IP/IPv6 parameters¶
The behavior of the IPv4/IPv6 network stack can be customized globally, and, for some parameters, per VRF. This behavior customization includes for instance the activation of forwarding, the filtering of packets with source routing option, etc…
If there is no configuration value in a VRF, the global configuration applies.
Global configuration¶
To change the global default parameters, do:
vrouter running config# system network-stack ipv4
vrouter running ipv4# accept-redirects true
vrouter running ipv4# accept-source-route true
vrouter running ipv4# .. ipv6
vrouter running ipv6# accept-redirects true
vrouter running ipv6# accept-source-route true
vrouter running ipv6# accept-router-advert always
vrouter running ipv6# use-temporary-addresses always
vrouter running ipv6# commit
To display the global network stack parameters state:
vrouter> show state / system network-stack
network-stack
icmp
ignore-icmp-echo-broadcast false
rate-limit-icmp 1000
rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
..
ipv4
forwarding true
send-redirects true
accept-redirects false
accept-source-route false
log-invalid-addresses false
..
ipv6
forwarding true
accept-router-advert never
use-temporary-addresses never
accept-redirects false
accept-source-route false
..
..
The same configuration can be made using this NETCONF XML configuration:
vrouter running network-stack# show config xml absolute
<config xmlns="urn:6wind:vrouter">
<system xmlns="urn:6wind:vrouter/system">
<network-stack>
<ipv4>
<forwarding>true</forwarding>
<send-redirects>true</send-redirects>
<accept-redirects>true</accept-redirects>
<accept-source-route>true</accept-source-route>
<log-invalid-addresses>false</log-invalid-addresses>
</ipv4>
<icmp>
<ignore-icmp-echo-broadcast>false</ignore-icmp-echo-broadcast>
<rate-limit-icmp>1000</rate-limit-icmp>
<rate-mask-icmp>destination-unreachable source-quench time-exceeded parameter-problem</rate-mask-icmp>
</icmp>
<ipv6>
<forwarding>true</forwarding>
<accept-router-advert>always</accept-router-advert>
<use-temporary-addresses>always</use-temporary-addresses>
<accept-redirects>true</accept-redirects>
<accept-source-route>true</accept-source-route>
</ipv6>
</network-stack>
</system>
</config>
VRF configuration¶
To override the parameters for a specific VRF, do:
vrouter running config# vrf vr1 network-stack ipv4
vrouter running ipv4# accept-redirects false
vrouter running ipv4# .. ipv6
vrouter running ipv6# accept-redirects false
vrouter running ipv6# commit
To display the network stack parameters state for this VRF:
vrouter running ipv6# show state / vrf vr1 network-stack
network-stack
icmp
ignore-icmp-echo-broadcast false
rate-limit-icmp 1000
rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
..
ipv4
forwarding true
send-redirects true
accept-redirects false
accept-source-route false
log-invalid-addresses false
..
ipv6
forwarding true
accept-router-advert never
use-temporary-addresses never
accept-redirects false
accept-source-route false
..
..
The same configuration can be made using this NETCONF XML configuration:
vrouter running network-stack# show config xml absolute
<config xmlns="urn:6wind:vrouter">
<vrf>
<name>vr1</name>
<network-stack xmlns="urn:6wind:vrouter/system">
<icmp/>
<ipv4>
<accept-redirects>false</accept-redirects>
</ipv4>
<ipv6>
<accept-redirects>false</accept-redirects>
<accept-router-advert>never</accept-router-advert>
<use-temporary-addresses>never</use-temporary-addresses>
</ipv6>
</network-stack>
</vrf>
</config>