3.2.4. system¶
Global system configuration.
vsr running config# system
hostname¶
The hostname of the device – should be a single domain label, without the domain.
vsr running config# system
vsr running system# hostname HOSTNAME
HOSTNAME |
The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492. |
cp-mask¶
Note
requires a Product License.
Cores on which control plane applications run.
vsr running config# system
vsr running system# cp-mask CP-MASK
|
Description |
|---|---|
default |
Use all cores except fast path ones for control plane. |
<coremask> |
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
- Default value
default
timezone¶
The timezone of the device.
vsr running config# system
vsr running system# timezone TIMEZONE
|
Description |
|---|---|
UTC |
Coordinated Universal Time. |
GMT |
Greenwich Mean Time. |
<iana-timezone> |
A timezone location as defined by the IANA timezone database (http://www.iana.org/time-zones) |
troubleshooting-report (state only)¶
The existing troubleshooting reports available on the system.
vsr> show state system troubleshooting-report
traffic-capture (state only)¶
The existing traffic captures available on the system.
vsr> show state system traffic-capture
network-stack¶
Note
requires a Product License.
Network stack parameters.
vsr running config# system network-stack
bridge¶
Bridge default parameters.
vsr running config# system network-stack bridge
call-ipv4-filtering¶
Call IPv4 filtering hooks on bridges.
vsr running config# system network-stack bridge
vsr running bridge# call-ipv4-filtering true|false
- Default value
false
call-ipv6-filtering¶
Call IPv6 filtering hooks on bridges.
vsr running config# system network-stack bridge
vsr running bridge# call-ipv6-filtering true|false
- Default value
false
icmp¶
ICMP default parameters.
vsr running config# system network-stack icmp
ignore-icmp-echo-broadcast¶
Ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast or multicast.
vsr running config# system network-stack icmp
vsr running icmp# ignore-icmp-echo-broadcast true|false
- Default value
false
rate-limit-icmp¶
The minimum time space that separates the sending of two consecutive ICMP packets. By default, such space is 1000 ms.
vsr running config# system network-stack icmp
vsr running icmp# rate-limit-icmp <uint16>
- Default value
1000
rate-mask-icmp¶
Mask made of ICMP types for which rates are being limited.
vsr running config# system network-stack icmp
vsr running icmp# rate-mask-icmp RATE-MASK-ICMP
|
Description |
|---|---|
echo-reply |
Echo Reply. |
destination-unreachable |
Destination Unreachable. |
source-quench |
Source Quench. |
redirect |
Redirect. |
echo-request |
Echo Request. |
time-exceeded |
Time Exceeded. |
parameter-problem |
Parameter Problem. |
timestamp-request |
Timestamp Request. |
timestamp-reply |
Timestamp Reply. |
info-request |
Info Request. |
info-reply |
Info Reply. |
address-mask-request |
Address Mask Request. |
address-mask-reply |
Address Mask Reply. |
- Default value
destination-unreachable source-quench time-exceeded parameter-problem
ipv4¶
IPv4 default parameters.
vsr running config# system network-stack ipv4
forwarding¶
Enable IP forwarding.
vsr running config# system network-stack ipv4
vsr running ipv4# forwarding true|false
- Default value
true
send-redirects¶
Send ICMP redirect if host is on the same network than gateway.
vsr running config# system network-stack ipv4
vsr running ipv4# send-redirects true|false
- Default value
true
accept-redirects¶
Accept redirect when acting as a host. It is always disabled when acting as a router.
vsr running config# system network-stack ipv4
vsr running ipv4# accept-redirects true|false
- Default value
false
accept-source-route¶
Accept packets with source route option.
vsr running config# system network-stack ipv4
vsr running ipv4# accept-source-route true|false
- Default value
false
arp-announce¶
Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.
vsr running config# system network-stack ipv4
vsr running ipv4# arp-announce ARP-ANNOUNCE
|
Description |
|---|---|
any |
Use any local address, configured on any interface. |
avoid-not-in-subnet |
Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’. |
best-local |
Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce. |
- Default value
any
arp-filter¶
Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.
vsr running config# system network-stack ipv4
vsr running ipv4# arp-filter true|false
- Default value
false
arp-ignore¶
Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.
vsr running config# system network-stack ipv4
vsr running ipv4# arp-ignore ARP-IGNORE
|
Description |
|---|---|
any |
Reply for any local target IP address, configured on any interface. |
check-interface |
Reply only if the target IP address is local address configured on the incoming interface. |
check-interface-and-subnet |
Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface. |
ignore-scope |
Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied. |
ignore-all |
Do not reply for all local addresses. |
- Default value
any
arp-proxy¶
Enable ARP proxy.
vsr running config# system network-stack ipv4
vsr running ipv4# arp-proxy true|false
- Default value
false
log-invalid-addresses¶
Log packets with impossible addresses.
vsr running config# system network-stack ipv4
vsr running ipv4# log-invalid-addresses true|false
- Default value
false
ipv6¶
IPv6 default parameters.
vsr running config# system network-stack ipv6
forwarding¶
Enable IPv6 forwarding.
vsr running config# system network-stack ipv6
vsr running ipv6# forwarding true|false
- Default value
true
autoconfiguration¶
Autoconfigure addresses using Prefix Information in Router Advertisements.
vsr running config# system network-stack ipv6
vsr running ipv6# autoconfiguration true|false
- Default value
true
accept-router-advert¶
Accept Router Advertisements.
vsr running config# system network-stack ipv6
vsr running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT
|
Description |
|---|---|
never |
Do not accept Router Advertisements. |
norouter-mode |
Accept Router Advertisements if forwarding is disabled. |
always |
Accept Router Advertisements even if forwarding is enabled. |
- Default value
never
accept-redirects¶
Accept redirect when acting as a host. It is always disabled when acting as a router.
vsr running config# system network-stack ipv6
vsr running ipv6# accept-redirects true|false
- Default value
false
accept-source-route¶
Accept packets with source route option.
vsr running config# system network-stack ipv6
vsr running ipv6# accept-source-route true|false
- Default value
false
router-solicitations¶
Number of Router Solicitations to send until assuming no routers are present.
vsr running config# system network-stack ipv6
vsr running ipv6# router-solicitations <int16>
- Default value
-1
use-temporary-addresses¶
Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).
vsr running config# system network-stack ipv6
vsr running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES
|
Description |
|---|---|
never |
Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same. |
prefer-public-addresses |
Enable Privacy Extensions, but prefer public addresses over temporary addresses. |
always |
Enable Privacy Extensions and prefer temporary addresses over public addresses. |
- Default value
never
neighbor¶
Neighbor advanced configuration.
vsr running config# system network-stack neighbor
ipv4-max-entries¶
Maximum number of IPv4 neighbors.
vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-max-entries <uint32>
ipv6-max-entries¶
Maximum number of IPv6 neighbors.
vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-max-entries <uint32>
ipv4-base-reachable-time¶
Time during which an IPv4 neighbor entry stays reachable.
vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-base-reachable-time <uint32>
ipv6-base-reachable-time¶
Time during which an IPv6 neighbor entry stays reachable.
vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-base-reachable-time <uint32>
conntrack¶
Conntrack advanced configuration.
vsr running config# system network-stack conntrack
max-entries¶
Maximum number of Netfilter conntracks.
vsr running config# system network-stack conntrack
vsr running conntrack# max-entries <uint32>
tcp-timeout-close¶
Conntrack TCP timeout close.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close <uint32>
tcp-timeout-close-wait¶
Conntrack TCP timeout close wait.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close-wait <uint32>
tcp-timeout-established¶
Conntrack TCP timeout established.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-established <uint32>
tcp-timeout-fin-wait¶
Conntrack TCP timeout fin wait.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-fin-wait <uint32>
tcp-timeout-last-ack¶
Conntrack TCP timeout last ack.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-last-ack <uint32>
tcp-timeout-max-retrans¶
Conntrack TCP timeout max retrans.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-max-retrans <uint32>
tcp-timeout-syn-recv¶
Conntrack TCP timeout syn recv.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-recv <uint32>
tcp-timeout-syn-sent¶
Conntrack TCP timeout syn sent.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-sent <uint32>
tcp-timeout-time-wait¶
Conntrack TCP timeout time wait.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-time-wait <uint32>
tcp-timeout-unacknowledged¶
Conntrack TCP timeout unacknowledged.
vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-unacknowledged <uint32>
udp-timeout¶
Conntrack UDP timeout.
vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout <uint32>
udp-timeout-stream¶
Conntrack UDP timeout stream.
vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout-stream <uint32>
installed-image (state only)¶
The list of installed images.
version (state only)¶
The version of the image.
vsr> show state system installed-image <string> version
current (state only)¶
The image is currently booted.
vsr> show state system installed-image <string> current
default (state only)¶
The image is booted by default.
vsr> show state system installed-image <string> default
next (state only)¶
The next reboot will use this image.
vsr> show state system installed-image <string> next