r Commands – Part I

radius

Syntax

[no] radius

Context

[Tree] (debug>router radius)

Full Context

debug router radius

Description

This command enables the debug router RADIUS context.

Platforms

7705 SAR Gen 2

radius

Syntax

radius [create]

no radius

Context

[Tree] (config>service>vprn>aaa>rmt-srv radius)

Full Context

configure service vprn aaa remote-servers radius

Description

This command creates the context to configure RADIUS authentication on the VPRN.

Implement redundancy by configuring multiple server addresses for each VPRN.

The no form of this command removes the RADIUS configuration.

Parameters

create: Keyword used to create the RADIUS context.

Platforms

7705 SAR Gen 2

radius

Syntax

radius [detail] [hex]

no radius

Context

[Tree] (debug radius)

Full Context

debug radius

Description

This command enables debugging for RADIUS connections.

The no form of the command disables the debug output.

Parameters

detail: Displays detailed output.

hex: Displays the packet dump in hex format.

Platforms

7705 SAR Gen 2

radius

Syntax

[no] radius

Context

[Tree] (config>system>security radius)

Full Context

configure system security radius

Description

This command creates the context to configure RADIUS authentication on the router.

Implement redundancy by configuring multiple server addresses for each router.

The no form of this command removes the RADIUS configuration.

Platforms

7705 SAR Gen 2

radius-accounting-policy

Syntax

radius-accounting-policy policy-name

no radius-accounting-policy

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw radius-accounting-policy)

[Tree] (config>service>ies>if>sap>ipsec-gw radius-accounting-policy)

Full Context

configure service vprn interface sap ipsec-gw radius-accounting-policy

configure service ies interface sap ipsec-gw radius-accounting-policy

Description

This command configures the RADIUS accounting policy.

The no form of this command reverts to the default value.

Default

no radius-accounting-policy

Parameters

policy-name: Specifies the policy name, up to 32 characters.

Platforms

7705 SAR Gen 2

radius-accounting-policy

Syntax

radius-accounting-policy name [create]

no radius-accounting-policy name

Context

[Tree] (config>ipsec radius-accounting-policy)

Full Context

configure ipsec radius-accounting-policy

Description

This command specifies an existing RADIUS accounting policy to use to collect accounting statistics on this subscriber profile by RADIUS. This command is used independently of the collect-stats command.

Parameters

name: Specifies an existing RADIUS based accounting policy.

Platforms

7705 SAR Gen 2

radius-attr

Syntax

radius-attr type attribute-type [extended-type attribute-ext-type] [transaction]

radius-attr type attribute-type [transaction] {address | hex | integer | string} value attribute-value

radius-attr vendor vendor-id type attribute-type [extended-type attribute-ext-type] [transaction] [encoding encoding-type]

radius-attr vendor vendor-id type attribute-type [extended-type attribute-ext-type] [transaction] [encoding encoding-type] {address | hex | integer | string} value attribute-value

no radius-attr type attribute-type [extended-type attribute-ext-type]

no radius-attr type attribute-type [extended-type attribute-ext-type] {address | hex | integer | string} value attribute-value

no radius-attr vendor vendor-id type attribute-type [extended-type attribute-ext-type]

no radius-attr vendor vendor-idtype attribute-type [extended-type attribute-ext-type] {address | hex | integer | string} [value] attribute-value

Context

[Tree] (debug>router>radius radius-attr)

Full Context

debug router radius radius-attr

Description

This command specifies the RADIUS attribute filter of command debug router radius.

Parameters

attribute-type

Specifies the RADIUS attribute type.

Values: 1 to 255

attribute-ext-type

Specifies the RADIUS attribute extended type (RFC 6929).

Values: 1 to 255

address: Specifies the value is a IPv4 or IPv6 address/prefix/subnet.

string: Specifies the value is a ASCII string.

integer: Specifies the value is a integer.

hex: Specifies the value is a binary string in hex format, such as "\0xAB01FE”.

attribute-value

Specifies the value of the RADIUS attribute.

Values


address	<ipv4-address> \| <ipv6-address> \| <ipv6-prefix/prefix-length>
	ipv4-address	a.b.c.d
	ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x - [0 to FFFF]H
		d - [0 to 255]D
	ipv6-prefix-length [0 to 128]
	hex	[0x0 to 0xFFFFFFFF (up to 506 hex nibbles)]
	integer	[0 to 4294967295]
	string	ascii-string (up to 253 characters)

transaction: Specifies that the system outputs both request and response packets in the same session even if the response packet does not include the filter attribute.

vendor-id

Specifies the vendor ID for the vendor specific attribute.

Values: 0 to 16777215

encoding-type

Specifies the size of the vendor-type and vendor-length in bytes. It is a two digitals string: "xy”, x is the size of vendor-type, range from 1 to 4; y is the size of vendor-length, range from 0 to 2; it is "11” by default.

Values: type-size:1 to 4, length-size: 0 to 2

Platforms

7705 SAR Gen 2

radius-authentication-policy

Syntax

radius-authentication-policy name

no radius-authentication-policy

Context

[Tree] (config>service>ies>if>sap>ipsec-gw radius-authentication-policy)

[Tree] (config>service>vprn>if>sap>ipsec-gw radius-authentication-policy)

Full Context

configure service ies interface sap ipsec-gw radius-authentication-policy

configure service vprn interface sap ipsec-gw radius-authentication-policy

Description

This command configures the policy used for the IKEv2 remote-access tunnels terminated on the IPsec gateway. The radius-authentication-policy is defined under config>ipsec context.

Parameters

name: Specifies the name of an existing RADIUS authentication policy.

Platforms

7705 SAR Gen 2

radius-authentication-policy

Syntax

radius-authentication-policy name [create]

no radius-authentication-policyname

Context

[Tree] (config>ipsec radius-authentication-policy)

Full Context

configure ipsec radius-authentication-policy

Description

This command specifies the RADIUS authentication policy associated with this IPsec gateway.

Parameters

name: Specifies an existing RADIUS authentication policy.

Platforms

7705 SAR Gen 2

radius-coa-port

Syntax

radius-coa-port {port-number}

no radius-coa-port

Context

[Tree] (config>aaa radius-coa-port)

Full Context

configure aaa radius-coa-port

Description

This command configures the system-wide UDP port number that RADIUS is listening on for CoA and Disconnect messages.

The no form of this command reverts to the default.

Default

radius-coa-port 3799

Parameters

port-number

Specifies the UDP port number for RADIUS CoA and disconnect messages.

Values: 1647, 1700, 1812, 3799

Platforms

7705 SAR Gen 2

radius-plcy

Syntax

radius-plcy name

no radius-plcy

Context

[Tree] (config>port>ethernet>dot1x radius-plcy)

Full Context

configure port ethernet dot1x radius-plcy

Description

This command references the RADIUS policy to be used for 802.1x authentication. An 802.1x RADIUS policy must be configured (config>system>security>dot1x) before it is associated to a port. If the RADIUS policy ID does not exist, an error is returned. Only one 802.1x RADIUS policy can be associated with a port at a time.

The no form of this command removes the RADIUS policy association.

Default

no radius-plcy

Parameters

name: Specifies an existing 802.1x RADIUS policy name, up to 32 characters.

Platforms

7705 SAR Gen 2

radius-server

Syntax

radius-server

Context

[Tree] (config>router radius-server)

[Tree] (config>service>vprn radius-server)

Full Context

configure router radius-server

configure service vprn radius-server

Description

Commands in this context configure the RADIUS server under router or VPRN service.

Platforms

7705 SAR Gen 2

radius-server-policy

Syntax

radius-server-policy policy-name [create]

no radius-server-policy policy-name

Context

[Tree] (config>aaa radius-server-policy)

Full Context

configure aaa radius-server-policy

Description

This command creates a radius-server-policy.

A RADIUS server policy can be used in

radius-proxy, for application like EAP authentication for WIFI access
authentication policy, for Enhanced Subscriber Management authentication
RADIUS accounting policy, for Enhanced Subscriber Management accounting
dynamic data service RADIUS accounting
AAA route downloader

The no form of this command removes the policy name from the configuration.

Parameters

policy-name: Specifies the name of the radius-server-policy up to 32 characters.

create: Keyword used to create a radius-server-policy name. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7705 SAR Gen 2

radius-server-policy

Syntax

radius-server-policy radius-server-policy-name

no radius-server-policy

Context

[Tree] (config>ipsec>rad-auth-plcy radius-server-policy)

[Tree] (config>ipsec>rad-acct-plcy radius-server-policy)

Full Context

configure ipsec radius-authentication-policy radius-server-policy

configure ipsec radius-accounting-policy radius-server-policy

Description

This command references an existing radius-server-policy (available under the config>aaa context) for use in subscriber management authentication and accounting.

When configured in an authentication-policy, following CLI commands are ignored in the policy to avoid conflicts:

all commands in the radius-authentication-server context
accept-authorization-change
coa-script-policy
accept-script-policy
request-script-policy

When configured in a radius-accounting-policy, following CLI commands are ignored in the policy to avoid conflicts:

all commands in the radius-accounting-server context
acct-request-script-policy

The no form of this command removes the radius-server-policy reference from the configuration.

Default

no radius-server-policy

Parameters

radius-server-policy-name: Specifies the RADIUS server policy.

Platforms

7705 SAR Gen 2

radius-server-policy

Syntax

radius-server-policy policy-name

radius-server-policy auth policy-name-auth

radius-server-policy acct policy-name-acct

radius-server-policy auth policy-name-auth acct policy-name-acct

no radius-server-policy

Context

[Tree] (config>port>ethernet>dot1x radius-server-policy)

Full Context

configure port ethernet dot1x radius-server-policy

Description

This command configures the RADIUS policy with IPv4/IPv6 in base routing and VPRN. The current RADIUS policy can be found under the configure>aaa>radius-server-policy context.

The RADIUS servers for the policy are configured under configure>router>radius-server or configure>service>vprn>radius-server context.

The RADIUS policy is assigned under dot1x using the radius-server-policy command. When the RADIUS policy is configured, both authorization and accounting are performed via the same server.

The no form of this command allows authorization and accounting via different servers.

Default

no radius-server-policy

Parameters

policy-name

Specifies the RADIUS server policy, up to 32 characters.

The policy is configured under configure>aaa>radius-server-policy. When the policy name is configured, both authorization and accounting are done via this server.

policy-name-auth

Specifies the AAA RADIUS server policy for dot1x authorization only; up to 32 characters.

The policy is configured under configure>aaa>radius-server-policy. The policy name authorization is used if the user needs a different server for authorization.

policy-name-acct

Specifies the AAA RADIUS server policy for dot1x accounting only; up to 32 characters.

The policy is configured under configure>aaa>radius-server-policy. The policy name accounting is used if the user needs a different server for accounting.

Platforms

7705 SAR Gen 2

range

Syntax

range encap-range sync-tag sync-tag

no range encap-range

Context

[Tree] (config>redundancy>multi-chassis>peer>sync>port range)

Full Context

configure redundancy multi-chassis peer sync port range

Description

This command configures a range of encapsulation values.

Parameters

encap-range

Specifies a range of encapsulation values on a port to be synchronized with a multi-chassis peer.

Values


Dot1Q	start-tag-end-tag
start-tag	0 to 4094
end-tag	0 to 4094
QinQ	qtag1.start-qtag2-qtag1.end-qtag2-start-qtag1.-end-qtag1.
qtag1	1 to 4094
start-qtag1	1 to 4094
en-qtag1	1 to 4094
start-qtag2	0 to 4094
end-qtag2	0 to 4094

sync-tag: Specifies a synchronization tag up to 32 characters to be used while synchronizing this encapsulation value range with the multi-chassis peer.

Platforms

7705 SAR Gen 2

range

Syntax

[no] rangevlan-range

Context

[Tree] (config>service>vpls>sap>managed-vlan-list range)

Full Context

configure service vpls sap managed-vlan-list range

Description

This command configures a range of VLANs on an access port that are to be managed by an existing management VPLS.

This command is only valid when the VPLS in which it is entered was created as a management VPLS, and when the SAP in which it was entered was created on an Ethernet port with encapsulation type of dot1q or qinq, or on a SONET/SDH port with encapsulation type of bcp-dot1q.

To modify the range of VLANs, first the new range should be entered and afterwards the old range removed.

The no form of this command removes the VLAN range from this configuration.

Parameters

vlan-range

Specifies the VLAN start value and VLAN end value. The end-vlan must be greater than start-vlan. The format is <start-vlan>-<end-vlan>.

Values

start-vlan: 1 to 4094

end-vlan: 1 to 4094

Platforms

7705 SAR Gen 2

rapid-retransmit-time

Syntax

rapid-retransmit-time hundred-milliseconds

no rapid-retransmit-time

Context

[Tree] (config>router>rsvp rapid-retransmit-time)

Full Context

configure router rsvp rapid-retransmit-time

Description

This command defines the value of the Rapid Retransmission Interval. It is used in the re-transmission mechanism to handle unacknowledged message_id objects and is based on an exponential back-off timer.

Re-transmission interval of a RSVP message with the same message_id = 2 * rapid-retransmit-time interval of time.

The node stops re-transmission of unacknowledged RSVP messages:

If the updated back-off interval exceeds the value of the regular refresh interval.
If the number of re-transmissions reaches the value of the rapid-retry-limit parameter, whichever comes first.

The Rapid Retransmission Interval must be smaller than the regular refresh interval configured in config>router>rsvp>refresh-time.

The no form of this command reverts to the default value.

Default

rapid-retransmit-time 5

Parameters

hundred-milliseconds

Specifies the rapid retransmission interval, in hundred-milliseconds (for example, enter "6” for a 600 millisecond retransmit time).

Values: 1 to 100, in units of 100 ms.

Platforms

7705 SAR Gen 2

rapid-retry-limit

Syntax

rapid-retry-limit number

no rapid-retry-limit

Context

[Tree] (config>router>rsvp rapid-retry-limit)

Full Context

configure router rsvp rapid-retry-limit

Description

This command defines the value of the Rapid Retry Limit. This is used in the retransmission mechanism based on an exponential backoff timer in order to handle unacknowledged message_id objects. The RSVP message with the same message_id is retransmitted every 2 * rapid-retransmit-time interval of time. The node stops retransmission of unacknowledged RSVP messages whenever the updated backoff interval exceeds the value of the regular refresh interval or the number of retransmissions reaches the value of the rapid-retry-limit parameter, whichever comes first.

The no form of this command reverts to the default value.

Default

rapid-retry-limit 3

Parameters

number

Specifies the value of the Rapid Retry Limit.

Values: 1 to 6, integer values

Platforms

7705 SAR Gen 2

rapid-update

Syntax

rapid-update [l2-vpn] [mvpn-ipv4] [mvpn-ipv6] [mdt-safi] [evpn] [label-ipv4] [label-ipv6] [vpn-ipv4] [vpn-ipv6] [mcast-vpn-ipv4] [mcast-vpn-ipv6]

no rapid-update

Context

[Tree] (config>router>bgp rapid-update)

Full Context

configure router bgp rapid-update

Description

This command enables and disables BGP rapid update for specified address families.

If rapid update is enabled for a set of address families, and a route belonging to a family in that set is received by the router and chosen for propagation to certain BGP peers, the remaining time on the MRAI timer of these peers is ignored and the route is transmitted immediately, along with all other pending routes for these peers (including routes of address families not specified in the rapid-update command).

The rapid-update command overrides the peer-level min-route-advertisement (config>router>bgp min-route-advertisement, config>router>bgp>group min-route-advertisement, config>router>bgp>group>neighbor min-route-advertisement) time and applies the minimum setting (0 seconds) to routes belonging to specified address families; routes of other address families continue to be advertised according to the session-level MRAI setting.

The no form of this command disables rapid update for all address families.

Default

no rapid-update

Parameters

l2-vpn: Specifies the BGP rapid update for the 12-byte Virtual Switch Instance identifier (VSI-ID) value consisting of the 8-byte route distinguisher (RD) followed by a 4-byte value.

mvpn-ipv4: Specifies BGP rapid update for the mvpn-ipv4 address family. The mvpn-pv4 address is a variable size value consisting of the 1-byte route type, 1-byte length and variable size that is route type specific. Route type defines encoding for the route type specific field. Length indicates the length in octets of the route type specific field.

mdt-safi: Specifies BGP rapid update for the mdt-safi address family. The address is a 16-byte value consisting of 12-byte route distinguisher (RD) followed by a 4-byte group address.

mvpn-ipv6: Specifies BGP rapid update for the mvpn-ipv6 address family.

evpn: Specifies BGP rapid update for the evpn address family by including or removing EVPN routes from the set of routes that can trigger rapid update.

label-ipv4: Includes or removes label-ipv4 routes from the set of routes that can trigger rapid update.

label-ipv6: Includes or removes label-ipv6 routes from the set of routes that can trigger rapid update.

vpn-ipv4: Includes or removes vpn-ipv4 routes from the set of routes that can trigger rapid update.

vpn-ipv6: Includes or removes vpn-ipv6 routes from the set of routes that can trigger rapid update.

mcast-vpn-ipv4: Includes or removes mcast-vpn-ipv4 routes from the set of routes that can trigger rapid update.

mcast-vpn-ipv6: Includes or removes mcast-vpn-ipv6 routes from the set of routes that can trigger rapid update.

Platforms

7705 SAR Gen 2

rapid-withdrawal

Syntax

[no] rapid-withdrawal

Context

[Tree] (config>service>vprn>bgp rapid-withdrawal)

Full Context

configure service vprn bgp rapid-withdrawal

Description

This command disables the delay (Minimum Route Advertisement) on sending BGP withdrawals. Normal route withdrawals may be delayed up to the minimum route advertisement to allow for efficient packing of BGP updates.

The no form of this command removes this command from the configuration and returns withdrawal processing to the normal behavior.

Default

no rapid-withdrawal

Platforms

7705 SAR Gen 2

rapid-withdrawal

Syntax

[no] rapid-withdrawal

Context

[Tree] (config>router>bgp rapid-withdrawal)

Full Context

configure router bgp rapid-withdrawal

Description

This command disables the delay (Minimum Route Advertisement) on sending BGP withdrawals. Normal route withdrawals may be delayed up to the minimum route advertisement to allow for efficient packing of BGP updates.

The no form of this command removes this command from the configuration and returns withdrawal processing to the normal behavior.

Default

no rapid-withdrawal

Platforms

7705 SAR Gen 2

rate

Syntax

rate kilobits-per-second

no rate

Context

[Tree] (config>service>ies>if>sap>egress>agg-rate rate)

Full Context

configure service ies interface sap egress agg-rate rate

Description

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, Vport, and so on).

The no form of this command removes an explicit rate value from the aggregate rate therefore returning it to its default value.

Parameters

kilobits-per-second

Specifies the rate limit for the SAP, in kilobits per second.

Values: 1 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>ies>if>sap>egress>queue-override>queue rate)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue rate)

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue rate)

[Tree] (config>service>vpls>sap>egress>queue-override>queue rate)

Full Context

configure service ies interface sap egress queue-override queue rate

configure service vpls sap ingress queue-override queue rate

configure service ies interface sap ingress queue-override queue rate

configure service vpls sap egress queue-override queue rate

Description

This command overrides specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters.

The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile, then out-of-profile, packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0

Parameters

pir-rate

Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be configured as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 6400000000, max

Default: max

cir-rate

Overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be configured as a positive integer.

Values: 0 to 6400000000, max

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>vpls>sap>egress>sched-override>scheduler rate)

Full Context

configure service vpls sap egress scheduler-override scheduler rate

Description

This command overrides specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its policers, child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s 'within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler because of insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler assumes that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Default

rate max cir sum

Parameters

pir-rate

Specifies the PIR rates. The pir parameter accepts a step multiplier value that specifies the multiplier used to determine the PIR rate at which the queue operates. A value of 0 to 100000000 or the keyword max is accepted. Any other value results in an error without modifying the current PIR rate.

To calculate the actual PIR rate, the rate described by the queue’s rate is multiplied by the pir-rate.

The SAP ingress context for PIR is independent of the defined forwarding class (fc) for the queue. The default pir and definable range is identical for each class. The PIR in effect for a queue defines the maximum rate at which the queue is allowed to forward packets in a given second, shaping the queue’s output.

The PIR parameter for SAP ingress queues do not have a negate (no) function. To return the queue’s PIR rate to the default value, that value must be specified as the PIR value.

Values: 1 to 6400000000, max

Default: max

cir-rate

Specifies the CIR rate. The cir parameter accepts a step-multiplier value that specifies the multiplier used to determine the CIR rate at which the queue operate. A value of 0 to 250 or the keyword max is accepted. Any other value results in an error without modifying the current CIR rate.

To calculate the actual CIR rate, the rate described by the rate pir pir-rate is multiplied by the cir-rate. If the cir is set to max, then the CIR rate is set to infinity.

The context for CIR is dependent on the defined forwarding class (fc) for the queue. The default CIR and definable range is different for each class. The CIR in effect for a policer or queue defines both its profile (in or out) marking level as well as the relative importance compared to other queues for scheduling purposes during congestion periods.

Values: 0 to 6400000000, max, sum

Default: sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate {rate | max} [cir {max | rate}]

no rate

Context

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr rate)

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr rate)

Full Context

configure card fp ingress network queue-group policer-override policer rate

configure card fp ingress access queue-group policer-override policer rate

Description

This command configures the policer’s metering and optional profiling rates. The metering rate is used by the system to configure the policer’s PIR leaky bucket’s decrement rate while the profiling rate configures the policer’s CIR leaky bucket’s decrement rate. The decrement function empties the bucket while packets applied to the bucket attempt to fill it based on its packet size. If the bucket fills faster than how much is decremented per packet, the bucket’s depth eventually reaches it's exceeded (CIR) or violate (PIR) threshold. The cbs, mbs, and high-prio-only commands are used to configure the policer’s PIR and CIR thresholds.

If a packet arrives at the policer while the bucket’s depth is less than the threshold associated with the packet, the packet is considered to be conforming to the bucket’s rate. If the bucket depth is equal to or greater than the threshold, the packet is considered to be in the exception state. For the CIR bucket, the exception state is exceeding the CIR rate while the PIR bucket's exception state is violating the PIR bucket rate. If the packet is violating the PIR, the packet is marked red and will be discarded. If the packet is not red, it may be green or yellow based on the conforming or exceeding state from the CIR bucket.

When a packet is red neither the PIR nor the CIR bucket depths are incremented by the packets size. When the packet is yellow the PIR bucket is incremented by the packet size, but the CIR bucket is not. When the packet is green, both the PIR and CIR buckets are incremented by the packet size. This ensures that conforming packets impact the bucket depth while exceeding or violating packets do not.

The policer’s adaptation-rule command settings are used by the system to convert the specified rates into hardware timers and decrement values for the policer’s buckets.

By default, the policer’s metering rate is max and the profiling rate is 0 kb/s (all packets out-of-profile).

The rate settings defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command reverts to the default metering and profiling rate of a policer.

Parameters

{rate | max}

Specifying the keyword max or an explicit rate parameter directly following the rate command is required and identifies the policer’s metering rate for the PIR leaky bucket. When the policer is first created, the metering rate defaults to max. The kilobits-per-second value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: max or 1 to 2000000000

cir {max | rate}

The optional cir keyword is used to override the default CIR rate of the policer. Specifying the keyword max or an explicit rate parameter directly following the cir keyword is required and identifies the policer’s profiling rate for the CIR leaky bucket. When the policer is first created, the profiling rate defaults to 0 kb/s. The kilobits-per-second value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: max or 0 to 2000000000

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q rate)

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q rate)

Full Context

configure port ethernet access ingress queue-group queue-overrides queue rate

configure port ethernet access egress queue-group queue-overrides queue rate

Description

This command specifies the administrative Peak Information Rate (PIR) and the administrative Committed Information Rate (CIR) parameters for the queue. The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile then out-of-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the egress queue group template.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0 - The max default specifies the amount of bandwidth in kilobits per second (thousand bits per second). The max value is mutually exclusive to the pir-rate value.

Parameters

pir-rate

Defines the administrative PIR rate, in kilobits per second, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed. Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 200000000, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR used by the queue, in kilobits per second. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed. Fractional values are not allowed and must be given as a positive integer.

Values: 0 to 200000000, max

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>port>ethernet>access>egr>qgrp>sched-override>scheduler rate)

[Tree] (config>port>ethernet>access>ing>qgrp>sched-override>scheduler rate)

Full Context

configure port ethernet access egress queue-group scheduler-override scheduler rate

configure port ethernet access ingress queue-group scheduler-override scheduler rate

Description

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler's 'within CIR' distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler's parent scheduler may not have the available bandwidth to meet the scheduler's needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler because of insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler assumes that an infinite amount of bandwidth is available and allow all child policers, queues, and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters

pir-rate

Specifies the PIR rate, in kilobits per second. Any other value results in an error without modifying the current PIR rate.

Values: 1 to 6400000000, max

cir-rate

Specifies the CIR rate, in kilobits per second. If the CIR is set to max, then the CIR rate is set to infinity. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers, or queues.

Values: 0 to 6400000000, sum, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate kilobits-per-second

no rate

Context

[Tree] (config>service>epipe>sap>egress>agg-rate rate)

Full Context

configure service epipe sap egress agg-rate rate

Description

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, Vport, and so on).

The no form of this command removes an explicit rate value from the aggregate rate returning it to its default value.

Parameters

kilobits-per-second

The enforced aggregate rate for all queues associated with the agg-rate context, in kilobits per second.

Values: 1 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate {rate | max} [cir {rate | max}]

Context

[Tree] (config>service>epipe>sap>egress>policer-over>plcr rate)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr rate)

Full Context

configure service epipe sap egress policer-override policer rate

configure service epipe sap ingress policer-override policer rate

Description

This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.

The no rate command is used to restore the policy defined metering and profiling rate to a policer.

Parameters

rate rate

Specifies the policer instance metering rate for the PIR leaky bucket, in kilobits per second. The integer value is multiplied by 1000 to derive the actual rate in bits per second.

Values: 1 to 6400000000

cir rate

Specifies the overriding value for the policy-derived profiling rate of the policer, in kilobits per second. The integer value is multiplied by 1000 to derive the actual rate in bits per second.

Values: 0 to 6400000000

max: Uses the maximum policer rate, equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR or CIR used is equivalent to max.

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>epipe>sap>egress>queue-override>queue rate)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue rate)

Full Context

configure service epipe sap egress queue-override queue rate

configure service epipe sap ingress queue-override queue rate

Description

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters.

The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile and then out-of-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0

Parameters

pir-rate

Defines the administrative PIR rate, in kilobits per second, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 6400000000, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers, or queues.

Values: 0 to 6400000000, max, sum

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>epipe>sap>egress>sched-override>scheduler rate)

[Tree] (config>service>epipe>sap>ingress>sched-override>scheduler rate)

Full Context

configure service epipe sap egress scheduler-override scheduler rate

configure service epipe sap ingress scheduler-override scheduler rate

Description

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child policers, queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s 'within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers or queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child policers, queues, and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler’s PIR and CIR parameters to the values configured in the applied scheduler policy.

Parameters

pir-rate

The pir parameter accepts the max keyword or a value in kilobits per second. Any other value will result in an error without modifying the current PIR rate.

Values: 1 to 6400000000, max

cir cir-rate

The cir parameter accepts a value in kilobits per second or the max keyword. Any other value will result in an error without modifying the current CIR rate.

If the cir parameter is set to max, then the CIR rate is set to infinity but bounded by the PIR rate.

The sum keyword specifies that the CIR will be used as the summed CIR values of the children schedulers, policers, or queues.

Values: 0 to 6400000000, max, sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate kilobits-per-second

no rate

Context

[Tree] (config>service>vpls>sap>egress>agg-rate rate)

Full Context

configure service vpls sap egress agg-rate rate

Description

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered active on the context’s object (SAP, subscriber, Vport, and so on.).

The no form of this command removes an explicit rate value from the aggregate rate returning it to its default value.

Parameters

kilobits-per-second

The enforced aggregate rate for all queues associated with the agg-rate context, in kilobits per second.

Values: 1 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate {rate | max} [cir {max | rate}]

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr rate)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr rate)

Full Context

configure service vpls sap ingress policer-override policer rate

configure service vpls sap egress policer-override policer rate

Description

This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.

The no form of this command removes the rate override so that the rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters

{rate | max}

Specifying the keyword max or an explicit kilobits per second parameter directly following the rate override command is required and identifies the policer instance’s metering rate for the PIR leaky bucket. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: 1 to 6400000000, max

cir {max | rate}

The optional cir keyword is used to override the policy derived profiling rate of the policer. Specifying the keyword max or an explicit kilobits per second parameter directly following the cir keyword is required. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: 0 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate {rate | max} [cir {max | rate}]

Context

[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr rate)

[Tree] (config>service>ies>if>sap>egress>policer-override>plcr rate)

Full Context

configure service ies interface sap ingress policer-override policer rate

configure service ies interface sap egress policer-override policer rate

Description

This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.

The no form of the command removes the rate override so that the rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters

{rate | max}

Specifying the keyword max or an explicit kilobits per second parameter directly following the rate override command is required and identifies the policer instance’s metering rate for the PIR leaky bucket. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: 1 to 6400000000, max

cir {max | rate}

The optional cir keyword is used to override the policy derived profiling rate of the policer. Specifying the keyword max or an explicit kilobits per second parameter directly following the cir keyword is required. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: 0 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>ies>if>sap>egress>sched-override>scheduler rate)

[Tree] (config>service>ies>if>sap>ingress>sched-override>scheduler rate)

Full Context

configure service ies interface sap egress scheduler-override scheduler rate

configure service ies interface sap ingress scheduler-override scheduler rate

Description

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s 'within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters

pir-rate

The pir parameter accepts a value in kilobits per second, or the keyword max. Any other value will result in an error without modifying the current PIR rate.

Values: 1 to 6400000000, max

cir-rate

This parameter accepts a step-multiplier value that specifies the multiplier used to determine the CIR rate at which the queue will operate. A value in kilobits per second or the keywords max or sum is accepted. Any other value will result in an error without modifying the current CIR rate.

If the cir is set to max, then the CIR rate is set to infinity but is restricted by the PIR rate.

The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers, or queues.

For egress>sched-override>scheduler and ingress>sched-override>scheduler:

Values: 0 to 6400000000, max, sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate kilobits-per-second

no rate

Context

[Tree] (config>service>vprn>if>sap>egress>agg-rate rate)

Full Context

configure service vprn interface sap egress agg-rate rate

Description

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object.

The no form of this command removes an explicit rate value from the aggregate rate returning it to its default value.

Parameters

kilobits-per-second

Specifies the rate limit for the SAP, in kilobits per second.

Values: 1 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate {rate | max} [cir {max | rate}]

Context

[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr rate)

[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr rate)

Full Context

configure service vprn interface sap egress policer-override policer rate

configure service vprn interface sap ingress policer-override policer rate

Description

This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.

The no form of this command restores the policy defined metering and profiling rate to a policer.

Parameters

{rate | max}

Specifying the keyword max or an explicit kilobits per second parameter directly following the rate override command is required and identifies the policer instance’s metering rate for the PIR leaky bucket. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: 1 to 6400000000, max

cir {max | rate}

The optional cir keyword is used to override the policy derived profiling rate of the policer. Specifying the keyword max or an explicit kilobits per second parameter directly following the cir keyword is required. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: 0 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue rate)

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue rate)

Full Context

configure service vprn interface sap ingress queue-override queue rate

configure service vprn interface sap egress queue-override queue rate

Description

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters. The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0

Parameters

pir-rate

Defines the administrative PIR rate, in kb/s, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 6400000000, max

Default: max

cir-rate

Defines the administrative CIR rate, in kb/s, for the queue. The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer.

Values: 0 to 6400000000, max

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>vprn>if>sap>egress>sched-override>scheduler rate)

[Tree] (config>service>vprn>if>sap>ingress>sched-override>scheduler rate)

Full Context

configure service vprn interface sap egress scheduler-override scheduler rate

configure service vprn interface sap ingress scheduler-override scheduler rate

Description

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s 'within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers and queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters

pir-rate

Specifies the PIR rate for the scheduler. The pir parameter accepts a value in kb/s, or the max keyword. Any other value will result in an error without modifying the current PIR rate.

Values: 1 to 6400000000, max

cir-rate

Specifies the CIR rate for the scheduler. The cir parameter accepts a value in kb/s, or the max or sum keywords. Any other value will result in an error without modifying the current CIR rate.

If the cir is set to max, then the CIR rate is set to infinity, but is limited by the pir-rate.

If the cir is set to sum, then the CIR rate is set to the summed CIR values of the children schedulers, policers, or queues.

Values: 0 to 6400000000, max, sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate rate

no rate

Context

[Tree] (config>qos>plcr-ctrl-plcy>tier>arbiter rate)

Full Context

configure qos policer-control-policy tier arbiter rate

Description

This command is used to define the maximum bandwidth an instance of the arbiter can receive from its parent tier 1 arbiter or the root arbiter. The arbiter instance enforces this limit by calculating the bandwidth each of its child policers should receive relative to their offered loads, parenting parameters, and individual rate limits, and using that derived rate as a child PIR decrement rate override. The override will not exceed the child policer’s administrative rate limit and the aggregate of all the child PIR decrement rates will not exceed the specified arbiter rate limit.

The arbiter’s policy defined rate value may be overridden at the SAP or sub-profile where the policer-control-policy is applied. Specifying an override prevents the arbiter from being removed from the policer control policy until the override is removed.

The no form of this command is used to remove a rate limit from the arbiter at the policer control policy level. The policy level rate limit for the arbiter will return to the default value of max. The no rate command has no effect on instances of the arbiter where a rate limit override has been defined.

Default

rate max

Parameters

rate

Enter an integer representing the rate limit in kilobits per second.

Values: 1 to 6400000000, max

max: When max is specified, the arbiter does not enforce a rate limit on its child policers or arbiters other than the individual rate limits enforced at the child level.

Platforms

7705 SAR Gen 2

rate

Syntax

rate {max | pir-rate} [cir {max | cir-rate}]

Context

[Tree] (config>qos>sap-ingress>policer rate)

[Tree] (config>qos>sap-egress>policer rate)

Full Context

configure qos sap-ingress policer rate

configure qos sap-egress policer rate

Description

This command is used to configure the policer’s metering and optional profiling rates. The metering rate is used by the system to configure the policer’s PIR leaky bucket’s decrement rate while the profiling rate configures the policer’s CIR leaky bucket’s decrement rate. The decrement function empties the bucket while packets applied to the bucket attempt to fill it based on each packet’s size. If the bucket fills faster than how much is decremented per packet, the bucket’s depth eventually reaches its exceed (CIR) or violate (PIR) threshold. The cbs, mbs, and high-prio-only commands are used to configure the policer’s PIR and CIR thresholds.

If a packet arrives at the policer while the bucket’s depth is less than the threshold associated with the packet, the packet is considered to be conforming to the bucket’s rate. If the bucket depth is equal to or greater than the threshold, the packet is considered to be in the exception state. For the CIR bucket, the exception state is exceeding the CIR rate while the PIR bucket's exception state is violating the PIR bucket rate. If the packet is violating the PIR, the packet is marked red and will be discarded. If the packet is not red, it may be green or yellow, based on the conforming or exceeding state from the CIR bucket.

When a packet is red, neither the PIR nor CIR bucket depths are incremented by the packets size. When the packet is yellow, the PIR bucket is incremented by the packet size, but the CIR bucket is not. When the packet is green, both the PIR and CIR buckets are incremented by the packet size. This ensures that conforming packets impact the bucket depth while exceeding or violating packets do not.

The policer’s adaptation-rule command settings are used by the system to convert the specified rates into hardware timers and decrement values for the policer’s buckets.

By default, the policer’s metering rate is max and the profiling rate is 0 kb/s (all packets out-of-profile).

The rate settings defined for the policer in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command is used to restore the default metering and profiling rate to a policer.

Parameters

{max | pir-rate}

Specifying the keyword max or an explicit pir-rate parameter directly following the rate command is required and identifies the policer’s metering rate for the PIR leaky bucket. When the policer is first created, the metering rate defaults to max. The pir-rate value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: 1 to 6400000000, max

cir {max | cir-rate}

The optional cir keyword is used to override the default CIR rate of the policer. Specifying the keyword max or an explicit cir-rate parameter directly following the cir keyword is required and identifies the policer’s profiling rate for the CIR leaky bucket. When the policer is first created, the profiling rate defaults to 0 kb/s. The cir-rate value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: 0 to 6400000000, max

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate] [fir fir-rate]

rate pir-ratepolice

no rate

Context

[Tree] (config>qos>sap-ingress>queue rate)

Full Context

configure qos sap-ingress queue rate

Description

This command defines the administrative Peak Information Rate (PIR), the administrative Committed Information Rate (CIR), and the administrative Fair Information Rate (FIR) parameters for the queue.

The PIR defines the maximum rate that the queue can transmit packets through the switch fabric (for SAP ingress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. For SAP ingress, the CIR also defines the rate that packets are considered in-profile by the system, unless cir-non-profiling is configured. In-profile, then out-of-profile, packets are preferentially queued by the system at egress and at subsequent next-hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The FIR defines an additional rate at which the system prioritizes the queue over other queues competing for the same bandwidth above that used by the CIR.

The rate command can be executed at any time, altering the PIR, CIR, and FIR for all queues created through the association of the SAP ingress QoS policy with the queue-id.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0, 0).

Default

rate max cir 0 fir 0

Parameters

pir-rate

Defines the administrative PIR, in kilobits per second, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and the value must be given as a positive integer.

The actual PIR is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 6400000000, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR, in kilobits per second, used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and the value must be given as a positive integer. The actual CIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 0 to 6400000000, max

Default: 0

fir-rate

The fir parameter overrides the default administrative FIR, in kilobits per second, used by the queue. When the rate command is executed, an FIR setting is optional. When the rate command has not been executed or the fir parameter is not explicitly specified, the default FIR (0) is assumed.

Fractional values are not allowed and the value must be given as a positive integer. The actual FIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

Values: 0 to 6400000000, max

Default: 0

police: Specifies that traffic feeding into the queue instance above the specified PIR rate will be dropped. When the police keyword is defined, only the PIR rate may be overridden.

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>qos>sap-egress>queue rate)

Full Context

configure qos sap-egress queue rate

Description

This command defines the administrative Peak Information Rate (PIR) and the administrative Committed Information Rate (CIR) parameters for the queue. The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled as in- or out-of-profile throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

When configured on an egress HSQ queue group queue, the cir keyword is ignored.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0

Parameters

pir-rate

Defines the administrative PIR rate, in kilobits per second, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 6400000000, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR, in kilobits per second, used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer.

Values: 0 to 6400000000, max

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate percent [cir percent] [fir percent]

no rate

Context

[Tree] (config>qos>network-queue>queue rate)

Full Context

configure qos network-queue queue rate

Description

This command defines the administrative Peak Information Rate (PIR), the administrative Committed Information Rate (CIR), and the administrative Fair Information Rate (FIR) parameters for the queue.

The PIR defines the percentage that the queue can transmit packets through the switch fabric (for ingress queues) or out of an egress port (for egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available bandwidth.

The CIR defines the percentage at which the system prioritizes the queue over other queues competing for the same bandwidth.

The CIR can be used by the queue’s port-parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent port scheduler.

The FIR defines an additional percentage at which the system prioritizes the queue over other queues competing for the same bandwidth above that used by the CIR percentage.

The rate command can be executed at any time, altering the PIR, CIR, and FIR for all queues created through the association of the network queue policy with the queue-id.

When configured on an egress HSQ queue group queue, the cir keyword is ignored.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the network queue policy.

The no form of the command returns all queues created with the queue-id by association with the network queue policy to the default PIR, CIR, and FIR parameters.

Default

rate 100 cir 0 fir 0

Parameters

percent

Defines the percentage of the sum of the capacities of network and hybrid ports on that FP (taking into account any ingress-rate configuration) or egress port speed for the rate allowed for the queue. When the rate command is executed, a valid percent (PIR setting) must be explicitly defined. When the rate command has not been executed, the default PIR of 100 is assumed. Fractional values are not allowed, and the value must be given as a positive integer.

The actual PIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 100

Default: 100

cir percent

Defines the percentage of the sum of the capacities of network and hybrid ports on that FP (taking into account any ingress-rate configuration) or egress port speed for the CIR allowed for the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed. Fractional values are not allowed, and the value must be given as a positive integer. The actual CIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 0 to 100

Default: 0

fir percent

Defines the percentage of the sum of the capacities of network and hybrid ports on that FP (taking into account any ingress-rate configuration) or egress port speed for the FIR allowed for the queue. When the rate command is executed, a FIR setting is optional. When the rate command has not been executed or the fir parameter is not explicitly specified, the default FIR (0) is assumed. Fractional values are not allowed, and the value must be given as a positive integer. The actual FIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

Values: 0 to 100

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate {max | pir-rate} [cir {max | cir-rate}]

no rate

Context

[Tree] (config>qos>qgrps>ing>qgrp>policer rate)

[Tree] (config>qos>qgrps>egr>qgrp>policer rate)

Full Context

configure qos queue-group-templates ingress queue-group policer rate

configure qos queue-group-templates egress queue-group policer rate

Description

This command is used to configure the policer’s metering and optional profiling rates. The metering rate is used by the system to configure the policer’s PIR leaky bucket’s decrement rate while the profiling rate configures the policer’s CIR leaky bucket’s decrement rate. The decrement function empties the bucket while packets applied to the bucket attempt to fill it based on each packet’s size. If the bucket fills faster than how much is decremented per packet, the bucket’s depth eventually reaches its exceed (CIR) or violate (PIR) threshold. The cbs, mbs, and high-prio-only commands are used to configure the policer’s PIR and CIR thresholds.

If a packet arrives at the policer while the bucket’s depth is less than the threshold associated with the packet, the packet is considered to be conforming to the bucket’s rate. If the bucket depth is equal to or greater than the threshold, the packet is considered to be in the exception state. For the CIR bucket, the exception state is exceeding the CIR rate while the PIR bucket's exception state is violating the PIR bucket rate. If the packet is violating the PIR, the packet is marked red and will be discarded. If the packet is not red, it may be green or yellow, based on the conforming or exceeding state from the CIR bucket.

When a packet is red, neither the PIR nor CIR bucket depths are incremented by the packets size. When the packet is yellow, the PIR bucket is incremented by the packet size, but the CIR bucket is not. When the packet is green, both the PIR and CIR buckets are incremented by the packet size. This ensures that conforming packets impact the bucket depth while exceeding or violating packets do not.

The policer’s adaptation-rule command settings are used by the system to convert the specified rates into hardware timers and decrement values for the policer’s buckets.

By default, the policer’s metering rate is max and the profiling rate is 0 kb/s (all packets out-of-profile).

The no form of this command is used to restore the default metering and profiling rate to a policer.

Parameters

{max | pir-rate}

Specifying the keyword max or an explicit pir-rate parameter directly following the rate command is required and identifies the policer’s metering rate for the PIR leaky bucket. When the policer is first created, the metering rate defaults to max. The pir-rate value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.

Values: max, 1 to 2000000000

cir {max | cir-rate}

The optional cir keyword is used to override the default CIR rate of the policer. Specifying the keyword max or an explicit cir-rate parameter directly following the cir keyword is required and identifies the policer’s profiling rate for the CIR leaky bucket. When the policer is first created, the profiling rate defaults to 0 kb/s. The cir-rate value must be expressed as an integer and defines the rate in kilobits-per-second. The integer value is multiplied by 1,000 to derive the actual rate in bits-per-second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.

Values: max, 0 to 2000000000

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate] [fir fir-rate]

rate pir-rate police

no rate

Context

[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue rate)

Full Context

configure qos queue-group-templates ingress queue-group queue rate

Description

This command defines the administrative Peak Information Rate (PIR), the administrative Committed Information Rate (CIR), and the administrative Fair Information Rate (FIR) parameters for the queue. The PIR defines the maximum rate that the queue can transmit packets through the switch fabric (for SAP ingress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. For SAP ingress, the CIR also defines the rate that packets are considered in-profile by the system, unless cir-non-profiling is configured. In-profile, then out-of-profile, packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The FIR defines an additional rate at which the system prioritizes the queue over other queues competing for the same bandwidth above that used by the CIR.

The rate command can be executed at any time, altering the PIR, CIR, and FIR for all queues created through the association of the ingress queue group template with the queue-id.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR, CIR, and FIR parameters (max, 0, 0).

Default

rate max cir 0 fir 0

Parameters

pir-rate

Defines the administrative PIR, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed. Fractional values are not allowed and the value must be given as a positive integer.

The actual PIR is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 2000000000 kb/s, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed. Fractional values are not allowed and the value must be given as a positive integer. The actual CIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 2000000000 kb/s, max

Default: 0

fir-rate

The fir parameter overrides the default administrative FIR used by the queue. When the rate command is executed, an FIR setting is optional. When the rate command has not been executed or the fir parameter is not explicitly specified, the default FIR (0) is assumed.

Fractional values are not allowed and the value must be given as a positive integer. The actual FIR used is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

Values: 1 to 2000000000 kb/s, max

Default: 0

police: Specifies that traffic feeding into the queue instance above the specified rate is dropped.

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>qos>queue-group-templates>egress>queue-group>queue rate)

Full Context

configure qos queue-group-templates egress queue-group queue rate

Description

This command defines the administrative PIR and the administrative CIR parameters for the queue. The PIR defines the maximum rate that the queue can transmit packets out an egress port. Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled as in- or out-of-profile throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR for all queues created through the association of the egress queue group template with the queue-id.

When configured on an egress HSQ queue group queue, the cir keyword is ignored.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default

rate max cir 0

Parameters

pir-rate

Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values: 1 to 200000000 kb/s, max

Default: max

cir-rate

The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer.

Values: 0 to 200000000 kb/s, max

Default: 0

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler rate)

Full Context

configure qos scheduler-policy tier scheduler rate

Description

The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s within-CIR distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters

pir pir

Specifies the PIR rate of the scheduler in kb/s or it can be set to the maximum using the max keyword.

Values: 1 to 6400000000, max

Default: max

cir cir

Specifies the CIR rate of the scheduler in kb/s or it can be set to the maximum using the max keyword. The sum keyword can also be used, which sets the CIR to the sum of child CIR values.

Values: 0 to 6400000000, max, sum

Default: sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate pir-rate [cir cir-rate]

no rate

Context

[Tree] (config>service>cust>multi-service-site>ingress>sched-override>scheduler rate)

[Tree] (config>service>cust>multi-service-site>egress>sched-override>scheduler rate)

Full Context

configure service customer multi-service-site ingress scheduler-override scheduler rate

configure service customer multi-service-site egress scheduler-override scheduler rate

Description

This command overrides specific attributes of the specified scheduler rate.

The rate command defines the maximum bandwidth that the scheduler can offer its child policers, queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the scheduler’s amount of bandwidth to be considered during the parent schedulers 'within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers or queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler’s to the PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters

pir-rate

Specifies the PIR rate.

Values: 1 to 6400000000, max

Default: max

cir-rate

Specifies the CIR rate.

If the cir-rate is set to max, then the CIR rate is set to infinity. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers, policers or queues.

Values: 0 to 6400000000, max, sum

Default: sum

Platforms

7705 SAR Gen 2

rate

Syntax

rate kbps {kilobits-per-second | max} [mbs size] [bytes | kilobytes]

rate packets {ppi | max} within seconds [initial-delay packets]

no rate

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>local-monitoring-policer rate)

[Tree] (config>sys>security>dist-cpu-protection>policy>protocol>dynamic-parameters rate)

Full Context

configure system security dist-cpu-protection policy local-monitoring-policer rate

configure system security dist-cpu-protection policy protocol dynamic-parameters rate

Description

This command configures the rate and burst tolerance for the policer in either a packet rate or a bit rate.

The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. The actual (operational) parameters can be seen in CLI, for example, show service id 33 sap 1/1/3:33 dist-cpu-protection detail.

If the kilobits-per-second parameter value is configured as max, then the policer is effectively disabled (always conforming).

If the size parameter value is configured as 0, then all packets are considered as nonconforming.

Default

rate packets max within 1 initial-delay 0

Parameters

packets | kbps: specifies that the rate is either in units of packets per interval or in units of kilobits per second. The packets option would typically be used for lower rates (for example, for per-subscriber DHCP rate limiting) while the kbps option would typically be used for higher rates (for example, per-interface BGP rate limiting).

ppi

Specifies packets per interval.

Values

0 to 255, max

max = disable the policer (always conforming)

packets 0 = all packets considered nonconforming

seconds

Specifies the length of the ppi rate measurement interval.

Values: 1 to 32767

packets

Specifies the number of packets allowed (even at line rate) in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the normal ppi. This would typically be set to a value that is equal to the number of received packets in several full handshakes/negotiations of the particular protocol.

Values: 0 to 255

kilobits-per-second

Specifies the kilobits per second.

Values: 1 to 20000000, max

size

Specifies the tolerance for the kbps rate.

Values: 0 to 4194304

Default: 10

bytes | kilobytes: Specifies that the units of the mbs size parameter are either in bytes or kilobytes.

Platforms

7705 SAR Gen 2

rate

Syntax

rate kbps {kilobits-per-second | max} [mbs size] [bytes | kilobytes]

rate packets {ppi | max} within seconds [initial-delay packets]

no rate

Context

[Tree] (config>sys>security>dist-cpu-protection>policy>static-policer rate)

Full Context

configure system security dist-cpu-protection policy static-policer rate

Description

This command configures the rate and burst tolerance for the policer in either a packet rate or a bit rate.

The actual hardware may not be able to perfectly rate limit to the exact configured parameters. In this case, the configured parameters will be adapted to the closest supported rate. The actual (operational) parameters can be seen in CLI, for example, show service id 33 sap 1/1/3:33 dist-cpu-protection detail.

If the kilobits-per-second parameter value is configured as max, then the policer is effectively disabled (always conforming).

If the size parameter is configured as 0, then all packets are considered as nonconforming.

Default

rate packets max within 1 initial-delay 0

Parameters

packets | kbps: specifies that the rate is either in units of packets per interval or in units of kilobits per second. The packets option would typically be used for lower rates (for example, for per-subscriber DHCP rate limiting) while the kbps option would typically be used for higher rates (for example, per-interface BGP rate limiting).

ppi

Specifies packets per interval.

Values

0 to 8000, max

max = disable the policer (always conforming)

packets 0 = all packets considered nonconforming

seconds

Specifies the length of the ppi rate measurement interval.

Values: 1 to 32767

packets

Specifies the number of packets allowed (even at line rate) in an initial burst (or a burst after the policer bucket has drained to zero) in addition to the normal ppi. This would typically be set to a value that is equal to the number of received packets in several full handshakes/negotiations of the particular protocol.

Values: 0 to 255

kilobits-per-second

Specifies the kilobits per second.

Values: 1 to 20000000, max

size

Specifies the tolerance for the kbps rate.

Values: 0 to 4194304

Default: 10

bytes | kilobytes: Specifies that the units of the mbs size parameter are either in bytes or kilobytes.

Platforms

7705 SAR Gen 2

rate-limit

Syntax

rate-limit value [kbps | pps] [mbs mbs-value]

rate-limit value [kbps | pps] extracted-traffic

rate-limit value [kbps | pps] packet-length {lt | gt | eq} packet-length-value

rate-limit value [kbps | pps] packet-length range packet-length-value packet-length-value

rate-limit value [kbps | pps] pattern expression expression mask mask offset-type offset-type offset-value offset-value

rate-limit value [kbps | pps] ttl {lt | gt | eq} ttl-value

rate-limit value [kbps | pps] ttl range ttl-value ttl-value

Context

[Tree] (config>filter>ip-filter>entry>action rate-limit)

Full Context

configure filter ip-filter entry action rate-limit

Description

This command configures the rate-limit value for traffic matching this filter entry. Rate-limit policers are configured with MBS equals CBS equals 10 ms of the rate and high-prio-only equals 0.

Traffic can also be rate limited based on extracted-traffic, packet-length, ttl, or a pattern of conditional match criteria.

Packets that match the filter entry match criteria, but do not match the conditional match criteria value, are implicitly forwarded with no further match in the following filter entries.

For pattern match:

the expression is left-aligned for the odd number bytes, for example, the expression 0xABC is programmed 0x0ABC in the line card
the 'data' offset requires protocol UDP or TCP to be selected in the filter entry match criteria.

Parameters

value

Specifies the rate-limit value in kb/s (default) or packets per second (pps). A rate of 0 results in all traffic being dropped. A rate of max results in all traffic being forwarded.

Values: 0 to 2000000000 kb/s, max; 0 to 100000000 pps, max

mbs-value

Specifies the maximum burst size in bytes. This parameter can only be specified when the rate-limit value unit is kbps.

Values: 0 to 268435456

extracted-traffic: Specifies rate-limit packets both extracted to the CPM and matching the filter entry match criteria.

packet-length

Specifies rate-limit packets matching both the filter entry match criteria and the packet-length value defined in the rate-limit action statement. Packets matching the filter entry match criteria and not matching the packet-length value, as defined in the rate-limit action statement, are implicitly forwarded with no further match in the following filter entries.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq — Specifies "equal to”.

packet-length-value

Specifies the packet length value for the rate limit action.

Values: 0 to 65535

range: Specifies an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered).

expression

Specifies the hexadecimal pattern to match; up to eight bytes.

Values: 0x0000000000000001 to 0xffffffffffffffff

mask

Specifies the mask for the pattern expression, up to eight bytes.

Values: 0x0000000000000001 to 0xffffffffffffffff

offset-type

Specifies the starting point reference for the offset-value of this pattern.

Values: layer-3, layer-4, data, dns-qtype

offset-value

Specifies the offset value for the pattern expression. Dns-qtype supports offset value of 0.

Values: 0 to 255

ttl-value

Specifies rate-limit packets matching both the filter entry match criteria and the TTL value defined in the rate-limit action statement. Packets matching the filter entry match criteria and not matching the TTL value, as defined in the rate-limit action statement, are implicitly forwarded with no further match in the following filter entries.

Values: 0 to 255

Platforms

7705 SAR Gen 2

rate-limit

Syntax

rate-limit value [kbps | pps] [mbs mbs-value]

rate-limit value [kbps | pps] extracted-traffic

rate-limit value [kbps | pps] hop-limit {lt | gt | eq} hop-limit-value

rate-limit value [kbps | pps] hop-limit range hop-limit-value hop-limit-value

rate-limit value [kbps | pps] pattern expression expression mask mask offset-type offset-type offset-value offset-value

rate-limit value [kbps | pps] payload-length {lt | gt | eq} payload-length-value

rate-limit value [kbps | pps] payload-length range payload-length-value payload-length-value

Context

[Tree] (config>filter>ipv6-filter>entry>action rate-limit)

Full Context

configure filter ipv6-filter entry action rate-limit

Description

This command configures the rate-limit value for traffic matching this filter entry.

Traffic can also be rate-limited based on extracted-traffic, payload-length, hop-limit, or a pattern of conditional match criteria.

Packets that match the filter entry match criteria, but do not match the conditional match criteria value, are implicitly forwarded with no further match in the following filter entries.

For pattern match:

the expression is left-aligned for the odd number bytes, for example, the expression 0xABC is programmed 0x0ABC in the line card.
the 'data' offset requires protocol UDP or TCP to be selected in the filter entry match criteria.

Parameters

value

Specifies the rate-limit value in kb/s (default) or packets per second (pps). A rate of 0 results in all traffic being dropped. A rate of max results in all traffic being forwarded.

Values: 0 to 2000000000 kb/s, max; 0 to 100000000 pps, max

mbs-value

Specifies the maximum burst size in bytes. This parameter can only be specified when the rate-limit value unit is kbps.

Values: 0 to 268435456

extracted-traffic: Specifies packets extracted to the CPM.

hop-limit

Specifies the hop limit value for the rate limit action.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq — Specifies "equal to”.

hop-limit-value

Specifies the hop limit value for the rate limit action.

Values: 0 to 255

range: Specifies an inclusive range. When the range parameter is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered).

expression

Specifies the hexadecimal pattern to match; up to eight bytes.

Values: 0x0000000000000001 to 0xffffffffffffffff

mask

Specifies the mask for the pattern expression, up to eight bytes.

Values: 0x0000000000000001 to 0xffffffffffffffff

offset-type

Specifies the starting point reference for the offset-value of this pattern.

Values: layer-3, layer-4, data, dns-qtype

offset-value

Specifies the offset value for the pattern expression. Dns-qtype supports offset value of 0.

Values: 0 to 255

payload-length

Specifies rate-limit packets matching both the filter entry match criteria and the payload-length-value defined in the rate-limit action statement. Packets matching the filter entry match criteria and not matching the payload-length-value, as defined in the rate-limit action statement, are implicitly forwarded with no further match in the following filter entries.

Values

lt — Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt — Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq — Specifies "equal to”.

payload-length-value

Specifies the payload length value for the rate limit action.

Values: 0 to 65535

Platforms

7705 SAR Gen 2

rd

Syntax

rd file-url rf

rd file-url [force]

Context

[Tree] (file rd)

Full Context

file rd

Description

If the directory is empty, the rd command is used to remove it. The force option executes the command without prompting the user to confirm the action.

If the directory contains files and/or subdirectories, the rf parameter must be used to remove the directory.

Example:

A:nE1>file cf1:\ # rd test 
Are you sure (y/n)? y 
Deleting directory cf1:\test ..MINOR: CLI Cannot delete cf1:\test.
A:nE1>file cf1:\ # rd test force 
Deleting directory cf1:\test .MINOR: CLI Cannot delete cf1:\test.


A:nE1>file cf1:\ # rd testbase rf 
Deleting all subdirectories and files in specified directory. y/n ?y 
Deleting directory cf1:\testbase\testbase1 ..OK
Deleting directory cf1:\test .OK

Parameters

file-url

Specifies the directory to be removed.

Values


local-url	[cflash-id/][file-path] up to 200 characters, including cflash-id directory length up to 99 each

remote-url	[{ftp:// \| tftp://}login:pswd@remote-locn/][file-path]
	up to 247 characters
	directory length up to 99 characters each
remote-locn	[hostname \| ipv4-address \| [ipv6-address]]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - up to 32 characters, for link local addresses 255
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rf: Forces a recursive delete.

force: Forces an immediate deletion of the specified directory. The rd file-url force command executes the command without displaying a user prompt message.

Platforms

7705 SAR Gen 2

rd-entry

Syntax

rd-entry rd

no rd-entry rd

Context

[Tree] (config>router>policy-options>route-distinguisher-list rd-entry)

Full Context

configure router policy-options route-distinguisher-list rd-entry

Description

This command creates a route distinguisher (RD) entry in the RD list, containing an IPv4 address or ASN and the assigned number.

The no form of the command deletes the RD entry from the list.

Parameters

rd

Specifies a route distinguisher matching an entry in one of the following formats:

a.b.c.d/m:* – RD in IPv4 format with a wildcard character (such as 10.0.0.0/16:*)
a.b.c.d/m:n – RD in IPv4 format with a specific number (such as 10.0.0.2/32:535)
asn:* – RD in ASN format with a wildcard character (such as 65000:*)
asn:n – RD in ASN format with a specific number (such as 65000:535)

See the "Route distinguishers" section of the 7705 SAR Gen 2 Layer 3 Services Guide: IES and VPRN for information about Type values.

Platforms

7705 SAR Gen 2

rdnss-lifetime

Syntax

rdnss-lifetime {seconds | infinite}

no rdnss-lifetime

Context

[Tree] (config>service>vprn>router-advert>if>dns-options rdnss-lifetime)

[Tree] (config>service>vprn>router-advert>dns-options rdnss-lifetime)

Full Context

configure service vprn router-advertisement interface dns-options rdnss-lifetime

configure service vprn router-advertisement dns-options rdnss-lifetime

Description

This command specifies the maximum time that the RDNSS address may be used for name resolution by the client. The RDNSS Lifetime must be no more than twice MaxRtrAdvLifetime with a maximum of 3600 seconds.

Default

rdnss-lifetime infinite

Parameters

infinite: Specifies an infinite RDNSS lifetime.

seconds

Specifies the time in seconds.

Values: 4to 3600

Platforms

7705 SAR Gen 2

rdnss-lifetime

Syntax

rdnss-lifetime seconds

rdnss-lifetime infinite

no rdnss-lifetime

Context

[Tree] (config>router>router-advert>dns-opt rdnss-lifetime)

[Tree] (config>router>router-advert>if>dns-opt rdnss-lifetime)

Full Context

configure router router-advertisement dns-options rdnss-lifetime

configure router router-advertisement interface dns-options rdnss-lifetime

Description

This command specifies the maximum time that the RDNSS address may be used for name resolution by the client.

Default

rdnss-lifetime infinite

Parameters

seconds

Specifies the time in seconds.

Values: 4 to 3600

infinite: Specifies an infinite RDNSS lifetime.

Platforms

7705 SAR Gen 2

re-auth-period

Syntax

re-auth-period seconds

no re-auth-period

Context

[Tree] (config>port>ethernet>dot1x re-auth-period)

Full Context

configure port ethernet dot1x re-auth-period

Description

This command configures the period after which re-authentication is performed. This value is only relevant if re-authentication is enabled.

The no form of this command returns the value to the default.

Default

re-auth-period 3600

Parameters

seconds

Specifies the re-authentication delay period in seconds.

Values: 1 to 9000

Platforms

7705 SAR Gen 2

re-authentication

Syntax

[no] re-authentication

Context

[Tree] (config>port>ethernet>dot1x re-authentication)

Full Context

configure port ethernet dot1x re-authentication

Description

This command enables/disables periodic 802.1x re-authentication.

When re-authentication is enabled, the router re-authenticates clients on the port every re-auth-period.

The no form of this command returns the value to the default.

Default

no re-authentication

Platforms

7705 SAR Gen 2

reachable-time

Syntax

reachable-time milli-seconds

no reachable-time

Context

[Tree] (config>router>router-advert>if reachable-time)

[Tree] (config>service>vprn>router-advert>if reachable-time)

Full Context

configure router router-advertisement interface reachable-time

configure service vprn router-advertisement interface reachable-time

Description

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

The configured value is placed in the reachable time field in router advertisement messages sent from this interface.

The no form of this command reverts to the default.

Default

reachable-time 0

Parameters

milli-seconds

Specifies the reachable time, in seconds, for advertisements from this interface.

Values: 0 to 3600000

Platforms

7705 SAR Gen 2

reachable-time

Syntax

reachable-time seconds

no reachable-time

Context

[Tree] (config>service>vprn>if>ipv6 reachable-time)

[Tree] (config>service>vprn>ipv6 reachable-time)

Full Context

configure service vprn interface ipv6 reachable-time

configure service vprn ipv6 reachable-time

Description

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default

no reachable-time

Parameters

seconds

Specifies the length of time, in seconds the router should be considered reachable.

Values: 30 to 3600

Platforms

7705 SAR Gen 2

reachable-time

Syntax

reachable-time seconds

no reachable-time

Context

[Tree] (config>router>ipv6 reachable-time)

Full Context

configure router ipv6 reachable-time

Description

This command configures the neighbor reachability detection timer.

The no form of this command reverts to the default value.

Default

reachable-time 30

Parameters

seconds

Specifies the length of time the router should be considered reachable.

Values: 30 to 3600

Platforms

7705 SAR Gen 2

reachable-time

Syntax

reachable-time seconds

no reachable-time

Context

[Tree] (config>router>if>ipv6 reachable-time)

Full Context

configure router interface ipv6 reachable-time

Description

This command configures the neighbor reachability detection timer.

The no form of this command reverts to the default value.

Default

no reachable-time

Parameters

seconds

Specifies the length of time the router should be considered reachable.

Values: 30 to 3600

Platforms

7705 SAR Gen 2

read-algorithm

Syntax

read-algorithm {hash | hash2 | custom| all-hash}

no read-algorithm

Context

[Tree] (config>system>security>management-interface>classic-cli read-algorithm)

Full Context

configure system security management-interface classic-cli read-algorithm

Description

This command specifies how encrypted configuration secrets are interpreted, and which encryption types are accepted, when secrets are input into the system or read from a configuration file (for example at system bootup time).

The no form of this command reverts to the default value.

Default

read-algorithm all-hash

Parameters

hash: Specifies hash. Use this option to transport a phrase between modules and nodes. In this case the write-algorithm should be hash as well.

hash2: Specifies hash2 which is module-specific.

custom: Specifies the custom encryption to management interface.

all-hash: Specifies that the system accepts hash or hash2.

Platforms

7705 SAR Gen 2

reassemble

Syntax

reassemble

Context

[Tree] (config>filter>ip-filter>entry>action reassemble)

Full Context

configure filter ip-filter entry action reassemble

Description

This command sets the filter entry action to reassemble.

Platforms

7705 SAR Gen 2

reassembly

Syntax

reassembly [wait-msecs]

no reassembly

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel reassembly)

[Tree] (config>service>ies>if>sap>ip-tunnel reassembly)

Full Context

configure service vprn interface sap ip-tunnel reassembly

configure service ies interface sap ip-tunnel reassembly

Description

This command configures the maximum number of seconds to wait to receive all fragments of a particular IPsec or GRE packet for reassembly.

The no form of this commands removes the wait time from the configuration.

Default

no reassembly

Parameters

wait-msecs

Specifies the reassembly wait time in 100 increments.

Values: 1 to 5000 ms

Platforms

7705 SAR Gen 2

reassembly

Syntax

reassembly [wait-msecs]

no reassembly

Context

[Tree] (config>isa>tunnel-group reassembly)

Full Context

configure isa tunnel-group reassembly

Description

This command configures IP packet reassembly for IPsec and GRE tunnels supported by an MS-ISA. The reassembly command at the tunnel-group level configures IP packet reassembly for all IPsec and GRE tunnels associated with the tunnel-group. The reassembly command at the GRE tunnel level configures IP packet reassembly for that one specific GRE tunnel, overriding the tunnel-group configuration.

The no form of this command disables IP packet reassembly.

Default

no reassembly (tunnel-group level)

reassembly (gre-tunnel level)

Parameters

wait

Specifies the maximum number of milliseconds that the ISA tunnel application will wait to receive all fragments of a particular IPsec or GRE packet. If one or more fragments are still missing when this limit is reached the partially reassembled datagram is discarded and an ICMP time exceeded message is sent to the source host (if allowed by the ICMP configuration of the sending interface). Internally, the configured value is rounded up to the nearest multiple of 100 ms.

Values: 1 to 5000

Default: 2000 (tunnel-group level)

Platforms

7705 SAR Gen 2

reassembly-group

Syntax

reassembly-group nat-group-id [to-base-network]

no reassembly-group

Context

[Tree] (config>service>vprn reassembly-group)

[Tree] (config>router reassembly-group)

Full Context

configure service vprn reassembly-group

configure router reassembly-group

Description

This command associates a reassembly-group consisting of multiple ISAs with the routing context in which the application requiring reassembly service resides.

Default

no reassembly-group

Parameters

nat-group-id

Specifies the NAT group ID; the NAT group contains up to 10 active ISAs.

Values: 1 to 4

to-base-network: Enables the reassembly context to use network interfaces in the base routing context.

Platforms

7705 SAR Gen 2

rebind-timer

Syntax

rebind-timer [days days] [hrs hours] [min minutes] [sec seconds]

no rebind-timer

Context

[Tree] (config>service>vprn>dhcp6>server>pool>prefix rebind-timer)

[Tree] (config>router>dhcp6>server>pool>prefix rebind-timer)

Full Context

configure service vprn dhcp6 local-dhcp-server pool prefix rebind-timer

configure router dhcp6 local-dhcp-server pool prefix rebind-timer

Description

This command configures the lease rebind timer (T2) via LUDB.

The T2 time is the time at which the client contacts any available addressing authority to extend the lifetimes of DHCPv6 leases. T2 is a time duration relative to the current time expressed in units of seconds.

The IP addressing authority controls the time at which the client contacts the addressing authority to extend the lifetimes on assigned addresses/prefixes through the T1 and T2 parameters assigned to an IA. At time T1 for an IA, the client initiates a Renew/Reply message exchange to extend the lifetimes on any addresses in the IA. The client includes an IA option with all addresses/prefixes currently assigned to the IA in its Renew message. Recommended values for T1 and T2 are .5 and .8 times the shortest preferred lifetime of the addresses/prefixes in the IA that the addressing authority is willing to extend, respectively.

The configured rebind timer should always be longer than or equal to the renew timer.

The T1 and T2 are carried in the IPv6 address option that is within the IA.

The no form of this command reverts to the default.

Default

rebind-timer min 48

Parameters

rebind-timer

Specifies the preferred lifetime.

Values


days days	0 to 14
hrs hours	0 to 23
min minutes	0 to 59
sec seconds	0 to 9

Platforms

7705 SAR Gen 2

reboot

Syntax

reboot [active | standby | upgrade] [now]

Context

[Tree] (admin reboot)

Full Context

admin reboot

Description

This command reboots the router or one CPM and can also be used to force an upgrade of the system boot ROMs.

If no options are specified, the user is prompted to confirm the reboot operation. Answering yes (y) will result in both CPMs and all IOMs rebooting.

ALA-1>admin# reboot
Are you sure you want to reboot (y/n)?

Parameters

active

Reboots the active CPM.

Default: active

standby

Reboots the standby CPM.

Default: active

upgrade

Forces card firmware to be upgraded during chassis reboot. This option should only be used if it has been indicated as required in the Release Notes or by Nokia technical support. Normally, the SR OS automatically performs firmware upgrades on CPMs and XCM/IOM cards without the need for the upgrade keyword.

When the upgrade keyword is specified, a chassis flag is set for the BOOT Loader (boot.ldr) and on the subsequent boot of the OS on the chassis, firmware images on CPMs, XCMs, and IOMs will be upgraded automatically.

Firmware on CPMs, XCMs, or IOMs that are installed in a running chassis will be upgraded automatically. For example, if a card is inserted as the result of a hot swap, and the card has a firmware version that is no longer compatible with the SR OS image running on the chassis, then the firmware on the card will be automatically upgraded before the card is brought online.

If the card firmware is upgraded, a chassis cardUpgraded (event 2032) log event is generated. The corresponding SNMP trap for this log event is tmnxEqCardFirmwareUpgraded.

During any firmware upgrade, automatic or manual, it is imperative that during the upgrade procedure:

Power must not be switched off or interrupted.
The system must not be reset.
No cards are inserted or removed.

Any of the above conditions may render cards inoperable requiring a return of the card for resolution.

The time required to upgrade the firmware on the cards in the chassis depends on the number of cards to be upgraded. The progress of a firmware upgrade can be monitored at the console.

now: Forces a reboot of the router immediately without an interactive confirmation.

Platforms

7705 SAR Gen 2

recall

Syntax

[no] recall

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>history recall)

Full Context

configure system management-interface cli md-cli environment history recall

Description

This command configures command history recall and search execution. When enabled, command history recall (!), substitution (!$), display (:p, Esc+.), and backward search (Ctrl-R) is enabled.

The no form of this command disables history recall and search execution.

Default

no recall

Platforms

7705 SAR Gen 2

receive

Syntax

receive {both | none | version-1 | version-2}

no receive

Context

[Tree] (config>service>vprn>rip>group>neighbor receive)

[Tree] (config>service>vprn>ripng>group receive)

[Tree] (config>service>vprn>rip>group receive)

[Tree] (config>service>vprn>rip receive)

[Tree] (config>service>vprn>ripng receive)

[Tree] (config>service>vprn>ripng>group>neighbor receive)

Full Context

configure service vprn rip group neighbor receive

configure service vprn ripng group receive

configure service vprn rip group receive

configure service vprn rip receive

configure service vprn ripng receive

configure service vprn ripng group neighbor receive

Description

This command configures the type(s) of RIP updates that will be accepted and processed.

If both or version-2 is specified, the RIP instance listens for and accepts packets sent to the broadcast and multicast (224.0.0.9) addresses.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

This control can be issued at the global, group or interface level. The default behavior accepts and processes both RIPv1 and RIPv2 messages.

The no form of this command resets the type of messages accepted to both.

Default

no receive

Parameters

both: Accept RIP updates in either Version 1 or Version 2 format.

none: Do not accept and RIP updates.

version-1: Router should only accept RIP updates in Version 1 format.

version-2: Router should only accept RIP updates in Version 2 format.

Platforms

7705 SAR Gen 2

receive

Syntax

receive

Context

[Tree] (config>system>security>keychain>direction>uni receive)

Full Context

configure system security keychain direction uni receive

Description

This command enables the receive nodal context. Entries defined under this context are used to authenticate TCP segments that are being received by the router.

Platforms

7705 SAR Gen 2

receive

Syntax

receive option-number

no receive

Context

[Tree] (config>system>security>keychain>tcp-option-number receive)

Full Context

configure system security keychain tcp-option-number receive

Description

This command configures the TCP option number accepted in TCP packets received.

The no form of this command reverts to the default value.

Default

receive 254

Parameters

option-number

Specifies an enumerated integer that indicates the TCP option number to be used in the TCP header.

Values: 253, 254, 253&254, tcp-ao

Platforms

7705 SAR Gen 2

receive

Syntax

receive {both | none | version-1 | version-2}

no receive

Context

[Tree] (config>router>rip receive)

[Tree] (config>router>rip>group receive)

[Tree] (config>router>ripng>group receive)

[Tree] (config>router>ripng>group>neighbor receive)

[Tree] (config>router>rip>group>neighbor receive)

[Tree] (config>router>ripng receive)

Full Context

configure router rip receive

configure router rip group receive

configure router ripng group receive

configure router ripng group neighbor receive

configure router rip group neighbor receive

configure router ripng receive

Description

This command configures the types of RIP updates that will be accepted and processed.

If both or version-2 is specified, the RIP instance listens for and accepts packets sent to the broadcast and multicast (224.0.0.9) addresses.

If version-1 is specified, the router only listens for and accept packets sent to the broadcast address.

This control can be issued at the global, group or interface level. The default behavior is to accept and process both RIPv1 and RIPv2 messages.

The no form of the command reverts to the default value.

Default

receive both – in the config>router>rip context

receive version-1 – in the config>router>ripng context

Parameters

both: Specifies that RIP updates in either version 1 or version 2 format will be accepted.

none: Specifies that RIP updates will not be accepted.

version-1: Specifies that RIP updates in version 1 format only will be accepted.

version-2: Specifies that RIP updates in version 2 format only will be accepted.

Platforms

7705 SAR Gen 2

receive-interval

Syntax

receive-interval receive-interval

no receive-interval

Context

[Tree] (config>router>bfd>bfd-template receive-interval)

Full Context

configure router bfd bfd-template receive-interval

Description

This command specifies the receive timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets.

The no form of this command reverts to the default value.

Default

receive-interval 100

Parameters

receive-interval

Specifies the receive interval. The minimum interval that can be configured is hardware dependent.

Values: 10 ms to 100,000 ms in 1 ms intervals

Default: 10 ms for CPM3 or higher; 1 second for other hardware

Platforms

7705 SAR Gen 2

received-garp-flood

Syntax

[no] received-garp-flood

Context

[Tree] (config>service>vpls>proxy-arp received-garp-flood)

Full Context

configure service vpls proxy-arp received-garp-flood

Description

This command configures flooding of GARP requests and replies received on a SAP (or SDP-bind) to the service flood list (which includes EVPN destinations and other SAPs and SDP-binds).

The no form of this command does not flood GARPs.

Default

received-garp-flood

Platforms

7705 SAR Gen 2

received-host-unsolicited-na-flood

Syntax

[no] received-host-unsolicited-na-flood

Context

[Tree] (config>service>vpls>proxy-nd received-host-unsolicited-na-flood)

Full Context

configure service vpls proxy-nd received-host-unsolicited-na-flood

Description

This command configures the system to flood received unsolicited NAs into the VPLS service (to EVPN destinations and SAPs or SDP-binds).

The impacted NA messages contain the following flags: [S=0 and R=0].

The no form of this command does not flood unsolicited NAs.

Default

received-host-unsolicited-na-flood

Platforms

7705 SAR Gen 2

received-router-unsolicited-na-flood

Syntax

[no] received-router-unsolicited-na-flood

Context

[Tree] (config>service>vpls>proxy-nd received-router-unsolicited-na-flood)

Full Context

configure service vpls proxy-nd received-router-unsolicited-na-flood

Description

This command configures the system to flood received unsolicited router NAs into the VPLS service (to EVPN destinations and SAPs or SDP-binds).

The impacted NA messages contain the following flags: [S=0 and R=1].

The no form of this command does not flood unsolicited NAs.

Default

received-router-unsolicited-na-flood

Platforms

7705 SAR Gen 2

received-unknown-arp-request-flood

Syntax

[no] received-unknown-arp-request-flood

Context

[Tree] (config>service>vpls>proxy-arp received-unknown-arp-request-flood)

Full Context

configure service vpls proxy-arp received-unknown-arp-request-flood

Description

This command configures flooding of unknown ARP requests received on a SAP (or SDP-bind) to the service flood list (which includes EVPN destinations and other SAPs and SDP-binds).

By default, if there is no active proxy ARP entry for the requested IP address, the system floods ARP requests, including EVPN (with source squelching).

The no form of this command does not flood unknown ARP requests.

Default

received-unknown-arp-request-flood

Platforms

7705 SAR Gen 2

received-unknown-ns-flood

Syntax

[no] received-unknown-ns-flood

Context

[Tree] (config>service>vpls>proxy-nd received-unknown-ns-flood)

Full Context

configure service vpls proxy-nd received-unknown-ns-flood

Description

This command configures the system to flood received unknown NS messages into the VPLS service (to EVPN destinations and SAPs or SDP-binds).

The no form of this command does not flood unknown NS messages.

Default

received-unknown-ns-flood

Platforms

7705 SAR Gen 2

reclassify-using-qos

Syntax

reclassify-using-qos policy-id

no reclassify-using-qos

Context

[Tree] (config>service>ies>if>vpls>egress reclassify-using-qos)

Full Context

configure service ies interface vpls egress reclassify-using-qos

Description

The reclassify-using-qos command is used to specify a sap-egress QoS policy that will be used to reclassify the forwarding class and profile of egress routed packets on the VPLS or I-VPLS service. When routed packets associated with the IP interface egress a VPLS SAP, the reclassification rules within the sap-egress QoS policy applied to the SAP are always ignored (even when reclassify-using-qos is not defined).

Any queues or policers defined within the specified QoS policy are ignored and are not created on the VPLS egress SAPs. Instead, the routed packets continue to use the forwarding class mappings, queues and policers from the sap-egress QoS policy applied to the egress VPLS SAP.

While the specified sap-egress policy ID is applied to an IP interface it cannot be deleted from the system.

The no form of this command removes the sap-egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets will not be reclassified on the egress SAPs of the VPLS service attached to the IP interface.

Parameters

policy-id: Specifies the SAP egress QoS policy ID. This parameter is required when executing the reclassify-using-qos command. The specified SAP egress QoS ID must exist within the system or the command fails.

Platforms

7705 SAR Gen 2

reclassify-using-qos

Syntax

reclassify-using-qos policy-id

no reclassify-using-qos

Context

[Tree] (config>service>vprn>if>vpls>egress reclassify-using-qos)

Full Context

configure service vprn interface vpls egress reclassify-using-qos

Description

This command specifies a SAP egress QoS policy that is used to reclassify the forwarding class and profile of egress routed packets on the VPLS service. When routed packets associated with the IP interface egress a VPLS SAP, the reclassification rules within the sap-egress QoS policy applied to the SAP are always ignored (even when reclassify-using-qos is not defined).

Any queues or policers defined within the specified QoS policy are ignored and are not created on the VPLS egress SAPs. Instead, the routed packets continue to use the forwarding class mappings, queues and policers from the SAP egress QoS policy applied to the egress VPLS SAP.

While the specified SAP egress policy ID is applied to an IP interface it cannot be deleted from the system.

The no form of this command removes the SAP egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets is not reclassified on the egress SAPs of the VPLS service attached to the IP interface.

Parameters

policy-id: Specifies the SAP egress QoS policy ID This parameter is required when executing the reclassify-using-qos command. The specified SAP egress QoS ID must exist within the system or the command fails.

Platforms

7705 SAR Gen 2

record

Syntax

[no] record

Context

[Tree] (config>router>mpls>lsp>secondary record)

[Tree] (config>router>mpls>lsp>primary record)

[Tree] (config>router>mpls>lsp-template record)

Full Context

configure router mpls lsp secondary record

configure router mpls lsp primary record

configure router mpls lsp-template record

Description

This command enables recording of all the hops that an LSP path traverses. Enabling record increases the size of the PATH and RESV refresh messages for the LSP since this information is carried end-to-end along the path of the LSP. The increase in control traffic per LSP may impact scalability.

The no form of this command disables the recording of all the hops for the given LSP. There are no restrictions as to when the no command can be used. The no form of this command also disables the record-label command.

Default

record

Platforms

7705 SAR Gen 2

record

Syntax

[no] record record-name

Context

[Tree] (config>log>accounting-policy record)

Full Context

configure log accounting-policy record

Description

This command adds the accounting record type to the accounting policy that is forwarded to the configured accounting file. A record name can only be used in one accounting policy. To obtain a list of all record types that can be configured, use the show log accounting-records command.

To configure an accounting policy for access ports, select a service record (for example, service-ingress-octets). To change the record name to another service record, enter the record command with the new record name and it replaces the old record name.

When configuring an accounting policy for network ports, select a network record. To change the record name to another network record, enter the record command with the new record name and it replaces the old record name.

If the change required modifies the record from network to service or from service to network, then the old record name must be removed using the no form of this command.

Only one record can be configured in a single accounting policy. For example, if an accounting-policy is configured with an access-egress-octets record, to change it to a service-ingress-octets record, use the no record command under the accounting-policy to remove the old record first, and then enter the service-ingress-octets record.

Note:

Collecting excessive statistics can adversely affect the CPU utilization and take up large amounts of storage space.

The no form of this command removes the record type from the policy.

Default

no record

Parameters

record-name: Specifies the accounting record name.

Platforms

7705 SAR Gen 2

record-label

Syntax

[no] record-label

Context

[Tree] (config>router>mpls>lsp>secondary record-label)

[Tree] (config>router>mpls>lsp-template record-label)

[Tree] (config>router>mpls>lsp>primary record-label)

Full Context

configure router mpls lsp secondary record-label

configure router mpls lsp-template record-label

configure router mpls lsp primary record-label

Description

This command enables recording of all the labels at each node that an LSP path traverses. Enabling the record-label command will also enable the record command if it is not already enabled.

The no form of this command disables the recording of the hops that an LSP path traverses.

Default

record-label

Platforms

7705 SAR Gen 2

record-stats

Syntax

record-stats {delay | loss | delay-and-loss}

no record-stats

Context

[Tree] (config>oam-pm>session>ip>twamp-light record-stats)

Full Context

configure oam-pm session ip twamp-light record-stats

Description

This option provides the ability to determine which statistics are recorded. The TWAMP-Light PDU can report on both delay and loss using a single packet. The operator may choose which statistics they would like to report. Only delay recording is on by default. All other metrics are ignored. In order to change what is being recorded and reported, the TWAMP-Light session must be shutdown. This is required because the single packet approach means the base statistics are shared between the various datasets. Issuing a no shutdown command clears previous all non-volatile memory for the session and allocate new memory blocks. All the parameters under this context are mutually exclusive.

The no version of the command restores the default "delay” only.

Default

record-stats delay

Parameters

delay: Specifies report on delay using a single packet..

loss: Specifies to report on loss using a single packet..

delay-and-loss: Specifies to report on both delay and loss using a single packet.

Platforms

7705 SAR Gen 2

red

Syntax

[no] red [detail]

Context

[Tree] (debug>router>pim red)

Full Context

debug router pim red

Description

This command enables debugging for PIM redundancy messages to the standby CPM.

The no form of this command disables debugging for PIM redundancy messages to the standby CPM.

Parameters

detail: Displays detailed redundancy information.

Platforms

7705 SAR Gen 2

red

Syntax

red [detail]

no red

Context

[Tree] (debug>router>pcep>pcc>conn red)

[Tree] (debug>router>pcep>pcc red)

Full Context

debug router pcep pcc connection red

debug router pcep pcc red

Description

This command enables debugging for PCC or connection redundancy events.

The no form of this command disables debugging.

Parameters

detail: Keyword used to specify detailed information about PCC or connection redundancy events.

Platforms

7705 SAR Gen 2

redelegation-timer

Syntax

redelegation-timer seconds

no redelegation-timer

Context

[Tree] (config>router>pcep>pcc redelegation-timer)

Full Context

configure router pcep pcc redelegation-timer

Description

This command configures the redelegation timer for PCE-initiated LSPs.

The no form of the command sets this value to the default.

Default

redelegation-timer 90

Parameters

seconds

Specifies the number of seconds before the redelegation timer expires.

Values: 1 to 3600

Platforms

7705 SAR Gen 2

redirect-policy

Syntax

redirect-policyredirect-policy-name [create]

no redirect-policyredirect-policy-name

Context

[Tree] (config>filter redirect-policy)

Full Context

configure filter redirect-policy

Description

This command, creates a configuration context for the specified redirect policy.

The no form of the command removes the redirect policy from the filter configuration only if the policy is not referenced in a filter and the filter is not in use (applied to a service or network interface).

Parameters

redirect-policy-name: Specifies the redirect policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured.

create: This keyword is required to create the configuration context. Once it is created, the context can be enabled with or without the create keyword.

Platforms

7705 SAR Gen 2

redirect-policy

Syntax

redirect-policyredirect-policy-name destination ip-address

no redirect-policyredirect-policy-name [destination ip-address]

Context

[Tree] (config>filter>redirect-policy-binding redirect-policy)

Full Context

configure filter redirect-policy-binding redirect-policy

Description

This command adds the destination (specified by its IP address) of a redirect-policy (specified by its name) to the binding. An error is thrown if either the destination does not exist for the specified redirect-policy or if the redirect-policy does not exist.

The no form of the command removes from the binding from all the destinations of the specified redirect-policy, or only the specified destination.

Parameters

redirect-policy-name: Specifies the name of the redirect-policy (up to 32 characters) as the destination that is to be added to the binding.

ip-address

The IP address of the destination. This can be an IPv4 or IPv6 address.

Values


ipv4-address:	a.b.c.d.
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

Platforms

7705 SAR Gen 2

redirect-policy-binding

Syntax

redirect-policy-bindingname [create]

no redirect-policy-binding name

Context

[Tree] (config>filter redirect-policy-binding)

Full Context

configure filter redirect-policy-binding

Description

This command creates a redirect-policy binding (specified by its name) in case it does not exist and, enters the context associated with it. When a redirect-policy binding is created, no destination is associated to this binding by default and the binding operator is set to AND.

The no form of this command deletes the redirect-policy binding and all the associated configuration information.

Parameters

name: Specifies the name of the binding. Possible values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotations.

create: This keyword is required to create the binding if it does not exist. This has no effect when used with an existing binding.

Platforms

7705 SAR Gen 2

redirect-vprn

Syntax

redirect-vprn

Context

[Tree] (config>router>dns redirect-vprn)

Full Context

configure router dns redirect-vprn

Description

This command configures the DNS resolution to be resolved via VPRN. If configured, all packet URL resolution is done through a DNS server that is reachable in a VPRN. This includes packets in the global routing table.

Default

redirect-vprn

Platforms

7705 SAR Gen 2

redirection

Syntax

redirection level

no redirection

Context

[Tree] (config>system>file-trans-prof redirection)

Full Context

configure system file-transmission-profile redirection

Description

This command enables system to accept HTTP redirection response, along with the max level of redirection. The virtual router may send a new request to another server if the requested resources are not available (temporarily available to another server).

Default

no redirection

Parameters

level

Specifies the maximum level of redirection of the file transmission profile max level of HTTP redirection.

Values: 1 to 8

Platforms

7705 SAR Gen 2

redirects

Syntax

redirects [number seconds]

no redirects

Context

[Tree] (config>service>ies>if>icmp redirects)

[Tree] (config>service>vprn>if>ipv6>icmp6 redirects)

[Tree] (config>service>vprn>nw-if>icmp redirects)

[Tree] (config>service>ies>if>ipv6>icmp6 redirects)

[Tree] (config>service>vprn>if>icmp redirects)

Full Context

configure service ies interface icmp redirects

configure service vprn interface ipv6 icmp6 redirects

configure service vprn network-interface icmp redirects

configure service ies interface ipv6 icmp6 redirects

configure service vprn interface icmp redirects

Description

This command configures the rate for Internet Control Message Protocol (ICMP) redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

The no form of this command disables the generation of ICMP redirects on the router interface.

Default

redirects 100 10

Parameters

number

Specifies the maximum number of ICMP redirect messages to send. This parameter must be specified with the second parameter.

Values: 10 to 1000

seconds

Specifies the time frame in seconds used to limit the number of ICMP redirect messages that can be issued.

Values: 1 to 60

Platforms

7705 SAR Gen 2

redirects

Syntax

redirects [number seconds]

no redirects

Context

[Tree] (config>router>if>icmp redirects)

Full Context

configure router interface icmp redirects

Description

This command enables and configures the rate for ICMP redirect messages issued on the router interface.

When routes are not optimal on this router, and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects are issued can be controlled with the optional number and time parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP redirects on the router interface.

Default

redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.

Parameters

number

The maximum number of ICMP redirect messages to send, expressed as a decimal integer. This parameter must be specified with the time parameter.

Values: 10 to 1000

seconds

The time frame, in seconds, used to limit the number of ICMP redirect messages that can be issued, expressed as a decimal integer.

Values: 1 to 60

Platforms

7705 SAR Gen 2

redirects

Syntax

redirects [number seconds]

no redirects

Context

[Tree] (config>router>if>ipv6>icmp6 redirects)

Full Context

configure router interface ipv6 icmp6 redirects

Description

This command configures the rate for ICMPv6 redirect messages. When configured, ICMPv6 redirects are generated when routes are not optimal on the router and another router on the same subnetwork has a better route to alert that node that a better route is available.

The no form of this command disables ICMPv6 redirects.

Default

redirects 100 10 (when IPv6 is enabled on the interface)

Parameters

number

Limits the number of redirects issued per the time frame specified in seconds parameter.

Values: 10 to 1000

seconds

Determines the time frame, in seconds, that is used to limit the number of redirects issued per time frame.

Values: 1 to 60

Platforms

7705 SAR Gen 2

redistribute-delay

Syntax

redistribute-delay redistribute-delay

no redistribute-delay

Context

[Tree] (config>router>ospf3>timers redistribute-delay)

[Tree] (config>router>ospf>timers redistribute-delay)

Full Context

configure router ospf3 timers redistribute-delay

configure router ospf timers redistribute-delay

Description

This command sets the internal OSPF hold down timer for external routes being redistributed into OSPF.

Shorting this delay can speed up the advertisement of external routes into OSPF but can result in additional OSPF messages if that source route is not yet stable.

The no form of this command resets the timer value back to the default value.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is greater than or equal to 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default

redistribute-delay 1000

Parameters

redistribute-delay

Specifies the OSPF redistribution hold down time in milliseconds for external routes being advertised into OSPF.

Values: 0 to 1000

Platforms

7705 SAR Gen 2

redistribute-external

Syntax

[no] redistribute-external

Context

[Tree] (config>service>vprn>ospf>area>nssa redistribute-external)

[Tree] (config>service>vprn>ospf3>area>nssa redistribute-external)

Full Context

configure service vprn ospf area nssa redistribute-external

configure service vprn ospf3 area nssa redistribute-external

Description

This command enables the redistribution of external routes into the Not So Stubby Area (NSSA) or an NSSA area border router (ABR) that is exporting the routes into non-NSSA areas.

NSSA or Not So Stubby Areas are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an ABR to the entire OSPF domain.

The no form of this command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.

Default

redistribute-external — External routes are redistributed into the NSSA.

Platforms

7705 SAR Gen 2

redistribute-external

Syntax

[no] redistribute-external

Context

[Tree] (config>router>ospf3>area>nssa redistribute-external)

[Tree] (config>router>ospf>area>nssa redistribute-external)

Full Context

configure router ospf3 area nssa redistribute-external

configure router ospf area nssa redistribute-external

Description

This command enables the redistribution of external routes into the Not So Stubby Area (NSSA) or an NSSA area border router (ABR) that is exporting the routes into non-NSSA areas.

NSSA or Not So Stubby Areas are similar to stub areas in that no external routes are imported into the area from other OSPF or OSPF3 areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an Area Border Router to the entire OSPF or OSPF3 domain.

The no form of this command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.

Default

redistribute-external

Platforms

7705 SAR Gen 2

redo

Syntax

redo [count]

Context

[Tree] (candidate redo)

Full Context

candidate redo

Description

This command reapplies the changes to the candidate that were removed using a previous undo. All undo or redo history is lost when the operator exits edit-cfg mode.

A redo command is blocked if another user has made changes in the same CLI branches that would be impacted during the redo.

Parameters

count

Specifies the number of previous changes to reapply.

Values: 1 to 50

Default: 1

Platforms

7705 SAR Gen 2

reduced-prompt

Syntax

reduced-prompt [no-of-nodes-in-prompt]

no reduced-prompt

Context

[Tree] (environment reduced-prompt)

Full Context

environment reduced-prompt

Description

This command configures the maximum number of higher CLI context levels to display in the CLI prompt for the current CLI session. This command is useful when configuring features that are several node levels deep, causing the CLI prompt to become too long. By default, the CLI prompt displays the system name and the complete context in the CLI.

The number of nodes specified indicates the number of higher-level contexts that can be displayed in the prompt. For example, if reduced prompt is set to 2, the two highest contexts from the present working context are displayed by name with the hidden (reduced) contexts compressed into a ellipsis ("…”).

A:ALA-1>environment# reduced-prompt 2
A:ALA-1>config>router# interface to-103
A:ALA-1>...router>if#

The setting is not saved in the configuration. It must be reset for each CLI session or stored in an exec script file.

The no form of the command reverts to the default.

Default

no reduced-prompt

Parameters

no-of-nodes-in-prompt

Specifies the maximum number of higher-level nodes displayed by name in the prompt, expressed as a decimal integer.

Values: 0 to 15

Default: 2

Platforms

7705 SAR Gen 2

redundancy

Syntax

redundancy

Context

[Tree] (config redundancy)

Full Context

configure redundancy

Description

This command allows the user to perform redundancy operations.

Associated commands include the following in the admin>redundancy context:

force-switchover - Forces a switchover to the standby CPM card.
now - Switch to standby CPM.

Switching to the standby displays the following message.

WARNING: Configuration and/or Boot options may have changed since the last save.

Are you sure you want to switchover (y/n)?
synchronize - Synchronizes the secondary CPM.

Platforms

7705 SAR Gen 2

redundancy

Syntax

redundancy

Context

[Tree] (admin redundancy)

Full Context

admin redundancy

Description

Commands in this context allow the user to perform redundancy operations.

Platforms

7705 SAR Gen 2

redundant-multicast

Syntax

[no] redundant-multicast

Context

[Tree] (config>router>igmp>if redundant-multicast)

Full Context

configure router igmp interface redundant-multicast

Description

This command configures the interface as a member of a redundant pair for multicast traffic.

The no form of the command removes the configuration.

Platforms

7705 SAR Gen 2

ref-policer

Syntax

ref-policer policer-id

ref-policer all

no ref-policer

Context

[Tree] (config>log>acct-policy>cr ref-policer)

Full Context

configure log accounting-policy custom-record ref-policer

Description

This command creates a policer context to configure reference policer counters for significant change only reporting. The custom record is only generated when the change in the sum of all queue and policer reference counters equals or exceeds the configured (non-zero) significant change value.

The no form of this command deletes all policer reference counters.

Default

no ref-policer

Parameters

policer-id

Specifies the policer for which reference counters are configured and to which significant-change is applied.

Values: 1 to 63

all: Applies the significant-change to the specified counters for all policers.

Platforms

7705 SAR Gen 2

ref-queue

Syntax

ref-queue queue-id

ref-queue all

no ref-queue

Context

[Tree] (config>log>acct-policy>cr ref-queue)

Full Context

configure log accounting-policy custom-record ref-queue

Description

This command creates a queue context to configure reference queue counters for significant change only reporting. The custom record is only generated when the change in the sum of all queue and policer reference counters equals or exceeds the configured (non-zero) significant change value.

The no form of this command deletes all queue reference counters.

Default

no ref-queue

Parameters

queue-id

Specifies the queue for which reference counters are configured and to which the significant-change is applied.

Values: 1 to 32

all: Applies the significant-change to the specified counters for all queues.

Platforms

7705 SAR Gen 2

reference-bandwidth

Syntax

reference-bandwidth bandwidth-in-kbps

reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]

no reference-bandwidth

Context

[Tree] (config>service>vprn>isis reference-bandwidth)

Full Context

configure service vprn isis reference-bandwidth

Description

This command configures the reference bandwidth that provides the basis of bandwidth relative costing.

In order to calculate the lowest cost to reach a specific destination, each configured level on each interface must have a cost. If the reference bandwidth is defined, then the cost is calculated using the following formula:

cost = reference – bandwidth bandwidth

If the reference bandwidth is configured as 10 Gigabits (10,000,000,000), a 100 M/bps interface has a default metric of 100. In order for metrics in excess of 63 to be configured, wide metrics must be deployed. (See wide-metrics-only in the config>router>isis context.)

If the reference bandwidth is not configured, all interfaces have a default metric of 10.

The no form of this command reverts to the default value.

Default

no reference-bandwidth — No reference bandwidth is defined. All interfaces have a metric of 10.

Parameters

Zetta-bps

Specifies the reference bandwidth in zettabits per second, expressed as a decimal integer.

Values: 1 to 18

Exa-bps

Specifies the reference bandwidth in exabits per second, expressed as a decimal integer.

Values: 1 to 999

Peta-bps

Specifies the reference bandwidth in petabits per second, expressed as a decimal integer.

Values: 1 to 999

bandwidth-in-kbps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 18446744073709551615

Tera-bps

Specifies the reference bandwidth in terabits per second, expressed as a decimal integer.

Values: 1 to 999

Giga-bps

Specifies the reference bandwidth in gigabits per second, expressed as a decimal integer.

Values: 1 to 999

Mega-bps

Specifies the reference bandwidth in megabits per second, expressed as a decimal integer.

Values: 1 to 999

Kilo-bps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 999

Platforms

7705 SAR Gen 2

reference-bandwidth

Syntax

reference-bandwidth bandwidth-inkbps

reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]

no reference-bandwidth

Context

[Tree] (config>service>vprn>ospf reference-bandwidth)

[Tree] (config>service>vprn>ospf3 reference-bandwidth)

Full Context

configure service vprn ospf reference-bandwidth

configure service vprn ospf3 reference-bandwidth

Description

This command configures the reference bandwidth in kilobits per second (kb/s) that provides the reference for the default costing of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

cost = reference–bandwidth bandwidth

The default reference-bandwidth is 100,000,000 kb/s or 100 Gb/s, so the default auto-cost metrics for various link speeds are as follows:

10 Mb/s link default cost of 10000
100 Mb/s link default cost of 1000
1 Gb/s link default cost of 100
10 Gb/s link default cost of 10
40 Gb/s link default cost of 2
100 Gb/s link default cost of 1
400 Gb/s link default cost of 1

Note:

The default reference-bandwidth value must be manually configured to a higher value if interface speeds are greater than 100 Gb/s, and metrics based on link speed are used. When the default reference-bandwidth value is used, a metric of 1 is set on all interface speeds ≥ 100 Gb/s. For example, 100 GE, 100 GE LAG, 400 GE, and 400 GE LAG interfaces will all have a metric of 1.

If the reference bandwidth is configured as 10 Gb (reference-bandwidth 10000000000), a 100 Mb/s interface has a default metric of 100.

When a very large reference bandwidth value is configured, a metric calculation may result in a value higher than the supported protocol cost value. If this occurs, OSPF automatically reverts to the maximum configurable cost metric.

The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the metric metric command configured in the config>router>ospf>area>if ip-int-name context.

The no form of this command reverts the reference bandwidth to the default value.

Default

reference-bandwidth 100000000

Parameters

bandwidth-in-kbps

Specifies the reference bandwidth in kilobits per second expressed as a decimal integer.

Values: 1 to 4000000000

tbps Tera-bps

Specifies the reference bandwidth in terabits per second expressed as a decimal integer.

Values: 1 to 4

gbps Giga-bps

Specifies the reference bandwidth in gigabits per second expressed as a decimal integer.

Values: 1 to 999

mbps Mega-bps

Specifies the reference bandwidth in megabits per second expressed as a decimal integer.

Values: 1 to 999

kbps Kilo-bps

Specifies the reference bandwidth in kilobits per second expressed as a decimal integer.

Values: 1 to 999

Platforms

7705 SAR Gen 2

reference-bandwidth

Syntax

reference-bandwidth bandwidth-in-kbps

reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]

no reference-bandwidth

Context

[Tree] (config>router>isis reference-bandwidth)

Full Context

configure router isis reference-bandwidth

Description

This command configures the reference bandwidth that provides the basis of bandwidth relative costing.

To calculate the lowest cost to reach a specific destination, each configured level on each interface must have a cost. If the reference bandwidth is defined, then the cost is calculated using the following formula:

cost = reference-bandwidth bandwidth

If the reference bandwidth is configured as 10 Gb (reference-bandwidth 10000000000), a 100 Mb/s interface has a default metric of 100. To configure metrics in excess of 63, wide metrics must be deployed (see wide-metrics-only in the config>router>isis context).

When a large reference-bandwidth value is configured, a metric calculation may result in a value higher than the supported protocol cost value. If this occurs, IS-IS automatically reverts to the maximum configurable cost metric.

If the reference bandwidth is not configured, then all interfaces have a default metric of 10.

The no form of this command reverts to the default value.

Default

no reference-bandwidth

Parameters

bandwidth-in-kbps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 18446744073709551615

Zetta-bps

Specifies the reference bandwidth in zettabits per second, expressed as a decimal integer.

Values: 1 to 18

Exa-bps

Specifies the reference bandwidth in exabits per second, expressed as a decimal integer.

Values: 1 to 999

Peta-bps

Specifies the reference bandwidth in petabits per second, expressed as a decimal integer.

Values: 1 to 999

Tera-bps

Specifies the reference bandwidth in terabits per second, expressed as a decimal integer.

Values: 1 to 999

Giga-bps

Specifies the reference bandwidth in gigabits per second, expressed as a decimal integer.

Values: 1 to 999

Mega-bps

Specifies the reference bandwidth in megabits per second, expressed as a decimal integer.

Values: 1 to 999

Kilo-bps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 999

Platforms

7705 SAR Gen 2

reference-bandwidth

Syntax

reference-bandwidth bandwidth-in-kbps

reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]

no reference-bandwidth

Context

[Tree] (config>router>ospf3 reference-bandwidth)

[Tree] (config>router>ospf reference-bandwidth)

Full Context

configure router ospf3 reference-bandwidth

configure router ospf reference-bandwidth

Description

This command configures the reference bandwidth in kilobits per second (kb/s) that provides the reference for the default costing of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

cost = reference-bandwidth bandwidth

The default reference-bandwidth is 100,000,000 kb/s or 100 Gb/s, the default auto-cost metrics for various link speeds are as follows:

10 Mb/s link default cost of 10000
100 Mb/s link default cost of 1000
1 Gb/s link default cost of 100
10 Gb/s link default cost of 10
100 Gb/s link default cost of 1
400 Gb/s link default cost of 1

Note:

The default reference-bandwidth must be manually configured to a higher value if interface speeds are greater than 100 Gb/s, and metrics based on link speed are used. When the default reference-bandwidth is used, a metric of 1 is set on all interface speeds ≥ 100 Gb/s. For example, 100 GE, 100 GE LAG, 400 GE, and 400 GE LAG interfaces will all have a metric of 1.

If the reference bandwidth is configured as 10 Gb (reference-bandwidth 10000000000), a 100 Mb/s interface has a default metric of 100.

When a very large reference bandwidth value is configured, a metric calculation may result in a value higher than the supported protocol cost value. If this occurs, OSPF automatically reverts to the maximum configurable cost metric.

The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the metric metric command configured in the config>router>ospf>area>interface ip-int-name context.

The no form of this command reverts to the default value.

Default

reference-bandwidth 100000000

Parameters

bandwidth-in-kbps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 18446744073709551615

Zetta-bps

Specifies the reference bandwidth in zettabits per second, expressed as a decimal integer.

Values: 1 to 18

Exa-bps

Specifies the reference bandwidth in exabits per second, expressed as a decimal integer.

Values: 1 to 999

Peta-bps

Specifies the reference bandwidth in petabits per second, expressed as a decimal integer.

Values: 1 to 999

Tera-bps

Specifies the reference bandwidth in terabits per second, expressed as a decimal integer.

Values: 1 to 999

Giga-bps

Specifies the reference bandwidth in gigabits per second, expressed as a decimal integer.

Values: 1 to 999

Mega-bps

Specifies the reference bandwidth in megabits per second, expressed as a decimal integer.

Values: 1 to 999

Kilo-bps

Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.

Values: 1 to 999

Platforms

7705 SAR Gen 2

reflector

Syntax

reflector [udp-port udp-port-number] [create]

no reflector

Context

[Tree] (config>service>vprn>twamp-light reflector)

[Tree] (config>router>twamp-light reflector)

Full Context

configure service vprn twamp-light reflector

configure router twamp-light reflector

Description

This command configures a TWAMP Light session reflector parameters and to enable TWAMP Light functionality with the no shutdown command. The udp-port keyword and value must be specified with the create keyword. An error message is generated if the specific UDP port is unavailable.

Parameters

udp-port-number

Specifies the UDP port number. A strictly enforced restricted range has been introduced. The TWAMP Light session reflector must be brought in line with this new restriction prior upgrading or rebooting from any previous release if there is an active TWAMP Light session reflector configured. Failure to do so prevents an ISSU operation from proceeding and fails to activate any reflector outside of the enforced range.

Note that in the Two-Way Active Measurement Protocol Light (TWAMP Light) section for a complete description. This parameter is required and specifies the destination udp-port that the session reflector uses to listen for TWAMP Light packets. The session controller launching the TWAMP Light packets must be configured with the same destination UDP port as part of the TWAMP Light test. The IES service uses the destination UDP port that is configured under the router context. Only one UDP port can be configured per unique context.

Values: 862, 64364 to 64373

Platforms

7705 SAR Gen 2

refresh-reduction

Syntax

[no] refresh-reduction

Context

[Tree] (config>router>rsvp>interface refresh-reduction)

Full Context

configure router rsvp interface refresh-reduction

Description

This command enables the use of the RSVP overhead refresh reduction capabilities on this RSVP interface.

When this option is enabled, a node will enable support for three capabilities. It will accept bundles RSVP messages from its peer over this interface, it will attempt to perform reliable RSVP message delivery to its peer, and will use summary refresh messages to refresh path and resv states. The reliable message delivery must be explicitly enabled by the user after refresh reduction is enabled. The other two capabilities are enabled immediately.

A bundle message is intended to reduce overall message handling load. A bundle message consists of a bundle header followed by one or more bundle sub-messages. A sub-message can be any regular RSVP message except another bundle message. A node will only process received bundled RSVP messages but will not generate them.

When reliable message delivery is supported by both the node and its peer over the RSVP interface, an RSVP message is sent with a message_id object. A message_id object can be added to any RSVP message when sent individually or as a sub-message of a bundled message.

if the sender sets the ack_desired flag in the message_id object, the receiver acknowledges the receipt of the RSVP message by piggy-backing a message_ack object to the next RSVP message it sends to its peer. Alternatively, an ACK message can also be used to send the message_ack object. In both cases, one or many message_ack objects could be included in the same message.

The router supports the sending of separate ACK messages only but is capable of processing received message_ack objects piggy-backed to hop-by-hop RSVP messages, such as path and resv.

The router sets the ack_desired flag only in non-refresh RSVP messages and in refresh messages which contain new state information.

A retransmission mechanism based on an exponential backoff timer is supported in order to handle unacknowledged message_id objects. The RSVP message with the same message_id is retransmitted every 2 * rapid-retransmit-time interval of time. The rapid-retransmit-time is referred to as the rapid retransmission interval as it must be smaller than the regular refresh interval configured in the config>router>rsvp>refresh-time context. There is also a maximum number of retransmissions of an unacknowledged RSVP message rapid-retry-limit. The node will stop retransmission of unacknowledged RSVP messages whenever the updated backoff interval exceeds the value of the regular refresh interval or the number of retransmissions reaches the value of the rapid-retry-limit parameter, whichever comes first. These two parameters are configurable globally on a system in the config>router>rsvp context.

Refresh summary consists of sending a summary refresh message containing a message_id list object. The fields of this object are populated each with the value of the message_identifier field in the message_id object of a previously sent individual path or resv message. The summary refresh message is sent every refresh regular interval as configured by the user using the refresh-time command in the config>router>rsvp context. The receiver checks each message_id object against the saved path and resv states. If a match is found, the state is updated as if a regular path or resv refresh message was received from the peer. If a specific message_identifier field does not match, then the node sends a message_id_nack object to the originator of the message.

The above capabilities are referred to collectively as "refresh overhead reduction extensions”. When the refresh-reduction is enabled on an RSVP interface, the node indicates this to its peer by setting a "refresh-reduction-capable” bit in the flags field of the common RSVP header. If both peers of an RSVP interface set this bit, all the above three capabilities can be used. Furthermore, the node monitors the settings of this bit in received RSVP messages from the peer on the interface. As soon as this bit is cleared, the router stops sending summary refresh messages. If a peer did not set the "refresh-reduction-capable” bit, a node does not attempt to send summary refresh messages.

However, if the peer did not set the "refresh-reduction-capable” bit, a node, with refresh reduction enabled and reliable message delivery enabled, will still attempt to perform reliable message delivery with this peer. If the peer does not support the message_id object, it returns an error message "unknown object class”. In this case, the node retransmits the RSVP message without the message_id object and reverts to using this method for future messages destined to this peer. The RSVP Overhead Refresh Reduction is supported with both RSVP P2P LSP path and the S2L path of an RSVP P2MP LSP instance over the same RSVP instance.

The no form of this command reverts to the default value.

Default

no refresh-reduction

Platforms

7705 SAR Gen 2

refresh-reduction-over-bypass

Syntax

refresh-reduction-over-bypass [enable | disable]

Context

[Tree] (config>router>rsvp refresh-reduction-over-bypass)

Full Context

configure router rsvp refresh-reduction-over-bypass

Description

This command enables the refresh reduction capabilities over all bypass tunnels originating on this PLR node or terminating on this Merge Point (MP) node.

By default, this is disabled. Since a bypass tunnel may merge with the primary LSP path in a node downstream of the next-hop, there is no direct interface between the PLR and the MP node and it is possible the latter will not accept summary refresh messages received over the bypass.

When disabled, the node as a PLR or MP will not set the "Refresh-Reduction-Capable” bit on RSVP messages pertaining to LSP paths tunneled over the bypass. It will also not send Message-ID in RSVP messages. This effectively disables summary refresh.

Default

refresh-reduction-over-bypass disable

Platforms

7705 SAR Gen 2

refresh-time

Syntax

refresh-time seconds

no refresh-time

Context

[Tree] (config>router>rsvp refresh-time)

Full Context

configure router rsvp refresh-time

Description

The refresh-time controls the interval (in s), between the successive Path and Resv refresh messages. RSVP declares the session down after it misses keep-multiplier number consecutive refresh messages.

The no form of this command reverts to the default value.

Default

refresh-time 30

Parameters

seconds

The refresh time in s.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

refresh-time

Syntax

refresh-time seconds hold-time seconds

no refresh-time

Context

[Tree] (config>router>origin-validation>rpki-session refresh-time)

Full Context

configure router origin-validation rpki-session refresh-time

Description

This command is used to configure the refresh-time and hold-time intervals that are used for liveness detection of the RPKI-Router session. The refresh-time defaults to 300 seconds and is reset whenever a Reset Query PDU or Serial Query PDU is sent to the cache server. When the timer expires, a new Serial Query PDU is sent with the last known serial number.

The hold-time specifies the length of time in seconds that the session is to be considered UP without any indication that the cache server is alive and reachable. The timer defaults to 600 seconds and must be at least 2x the refresh-time (otherwise the CLI command is not accepted). Reception of any PDU from the cache server resets the hold timer. When the hold-time expires, the session is considered to be DOWN and the stale timer is started.

Default

no refresh-time

Parameters

seconds

Specifies a time in seconds.

Values: 30 to 32767

seconds

Specifies a time in seconds.

Values: 60 to 65535

Platforms

7705 SAR Gen 2

refresh-timer

Syntax

refresh-timer value

no refresh-timer

Context

[Tree] (config>service>vpls>spoke-sdp>control-channel-status refresh-timer)

[Tree] (config>service>epipe>spoke-sdp>control-channel-status refresh-timer)

Full Context

configure service vpls spoke-sdp control-channel-status refresh-timer

configure service epipe spoke-sdp control-channel-status refresh-timer

Description

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default

no refresh-timer

Parameters

value

Specifies the refresh timer value, in seconds.

Values: 10 to 65535

Default: 0 (off)

Platforms

7705 SAR Gen 2

refresh-timer

Syntax

refresh-timer value

no refresh-timer

Context

[Tree] (config>service>ies>if>spoke-sdp>control-channel-status refresh-timer)

Full Context

configure service ies interface spoke-sdp control-channel-status refresh-timer

Description

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default

no refresh-timer

Parameters

value

Specifies the refresh timer value.

Values: 10 to 65535 seconds

Default: 0 (off)

Platforms

7705 SAR Gen 2

refresh-timer

Syntax

refresh-timer value

no refresh-timer

Context

[Tree] (config>service>vprn>if>spoke-sdp>control-channel-status refresh-timer)

Full Context

configure service vprn interface spoke-sdp control-channel-status refresh-timer

Description

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default

no refresh-timer

Parameters

value

Specifies the refresh timer value.

Values: 10 to 65535 seconds

Default: 0 (off)

Platforms

7705 SAR Gen 2

register

Syntax

register [group grp-ip-address] [source ip-address] [detail]

no register

Context

[Tree] (debug>router>pim register)

Full Context

debug router pim register

Description

This command enables debugging for PIM register mechanism.

The no form of this command disables debugging for PIM register mechanism.

Parameters

grp-ip-address

Debugs information associated with the specified PIM register.

Values: multicast group address (ipv4, ipv6)

ip-address

Debugs information associated with the specified PIM register.

Values: source address (ipv4, ipv6)

detail: Debugs detailed register information.

Platforms

7705 SAR Gen 2

register-message

Syntax

[no] register-message {ip-address | ipv6-address}

Context

[Tree] (config>router>pim>src-address register-message)

[Tree] (config>service>vprn>pim>src-address register-message)

Full Context

configure router pim source-address register-message

configure service vprn pim source-address register-message

Description

This command configures the source IP address for PIM register messages. The IP address can be set to any unicast address, regardless of whether it resides on the node. Ensure that the specified IP address is configured on the router as a loopback or interface IP address.

The no form of this command removes the IP address. By default, when no IP address is specified for the PIM instance, the source IP address for register messages is selected by choosing the smallest IP address from available interfaces on the node.

Parameters

ip-address | ipv6-address: Specifies the source IPv4 or IPv6 address, up to 64 characters.

Platforms

7705 SAR Gen 2

reinit-delay

Syntax

reinit-delay time

no reinit-delay

Context

[Tree] (config>system>lldp reinit-delay)

Full Context

configure system lldp reinit-delay

Description

This command configures the time before re-initializing LLDP on a port.

The no form of this command reverts to the default value.

Default

no reinit-delay

Parameters

time

Specifies the time, in seconds, before re-initializing LLDP on a port.

Values: 1 to 10

Default: 2

Platforms

7705 SAR Gen 2

relay-plain-bootp

Syntax

[no] relay-plain-bootp

Context

[Tree] (config>service>vprn>if>dhcp relay-plain-bootp)

[Tree] (config>service>ies>if>dhcp relay-plain-bootp)

Full Context

configure service vprn interface dhcp relay-plain-bootp

configure service ies interface dhcp relay-plain-bootp

Description

This command enables the relaying of plain BOOTP packets.

The no form of this command disables the relaying of plain BOOTP packets.

Platforms

7705 SAR Gen 2

relay-plain-bootp

Syntax

[no] relay-plain-bootp

Context

[Tree] (config>router>if>dhcp relay-plain-bootp)

Full Context

configure router interface dhcp relay-plain-bootp

Description

This command enables the relaying of plain BOOTP packets.

The no form of this command disables the relaying of plain BOOTP packets.

Default

no relay-plain-bootp

Platforms

7705 SAR Gen 2

relay-proxy

Syntax

relay-proxy [release-update-src-ip] [siaddr-override ip-address]

no relay-proxy

Context

[Tree] (config>service>vprn>if>dhcp relay-proxy)

[Tree] (config>service>ies>if>dhcp relay-proxy)

Full Context

configure service vprn interface dhcp relay-proxy

configure service ies interface dhcp relay-proxy

Description

This command enables the DHCPv4 relay proxy function on the interface. The command has no effect when no dhcp servers are configured (DHCPv4 relay not configured). By default, unicast DHCPv4 release messages are forwarded transparently.

A relay proxy enhances the relay such that it also relays unicast client DHCPv4 REQUEST messages (lease renewals).

In the upstream direction, update the source IP address and add the gateway IP address (gi-address) field before sending the message to the intended DHCP server (the message is not broadcasted to all configured DHCP servers.
In the downstream direction, remove the gi-address and update the destination IP address to the address of the yiaddr (your IP address) field.

The optional release-update-src-ip parameter updates the source IP address of a DHCP RELEASE message with the address used for relayed DHCPv4 messages.

The optional siaddr-override ip-address parameter enables DHCP server IP address hiding towards the client. This parameter requires that lease-populate is enabled on the interface. The DHCP server ip address is required for the address hiding function and is stored in the lease state record. The client interacts with the relay proxy as if it is the DHCP server. In all DHCP messages to the client, the value of following header fields and DHCP options containing the DHCP server IP address is replaced with the configured <ip-address>:

the "source IP address” field in the IP DHCPv4 packet header
the "siaddr” field in the DHCPv4 header if not equal to zero in the message received from the server
the Server Identification option (DHCPv4 option 54) if present in the original server message
the source IP address field in the IP packet header

DHCP OFFER selection during initial binding is done in the relay-proxy. Only the first DHCP OFFER message is forwarded to the client. Subsequent DHCP OFFER messages from different servers are silently dropped.

Parameters

release-update-src-ip: Updates the source IP address of a DHCP RELEASE message with the address used for relayed DHCPv4 messages.

ip-address: Enables DHCPv4 server address hiding towards the DHCPv4 client and activates DHCPv4 OFFER selection in case multiple DHCP servers are configured. The ip-address can be any local address in the same routing instance. If DHCP relay lease-split is enabled, siaddr-override ip-address has priority over the emulated-server ip-address configured in the proxy-server and is used as the source IP address.

Platforms

7705 SAR Gen 2

relay-unsolicited-cfg-attribute

Syntax

relay-unsolicited-cfg-attribute

Context

[Tree] (config>ipsec>ike-policy relay-unsolicited-cfg-attribute)

Full Context

configure ipsec ike-policy relay-unsolicited-cfg-attribute

Description

This command enters relay unsolicited configuration attributes context. With this configuration, the configured attributes returned from source (such as a RADIUS server) will be returned to IKEv2 remote-access tunnel client regardless if the client has requested it in the CFG_REQUEST payload.

Platforms

7705 SAR Gen 2

reliable-delivery

Syntax

[no] reliable-delivery

Context

[Tree] (config>router>rsvp>if>refresh-reduction reliable-delivery)

Full Context

configure router rsvp interface refresh-reduction reliable-delivery

Description

This command enables reliable delivery of RSVP messages over the RSVP interface. When refresh-reduction is enabled on an interface and reliable-delivery is disabled, the router will send a message_id and not set ACK desired in the RSVP messages over the interface. The router does not expect an ACK and but will accept it if received. The node will also accept message ID and reply with an ACK when requested. In this case, if the neighbor set the "refresh-reduction-capable” bit in the flags field of the common RSVP header, the node will enter summary refresh for a specific message_id it sent regardless if it received an ACK or not to this message from the neighbor.

Finally, when 'reliable-delivery’ option is enabled on any interface, RSVP message pacing is disabled on all RSVP interfaces of the system, for example, the user cannot enable the msg-pacing option in the config>router>rsvp context, and error message is returned in CLI. Conversely, when the msg-pacing option is enabled, the user cannot enable the reliable delivery option on any interface on this system. An error message is also generated in CLI after such an attempt.

The no form of this command reverts to the default value.

Default

no reliable-delivery

Platforms

7705 SAR Gen 2

reload

Syntax

reload type {cert | key | cert-key-pair} filename protocol protocol [key-file filename]

Context

[Tree] (admin>certificate reload)

Full Context

admin certificate reload

Description

This command reloads imported certificate or key file or both at the same time. This command is typically used to update certificate or key file without shutting down ipsec-tunnel/ipsec-gw/cert-profile/ca-profile. Note that type cert and type key is deprecated in a future release. Use type cert-key-pair instead. Instead of type cert use type key instead.

If the new file exists and valid, then for each tunnel using it:
- If the key matches the certificate, then the new file is downloaded to the MS-ISA to be used the next time. Tunnels currently up are not affected.
- If the key does not match the certificate:
  - If cert and key configuration is used instead of cert-profile then the tunnel is brought down.
  - If cert-profile is used, then cert-profile is brought down. The next authentication fails while the established tunnels are not affected.

If the new file does not exists or somehow invalid (bad format, does not contain right extension, and so on), then this command will abort.

In the case of type cert-key-pair, if the new file does not exist or is invalid or cert and key do not match, then this command aborts with an error message.

Parameters

type: Specifies what item will be reloaded.

cert: Specifies that a certificate cache will be reloaded.

key: Specifies that a key cache will be reloaded.

cert-key-pair: Specifies that a paired certificate and key cache will be reloaded.

filename: Up to 95 characters.

protocol

Specifies which protocol the certificate will be reloaded for.

Values: ipsec, tls

Platforms

7705 SAR Gen 2

remarking

Syntax

remarking [force]

no remarking

Context

[Tree] (config>qos>network>egress remarking)

Full Context

configure qos network egress remarking

Description

This command remarks both customer traffic and egress network IP interface traffic; VPRN customer traffic is not remarked. The remarking is based on the forwarding class to DSCP and LSP EXP bit mapping defined under the egress node of the network QoS policy.

Normally, packets that ingress on network ports have either the DSCP or, for MPLS packets, LSP EXP bit set by an upstream router. The packets are placed in the appropriate forwarding class based on the DSCP-to-forwarding class mapping or the LSP EXP-to-forwarding class mapping. The DSCP or LSP EXP bits of such packets are not altered as the packets egress this router, unless remarking is enabled.

Remarking can be required if this router is connected to a different DiffServ domain where the DSCP-to-forwarding class mapping is different.

Normally, no remarking is necessary when all router devices are in the same DiffServ domain.

The network QoS policy supports an egress flag that forces remarking of packets that were received on trusted IES and network IP interfaces. This provides the capability of remarking without regard to the ingress state of the IP interface on which a packet was received. The effect of the egress network remark trusted state on each type of ingress IP interface and trust state is listed in Ingress IP Interface Type and Trust State Effect on Egress Network Remarking.

The remark trusted state has no effect on packets received on an ingress VPRN IP interface.

Table 1. Ingress IP Interface Type and Trust State Effect on Egress Network Remarking
Ingress IP Interface Type and Trust State	Egress Network IP Interface Trust Remark Disabled (Default)	Egress Network IP Interface Trust Remark Enabled
IES Non-Trusted (Default)	Egress Remarked	Egress Remarked
IES Trusted	Egress Not Remarked	Egress Remarked
VPRN Non-Trusted	Egress Remarked	Egress Remarked
VPRN Trusted (Default)	Egress Not Remarked	Egress Not Remarked
Network Non-Trusted	Egress Remarked	Egress Remarked
Network Trusted (Default)	Egress Not Remarked	Egress Remarked

The no form of this command resets the configuration to the default behavior.

Default

no remarking — Remarking disabled in the Network QoS policy.

Parameters

force: Specifies that all IP routed traffic egressing the associated network interface will have its EXP, DSCP, P-bit, and DE bit setting remarked as defined in the associated QoS policy. Only bit fields configured in the QoS policy will be remarked; all others will be left untouched or set based on the default if the fields were not present at ingress.

Platforms

7705 SAR Gen 2

remote

Syntax

remote

Context

[Tree] (config>ipsec>ts-list remote)

Full Context

configure ipsec ts-list remote

Description

Commands in this context configure remote TS-list parameters. The TS-list is the traffic selector of the local system, such as TSi, when the system acts as an IKEv2 responder.

Platforms

7705 SAR Gen 2

remote-age

Syntax

remote-age aging-timer

no remote-age [aging-timer]

Context

[Tree] (config>service>template>vpls-template remote-age)

[Tree] (config>service>vpls remote-age)

Full Context

configure service template vpls-template remote-age

configure service vpls remote-age

Description

This command specifies the aging time for remotely learned MAC addresses in the forwarding database (FDB) for the Virtual Private LAN Service (VPLS) instance.

In a VPLS service, MAC addresses are associated with a Service Access Point (SAP) or with a service destination point (SDP). MACs associated with a SAP are classified as local MACs, and MACs associated with an SDP are remote MACs.

Like in a Layer 2 switch, learned MACs can be aged out if no packets are sourced from the MAC address for a period of time (the aging time). In each VPLS service instance, there are independent aging timers for local learned MAC and remote learned MAC entries in the FDB. The remote-age timer specifies the aging time for remote learned MAC addresses. To reduce the amount of signaling required between switches configure this timer larger than the local-age timer.

The no form of this command returns the remote aging timer to the default value.

Default

remote-age 900

Parameters

seconds

Specifies the aging time for remote MACs expressed in seconds

Values: 60 to 86400

Platforms

7705 SAR Gen 2

remote-attachment-circuit

Syntax

remote-attachment-circuit ac-name [endpointendpoint-name] [create]

no remote-attachment-circuit ac-name

Context

[Tree] (config>service>epipe>bgp-evpn remote-attachment-circuit)

Full Context

configure service epipe bgp-evpn remote-attachment-circuit

Description

This command configures the remote attachment circuit.

The no form of this command disables the context.

Default

no remote-attachment-circuit

Parameters

ac-name: Specifies the name of the remote attachment circuit, up to 32 characters.

endpoint-name: Specifies the name of the endpoint, up to 32 characters.

create: Keyword used to create the remote AC.

Platforms

7705 SAR Gen 2

remote-gateway-address

Syntax

remote-gateway-address [ip-address | ipv6-address]

no remote-gateway-address

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel remote-gateway-address)

Full Context

configure router interface ipsec ipsec-tunnel remote-gateway-address

Description

This command configures the remote IPsec tunnel endpoint address.

Parameters

ip-address: Specifies a remote unicast IPv4 address, up to 64 characters.

ipv6-address: Specifies a remote unicast global unicast IPv6 address, up to 64 characters.

Platforms

7705 SAR Gen 2

remote-id

Syntax

remote-id hex hex-string

remote-id string ascii-string

no remote-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident remote-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification remote-id

Description

This command specifies the remote ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the SAP-ID is matched against DHCP option 82.

Note:

This command is used only when remote-id is configured as one of the match-list parameters.

The no form of this command removes the remote ID from the configuration.

Parameters

hex-string

Specifies the hexadecimal format for the remote ID.

Values: 0x0 to 0xFFFFFFFF (maximum 254 hex nibbles)

ascii-string: Specifies the string format for the remote ID, up to 255 characters.

Platforms

7705 SAR Gen 2

remote-id

Syntax

remote-id

remote-id mac

remote-id string [string]

no remote-id

Context

[Tree] (config>service>vprn>if>ipv6>dhcp6>option remote-id)

[Tree] (config>service>ies>if>ipv6>dhcp6>option remote-id)

Full Context

configure service vprn interface ipv6 dhcp6-relay option remote-id

configure service ies interface ipv6 dhcp6-relay option remote-id

Description

This command enables the sending of remote ID option in the DHCPv6 relay packet.

The client DHCP Unique Identifier (DUID) is used as the remote ID.

The no form of this command disables the sending of remote ID option in the DHCPv6 relay packet.

Platforms

7705 SAR Gen 2

remote-id

Syntax

remote-id

remote-id hex [hex-string]

remote-id {mac | string string}

no remote-id

Context

[Tree] (config>service>ies>if>dhcp>option remote-id)

[Tree] (config>service>vprn>if>dhcp>option remote-id)

[Tree] (config>service>vpls>sap>dhcp>option remote-id)

Full Context

configure service ies interface dhcp option remote-id

configure service vprn interface dhcp option remote-id

configure service vpls sap dhcp option remote-id

Description

This command specifies what information goes into the remote-id sub-option in the DHCP relay packet.

If disabled, the remote-id sub-option of the DHCP packet is left empty. When the command is configured without any parameters, it equals to the remote-id mac option.

The no form of this command reverts to the default.

Parameters

string: Specifies the remote-id, up to 32 characters.

hex-string

Specifies the hex value of this option.

Values: 0x0 to 0xFFFFFFFF...(up to 64 hex nibbles)

mac: Specifies that the MAC address of the remote end is encoded in the sub-option.

Platforms

7705 SAR Gen 2

remote-id

Syntax

remote-id [{mac | string string}]

no remote-id

Context

[Tree] (config>router>if>dhcp>option remote-id)

Full Context

configure router interface dhcp option remote-id

Description

When enabled, the router sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the remote-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default

no remote-id

Parameters

mac: This keyword specifies the MAC address of the remote end is encoded in the suboption.

string: Specifies the remote ID.

Platforms

7705 SAR Gen 2

remote-id

Syntax

remote-id mac

remote-id string <string>

no remote-id

Context

[Tree] (config>service>vpls>sap>dhcp6>ldra>options remote-id)

Full Context

configure service vpls sap dhcp6 ldra options remote-id

Description

This command configures the information for the remote ID suboption in the DHCP6 LDRA.

The no form of this command reverts to the default.

Default

no remote-id

Parameters

mac: Sets the enterprise number field of the Relay Agent remote ID to 6527 and configures the DHCPv6 client source MAC address as six hexadecimal numbers.

string: Sets the enterprise number field of the Relay-Agent remote ID to 6527 and configures the ASCII-encoded string using up to 32 characters.

Platforms

7705 SAR Gen 2

remote-ip

Syntax

remote-ip ip-address

no remote-ip

Context

[Tree] (config>service>ies>if>sap>ip-tunnel remote-ip)

Full Context

configure service ies interface sap ip-tunnel remote-ip

Description

This command configures the primary destination IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the remote-ip address contains an IPv6 address it must be a global unicast address.

Default

no remote-ip

Parameters

ip-address: An IPv4 address or an IPv6 address.

Platforms

7705 SAR Gen 2

remote-ip

Syntax

remote-ip ip-address

no remote-ip

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel remote-ip)

Full Context

configure service vprn interface sap ip-tunnel remote-ip

Description

This command sets the primary destination IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. If this address is reachable in the delivery service (there is a route) then this is the destination IPv4 address of GRE encapsulated packets sent by the delivery service.

The no form of this command deletes the destination address from the GRE tunnel configuration.

Parameters

ip-address

Specifies the destination IPv4 address of the GRE tunnel.

Values: 1.0.0.0 to 223.255.255.255

Platforms

7705 SAR Gen 2

remote-ip

Syntax

remote-ip {ip-prefix/prefix-length | ip-prefix netmask | any}

Context

[Tree] (config>router>ipsec>sec-plcy>entry remote-ip)

[Tree] (config>service>vprn>ipsec>sec-plcy>entry remote-ip)

Full Context

configure router ipsec security-policy entry remote-ip

configure service vprn ipsec security-policy entry remote-ip

Description

This command configures the remote (from the tunnel) IP prefix/mask for the policy parameter entry.

Only one entry is necessary to describe a potential flow. The local-ip and remote-ip commands can be defined only once. The system evaluates:

the local IP as the source IP when traffic is examined in the direction of the flows from private to public and as the destination IP when traffic flows from public to private
the remote IP as the source IP when traffic flows public to private and as the destination IP when traffic flows from private to public

Parameters

ip-prefix

Specifies the destination address of the aggregate route in dotted decimal notation.

Values

a.b.c.d (host bits must be 0)

prefix-length 1 to 32

netmask: Specifies the subnet mask in dotted decimal notation.

any: keyword to specify that it can be any address.

Platforms

7705 SAR Gen 2

remote-lfa

Syntax

remote-lfa [max-pq-costvalue]

no remote-lfa

Context

[Tree] (config>router>isis>loopfree-alternates remote-lfa)

Full Context

configure router isis loopfree-alternates remote-lfa

Description

This command enables the use of the Remote LFA algorithm in the LFA SPF calculation for this ISIS instance.

The no form of this command disables the use of the Remote LFA algorithm in the LFA SPF calculation for this ISIS instance.

Default

no remote-lfa

Parameters

value

Specifies the integer used to limit the search of candidate P and Q nodes in the remote LFA by setting the maximum IGP cost from the router performing the remote LFA calculation to the candidate P or Q node.

Values: 0 to 4294967295

Default: 4261412864

Platforms

7705 SAR Gen 2

remote-lfa

Syntax

remote-lfa [max-pq-costvalue]

no remote-lfa

Context

[Tree] (config>router>ospf>loopfree-alternates remote-lfa)

Full Context

configure router ospf loopfree-alternates remote-lfa

Description

This command enables the use of the Remote LFA algorithm in the LFA SPF calculation in this OSPF or OSPF3 instance.

The no form of this command disables the use of the Remote LFA algorithm in the LFA SPF calculation in this OSPF or OSPF3 instance.

Default

no remote-lfa

Parameters

max-pq-cost value

Specifies the integer used to limit the search of candidate P and Q nodes in the remote LFA by setting the maximum IGP cost from the router performing the remote LFA calculation to the candidate P or Q node.

Values: 0 to 4294967295

Default: 4261412864

Platforms

7705 SAR Gen 2

remote-management

Syntax

remote-management

Context

[Tree] (config>system>management-interface remote-management)

Full Context

configure system management-interface remote-management

Description

Commands in this context configure the SR OS node to use the remote management service. Configuring remote management enables the SR OS node to report itself to a remote manager service running on a remote server, so that it is included in the dynamic list of available nodes. The manager service streamlines the management of multiple SR OS nodes running different SR OS versions using the same client application providing a similar shell to the MD-CLI.

Platforms

7705 SAR Gen 2

remote-management

Syntax

remote-management

no remote-management

remote-management manager [manager-name]

no remote-management manager [manager-name]

Context

[Tree] (debug>system>management-interface remote-management)

Full Context

debug system management-interface remote-management

Description

This command configures the management interface to debug the remote-management managers.

The no form of this command removes the configuration.

Parameters

manager manager-name: Specifies the name of the manager, up to 64 characters. If the parameter is not specified, all configured managers are debugged.

Platforms

7705 SAR Gen 2

remote-max-checkpoints

Syntax

remote-max-checkpoints [number-of-files]

no remote-max-checkpoints

Context

[Tree] (config>system>rollback remote-max-checkpoints)

Full Context

configure system rollback remote-max-checkpoints

Description

This command configures the maximum number of rollback checkpoint files when the rollback-location is remote (for example, ftp).

Default

no remote-max-checkpoints

Parameters

number of files

Specifies the maximum rollback files saved at a remote location.

Values: 1 to 200

Platforms

7705 SAR Gen 2

remote-proxy-arp

Syntax

[no] remote-proxy-arp

Context

[Tree] (config>service>vprn>if remote-proxy-arp)

[Tree] (config>service>ies>if remote-proxy-arp)

Full Context

configure service vprn interface remote-proxy-arp

configure service ies interface remote-proxy-arp

Description

This command enables remote proxy ARP on the interface.

Remote proxy ARP is similar to proxy ARP. It allows the router to answer an ARP request on an interface for a subnet that is not provisioned on that interface. This allows the router to forward to the other subnet on behalf of the requester. To distinguish remote proxy ARP from local proxy ARP, local proxy ARP performs a similar function but only when the requested IP is on the receiving interface.

The no form of this command reverts to the default.

Platforms

7705 SAR Gen 2

remote-proxy-arp

Syntax

[no] remote-proxy-arp

Context

[Tree] (config>router>if remote-proxy-arp)

Full Context

configure router interface remote-proxy-arp

Description

This command enables remote proxy ARP on the interface.

Default

no remote-proxy-arp

Platforms

7705 SAR Gen 2

remote-servers

Syntax

remote-servers

Context

[Tree] (config>service>vprn>aaa remote-servers)

Full Context

configure service vprn aaa remote-servers

Description

Commands in this context configure AAA remote servers on the VPRN.

Platforms

7705 SAR Gen 2

remote-source

Syntax

[no] remote-source

Context

[Tree] (config>mirror>mirror-dest remote-source)

Full Context

configure mirror mirror-dest remote-source

Description

This command is used on a destination router in a remote mirroring solution. The mirroring (packet copy) is performed on the source router and sent via an SDP to the destination router. Remote mirroring requires remote source configuration on the destination router.

Remote mirroring allows a destination router to terminate SDPs from multiple remote source routers. This allows consolidation of packet sniffers or analyzers at a single or small set of points in a network (for example, a sniffer or analyze farm, or lawful interception gateway).

A remote-source entry must be configured on the destination router for each source router from which mirrored traffic is being sent via SDPs.

A mirror destination service that is configured for a destination router must not be configured as for a source router.

The emote source configuration is not applicable when routable LI encapsulation is being used on the mirror source router. The remote source configuration is only used when a source router is sending mirrored traffic to a destination router via SDPs.

Two types of remote-source entries can be configured:

far end
spoke SDP

Certain remote source types are applicable with certain SDP types. For descriptions of the command usage in the mirror-dest context, see the far-end and spoke-sdp commands.

The no form of this command removes all remote-source entries.

Platforms

7705 SAR Gen 2

remote-v6-ip

Syntax

remote-v6-ip any

remote-v6-ipipv6-prefix/prefix-length

no remote-v6-ip

Context

[Tree] (config>service>vprn>ipsec>sec-plcy>entry remote-v6-ip)

[Tree] (config>router>ipsec>sec-plcy>entry remote-v6-ip)

Full Context

configure service vprn ipsec security-policy entry remote-v6-ip

configure router ipsec security-policy entry remote-v6-ip

Description

This command specifies the remote v6 prefix for the security-policy entry.

Parameters

ipv6-prefix/prefix-length

Specifies the local v6 prefix and length.

Values


ipv6-address/prefix: ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D
	host bits must be 0
	:: not allowed
	prefix-length [1 to 28]

any: A keyword to specify that any address can be used.

Platforms

7705 SAR Gen 2

remote-ve-name

Syntax

[no] remote-ve-name name

Context

[Tree] (config>service>epipe>bgp-vpws remote-ve-name)

Full Context

configure service epipe bgp-vpws remote-ve-name

Description

This command creates or edits a remote-ve-name. A single remote-ve-name can be created per BGP VPWS instance if the service is single-homed or uses a single pseudowire to connect to a pair of dual-homed systems. When the service requires active/standby pseudowires to be created to remote dual-homed systems then two remote-ve-names must be configured.

This context defines the remote PE to which a pseudowire will be signaled.

remote-ve-name commands can be added even if bgp-vpws is not shutdown.

The no form of this command removes the configured remote-ve-name from the bgp vpws node. It can be used when the BGP VPWS status is either shutdown or "no shutdown”.

Parameters

name: Specifies a site name up to 32 characters in length.

Platforms

7705 SAR Gen 2

remove

Syntax

[no] remove

Context

[Tree] (config>service>vprn>bgp>attribute-set remove)

Full Context

configure service vprn bgp attribute-set remove

Description

This command configures BGP to ignore and silently discard ATTR_SETs in BGP routes received from PE-CE peers of the VPRN. The discarded ATTR_SETs do not affect BGP best-path selection in the VPRN, and they do not appear in the VPN-IP routes that result from the VRF export of the BGP routes. Nokia recommends enabling this command in most deployments.

The no form of this command configures BGP to ignore ATTR_SETs in BGP routes received from PE-CE peers of the VPRN without discarding them. This allows the ATTR_SETs to propagate between CE devices connected to the VPRN and to other PE devices when the BGP routes are exported as VPN-IP routes.

Note: If the configuration of this command is changed, ROUTE_REFRESH messages are sent to all PE-CE peers of the VPRN.

Default

no remove

Platforms

7705 SAR Gen 2

remove-private

Syntax

remove-private [limited] [skip-peer-as] [replace]

no remove-private

Context

[Tree] (config>service>vprn>bgp>group remove-private)

[Tree] (config>service>vprn>bgp>group>neighbor remove-private)

[Tree] (config>service>vprn>bgp remove-private)

Full Context

configure service vprn bgp group remove-private

configure service vprn bgp group neighbor remove-private

configure service vprn bgp remove-private

Description

When this command is configured private AS numbers are removed or replaced when they are found inside the AS path of BGP routes advertised to peers within the scope of the command.

The set of AS numbers that are defined by IANA as private are in the range of 64512 to 65534, and 4200000000 to 4294967294, inclusive. In SR OS, this command also removes ASN 65535 and ASN 4294967295, which are reserved values.

The no form of this command (at the BGP instance level) implements the default behavior, private AS numbers are allowed without restriction or modification in routes advertised to peers.

Default

no remove-private

Parameters

limited: This keyword instructs BGP to process private ASNs only up to the first public ASN encountered. Private ASNs beyond that first public AS will not be stripped or replaced.

skip-peer-as: This keyword instructs BGP to not strip or replace a private ASN from the AS-Path if that ASN is the same as the BGP peer AS number.

replace: When this keyword is configured, private ASNs are not stripped. Each occurrence is replaced by the ASN of the advertising BGP router (the ASN the router advertised to its peer in its OPEN message). When the replace keyword is not configured, private ASNs are stripped, subject to influence by the other keyword options. This generally results in a shortening of AS_PATH length.

Platforms

7705 SAR Gen 2

remove-private

Syntax

remove-private [limited] [skip-peer-as] [replace]

no remove-private

Context

[Tree] (config>router>bgp remove-private)

[Tree] (config>router>bgp>group remove-private)

[Tree] (config>router>bgp>group>neighbor remove-private)

Full Context

configure router bgp remove-private

configure router bgp group remove-private

configure router bgp group neighbor remove-private

Description

When this command is configured private AS numbers are removed or replaced when they are found inside the AS path of BGP routes advertised to peers within the scope of the command.

The set of AS numbers that are defined by IANA as private are in the range of 64512 to 65534, and 4200000000 to 4294967294, inclusive. In SR OS, this command also removes ASN 65535 and ASN 4294967295, which are reserved values.

The no form of this command (at the BGP instance level) implements the default behavior, private AS numbers are allowed without restriction or modification in routes advertised to peers.

Default

no remove-private

Parameters

limited: This keyword instructs BGP to process private ASNs only up to the first public ASN encountered. Private ASNs beyond that first public AS will not be stripped or replaced.

skip-peer-as: This keyword instructs BGP to not strip or replace a private ASN from the AS-Path if that ASN is the same as the BGP peer AS number.

replace: When this keyword is configured, private ASNs are not stripped. Each occurrence is replaced by the ASN of the advertising BGP router (the ASN the router advertised to its peer in its OPEN message). When the replace keyword is not configured, private ASNs are stripped, subject to influence by the other keyword options. This generally results in a shortening of AS_PATH length.

Platforms

7705 SAR Gen 2

renew

Syntax

renew est-profile name cert cert-filename key key-filename [hash-alg hash-algorithm] output output-cert-filename [validate-cert-chain] [force]

Context

[Tree] (admin>certificate>est renew)

Full Context

admin certificate est renew

Description

This command renews an imported certificate (specified by the cert cert-filename) with a Certificate Authority (CA) using the EST protocol specified by the est-profile name, with an imported private key specified the key parameter. The key can be either the key of the certificate to be renewed or a new key.

The authentication between system and EST server is specified by the est-profile.

The hash-alg hash-alorithm parameter is used to generate the CSR (Certificate Signing Request) in the EST request message.

Parameters

name: Specifies EST profile name, up to 32 characters

cert-filename: Specifies the certificate file name, up to 95 characters

key-filename: Specifies the file name of a key, up to 95 characters

hash-algorithm

Specifies the hash algorithm to be used in a certificate request.

Values: sha1, sha224, sha256, sha384, sha512

output-cert-filename: Specifies the output cert file name, up to 200 characters

validate-cert-chain: Specifies that the the system validates the certificate chain of the result certificate before importing it

force: Specifies the system to overwrite the existing file with same output output-cert-filename

Platforms

7705 SAR Gen 2

renew-timer

Syntax

renew-timer [days days] [hrs hours] [min minutes] [sec seconds]

no renew-timer

Context

[Tree] (config>router>dhcp6>server>pool>prefix renew-timer)

[Tree] (config>service>vprn>dhcp6>server>pool>prefix renew-timer)

Full Context

configure router dhcp6 local-dhcp-server pool prefix renew-timer

configure service vprn dhcp6 local-dhcp-server pool prefix renew-timer

Description

This command configures the lease renew time (T1) via LUDB.

The T1 is the time at which the client contacts the addressing authority to extend the lifetimes of the DHCPv6 leases (addresses or prefixes). T1 is a time duration relative to the current time expressed in units of seconds.

The IP addressing authority controls the time at which the client contacts the addressing authority to extend the lifetimes on assigned addresses through the T1 and T2 parameters assigned to an IA. At time T1 for an IA, the client initiates a Renew/Reply message exchange to extend the lifetimes on any addresses in the IA. The client includes an IA option with all addresses currently assigned to the IA in its Renew message. Recommended values for T1 and T2 are .5 and .8 times the shortest preferred lifetime of the addresses in the IA that the addressing authority is willing to extend, respectively.

The configured renew timer should always be smaller than or equal to the rebind timer.

The T1 and T2 are carried in the IPv6 address option that is within the IA.

The no form of this command reverts to the default.

Default

renew-timer min 30

Parameters

renew-timer

Specifies the preferred lifetime.

Values


days days	0 to 7
hrs hours	0 to 23
min minutes	0 to 59
sec seconds	0 to 59

Platforms

7705 SAR Gen 2

renum

Syntax

renum old-entry-id new-entry-id

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria renum)

[Tree] (config>qos>sap-ingress>mac-criteria renum)

[Tree] (config>qos>sap-egress>ip-criteria renum)

[Tree] (config>qos>sap-egress>ipv6-criteria renum)

[Tree] (config>qos>sap-ingress>ip-criteria renum)

Full Context

configure qos sap-ingress ipv6-criteria renum

configure qos sap-ingress mac-criteria renum

configure qos sap-egress ip-criteria renum

configure qos sap-egress ipv6-criteria renum

configure qos sap-ingress ip-criteria renum

Description

This command renumbers existing QoS policy criteria entries to properly sequence policy entries.

This can be required in some cases since the router exits when the first match is found and executes the actions in accordance with the accompanying action command. This requires that entries be sequenced correctly from most to least explicit.

Parameters

old-entry-id

Enter the entry number of an existing entry.

Values: 1 to 65535

new-entry-id

Enter the new entry number to be assigned to the old entry.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

renum

Syntax

renum old-entry-number new-entry-number

Context

[Tree] (config>qos>network>egress>ipv6-criteria renum)

[Tree] (config>qos>network>ingress>ip-criteria renum)

[Tree] (config>qos>network>ingress>ipv6-criteria renum)

[Tree] (config>qos>network>egress>ip-criteria renum)

Full Context

configure qos network egress ipv6-criteria renum

configure qos network ingress ip-criteria renum

configure qos network ingress ipv6-criteria renum

configure qos network egress ip-criteria renum

Description

This command renumbers existing QoS policy criteria entries to properly sequence policy entries.

This can be required in some cases since the router exits when the first match is found and executes the actions in accordance with the accompanying action command. This requires that entries be sequenced correctly from most to least explicit.

Parameters

old-entry-number

Enter the entry number of an existing entry.

Values: 1 to 65535

new-entry-number

Enter the new entry number to be assigned to the old entry.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

renum

Syntax

renum old-entry-id new-entry-id

Context

[Tree] (config>filter>ip-filter renum)

[Tree] (config>filter>ipv6-exception renum)

[Tree] (config>filter>ip-exception renum)

[Tree] (config>filter>ipv6-filter renum)

Full Context

configure filter ip-filter renum

configure filter ipv6-exception renum

configure filter ip-exception renum

configure filter ipv6-filter renum

Description

This command renumbers existing MAC, IPv4/IPv6, IP exception filter, or IPv6 exception filter entries to properly sequence filter entries.

This may be required in some cases since the OS exits when the first match is found and executes the actions according to the accompanying action command. This requires that entries be sequenced correctly from most to least explicit.

Parameters

old-entry-id

Specifies the entry number of an existing entry, as a decimal integer.

Values: 1 to 2097151

new-entry-id

Specifies the new entry-number to be assigned to the old entry, as a decimal integer.

Values: 1 to 2097151

Platforms

7705 SAR Gen 2

renum

Syntax

renum old-entry-number new-entry-number

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter renum)

[Tree] (config>system>security>mgmt-access-filter>mac-filter renum)

[Tree] (config>system>security>mgmt-access-filter>ip-filter renum)

Full Context

configure system security management-access-filter ipv6-filter renum

configure system security management-access-filter mac-filter renum

configure system security management-access-filter ip-filter renum

Description

This command renumbers existing management access filter entries for an IP(v4), IPv6, or MAC filter to re-sequence filter entries.

The exits on the first match found and executes the actions in accordance with the accompanying action command. This may require some entries to be re-numbered differently from most to least explicit.

Parameters

old-entry-number

Specifies the entry number of the existing entry.

Values: 1 to 9999

new-entry-number

Specifies the new entry number that will replace the old entry number.

Values: 1 to 9999

Platforms

7705 SAR Gen 2

renum

Syntax

renum old-entry-number new-entry-number

Context

[Tree] (config>system>security>profile renum)

Full Context

configure system security profile renum

Description

This command renumbers profile entries to re-sequence the entries.

Since the OS exits when the first match is found and executes the actions according to accompanying action command, re-numbering is useful to rearrange the entries from most explicit to least explicit.

Parameters

old-entry-number

Enter the entry number of an existing entry.

Values: 1 to 9999

new-entry-number

Enter the new entry number.

Values: 1 to 9999

Platforms

7705 SAR Gen 2