string>The vrf name.
Output Data¶
sessionDHCP relay sessions state.
interface INTERFACEInterface name.
INTERFACEAn interface name.
calling-sid <string>DHCP client identifier (MAC address).
address ADDRESSDHCP client IP address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
status <string>Session operational status.
uptime <string>Session uptime.
server SERVERThe DHCP serveur IP addresses.
SERVERvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
show ppp-server-stats¶
vsr> show ppp-server-stats [vrf <string>] [name <string>]
Show ppp-server stats.
Input Parameters¶
vrf <string>Show objects in selected vrf only.
name <string>Show stats for the selected ppp-server.
Output Data¶
sessionsContainer for the sessions state.
starting <uint64>Show starting sessions.
active <uint64>Show active sessions.
finishing <uint64>Show finishing sessions.
pppoeContainer for PPPoE counters.
start-ses <uint64>Show PPPoE starting sessions.
active-ses <uint64>Show PPPoE active sessions.
recv-PADI <uint64>Show counters for PADI received packets.
drop-PADI <uint64>Show counters for dropped PADI packets.
sent-PADO <uint64>Show counters for PADO sent packets.
recv-PADR <uint64>Show counters for PADR received packets.
sent-PADS <uint64>Show counters for PADS sent packets.
radius-serverList of Radius servers counters.
id <uint32>Show Radius server identifier.
address ADDRESSShow Radius server IP address.
ADDRESSvaluesDescription
<ipv4-address>An IPv4 address.
<ipv6-address>An IPv6 address.
state <string>Show state of Radius server.
auth-sent <uint64>Show counters for authentication request packets.
acct-start-stop-sent <uint64>Show counters for accounting start and stop sent requests.
acct-interim-update-sent <uint64>Show counters for accounting interim-update sent requests.