3.2.4. system

Global system configuration.

vsr running config# system

hostname

The hostname of the device – should be a single domain label, without the domain.

vsr running config# system
vsr running system# hostname HOSTNAME

HOSTNAME

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

cp-mask

Note

requires a Product License.

Cores on which control plane applications run.

vsr running config# system
vsr running system# cp-mask CP-MASK

CP-MASK values

Description

default

Use all cores except fast path ones for control plane.

<coremask>

A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.

Default value
default

timezone

The timezone of the device.

vsr running config# system
vsr running system# timezone TIMEZONE

TIMEZONE values

Description

UTC

Coordinated Universal Time.

GMT

Greenwich Mean Time.

<iana-timezone>

A timezone location as defined by the IANA timezone database (http://www.iana.org/time-zones)

date (state only)

The local time of the device.

vsr> show state system date

troubleshooting-report (state only)

The existing troubleshooting reports available on the system.

vsr> show state system troubleshooting-report

traffic-capture (state only)

The existing traffic captures available on the system.

vsr> show state system traffic-capture

network-stack

Note

requires a Product License.

Network stack parameters.

vsr running config# system network-stack

bridge

Bridge default parameters.

vsr running config# system network-stack bridge

call-ipv4-filtering

Call IPv4 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv4-filtering true|false
Default value
false

call-ipv6-filtering

Call IPv6 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv6-filtering true|false
Default value
false

icmp

ICMP default parameters.

vsr running config# system network-stack icmp

ignore-icmp-echo-broadcast

Ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast or multicast.

vsr running config# system network-stack icmp
vsr running icmp# ignore-icmp-echo-broadcast true|false
Default value
false

rate-limit-icmp

The minimum time space that separates the sending of two consecutive ICMP packets. By default, such space is 1000 ms.

vsr running config# system network-stack icmp
vsr running icmp# rate-limit-icmp <uint16>
Default value
1000

rate-mask-icmp

Mask made of ICMP types for which rates are being limited.

vsr running config# system network-stack icmp
vsr running icmp# rate-mask-icmp RATE-MASK-ICMP

RATE-MASK-ICMP values

Description

echo-reply

Echo Reply.

destination-unreachable

Destination Unreachable.

source-quench

Source Quench.

redirect

Redirect.

echo-request

Echo Request.

time-exceeded

Time Exceeded.

parameter-problem

Parameter Problem.

timestamp-request

Timestamp Request.

timestamp-reply

Timestamp Reply.

info-request

Info Request.

info-reply

Info Reply.

address-mask-request

Address Mask Request.

address-mask-reply

Address Mask Reply.

Default value
destination-unreachable source-quench time-exceeded parameter-problem

ipv4

IPv4 default parameters.

vsr running config# system network-stack ipv4

forwarding

Enable IP forwarding.

vsr running config# system network-stack ipv4
vsr running ipv4# forwarding true|false
Default value
true

send-redirects

Send ICMP redirect if host is on the same network than gateway.

vsr running config# system network-stack ipv4
vsr running ipv4# send-redirects true|false
Default value
true

accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-redirects true|false
Default value
false

accept-source-route

Accept packets with source route option.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-source-route true|false
Default value
false

arp-announce

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-announce ARP-ANNOUNCE

ARP-ANNOUNCE values

Description

any

Use any local address, configured on any interface.

avoid-not-in-subnet

Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’.

best-local

Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

Default value
any

arp-filter

Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-filter true|false
Default value
false

arp-ignore

Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-ignore ARP-IGNORE

ARP-IGNORE values

Description

any

Reply for any local target IP address, configured on any interface.

check-interface

Reply only if the target IP address is local address configured on the incoming interface.

check-interface-and-subnet

Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface.

ignore-scope

Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied.

ignore-all

Do not reply for all local addresses.

Default value
any

arp-proxy

Enable ARP proxy.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-proxy true|false
Default value
false

log-invalid-addresses

Log packets with impossible addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# log-invalid-addresses true|false
Default value
false

ipv6

IPv6 default parameters.

vsr running config# system network-stack ipv6

forwarding

Enable IPv6 forwarding.

vsr running config# system network-stack ipv6
vsr running ipv6# forwarding true|false
Default value
true

autoconfiguration

Autoconfigure addresses using Prefix Information in Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# autoconfiguration true|false
Default value
true

accept-router-advert

Accept Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT

ACCEPT-ROUTER-ADVERT values

Description

never

Do not accept Router Advertisements.

norouter-mode

Accept Router Advertisements if forwarding is disabled.

always

Accept Router Advertisements even if forwarding is enabled.

Default value
never

accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-redirects true|false
Default value
false

accept-source-route

Accept packets with source route option.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-source-route true|false
Default value
false

router-solicitations

Number of Router Solicitations to send until assuming no routers are present.

vsr running config# system network-stack ipv6
vsr running ipv6# router-solicitations <int16>
Default value
-1

use-temporary-addresses

Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).

vsr running config# system network-stack ipv6
vsr running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES

USE-TEMPORARY-ADDRESSES values

Description

never

Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same.

prefer-public-addresses

Enable Privacy Extensions, but prefer public addresses over temporary addresses.

always

Enable Privacy Extensions and prefer temporary addresses over public addresses.

Default value
never

neighbor

Neighbor advanced configuration.

vsr running config# system network-stack neighbor

ipv4-max-entries

Maximum number of IPv4 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-max-entries <uint32>

ipv6-max-entries

Maximum number of IPv6 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-max-entries <uint32>

ipv4-base-reachable-time

Time during which an IPv4 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-base-reachable-time <uint32>

ipv6-base-reachable-time

Time during which an IPv6 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-base-reachable-time <uint32>

conntrack

Conntrack advanced configuration.

vsr running config# system network-stack conntrack

max-entries

Maximum number of Netfilter conntracks.

vsr running config# system network-stack conntrack
vsr running conntrack# max-entries <uint32>

tcp-timeout-close

Conntrack TCP timeout close.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close <uint32>

tcp-timeout-close-wait

Conntrack TCP timeout close wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close-wait <uint32>

tcp-timeout-established

Conntrack TCP timeout established.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-established <uint32>

tcp-timeout-fin-wait

Conntrack TCP timeout fin wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-fin-wait <uint32>

tcp-timeout-last-ack

Conntrack TCP timeout last ack.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-last-ack <uint32>

tcp-timeout-max-retrans

Conntrack TCP timeout max retrans.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-max-retrans <uint32>

tcp-timeout-syn-recv

Conntrack TCP timeout syn recv.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-recv <uint32>

tcp-timeout-syn-sent

Conntrack TCP timeout syn sent.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-sent <uint32>

tcp-timeout-time-wait

Conntrack TCP timeout time wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-time-wait <uint32>

tcp-timeout-unacknowledged

Conntrack TCP timeout unacknowledged.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-unacknowledged <uint32>

udp-timeout

Conntrack UDP timeout.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout <uint32>

udp-timeout-stream

Conntrack UDP timeout stream.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout-stream <uint32>

installed-image (state only)

The list of installed images.

version (state only)

The version of the image.

vsr> show state system installed-image <string> version

current (state only)

The image is currently booted.

vsr> show state system installed-image <string> current

default (state only)

The image is booted by default.

vsr> show state system installed-image <string> default

next (state only)

The next reboot will use this image.

vsr> show state system installed-image <string> next