p Commands

p2mp

p2mp

Syntax

p2mp {enable | disable}

Context

[Tree] (config>router>ldp>session-params>peer>fec-type-capability p2mp)

Full Context

configure router ldp session-parameters peer fec-type-capability p2mp

Description

This command enables or disables P2MP FEC capability for the session.

Platforms

All

p2mp-candidate-path

p2mp-candidate-path

Syntax

[no] p2mp-candidate-path candidate-path-name

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy p2mp-candidate-path)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path

Description

This command configures a candidate path in the P2MP policy entry for the P2MP SR tree.

A P2MP SR policy can contain multiple candidate paths, which are redundant trees. Each candidate path represents a P2MP SR tree with its own traffic engineering constraints. Each candidate path has its own preference; the candidate path with the highest preference is the active P2MP SR tunnel.

The no form of this command removes the specified candidate path from the P2MP SR policy.

Parameters

candidate-path-name

Specifies the name of the candidate path, up to 32 characters.

Platforms

All

p2mp-id

p2mp-id

Syntax

p2mp-id id

Context

[Tree] (config>router>mpls>lsp p2mp-id)

Full Context

configure router mpls lsp p2mp-id

Description

This command configures the identifier of an RSVP P2MP LSP. An RSVP P2MP LSP is fully identified by the combination of: <P2MP ID, tunnel ID, extended tunnel ID> part of the P2MP session object, and <tunnel sender address, LSP ID> fields in the p2mp sender_template object.

The p2mp-id is a 32-bit identifier used in the session object that remains constant over the life of the P2MP tunnel. It is unique within the scope of the ingress LER.

The no form restores the default value of this parameter.

This command is not supported on the 7450 ESS.

Default

0

Parameters

id

Specifies a P2MP identifier.

Values

0 to 65535

Platforms

All

p2mp-ipv4

p2mp-ipv4

Syntax

p2mp {enable | disable}

Context

[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability p2mp-ipv4)

[Tree] (config>router>ldp>session-params>peer>fec-cap p2mp-ipv4)

[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability p2mp-ipv4)

Full Context

configure router ldp interface-parameters interface ipv4 fec-type-capability p2mp-ipv4

configure router ldp session-parameters peer fec-type-capability p2mp-ipv4

configure router ldp interface-parameters interface ipv6 fec-type-capability p2mp-ipv4

Description

This command enables or disables IPv4 P2MP FEC capability on the interface.

The config>router>ldp>if-params>if>ipv6>fec-type-capability>p2mp-ipv4 command is not supported on the 7450 ESS.

Platforms

All

p2mp-ipv6

p2mp-ipv6

Syntax

p2mp {enable | disable}

Context

[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability p2mp-ipv6)

[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability p2mp-ipv6)

[Tree] (config>router>ldp>session-params>peer>fec-cap p2mp-ipv6)

Full Context

configure router ldp interface-parameters interface ipv4 fec-type-capability p2mp-ipv6

configure router ldp interface-parameters interface ipv6 fec-type-capability p2mp-ipv6

configure router ldp session-parameters peer fec-type-capability p2mp-ipv6-address

Description

This command enables or disables IPv6 P2MP FEC capability on the interface.

This command is not supported on the 7450 ESS.

Platforms

All

p2mp-ldp-tree-join

p2mp-ldp-tree-join

Syntax

p2mp-ldp-tree-join

p2mp-ldp-tree-join ipv4

p2mp-ldp-tree-join ipv6

p2mp-ldp-tree-join ipv4 ipv6

no p2mp-ldp-tree-join [ipv4] [ipv6]

Context

[Tree] (config>service>vprn>pim>if p2mp-ldp-tree-join)

Full Context

configure service vprn pim interface p2mp-ldp-tree-join

Description

This command configures the option to join P2MP LDP tree toward the multicast source for the VPRN service. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join P2MP LDP LSP using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is setup toward the multicast source. Route to source of the multicast node is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.

The no form of command disables joining P2MP LDP tree for IPv4 or IPv6 or both (if both or none is specified).

Default

no p2mp-ldp-tree-join

Parameters

ipv4

Enables dynamic mLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled; see ipv4-multicast-disable. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.

ipv6

Enables dynamic mLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled; see ipv6-multicast-disable.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

p2mp-ldp-tree-join

Syntax

[no] p2mp-ldp-tree-join [ipv4] [ipv6]

Context

[Tree] (config>router>pim>interface p2mp-ldp-tree-join)

Full Context

configure router pim interface p2mp-ldp-tree-join

Description

This command configures the option to join the P2MP LDP tree toward the multicast source. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join the P2MP LDP LSP, using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is set up toward the multicast source. The route to the multicast node source is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.

The no form of this command disables joining the P2MP LDP tree for IPv4 or IPv6 or for both (if both or none is specified).

Default

no p2mp-ldp-tree-join

Parameters

ipv4

Enables dynamic MLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.

ipv6

Enables dynamic MLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

p2mp-lsp-ping

p2mp-lsp-ping

Syntax

p2mp-lsp-ping lsp-name [p2mp-instance instance-name [s2l-dest-address ipv4-address [ipv4-address (...up to 5 max)]] [ttl label-ttl]

p2mp-lsp-ping ldp p2mp-identifier [vpn-recursive-fec] [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]

p2mp-lsp-ping ldp-ssm source ip-address group ip-address [{router router-instance | service-name service-name}] [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]

p2mp-lsp-ping p2mp-policy root-address ipv4-address root-tree-id tree-id [{instance-id instance-id [sender-addr ipv4-address] [leaf-addr ipv4-address (...up to 5 max)]

NOTE: Options common to all p2mp-lsp-ping cases: [ fc fc-name [profile {in | out}]] [size octets] [timeout timeout] [detail]

Context

[Tree] (oam p2mp-lsp-ping)

Full Context

oam p2mp-lsp-ping

Description

This command performs an in-band connectivity test for an RSVP P2MP LSP. The Echo Request message is sent on the active P2MP instance and replicated in the datapath over all branches of the P2MP LSP instance. By default, all egress LER nodes that are leaves of the P2MP LSP instance reply to the Echo Request message.

Use the LDP P2MP generic identifier, along with source IP address of the head-end node, to uniquely identify the LDP P2MP LSP in a 7750 SR or 7950 XRS network. Use the LDP p2mp-identifier mandatory parameter to test LSP ping. A user must use the LDP P2MP identifier specified to configure a tunnel interface on the head-end node as p2mp-identifier to test a specific LSP.

Use the P2MP-policy option, along with the root-address tree ID and instance ID to identify a tree SID candidate path and instance to send an in-band Echo Request to all the leaves and bud nodes on that P2MP policy tree.

To reduce the scope of the Echo Reply messages, explicitly enter a list of addresses for the egress LER nodes that are required to reply. A maximum of five addresses can be specified in a single run of the p2mp-lsp-ping command. An LER node can parse the list of egress LER addresses and, if its address is included in the list, send back an Echo Reply message.

The output of the command without the detail keyword provides a high-level summary of received error codes and success codes. The output of the command with the detail keyword shows a line for each replying node, as in the output of the LSP ping for a P2P LSP.

The display is delayed until all responses are received or the timer configured in the timeout parameter expires. No other CLI commands can be entered while waiting for the display. Entering A ^C aborts the ping operation.

Note: The p2mp-lsp-ping command is not supported in a VPLS/B-VPLS PMSI context.

The timestamp format to be sent, and to be expected when received in a PDU, is as configured by the configure test-oam mpls-time-stamp-format command. If RFC 4379 (obsoleted by RFC 8029) is selected, the timestamp is in seconds and microseconds since 1900; otherwise, it is in seconds and microseconds since 1970.

Parameters

detail

Displays detailed P2MP LSP information.

fc-name

Specifies the fc and profile parameters used to indicate the forwarding class and profile of the MPLS echo request packet.

When an MPLS echo request packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the specified FC and profile parameter values. The marking of the EXP of the packet is dictated by the LSP-EXP mappings on the outgoing interface.

When the MPLS echo request packet is received on the responding node, the fc and profile parameter values are dictated by the LSP-EXP mappings of the incoming interface.

When an MPLS echo reply packet is generated in CPM and forwarded to the outgoing interface, the packet is queued in an egress network queue. This queue is selected according to the fc and profile parameter values determined by the classification of the echo request packet that is being replied to at the incoming interface. The marking of the EXP of the packet is dictated by the LSP-EXP mappings on the outgoing interface. The ToS byte is not modified. The following table describes this behavior.

Table 1. p2mp-lsp-ping Request Packet and Behavior

Request Packet

Behavior

CPM (sender node)

Echo request packet:

  • packet {tos=1, fc1, profile1}

  • fc1 and profile1 are as entered by the user in the OAM command or default values

  • tos1 as per mapping of {fc1, profile1} to IP precedence in network egress QoS policy of outgoing interface

Outgoing interface (sender node)

Echo request packet:

  • packet queued as {fc1, profile1}

  • ToS field=tos1 not remarked

  • EXP=exp1, as per mapping of {fc1, profile1} to EXP in network egress QoS policy of outgoing interface

Incoming interface (responder node)

Echo request packet:

  • packet {tos1, exp1}

  • exp1 mapped to {fc2, profile2} as per classification in network QoS policy of incoming interface

CPM (responder node)

Echo reply packet:

  • packet {tos=1, fc2, profile2}

Outgoing interface (responder node)

Echo reply packet:

  • packet queued as {fc2, profile2}

  • ToS filed= tos1 not remarked (reply inband or out-of-band)

  • EXP=exp2, if reply is inband, remarked as per mapping of {fc2, profile2} to EXP in network egress QoS policy of outgoing interface

Incoming interface (sender node)

Echo reply packet:

  • packet {tos1, exp2}

  • exp2 mapped to {fc1, profile1} as per classification in network QoS policy of incoming interface

Values

be, l2, af, l1, h2, ef, h1, nc

Default

be

instance-id
Specifies the path instance ID on the root.
instance-name

Specifies the name, up to 32 characters, of the specific instance of the P2MP LSP to send the echo request.

label-ttl

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 255

Default

255

leaf-addr ipv4-address

Specifies up to five egress LER system addresses that are required to reply to the LSP ping Echo Request message as defined in RFC 6425 (applies to the 7750 SR and 7950 XRS only).

Values

ipv4-address: a.b.c.d

lsp-name

Specifies the name, up to 64 characters, that identifies an P2MP LSP to ping.

ldp-ssm

Specifies a specific multicast stream to be tested when using dynamic multicast in mLDP. The source and group addresses correspond to the <S,G> being advertised by this mLDP FEC.

Values

source

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0t o 255]D

group

mcast-address

mcast-v6-address

router

router-name

Base | management

Default - Base

service-id

[1 to 2147483647]

service-name

up to 64 characters

sender-addr

ipv4-address

a.b.c.d

leaf-addr

ipv4-address

a.b.c.d

p2mp-identifier

Specifies the identifier for an LDP P2MP LSP to ping (applies to the 7750 SR and 7950 XRS only).

Values

1 to 4294967295

profile {in | out}

Specifies the profile of the LSP ping Echo Request message.

Default

out

octets

Specifies the size of the MPLS echo request packet in octets, expressed as a decimal integer, including the IP header but not the label stack. The request payload is padded with zeros to the specified size.

Note: An OAM command is not failed if the user enters a size lower than the minimum required to build the packet for the Echo Request message. The payload is automatically padded to meet the minimum size.
Values

1 to 9786

Default

1

root-address ipv4-address
Specifies the IPv4 identifier of the root.
Note: IPv6 is not supported.
root-tree-id tree-id
Specifies the tree identifier of the P2MP LSP on the root.
s2l-dest-addr ipv4-address

Specifies up to five egress LER system addresses that are required to reply to the LSP ping Echo Request message.

sender-addr ipv4-address
Specifies the IPv4 address used in the ICMP packet configured as the source IP of the UDP ICMP packet and used for the echo reply destination IP address (applies to the 7750 SR and 7950 XRS only).
Note: By default, the source IP address of the ICMP packet is set to the root address. When the sender address is set this source address is changed to the sender address.
timeout

Specifies the time, in seconds, that is used to override the default timeout value and is the amount of time that the router waits for an Echo Reply message from all leaves of the P2MP LSP after sending the message request message. After the expiration of the message time out, the requesting router no longer waits for reply messages. Any Echo Reply message received after the request times out is silently discarded.

Values

1 to 120

Default

10

vpn-recursive-fec

Specifies a VPN recursive FEC element to the launched packet (useful for pinging a VPN BGP inter-AS Option B leaf). This parameter issues an OAM p2mp-lsp-ping with RFC 6512 VPN recursive opaque FEC type 8.

See the "OAM” subsection of the "Label Distribution Protocol" chapter in the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for more information.

Platforms

All

p2mp-lsp-trace

p2mp-lsp-trace

Syntax

p2mp-lsp-trace lsp-name p2mp-instance instance-name s2l-dest-address ip-address [fc fc-name [profile {in | out}]] [size octets] [max-fail no-response-count] [probe-count probes-per-hop] [min-ttl min-label-ttl] [ max-ttl max-label-ttl] [timeout timeout] [interval interval] [detail]

Context

[Tree] (oam p2mp-lsp-trace)

Full Context

oam p2mp-lsp-trace

Description

This command discovers and displays the hop-by-hop path for a source-to-leaf (S2L) sub-LSP of an RSVP P2MP LSP.

The LSP trace capability allows the user to trace the path of a single S2L path of a P2MP LSP. Its operation is like p2mp-lsp-ping, but the sender of the echo reply request message includes the downstream mapping TLV to request the downstream branch information from a branch LSR or bud LSR. The branch LSR or bud LSR also includes the downstream mapping TLV to report the information about the downstream branches of the P2MP LSP. An egress LER does not include this TLV in the echo response message.

The parameter probe-count operates in the same way as in LSP Trace on a P2P LSP. It represents the maximum number of probes sent per TTL value before stops waiting for Echo Reply messages. If a response is received from the traced node before reaching maximum number of probes, then no more probes are sent for the same TTL. The sender of the echo request then increments the TTL and uses the information it received in the downstream mapping TLV to start sending probes to the node downstream of the last node which replied. This continues until the egress LER for the traced S2L path replies.

Like p2mp-lsp-ping, an LSP trace probe reports on all egress LER nodes that eventually receive the Echo Request message, but only the traced egress LER node replies to the last probe.

Any branch LSR node or bud LSR node in the P2MP LSP tree may receive a copy of the Echo Request message with the TTL in the outer label expiring at this node. However, only a branch LSR or bud LSR that has a downstream branch over which the traced egress LER is reachable responds.

When a branch LSR or bud LSR responds, it sets the global return code in the echo response message to RC=14 - "See DDMAP TLV for Return Code and Return Sub-Code” and the return code in the DDMAP TLV corresponding to the outgoing interface of the branch used by the traced S2L path to RC=8 - "Label switched at stack-depth <RSC>”. Note that p2mp-lsp-trace is not supported in a VPLS/B-VPLS PMSI context.

The timestamp format to be sent, and to be expected when received in a PDU, is as configured by the config>test-oam>mpls-time-stamp-format command. If RFC 4379 (obsoleted by RFC 8029) is selected, then the timestamp is in seconds and microseconds since 1900, otherwise it is in seconds and microseconds since 1970.

Parameters

lsp-name

Specifies the name that identifies an P2MP LSP, up to 64 characters, to ping.

instance-name

Specifies the name, up to 32 characters, of the specific instance of the P2MP LSP to send the echo request.

ip-address

Specifies the egress LER system address of the S2L sub-LSP path which is being traced.

Values

a.b.c.d

fc-name

Specifies the fc and profile parameters are used to indicate the forwarding class and profile of the MPLS echo request packet.

When an MPLS echo request packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in the egress network queue corresponding to the specified FC and profile parameter values. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface.

When the MPLS echo request packet is received on the responding node, the fc and profile parameter values are dictated by the LSP-EXP mappings of the incoming interface.

When an MPLS echo reply packet is generated in CPM and is forwarded to the outgoing interface, the packet is queued in an egress network queue. The egress network queue is selected according to the fc and profile parameter values determined by the classification of the echo request packet that is being replied to at the incoming interface. The marking of the packet's EXP is dictated by the LSP-EXP mappings on the outgoing interface. The ToS byte is not modified. p2mp-lsp-trace Request Packet and Behavior summarizes this behavior.

Table 2. p2mp-lsp-trace Request Packet and Behavior

Request Packet

Behavior

CPM (sender node)

Echo request packet:

  • packet {tos=1, fc1, profile1}

  • fc1 and profile1 are as entered by user in OAM command or default values

  • tos1 as per mapping of {fc1, profile1} to IP precedence in network egress QoS policy of outgoing interface

Outgoing interface (sender node)

Echo request packet:

  • packet queued as {fc1, profile1}

  • ToS field=tos1 not remarked

  • EXP=exp1, as per mapping of {fc1, profile1} to EXP in network egress QoS policy of outgoing interface

Incoming interface (responder node)

Echo request packet:

  • packet {tos1, exp1}

  • exp1 mapped to {fc2, profile2} as per classification in network QoS policy of incoming interface

CPM (responder node)

Echo reply packet:

  • packet {tos=1, fc2, profile2}

Outgoing interface (responder node)

Echo reply packet:

  • packet queued as {fc2, profile2}

  • ToS filed= tos1 not remarked (reply inband or out-of-band)

  • EXP=exp2, if reply is inband, remarked as per mapping of {fc2, profile2} to EXP in network egress QoS policy of outgoing interface

Incoming interface (sender node)

Echo reply packet:

  • packet{tos1, exp2}

  • exp2 mapped to {fc1, profile1} as per classification in network QoS policy of incoming interface

Values

be, l2, af, l1, h2, ef, h1, nc

Default

be

profile {in | out}

Specifies the profile of the LSP trace echo request message.

Default

out

octets

Specifies the size in octets, expressed as a decimal integer, of the MPLS echo request packet, including the IP header but not the label stack. The request payload is padded with zeros to the specified size. Note that an OAM command is not failed if the user enters a size lower than the minimum required to build the packet for the echo request message. The payload is automatically padded to meet the minimum size.

Values

1 to 9786

Default

1

no-response-count

Specifies the maximum number of consecutive MPLS echo requests, expressed as a decimal integer that do not receive a reply before the trace operation fails for a given TTL.

Values

1 to 10

Default

5

probes-per-hop

Specifies the number of LSP trace echo request messages to send per TTL value.

Values

1 to 10

Default

1

min-label-ttl

Specifies the minimum TTL value in the MPLS label for the LSP trace test, expressed as a decimal integer.

Values

1 to 255

Default

1

max-label-ttl

Specifies the maximum TTL value in the MPLS label for the LSP trace test, expressed as a decimal integer.

Values

1 to 255

Default

30

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for an echo reply message from all leaves of the P2MP LSP after sending the message request message. Upon the expiration of the message time out, the requesting router no longer waits for reply messages. Any echo reply message received after the request times out is silently discarded.

Values

1 to 60

Default

3

interval

Specifies the time, in seconds, used to override the default echo request message send interval and defines the minimum amount of time that must expire before the next echo request message is sent.

If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of an echo reply message corresponding to the outstanding message request.

Values

1 to 10

Default

1

Platforms

All

Output

The following output is an example of p2mp-lsp-trace information.

Output Example
*A:Dut-C# oam p2mp-lsp-trace "p2mp_1" p2mp-instance "1" s2l-dest-address 10.20.1.
10.20.1.4  10.20.1.5  10.20.1.6
*A:Dut-C# oam p2mp-lsp-trace "p2mp_1" p2mp-instance "1" s2l-dest-
address 10.20.1.5 detail
P2MP LSP p2mp_1: 132 bytes MPLS payload
P2MP Instance 1, S2L Egress 10.20.1.5

  1  10.20.1.1  rtt=3.78 ms rc=8(DSRtrMatchLabel)
     DS 1: ipaddr 10.20.1.2 iftype 'ipv4Unnumbered' ifaddr 2 MRU=1500 label=131060 
proto=4(RSVP-TE) B/E flags:0/0
  2  10.20.1.2  rtt=3.54 ms rc=8(DSRtrMatchLabel)
     DS 1: ipaddr 10.20.1.4 iftype 'ipv4Unnumbered' ifaddr 3 MRU=1500 label=131061 
proto=4(RSVP-TE) B/E flags:0/0
  3  10.20.1.5  rtt=5.30 ms rc=5(DSMappingMismatched)

Probe returned multiple responses. Result may be inconsistent.

*A:Dut-C#

p2mp-merge-point-abort-timer

p2mp-merge-point-abort-timer

Syntax

p2mp-merge-point-abort-timer seconds

no p2mp-merge-point-abort-timer

Context

[Tree] (config>router>rsvp p2mp-merge-point-abort-timer)

Full Context

configure router rsvp p2mp-merge-point-abort-timer

Description

This command configures a timer to abort Merge-Point (MP) node procedures for an S2L of a P2MP LSP instance. When a value higher than zero is configured for this timer, it enters into effect anytime this node activates Merge-Point procedures for one or more P2MP LSP S2L paths. As soon an ingress interface goes operationally down, the Merge-Point node starts the abort timer. Upon expiry of the timer, MPLS cleans up all P2MP LSP S2L paths which ILM is on the failed interface and which have not already received a Path refresh over the bypass LSP.

The no form of this command disables the timer.

Default

no p2mp-merge-point-abort-timer

Parameters

seconds

Specifies the length of the abort timer in seconds

Values

1 to 65535

Platforms

All

p2mp-policy

p2mp-policy

Syntax

[no] p2mp-policy policy-name

Context

[Tree] (config>router>p2mp-sr-tree p2mp-policy)

Full Context

configure router p2mp-sr-tree p2mp-policy

Description

This command creates a P2MP policy entry for the P2MP SR tree.

The no form of this command deletes the specified policy entry.

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

All

p2mp-policy

Syntax

[no] p2mp-policy

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive>p2mp-sr p2mp-policy)

[Tree] (config>service>vprn>mvpn>pt>selective>multistream-spmsi p2mp-policy)

[Tree] (config>service>vprn>mvpn>pt>selective>p2mp-sr p2mp-policy)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr p2mp-policy

configure service vprn mvpn provider-tunnel selective multistream-spmsi p2mp-policy

configure service vprn mvpn provider-tunnel selective p2mp-sr p2mp-policy

Description

This command enables a P2MP policy for the MVPN provider tunnel.

The no form of this command disables the P2MP policy.

Platforms

All

p2mp-resignal-timer

p2mp-resignal-timer

Syntax

p2mp-resignal-timer minutes

no p2mp-resignal-timer

Context

[Tree] (config>router>mpls p2mp-resignal-timer)

Full Context

configure router mpls p2mp-resignal-timer

Description

This command configures the re-signal timer for a P2MP LSP instance. MPLS requests CSPF to re-compute the whole set of S2L paths of a given active P2MP instance each time the P2MP re-signal timer expires. The P2MP re-signal timer is configured separately from the P2P LSP parameter. MPLS performs a global MBB and moves each S2L sub-LSP in the instance into its new path using a new P2MP LSP ID if the global MBB is successful, regardless of the cost of the new S2L path.

This command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

The no form of this command disables the timer-based re-signaling of P2MP LSPs on this system.

Parameters

minutes

Specifies the time MPLS waits before attempting to re-signal the P2MP LSP instance.

Values

60 to 10080

Platforms

All

p2mp-s2l-fast-retry

p2mp-s2l-fast-retry

Syntax

p2mp-s2-fast-retry seconds

no p2mp-s2l-fast-retry

Context

[Tree] (config>router>mpls p2mp-s2l-fast-retry)

[Tree] (config>router>rsvp p2mp-s2l-fast-retry)

Full Context

configure router mpls p2mp-s2l-fast-retry

configure router rsvp p2mp-s2l-fast-retry

Description

This command configures a global parameter to allow the user to apply a shorter retry timer for the first try after an active LSP path went down due to a local failure or the receipt of a ResvTear. This timer is used only in the first try. Subsequent retries will continue to be governed by the existing LSP level retry-timer.

The config>router>mpls>p2mp-s2l-fast-retry command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

The no form of this command disables the timer.

Default

no p2mp-s2l-fast-retry

Parameters

seconds

Specifies the length of time for retry timer, in seconds

Values

1 to 10 seconds

Platforms

All

p2mp-sr

p2mp-sr

Syntax

[no] p2mp-sr

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive p2mp-sr)

[Tree] (config>service>vprn>mvpn>pt>selective p2mp-sr)

Full Context

configure service vprn mvpn provider-tunnel inclusive p2mp-sr

configure service vprn mvpn provider-tunnel selective p2mp-sr

Description

This command enables P2MP SR for the MVPN provider tunnel.

The no form of this command disables P2MP SR.

Default

no p2mp-sr

Platforms

All

p2mp-sr-tree

p2mp-sr-tree

Syntax

[no] p2mp-sr-tree

Context

[Tree] (config>router p2mp-sr-tree)

Full Context

configure router p2mp-sr-tree

Description

Commands in this context configure P2MP SR parameters.

Default

no p2mp-sr-tree

Platforms

All

p2mp-template-lsp

p2mp-template-lsp

Syntax

[no] p2mp-template-lsp rsvp-session-name SessionNameString sender sender-address

Context

[Tree] (config>router>mpls>ingress-stats p2mp-template-lsp)

Full Context

configure router mpls ingress-statistics p2mp-template-lsp

Description

This command configures an ingress statistics context matching on the RSVP session name for a RSVP P2MP LSP at the egress LER.

This command is supported on the 7750 SR, 7950 XRS, and with VPLS only on the 7450 ESS.

When the ingress LER signals the path of the S2L sub-LSP, it includes the name of the LSP and that of the path in the Session Name field of the Session Attribute object in the Path message. The encoding is as follows:

Session Name: <lsp-name::path-name>, where lsp-name component is encoded as follows:

  • P2MP LSP through the user configuration for L3 multicast in global routing instance: "LspNameFromConfig”

  • P2MP LSP as I-PMSI or S-PMSI in L3 mVPN: templateName-SvcId-mTTmIndex

  • P2MP LSP as I-PMSI in VPLS/B-VPLS: templateName-SvcId-mTTmIndex

The ingress statistics CLI configuration allows the user to match either on the exact name of the P2MP LSP as configured at the ingress LER or on a context that matches on the template name and the service-id as configured at the ingress LER.

When the matching is performed on a context, the user must enter the RSVP session name string in the format "templateName-svcId” to include the LSP template name as well as the mVPN VPLS/B-VPLS service ID as configured at the ingress LER. In this case, one or more P2MP LSP instances signaled by the same ingress LER could be associated with the ingress statistics configuration and the user is provided with CLI parameter max-stats to limit the maximum number of stat indexes that can be assigned to this context. If the context matches more than this value, the additional request for stat indices from this context is rejected. A background tasks monitors the ingress statistics templates which have one or more matching LSP instances with unassigned stat index and assigns one to them as they are freed.

Note the following rules when configuring an ingress statistics context based on template matching:

  • max-stats, after allocated, can be increased but not decreased unless the entire ingress statistics context matching a template name is deleted.

  • To delete ingress statistics context matching a template name, a shutdown is required.

  • An accounting policy cannot be configured or de-configured until the ingress statistics context matching a template name is shut down.

  • After deleting an accounting policy from an ingress statistics context matching a template name, the policy is not removed from the log until a "no shut” is performed on the ingress statistics context.

If there are no stat indexes available at the time the session of the P2MP LSP matching a template context is signaled and the session state installed by the egress LER, no stats are allocated to the session.

Furthermore, the assignment of stat indexes to the LSP names that match the context will also be not deterministic. The latter is due to the fact that a stat index is assigned and released following the dynamics of the LSP creation or deletion by the ingress LER. For example, a multicast stream crosses the rate threshold and is moved to a newly signaled S-PMSI dedicated to this stream. Later on, the same steam crosses the threshold downwards and is moved back to the shared I-PMSI and the P2MP LSP corresponding to the S-PMSI is deleted by the ingress LER.

The no form deletes the ingress statistics context matching on the RSVP session name.

Parameters

rsvp-session-name SessionNameString

Specifies the name of the RSVP P2MP session in the format of "templateName-svcId”. This field can hold up to 64 characters.

sender sender-address

Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.

Platforms

All

p2mp-ttl-propagate

p2mp-ttl-propagate

Syntax

[no] p2mp-ttl-propagate

Context

[Tree] (config>router>mpls p2mp-ttl-propagate)

Full Context

configure router mpls p2mp-ttl-propagate

Description

This command configures the uniform mode of operation for RSVP P2MP LSPs.

The no form of this command configures the pipe mode of operation for P2MP LSPs.

When the mode of operation is modified, the new configuration applies to future P2MP LSPs only and the existing operational LSPs are not affected.

Default

p2mp-ttl-propagate

Platforms

All

p2p-active-path-fast-retry

p2p-active-path-fast-retry

Syntax

p2p-active-path-fast-retry seconds

no p2p-active-path-fast-retry

Context

[Tree] (config>router>mpls p2p-active-path-fast-retry)

Full Context

configure router mpls p2p-active-path-fast-retry

Description

This command configures a global parameter to allow the user to apply a shorter retry timer for the first try after an active LSP path went down due to a local failure or the receipt of a ResvTear. This timer is used only in the first try. Subsequent retries will continue to be governed by the existing LSP level retry-timer.

The no form of this command disables the timer.

Default

no p2p-active-path-fast-retry

Parameters

seconds

Specifies the length of time for retry timer, in seconds

Values

1 to 10 seconds

Platforms

All

p2p-merge-point-abort-timer

p2p-merge-point-abort-timer

Syntax

p2p-merge-point-abort-timer seconds

no p2p-merge-point-abort-timer

Context

[Tree] (config>router>rsvp p2p-merge-point-abort-timer)

Full Context

configure router rsvp p2p-merge-point-abort-timer

Description

This command configures a timer to abort Merge-Point (MP) node procedures for a P2P LSP path. When a value higher than zero is configured for this timer, it will enter into effect anytime this node activates Merge-Point procedures for one or more P2P LSP paths. As soon an ingress interface goes operationally down, the Merge-Point node starts the abort timer. Upon expiry of the timer, MPLS will clean up all P2P LSP paths which ILM is on the failed interface and which have not already received a Path refresh over the bypass LSP.

The no form of this command disables the timer.

Default

no p2p-merge-point-abort-timer

Parameters

seconds

Specifies the length of the abort timer in seconds

Values

1 to 65535

Platforms

All

p2p-template-lsp

p2p-template-lsp

Syntax

[no] p2p-template-lsp rsvp-session-name SessionNameString sender sender-address

Context

[Tree] (config>router>mpls>ingress-stats p2p-template-lsp)

Full Context

configure router mpls ingress-statistics p2p-template-lsp

Description

This command configures an ingress statistics context matching on the RSVP session name for a RSVP P2P auto-LSP at the egress LER.

When the ingress LER signals the path of a template based one-hop-p2p or mesh-p2p auto-lsp, it includes the name of the LSP and that of the path in the Session Name field of the Session Attribute object in the Path message. The encoding is as follows:

Session Name: lsp-name::path-name, where lsp-name component is encoded as follows:

P2MP LSP through the user configuration for Layer 3 multicast in global routing instance: "LspNameFromConfig”

  • P2MP LSP as I-PMSI or S-PMSI in L3 mVPN: templateName-SvcId-mTTmIndex

  • P2MP LSP as I-PMSI in VPLS/B-VPLS: templateName-SvcId-mTTmIndex.

The ingress statistics CLI configuration allows the user to match either on the exact name of the P2P auto-LSP or on a context that matches on the template name and the destination of the LSP at the ingress LER.

When the matching is performed on a context, the user must enter the RSVP session name string in the format "templateName-svcId” to include the LSP template name as well as the mVPN VPLS/B-VPLS service ID as configured at the ingress LER. In this case, one or more P2MP LSP instances signaled by the same ingress LER could be associated with the ingress statistics configuration. The user is provided with CLI parameter max-stats to limit the maximum number of stat indices which can be assigned to this context. If the context matches more than this value, the additional request for stat indices from this context is rejected.

Note the following rules when configuring an ingress statistics context based on template matching:

  • max-stats, once allocated, can be increased but not decreased unless the entire ingress statistics context matching a template name is deleted.

  • To delete ingress statistics context matching a template name, a shutdown is required.

  • An accounting policy cannot be configured or de-configured until the ingress statistics context matching a template name is shut down.

  • After deleting an accounting policy from an ingress statistics context matching a template name, the policy is not removed from the log until a no shut is performed on the ingress statistics context.

If there are no stat indexes available at the time the session of the P2P LSP matching a template context is signaled and the session state installed by the egress LER, no stats are allocated to the session.

Furthermore, the assignment of stat indexes to the LSP names that match the context is not deterministic. The latter is because a stat index is assigned and released following the dynamics of the LSP creation or deletion by the ingress LER. For example, a multicast stream crosses the rate threshold and is moved to a newly signaled S-PMSI dedicated to this stream. Later on, the same steam crosses the threshold downwards and is moved back to the shared I-PMSI and the P2MP LSP corresponding to the S-PMSI is deleted by the ingress LER.

The no form deletes the ingress statistics context matching on the RSVP session name.

Parameters

rsvp-session-name SessionNameString

Specifies the name of the RSVP P2MP session in the format of "templateName-svcId”. This field can hold up to 64 characters.

sender sender-address

Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.

Platforms

All

packet

packet

Syntax

packet detail-level {high | low}

packet mode {all | dropped}

no packet

Context

[Tree] (debug>gtp packet)

Full Context

debug gtp packet

Description

This command enables debugging of GTP packets sent or received by the system’s control plane.

The no form of this command disables debugging of GTP packets.

Parameters

detail-level {high | low}

Specifies how much detail is to be displayed when debugging a GTP packet.

Values

high

Specifies to display and decode all data in the packet.

low

Specifies to display and decode only the most important data.

Default

low

mode {all | dropped}

Specifies which packets is debugged.

Values

all

Specifies to debug all packets.

dropped

Specifies to debug only dropped packets.

Default

dropped

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

[no] packet

Context

[Tree] (debug>router>l2tp packet)

[Tree] (debug>router>l2tp>group packet)

[Tree] (debug>router>l2tp>peer packet)

[Tree] (debug>router>l2tp>assignment-id packet)

Full Context

debug router l2tp packet

debug router l2tp group packet

debug router l2tp peer packet

debug router l2tp assignment-id packet

Description

This command enables packet debugging.

The no form of this command disables packet debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

[no] packet

Context

[Tree] (debug>service>id>ppp packet)

Full Context

debug service id ppp packet

Description

This command enables debugging for specific PPPoE packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

[no] packet

Context

[Tree] (debug>router>wpp>portal packet)

[Tree] (debug>router>wpp packet)

Full Context

debug router wpp portal packet

debug router wpp packet

Description

This command enables WPP packet debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

packet jitter-buffer milliseconds [payload-size bytes]

packet payload-size bytes

no packet

Context

[Tree] (config>service>cpipe>sap>cem packet)

[Tree] (config>service>epipe>sap>cem packet)

Full Context

configure service cpipe sap cem packet

configure service epipe sap cem packet

Description

This command specifies the jitter buffer size, in milliseconds, and payload size, in bytes.

Default

The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots as shown in Packet CEM SAP Endpoint Types.

Table 3. Packet CEM SAP Endpoint Types

Endpoint Type

Timeslots

Default Jitter Buffer (in ms)

unstructuredE1

5

unstructuredT1

5

nxDS0 (E1/T1)

32

N = 1

16

N = 2 to 4

8

N = 5 to 15

5

nxDS0WithCas (E1)

N

8

nxDS0WithCas (T1)

N

12

Parameters

milliseconds

Specifies the jitter buffer size in milliseconds (ms).

Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffers is not allowed. Setting the jitter butter value to 0 sets it back to the default value.

Values

1 to 250

payload-size bytes

Specifies the payload size (in bytes) of packets transmitted to the packet service network (PSN) by the CEM SAP. This determines the size of the data that will be transmitted over the service. If the size of the data received is not consistent with the payload size then the packet is considered malformed.

Values

0 | 16 to 2048

Default

The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots as shown in CEM SAP Endpoint Types.

Table 4. CEM SAP Endpoint Types

Endpoint Type

Timeslots

Default Payload Size (in bytes)

unstructuredE1

256

unstructuredT1

192

nxDS0 (E1/T1)

N = 1

64

N = 2 to 4

N x 32

N = 5 to 15

N x 16

N >= 16

N x 8

nxDS0WithCas (E1)

N

N x 16

nxDS0WithCas (T1)

N

N x 24

For all endpoint types except for nxDS0WithCas, the valid payload size range is from the default to 2048 bytes.

For nxDS0WithCas, the payload size divide by the number of timeslots must be an integer factor of the number of frames per trunk multi-frame (for example, 16 for E1 trunk and 24 for T1 trunk).

For 1xDS0, the payload size must be a multiple of 2.

For NxDS0, where N > 1, the payload size must be a multiple of the number of timeslots.

For unstructuredE1 and unstructuredT1, the payload size must be a multiple of 32 bytes.

Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffer is not allowed.

Setting the payload size to 0 sets it back to the default value.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap cem packet

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

  • configure service epipe sap cem packet

packet

Syntax

packet [hello | jp]

packet [hello | jp] evpn-mpls

packet [hello | jp] [ sap sap-id]

packet [hello | jp] [ sdp sdp-id:vc-id]

packet [hello | jp] vxlan vtep ip-address vni vni-id

no packet

Context

[Tree] (debug>service>id>pim-snooping packet)

Full Context

debug service id pim-snooping packet

Description

This command enables or disables debugging for PIM packets.

Parameters

hello | jp

PIM packet types

sap-id

Debugs packets associated with the specified SAP

sdp-id:vc-id

Debugs packets associated with the specified SDP

evpn-mpls

Debugs PIM snooping statistics for EVPN-MPLS destinations

Platforms

All

packet

Syntax

packet [query | v1-report | v2-report | v3-report | v2-leave] [ip-int-name | ip-address] [ mode {dropped-only | ingr-and-dropped | egr-ingr-and-dropped}]

packet [query | v1-report | v2-report | v3-report | v2-leave] [mode { dropped-only | ingr-and-dropped | egr-ingr-and-dropped}] group-interface ip-int-name

packet [query | v1-report | v2-report | v3-report | v2-leave] host ip-address [mode {dropped-only | ingr-and-dropped | egr-ingr-and-dropped}]

no packet [query | v1-report | v2-report | v3-report | v2-leave] [ip-int-name | ip-address]

no packet [query | v1-report | v2-report | v3-report | v2-leave] group-interface ip-int-name

no packet [query | v1-report | v2-report | v3-report | v2-leave] host ip-address

Context

[Tree] (debug>router>igmp packet)

Full Context

debug router igmp packet

Description

This command enables/disables debugging for IGMP packets.

Parameters

query

Specifies to log the IGMP group- and source-specific queries transmitted and received on this interface.

v1-report

Specifies to debug IGMP V1 reports transmitted and received on this interface.

v2-report

Specifies to debug IGMP V2 reports transmitted and received on this interface.

v3-report

Specifies to debug IGMP V3 reports transmitted and received on this interface.

v2-leave

Specifies to debug the IGMP Leaves transmitted and received on this interface.

ip-int-name

Debugs the information associated with the specified IP interface name.

Values

IP interface address

ip-address

Debugs the information associated with the specified IP address.

Platforms

All

packet

Syntax

packet [detail]

no packet

Context

[Tree] (debug>router>ldp>if packet)

[Tree] (debug>router>ldp>peer packet)

Full Context

debug router ldp interface packet

debug router ldp peer packet

Description

This command enables debugging for specific LDP packets.

The no form of the command disables the debugging output.

Parameters

detail

Displays detailed information.

Platforms

All

packet

Syntax

[no] packet

Context

[Tree] (debug>router>rsvp packet)

Full Context

debug router rsvp packet

Description

Commands in this context debug packets.

Platforms

All

packet

Syntax

packet [pkt-type] [peer ip-address]

Context

[Tree] (debug>router>msdp packet)

Full Context

debug router msdp packet

Description

This command enables debugging for Multicast Source Discovery Protocol (MSDP) packets.

The no form of the command disables MSDP packet debugging.

Parameters

pkt-type

Debugs information associated with the specified packet type.

Values

keep-alive, source-active, sa-request, sa-response

ip-address

Debugs information associated with the specified peer IP address.

Platforms

All

packet

Syntax

packet [hello | register | register-stop | jp | bsr | assert | crp | mdt-tlv | auto-rp-announcement | auto-rp-mapping | graft | graft-ack] [ip-int-name | mt-int-name | int-ip-address | mpls-if-name] [family {ipv4 | ipv6}] [ send | receive]

no packet

Context

[Tree] (debug>router>pim packet)

Full Context

debug router pim packet

Description

This command enables debugging for PIM packets.

The no form of this command disables debugging for PIM packets.

Parameters

hello | register | register-stop | jp | bsr | assert | crp | mdt-tlv | auto-rp-announcement | auto-rp-mapping | graft | graft-ack

Specifies PIM packet types.

ip-int-name

Debugs the information associated with the specified IP interface name, up to 32 characters.

mt-int-name

Debugs the information associated with the specified VPRN ID and group address.

Values

vprn-id-mt-grp-ip-address

int-ip-address

Debugs the information associated with the specified IP address.

ipv4

Specifies to display IPv4 packets.

ipv6

Specifies to display IPv6 packets.

mpls-if-name

Debugs the information associated with the specified MPLS interface.

Values

mpls-if-index

receive

Specifies to display received packets.

send

Specifies to display sent packets.

family

Debugs database packet information.

Values

ipv4, ipv6

Platforms

All

packet

Syntax

packet jitter-buffer milliseconds [payload-size bytes]

packet payload-size bytes

no packet

Context

[Tree] (config>mirror>mirror-dest>sap>cem packet)

Full Context

configure mirror mirror-dest sap cem packet

Description

This command specifies the jitter buffer size, in milliseconds, and payload size, in bytes.

Default

The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots.

Table 5. Packet CEM SAP Endpoint Types

Endpoint Type

Timeslots

Default Jitter Buffer (in ms)

unstructuredE1

n/a

5

unstructuredT1

n/a

5

unstructuredE3

n/a

5

unstructuredT3

n/a

5

nxDS0 (E1/T1)

N = 1

32

N = 2 to 4

16

N = 5 to 15

8

N >= 16

5

nxDS0WithCas (E1)

N

8

nxDS0WithCas (T1)

N

12

Parameters

milliseconds

Specifies the jitter buffer size in milliseconds (ms).

Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffers is not allowed.

Setting the jitter butter value to 0 sets it back to the default value.

Values

1 — 250

bytes

Specifies the payload size (in bytes) of packets transmitted to the packet service network (PSN) by the CEM SAP. This determines the size of the data that will be transmitted over the service. If the size of the data received is not consistent with the payload size then the packet is considered malformed.

Default

The default value depends on the CEM SAP endpoint type, and if applicable, the number of timeslots.

Table 6. CEM SAP Endpoint Types

Endpoint Type

Timeslots

Default Payload Size (in bytes)

unstructuredE1

n/a

256

unstructuredT1

n/a

192

unstructuredE3

n/a

1024

unstructuredT3

n/a

1024

nxDS0 (E1/T1)

N = 1

64

N = 2 to 4

N x 32

N = 5 to 15

N x 16

N >= 16

N x 8

nxDS0WithCas (E1)

N

N x 16

nxDS0WithCas (T1)

N

N x 24

For all endpoint types except for nxDS0WithCas, the valid payload size range is from the default to 2048 bytes.

For nxDS0WithCas, the payload size divide by the number of timeslots must be an integer factor of the number of frames per trunk multiframe (for example, 16 for E1 trunk and 24 for T1 trunk).

For 1xDS0, the payload size must be a multiple of 2.

For NxDS0, where N > 1, the payload size must be a multiple of the number of timeslots.

For unstructuredE1, unstructuredT1, unstructuredE3 and unstructuredT3, the payload size must be a multiple of 32 bytes.

Configuring the payload size and jitter buffer to values that result in less than 2 packet buffers or greater than 32 packet buffer is not allowed.

Setting the payload size to 0 sets it back to the default value.

Values

16 to 2048

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

packet

Syntax

packet packet-number [create]

no packet packet-number

Context

[Tree] (debug>oam>build-packet packet)

Full Context

debug oam build-packet packet

Description

This command configures a packet to be launched by the OAM find-egress tool.

The no form of this command removes the packet number value.

Parameters

packet-number

Specifies a packet to be launched by the OAM find-egress tool.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

packet

Syntax

packet all

packet cfm-opcode opcode [opcode]

no packet

Context

[Tree] (debug>eth-cfm>mip packet)

[Tree] (debug>eth-cfm>mep packet)

Full Context

debug eth-cfm mip packet

debug eth-cfm mep packet

Description

This command defines the ETH-CFM opcodes of interest to be debugged.

The no form of this command stops packet debugging and the collection of PDUs.

Parameters

all

Specifies that debugging is enabled for all ETH-CFM packets.

opcode

Specifies a standard numerical reference or common three-letter acronym (TLA) that identifies the CFM PDU type. Up to five opcodes can be specified, and a combination of both numbers and TLAs can be used.

MEPs support all opcodes.

MIPs support 2 (LBR), 3 (LBM), 4 (LTR), and 5 (LTM).

Unknown or unsupported opcodes in TLA form are rejected. The applicable numerical opcode can be used instead. When numerical references are used, they are converted to a known TLA or left in numerical form if the TLA is unknown.

Re-entering the packet command overwrites the previous opcode entries for the MEP or MIP.

Values

MEP: 1 to 255 | common TLA

MIP: 2 to 5 | common TLA

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

packet

Syntax

packet [{ip-int-name | ip-address}] [headers] [ protocol-id]

no packet [{ip-int-name | ip-address}]

Context

[Tree] (debug>router>ip packet)

Full Context

debug router ip packet

Description

This command enables debugging for IP packets.

Parameters

ip-int-name

Only displays the interface information associated with the specified IP interface name.

Values

32 characters maximum

ip-address

Only displays the interface information associated with the specified IP address.

headers

Only displays information associated with the packet header.

protocol-id

Specifies the decimal value representing the IP protocol to debug. Well-known protocol numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the criteria.

Values

0 to 255 (values can be expressed in decimal, hexadecimal, or binary)

Platforms

All

packet

Syntax

[no] packet

Context

[Tree] (debug>router>pcp>pcp-server packet)

Full Context

debug router pcp pcp-server packet

Description

This command enables packet debugging.

The no form of this command disables packet debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

[no] packet [{query | request | response}]

Context

[Tree] (debug>router>mtrace packet)

Full Context

debug router mtrace packet

Description

This command enables debugging for mtrace packets.

Platforms

All

packet

Syntax

[no] packet [{query | request | reply}]

Context

[Tree] (debug>router>mtrace2 packet)

Full Context

debug router mtrace2 packet

Description

This command enables debugging for mtrace2 packets.

Platforms

All

packet

Syntax

[no] packet

Context

[Tree] (debug>router>rpki-session packet)

Full Context

debug router rpki-session packet

Description

This command enables debugging for specific RPKI packets.

The no form of this command disables debugging for specific RPKI packets.

Platforms

All

packet

Syntax

packet [packet-type] [ip-int-name | ip-address] [ detail]

Context

[Tree] (debug>router>isis packet)

Full Context

debug router isis packet

Description

This command enables debugging for IS-IS packets.

The no form of the command disables debugging.

Parameters

ip-address

When specified, only packets with the specified interface address are debugged.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

ip-int-name

When specified, only packets with the specified interface name are debugged.

packet-type

When specified, only packets of the specified type are debugged.

Values

ptop-hello | l1-hello | l2-hello | l1-psnp | l2-psnp | l1-csnp | l2-csnp | l1-lsp | l2-lsp

detail

All output is displayed in the detailed format.

Platforms

All

packet

Syntax

packet [packet-type] [interface-name] [ingress | egress] [detail]

packet [packet-type] [interface-name] [ingress | egress | drop] [ detail]

no packet

Context

[Tree] (debug>router>ospf3 packet)

[Tree] (debug>router>ospf packet)

Full Context

debug router ospf3 packet

debug router ospf packet

Description

This command enables debugging for OSPF packets.

Parameters

packet-type

Specifies the OSPF packet type to debug.

Values

hello, dbdescr, lsrequest, lsupdate, lsack

interface-name

Specifies the interface to debug, up to 32 characters.

ingress

Specifies to display ingress packets.

egress

Specifies to display egress packets.

drop

Specifies to display dropped packets.

Platforms

All

packet

Syntax

packet [high-detail] [dropped-only]

no packet

Context

[Tree] (debug>subscr-mgmt>pfcp packet)

Full Context

debug subscriber-mgmt pfcp packet

Description

This command debugs PFCP packets that are received or sent. The no form of this command disables any PFCP packet debugging.

Parameters

high-detail

Specifies to provide a full packet dump; without this parameter only basic packet information is provided.

dropped-only

Specifies to only debug dropped packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

packet

Syntax

packet packet-type [detail]

no packet packet-type

Context

[Tree] (debug>router>pcep>pcc packet)

[Tree] (debug>router>pcep>pcc>conn packet)

Full Context

debug router pcep pcc packet

debug router pcep pcc connection packet

Description

This command enables debugging for PCEP PCC or connection packets.

The no form of this command disables debugging.

Parameters

packet-type

Specifies only packets of the specified type are debugged.

Values

open | request | reply | notify | error | close | report | update | keepalive | pce-initiated

detail

Keyword used to specify detailed output.

Platforms

All

packet

Syntax

packet packet-type [detail]

no packet packet-type

Context

[Tree] (debug>router>pcep>pce>conn packet)

[Tree] (debug>router>pcep>pce packet)

Full Context

debug router pcep pce connection packet

debug router pcep pce packet

Description

This command enables debugging for PCEP PCE or connection packets.

The no form of this command disables debugging.

Parameters

packet-type

Specifies only packets of the specified type are debugged.

Values

open | request | reply | notify | error | close | report | update | keepalive | pce-initiated

detail

Keyword used to specify detailed output.

Platforms

VSR-NRC

packet-byte-offset

packet-byte-offset

Syntax

packet-byte-offset add bytes

packet-byte-offset subtract sub-bytes

no packet-byte-offset

Context

[Tree] (config>qos>sap-egress>dynamic-queue packet-byte-offset)

Full Context

configure qos sap-egress dynamic-queue packet-byte-offset

Description

This command configures the packet-byte offset the system uses to modify the size of the input packets handled by the queue, by adding or subtracting the specified number of bytes. This also applies to any charging statistics. The actual packet size is not modified, only the size used to determine the egress scheduling and profiling is changed.

Parameters

add bytes

Specifies the packet byte offset. The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet.

Values

0 to 31

Default 0
subtract bytes

Specifies the packet byte offset. The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

packet-byte-offset

Syntax

packet-byte-offset{add bytes | subtract bytes}

no packet-byte-offset

Context

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos>policer packet-byte-offset)

[Tree] (config>subscr-mgmt>sla-prof>egress>qos>policer packet-byte-offset)

Full Context

configure subscriber-mgmt sla-profile ingress qos policer packet-byte-offset

configure subscriber-mgmt sla-profile egress qos policer packet-byte-offset

Description

This command is used to modify the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.

When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.

The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured and the policer is managed by HQoS, however the offsets are applied to the statistics.

The no form of this command removes the per packet size modifications from the policer.

Parameters

add bytes

Specifies the packet byte offset. The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

0 to 31

subtract bytes

Specifies the packet byte offset. The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When b is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.

Note:

The minimum resulting packet size used by the system is 1 byte.

Values

ingress 1 to 32

egress: 1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>card>fp>ingress>access>qgrp>policer-over>plcr packet-byte-offset)

[Tree] (config>card>fp>ingress>network>qgrp>policer-over>plcr packet-byte-offset)

Full Context

configure card fp ingress access queue-group policer-override policer packet-byte-offset

configure card fp ingress network queue-group policer-override policer packet-byte-offset

Description

This command modifies the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.

When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.

The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied.

The no form of this command removes per packet size modifications from the policer.

Parameters

add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

1 to 31

sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When b is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet. Note that the minimum resulting packet size used by the system is 1 byte.

Values

0 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr packet-byte-offset)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr packet-byte-offset)

[Tree] (config>service>epipe>sap>ingress>policer-over>plcr packet-byte-offset)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr packet-byte-offset)

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr packet-byte-offset)

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr packet-byte-offset)

Full Context

configure service cpipe sap ingress policer-override policer packet-byte-offset

configure service epipe sap egress policer-override policer packet-byte-offset

configure service epipe sap ingress policer-override policer packet-byte-offset

configure service ipipe sap egress policer-override policer packet-byte-offset

configure service ipipe sap ingress policer-override policer packet-byte-offset

configure service cpipe sap egress policer-override policer packet-byte-offset

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured; however, the offsets are applied to the statistics.

The no packet-byte-offset command is used to restore the policer’s packet-byte-offset setting to the policy defined value.

Default

no packet-byte-offset

Parameters

add-bytes

Specifies the number of bytes that are added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

1 to 31

sub-bytes

Specifies the number of bytes that are subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-override policer packet-byte-offset
  • configure service cpipe sap egress policer-override policer packet-byte-offset

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap egress policer-override policer packet-byte-offset
  • configure service epipe sap ingress policer-override policer packet-byte-offset
  • configure service ipipe sap ingress policer-override policer packet-byte-offset
  • configure service epipe sap egress policer-override policer packet-byte-offset

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr packet-byte-offset)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr packet-byte-offset)

Full Context

configure service vpls sap ingress policer-override policer packet-byte-offset

configure service vpls sap egress policer-override policer packet-byte-offset

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.

The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.

Default

no packet-byte-offset

Parameters

add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

0 to 31

sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>service>ies>if>sap>egress>policer-override>plcr packet-byte-offset)

[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr packet-byte-offset)

Full Context

configure service ies interface sap egress policer-override policer packet-byte-offset

configure service ies interface sap ingress policer-override policer packet-byte-offset

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.

The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.

Default

no packet-byte-offset

Parameters

add add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

0 to 31

subtract sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

packet-byte-offset

Syntax

packet-byte-offset add add-bytes

packet-byte-offset subtract sub-bytes

no packet-byte-offset

Context

[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr packet-byte-offset)

[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr packet-byte-offset)

Full Context

configure service vprn interface sap egress policer-override policer packet-byte-offset

configure service vprn interface sap ingress policer-override policer packet-byte-offset

Description

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.

The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.

Default

no packet-byte-offset

Parameters

add add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

0 to 31

subtract sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub- bytes}

no packet-byte-offset

Context

[Tree] (config>qos>sap-ingress>policer packet-byte-offset)

[Tree] (config>qos>sap-ingress>dyn-policer packet-byte-offset)

[Tree] (config>qos>sap-egress>policer packet-byte-offset)

[Tree] (config>qos>sap-egress>dyn-policer packet-byte-offset)

Full Context

configure qos sap-ingress policer packet-byte-offset

configure qos sap-ingress dynamic-policer packet-byte-offset

configure qos sap-egress policer packet-byte-offset

configure qos sap-egress dynamic-policer packet-byte-offset

Description

This command is used to modify the size of each packet handled by the policer by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed. The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the policing metering and profiling throughput is affected by the offset as well as the stats associated with the policer.

When child policers are adding to or subtracting from the size of each packet, the parent policer’s min-thresh-separation value should also need to be modified by the same amount.

The policer’s packet-byte-offset defined in the QoS policy may be overridden on an sla-profile or SAP where the policy is applied. Packet byte offset settings are not included in the applied rate when (queue) frame-based accounting is configured and the policer is managed by HQoS; however, the offsets are applied to the statistics.

The no form of this command is used to remove per packet size modifications from the policer.

Parameters

add add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the policer for rate metering, profiling, and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.

Values

0 to 31

subtract sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling, and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet. The minimum resulting packet size used by the system is 1 byte.

Values

1 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-egress policer packet-byte-offset
  • configure qos sap-ingress policer packet-byte-offset

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure qos sap-ingress dynamic-policer packet-byte-offset
  • configure qos sap-egress dynamic-policer packet-byte-offset

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>qos>sap-ingress>queue packet-byte-offset)

Full Context

configure qos sap-ingress queue packet-byte-offset

Description

This command modifies the size of each packet handled by the queue by adding or subtracting the specified number of bytes. The actual packet size is not modified, only the size used to determine the ingress scheduling and profiling is changed. The packet-byte-offset command is an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the scheduling and profiling throughput is affected by the offset as well as the statistics (accounting) associated with the queue. The packet-byte-offset does not apply to drop statistics, received valid statistics, or the offered managed and unmanaged statistics used by Ingress Multicast Path Management.

The no form of this command removes per-packet size modifications from the queue.

Parameters

add-bytes

Specifies the number of bytes added to the size of each packet associated with the queue for scheduling, profiling, and accounting purposes. From the queue’s perspective, the packet size is increased by the amount specified.

Values

0 to 30, in increments of 2

sub-bytes

Specifies the number of bytes subtracted from the size of each packet associated with the queue for scheduling, profiling, and accounting purposes. From the queue’s perspective, the packet size is reduced by the amount specified. The minimum resulting packet size used by the system is 1 byte.

Values

0 to 64, in increments of 2

Platforms

All

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>qos>sap-egress>queue packet-byte-offset)

Full Context

configure qos sap-egress queue packet-byte-offset

Description

This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed.

The packet-byte-offset command is meant to be an arbitrary mechanism the can be used to either add downstream frame encapsulation or remove portions of packet headers.

When a packet-byte-offset value is applied to a queue instance, it adjusts the immediate packet size. This means that the queue rates, in other words, operational PIR and CIR, and queue bucket updates use the adjusted packet size. In addition, the queue statistics also reflects the adjusted packet size. Scheduler policy rates, which are data rates, uses the adjusted packet size.

The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always on-the-wire rates and uses the actual frame size. The same applies for the agg-rate-limit on a SAP, a subscriber, or a multiservice Site (MSS) when the queue is port-parented.

When the user enables frame-based-accounting in a scheduler policy or queue-frame-based-accounting with agg-rate-limit in a port scheduler policy, the queue rate will be capped to a user-configured on-the-wire rate and the packet-byte-offset is not included. However, the offsets are applied to the statistics.

The no form of this command is used to remove per packet size modifications from the queue.

Parameters

add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either parameter must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the queue for scheduling and accounting purposes.

Values

0 to 32

sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either parameter must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling and accounting purposes. The minimum resulting packet size used by the system is 1 byte.

Values

0 to 64

Platforms

All

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>qos>qgrps>ing>qgrp>policer packet-byte-offset)

Full Context

configure qos queue-group-templates ingress queue-group policer packet-byte-offset

Description

This command configures a packet byte offset for the QoS ingress queue-group policer.

Default

no packet-byte-offset

Parameters

add-bytes

Specifies the number of bytes to add as the offset amount.

Values

0 to 31

sub-bytes

Specifies the number of bytes to add as the offset amount.

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>qos>qgrps>ing>qgrp>queue packet-byte-offset)

Full Context

configure qos queue-group-templates ingress queue-group queue packet-byte-offset

Description

This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the ingress scheduling and profiling is changed. The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers. Both the scheduling and profiling throughput is affected by the offset as well as the stats (accounting) associated with the queue. The packet-byte-offset does not apply to drop statistics, received valid statistics, or the offered managed and unmanaged statistics used by Ingress Multicast Path Management.

The no form of this command is used to remove per packet size modifications from the queue.

Parameters

add-bytes

The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the queue for scheduling, profiling and accounting purposes. From the queue’s perspective, the packet size is increased by the amount being added to the size of each packet.

Values

0 to 30, in steps of 2

sub-bytes

The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling, profiling and accounting purposes. From the queue’s perspective, the packet size is reduced by the amount being subtracted from the size of each packet. The minimum resulting packet size used by the system is 1 byte.

Values

0 to 64, in steps of 2

Platforms

All

packet-byte-offset

Syntax

packet-byte-offset {add add-bytes | subtract sub-bytes}

no packet-byte-offset

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer packet-byte-offset)

[Tree] (config>qos>qgrps>egr>qgrp>queue packet-byte-offset)

Full Context

configure qos queue-group-templates egress queue-group policer packet-byte-offset

configure qos queue-group-templates egress queue-group queue packet-byte-offset

Description

This command is used to modify the size of each packet handled by the queue by adding or subtracting a number of bytes. The actual packet size is not modified; only the size used to determine the bucket depth impact is changed.

The packet-byte-offset command is meant to be an arbitrary mechanism that can be used to either add downstream frame encapsulation or remove portions of packet headers.

When a packet-byte-offset value is applied to a queue or policer instance, it adjusts the immediate packet size. This means that the queue rates (in other words, operational PIR and CIR) and policer or queue bucket updates use the adjusted packet size. In addition, the statistics also reflect the adjusted packet size. Scheduler policy rates, which are data rates, will use the adjusted packet size.

The port scheduler max-rate and the priority level rates and weights, if a Weighted Scheduler Group is used, are always on-the-wire rates and uses the actual frame size. The same applies for the agg-rate-limit on a SAP, a subscriber, or a Multiservice Site (MSS) when the queue is port-parented.

When the user enables frame-based-accounting in a scheduler policy or queue-frame-based-accounting with agg-rate-limit in a port scheduler policy, the policer or queue rate is capped to a user-configured on-the-wire rate and the packet-byte-offset is not included; however, the offsets are applied to the statistics.

The no form of this command is used to remove per packet size modifications from the queue.

Parameters

add-bytes

Specifies that the corresponding bytes parameter specifies the number of bytes that is added to the size of each packet associated with the queue for scheduling and accounting purposes.

Values

0 to 32

sub-bytes

Specifies that the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the queue for scheduling and accounting purposes. The minimum resulting packet size used by the system is 1 byte.

Values

0 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos queue-group-templates egress queue-group policer packet-byte-offset

All

  • configure qos queue-group-templates egress queue-group queue packet-byte-offset

packet-length

packet-length

Syntax

packet-length {lt | gt | eq} packet-length-value

packet-length range packet-length-value packet-length-value

no packet-length

Context

[Tree] (config>filter>ip-filter>entry>match packet-length)

Full Context

configure filter ip-filter entry match packet-length

Description

This command configures the IPv4 packet length value match criterion. The IPv4 packet length represents the total packet length including the IPv4 header and the payload.

Default

no packet-length

Parameters

lt

Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt

Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq

Specifies "equal to”.

packet-length-value

Specifies the packet length value.

Values

0 to 65535

range

Specifies an inclusive range. When range is used, the beginning of the range must have a value less than the second value of the range.

Platforms

All

packet-length

Syntax

packet-length {lt | gt | eq} packet-length-value

packet-length range packet-length-value packet-length-value

no packet-length

Context

[Tree] (config>filter>ipv6-filter>entry>match packet-length)

Full Context

configure filter ipv6-filter entry match packet-length

Description

This command configures the IPv6 packet length value match criterion. The IPv6 packet length represents the total packet length including the IPv6 header and the payload.

Default

no packet-length

Parameters

lt

Specifies "less than”. The lt parameter cannot be used with the lowest possible numerical value for the parameter.

gt

Specifies "greater than”. The gt parameter cannot be used with the highest possible numerical value for the parameter.

eq

Specifies "equal to”.

packet-length-value

Specifies the packet length value.

Values

40 to 65575

range

Specifies an inclusive range. When range is used, the beginning of the range must have a value less than the second value of the range.

Platforms

All

packet-rate-high-wmark

packet-rate-high-wmark

Syntax

packet-rate-high-wmark high-watermark

Context

[Tree] (config>app-assure packet-rate-high-wmark)

Full Context

configure application-assurance packet-rate-high-wmark

Description

This command configures the packet rate on the ISA-AA when a packet rate alarm will be raised by the agent.

Default

packet-rate-high-wmark max

Parameters

high-watermark

Specifies the high watermark for packet rate alarms. The value must be larger than or equal to the packet-rate-low-wmark low-watermark value.

Values

1 to 14880952 packets/sec, max (disabled)

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet-rate-low-wmark

packet-rate-low-wmark

Syntax

packet-rate-low-wmark low-watermark

no packet-rate-low-wmark

Context

[Tree] (config>app-assure packet-rate-low-wmark)

Full Context

configure application-assurance packet-rate-low-wmark

Description

This command configures the packet rate on the ISA-AA when a packet rate alarm will be cleared by the agent.

The no form of this command reverts to the default.

Default

packet-rate-low-wmark 0

Parameters

low-watermark

Specifies the low watermark for packet rate alarms. The value must be lower than or equal to the packet-rate-high-wmark high-watermark value.

Values

0 to 14880952 packets per second

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet-rx

packet-rx

Syntax

packet-rx [client client-ip [ source-port src-port]] [fcc-join] [ fcc-leave] [ret-nack]

no packet-rx

Context

[Tree] (debug>service>id>video-interface packet-rx)

Full Context

debug service id video-interface packet-rx

Description

This command enables debugging of received RTCP messages. The options for this command allow the user to filter only certain types of messages to appear in the debug traces.

Parameters

client client-ip

Specifies the client IP address.

source-port src-port

Specifies the source port.

fcc-join

Enables debugging for FCC joins.

fcc-leave

Enables debugging for FCC leaves.

ret-nack

Enables debugging for retransmission nack packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

packet-sanity

packet-sanity

Syntax

packet-sanity direction direction [create]

no packet-sanity direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-filter packet-sanity)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter packet-sanity

Description

This command configures a TCA for the counter capturing packet sanity hits for the specified SCTP filter. A packet sanity TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet-size

packet-size

Syntax

packet-size bytes

no packet-size

Context

[Tree] (config>system>snmp packet-size)

Full Context

configure system snmp packet-size

Description

This command configures the maximum SNMP packet size generated by this node.

The no form of this command restores the default value.

Default

packet-size 1500

Parameters

bytes

Specifies the SNMP packet size in bytes.

Values

484 to 9216

Platforms

All

packet-too-big

packet-too-big

Syntax

packet-too-big [number seconds]

no packet-too-big

Context

[Tree] (config>service>ies>if>ipv6>icmp6 packet-too-big)

Full Context

configure service ies interface ipv6 icmp6 packet-too-big

Description

This command specifies whether packet-too-big ICMP messages should be sent. When enabled, ICMPv6 packet-too-big messages are generated by this interface.

The no form of this command disables the sending of ICMPv6 packet-too-big messages.

Default

packet-too-big 100 10

Parameters

number

Specifies the number of ICMP messages that are too large to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of "packet-too-big” ICMP messages issued.

Values

1 to 60

Default

10

Platforms

All

packet-too-big

Syntax

packet-too-big [number seconds]

no packet-too-big

Context

[Tree] (config>service>vprn>if>ipv6>icmp6 packet-too-big)

Full Context

configure service vprn interface ipv6 icmp6 packet-too-big

Description

This command configures the rate for Internet Control Message Protocol version 6 (ICMPv6) packet-too-big messages.

Parameters

number

Specifies the number of packet-too-big messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of packet-too-big messages issued.

Values

1 to 60

Default

10

Platforms

All

packet-too-big

Syntax

packet-too-big

packet-too-big number [10..1000] seconds [ 1..60]

no packet-too-big

Context

[Tree] (config>service>vprn>if>sap>ip-tunnel>icmp6-gen packet-too-big)

Full Context

configure service vprn interface sap ip-tunnel icmp6-generation packet-too-big

Description

This command enables the system to send ICMPv6 PTB (Packet Too Big) messages on the private side and optionally specifies the rate.

With this command configured, the system sends PTB back if it received an IPv6 packet on the private side that is bigger than 1280 bytes and also exceeds the private MTU of the tunnel.

The ip-mtu command (under ipsec-tunnel or tunnel-template) specifies the private MTU for the ipsec-tunnel or dynamic tunnel.

The no form of this command reverts interval and message-count values to their default values.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packet-too-big

Syntax

packet-too-big [number seconds]

no packet-too-big

Context

[Tree] (config>router>if>ipv6>icmp6 packet-too-big)

Full Context

configure router interface ipv6 icmp6 packet-too-big

Description

This command configures the rate for ICMPv6 packet-too-big messages.

Parameters

number

Limits the number of packet-too-big messages issued per time frame specified in the seconds parameter.

Values

10 to 1000

seconds

Determines the time frame, in seconds, that is used to limit the number of packet-too-big messages issued per time frame.

Values

1 to 60

Platforms

All

packet-tx

packet-tx

Syntax

packet-tx [group grp-addr [ source srcAddr]] [ret-nack]

no packet-tx

Context

[Tree] (debug>service>id>video-interface packet-tx)

Full Context

debug service id video-interface packet-tx

Description

This command enables debugging transmitted RTCP packets.

Parameters

client client-ip

Specifies the client IP address.

source src-srcAddr

Specifies the source port’s IP address.

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

packet-type

packet-type

Syntax

packet-type [authentication] [accounting] [ coa]

no packet-type

Context

[Tree] (debug>router>radius packet-type)

Full Context

debug router radius packet-type

Description

This command specifies the RADIUS packet type filter of command debug router radius.

Default

authentication accounting coa

Parameters

authentication

Specifies the RADIUS authentication packet.

accounting

Specifies the RADIUS accounting packet.

coa

Specifies the RADIUS change of authorization packet.

Platforms

All

packets

packets

Syntax

[no] packets [interface ip-int-name]

Context

[Tree] (debug>router>srrp packets)

Full Context

debug router srrp packets

Description

This command enables debugging for SRRP packets.

The no form of this command disables debugging.

Platforms

All

packets

Syntax

[no] packets

[no] packets interface ip-int-name [vrid virtual-router-id]

[no] packets interface ip-int-name vrid virtual-router-id ipv6

Context

[Tree] (debug>router>vrrp packets)

Full Context

debug router vrrp packets

Description

This command enables or disables debugging for VRRP packets.

Parameters

ip-int-name

Specifies the interface name, up to 32 characters.

virtual-router-id

Specifies the router ID.

Values

1 to 255

ipv6

Debugs the specified IPv6 VRRP interface.

Platforms

All

packets

Syntax

packets [neighbor ip-address | group name]

no packets

Context

[Tree] (debug>router>bgp packets)

Full Context

debug router bgp packets

Description

This command decodes and logs all sent and received BGP packets in the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

packets

Syntax

packets [station station-name]

no packets

Context

[Tree] (debug>router>bmp packets)

Full Context

debug router bmp packets

Description

This command enables debugging for all BMP packets.

The no form of the command disables debugging for all BMP packets.

Parameters

station-name

Specifies the station name of the BMP monitoring station, up to 32 characters.

Platforms

All

packets

Syntax

[no] packets [neighbor ip-int-name | ip-addr]

Context

[Tree] (debug>router>rip packets)

Full Context

debug router rip packets

Description

This command enables debugging for RIP packets.

Parameters

ip-int-name | ip-address

Debugs the RIP packets sent on the neighbor IP address or interface.

Platforms

All

packets

Syntax

[no] packets [neighbor ip-int-name | ipv6-address]

Context

[Tree] (debug>router>ripng packets)

Full Context

debug router ripng packets

Description

This command enables debugging for RIPng packets.

Parameters

ip-int-name| ipv6-address

Debugs the RIPng packets sent on the neighbor IP address or interface.

Platforms

All

packets-admitted-count

packets-admitted-count

Syntax

[no] packets-admitted-count

Context

[Tree] (config>log>acct-policy>cr>aa>aa-to-sub-cntr packets-admitted-count)

[Tree] (config>log>acct-policy>cr>aa>aa-from-sub-cntr packets-admitted-count)

Full Context

configure log accounting-policy custom-record aa-specific to-aa-sub-counters packets-admitted-count

configure log accounting-policy custom-record aa-specific from-aa-sub-counters packets-admitted-count

Description

This command includes the admitted packet count in the AA subscriber's custom record and only applies to the 7750 SR.

The no form of this command excludes the admitted packet count.

Default

no packets-admitted-count

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

packets-denied-count

packets-denied-count

Syntax

[no] packets-denied-count

Context

[Tree] (config>log>acct-policy>cr>aa>aa-to-sub-cntr packets-denied-count)

[Tree] (config>log>acct-policy>cr>aa>aa-from-sub-cntr packets-denied-count)

Full Context

configure log accounting-policy custom-record aa-specific to-aa-sub-counters packets-denied-count

configure log accounting-policy custom-record aa-specific from-aa-sub-counters packets-denied-count

Description

This command includes the denied packet count in the AA subscriber's custom record and only applies to the 7750 SR.

The no form of this command excludes the denied packet count.

Default

no packets-denied-count

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pad-size

pad-size

Syntax

pad-size octets

no pad-size

Context

[Tree] (config>oam-pm>session>ip>twamp-light pad-size)

Full Context

configure oam-pm session ip twamp-light pad-size

Description

This command defines the amount by which the TWAMP Light packet is padded. TWAMP session controller packets are 27 bytes smaller than TWAMP session reflector packets. If symmetrical packet sizes in the forward and backward direction are required, the pad size must be configured to a minimum of 27 bytes.

The no form of this command removes all padding.

Default

pad-size 0

Parameters

octets

Specifies the value, in octets, to pad the TWAMP Light packet.

Values

0 to 2000

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pad-tlv-size

pad-tlv-size

Syntax

pad-tlv-size octets

no pad-tlv-size

Context

[Tree] (config>oam-pm>session>mpls>dm pad-tlv-size)

Full Context

configure oam-pm session mpls dm pad-tlv-size

Description

This command allows the operator to add an optional Pad TLV to PDU and increase the frame on the wire by the specified amount. Note that this command only configures the size of the padding added to the PDU, and does not configure the total size of the frame on the wire. Since the bit count for the length is a maximum of 255 (8bits) the maximum pad per pad-tlv is between 0, 2 and 257 (type 1B, Length 1B, Length 255). Only a single pad-tlv can be added.

The no form of this command removes the optional TLV.

Parameters

octets

Specifies the overall length of the pad-tlv.

Values

0, 2 to 257

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pad-tlv-size

Syntax

pad-tlv-size octets

Context

[Tree] (config>test-oam>link-meas>template>twl pad-tlv-size)

Full Context

configure test-oam link-measurement measurement-template twamp-light pad-tlv-size

Description

This command configures an optional pad TLV size that allows a STAMP PDU to include the PAD TLV. This increases the size of the STAMP PDU by the size of the added TLV. The PAD TLV includes an all zeros pattern.

Parameters

octets

Specifies the length of the pad-tlv.

Values

4 to 9714

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pad-tlv-size

Syntax

pad-tlv-size octets [create]

no pad-tlv-size

Context

[Tree] (config>oam-pm>session>ip>twamp-light pad-tlv-size)

Full Context

configure oam-pm session ip twamp-light pad-tlv-size

Description

This command configures the PAD TLV to be included in the STAMP test packet with a total byte count equivalent to the value of this leaf.

TWAMP Light does not support TLVs. To pad the size of the TWAMP Light test packet the user must configure the pad-size command. STAMP test packets (the standard form of TWAMP Light) introduces TLVs for padding. Therefore, STAMP test packets must use the pad-tlv-size value.

The no form of this command removes the TWAMP Light test function from the OAM-PM session.

Parameters

test-id

Specifies the value of the 4-byte local test identifier not sent in the TWAMP Light packets.

Values

0 to 2147483647

create

Creates the test.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

padding-size

padding-size

Syntax

padding-size padding-size

no padding-size

Context

[Tree] (config>service>vprn>static-route-entry>indirect>cpe-check padding-size)

[Tree] (config>service>vprn>static-route-entry>next-hop>cpe-check padding-size)

Full Context

configure service vprn static-route-entry indirect cpe-check padding-size

configure service vprn static-route-entry next-hop cpe-check padding-size

Description

This optional parameter specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.

Default

padding-size 56

Parameters

padding-size

An integer value.

Values

0 to 16384 bytes

Platforms

All

padding-size

Syntax

padding-size padding-size

no padding-size

Context

[Tree] (config>router>static-route-entry>next-hop>cpe-check padding-size)

[Tree] (config>router>static-route-entry>indirect>cpe-check padding-size)

Full Context

configure router static-route-entry next-hop cpe-check padding-size

configure router static-route-entry indirect cpe-check padding-size

Description

This command specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.

Default

padding-size 56

Parameters

padding-size

Specifies the integer value.

Values

0 to 16384 bytes

Platforms

All

padding-size

Syntax

padding-size padding-size

no padding-size

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check padding-size)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry>cpe-check padding-size)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check padding-size

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry cpe-check padding-size

Description

This command configures the padding size for the ICMP ping test packet of the CPE connectivity check.

Default

padding-size 56

Parameters

padding-size

Specifies the padding size value.

Values

0 to 16384 bytes

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

padding-size

Syntax

padding-size size

no padding-size

Context

[Tree] (config>vrrp>priority-event>host-unreachable padding-size)

Full Context

configure vrrp priority-event host-unreachable padding-size

Description

This command allows the operator to increase the size of IP packet by padding the PDU.

The no form of the command reverts to the default.

Default

padding-size 0

Parameters

size

Specifies amount of increase to the ICMP PDU.

Values

0 to 16384

padi-auth-policy

padi-auth-policy

Syntax

padi-auth-policy policy-name

no padi-auth-policy

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host padi-auth-policy)

Full Context

configure subscriber-mgmt local-user-db ppp host padi-auth-policy

Description

This command configures the PADI authentication policy of this host.

Parameters

policy-name

Specifies the authentication policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pado-ac-name

pado-ac-name

Syntax

pado-ac-name name

no pado-ac-name

Context

[Tree] (config>subscr-mgmt>ppp-policy pado-ac-name)

Full Context

configure subscriber-mgmt ppp-policy pado-ac-name

Description

This command configures the Access Concentrator name that is used in the PPPoE PADO message.

By default, the system name or if not configured, the chassis Serial Number is used.

Parameters

name

Specifies the string up to 128 characters to be used as AC name in the PPPoE PADO message.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pado-delay

pado-delay

Syntax

pado-delay deci-seconds

no pado-delay

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host pado-delay)

Full Context

configure subscriber-mgmt local-user-db ppp host pado-delay

Description

This command configures the delay timeout before sending a PPPoE Active Discovery Offer (PADO).

Parameters

deci-seconds

Specifies the delay timeout before sending a PADO.

Values

1 to 30

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pado-delay

Syntax

pado-delay deci-seconds

no pado-delay

Context

[Tree] (config>subscr-mgmt>ppp-policy pado-delay)

Full Context

configure subscriber-mgmt ppp-policy pado-delay

Description

This command configures the delay timeout before sending a PPP Active Discovery Offer (PADO) packet.

Parameters

deci-seconds

Specifies the delay timeout before sending a PADO.

Values

1 to 30

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pairing-button

pairing-button

Syntax

pairing-button admin-state

Context

[Tree] (config>system>bluetooth pairing-button)

Full Context

configure system bluetooth pairing-button

Description

This command is used to allow or block the function of the pairing button. This command can be used to block the accidental triggering of a pairing operation while there is already a paired device.

The actual behavior of the Bluetooth pairing is dependent on both this command and the power command.

If normal operation is to use the pairing button on the router and on the external device to initiate the Bluetooth connection, then set:

config>system>bluetooth>power enabled-manual

config>system>bluetooth>pairing-button enable

If normal operation is to only require the external device to initiate the pairing, then set:

config>system>bluetooth>power enabled-automatic

config>system>bluetooth>pairing-button disable

If normal operation is to not allow the local operator to connect without permission from the central management location, then set:

config>system>bluetooth>power enabled-manual

config>system>bluetooth>pairing-button disable

Then when a connection is wanted, the central management station must change the configuration to one of the two options shown above for the time the local operator is connecting. The central management station can change the setting back to block local access after the operations is complete.

Default

pairing-button disable

Parameters

admin-state

Specifies the administrative state.

Values

enable — pairing button can trigger a pairing operation

disable — pairing button does not trigger a pairing operation

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

parallel

parallel

Syntax

parallel [no-advertise]

no parallel

Context

[Tree] (config>router>isis>segm-rtng>adjacency-set parallel)

[Tree] (config>router>ospf>segm-rtng>adjacency-set parallel)

Full Context

configure router isis segment-routing adjacency-set parallel

configure router ospf segment-routing adjacency-set parallel

Description

This command indicates that all members of the adjacency set must terminate on the same neighboring node. The system raises a trap if a user attempts to add an adjacency terminating on a neighboring node that differs from the existing members of the adjacency set. In addition, the system stops advertising the adjacency set in IS-IS or OSPF and locally deprograms it.

By default, parallel adjacency sets are advertised in the IGP. The no-advertise option prevents an adjacency set from being advertised in the IGP. It is only allowed in CLI and SNMP if the parallel command is configured.

The no form of this command indicates that the adjacency set can include adjacencies to different next hop nodes.

Default

parallel

Platforms

All

param-problem

param-problem

Syntax

param-problem [number seconds]

no param-problem

Context

[Tree] (config>service>vprn>sub-if>grp-if>icmp param-problem)

[Tree] (config>service>ies>if>icmp param-problem)

[Tree] (config>service>ies>sub-if>grp-if>icmp param-problem)

[Tree] (config>service>ies>if>ipv6>icmp6 param-problem)

Full Context

configure service vprn subscriber-interface group-interface icmp param-problem

configure service ies interface icmp param-problem

configure service ies subscriber-interface group-interface icmp param-problem

configure service ies interface ipv6 icmp6 param-problem

Description

This command specifies whether parameter-problem ICMP/ICMPv6 messages should be sent. When enabled, parameter-problem ICMP/ICMPv6 messages are generated by this interface.

The no form of this command disables the sending of parameter-problem ICMP/ICMPv6 messages.

Default

param-problem 100 10

Parameters

number

Specifies the number of parameter-problem ICMPv6 messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMPv6 messages issued.

Values

1 to 60

Default

10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface icmp param-problem
  • configure service vprn subscriber-interface group-interface icmp param-problem

All

  • configure service ies interface icmp param-problem
  • configure service ies interface ipv6 icmp6 param-problem

param-problem

Syntax

param-problem [number number] [ seconds seconds]

no param-problem

Context

[Tree] (config>subscr-mgmt>git>ipv4>icmp param-problem)

Full Context

configure subscriber-mgmt group-interface-template ipv4 icmp param-problem

Description

This command configures the parameter-problem ICMPv4 messages that are generated by this interface.

The no form of this command disables the sending of parameter-problem ICMPv4 messages.

Default

param-problem number 100 seconds 10

Parameters

number

Specifies the number of parameter-problem ICMPv4 messages sent in the time specified by the seconds parameter.

Values

10 to 1000

seconds

Specifies the time, in seconds, that is used to limit the number of parameter-problem ICMPv4 messages issued.

Values

1 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

param-problem

Syntax

param-problem number seconds

no param-problem [number seconds]

Context

[Tree] (config>service>vprn>if>icmp param-problem)

[Tree] (config>service>vprn>if>ipv6>icmp6 param-problem)

[Tree] (config>service>vprn>nw-if>icmp param-problem)

Full Context

configure service vprn interface icmp param-problem

configure service vprn interface ipv6 icmp6 param-problem

configure service vprn network-interface icmp param-problem

Description

This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface. The no form of this command disables the sending of parameter-problem ICMP messages.

Parameters

number

Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.

Values

1 to 60

Default

10

Platforms

All

param-problem

Syntax

param-problem [number seconds]

no param-problem

Context

[Tree] (config>router>if>icmp param-problem)

Full Context

configure router interface icmp param-problem

Description

This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface.

The no form of this command disables the sending of parameter-problem ICMP messages.

Parameters

number

Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.

Values

1 to 60

Default

10

Platforms

All

param-problem

Syntax

param-problem [number seconds]

no param-problem

Context

[Tree] (config>router>if>ipv6>icmp6 param-problem)

Full Context

configure router interface ipv6 icmp6 param-problem

Description

This command specifies whether parameter-problem ICMPv6 messages should be sent. When enabled, parameter-problem ICMPv6 messages are generated by this interface.

The no form of this command disables the sending of parameter-problem ICMPv6 messages.

Parameters

number

Specifies the number of parameter-problem ICMPv6 messages to send in the time frame specified by the seconds parameter.

Values

10 to 1000

Default

100

seconds

Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMPv6 messages issued.

Values

1 to 60

Default

10

Platforms

All

parent

parent

Syntax

parent [weight weight] [ cir-weight cir-weight]

no parent

Context

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q parent)

Full Context

configure port ethernet access egress queue-group queue-overrides queue parent

Description

This command, when used in the queue-overrides context for a queue group queue, defines an optional weight and cir-weight for the queue treatment by the parent scheduler that further governs the available bandwidth for the queue aside from the queue PIR setting. When multiple schedulers and or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent bandwidth.

Parameters

weight

Specifies the relative weight of this queue in comparison to other child schedulers and queues while vying for bandwidth on the parent scheduler-name. Any queues or schedulers defined as weighted receive no parental bandwidth until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.

Values

0 to 100

Default

1

cir-weight

Specifies the weight the queue uses at the within-cir port priority level. The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Platforms

All

parent

Syntax

parent [weight weight] [ cir-weight cir-weight]

no parent

Context

[Tree] (config>port>ethernet>access>egr>qgrp>sched-override>scheduler parent)

[Tree] (config>port>ethernet>access>ing>qgrp>sched-override>scheduler parent)

Full Context

configure port ethernet access egress queue-group scheduler-override scheduler parent

configure port ethernet access ingress queue-group scheduler-override scheduler parent

Description

This command can be used to override the scheduler's parent weight and CIR weight. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the applied scheduler policy.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy - this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the queue group overrides. If the parent scheduler does not exist, causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.

The no form of this command returns the scheduler's parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child's weight to the total distributes the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child's cir-weight to the total distributes the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Platforms

All

parent

Syntax

parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]

no parent

Context

[Tree] (config>qos>sap-egress>dynamic-queue parent)

Full Context

configure qos sap-egress dynamic-queue parent

Description

This command configures the queue treatment by the parent scheduler that governs the available bandwidth for the queue. When multiple schedulers share a child status with the parent scheduler, the weight and level options define how this queue contends with the other children for the above-CIR parent bandwidth. The cir-weight and cir-level options specify the weight the queue uses at the within-CIR port priority level.

Parameters

scheduler-name

Specifies the name of the scheduler parent, up to 32 characters.

Values

1 to 100

weight

Specifies the relative weight of this queue in comparison to other child schedulers and queues while vying for above-CIR priority level bandwidth on the parent scheduler. Any queues or schedulers defined as weighted receive no parental bandwidth, until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.

Values

1 to 100

Default

1

level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to feed to the parent, for above-CIR offered load bandwidth passes.

Values

1 to 8

Default

1

cir-weight

Specifies the weight the queue uses at the within-cir priority level. The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight parameter is set to 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

cir-level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to fed to the parent, for within-CIR offered load bandwidth passes.

Values

0 to 8

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

parent

Syntax

parent {[weight weight] [cir-weight cir-weight]}

no parent

Context

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue parent)

[Tree] (config>service>epipe>sap>egress>queue-override>queue parent)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue parent)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue parent)

[Tree] (config>service>cpipe>sap>egress>queue-override>queue parent)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue parent)

Full Context

configure service cpipe sap ingress queue-override queue parent

configure service epipe sap egress queue-override queue parent

configure service epipe sap ingress queue-override queue parent

configure service ipipe sap egress queue-override queue parent

configure service cpipe sap egress queue-override queue parent

configure service ipipe sap ingress queue-override queue parent

Description

This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.

Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multi-service customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The orphaned state must generate a log entry and a trap message. The SAP which the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.

The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.

When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. Once a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.

Parameters

weight

These optional keywords are mutually exclusive to the level keyword. Specifies the relative weight of this queue in comparison to other child schedulers, policers, and queues while vying for bandwidth on the parent scheduler-name. Any policers, queues, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

All weight values from all weighted active policers, queues, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the policer, queue, or scheduler. A weight is considered to be active when the pertaining policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

cir-weight

Specifies the weight the queue or scheduler will use at the within-cir port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the policer, queue, or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress queue-override queue parent
  • configure service cpipe sap ingress queue-override queue parent

All

  • configure service epipe sap ingress queue-override queue parent
  • configure service ipipe sap egress queue-override queue parent
  • configure service epipe sap egress queue-override queue parent
  • configure service ipipe sap ingress queue-override queue parent

parent

Syntax

parent [weight weight] [cir-weight cir-weight]

no parent

Context

[Tree] (config>service>epipe>sap>egress>sched-override>scheduler parent)

[Tree] (config>service>ipipe>sap>ingress>sched-override>scheduler parent)

[Tree] (config>service>cpipe>sap>ingress>sched-override>scheduler parent)

[Tree] (config>service>cpipe>sap>egress>sched-override>scheduler parent)

[Tree] (config>service>epipe>sap>ingress>sched-override>scheduler parent)

[Tree] (config>service>ipipe>sap>egress>sched-override>scheduler parent)

Full Context

configure service epipe sap egress scheduler-override scheduler parent

configure service ipipe sap ingress scheduler-override scheduler parent

configure service cpipe sap ingress scheduler-override scheduler parent

configure service cpipe sap egress scheduler-override scheduler parent

configure service epipe sap ingress scheduler-override scheduler parent

configure service ipipe sap egress scheduler-override scheduler parent

Description

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight

Specifies the relative weight of this scheduler in comparison to other child schedulers, policers, and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers, policers, and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Platforms

All

  • configure service epipe sap egress scheduler-override scheduler parent
  • configure service ipipe sap egress scheduler-override scheduler parent
  • configure service ipipe sap ingress scheduler-override scheduler parent
  • configure service epipe sap ingress scheduler-override scheduler parent

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress scheduler-override scheduler parent
  • configure service cpipe sap egress scheduler-override scheduler parent

parent

Syntax

parent [weight weight] [cir-weight cir-weight]

no parent

Context

[Tree] (config>service>vpls>sap>egress>queue-override>queue parent)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue parent)

Full Context

configure service vpls sap egress queue-override queue parent

configure service vpls sap ingress queue-override queue parent

Description

This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.

Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multi-service customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The orphaned state must generate a log entry and a trap message. The SAP which the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.

The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state mentioned above and automatically return to normal operation when the parent scheduler is available again.

When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. Once a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.

Parameters

weight

These optional keywords are mutually exclusive to the level keyword. The weight defines the relative weight of this queue in comparison to other child schedulers, policers, and queues while vying for bandwidth on the parent scheduler-name. Any policers, queues, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

All weight values from all weighted active policers, queues, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the policer, queue, or scheduler. A weight is considered to be active when the pertaining policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted policers, queues, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

cir-weight

Specifies the weight the queue or scheduler will use at the within-cir port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the policer, queue, or scheduler does not receive bandwidth during the port schedulers within-cir pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Platforms

All

parent

Syntax

parent [weight weight] [cir-weight cir-weight]

no parent

Context

[Tree] (config>service>vpls>sap>egress>sched-override>scheduler parent)

[Tree] (config>service>vpls>sap>ingress>sched-override>scheduler parent)

Full Context

configure service vpls sap egress scheduler-override scheduler parent

configure service vpls sap ingress scheduler-override scheduler parent

Description

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Platforms

All

parent

Syntax

parent [weight weight] [ cir-weight cir-weight]

Context

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue parent)

[Tree] (config>service>ies>if>sap>egress>sched-override>scheduler parent)

[Tree] (config>service>ies>if>sap>ingress>sched-override>scheduler parent)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue parent)

Full Context

configure service ies interface sap ingress queue-override queue parent

configure service ies interface sap egress scheduler-override scheduler parent

configure service ies interface sap ingress scheduler-override scheduler parent

configure service ies interface sap egress queue-override queue parent

Description

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

cir-weight cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Platforms

All

parent

Syntax

parent [weight weight] [ cir-weight cir-weight]

no parent

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue parent)

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue parent)

Full Context

configure service vprn interface sap egress queue-override queue parent

configure service vprn interface sap ingress queue-override queue parent

Description

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight weight

Specifes the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

Default

1

cir-weight cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Default

1

Platforms

All

parent

Syntax

parent [weight weight] [ cir-weight cir-weight]

no parent

Context

[Tree] (config>service>vprn>if>sap>egress>sched-override>scheduler parent)

[Tree] (config>service>vprn>if>sap>ingress>sched-override>scheduler parent)

Full Context

configure service vprn interface sap egress scheduler-override scheduler parent

configure service vprn interface sap ingress scheduler-override scheduler parent

Description

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

cir-weight cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Platforms

All

parent

Syntax

parent {root | arbiter-name} [ level priority-level] [weight weight-within-level]

no parent

Context

[Tree] (config>qos>plcr-ctrl-plcy>tier>arbiter parent)

Full Context

configure qos policer-control-policy tier arbiter parent

Description

This command is used to define from where the tiered arbiter receives bandwidth. Both tier 1 and tier 2 arbiters default to parenting to the root arbiter. Tier 2 arbiters may be modified to parent to a tier 1 arbiter. The tier 1 arbiter parent cannot be changed.

The no form of this command is used to return the tiered arbiter to the default parenting behavior.

Default

parent root level 1 weight 1

Parameters

root

In tier 1, arbiter-name is not allowed and only root is accepted. When root is specified, the arbiter will receive all bandwidth directly from the root arbiter. This is the default parent for tiered arbiters.

arbiter-name

In tier 1, arbiter-name is not allowed and only root is accepted. The specified arbiter-name must exist within the policer-control-policy at tier 1 or the parent command will fail. When a tiered arbiter is acting as a parent for another tiered arbiter, the parent arbiter cannot be removed from the policy. The child arbiter will receive all bandwidth directly from its parent arbiter (that receives bandwidth from the root arbiter).

priority-level

Each child arbiter attaches to its parent on one of the parent’s eight strict levels. Level 1 is the lowest and 8 is the highest. The level attribute is used to define which level the child arbiter uses on its parent. The parent distributes its available bandwidth based on strict priority starting with priority level 8 and proceeding towards level 1.

Values

1 to 8

Default

1

weight-within-level

The weight attribute is used to define how multiple children at the same parent strict level compete when insufficient bandwidth exists on the parent for that level. Each child's weight is divided by the sum of the active children's weights and the result is multiplied by the available bandwidth. If a child cannot receive its entire weighted fair share of bandwidth due to a defined child rate limit, the remainder of its bandwidth is distributed between the other children based on their weights.

Values

1 to 100

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

parent

Syntax

parent arbiter-name [weight weight-within-level] [level level]

no parent

Context

[Tree] (config>qos>sap-ingress>policer parent)

[Tree] (config>qos>sap-ingress>dyn-policer parent)

[Tree] (config>qos>sap-egress>policer parent)

[Tree] (config>qos>sap-egress>dyn-policer parent)

Full Context

configure qos sap-ingress policer parent

configure qos sap-ingress dynamic-policer parent

configure qos sap-egress policer parent

configure qos sap-egress dynamic-policer parent

Description

This command is used to create a child-to-parent mapping between each instance of the policer and either the root arbiter or a specific tiered arbiter on the object where the policy is applied. Defining a parent association for the policer causes the policer to compete for the parent policer’s available bandwidth with other child policers mapped to the policer control hierarchy.

Policer control hierarchies may be created on SAPs or on a subscriber or multiservice site context. To create a policer control hierarchy on an ingress or egress SAP context, a policer-control-policy must be applied to the SAP. When applied, the system will create a parent policer that is bandwidth limited by the policy’s max-rate value under the root arbiter. The root arbiter in the policy also provides the information used to determine the various priority-level discard-unfair and discard-all thresholds. Besides the root arbiter, the policy may also contain user-defined tiered arbiters that provide arbitrary bandwidth control for subsets of child policers that are either directly or indirectly parented by the arbiter.

When the QoS policy containing the policer with a parent mapping to an arbiter name exists on the SAP, the system will scan the available arbiters on the SAP. If an arbiter exists with the appropriate name, the policer to arbiter association is created. If the specified arbiter does not exist either because a policer-control-policy is not currently applied to the SAP or the arbiter name does not exist within the applied policy, the policer is placed in an orphan state. Orphan policers operate as if they are not parented and are not subject to any bandwidth constraints other than their own PIR. When a policer enters the orphan state, it is flagged as operationally degraded due to the fact that it is not operating as intended and a trap is generated. Whenever a policer-control-policy is added to the SAP or the existing policy is modified, the SAP's policer's parenting configurations must be reevaluated. If an orphan policer becomes parented, the degraded flag is cleared, and a resulting trap is generated.

For subscribers, the policer control hierarchy is created through the policer-control-policy applied to the sub-profile used by the subscriber. A unique policer control hierarchy is created for each subscriber associated with the sub-profile. The QoS policy containing the policer with the parenting command comes into play through the subscriber sla-profile, which references the QoS policy. The combining of the sub-profile and the sla-profile at the subscriber level provides the system with the proper information to create the policer control hierarchy instance for the subscriber. This functionality is available only for the 7450 ESS and 7750 SR.

Executing the parent command will fail if:

  • The policer’s stat-mode in the QoS policy is set to no-stats

  • A stat-mode no-stats override exists on an instance of the policer on a SAP or subscriber or multiservice site context

A policer with a parent command applied cannot be configured with stat-mode no-stats in either the QoS policy or as an override on an instance of the policer.

When a policer is successfully parented to an arbiter, the parent commands level and weight parameters are used to determine at what priority level and at which weight in the priority level that the child policer competes with other children (policers or other arbiters) for bandwidth.

The no form of this command is used to remove the parent association from all instances of the policer.

Parameters

{root | arbiter-name}

When the parent command is executed, either the keyword root or an arbiter-name must be specified.

root

Specifies that the policer is intended to become a child to the root arbiter where an instance of the policer is created. If the root arbiter does not exist, the policer will be placed in the orphan state.

Default

root

arbiter-name

Specifies that the policer is intended to become a child to one of the tiered arbiters with the given arbiter-name where an instance of the policer is created. If the specified arbiter-name does not exist, the policer will be placed in the orphan state.

weight weight-within-level

The weight weight-within-level keyword and parameter are optional when executing the parent command. When weight is not specified, a default level of 1 is used in the parent arbiter’s priority level. When weight is specified, the weight-within-level parameter must be specified as an integer value from 1 through 100.

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-egress policer parent
  • configure qos sap-ingress policer parent

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure qos sap-ingress dynamic-policer parent
  • configure qos sap-egress dynamic-policer parent

parent

Syntax

parent scheduler-name [weight weight] [level level] [cir-weight cir-weight] [cir-level cir-level]

no parent

Context

[Tree] (config>qos>sap-egress>queue parent)

[Tree] (config>qos>sap-ingress>queue parent)

Full Context

configure qos sap-egress queue parent

configure qos sap-ingress queue parent

Description

This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers, policers (at egress only), and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.

Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multiservice customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The SAP that the queue belongs to also depicts an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.

The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.

When a parent scheduler is defined without specifying the weight parameter, the default is a weight of 1.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.

Parameters

scheduler-name

The defined scheduler-name conforms to the same input criteria as the schedulers defined within a scheduler policy. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the queue to use the defined scheduler-name, the scheduler exists on each egress SAP that the queue is eventually created on. For the duration where scheduler-name does not exist on the egress SAP, the queue operates in an orphaned state.

Values

Any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

weight

Specifies the relative weight of this queue in comparison to other child schedulers, policers, and queues, while vying for bandwidth on the parent scheduler-name. Any queues, policers, or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

All weight values from all weighted active queues, policers, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the queue, policer, or scheduler. A weight is considered to be active when the pertaining queue, policer, or scheduler has not reached its maximum rate and still has packets to transmit. All child queues, policers, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted queues, policers, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

level

The optional level parameter defines the level of hierarchy when compared to other schedulers and queues competing for bandwidth on the parent scheduler-name. Queues or schedulers will not receive parental bandwidth until all queues, policers, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

Children of the parent scheduler with a lower strict priority will not receive bandwidth until all children with a higher strict priority have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced in relation to their relative weights.

Values

1 to 8

Default

1

cir-weight

Specifies the weight that the queue or scheduler uses at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

1

cir-level

Specifies the port priority that the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

parent

Syntax

parent {root | arbiter-name} [ level level] [weight weight-within-level]

no parent

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer parent)

[Tree] (config>qos>qgrps>ing>qgrp>policer parent)

Full Context

configure qos queue-group-templates egress queue-group policer parent

configure qos queue-group-templates ingress queue-group policer parent

Description

This command is used to create a child-to-parent mapping between each instance of the policer and either the root arbiter or a specific tiered arbiter on the object where the policy is applied. Defining a parent association for the policer causes the policer to compete for the parent policer’s available bandwidth with other child policers mapped to the policer control hierarchy.

Policer control hierarchies may be created on SAPs or on a subscriber or multiservice site context. To create a policer control hierarchy on an ingress or egress SAP context, a policer-control-policy must be applied to the SAP. When applied, the system will create a parent policer that is bandwidth limited by the policy’s max-rate value under the root arbiter. The root arbiter in the policy also provides the information used to determine the various priority level discard-unfair and discard-all thresholds. Besides the root arbiter, the policy may also contain user-defined tiered arbiters that provide arbitrary bandwidth control for subsets of child policers that are either directly or indirectly parented by the arbiter.

When the QoS policy containing the policer with a parent mapping to an arbiter name exists on the SAP, the system will scan the available arbiters on the SAP. If an arbiter exists with the appropriate name, the policer to arbiter association is created. If the specified arbiter does not exist either because a policer-control-policy is not currently applied to the SAP or the arbiter name does not exist within the applied policy, the policer is placed in an orphan state. Orphan policers operate as if they are not parented and are not subject to any bandwidth constraints other than their own PIR. When a policer enters the orphan state, it is flagged as operationally degraded due to the fact that it is not operating as intended and a trap is generated. Whenever a policer-control-policy is added to the SAP or the existing policy is modified, the SAP's policer's parenting configurations must be reevaluated. If an orphan policer becomes parented, the degraded flag is cleared and a resulting trap is generated.

For subscribers, the policer control hierarchy is created through the policer-control-policy applied to the sub-profile used by the subscriber. A unique policer control hierarchy is created for each subscriber associated with the sub-profile. The QoS policy containing the policer with the parenting command comes into play through the subscriber sla-profile that references the QoS policy. The combining of the sub-profile and the sla-profile at the subscriber level provides the system with the proper information to create the policer control hierarchy instance for the subscriber. This functionality is available only for the 7450 ESS and 7750 SR.

Executing the parent command will fail if:

  • The policer’s stat-mode in the QoS policy is set to no-stats

  • A stat-mode no-stats override exists on an instance of the policer on a SAP or subscriber or multiservice site context

A policer with a parent command applied cannot be configured with stat-mode no-stats in either the QoS policy or as an override on an instance of the policer.

When a policer is successfully parented to an arbiter, the parent commands level and weight parameters are used to determine at what priority level and at which weight in the priority level that the child policer competes with other children (policers or other arbiters) for bandwidth.

The no form of this command is used to remove the parent association from all instances of the policer.

Parameters

{root | arbiter-name}

When the parent command is executed, either the keyword root or an arbiter-name must be specified.

Default

root

root

The root keyword specifies that the policer is intended to become a child to the root arbiter where an instance of the policer is created. If the root arbiter does not exist, the policer will be placed in the orphan state.

arbiter-name

The arbiter-name parameter specifies that the policer is intended to become a child to one of the tiered arbiters with the given arbiter-name where an instance of the policer is created. If the specified arbiter-name does not exist, the policer will be placed in the orphan state.

weight weight-within-level

The weight weight-within-level keyword and parameter are optional when executing the parent command. When weight is not specified, a default level of 1 is used in the parent arbiters priority level. When weight is specified, the weight-within-level parameter must be specified as an integer value from 1 through 100.

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

parent

Syntax

parent scheduler-name [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]

no parent

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue parent)

[Tree] (config>qos>qgrps>ing>qgrp>queue parent)

Full Context

configure qos queue-group-templates egress queue-group queue parent

configure qos queue-group-templates ingress queue-group queue parent

Description

This command defines an optional parent scheduler that further governs the available bandwidth given the queue aside from the queue’s PIR setting. When multiple schedulers, policers (at egress only), and/or queues share a child status with the parent scheduler, the weight or level parameters define how this queue contends with the other children for the parent’s bandwidth.

Checks are not performed to see if a scheduler-name exists when the parent command is defined on the queue. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. Multiple schedulers can exist with the scheduler-name and the association pertains to a scheduler that should exist on the egress SAP as the policy is applied and the queue created. When the queue is created on the egress SAP, the existence of the scheduler-name is dependent on a scheduler policy containing the scheduler-name being directly or indirectly applied (through a multiservice customer site) to the egress SAP. If the scheduler-name does not exist, the queue is placed in the orphaned operational state. The queue will accept packets but will not be bandwidth limited by a virtual scheduler or the scheduler hierarchy applied to the SAP. The SAP that the queue belongs to must also depict an orphan queue status. The orphaned state of the queue is automatically cleared when the scheduler-name becomes available on the egress SAP.

The parent scheduler can be made unavailable due to the removal of a scheduler policy or scheduler. When an existing parent scheduler is removed or inoperative, the queue enters the orphaned state and automatically returns to normal operation when the parent scheduler is available again.

When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child queue attempts to operate based on its configured rate parameter. Removing the parent association on the queue within the policy takes effect immediately on all queues using the SAP egress QoS policy.

Parameters

scheduler-name

The defined scheduler-name conforms to the same input criteria as the schedulers defined within a scheduler policy. Scheduler names are configured in the config>qos>scheduler-policy>tier level context. There are no checks performed at the time of definition to ensure that the scheduler-name exists within an existing scheduler policy. For the queue to use the defined scheduler-name, the scheduler exists on each egress SAP the queue is eventually created on. For the duration where scheduler-name does not exist on the egress SAP, the queue operates in an orphaned state.

Values

Any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

weight weight

weight defines the relative weight of this queue in comparison to other child schedulers and queues while vying for bandwidth on the parent scheduler-name. Any queues or schedulers defined as weighted receive no parental bandwidth until all policers, queues, and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

All weight values from all weighted active queues, policers, and schedulers with a common parent scheduler are added together. Then, each individual active weight is divided by the total, deriving the percentage of remaining bandwidth provided to the queue, policer, or scheduler. A weight is considered to be active when the pertaining queue or scheduler has not reached its maximum rate and still has packets to transmit. All child policers, queues, and schedulers with a weight of 0 are considered to have the lowest priority level and are not serviced until all non-zero weighted queues, policers, and schedulers at that level are operating at the maximum bandwidth or are idle.

Values

0 to 100

Default

1

level level

The optional level parameter defines the level of hierarchy when compared to other schedulers and queues when vying for bandwidth on the parent scheduler-name. Queues or schedulers will not receive parental bandwidth until all queues and schedulers with a higher (numerically larger) priority on the parent have reached their maximum bandwidth or are idle.

Children of the parent scheduler with a lower strict priority will not receive bandwidth until all children with a higher strict priority have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced relative to their weights.

Values

1 to 8

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

1

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

parent

Syntax

parent scheduler-name [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]

no parent

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler parent)

Full Context

configure qos scheduler-policy tier scheduler parent

Description

This command defines an optional parent scheduler that is higher up the policy hierarchy. Only schedulers in tier levels 2 and 3 can have a parental association. When multiple schedulers, policers (at egress only), and/or queues share a child status with the scheduler on the parent, the weight or strict parameters define how this scheduler contends with the other children for the parent’s bandwidth. The parent scheduler can be removed or changed at any time and is immediately reflected on the schedulers created by association of this scheduler policy.

When a parent scheduler is defined without specifying weight or strict parameters, the default bandwidth access method is weight with a value of 1.

The no form of this command removes a child association with a parent scheduler. If a parent association does not currently exist, the command has no effect and returns without an error. When a parent association has been removed, the former child scheduler attempts to operate based on its configured rate parameter. Removing the parent association on the scheduler within the policy will take effect immediately on all schedulers with scheduler-name that have been created using the scheduler-policy-name.

Parameters

scheduler-name

Specifies a scheduler name. The scheduler-name must already exist within the context of the scheduler policy in a tier that is higher (numerically lower).

Values

Any valid scheduler-name existing on a higher tier within the scheduler policy.

weight weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A zero (0) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

Default

1

level level

Specifies the strict priority level of this scheduler in comparison to other child schedulers and queues vying for bandwidth on the parent scheduler-name during the above-CIR distribution phase of bandwidth allocation. During the above-CIR distribution phase, any queues or schedulers defined at a lower strict level receive no parental bandwidth until all queues and schedulers defined with a higher (numerically larger) strict level on the parent have reached their maximum bandwidth or have satisfied their offered load requirements.

When the similar cir-level parameter default (undefined) are retained for the child scheduler, bandwidth is only allocated to the scheduler during the above-CIR distribution phase.

Children of the parent scheduler with a lower strict priority level will not receive bandwidth until all children with a higher strict priority level have either reached their maximum bandwidth or are idle. Children with the same strict level are serviced in relation to their relative weights.

Values

1 to 8

Default

1

cir-weight cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the queue or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A zero (0) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Default

1

cir-level cir-level

Specifies the strict priority CIR level of this scheduler in comparison to other child schedulers and queues vying for bandwidth on the parent scheduler-name during the within-CIR distribution phase of bandwidth allocation. During the within-CIR distribution phase, any queues or schedulers defined at a lower strict CIR level receive no parental bandwidth until all queues and schedulers defined with a higher (numerically larger) strict CIR level on the parent have reached their CIR bandwidth or have satisfied their offered load requirements.

If the scheduler’s cir-level parameter retains the default (undefined) state, bandwidth is only allocated to the scheduler during the above-CIR distribution phase.

Children with the same strict cir-level are serviced according to their cir-weight.

Values

0 to 8

Default

0

Platforms

All

parent

Syntax

parent [weight weight] [cir-weight cir-weight]

no parent

Context

[Tree] (config>service>cust>multi-service-site>ingress>sched-override>scheduler parent)

[Tree] (config>service>cust>multi-service-site>egress>sched-override>scheduler parent)

Full Context

configure service customer multi-service-site ingress scheduler-override scheduler parent

configure service customer multi-service-site egress scheduler-override scheduler parent

Description

This command overrides the scheduler’s parent weight and CIR weight information. The weights apply to the associated level or cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy. This allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non-default weightings for fostered schedulers.

The no form of the command returns the scheduler’s parent weight and CIR weight to the value configured in the applied scheduler policy.

Default

no parent

Parameters

weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit. A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values

0 to 100

Default

1

cir-weight

Specifies the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit. A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values

0 to 100

Default

0

Platforms

All

parent-location

parent-location

Syntax

parent-location {default | sla}

no parent-location

Context

[Tree] (config>qos>sap-egress parent-location)

Full Context

configure qos sap-egress parent-location

Description

This command determines the expected location of the parent schedulers for queues configured with a parent command within the sap-egress policy. All parent schedulers must be configured within a scheduler-policy applied at the location corresponding to the parent-location parameter.

If a parent scheduler name does not exist at the specified location, the queue will not be parented and will be orphaned.

The no form of this command reverts to the default.

Default

parent-location default

Parameters

default

When the sap-egress policy is applied to an sla-profile for a subscriber, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the subscriber’s sub-profile.

When the sap-egress policy is applied to a SAP, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the SAP or the multiservice site.

sla

When the sap-egress policy is applied to an sla-profile for a subscriber, the parent schedulers of the queues need to be configured in the scheduler-policy applied to the same sla-profile.

If this parameter is configured within a sap-egress policy that is applied to any object except of the egress of an sla-profile, the configured parent schedulers will not be found and so the queues will not be parented and will be orphaned. This parameter is not supported when policers-hqos-manageable is configured in the SAP egress QoS policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

parent-location

Syntax

parent-location {none | sub | vport}

no parent-location

Context

[Tree] (config>qos>scheduler-policy>tier parent-location)

Full Context

configure qos scheduler-policy tier parent-location

Description

This command determines the expected location of the parent schedulers for the tier 1 schedulers configured with a parent command within the scheduler-policy. The parent schedulers must be configured within a scheduler-policy applied at the location corresponding to the parent-location parameter.

If a parent scheduler name does not exist at the specified location, the schedulers will not be parented and will be orphaned.

The configuration of parent-location and frame-based-accounting in a scheduler policy is mutually exclusive in order to ensure consistency between the different scheduling levels.

The no form of this command reverts to the default.

Default

parent-location none

Parameters

none

This parameter indicates that the tier 1 schedulers do not have a parent scheduler and the configuration of the parent under a tier 1 scheduler is blocked. Conversely, this parameter is blocked when any tier 1 scheduler has a parent configured.

sub

When the scheduler-policy is applied to an sla-profile for a subscriber, the parent schedulers of the tier 1 schedulers need to be configured in the scheduler-policy applied to the subscriber’s sub-profile.

If this parameter is configured within a scheduler-policy that is applied to any object except for the egress of an sla-profile, the configured parent schedulers will not be found and so the tier 1 schedulers will not be parented and will be orphaned.

vport

When the scheduler-policy is applied to an sla-profile, a sub-profile for a subscriber, or to the egress of a pseudowire SAP, the parent schedulers of the tier 1 schedulers need to be configured in the scheduler-policy applied to the Vport to which the subscriber will be assigned.

If this parameter is configured within a scheduler-policy that is applied to any object except for the egress of an sla-profile or sub-profile, or to the egress of a PW SAP, the configured parent schedulers will not be found and so the tier 1 schedulers will not be parented and will be orphaned.

Platforms

All

parent-mid-pool

parent-mid-pool

Syntax

parent-mid-pool mid-pool-id

no parent-mid-pool

Context

[Tree] (config>qos>hs-port-pool-policy>alt-port-class-pools>class-pool parent-mid-pool)

[Tree] (config>qos>hs-port-pool-policy>std-port-class-pools>class-pool parent-mid-pool)

Full Context

configure qos hs-port-pool-policy alt-port-class-pools class-pool parent-mid-pool

configure qos hs-port-pool-policy std-port-class-pools class-pool parent-mid-pool

Description

This command creates the buffer allocation mapping between the associated class pool and the specified mid-pool. Use care when selecting a mid-pool in an active state (properly mapped to a root-pool with a non-zero allocation percentage). If a port-class pool is parented by an inactive mid-pool, the queues using the port-class pool are forced into an operational MBS setting of 0, causing all packet to be discarded. A port-class pool can be made inactive (no available buffers) by executing parent-mid-pool none in the port-class pool context.

The no form of the command reverts to the class-pool parenting value. For the standard port-class pools, this default is 1. For alternate port-class pools the default is none.

Default

alt-port-class-pools: none

std-port-class-pools: 1

Parameters

mid-pool-id

Specifies the mid-pool identifier in the HS pool policy. Either a valid mid-pool ID or none must be specified when executing the parent-mid-pool command. The mid-pool-id parameter defines the parent mid-pool to which the port-class is associated. The none keyword deactivates the port-class pool, causing the pool to have a zero size. A queue can still map to an inactive port-class pool although all packets are discarded by the queue.

Values

1 to 16, none

Platforms

7750 SR-7/12/12e

parent-root-pool

parent-root-pool

Syntax

parent-root-pool root-pool-id

no parent-root-pool

Context

[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool parent-root-pool)

Full Context

configure qos hs-pool-policy mid-tier mid-pool parent-root-pool

Description

This command creates a buffer allocation mapping between the associated mid-pool mid-pool-id and the specified parent-root-pool root-pool-id. The specified root pool ID must have a non-zero allocation-weight or the command fails. After a mid-pool is successfully associated with a root-pool, the parent root-pool’s allocation-weight value cannot be set to zero.

When the root-pool-id is set to none, no buffers are assigned to the mid-tier pool.

The no form of the command reverts to the default.

Default

parent-root-pool 1

Parameters

root-pool-id

Specifies the parent root pool to which the mid-pool is associated. This parameter is required when executing the parent-root-pool command.

Values

1 to 16, none

Platforms

7750 SR-7/12/12e

participant-id

participant-id

Syntax

participant-id participant-id

no participant-id

Context

[Tree] (config>app-assure>group>http-error-redirect participant-id)

Full Context

configure application-assurance group http-error-redirect participant-id

Description

This command specifies a 32-character string assigned to the operator by Barefruit. It is used by barefruit landing servers (applies to template # 1 only).

Default

no participant-id

Parameters

participant-id

Specifies the 32-character string supplied by Barefruit.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

participate

participate

Syntax

[no] participate

Context

[Tree] (config>router>isis>flex-algos>flex-algo participate)

Full Context

configure router isis flexible-algorithms flex-algo participate

Description

This command enables IS-IS participation in a specific flexible algorithm.

The router advertises its capability to participate in a specific flexible algorithm within the IS-IS router-capability TLV. Router participation in a flexible algorithm assumes that segment routing and, consequently the advertise-router-capability area is enabled. However, a router only advertises flexible algorithm participation when it can support the corresponding winning flexible algorithm definition. The flexible algorithm participation is not enabled by default.

The no form of this command disables participation for a particular flexible algorithm.

Default

no participate

Platforms

All

participate

Syntax

[no] participate

Context

[Tree] (config>router>ospf>flex-algos>flex-algo participate)

Full Context

configure router ospf flexible-algorithms flex-algo participate

Description

This command enables OSPFv2 participation in a specific flexible algorithm.

The router advertises its capability to participate in a specific flexible algorithm within the OSPFv2 SR algorithm TLV of the router information opaque LSA. Router participation in a flexible algorithm assumes that segment routing and, consequently, the advertise-router-capability area is enabled. However, a router only advertises flexible algorithm participation when it can support the corresponding winning flexible algorithm definition. The flexible algorithm participation is not enabled by default.

The no form of this command disables participation for a specific flexible algorithm.

Default

no participate

Platforms

All

partner-down-delay

partner-down-delay

Syntax

partner-down-delay [hrs hours] [min minutes] [sec seconds]

no partner-down-delay

Context

[Tree] (config>router>dhcp>server>failover partner-down-delay)

[Tree] (config>router>dhcp6>server>failover partner-down-delay)

[Tree] (config>service>vprn>dhcp>server>failover partner-down-delay)

[Tree] (config>service>vprn>dhcp6>server>pool>failover partner-down-delay)

[Tree] (config>service>vprn>dhcp>server>pool>failover partner-down-delay)

[Tree] (config>router>dhcp>server>pool>failover partner-down-delay)

[Tree] (config>router>dhcp6>server>pool>failover partner-down-delay)

[Tree] (config>service>vprn>dhcp6>server>failover partner-down-delay)

Full Context

configure router dhcp local-dhcp-server failover partner-down-delay

configure router dhcp6 local-dhcp-server failover partner-down-delay

configure service vprn dhcp local-dhcp-server failover partner-down-delay

configure service vprn dhcp6 local-dhcp-server pool failover partner-down-delay

configure service vprn dhcp local-dhcp-server pool failover partner-down-delay

configure router dhcp local-dhcp-server pool failover partner-down-delay

configure router dhcp6 local-dhcp-server pool failover partner-down-delay

configure service vprn dhcp6 local-dhcp-server failover partner-down-delay

Description

This command configures the partner down delay time. Since the DHCP lease synchronization failure can be caused by the failure of the intercommunication link (and not necessary the entire node), there is a possibility the redundant DHCP servers become isolated in the network. In other words, they can serve DHCP clients but they cannot synchronize the lease. This can lead to duplicate assignment of IP addresses, since the servers have configured overlapping IP address ranges but they are not aware of each other’s leases.

The purpose of the partner down delay is to prevent the IP lease duplication during the intercommunication link failure by not allowing new IP addresses to be assigned from the remote IP address range. This timer is intended to provide the operator with enough time to remedy the failed situation and to avoid duplication of IP addresses or prefixes during the failure.

During the partner-down-delay time, the prefix designated as remote is eligible only for renewals of the existing DHCP leases that have been synchronized by the peering node. Only after the sum of the partner-down-delay and the maximum-client-lead-time will the prefix designated as remote be eligible for delegation of the new DHCP leases. When this occurs, we say that the remote IP address range has been taken over.

It is possible to expedite the takeover of a remote IP address range so that the new IP leases can start being delegated from that range shortly after the intercommunication failure is detected. This can be achieved by configuring the partner-down-delay timer to 0 seconds, along with enabling the ignore-mclt-on-takeover CLI flag. Caution must be taken before enabling this functionality. It is safe to bypass safety timers (partner-down-delay + MCLT) only in cases where the operator is certain that the intercommunication between the nodes has failed due to the entire node failure and not due to the intercommunication (MCS) link failure. Failed intercommunication due to the nodal failure would ensure that only one node is present in the network for IP address delegation (as opposed to two isolated nodes with overlapping IP address ranges where address duplication can occur). For this reason, the operator must ensure that there are redundant paths between the nodes to ensure uninterrupted synchronization of DHCP leases.

In access-driven mode of operation, partner-down-delay has no effect.

The no form of this command reverts to the default.

Default

partner-down-delay hrs 23 min 59 sec 59

Parameters

partner-down-delay

Specifies the partner down delay time.

Values

hrs hours

1 to 23

min minutes

1 to 59

sec seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

passive

passive

Syntax

[no] passive

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy passive)

Full Context

configure subscriber-mgmt bgp-peering-policy passive

Description

This command enables the passive mode for the BGP neighbors.

The no form of this command disables the passive mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

passive

Syntax

[no] passive

Context

[Tree] (config>service>vprn>bgp>group passive)

[Tree] (config>service>vprn>bgp>group>neighbor passive)

Full Context

configure service vprn bgp group passive

configure service vprn bgp group neighbor passive

Description

This command enables passive mode for the BGP group or neighbor.

When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.

The no form of this command used at the group level disables passive mode where BGP actively attempts to connect to its peers.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no passive — BGP will actively try to connect to all the configured peers.

Platforms

All

passive

Syntax

[no] passive

Context

[Tree] (config>service>vprn>isis>if passive)

[Tree] (config>service>vprn>isis>if>level passive)

Full Context

configure service vprn isis interface passive

configure service vprn isis interface level passive

Description

This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.

When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and does not transmit IS-IS protocol PDUs.

The no form of this command removes the passive attribute.

Default

no passive

Platforms

All

passive

Syntax

[no] passive

Context

[Tree] (config>service>vprn>ospf3>area>if passive)

[Tree] (config>service>vprn>ospf>area>if passive)

Full Context

configure service vprn ospf3 area interface passive

configure service vprn ospf area interface passive

Description

This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.

By default, only interface addresses that are configured for OSPF are advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.

While in passive mode, the interface ignores ingress OSPF protocol packets and does not transmit any OSPF protocol packets.

The no form of this command removes the passive property from the OSPF interface.

Default

no passive

Platforms

All

passive

Syntax

[no] passive

Context

[Tree] (config>router>bgp>group>neighbor passive)

[Tree] (config>router>bgp>group passive)

Full Context

configure router bgp group neighbor passive

configure router bgp group passive

Description

Enables/disables passive mode for the BGP group or neighbor.

When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.

The no form of this command used at the group level disables passive mode where BGP actively attempts to connect to its peers.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

no passive

Platforms

All

passive

Syntax

[no] passive

Context

[Tree] (config>router>isis>if passive)

[Tree] (config>router>isis>if>level passive)

Full Context

configure router isis interface passive

configure router isis interface level passive

Description

This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.

When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and does not transmit IS-IS protocol PDUs.

The no form of this command removes the passive attribute.

Default

no passive

Platforms

All

passive

Syntax

[no] passive

Context

[Tree] (config>router>ospf>area>interface passive)

[Tree] (config>router>ospf3>area>interface passive)

Full Context

configure router ospf area interface passive

configure router ospf3 area interface passive

Description

This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.

By default, only interface addresses that are configured for OSPF will be advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.

While in passive mode, the interface will ignore ingress OSPF protocol packets and not transmit any OSPF protocol packets.

The no form of this command removes the passive property from the OSPF interface.

Default

no passive

Platforms

All

passive-dns

passive-dns

Syntax

passive-dns

Context

[Tree] (config>app-assure>group>ip-id-asst passive-dns)

Full Context

configure application-assurance group ip-identification-assist passive-dns

Description

Commands in this context configure passive DNS monitoring for the IP identification assist feature.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

passive-mode

passive-mode

Syntax

[no] passive-mode

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ep passive-mode)

Full Context

configure redundancy multi-chassis peer mc-endpoint passive-mode

Description

This command configures the passive mode behavior for the MC-EP protocol. When in passive mode the MC-EP pair will be dormant until two of the pseudowires in a MC-EP will be signaled as active by the remote PEs, being assumed that the remote pair is configured with regular MC-EP. As soon as more than one pseudowire is active, dormant MC-EP pair will activate. It will use the regular exchange to select the best pseudowire between the active ones and it will block the Rx and Tx directions of the other pseudowires.

The no form of this command will disable the passive mode behavior.

Default

no passive-mode

Platforms

All

passkey

passkey

Syntax

passkey passkey

Context

[Tree] (config>system>bluetooth passkey)

Full Context

configure system bluetooth passkey

Description

This command configures the Bluetooth passkey that is used during pairing. This passkey must match in both devices that are attempting the pairing operation.

Default

passkey 123456

Parameters

passkey

Specifies the six-digit Bluetooth passkey.

Values

000000 to 999999

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

password

password

Syntax

password

Context

[Tree] (password)

Full Context

password

Description

This operational command changes the local user password.

This command is automatically invoked when a user logs in after the administrator uses the new-password-at-login command to force a new password, or the password has expired ( aging). At this time, the user is prompted to enter the old password, new password, and then the new password again to verify the input.

If the user fails to create a new password, CLI access is denied.

A user cannot configure a nonconforming password using the global password command. In this case, the CLI displays an error message and the password change fails. To configure a password value that does not conform to the minimum length or other password complexity rules, use the config>system>security>user>password command (for example, executed by an administrator).

Platforms

All

password

Syntax

password {ignore | chap password | pap password} [hash | hash2 | custom]

no password

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host password)

Full Context

configure subscriber-mgmt local-user-db ppp host password

Description

This command specifies a password type or configures password string for pap or chap. The pap and chap passwords are stored in a hashed format in the config files. The hash|hash2 optional keywords are used for config execution.

This command will only be interpreted if the local user database is connected directly to the PPPoE node under the VPRN/IES group interface. It is not used if the local user database is accessed by a local DHCP server.

The no form of this command reverts to the default.

Parameters

ignore

Specifies that the password be ignored, in which case authentication is always succeed, independent of the password used by the PPPoE client. The client must still perform authentication.

chap password

Specifies that the password, up to 64 characters, for Challenge-Handshake Authentication Protocol) (CHAP) is used. Only a password received with the CHAP protocol is accepted.

pap password

Specifies that the Password Authentication Protocol (PAP) is used, up to 64 characters. Only a password received with the PAP protocol is accepted, even though the CHAP protocol is proposed to the client first because it is unknown at the time of the offer which password type is allowed to the client.

hash | hash2

Specifies hashing scheme.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [{hash | hash2 | custom}]

no password

Context

[Tree] (config>router>l2tp>group>tunnel password)

[Tree] (config>service>vprn>l2tp>group>tunnel password)

[Tree] (config>router>l2tp>l2tpv3 password)

[Tree] (config>router>l2tp>group password)

[Tree] (config>service>vprn>l2tp>l2tpv3 password)

[Tree] (config>service>vprn>l2tp password)

[Tree] (config>router>l2tp password)

[Tree] (config>service>vprn>l2tp>group password)

[Tree] (config>service>vprn>l2tp>group>l2tpv3 password)

[Tree] (config>router>l2tp>group>l2tpv3 password)

Full Context

configure router l2tp group tunnel password

configure service vprn l2tp group tunnel password

configure router l2tp l2tpv3 password

configure router l2tp group password

configure service vprn l2tp l2tpv3 password

configure service vprn l2tp password

configure router l2tp password

configure service vprn l2tp group password

configure service vprn l2tp group l2tpv3 password

configure router l2tp group l2tpv3 password

Description

This command configures the password between L2TP LAC and LNS

The no form of this command removes the password.

Default

no password

Parameters

password

Configures the password used for challenge/response calculation and AVP hiding. The maximum length is up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (config>service>dynsvc>plcy>auth password)

Full Context

configure service dynamic-services dynamic-services-policy authentication password

Description

This command configures the password to be used for RADIUS authentication of data-triggered dynamic services.

The no form of this command removes the password from the configuration.

Parameters

password

Specifies the password that is used in RADIUS authentication of a data-triggered dynamic service. The maximum length is 20 characters if unhashed, 32 characters if hashed, and 54 characters if the hash2 keyword is specified.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2| custom]

no password

Context

[Tree] (config>subscr-mgmt>auth-policy password)

Full Context

configure subscriber-mgmt authentication-policy password

Description

This command sets a password that is sent with user-name in every RADIUS authentication request sent to the RADIUS server upon receipt of DHCP discover or request messages. If no password is configured, no password AVP is sent.

The no form of this command reverts to the default value.

Parameters

password

Specifies a text string containing the password. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>nasreq password)

Full Context

configure subscriber-mgmt diameter-application-policy nasreq password

Description

This command sets a password that is sent with user-name in every RADIUS authentication request sent to the RADIUS server upon receipt of DHCP discover or request messages. If no password is provided, an empty password is sent.

The no form of this command reverts to the default value.

Parameters

password

Specifies a text string containing the password. Allowed values are any string up to 64 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (config>aaa>route-downloader password)

Full Context

configure aaa route-downloader password

Description

This command specifies the password that is used in the RADIUS access requests.

The no form of this command resets the password to the default which is an empty string.

Parameters

password

Specifies a password string up to 32 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2| custom]

no password

Context

[Tree] (config>subscr-mgmt>vrgw>brg>brg-profile>radius-authentication password)

[Tree] (config>aaa>radius-srv-plcy>servers>health-check>test-account password)

Full Context

configure subscriber-mgmt vrgw brg brg-profile radius-authentication password

configure aaa radius-server-policy servers health-check test-account password

Description

This command specifies the password that the test account will use to send access requests to probe the RADIUS servers.

Parameters

password

Specifies the probing password up to 64 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password

Context

[Tree] (config>system>security password)

Full Context

configure system security password

Description

Commands in this context configure password-related parameters.

Platforms

All

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (config>ipsec>rad-auth-plcy password)

Full Context

configure ipsec radius-authentication-policy password

Description

This command specifies the password that is used in the RADIUS access requests.

The no form of this command resets the password to its default of ALU and will be stored using hash/hash2 encryption.

Default

no password

Parameters

password

Specifies a password string up to 64characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (config>aaa>isa-radius-plcy password)

Full Context

configure aaa isa-radius-policy password

Description

This command specifies the password that is used in the RADIUS access requests. It shall be specified as a string of up to 32 characters in length.

The no form of the command resets the password to its default of ALU and will be stored using hash/hash2 encryption.

Default

no password

Parameters

password

Specifies a password string up to 32 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

password

Syntax

password hex-string

no password

Context

[Tree] (config>li>x-interfaces>lics>lic>authentication password)

Full Context

configure li x-interfaces lics lic authentication password

Description

This command configures the password for the X1 and X2 interfaces.

The no form of this command reverts to the default.

Parameters

hex-string

Specifies the password. Must contain exactly 32 hex nibbles.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

password

Syntax

password [password]

Context

[Tree] (config>system>security>user password)

Full Context

configure system security user password

Description

This command configures the user password for console and FTP access.

The password is stored in an encrypted format in the configuration file when specified. Passwords should be encased in double quotes (" ") at the time of the password creation. The double quote character (") is not accepted inside a password. It is interpreted as the start or stop delimiter of a string.

The password can be entered as plain text or a hashed value. SR OS can distinguish between hashed passwords and plain text passwords and take the appropriate action to store the password correctly.

config>system>security>user# password testuser1

The password is hashed by default.

For example:

config>system>security# user testuser1
config>system>security>user$ password xyzabcd1
config>system>security>user# exit
config>system>security# info
-------------------------------------
...
            user "testuser1"
                password "$2y$10$pFoehOg/tCbBMPDJ/
kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
            exit
...
-------------------------------------
config>system>security# 

The password command allows you also to enter the password as a hashed value.

For example:

config>system>security# user testuser1
config>system>security>user$ password "$2y$10$pFoehOg/tCbBMPDJ/
kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
config>system>security>user# exit
config>system>security# info
-------------------------------------
...
user "testuser1"
password "$2y$10$pFoehOg/tCbBMPDJ/kqpu.8af0AoVGY2xsR7WFqyn5fVTnwRzGmOK"
exit
...
-------------------------------------
config>system>security#

Parameters

password

This is the password for the user that must be entered by this user during the login procedure. The minimum length of the password is determined by the minimum-length command. The maximum length can be up to 20 chars if unhashed, 32 characters if hashed. The complexity requirements for the password is determined by the complexity-rules command and must be followed; otherwise, the password will not be accepted.

All password special characters (#, $, spaces, and so on) must be enclosed within double quotes.

For example: config>system>security>user# password "south#bay?”

The question mark character (?) cannot be directly inserted as input during a telnet connection because the character is bound to the help command during a normal Telnet/console connection.

To insert a # or ? characters, they must be entered inside a notepad or clipboard program and then cut and pasted into the Telnet session in the password field that is encased in the double quotes as delimiters for the password.

If a password is entered without any parameters, a password length of zero is implied: (carriage return).

Platforms

All

password

Syntax

password password [hash | hash2 | custom]

no password

Context

[Tree] (bof password)

Full Context

bof password

Description

This command configures the password to access the BOF interactive menu at startup.

If a password is configured, the BOF interactive menu is accessible only when the correct password is entered. If the correct password is not entered in 30 s, the node reboots.

The no form of this command removes the configured password.

Default

no password

Parameters

password

Specifies the password.

If the hash, hash2, or custom parameter is not configured, the password is entered in plaintext and the password length must be between 8 and 32 characters. A plaintext password cannot contain embedded nulls or end with " hash”, " hash2”, or " custom”.

If the hash, hash2, or custom parameter is configured, the password is hashed and the password length must be between 1 and 64 characters.

hash

Keyword to specify that the password is entered in an encrypted form.

hash2

Keyword to specify that the password is entered in a more complex encrypted form. The hash2 encryption scheme is node-specific and the password cannot be transferred between nodes.

custom

Keyword to specify that the password uses custom encryption.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

password-history

password-history

Syntax

password-history {user user-name | all}

Context

[Tree] (admin>clear password-history)

Full Context

admin clear password-history

Description

This command is used to clear old passwords used by a specific user, or for all users.

Parameters

user-name

Clears the password history information about the specified user, up to 32 characters.

all

Clears the password history information for all users.

Platforms

All

pat-repetition

pat-repetition

Syntax

pat-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]

no pat-repetition

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pat-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pat-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pat-repetition)

Full Context

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pat-repetition

configure mcast-management multicast-info-policy bundle video analyzer alarms pat-repetition

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pat-repetition

Description

This command configures the analyzer to check for the program association table (PAT). It is expected that the PAT arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PAT fails to arrive within the specified interval. As the delay increases between two consecutive PATs, the type of alarm raised becomes more critical, from TNC to POA.

Default

no pat-repetition

Parameters

tnc-milli-seconds

Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.

Values

100 to 800 in multiples of 100 only

Default

100

qos-milli-seconds

Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.

Values

200 to 900 in multiples of 100 only and higher than the tnc-milli-seconds value

Default

200

poa-milli-seconds

Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PATs is greater than or equal to this configured value.

Values

300 to 1000 in multiples of 100 only and higher than the qos-milli-seconds value

Default

500

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pat-syntax

pat-syntax

Syntax

[no] pat-syntax

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pat-syntax)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pat-syntax)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pat-syntax)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pat-syntax

configure mcast-management multicast-info-policy bundle video analyzer alarms pat-syntax

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pat-syntax

Description

This command configures the analyzer to check for PAT syntax errors.

Default

no pat-syntax

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

path

path

Syntax

path xc-a lag-id xc-b lag-id

path pxc pxc-id

no path

Context

[Tree] (config>fwd-path-ext>fpe path)

Full Context

configure fwd-path-ext fpe path

Description

This command references a PXC (pair of PXC sub-ports) and consequently create an association between the PXC and the application which is referenced under the same FPE object. Each application will utilize the PXC in the form of an internal cross-connect. The exact use and internal provisioning of this cross-connect depends on the application itself.

The no form of this command removes the reference and association from the configuration.

Default

no path

Parameters

xc-a lag-id

Specifies the LAG identifier associated with one side of the cross-connect. The operator has the freedom to associate xc-a with LAG ID containing either sub-ports.a or sub-ports.b. In other words, the system does not perform automatic check that will ensure a match between xc-a and the LAG ID containing sub-ports.a.

Values

1 to 800

xc-b lag-id

Specifies the LAG identifier associated with one side of the cross-connect. The operator has the freedom to associate xc-a with LAG ID containing either sub-ports.a or sub-ports.b.

Values

1 to 800

pxc-id

Specifies the PXC identifier, the PXC construct that contains a physical port in a loopback mode that provides the cross-connect capability. The system creates two paired sub-ports on top of this physical port and each of these two sub-ports forwards traffic in one direction over the loopback. One sub-port is associated with the transit side of the loopback, while the other sub-port is associated with the termination side (see PXC Configuration Guides for further explanation).

Values

1 to 64

Platforms

All

path

Syntax

path path-id pxc pxc-id

path path-id xc-a lag-id xc-b lag-id

no path path-id

Context

[Tree] (config>fwd-path-ext>fpe>multi-path-list path)

Full Context

configure fwd-path-ext fpe multi-path-list path

Description

This command configures a multipath FPE forwarding path. A single path in a multipath FPE can contain a single PXC port or LAG of PXC ports.

The PXC references a physical port in loopback mode that provides the cross-connect capability. The system creates two paired subports on top of the physical port, each of which forwards traffic in one direction over the loopback. One subport is associated with the transit side of the loopback, while the other is associated with the termination side.

The no form of the command removes the path.

Parameters

path-id

Specifies a path ID for the forwarding path.

Values

1 to 64

pxc-id

Specifies a dedicated PXC ID for the forwarding path.

Values

1 to 64

xc-a lag-id

Specifies the LAG ID associated with one side (transit or termination) of the cross-connect. The operator can associate xc-a with the LAG containing either subports.a or subports.b. The system does not enforce a match between xc-a and the LAG ID containing subports.a.

Values

lag-[1 to 800]

xc-b lag-id

Specifies the LAG ID associated with the other side of the cross-connect (not designated for xc-a). The operator can associate xc-b with the LAG containing either subports.a or subports.b. The system does not enforce a match between xc-b and the LAG ID containing subports.b.

Values

lag-[1 to 800]

Platforms

All

path

Syntax

[no] path [sonet-sdh-index]

Context

[Tree] (config>port>sonet-sdh path)

Full Context

configure port sonet-sdh path

Description

This command defines the SONET/SDH path.

The no form of this command removes the specified SONET/SDH path.

This command is supported on TDM satellite.

Default

full channel (or clear channel)

Parameters

sonet-sdh-index

Specifies the components making up the specified SONET/SDH path. Depending on the type of SONET/SDH port the sonet-sdh-index must specify more path indexes to specify the payload location of the path. The sonet-sdh-index differs for SONET and SDH ports.

Values

sts192 (for the 7950 XRS only)

sts1-x.x (for the 7450 ESS and 7750 SR), tu3, vt2, vt15

SONET

SDH

OC-192

STS-48-index

STS-12-index

STS-3-index

STS-1-index

STM-64

AUG-16-index

AUG-4-index

AUG-1-index

AU-3-index

OC-48

STS-12-index

STS-3-index

STS-1-index

STM-16

AUG-4-index

AUG-1-index

AU-3-index

OC-12

STS-3-index

STS-1-index

STM-4

AUG-1-index

AU-3-index

OC-3

STS-1-index

STM-1

AU-3-index

In addition the support of virtual tributary circuits adds an additional level of complexity and several addition levels of indexes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path

Syntax

[no] path path-index

Context

[Tree] (config>eth-tunnel path)

Full Context

configure eth-tunnel path

Description

This command configures one of the two paths supported under the Ethernet tunnel.

The no form of this command removes the path from under the Ethernet tunnel. If this is the last path, the associated SAP need to be unconfigured before the path can be deleted.

Default

no path

Parameters

path-index

Specifies the identifier for the path.

Values

1 to 16

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path

Syntax

path name

no path

Context

[Tree] (config>service>epipe>spoke-sdp-fec path)

Full Context

configure service epipe spoke-sdp-fec path

Description

This command specifies the explicit path, containing a list of S-PE hops, that should be used for this spoke SDP. The path-name should correspond to the name of an explicit path configured in the config>service>pw-routing context.

If no path is configured, then each next-hop of the MS-PW used by the spoke SDP will be chosen locally at each T-PE and S-PE.

Default

no path

Parameters

name

The name of the explicit path to be used, as configured under the config>service>pw-routing context.

Platforms

All

path

Syntax

path path-index tag qtag[. qtag]

no path path-index

Context

[Tree] (config>service>ipipe>sap>eth-tunnel path)

[Tree] (config>service>epipe>sap>eth-tunnel path)

Full Context

configure service ipipe sap eth-tunnel path

configure service epipe sap eth-tunnel path

Description

This command configures Ethernet tunnel SAP path parameters.

The no form of this command removes the values from the configuration.

Parameters

path-index

Specifies the path index value.

Values

1 to 16

qtag[.qtag]

Specifies the qtag value.

Values

0 to 4094 | *

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path

Syntax

path path-index tag qtag[. qtag]

no path path-index

Context

[Tree] (config>service>vpls>sap>eth-tunnel path)

Full Context

configure service vpls sap eth-tunnel path

Description

This command configures Ethernet tunnel SAP path parameters.

The no form of this command removes the values from the configuration.

Parameters

path-index

Specifies the path index value.

Values

1 to 16

tag qtag[.qtag]

Specifies the qtag value.

Values

0 to 4094, * (wildcard)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path

Syntax

[no] path path-name

Context

[Tree] (config>router>mpls path)

Full Context

configure router mpls path

Description

This command creates the path to be used for an LSP. A path can be used by multiple LSPs. A path can specify some or all hops from ingress to egress and they can be either strict or loose. A path can also be empty (no path-name specified) in which case the LSP is set up based on IGP (best effort) calculated shortest path to the egress router. Paths are created in a shutdown state. A path must be shutdown before making any changes (adding or deleting hops) to the path. When a path is shutdown, any LSP using the path becomes operationally down.

To create a strict path from the ingress to the egress router, the ingress and the egress routers must be included in the path statement.

The no form of this command deletes the path and all its associated configuration information. All the LSPs that are currently using this path will be affected. Additionally all the services that are actively using these LSPs will be affected. A path must be shutdown and unbound from all LSPs using the path before it can be deleted. The no path path-name command will not result in any action except a warning message on the console indicating that the path may be in use.

Parameters

path-name

Specifies a unique case-sensitive alphanumeric name label for the LSP path up to 32 characters in length.

Platforms

All

path

Syntax

path [detail]

no path

Context

[Tree] (debug>router>rsvp>event path)

Full Context

debug router rsvp event path

Description

This command debugs path-related events.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about path-related events.

Platforms

All

path

Syntax

path [detail]

no path

Context

[Tree] (debug>router>rsvp>packet path)

Full Context

debug router rsvp packet path

Description

This command enables debugging for RSVP path packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about path-related events.

Platforms

All

path

Syntax

path name [create]

no path name

Context

[Tree] (config>service>pw-routing path)

Full Context

configure service pw-routing path

Description

This command configures an explicit path between this T-PE and a remote T-PE. For each path, one or more intermediate S-PE hops must be configured. A path can be used by multiple multi-segment pseudowires. Paths are used by a 7450 ESS, 7750 SR, or 7950 XRS T-PE to populate the list of Explicit Route TLVs included in the signaling of a dynamic MS-PW.

A path may specify all or only some of the hops along the route to reach a T-PE.

The no form of the command removes a specified explicit path from the configuration.

Parameters

path-name

Specifies a locally-unique case-sensitive alphanumeric name label for the MS-PW path of up to 32 characters in length.

Platforms

All

path

Syntax

path {a | b} [{port-id | lag-id} raps-tag qtag1[. qtag2]]

no path {a | b}

Context

[Tree] (config>eth-ring path)

Full Context

configure eth-ring path

Description

This command assigns the ring (major or sub-ring) path to a port and defines the Ring APS tag. Rings typically have two paths: a and b.

The no form of this command removes the path a or b.

Default

no path

Parameters

port-id

Specifies the port ID.

Values

slot/mda/port

lag-id

Specifies the LAG ID.

Values

lag — Keyword.

id — Specifies the LAG ID number.

raps-tag

Specifies the member encapsulation.

qtag1

Specifies the top or outer VLAN ID.

Values

1 to 4094

qtag2

Specifies the bottom or inner VLAN ID.

Values

1 to 4094

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path

Syntax

path path-name [create]

no path name

Context

[Tree] (config>system>telemetry>sensor-groups>sensor-group path)

Full Context

configure system telemetry sensor-groups sensor-group path

Description

This command configures a sensor path for the specified sensor-group. Multiple sensor paths can be defined for a single sensor-group. The path is defined in the form of an XML Path (XPath) syntax that refers to single or multiple objects within the YANG model.

The no form of the command removes the specified explicit path from the configuration.

Parameters

path-name

Specifies a sensor path, up to 512 characters.

create

Keyword used to create the sensor path.

Platforms

All

path-b

path-b

Syntax

[no] path-b

Context

[Tree] (config>redundancy>mc>peer>mcr>ring path-b)

Full Context

configure redundancy multi-chassis peer mc-ring ring path-b

Description

This command specifies the set of upper-VLAN IDs associated with the SAPs that belong to path B with respect to load-sharing. All other SAPs belong to path A.

Default

If not specified, the default is an empty set.

Platforms

All

path-computation-method

path-computation-method

Syntax

path-computation-method path-computation-method

no path-computation-method

Context

[Tree] (config>router>mpls>lsp-template path-computation-method)

[Tree] (config>router>mpls>lsp path-computation-method)

Full Context

configure router mpls lsp-template path-computation-method

configure router mpls lsp path-computation-method

Description

This command configures the path computation method of a RSVP-TE or SR-TE LSP.

The user can select among the hop-to-label translation, the local CSPF or the PCE for a configured SR-TE LSP. For SR-TE LSP templates, the PCE option is supported with the SR-TE LSP template type on-demand-p2p-srte and not other template types.

The user can select among the IGP-based path, the local CSPF, or the PCE for a configured RSVP-TE LSP. The PCE option is not supported with the RSVP-TE LSP template.

By default, the IGP-based path is used for an RSVP-TE LSP and the hop-to-label path computation method is used for an SR-TE LSP.

The no form of this command returns to the default path computation method for the type of LSP.

Default

no path-computation-method

Parameters

path-computation-method

Specifies the path computation method for the LSP.

Values

local-cspf — Selects the local router CSPF for path computation.

pce — Selects the PCE for path computation.

Platforms

All

path-cost

path-cost

Syntax

path-cost sap-path-cost

no path-cost [sap-path-cost]

Context

[Tree] (config>service>template>vpls-sap-template>stp path-cost)

[Tree] (config>service>vpls>sap>stp path-cost)

[Tree] (config>service>vpls>spoke-sdp>stp path-cost)

Full Context

configure service template vpls-sap-template stp path-cost

configure service vpls sap stp path-cost

configure service vpls spoke-sdp stp path-cost

Description

This command configures the Spanning Tree Protocol (STP) path cost for the SAP or spoke-SDP.

The path cost is used by STP to calculate the path cost to the root bridge. The path cost in BPDUs received on the root port is incremented with the configured path cost for that SAP or spoke-SDP. When BPDUs are sent out of other egress SAPs or spoke-SDPs, the newly calculated root path cost is used. These are the values used for CIST when running MSTP.

STP suggests that the path cost is defined as a function of the link bandwidth. Since SAPs and spoke-SDPs are controlled by complex queuing dynamics, in the 7450 ESS, 7750 SR, and 7950 XRS the STP path cost is a purely static configuration.

The no form of this command returns the path cost to the default value.

Parameters

path-cost

The path cost for the SAP or spoke-SDP

Values

1 to 200000000 (1 is the lowest cost)

Default

10

Platforms

All

path-cost

Syntax

path-cost sap-path-cost

no path-cost

Context

[Tree] (config>service>pw-template>stp path-cost)

Full Context

configure service pw-template stp path-cost

Description

This command configures the Spanning Tree Protocol (STP) path cost for the SAP or spoke SDP.

The path cost is used by STP to calculate the path cost to the root bridge. The path cost in BPDUs received on the root port is incremented with the configured path cost for that SAP or spoke SDP. When BPDUs are sent out other egress SAPs or spoke SDPs, the newly calculated root path cost is used. These are the values used for CIST when running MSTP.

STP suggests that the path cost is defined as a function of the link bandwidth. Since SAPs and spoke SDPs are controlled by complex queuing dynamics, the STP path cost is a purely static configuration.

The no form of this command returns the path cost to the default value.

Default

path-cost 10

Parameters

path-cost

Specifies the path cost for the SAP or spoke SDP.

Values

1 to 200000000 (1 is the lowest cost)

Default

10

Platforms

All

path-destination

path-destination

Syntax

path-destination ip-address interface if-name

path-destination ip-address [next-hop ip-address]

no path-destination

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy path-destination)

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy path-destination)

Full Context

configure saa test type-multi-line lsp-ping sr-policy path-destination

configure saa test type-multi-line lsp-trace sr-policy path-destination

Description

This command configures the IP address of the path destination from the range 127/8. When the LDP FEC prefix is IPv6, the user must enter a 127/8 IPv4 mapped IPv6 address, that is, in the range ::ffff:127/104.

The no form of this command removes the configuration.

Parameters

ip-address

Specifies the IP address.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

if-name

Specifies the name of an IP interface, up 32 characters, to send the MPLS echo request to. The name must already exist in the config>router>interface context.

Platforms

All

path-discovery

path-discovery

Syntax

path-discovery

Context

[Tree] (config>test-oam>ldp-treetrace path-discovery)

Full Context

configure test-oam ldp-treetrace path-discovery

Description

This command creates the context to configure the LDP ECMP OAM path discovery.

The ingress LER builds the ECMP tree for a given FEC (egress LER) by sending LSP Trace messages and including the LDP IPv4 Prefix FEC TLV as well as the downstream mapping TLV. It inserts an IP address range drawn from the 127/8 space. When received by the downstream LSR, it uses this range to determine which ECMP path is exercised by any IP address or a sub-range of addresses within that range based on its internal hash routine. When the MPLS Echo reply is received by the ingress LER, it records this information and proceeds with the next echo request message targeted for a node downstream of the first LSR node along one of the ECMP paths. The sub-range of IP addresses indicated in the initial reply is used since the objective is to have the LSR downstream of the ingress LER pass this message to its downstream node along the first ECMP path.

The user configures the frequency of running the tree discovery using the command config>test-oam>ldp-treetrace>path-discovery>interval.

The ingress LER gets the list of FECs from the LDP FEC database. New FECs are added to the discovery list at the next tree discovery and not when they are learned and added into the FEC database. The maximum number of FECs to be discovered with the tree building feature is limited to 500. The user can configure FECs to include or exclude using a policy profile by applying the command config>test-oam>ldp-treetrace>path-discovery>policy-statement.

Platforms

All

path-excl

path-excl

Syntax

[no] path-excl

Context

[Tree] (config>redundancy>mc>peer>mcr>ring path-excl)

Full Context

configure redundancy multi-chassis peer mc-ring ring path-excl

Description

This command specifies the set of upper-VLAN IDs associated with the SAPs that are to be excluded from control by the multi-chassis ring.

Default

If not specified, the default is an empty set.

Platforms

All

path-id

path-id

Syntax

path-id {lsp-num lsp-num | working-path | protect-path [src-global-id src-global-id] src-node-id src-node-id src-tunnel-num src-tunnel-num [dest-global-id dest-global-id] dest-node-id dest-node-id [dest-tunnel-num dest-tunnel-num]}

no path-id

Context

[Tree] (config>router>mpls>mpls-tp>transit-path path-id)

Full Context

configure router mpls mpls-tp transit-path path-id

Description

This command configures path ID for an MPLS-TP transit path at an LSR. The path ID is equivalent to the MPLS-TP LSP ID and is used to generate the maintenance entity group intermediate point (MIP) identifier for the LSP at the LSR. A path-id must be configured for on-demand OAM to verify an LSP at the LSR.

The path-id must contain at least the following parameters: lsp-num, src-node-id, src-global-id, src-tunnel-num, dest-node-id.

The path-id must be unique on a node. It is recommended that his is also configured to be a globally unique value.

The no form of this command removes the path ID from the configuration.

Default

no path-id

Parameters

lsp-num

Specifies the LSP number.

Values

1 to 65535, or working path, or protect-path. A working-path is equivalent to an lsp-num of 1, and a protect-path is an lsp-num of 2.

src-global-id

Specifies the source global ID.

Values

0 to 4294967295

src-node-id

Specifies the source node ID.

Values

a.b.c.d or 1 to 4294967295

src-tunnel-num

Specifies the source tunnel number.

Values

1 to 61440

dest-global-id

Specifies the destination global ID. If the destination global ID is not entered, then it is set to the same value as the source global ID.

Values

0 to 4294967295

dest-node-id

Specifies the destination node ID.

Values

a.b.c.d or 1 to 4294967295

dest-tunnel-num

Specifies the destination tunnel number. If the destination tunnel number is not entered, then it is set to the same value as the source tunnel number.

Values

1 to 61440

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path-mtu

path-mtu

Syntax

path-mtu [bytes]

no path-mtu bytes

Context

[Tree] (config>service>sdp path-mtu)

Full Context

configure service sdp path-mtu

Description

This command configures the Maximum Transmission Unit (MTU) in bytes that the Service Distribution Point (SDP) can transmit to the far-end device router without packet dropping or IP fragmentation overriding the SDP-type default path-mtu.

The default SDP-type path-mtu can be overridden on a per SDP basis. Dynamic maintenance protocols on the SDP like RSVP may override this setting.

If the physical mtu on an egress interface or PoS channel indicates the next hop on an SDP path cannot support the current path-mtu, the operational path-mtu on that SDP will be modified to a value that can be transmitted without fragmentation.

The no form of this command removes any path-mtu defined on the SDP and the SDP will use the system default for the SDP type.

Default

no path-mtu — Specifies the default path-mtu defined on the system for the type of SDP is used.

Parameters

bytes

Specifies the bytes.

Values

576 to 9800

Platforms

All

path-mtu-discovery

path-mtu-discovery

Syntax

[no] path-mtu-discovery

Context

[Tree] (config>router>ldp>tcp-session-params>peer-transport path-mtu-discovery)

Full Context

configure router ldp tcp-session-parameters peer-transport path-mtu-discovery

Description

This command enables Path MTU discovery for the associated TCP connections. When enabled, the MTU for the associated TCP session is initially set to the egress interface MTU. The DF bit is also set so that if a router along the path of the TCP connection cannot handle a packet of a particular size without fragmenting, it sends back an ICMP message to set the path MTU for the given session to a lower value that can be forwarded without fragmenting.

If one or more transport addresses used in the Hello adjacencies to the same peer LSR are different from the LSR-ID value, the user must add each of the transport addresses to the path MTU discovery configuration as a separate peer. This means when the TCP connection is bootstrapped by a given Hello adjacency, the path MTU discovery can operate over that specific TCP connection by using its specific transport address.

Default

no path-mtu-discovery

Platforms

All

path-mtu-discovery

Syntax

[no] path-mtu-discovery

Context

[Tree] (config>router>bgp>group>neighbor path-mtu-discovery)

[Tree] (config>router>bgp>group path-mtu-discovery)

[Tree] (config>router>bgp path-mtu-discovery)

Full Context

configure router bgp group neighbor path-mtu-discovery

configure router bgp group path-mtu-discovery

configure router bgp path-mtu-discovery

Description

This command enables Path MTU Discovery (PMTUD) for the associated TCP connections.

When enabled, PMTUD is activated toward an IPv4 BGP neighbor. The Don’t Fragment (DF) bit is set in the IP header of all IPv4 packets sent to the peer. If any device along the path toward the peer cannot forward the packet because the IP MTU of the interface is smaller than the IP packet size, the device drops the packet and sends an ICMP or ICMPv6 error message encoding the interface MTU. When the router receives the ICMP or ICMPv6 message, it lowers the TCP maximum segment size limit from the previous value to accomodate the IP MTU constraint.

When PMTUD is disabled and there is no tcp-mss configuration to associate with a BGP neighbor (in either the BGP configuration or the first-hop IP interface configuration), the router advertises a TCP MSS option of only 1024 bytes, limiting received TCP segments to that size.

The no form of this command disables PMTUD.

Default

no path-mtu-discovery

Platforms

All

path-preference

path-preference

Syntax

path-preference value

no path-preference

Context

[Tree] (config>router>mpls>lsp>secondary path-preference)

Full Context

configure router mpls lsp secondary path-preference

Description

This command enables the use of path preference among configured standby secondary paths per LSP. If all standby secondary paths have a default path-preference value then a non-standby secondary path will remain the active path while a standby secondary is available. A standby secondary path configured with the highest priority (for example, the lowest path-preference value) is made the active path when the primary is not in use. If multiple standby secondary paths have the same, lowest, path-preference value then the system will select the path with the highest up-time. Path preference can only be configured on the standby secondary paths.

The no form of this command resets the path-preference to the default value.

Default

path-preference 255

Parameters

value

Specifies an alternate path for the LSP if the primary path is not available.

Values

1 to 255

Platforms

All

path-probing

path-probing

Syntax

path-probing

Context

[Tree] (config>test-oam>ldp-treetrace path-probing)

Full Context

configure test-oam ldp-treetrace path-probing

Description

This command creates the context to configure the LDP tree trace path probing phase.

The periodic path exercising runs in the background to test the LDP ECMP paths discovered by the path discovery capability. The probe used is an LSP Ping message with an IP address drawn from the sub-range of 127/8 addresses indicated by the output of the tree discovery for this FEC.

The user configures the frequency of running the path probes using the config>test-oam>ldp-treetrace>path-probing>interval command. If an I/F is down on the ingress LER performing the LDP tree trace, then LSP Ping probes that normally go out this interface are not sent but the ingress LER node does not raise alarms.

The LSP Ping routine updates the content of the MPLS echo request message, specifically the IP address, as soon as the LDP ECMP path discovery phase has output the results of a new computation for the path in question.

Platforms

All

path-profile

path-profile

Syntax

path-profile profile-id [path-group group-id]

no path-profile profile-id

Context

[Tree] (config router mpls lsp-template path-profile)

[Tree] (config router mpls lsp path-profile)

Full Context

configure router mpls lsp-template path-profile

configure router mpls lsp path-profile

Description

This command configures the PCE path profile and path group ID.

The PCE supports the computation of disjoint paths for two different LSPs originating and/or terminating on the same or different PE routers. To indicate this constraint to the PCE, the user must configure the PCE path profile ID and path group ID to which the PCE computed or PCE controlled LSP belongs to. These parameters are passed transparently by the PCC to the PCE and are thus opaque data to the router.

The association of the optional path-group ID is to allow the PCE to determine the profile ID that must be used with this path-group ID. One path-group ID is allowed per profile ID. The user can, however, enter the same path-group ID with multiple profile IDs by executing this command multiple times. A maximum of five path-profile [path-group] entries can be associated with the same LSP.

The no form of this command removes the path profile association with the LSP.

Parameters

profile-id

Specifies the profile ID.

Values

1 to 4294967295

path-group group-id

Specifies the path group ID.

Values

0 to 4294967295

Platforms

All

path-restoration-state

path-restoration-state

Syntax

path-restoration-state {standby | auto}

no path-restoration-state

Context

[Tree] (config>subscr-mgmt>up-resiliency>fsg-template path-restoration-state)

Full Context

configure subscriber-mgmt up-resiliency fate-sharing-group-template path-restoration-state

Description

This command configures how the BNG-UP manages active FSGs if the BNG-UP becomes headless (PFCP path is in restoration/headless). The BNG-UP can always move all active FSGs to standby, or it can decide whether to move them to standby based on a series of heuristic tests. If any test indicates that the BNG-UP cannot forward traffic for the FSG, or another BNG-UP becomes active, the BNG-UP moves the FSG to standby.

The no form of this command removes the path restoration state configuration.
Note: This only applies to active FSGs; the UP never makes a standby FSG active without CP intervention.

Default

path-restoration-state auto

Parameters

standby

Keyword that indicates any FSG becomes standby when the BNG-UP becomes headless.

auto

Keyword that indicates the BNG-UP determines whether to change the state of the FSGs to standby based on a series of heuristic tests.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

path-restoration-time

path-restoration-time

Syntax

path-restoration-time minutes

no path-restoration-time

Context

[Tree] (config>subscr-mgmt>pfcp-association path-restoration-time)

Full Context

configure subscriber-mgmt pfcp-association path-restoration-time

Description

This command configures the time sessions are kept after a PFCP path failure is detected. When the timer expires, or if it is not configured, all sessions associated with the path are removed. If the path recovers without a restart before the timer expires, the timer is canceled, and no sessions are removed.

The no form of this command removes the path restoration configuration.

Default

no path-restoration-time

Parameters

minutes

Specifies the time, in minutes, that sessions are kept after a PFCP path failure. This timer should be configured to a value that is at least twice the sum of the heartbeat interval plus the total heartbeat timeout (heartbeat retries x heartbeat timeout = N1 x T1).

Values

5 to 1440

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

path-threshold

path-threshold

Syntax

path-threshold num-paths

no path-threshold

Context

[Tree] (config>eth-tunnel>lag-emulation path-threshold)

Full Context

configure eth-tunnel lag-emulation path-threshold

Description

This command configures the behavior for the eth-tunnel if the number of operational members is equal to or below a threshold level

Default

no path-threshold

Parameters

num-paths

Specifies the threshold for the Ethernet Tunnel group.

Values

0 to 15

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

path-type

path-type

Syntax

path-type {ibgp | ebgp}

no path-type

Context

[Tree] (config>router>policy-options>policy-statement>entry>from path-type)

Full Context

configure router policy-options policy-statement entry from path-type

Description

This command matches BGP routes based on their path type (EBGP or IBGP). A route learned from an EBGP peer has path-type ebgp. A route learned from an IBGP or confed-EBGP peer has path-type ibgp.

A non-BGP route does not match a policy entry if it contains the path-type command.

Default

no path-type

Parameters

ibgp

Matches routes from internal BGP peers.

ebgp

Matches routes from external BGP peers.

Platforms

All

patherr

patherr

Syntax

patherr [detail]

no patherr

Context

[Tree] (debug>router>rsvp>packet patherr)

Full Context

debug router rsvp packet patherr

Description

This command debugs path error packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about path error packets.

Platforms

All

pathtear

pathtear

Syntax

pathtear [detail]

no pathtear

Context

[Tree] (debug>router>rsvp>packet pathtear)

Full Context

debug router rsvp packet pathtear

Description

This command debugs path tear packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about path tear packets.

Platforms

All

pattern

pattern

Syntax

pattern pad-value

no pattern

Context

[Tree] (config>oam-pm>session>ip pattern)

Full Context

configure oam-pm session ip pattern

Description

This command configures the pattern value to be repeated in the padding portion of the TWAMP Light packet.

The no form of this command uses an incrementing byte pattern beginning with 00 and ending with FF, wrapping back to 00.

Default

pattern 0

Parameters

pad-value

Specifies the specific pattern to use.

Values

0 to 65535

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pattern

Syntax

pattern pad-value

no pattern

Context

[Tree] (config>oam-pm>session>mpls pattern)

Full Context

configure oam-pm session mpls pattern

Description

This command configures the pattern value to be repeated in the padding portion of pad-tlv length field of the dm PDU.

The no form of this command uses an incrementing byte pattern beginning with 00 and ending with FF, wrapping back to 00.

Parameters

pad-value

Specifies a two octet pattern to be repeated to fill the padding field of each echo request packet launched for each test belonging to the specified session. For example, if 255 is specified, the padding field is filled with the octet values 00, FF, 00, FF, ... (hexadecimal).

Values

0 to 65535

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

payload

payload

Syntax

payload {sts3 | tug3 | ds3 | e3 | vt2 | vt15 | ds1 | e1}

Context

[Tree] (config>port>sonet-sdh>path payload)

Full Context

configure port sonet-sdh path payload

Description

This command specifies if the associated SONET/SDH path is an asynchronous circuit or a virtual tributary group (VT). This command is only applicable to channelized MDAs.

This command is supported on TDM satellite, however the sts3, ds3, and e3 parameters are not supported.

Parameters

sts3

Configures STS3/STM1 payload as clear channel.

tu3

Configures STS3/STM1 payload as Tributary Unit Group 3 (TUG3).

ds3

Configures the port or channel as DS-3 STS1/VC3 payload as DS-3.

e3

Configures the port or channel as E-3 STS1/VC3 payload as E-3.

vt2

Configures the path STS1 payload as vt2 as a virtual tributary group. Only allowed on STS-1 nodes (SONET VT container).

vt15

Configures the path as a virtual tributary group. Only allowed on STS-1 nodes (SONET VT container).

ds1

Configures the port or channel as DS1.vt15 or vt2 payload as DS-1.

e1

Configures VT2 payload as E-1.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pbb

pbb

Syntax

pbb

Context

[Tree] (config>service>vpls pbb)

[Tree] (config>service pbb)

Full Context

configure service vpls pbb

configure service pbb

Description

Commands in this context configure the PBB parameters.

Platforms

All

pbb

Syntax

pbb

Context

[Tree] (config>test-oam>build-packet>header pbb)

[Tree] (debug>oam>build-packet>packet>field-override>header pbb)

Full Context

configure test-oam build-packet header pbb

debug oam build-packet packet field-override header pbb

Description

This command configures a test Provider Backbone Bridge (PBB) packet header to be launched by the OAM find-egress tool.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pbb-etype

pbb-etype

Syntax

pbb-etype [ethertype-value]

no pbb-etype

Context

[Tree] (config>port>ethernet pbb-etype)

Full Context

configure port ethernet pbb-etype

Description

This command configures the Ethertype used for PBB encapsulation.

Default

no pbb-etype

Parameters

ethertype-value

Specifies the Ethertype value in the form of 0x600 to 0xfff.

Values

1536 to 65535 (accepted in decimal or hex)

Platforms

All

pbb-etype

Syntax

pbb-etype type

no pbb-etype [type]

Context

[Tree] (config>service>sdp pbb-etype)

Full Context

configure service sdp pbb-etype

Description

This command configures the Ethertype used for PBB.

Default

no pbb-etype

Parameters

type

Specifies the Ethertype.

Values

0x0600..0xffff or 1536 to 65535 (accepted in decimal or hex)

Platforms

All

pbr-down-action-override

pbr-down-action-override

Syntax

pbr-down-action-override filter-action

no pbr-down-action-override

Context

[Tree] (config>filter>ip-filter>entry pbr-down-action-override)

[Tree] (config>filter>ipv6-filter>entry pbr-down-action-override)

[Tree] (config>filter>mac-filter>entry pbr-down-action-override)

Full Context

configure filter ip-filter entry pbr-down-action-override

configure filter ipv6-filter entry pbr-down-action-override

configure filter mac-filter entry pbr-down-action-override

Description

This command allows overriding the default action that is applied for entries with PBR/PBF action defined, when the PBR/PBF target is down.

The no form of the command preserves default behavior when PBR/PBF target is down.

Default

no pbr-down-action-override

Parameters

filter-action

Specifies the packets matching the entry.

drop — Specifies that packets matching the entry will be dropped if PBR/PBF target is down.

forward — Specifies that packets matching the entry will be forwarded if PBR/PBF target is down.

filter-default-action — Specifies that packets matching the entry will be processed as per default-action configuration for this filter if PBR/PBF target is down.

Platforms

All

pcap

pcap

Syntax

pcap session-name [create]

no pcap session-name

Context

[Tree] (config>mirror>mirror-dest pcap)

Full Context

configure mirror mirror-dest pcap

Description

This command specifies a PCAP instance used for packet capture.

The no form of this command removes the PCAP instance and stops the packet capture and file transfer session.

Parameters

session-name

Specifies the session name, up to 32 characters.

Platforms

All

pcap

Syntax

pcap session-name

Context

[Tree] (debug pcap)

Full Context

debug pcap

Description

This command specifies the session for the packet capture process.

Parameters

session-name

Specifies the session name, up to 32 characters.

Platforms

All

pcc

pcc

Syntax

[no] pcc

Context

[Tree] (debug>router>mpls>event pcc)

Full Context

debug router mpls event pcc

Description

This command debugs pcc events.

The no form of the command disables the debugging.

Platforms

All

pcc

Syntax

pcc

Context

[Tree] (config>router>pcep pcc)

Full Context

configure router pcep pcc

Description

Commands in this context configure PCC parameters.

Platforms

All

pcc

Syntax

[no] pcc

Context

[Tree] (debug>router>pcep pcc)

Full Context

debug router pcep pcc

Description

This command enables debugging for the PCEP Path Computation Client (PCC).

The no form of this command disables PCEP PCC debugging.

Platforms

All

pce

pce

Syntax

pce

Context

[Tree] (config>router>pcep pce)

Full Context

configure router pcep pce

Description

Commands in this context configure PCE parameters.

Platforms

VSR-NRC

pce

Syntax

[no] pce

Context

[Tree] (debug>router>pcep pce)

Full Context

debug router pcep pce

Description

This command enables debugging for the PCEP Path Computation Element (PCE).

The no form of this command disables PCEP PCE debugging.

Platforms

VSR-NRC

pce-associations

pce-associations

Syntax

pce-associations

Context

[Tree] (config>router>pcep>pcc pce-associations)

Full Context

configure router pcep pcc pce-associations

Description

Commands in this context configure PCE association groups.

Platforms

All

pce-associations

Syntax

pce-associations

Context

[Tree] (config>router>mpls>lsp-template pce-associations)

[Tree] (config>router>mpls>lsp pce-associations)

Full Context

configure router mpls lsp-template pce-associations

configure router mpls lsp pce-associations

Description

Commands in this context configure LSP binding with one or more PCEP association groups.

Platforms

All

pce-control

pce-control

Syntax

[no] pce-control

Context

[Tree] (config>router>mpls>lsp pce-control)

[Tree] (config>router>mpls>lsp-template pce-control)

Full Context

configure router mpls lsp pce-control

configure router mpls lsp-template pce-control

Description

This command enables a PCE controlled LSP mode of operation. The pce-control option means the router delegates full control of the LSP to the PCE (PCE controlled). Enabling it means the PCE is acting in stateful-active mode for this LSP and the PCE will be able to reroute the path following a failure or re-optimize the path and update the router without a request from the router.

The user can delegate CSPF and non-CSPF LSPs, or LSPs that have the path-computation-method pce option enabled or disabled. The LSP maintains its latest active path computed by PCE or the router at the time it is delegated. The PCE only makes an update to the path at the next network event or reoptimization.

When configured to no, the PCE controlled mode of operation for the LSP has not effect.

Default

no pce-control

Platforms

All

pce-initiated-lsp

pce-initiated-lsp

Syntax

[no] pce-initiated-lsp

Context

[Tree] (config>router>mpls pce-initiated-lsp)

Full Context

configure router mpls pce-initiated-lsp

Description

This command creates a context to configure support for PCE-initiated LSPs.

The no form of this command removes PCE-initiated LSP support. All PCE-initiated LSPs are deleted.

Platforms

All

pce-report

pce-report

Syntax

pce-report rsvp-te {enable | disable}

pce-report sr-te {enable | disable}

Context

[Tree] (config>router>mpls pce-report)

Full Context

configure router mpls pce-report

Description

This command separately configures the reporting modes to a PCE for RSVP-TE or SR-TE LSPs. The PCC LSP database is synchronized with the PCE LSP database using the PCEP PCRpt (PCE Report) message for PCC-controlled, PCE-computed, and PCE-controlled LSPs.

The global MPLS level pce-report command can be used to enable or disable PCE reporting for all SR-TE LSPs or RSVP-TE LSPs during PCE LSP database synchronization. This configuration is inherited by all LSPs of the specified type. The PCC reports both CSPF and non-CSPF LSPs. The default value is disabled for both types of LSP. This default value is meant to control the introduction of the PCE into an existing network and to let the operator decide if all LSPs of a particular type need to be reported.

The LSP-level pce-report command overrides the global configuration for the reporting of LSPs to the PCE. The default value is to inherit the global MPLS level value. The enable or disable value allows for the override of the inherited value. The inherit value explicitly resets the LSP to inherit the global configuration for that LSP type.

If PCE reporting is disabled for the LSP, either due to inheritance or due to LSP-level configuration, then enabling the pce-control option for the LSP has no effect.

Default

pce-report rsvp-te disable

pce-report sr-te disable

Parameters

rsvp-te

Specifies the PCE reporting mode for all TE LSPs of RSVP-TE type.

Values

enable — enables PCE reporting for all TE LSPs of RSVP-TE type

disable — disables PCE reporting for all TE LSPs of RSVP-TE type

sr-te

Specifies the PCE reporting mode for all TE LSPs of SR-TE type.

Values

enable — enables PCE reporting for all TE LSPs of SR-TE type

disable — disables PCE reporting for all TE LSPs of SR-TE type

Platforms

All

pce-report

Syntax

pce-report {enable | disable | inherit}

Context

[Tree] (config>router>mpls>lsp pce-report)

[Tree] (config>router>mpls>lsp-template pce-report)

Full Context

configure router mpls lsp pce-report

configure router mpls lsp-template pce-report

Description

This command separately configures the reporting modes to a PCE for RSVP-TE or SR-TE LSPs.

The PCC LSP database is synchronized with the PCE LSP database using the PCEP PCRpt (PCE Report) message for PCC-controlled, PCE-computed and PCE-controlled LSPs.

The global MPLS-level pce-report command can be used to enable or disable PCE reporting for all SR-TE LSPs or RSVP-TE LSPs during PCE LSP database synchronization. This configuration is inherited by all LSPs of the specified type. The PCC reports both CSPF and non-CSPF LSPs. The default value is disabled for both types of LSP. This default value is meant to control the introduction of the PCE into an existing network and to let the operator decide if all LSPs of a particular type need to be reported.

The LSP-level pce-report command overrides the global configuration for the reporting of LSP to the PCE. The default value is to inherit the global MPLS level value. The enable or disable value allows for the override of the inherited value. The inherit value explicitly resets the LSP to inherit the global configuration for that LSP type.

If PCE reporting is disabled for the LSP, either due to inheritance or due to LSP-level configuration, then enabling the pce-control option for the LSP has no effect.

Default

pce-report inherit

Parameters

enable

Enables PCE reporting.

disable

Disables PCE reporting.

inherit

Inherits the global configuration for PCE reporting.

Platforms

All

pcep

pcep

Syntax

[no] pcep

Context

[Tree] (config>router pcep)

Full Context

configure router pcep

Description

This command enables Path Computation Element communications Protocol (PCEP), and enters the context to configure PCEP parameters.

The no form of the command disables PCEP.

Platforms

All

pcep

Syntax

[no] pcep

Context

[Tree] (debug>router pcep)

Full Context

debug router pcep

Description

This command enables debugging for the Path Computation Element Protocol (PCEP).

The no form of this command disables PCEP debugging.

Platforms

All

pcm

pcm

Syntax

[no] pcm pcm-slot [chassis chassis-id]

Context

[Tree] (config>system>pwr-mgmt pcm)

Full Context

configure system power-management pcm

Description

This command sets the PCM slot number.

Parameters

pcm-slot

Identifies the PCM slot.

Values

1 to 12

chassis-id

Specifies chassis ID for the router chassis.

Values

1, 2

Default

1

Platforms

7950 XRS-20e

pcm-type

pcm-type

Syntax

[no] pcm-type {dual | quad}

Context

[Tree] (cfg>sys>pwr-mgmt>pcm pcm-type)

Full Context

configure system power-management pcm pcm-type

Description

This command sets the PCM type.

Parameters

dual

Specifies the dual PCM type.

quad

Specifies the quad PCM type.

Platforms

7950 XRS-20e

pcp

pcp

Syntax

pcp

Context

[Tree] (debug>router pcp)

Full Context

debug router pcp

Description

This command enables debugging for the PCP servers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pcp-server

pcp-server

Syntax

pcp-server

Context

[Tree] (config>router pcp-server)

Full Context

configure router pcp-server

Description

Commands in this context configure a Port Control Policy (PCP) server.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pcp-server

Syntax

pcp-server name

Context

[Tree] (debug>router>pcp pcp-server)

Full Context

debug router pcp pcp-server

Description

This command enables debugging for the PCP servers.

Parameters

name

Debugs the PCP server associated with the specified name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pcp-server-policy

pcp-server-policy

Syntax

pcp-server-policy name [create]

no pcp-server-policy name

Context

[Tree] (config>service>nat pcp-server-policy)

Full Context

configure service nat pcp-server-policy

Description

This command configures a PCP server policy name.

The no form of the command removes the name from the configuration.

Parameters

name

Specifies a PCP server policy name up to 32 characters.

create

Keyword used to create the PCP server policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pcp-server-policy

Syntax

pcp-server-policy name

no pcp-server-policy

Context

[Tree] (config>router>pcp-server>server pcp-server-policy)

Full Context

configure router pcp-server server pcp-server-policy

Description

This command configures the PCP server policy.

The no form of this command reverts to the default value.

Default

no pcp-server-policy

Parameters

name

Specifies the PCP server policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pcr-repetition

pcr-repetition

Syntax

pcr-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]

no pcr-repetition

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pcr-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pcr-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pcr-repetition)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pcr-repetition

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pcr-repetition

configure mcast-management multicast-info-policy bundle video analyzer alarms pcr-repetition

Description

This command configures the analyzer to check for the program clock reference (PCR). It is expected that the PCR arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PCR fails to arrive within the specified interval. As the delay increases between two consecutive PCRs, the type of alarm raised becomes more critical, from TNC to POA.

Default

no pcr-repetition

Parameters

tnc-milli-seconds

Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.

Values

100 to 800 in multiples of 100 only

Default

100

qos-milli-seconds

Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.

Values

200 to 900 in multiples of 100 only and higher than the tnc-milli-seconds value

Default

200

poa-milli-seconds

Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PCRs is greater than or equal to this configured value.

Values

300 to 1000 in multiples of 100 only and higher than the qos-milli-seconds value

Default

500

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pd-managed-route

pd-managed-route

Syntax

pd-managed-route [next-hop {ipv4 | ipv6}]

no pd-managed-route

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 pd-managed-route)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6 pd-managed-route)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6 pd-managed-route)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 pd-managed-route)

Full Context

configure service ies subscriber-interface group-interface ipv6 dhcp6 pd-managed-route

configure service ies subscriber-interface ipv6 dhcp6 pd-managed-route

configure service vprn subscriber-interface ipv6 dhcp6 pd-managed-route

configure service vprn subscriber-interface group-interface ipv6 dhcp6 pd-managed-route

Description

This command enables DHCP IA-PD (delegated prefix) to be modeled as managed (framed) route instead of as a subscriber-host. Antispoof filtering for the subscriber host associated with the IA-PD route must be set to nh-mac. The subscriber specific parameters (such as sla-profile or sub-profile) are ignored during the authentication phase because IA-PD is not modeled as a subscriber host. Other subscriber host-specific functions (for example, host overrides via CoA or host accounting) are not possible with a PD as the managed route.

By default, or when configured with the next-hop ipv6 parameter, the next-hop for PD managed route is an IPv6 WAN sub-host (DHCP IA-NA or SLAAC) with the same mac address as the one in the DHCP lease state for the managed IA-PD. The DHCP IA-NA next-hop host will always override the SLAAC next-hop host if both are available. If the IPv6 next-hop is not present when the framed IA-PD is instantiated, the IA-PD is set up but the PD managed route will not be installed in the IPv6 route table and the DHCPv6 lease state for the IA-PD will have the managed route status (DHCP6 MRt Status) set to "noNextHop”.

When configured with the next-hop ipv4 parameter the next-hop for PD managed route is a DHCPv4 sub-host that belongs to the same IPoE session or PPPoE session. For IPoE, ipoe-session must be enabled on the group-interface. If ipoe-session is disabled, an IPv4 next-hop will not be found. If the IPv4 next-hop is not found or not present at the time when the framed IA-PD is instantiated, the IA-PD is set up but the PD managed route is not installed in the IPv6 route table. In this case, the DHCPv6 lease state for the IA-PD will have the managed route status (DHCP6 MRt Status) set to noNextHop.

Note:

IPv6 filters, QoS IPv6 criteria, and IPv6 multicast are not supported for DHCPv6 IA-PD as managed route pointing to an IPv4 subscriber host as next-hop.

The DHCP IA-PD modeled as a route is displayed differently than regular subscriber hosts in show commands related to subscriber host state. The PD managed route is always shown directly below the host it is using as the next hop. The forwarding status of the PD managed route is also shown, where (N) indicate that the PD managed route is not forwarding. In addition, DHCP IA-PD route is displayed as a managed route for the corresponding IPv6 subscriber host (DHCP IA-NA or SLAAC) or DHCPv4 subscriber host.

DHCP IA-PD information for managed IA-PD route is still maintained in the DHCPv6 lease state.

The no form of this command reverts to the default.

Parameters

next-hop

Specifies the next-hop type for the DHCP IA-PD managed route

Values

ipv4 - The next-hop for PD managed route is a DHCPv4 sub-host that belongs to the same IPoE session (based on the IPoE session key which is sap-mac by default). IPoE session must be enabled on the group-interface.

ipv6 - The next-hop for PD managed route is an IPv6 WAN sub-host (DHCP IA-NA or SLAAC) with the same MAC address as the one in the DHCP lease state for the managed IA-PD. This is the default when no next-hop is specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pdn-connection-id

pdn-connection-id

Syntax

[no] pdn-connection-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp pdn-connection-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp pdn-connection-id

Description

This command enables the inclusion of the PDN-Connection-Id AVP, which contains the APN as signaled in the incoming GTP setup message.

The no form of this command disables the inclusion of the AVP.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

pdn-type

pdn-type

Syntax

pdn-type {ipv4 | ipv6 | ipv4v6}

no pdn-type

Context

[Tree] (config>service>vprn>gtp>uplink pdn-type)

[Tree] (config>router>gtp>uplink pdn-type)

Full Context

configure service vprn gtp uplink pdn-type

configure router gtp uplink pdn-type

Description

This command configures the PDP type to be signaled in GTP, determining which addresses are requested from the P-GW/GGSN and which hosts are set up afterwards. This can be overridden by RADIUS. If the ipv4v6 keyword is used, the P-GW/GGSN can fall back to either IPv4 or IPv6.

The no form of this command reverts to the default configuration.

Default

pdn-type ipv4

Parameters

ipv4

Specifies the GTP connection requests an IPv4 address.

ipv6

Specifies the GTP connection requests an IPv6 address.

ipv4v6

Specifies the GTP connection requests both an IPv4 and an IPv6 address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

pdp-context-type

pdp-context-type

Syntax

[no] pdp-context-type

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp pdp-context-type)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp pdp-context-type

Description

This command includes the [3GPP-1247] PDP-Context-Type AVP in Diameter DCCA CCR-Initial messages.

The no form of this command removes the PDP-Context-Type AVP from the Diameter DCCA CCR-Initial messages.

Default

pdp-context-type

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pe-id-mac-flush-interop

pe-id-mac-flush-interop

Syntax

[no] pe-id-mac-flush-interop

Context

[Tree] (config>router>ldp>session-params>peer pe-id-mac-flush-interop)

Full Context

configure router ldp session-parameters peer pe-id-mac-flush-interop

Description

This command enables the addition of the PE-ID TLV in the LDP MAC withdrawal (mac-flush) message, under certain conditions, and modifies the mac-flush behavior for interoperability with other vendors that do not support the flush-all-from-me vendor-specific TLV. This flag can be enabled on a per LDP peer basis and allows the flush-all-from-me interoperability with other vendors. When the pe-id-mac-flush-interop flag is enabled for a given peer, the current mac-flush behavior is modified in terms of mac-flush generation, mac-flush propagation and behavior upon receiving a mac-flush.

The mac-flush generation will be changed depending on the type of event and according to the following rules:

  • Any all-from-me mac-flush event will trigger a mac-flush all-but-mine message (RFC 4762 compliant format) with the addition of a PE-ID TLV. The PE-ID TLV contains the IP address of the sending PE.

  • Any all-but-mine mac-flush event will trigger a mac-flush all-but-mine message WITHOUT the addition of the PE-ID TLV, as long as the source spoke SDP is not part of an end-point.

  • Any all-but-mine mac-flush event will trigger a mac-flush all-but-mine message WITH the addition of the PE-ID TLV, if the source spoke SDP is part of an end-point and the spoke-sdp goes from down/standby state to active state. In this case, the PE-ID TLV will contain the IP address of the PE to which the previous active spoke-sdp was connected to.

Any other case will follow the existing mac-flush procedures.

When the pe-id-mac-flush-interop flag is enabled for a given LDP peer, the mac-flush ingress processing is modified according to the following rules:

  • Any received all-from-me mac-flush will follow the existing mac-flush all-from-me rules regardless of the existence of the PE-ID.

  • Any received all-but-mine mac-flush will take into account the received PE-ID, that is all the mac addresses associated to the PE-ID will be flushed. If the PE-ID is not included, the mac addresses associated to the sending PE will be flushed.

  • Any other case will follow the existing mac-flush procedures.

When a mac-flush message has to be propagated (for an ingress sdp-binding to an egress sdp-binding) and the pe-id-mac-flush-interop flag is enabled for the ingress and egress TLDP peers, the following behavior is observed:

  • If the ingress and egress bindings are spoke SDP, the PE will propagate the mac-flush message with its own PE-ID.

  • If the ingress binding is an spoke SDP and the egress binding a mesh SDP, the PE will propagate the mac-flush message without modifying the PE-ID included in the PE-ID TLV.

  • If the ingress binding is a mesh SDP and the egress binding an spoke SDP, the PE will propagate the mac-flush message with its own PE-ID.

  • When ingress and egress bindings are mesh-sdp, the mac-flush message is never propagated. This is the behavior regardless of the pe-id-mac-flush-interop flag configuration.

The PE-ID TLV is never added when generating a mac-flush message on a B-VPLS if the send-bvpls-flush command is enabled in the I-VPLS. In the same way, no PE-ID is added when propagating mac-flush from a B-VPLS to a I-VPLS when the propagate-mac-flush-from-bvpls command is enabled. Mac-flush messages for peers within the same I-VPLS or within the same B-VPLS domain follow the procedures described above.

Default

no pe-id-mac-flush-interop

Platforms

All

peak-rate

peak-rate

Syntax

peak-rate rate

no peak-rate

Context

[Tree] (config>router>policy-acct-template>policer peak-rate)

Full Context

configure router policy-acct-template policer peak-rate

Description

This command sets the peak rate (the fill or drain rate of the bucket).

Each policer has a peak information rate and a maximum burst size. The default peak-rate (when no value is configured or the configured value is max) is the line rate of the ingress port.

The no form of this command reverts to the default value.

Default

peak-rate max

Parameters

rate

Specifies the peak rate in Kb/s

Values

1 to 6400000000, max

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

peer

peer

Syntax

peer ip-address tag sync-tag

no peer

Context

[Tree] (config>router>dhcp6>server>pool>failover peer)

[Tree] (config>service>vprn>dhcp>server>pool peer)

[Tree] (config>service>vprn>dhcp6>server peer)

[Tree] (config>router>dhcp>server>failover peer)

[Tree] (config>router>dhcp6>server>failover peer)

[Tree] (config>service>vprn>dhcp>server peer)

[Tree] (config>router>dhcp>server>pool>failover peer)

[Tree] (config>service>vprn>dhcp6>server>pool peer)

Full Context

configure router dhcp6 server pool failover peer

configure service vprn dhcp server pool peer

configure service vprn dhcp6 server peer

configure router dhcp local-dhcp-server failover peer

configure router dhcp6 local-dhcp-server failover peer

configure service vprn dhcp server peer

configure router dhcp server pool failover peer

configure service vprn dhcp6 server pool peer

Description

This command creates a sync tag. DHCP leases can be synchronized per DHCP server or DHCP pool. The pair of synchronizing servers or pools is identified by a tag. The synchronization information is carried over the Multi-Chassis Synchronization (MCS) link between the two peers. MCS link is a logical link (IP, or MPLS).

MCS runs over TCP, port 45067 and it is using either data traffic or keepalives to detect failure on the communication link between the two nodes. In the absence of any MCS data traffic for more than 0.5sec, MCS will send its own keepalive to the peer. If a reply is not received within three sec, MCS will declare its operation state as DOWN and the DB Sync state as out-of-sync. MCS will consequently notify its clients (DHCP Server being one of them) of this. It can take up to three seconds before the DHCP client realizes that the inter-chassis communication link has failed.

The inter-chassis communication link failure does not necessarily assume the same failed fate for the access links. The two redundant nodes can become isolated from each other in the network. This occurs when only the intercommunication (MCS) link fails. It is important that this MCS link be highly redundant.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the peer.

Values

ipv4-address:

a.b.c.d

:

x:ipv6-addressx:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

tag sync-tag

Specifies a tag, up to 32 characters, that identifies the synchronizing DHCP servers or pools.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

[no] peer router router-instance address ip-address [udp-port port]

Context

[Tree] (debug>gtp peer)

Full Context

debug gtp peer

Description

This command restricts debugging to only data related to the specified GTP peer. This command can be repeated multiple times, where only data for any of the specified peers is debugged.

The no form of this command removes the restriction for the specified peer. When the last peer filter is removed, all data is debugged again, but may be restricted by other filters.

Parameters

router-instance

Specifies the ID of the VRF where the peer is connected.

Values

router-instance:

router-name | vprn-svc-id

router-name:

"Base”

vprn-svc-id

1 to 2147483647

ip-address

Specifies the IP address of the peer.

Values

a.b.c.d

port

Specifies the GTP-C port used by the peer.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address

no peer

Context

[Tree] (config>router>l2tp>group>tunnel peer)

[Tree] (config>service>vprn>l2tp>group>tunnel peer)

Full Context

configure router l2tp group tunnel peer

configure service vprn l2tp group tunnel peer

Description

This command configures the peer address.

The no form of this command removes the IP address from the tunnel configuration.

Default

no peer

Parameters

ip-address

Sets the LNS IP address for the tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address [udp-port port] [ip]

Context

[Tree] (debug>router>l2tp peer)

Full Context

debug router l2tp peer

Description

This command enables and configures debugging for an L2TP peer.

Parameters

ip-address

Specifies the IP address of the L2TP peer.

port

Specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers.

ip

Displays debugging information for peers using IP transport.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer index index [destination-host-string ][create]

no peer index index

Context

[Tree] (config>aaa>diam>node peer)

Full Context

configure aaa diameter node peer

Description

This command creates context for diameter peer configuration within a Diameter client node in SR OS. Up to five Diameter peers can be configured within a given Diameter client node.

This command is not applicable to legacy Diameter base.

The no form of this command removes the peer index information from the configuration.

Parameters

index

Specifies the index of a peer. Index is used to break a tie if a Diameter route for a given host or realm destination points to multiple diameter peers with the same preference. In such scenario, the peer with the lowest index will be selected as next-hop in traffic forwarding.

Values

1 to 5

destination-host-string

Identifies the peer by its name, up to 80 characters (of type DiameterIdentity). This peer name must match the one in Origin-Host AVP received in Capability Exchange Answer message. In case of a mismatch, the TCP connection will be terminated.

create

Keyword used to create the peer index. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address [create]

no peer ip-address

Context

[Tree] (config>redundancy>multi-chassis peer)

Full Context

configure redundancy multi-chassis peer

Description

This command configures the IP address of the peer in a redundant multi-chassis setup, and enters the context for further, application-specific configuration options.

Parameters

ip-address

Specifies a peer IP address. Multicast addresses are not allowed.

Values

ipv4-address: a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

Platforms

All

peer

Syntax

[no] peer destination-host

Context

[Tree] (debug>diameter>node peer)

Full Context

debug diameter node peer

Description

This command debugs Diameter node peers. At this level, the forwarding/routing phase is completed and the peer is known. All messages flowing between this node and the peer are reported. Although the messages displayed can contain session-ids, this debugging level is session unaware (the session states are not maintained at this level).

Parameters

destination-host

Specifies the host name, up to 80 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address ip-address

no peer

Context

[Tree] (config>subscr-mgmt>pfcp-association peer)

Full Context

configure subscriber-mgmt pfcp-association peer

Description

This command configures PFCP peer IP address.

The no form of this command removes the PFCP IP address.

Default

no peer

Parameters

ip-address

Specifies the PFCP peer IP address.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address [create]

no peer ip-address

Context

[Tree] (config>service>vprn>ptp peer)

Full Context

configure service vprn ptp peer

Description

This command configures a remote PTP peer and provides the context to configure parameters for this peer.

Up to 20 remote PTP peers may be configured.

If the clock-type is ordinary slave or boundary, and PTP is not shutdown, the last peer cannot be deleted. This prevents the case where the user has PTP enabled without any peer configured and enabled.

Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.

The no form of this command deletes the specified peer.

Parameters

ip-address

Specifies the IP address of the remote peer.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

create

Keyword used to create the peer.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer

Syntax

peer ip-address [create]

no peer ip-address

Context

[Tree] (config>system>ptp peer)

Full Context

configure system ptp peer

Description

This command configures a remote PTP peer. It provides the context to configure parameters for the remote PTP peer.

Up to 20 remote PTP peers may be configured.

If the clock-type is ordinary slave or boundary, and PTP is not shutdown, the last peer cannot be deleted. This prevents the user from having PTP enabled without any peer configured and enabled.

Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.

The no form of the command deletes the specified peer. The specific address being deleted must be included.

Parameters

ip-address

Specifies the IP address of the remote peer.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

create

Creates the remote PTP peer.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer

Syntax

[no] peer peer-address

Context

[Tree] (config>service>vprn>msdp>group peer)

[Tree] (config>service>vprn>msdp peer)

Full Context

configure service vprn msdp group peer

configure service vprn msdp peer

Description

This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.

After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.

By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.

If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.

If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.

The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.

When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.

At least one peer must be configured for MSDP to function.

Parameters

peer-address

The address configured in this statement must identify the remote MSDP router that the peering session must be established with.

Platforms

All

peer

Syntax

peer ipv4-address

no peer

Context

[Tree] (config>router>nat>inside>redundancy peer)

[Tree] (config>service>vprn>nat>inside>redundancy peer)

Full Context

configure router nat inside redundancy peer

configure service vprn nat inside redundancy peer

Description

This command is used in LSN44 multi-chassis redundancy in conjunction with filters. The configured peer address is an IPv4 address that is configured under an interface on the peering LSN44 node (active or standby). This IPv4 interface address is advertised via routing on the inside in order to attract traffic from the standby to the active LSN44 node.

If configured, the steering-route is advertised only from the active LSN44 node. Consequently, upstream traffic for LSN44 is attracted to the active LSN44 node. The nat action in the ipv4-filter on the active LSN44 node forwards traffic to the local MS-ISA where LSN44 function is performed. However, in that case that upstream traffic somehow arrives on the standby LSN44 node, the nat action in the IPv4-filter forwards traffic to the peer address (active LSN44 node).

The no form of the command removes the peer ipv4-address from the configuration.

Parameters

ipv4-address

Specifies the IP address of the NAT redundancy peer.

Values

ipv4-address: a.b.c.d

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

[no] peer ip-address

Context

[Tree] (config>router>ldp>session-parameters peer)

Full Context

configure router ldp session-parameters peer

Description

This command configures parameters for an LDP peer.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the LDP peer in dotted decimal notation.

Platforms

All

peer

Syntax

[no] peer ip-address

Context

[Tree] (config>router>ldp>targeted-session peer)

Full Context

configure router ldp targeted-session peer

Description

This command configures parameters for an LDP peer.

The no form of this command removes the LDP peer parameters.

Parameters

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d; 0 to 255, decimal

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]; hexadecimal

  • d: [0 to 255]; decimal

Platforms

All

peer

Syntax

[no] peer ip-address

Context

[Tree] (debug>router>ldp peer)

Full Context

debug router ldp peer

Description

Use this command for debugging an LDP peer.

Parameters

ip-address

The IP address of the LDP peer.

Platforms

All

peer

Syntax

peer ip-address [preference preference]

no peer ip-address

Context

[Tree] (config>router>pcep>pcc peer)

Full Context

configure router pcep pcc peer

Description

This command configures the IP address of a peer PCEP speaker. The address is used as the destination address in the PCEP session messages to a PCEP peer.

The preference parameter allows the PCC to select the preferred PCE when both have their PCEP sessions successfully established. A maximum of two PCEP peers is supported.

The PCE peer that is not in overload is always selected by the PCC as the active PCE. However, if neither of the PCEs are signaling the overload state, the PCE with the higher numerical preference value is selected, and in case of a tie, the PCE with the lower IP address is selected.

Note:

The system does not support two or more simultaneously active PCEs.

The no form of the command removes the specified peer PCEP speaker.

Parameters

ip-address

The IP address of the PCEP peer to be used as the destination address in the PCEP session.

preference

The preference value of the peer.

Values

0 to 100

Default

1

Platforms

All

peer

Syntax

peer ip-address

no peer

Context

[Tree] (config>app-assure>aarp peer)

Full Context

configure application-assurance aarp peer

Description

This command defines the IP address of the peer router which must be a routable system IP address.

If no peer is configured and the AARP is no shutdown, it is configured as a single node AARP instance.

The no form of this command removes the IP address from the AARP instance.

Default

no peer

Parameters

ip-address

Specifies the IP address in the a.b.c.d format.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

[no] peer peer-address

Context

[Tree] (config>router>msdp>group peer)

[Tree] (config>router>msdp peer)

Full Context

configure router msdp group peer

configure router msdp peer

Description

This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.

After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.

By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.

If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.

If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.

The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.

When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.

At least one peer must be configured for MSDP to function.

Parameters

peer-address

Specifies the peer IP address. address configured in this statement must identify the remote MSDP router that the peering session must be established with.

Platforms

All

peer

Syntax

peer lic-name

no peer

Context

[Tree] (config>li>x-interfaces>x1 peer)

Full Context

configure li x-interfaces x1 peer

Description

This command configures the LIC name for X1 interface communication, which is configured under config> li>x-interfaces>lics>lic.

The no form of this command reverts to the default.

Parameters

lic-name

Specifies the LIC name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer

Syntax

peer lic-name

no peer

Context

[Tree] (config>li>x-interfaces>x2 peer)

Full Context

configure li x-interfaces x2 peer

Description

This command configures the LIC name for X2 interface communication, which is configured under config> li>x-interfaces>lics>lic.

The no form of this command reverts to the default.

Parameters

lic-name

Specifies the LIC name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer

Syntax

[no] peer lic-name

Context

[Tree] (config>li>x-interfaces>x3>peers peer)

Full Context

configure li x-interfaces x3 peers peer

Description

This command configures the LIC name for X3 interface communication, which is configured under config> li>x-interfaces>lics>lic.

The no form of this command removes the LIC name.

Parameters

lic-name

Specifies the name for the LIC peer, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer

Syntax

[no] peer {ip-address | ipv6-address}

Context

[Tree] (config>router>bfd>seamless-bfd peer)

Full Context

configure router bfd seamless-bfd peer

Description

This command specifies the context for the local mapping, used by an S-BFD initiator, between a discriminator for a far-end S-BFD reflector and its discriminator value.

The no form of this command removes the mapping for the peer.

Parameters

ip-address

Specifies the IPv4 address of the peer.

Values

a.b.c.d

ipv6-address

Specifies the IPv6 address of the peer.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

Platforms

All

peer

Syntax

peer [router router-instance | service-name service-name] {ip-address | ipv6-address} [key-id key-id | authentication-keychain keychain-name] [version version] [ prefer]

no peer [router router-instance | service-name service-name] {ip-address | ipv6-address}

Context

[Tree] (config>system>time>ntp peer)

Full Context

configure system time ntp peer

Description

This command configures symmetric active mode for an NTP peer. It is recommended to configure authentication and to only configure known time servers as peers. Peers may exist within a VPRN service.

Note:

For symmetric peering to operate correctly with a peer accessible through a VPRN, local NTP server functionality must be enabled within the VPRN using the configure service vprn ntp command.

The no form of the command removes the configured peer.

Parameters

router-instance

Specifies the routing context that contains the interface.

Values

router-name — Base | Management

service-id — 1 to 2147483647

Default

Base

service name

Specifies the service name for the VPRN, up to 64 characters. CPM routing instances are not supported.

ip-address

Configures the IPv4 address of the peer that requires a peering relationship to be set up.

Values

a.b.c.d

ipv6-address

Configures the IPv6 address of the peer that requires a peering relationship to be set up.

Values
  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

key-id

Specifies the key ID. Successful authentication requires that both peers must have the same authentication key-id, type, and key value.

Specify the key-id that identifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP peer. If an NTP packet is received by these nodes, the authentication key-id, type, and key value must be valid, otherwise the packet is rejected and an event or trap is generated.

Values

1 to 255

keychain-name

Identifies the keychain name, up to 32 characters.

version

Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode, in which case all versions are accepted.

Values

2 to 4

Default

4

prefer

When configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, the new entry overrides the old entry.

Platforms

All

peer

Syntax

peer ip-address [create]

no peer ip-address

Context

[Tree] (config>router>ipsec>mc-shunt-profile peer)

[Tree] (config>service>vprn>ipsec>mc-shunt-profile peer)

Full Context

configure router ipsec multi-chassis-shunting-profile peer

configure service vprn ipsec multi-chassis-shunting-profile peer

Description

Commands in this context configure a multi-chassis IPsec peer IP address for the multi-chassis-shunting-profile.

The no form of this command removes the peer IP address from the configuration.

Default

no command

Parameters

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

create

Keyword used to create the command instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer

Syntax

peer ip-address [create]

no peer ip-address

Context

[Tree] (config>anysec>tnl-enc>enc-grp peer)

Full Context

configure anysec tunnel-encryption encryption-group peer

Description

This command configures the IPv4 or IPv6 address of the peer's node SID that are part of this encryption group.

This configuration identifies the peer's segment routing node SID and programs the egress label stack for matching on the FP5 for encrypting the LSP.

Note: When the label stack is downloaded, the encryption SID is also included at the bottom of the stack with the S bit set.

The no form of this command removes the peer node SID from the ANYsec configuration. Therefore, the LSP is not encrypted and all the traffic is transmitted in clear text.

Parameters

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

create

Keyword used to create the peer.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

peer

Syntax

peer ip-address [detail]

Context

[Tree] (debug>anysec peer)

Full Context

debug anysec peer

Description

This command debugs ANYsec peers.

Parameters

ip-address

Specifies a peer IP address.

Values

ipv4-address: a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF] H

  • d: [0 to 255] D

detail

Keyword used to specify detailed information.

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

peer-address-change-policy

peer-address-change-policy

Syntax

peer-address-change-policy {accept | ignore | reject}

Context

[Tree] (config>router>l2tp peer-address-change-policy)

[Tree] (config>service>vprn>l2tp peer-address-change-policy)

Full Context

configure router l2tp peer-address-change-policy

configure service vprn l2tp peer-address-change-policy

Description

This command specifies what to do in case the system receives a L2TP response from another address than the one the request was sent to.

Default

peer-address-change-policy reject

Parameters

accept

Specifies that this system accepts any source IP address change of received L2TP control messages related to a locally originated tunnel in the state waitReply and rejects any peer address change for other tunnels; in case the new peer IP address is accepted, it is learned and used as destination address in subsequent L2TP messages.

ignore

Specifies that this system ignores any source IP address change of received L2TP control messages, does not learn any new peer IP address, and does not change the destination address in subsequent L2TP messages.

reject

Specifies that this system rejects any source IP address change of received L2TP control messages and drops those messages.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer-as

peer-as

Syntax

peer-as as-number

no peer-as

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy peer-as)

Full Context

configure subscriber-mgmt bgp-peering-policy peer-as

Description

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

The no form of this command removes the as-number from the configuration.

Parameters

as-number

Specifies the AS number for the remote peer.

Values

1 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer-as

Syntax

peer-as as-number

Context

[Tree] (config>service>vprn>bgp>group>neighbor peer-as)

[Tree] (config>service>vprn>bgp>group peer-as)

Full Context

configure service vprn bgp group neighbor peer-as

configure service vprn bgp group peer-as

Description

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router

For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.

This is a required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.

Default

No AS numbers are defined.

Parameters

as-number

The autonomous system number, expressed as a decimal integer.

Values

1 to 65535

Platforms

All

peer-as

Syntax

peer-as as-number

Context

[Tree] (config>router>bgp>group peer-as)

[Tree] (config>router>bgp>group>neighbor peer-as)

Full Context

configure router bgp group peer-as

configure router bgp group neighbor peer-as

Description

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router.

For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.

This is required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.

Parameters

as-number

Specifies the autonomous system number expressed as a decimal integer.

Values

1 to 4294967295

Platforms

All

peer-endpoint

peer-endpoint

Syntax

peer-endpoint sap sap-id encap-type {dot1q | null | qinq}

peer-endpoint spoke-sdp sdp-id:vc-id

no peer-endpoint

Context

[Tree] (config>app-assure>aarp peer-endpoint)

Full Context

configure application-assurance aarp peer-endpoint

Description

This command defines the peer endpoint ID of the SAP or spoke-SDP parent-aa-sub of the AARP peer.

The no form of this command removes the peer endpoint from the AARP instance.

Default

no peer-endpoint

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

sdp-id:vc-id

Specifies the spoke SDP ID and VC ID.

Values

1 to 32767

1 to 4294967295

dot1q | null | qinq

Specifies the encapsulation type.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-group

peer-group

Syntax

peer-group tunnel-group-id

no peer-group

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group peer-group)

Full Context

configure redundancy multi-chassis peer mc-ipsec tunnel-group peer-group

Description

This command specifies the corresponding tunnel-group ID on peer node. The peer tunnel-group ID does not necessary equals to local tunnel-group ID.

The no form of this command removes the tunnel-group ID from the configuration.

Parameters

tunnel-group-id

Specifies the tunnel-group identifier.

Values

1 to 16

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-ip-prefix

peer-ip-prefix

Syntax

peer-ip-prefix ip-prefix/ip-prefix-length

peer-ip-prefix ipv4-any

peer-ip-prefix ipv6-any

no peer-ip-prefix

Context

[Tree] (config>ipsec>client-db>client>client-id peer-ip-prefix)

Full Context

configure ipsec client-db client client-identification peer-ip-prefix

Description

This command specifies match criteria that uses the peer’s tunnel IP address as the input. Only one peer-ip-prefix criteria can be configured for a given client entry.

The no form of this command reverts to the default.

Default

no peer-ip-prefix

Parameters

ip-prefix/ip-prefix-length

Specifies an IPv4 or IPv6 prefix. It is considered a match if the peer’s tunnel IP address is within the specified prefix.

ipv4-any

Matches any IPv4 address.

ipv6-any

Matches any IPv6 address.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-ip-prefix

Syntax

[no] peer-ip-prefix

Context

[Tree] (config>ipsec>client-db>match-list peer-ip-prefix)

Full Context

configure ipsec client-db match-list peer-ip-prefix

Description

This command enables the use of the peer’s tunnel IP address as the match input.

The no form of this command disables the peer IP prefix matching process.

Default

no peer-ip-prefix

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-limit

peer-limit

Syntax

peer-limit limit

no peer-limit

Context

[Tree] (config>service>vprn>ptp peer-limit)

Full Context

configure service vprn ptp peer-limit

Description

This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This command can ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.

If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.

If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration is not accepted.

The no form of this command removes the limit from the configuration.

Default

no limit

Parameters

limit

Specifies the maximum number of discovered peers allowed in the routing instance.

Values

0 to 50

Default

0 (The maximum number of discovered peers supported by the system).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer-limit

Syntax

peer-limit limit

no peer-limit

Context

[Tree] (config>system>ptp peer-limit)

Full Context

configure system ptp peer-limit

Description

This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This can be used to ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.

If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.

If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration will not be accepted.

Default

no peer-limit

Parameters

limit

Specifies the maximum number of discovered peers allowed in the routing instance.

Values

0 to 512

Default

1 (The maximum number of discovered peers supported by the system.)

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

peer-name

peer-name

Syntax

peer-name name

no peer-name

Context

[Tree] (config>redundancy>multi-chassis>peer peer-name)

Full Context

configure redundancy multi-chassis peer peer-name

Description

This command specifies a peer name.

Default

no peer-name

Parameters

name

Specifies the string up to 32 characters. Any printable, seven-bit ASCII characters can be used within the string. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

peer-profile

peer-profile

Syntax

peer-profile profile-name [create]

no peer-profile profile-name

Context

[Tree] (config subscr-mgmt gtp peer-profile)

Full Context

configure subscriber-mgmt gtp peer-profile

Description

This command creates a new peer profile.

Parameters

profile-name

Specifies the profile name, up to 32 characters.

create

Creates an entry.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-profile-map

peer-profile-map

Syntax

peer-profile-map

Context

[Tree] (config>service>vprn>gtp>uplink peer-profile-map)

[Tree] (config>router>gtp>s11 peer-profile-map)

[Tree] (config>router>gtp>uplink peer-profile-map)

[Tree] (config>service>vprn>gtp>s11 peer-profile-map)

Full Context

configure service vprn gtp uplink peer-profile-map

configure router gtp s11 peer-profile-map

configure router gtp uplink peer-profile-map

configure service vprn gtp s11 peer-profile-map

Description

This command configures a mapping of addresses and subnets to GTP peer profiles.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

peer-rdi-rx

peer-rdi-rx

Syntax

peer-rdi-rx

Context

[Tree] (config>port>ethernet>efm-oam peer-rdi-rx)

Full Context

configure port ethernet efm-oam peer-rdi-rx

Description

This container allows an action to be configured for the various event conditions that can be received from a peer under the context of the EFM OAM protocol.

Platforms

All

peer-template

peer-template

Syntax

[no] peer-template template-name

Context

[Tree] (config>router>ldp>targeted-session peer-template)

Full Context

configure router ldp targeted-session peer-template

Description

This command creates a targeted session peer parameter template that can be referenced in the automatic creation of targeted Hello adjacency and LDP session to a discovered peer.

The no form of this command deletes the peer template. A peer template cannot be deleted if it is bound to a peer prefix list.

Parameters

template-name

Specifies the template name to identify targeted peer template. It must be 32 characters maximum.

Platforms

All

peer-template-map

peer-template-map

Syntax

peer-template-map template-name policy peer-prefix-policy1 [peer-prefix-policy2..up to 5]

no peer-template-map peer-template template-name

Context

[Tree] (config>router>ldp>targeted-session peer-template-map)

Full Context

configure router ldp targeted-session peer-template-map

Description

This command enables the automatic creation of a targeted Hello adjacency and LDP session to a discovered peer. The user configures a targeted session peer parameter template and binds it to a peer prefix policy.

Each application of a targeted session template to a given prefix in the prefix list will result in the establishment of a targeted Hello adjacency to an LDP peer using the template parameters as long as the prefix corresponds to a router-id for a node in the TE database. As a result of this, the user must enable the traffic-engineering option in ISIS or OSPF. The targeted Hello adjacency will either trigger a new LDP session or will be associated with an existing LDP session to that peer.

Up to 5 peer prefix policies can be associated with a single peer template at all times. Also, the user can associate multiple templates with the same or different peer prefix policies. Thus multiple templates can match with a given peer prefix. In all cases, the targeted session parameters applied to a given peer prefix are taken from the first created template by the user. This provides a more deterministic behavior regardless of the order in which the templates are associated with the prefix policies.

Each time the user executes the above command, with the same or different prefix policy associations, or the user changes a prefix policy associated with a targeted peer template, the system re-evaluates the prefix policy. The outcome of the re-evaluation will tell LDP if an existing targeted Hello adjacency needs to be torn down or if an existing targeted Hello adjacency needs to have its parameters updated on the fly.

If a /32 prefix is added to (removed from) or if a prefix range is expanded (shrunk) in a prefix list associated with a targeted peer template, the same prefix policy re-evaluation described above is performed.

The template comes up in the no shutdown state and as such it takes effect immediately. Once a template is in use, the user can change any of the parameters on the fly without shutting down the template. In this case, all targeted Hello adjacencies are updated.

The SR OS supports multiple ways of establishing a targeted Hello adjacency to a peer LSR:

  • User configuration of the peer with the targeted session parameters inherited from the config>router>ldp>targeted-session in the top level context or explicitly configured for this peer in the config>router>ldp>targ-session>peer context and which overrides the top level parameters shared by all targeted peers. Let us refer to the top level configuration context as the global context. Some parameters only exist in the global context; their value will always be inherited by all targeted peers regardless of which event triggered it.

  • User configuration of an SDP of any type to a peer with the signaling tldp option enabled (default configuration). In this case the targeted session parameter values are taken from the global context.

  • User configuration of a (FEC 129) PW template binding in a BGP-VPLS service. In this case the targeted session parameter values are taken from the global context.

  • User configuration of a (FEC 129 type II) PW template binding in a VLL service (dynamic multi-segment PW). In this case the target session parameter values are taken from the global context

  • User configuration of a mapping of a targeted session peer parameter template to a prefix policy when the peer address exists in the TE database (this feature). In this case, the targeted session parameter values are taken from the template.

Since the above triggering events can occur simultaneously or in any arbitrary order, the LDP code implements a priority handling mechanism in order to decide which event overrides the active targeted session parameters. The overriding trigger will become the owner of the targeted adjacency to a given peer. The following is the priority order:

  • Priority 1: manual configuration of session parameters

  • Priority 2: mapping of targeted session template to prefix policy.

  • Priority 3: auto-tx parameters

  • Priority 4: auto-rx parameters

  • Priority 5: manual configuration of SDP, PW template binding in BGP-AD VPLS and in FEC 129 VLL.

Any parameter value change to an active targeted Hello adjacency caused by any of the above triggering events is performed on the fly by having LDP immediately send a Hello message with the new parameters to the peer without waiting for the next scheduled time for the Hello message. This allows the peer to adjust its local state machine immediately and maintains both the Hello adjacency and the LDP session in UP state. The only exceptions are the following:

  • The triggering event caused a change to the local-lsr-id parameter value. In this case, the Hello adjacency is brought down which will also cause the LDP session to be brought down if this is the last Hello adjacency associated with the session. A new Hello adjacency and LDP session will then get established to the peer using the new value of the local LSR ID.

  • The triggering event caused the targeted peer shutdown option to be enabled. In this case, the Hello adjacency is brought down which will also cause the LDP session to be brought down if this is the last Hello adjacency associated with the session.

Finally, the value of any LDP parameter which is specific to the LDP/TCP session to a peer is inherited from the config>router>ldp>session-params>peer context. This includes MD5 authentication, LDP prefix per-peer policies, label distribution mode (DU or DOD), and so on.

The no form of this command deletes the binding of the template to the peer prefix list and brings down all Hello adjacencies to the discovered LDP peers.

Platforms

All

peer-to-peer

peer-to-peer

Syntax

[no] peer-to-peer

Context

[Tree] (debug>diameter>node>peer peer-to-peer)

Full Context

debug diameter node peer peer-to-peer

Description

This command reports only peer level message that are required for bringing up, maintaining and tearing down the peering connection (CER/A, DWR/A, and so on).

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peer-tracking-policy

peer-tracking-policy

Syntax

peer-tracking-policy policy-name

no peer-tracking-policy

Context

[Tree] (config>service>vprn>bgp peer-tracking-policy)

Full Context

configure service vprn bgp peer-tracking-policy

Description

This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.

The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.

Note:

When peer-tracking is configured, the peer-tracking policy should only permit one of direct-interface or direct routes to be advertised to a BGP peer. Advertising both routes will cause the best route to oscillate.

Default

no peer-tracking-policy

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

peer-tracking-policy

Syntax

peer-tracking-policy policy-name

no peer-tracking-policy

Context

[Tree] (config>router>bgp peer-tracking-policy)

Full Context

configure router bgp peer-tracking-policy

Description

This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.

The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.

Note:

When peer-tracking is configured, the peer-tracking policy should only permit one of direct-interface or direct routes to be advertised to a BGP peer. Advertising both routes will cause the best route to oscillate.

Default

no peer-tracking-policy

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

peer-transport

peer-transport

Syntax

peer-transport ip-address

no peer transport

Context

[Tree] (config>router>ldp>tcp-session-parameters peer-transport)

Full Context

configure router ldp tcp-session-parameters peer-transport

Description

This command configures the peer transport address, that is, the destination address of the TCP connection, and not the address corresponding to the LDP LSR-ID of the peer.

Parameters

ip-address

Specifies the IPv4 or IPv6 address of the TCP connection to the LDP peer in dotted decimal notation.

Platforms

All

peer-tunnel-attributes

peer-tunnel-attributes

Syntax

peer-tunnel-attributes

Context

[Tree] (config>anysec>tnl-enc>enc-grp peer-tunnel-attributes)

Full Context

configure anysec tunnel-encryption encryption-group peer-tunnel-attributes

Description

Commands in this context configure the peer tunnel attributes.

Tunnel attributes are used to match and identify the outgoing tunnels for encryptoin with ANYsec. A single tunnel attribute is used for multiple peers. Since an LSP is unidirectional, the outgoing tunnel can have different attributes from the incoming tunnel (for example, security termination policy).

Default

peer-tunnel-attributes

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

peer6

peer6

Syntax

peer6 ipv6-address

no peer6

Context

[Tree] (config>router>nat>inside>redundancy peer6)

[Tree] (config>service>vprn>nat>inside>redundancy peer6)

Full Context

configure router nat inside redundancy peer6

configure service vprn nat inside redundancy peer6

Description

This command is used in NAT64 multi-chassis redundancy in conjunction with filters. The configured peer6 address is an IPv6 address configured under an interface on the peering NAT64 node (active or standby). This IPv6 interface address is advertised via routing on the inside in order to attract traffic from the standby to the active NAT64 node.

Under normal circumstances, the NAT64 prefix is advertised only from the active NAT64 node. Consequently, upstream traffic for NAT64 is attracted to the active NAT64 node. The nat action in the ipv6-filter on the active NAT64 node forwards traffic to the local MS-ISA where NAT64 function is performed. However, if that upstream traffic arrives on the standby NAT64 node, the nat action in the IPv6-filter forwards traffic to the peer6 address (active NAT64 node).

The no form of the command removes the peer6 ip-address from the configuration.

Parameters

ipv6-address

Specifies the IPv6 address of the NAT redundancy peer.

Values

ipv6-address:

ipv6-address - x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

peers

peers

Syntax

peers

Context

[Tree] (config>li>x-interfaces>x3 peers)

Full Context

configure li x-interfaces x3 peers

Description

This command enables the configuration of X3 peer LICs.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pending-requests-limit

pending-requests-limit

Syntax

pending-request-limit limit

no pending-request-limit

Context

[Tree] (config>router>radius-server>server pending-requests-limit)

[Tree] (config>service>vprn>radius-server>server pending-requests-limit)

Full Context

configure router radius-server server pending-requests-limit

configure service vprn radius-server server pending-requests-limit

Description

This command specifies the per-server maximum number of outstanding requests sent to the RADIUS server. If the maximum number is exceeded, the next RADIUS server in the pool is selected.

The no form of this command removes the limit value from the configuration.

Default

pending-requests-limit 4096

Parameters

limit

Specifies the maximum number of outstanding requests sent to the RADIUS server.

Values

1 to 4096

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

peq

peq

Syntax

[no] peq peq-slot [chassis chassis-id]

Context

[Tree] (config>system>pwr-mgmt peq)

Full Context

configure system power-management peq

Description

This command sets the APEQ slot number.

Parameters

peq-slot

Identifies the APEQ slot.

Values

1 to 12

chassis-id

Specifies chassis ID for the router chassis.

Values

1, 2

Default

1

Platforms

7750 SR-12e, 7950 XRS

peq-type

peq-type

Syntax

peq-type peq-type

no peq-type

Context

[Tree] (cfg>sys>pwr-mgmt>peq peq-type)

Full Context

configure system power-management peq peq-type

Description

This command sets the type of APEQ for the designated APEQ slot.

The no form of this command moves the APEQ to an unprovisioned state.

Default

no peq-type

Parameters

peq-type

Identifies the APEQ type.

Values

apeq-ac-4400, apeq-ac-3000, apeq-dc-2000, apeq-dc-2200-2800, apeq-dc-4275, apeq-hvdc-3000

Platforms

7750 SR-12e, 7950 XRS

per-fp-egr-queuing

per-fp-egr-queuing

Syntax

[no] per-fp-egr-queuing

Context

[Tree] (config>lag>access per-fp-egr-queuing)

Full Context

configure lag access per-fp-egr-queuing

Description

This command specifies whether a more efficient method of queue allocation for LAG SAPs should be utilized.

The no form of this command disables the method of queue allocation for LAG SAPs.

Platforms

All

per-fp-ing-queuing

per-fp-ing-queuing

Syntax

[no] per-fp-ing-queuing

Context

[Tree] (config>lag>access per-fp-ing-queuing)

Full Context

configure lag access per-fp-ing-queuing

Description

This command provides the ability to reduce the number of hardware queues assigned on each LAG SAP ingress. When the feature is enabled, the queue allocation for SAPs on a LAG will be optimized and only one set of queues per ingress forwarding path (FP) is allocated instead of one per port.

The no form of this command disables the method of queue allocation for LAG SAPs.

Platforms

All

per-fp-ing-queuing

Syntax

[no] per-fp-ing-queuing

Context

[Tree] (config>eth-tunnel>lag-emulation>access per-fp-ing-queuing)

Full Context

configure eth-tunnel lag-emulation access per-fp-ing-queuing

Description

This command provides the ability to reduce the number of hardware queues assigned on each LAG SAP ingress. When the feature is enabled, the queue allocation for SAPs on a LAG will be optimized and only one set of queues per ingress forwarding path (FP) is allocated instead of one per port.

The no form of this command reverts the default.

Default

no per-fp-ing-queuing

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

per-fp-sap-instance

per-fp-sap-instance

Syntax

[no] per-fp-sap-instance

Context

[Tree] (config>lag>access per-fp-sap-instance)

Full Context

configure lag access per-fp-sap-instance

Description

This command enables optimized SAP instance allocation on a LAG. When enabled, SAP instance is allocated per each FP the LAG links exits on instead of per each LAG port.

The no form of this command disables optimized SAP instance allocation.

Default

no per-fp-sap-instance

Platforms

All

per-host-authentication

per-host-authentication

Syntax

[no] per-host-authentication

Context

[Tree] (config>port>ethernet>dot1x per-host-authentication)

Full Context

configure port ethernet dot1x per-host-authentication

Description

This command enables dot1x authenticating per host source mac or VLAN. The port does not allow traffic from any hosts or any MAC. When a host is authenticated via RADIUS policy, its source mac is then allowed through the port, while the port is closed for any other mac. Any traffic from the allowed host is forwarded on the port, including untagged and tagged traffic.

Default

no per-host-authentication

Platforms

All

per-host-replication

per-host-replication

Syntax

per-host-replication [uni-mac | mcast-mac]

no per-host-replication

Context

[Tree] (config>subscr-mgmt>igmp-policy per-host-replication)

Full Context

configure subscriber-mgmt igmp-policy per-host-replication

Description

This command enables per-host-replication in IPoE model. For PPPoX, per-host-replication is the only mode of operation. In the per-host-replication mode, multicast traffic is replicated per each host within the subscriber irrespective of the fact that some hosts may be subscribed to the same multicast stream. As a result, in case that multiple hosts within the subscriber are registered for the same multicast group, the multicast streams of that group is generated. The destination MAC address of multicast streams is changed to unicast so that each host receives its own copy of the stream. Multicast traffic in the per-host-replication mode can be classified via the existing QoS CLI structure. As such the multicast traffic will flow through the subscriber queues. HQoS Adjustment is not needed in this case.

The alternative behavior for multicast replication in IPoE environment is per-SAP- replication. In this model, only a single copy of the multicast stream is sent per SAP, irrespective of the number of hosts that are subscribed to the same multicast group. This behavior applies to 1:1 connectivity model as well as on 1:N connectivity model (SAP centric behavior as opposed to subscriber centric behavior).

In the per-SAP-replication model the destination MAC address is multicast (as opposed to unicast in the per-host-replication model). Multicast traffic is flowing via the SAP queue which is outside of the subscriber context. The consequence is that multicast traffic is not accounted in the subscriber HQoS. In addition, HQoS Adaptation is not supported in the per SAP replication model.

Default

no per-host-replication — By default there is no per host replication and replication is done per SAP. This mode utilizes the SAP queues. With per-host-replication it will allow the use of the subscriber queues. Per-host-replication uses unicast MAC and multicast IP to deliver multicast content to end hosts. This is useful for multi host per SAP cases. To interoperate with end devices that do not support unicast MAC, there is an option to use per-host-replication with a multicast MAC. The traffic is the same as replication per SAP but the difference of using the subscriber queues.

Parameters

uni-mac

Specifies that multicast traffic is sent with a unicast MAC and multicast IP.

mcast-mac

Specifies that multicast traffic is sent with a multicast MAC and IP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

per-host-replication

Syntax

[no] per-host-replication [uni-mac | mcast-mac]

Context

[Tree] (config>subscr-mgmt>mld-policy per-host-replication)

Full Context

configure subscriber-mgmt mld-policy per-host-replication

Description

This command enables per-host-replication. In the per-host-replication mode, multicast traffic is replicated per each host within the subscriber irrespective of the fact that some hosts may be subscribed to the same multicast stream. As a result, in case that multiple hosts within the subscriber are registered for the same multicast group, the multicast streams of that group are generated. The destination MAC address of multicast streams is changed to unicast so that each host receives its own copy of the stream. Multicast traffic in the per-host-replication mode can be classified via the existing QoS CLI structure. As such the multicast traffic flows through the subscriber queues. HQoS Adjustment is not needed in this case.

The alternative behavior for multicast replication in IPoE environment is per-SAP- replication. In this model, only a single copy of the multicast stream is sent per SAP, irrespective of the number of hosts that are subscribed to the same multicast group. This behavior applies to 1:1 connectivity model as well as on 1:N connectivity model (SAP centric behavior as opposed to subscriber centric behavior).

In the per-SAP-replication model the destination MAC address is multicast (as opposed to unicast in the per-host-replication model). Multicast traffic is flowing via the SAP queue which is outside of the subscriber context. The consequence is that multicast traffic is not accounted in the subscriber HQoS. In addition, HQoS Adaptation is not supported in the per SAP replication model.

The no form of this command reverts to the default.

Parameters

uni-mac

Specifies that multicast traffic s sent with a unicast MAC and multicast IP.

mcast-mac

Specifies the multicast traffic is sent with a multicast MAC and IP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

per-lag-hashing

per-lag-hashing

Syntax

[no] per-lag-hashing

Context

[Tree] (config>mirror>mirror-dest per-lag-hashing)

Full Context

configure mirror mirror-dest per-lag-hashing

Description

This command enables per-LAG hashing on the mirror destination.

When this command is enabled, the mirror destination SAP or SDP of type LAG uses all of the link members for flow hashing. Hashing to link members is based on IP flows.

The no form of this command disables per-LAG hashing. All mirrored packets sent to a SAP or SDP of type LAG, are sent to only one of the LAG link members. If the link member to which the mirrored packets are being sent fails, another link member takes over and provides mirrored packet forwarding. Although no hashing is performed, resiliency is still provided by this next link member.

Default

no per-lag-hashing

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

per-link-hash

per-link-hash

Syntax

per-link-hash

per-link-hash weighted [auto-rebalance] [subscriber-hash-mode mode]

no per-link-hash

Context

[Tree] (config>lag per-link-hash)

Full Context

configure lag per-link-hash

Description

This command configures per-link-hashing on a LAG. When enabled, SAPs/subscribers/interfaces are hashed on LAG egress to a single LAG link.

The no form of this command disables per-link-hashing on a LAG.

Default

no per-link-hash

Parameters

weighted

SAPs, subscribers, and interfaces are distributed amongst LAG links based on their preconfigured class and weight. As new links are added to a LAG, existing SAPs, subscribers, and interfaces are not impacted.

auto-rebalance

SAPs, subscribers, and interfaces are distributed amongst LAG links based on their preconfigured class and weight. As new links are added to a LAG, existing SAPs, subscribers, and interfaces are rebalanced automatically.

mode

Subscriber traffic can be load balanced over LAG member links in a weighted way. Traffic hashing can be performed based on SAPs or Vports.

SAP-based hashing supports weights configured at the subscriber level in a subscriber profile. SAP hashing mode supports only SAP and subscriber (1:1) deployment models.

Vport based load balancing supports SAP and subscriber (1:1) and SAP and service (N:1) deployment models.

Platforms

All

per-mcast-plane-capacity

per-mcast-plane-capacity

Syntax

[no] per-mcast-plane-capacity

Context

[Tree] (config>mcast-mgmt>chassis-level per-mcast-plane-capacity)

Full Context

configure mcast-management chassis-level per-mcast-plane-capacity

Description

Commands in this context configure multicast plane bandwidth parameters. This CLI node contains the configuration of the overall multicast (primary plus secondary) and specific secondary rate limits for each switch fabric multicast plane.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

per-peer-queuing

per-peer-queuing

Syntax

[no] per-peer-queuing

Context

[Tree] (config>system>security per-peer-queuing)

Full Context

configure system security per-peer-queuing

Description

This command enables CPM hardware queuing per peer. This means that when a peering session is established, the router will automatically allocate a separate CPM hardware queue for that peer.

The no form of this command disables CPM hardware queuing per peer.

Default

per-peer-queuing

Platforms

All

per-service-hashing

per-service-hashing

Syntax

[no] per-service-hashing

Context

[Tree] (config>service>epipe>load-balancing per-service-hashing)

Full Context

configure service epipe load-balancing per-service-hashing

Description

This command enables on a per service basis, consistent per-service hashing for Ethernet services over LAG, over Ethernet tunnel (eth-tunnel) using loadsharing protection-type or over CCAG. Specifically, it enables the new hashing procedures for Epipe, VPLS, regular or PBB services.

The following algorithm describes the hash-key used for hashing when the new option is enabled:

  • If the packet is PBB encapsulated (contains an I-TAG ethertype) at the ingress side, use the ISID value from the I-TAG

  • If the packet is not PBB encapsulated at the ingress side

    • For regular (non-PBB) VPLS and Epipe services, use the related service ID

    • If the packet is originated from an ingress IVPLS or PBB Epipe SAP

    • If there is an ISID configured use the related ISID value

    • If there is no ISID yet configured use the related service ID

    • For BVPLS transit traffic use the related flood list id

    • Transit traffic is the traffic going between BVPLS endpoints

    • An example of non-PBB transit traffic in BVPLS is the OAM traffic

    • The preceding rules apply regardless of traffic type

    • Unicast, BUM flooded without MMRP or with MMRP, IGMP snooped

The no form of this command implies the use of existing hashing options.

Default

no per-service-hashing

Platforms

All

per-service-hashing

Syntax

[no] per-service-hashing

Context

[Tree] (config>service>vpls>load-balancing per-service-hashing)

[Tree] (config>service>template>vpls-template>load-balancing per-service-hashing)

Full Context

configure service vpls load-balancing per-service-hashing

configure service template vpls-template load-balancing per-service-hashing

Description

This command enables on a per service basis, consistent per-service hashing for Ethernet services over LAG, over Ethernet tunnel (eth-tunnel) using loadsharing protection-type or over CCAG. Specifically, it enables the new hashing procedures for Epipe, VPLS, regular or PBB services.

The following algorithm describes the hash-key used for hashing when the new option is enabled:

  • If the packet is PBB encapsulated (contains an I-TAG ethertype) at the ingress side, use the ISID value from the I-TAG

  • If the packet is not PBB encapsulated at the ingress side

    • For regular (non-PBB) VPLS and Epipe services, use the related service ID

    • If the packet is originated from an ingress IVPLS or PBB Epipe SAP

  • If there is an ISID configured use the related ISID value

  • If there is no ISID yet configured use the related service ID

    • For BVPLS transit traffic use the related flood list id

  • Transit traffic is the traffic going between BVPLS endpoints

  • An example of non-PBB transit traffic in BVPLS is the OAM traffic

  • The above rules apply regardless of traffic type

    • Unicast, BUM flooded without MMRP or with MMRP, IGMP snooped

The no form of this command implies the use of existing hashing options.

Default

no per-service-hashing

Platforms

All

per-source-rate

per-source-rate

Syntax

per-source-rate packet-rate-limit

no per-source-rate

Context

[Tree] (config>sys>security>cpu-protection>policy per-source-rate)

Full Context

configure system security cpu-protection policy per-source-rate

Description

This command configures a per-source packet arrival rate limit. Use this command to apply a packet arrival rate limit on a per source basis. A source is defined as a unique combination of SAP and MAC source address (mac-monitoring) or SAP and source IP address (ip-src-monitoring). The CPU will receive no more than the configured packet rate from each source (only certain protocols are rate limited for ip-src-monitoring as configured under include-protocols in the cpu-protection policy). The measurement is cleared each second.

This parameter is only applicable if the policy is assigned to an interface (some examples include saps, subscriber-interfaces, and spoke-sdps), and the mac-monitor or ip-src-monitor keyword is specified in the cpu-protection configuration of that interface.

The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In layer-3 aggregation scenarios, all packets from all subscribers behind the same aggregation router will arrive with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.

Default

per-source-rate max

Parameters

packet-rate-limit

Specifies a per-source packet (per SAP/MAC source address or per SAP/IP source address) arrival rate limit in packets per second.

Values

1 to 65535, max (max indicates no limit)

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

per-spi-replication

per-spi-replication

Syntax

[no] per-spi-replication

Context

[Tree] (config>subscr-mgmt>igmp-policy per-spi-replication)

Full Context

configure subscriber-mgmt igmp-policy per-spi-replication

Description

This command enables per-SLA Profile Instance (SPI) replication. In this mode, a multicast stream is transmitted for the subscriber host SLA profile for each registered multicast group (channel). As a result, multiple copies of the same multicast stream are transmitted over the same SAP. The replication of the multicast packets depends on the number of SLA profile instances configured for the subscriber. For example, if the subscriber hosts use three SLA profiles, the (S,G) is replicated three times, but if the subscriber hosts use the same SLA profile, the (S,G) is only replicated once.

The no form of this command disables per-SPI replication.

Default

no per-spi-replication

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

per-user

per-user

Syntax

per-user user-directory dir-url file-name file-name

no per-user

Context

[Tree] (config>system>login-control>login-scripts per-user)

Full Context

configure system login-control login-scripts per-user

Description

This command allows users to define their own login scripts that can be executed each time they first login to a CLI session. The command executes the script " file-url / username / file-name" when the user username logs into a CLI session (authenticated by any means including local user database, TACACS+, or RADIUS).

For example:

per-user user-directory "cf1:/local/users" file-name "login-script.txt"

would search for the following script when user "admin” logs in and authenticates via RADIUS:

cf1:/local/users/admin/login-script.txt

The per user login script is executed after any global script executes and before any login-exec script configured against a local user is executed. This allows users, for example, who are authenticated via TACACS+ or RADIUS to define their own login scripts.

This CLI script executes in the context of the user who opens the CLI session. Any commands in the script that the user is not authorized to execute will fail.

The no form of this command disables the execution of any per user login-scripts.

Default

no per-user

Parameters

dir-url

Specifies the path or directory name.

file-name

Specifies the name of the file (located in the dir-url directory) including the extension.

Platforms

All

percent-rate

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

Context

[Tree] (config>port>eth>access>egr>qgrp>qover>q percent-rate)

[Tree] (config>port>ethernet>network>egr>qgrp>qover>q percent-rate)

Full Context

configure port ethernet access egress queue-group queue-overrides queue percent-rate

configure port ethernet network egress queue-group queue-overrides queue percent-rate

Description

This command specifies percent rates (CIR and PIR).

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the egress queue group template.

Parameters

pir-percent

Specifies the PIR as a percentage.

Values

0.01 to 100.00

cir-percent

Specifies the CIR as a percentage.

Values

0.00 to 100.00

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>ipipe>sap>ingress>policer-over>plcr percent-rate)

[Tree] (config>service>ipipe>sap>egress>policer-over>plcr percent-rate)

[Tree] (config>service>cpipe>sap>ingress>policer-over>plcr percent-rate)

[Tree] (config>service>cpipe>sap>egress>policer-over>plcr percent-rate)

[Tree] (config>service>epipe>sap>egress>policer-over>plcr percent-rate)

Full Context

configure service ipipe sap ingress policer-override policer percent-rate

configure service ipipe sap egress policer-override policer percent-rate

configure service cpipe sap ingress policer-override policer percent-rate

configure service cpipe sap egress policer-override policer percent-rate

configure service epipe sap egress policer-override policer percent-rate

Description

This command configures the percent rates (CIR and PIR) override.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the policers’s parent arbiter rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the policer’s CIR as a percentage of the policers’s parent arbiter rate.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe sap egress policer-override policer percent-rate
  • configure service ipipe sap egress policer-override policer percent-rate
  • configure service ipipe sap ingress policer-override policer percent-rate

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress policer-override policer percent-rate
  • configure service cpipe sap ingress policer-override policer percent-rate

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>cpipe>sap>egress>queue-override>queue percent-rate)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue percent-rate)

[Tree] (config>service>epipe>sap>egress>queue-override>queue percent-rate)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue percent-rate)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue percent-rate)

Full Context

configure service cpipe sap egress queue-override queue percent-rate

configure service cpipe sap ingress queue-override queue percent-rate

configure service epipe sap egress queue-override queue percent-rate

configure service ipipe sap egress queue-override queue percent-rate

configure service ipipe sap ingress queue-override queue percent-rate

Description

The percent-rate command within the SAP ingress and egress QoS policy enables supports for a queue’s PIR and CIR rate to be configured as a percentage of the egress port’s line rate or of its parent scheduler’s rate.

When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QOS policy to be used on SAPs on different ports without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.

When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue’s parent scheduler rate. This enables the same QOS policy to be used on SAPs with different parent scheduler rates without needing to use SAP based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the parent scheduler rate changes after the queue is created, the queue’s PIR and CIR rates will be recalculated based on the defined percentage value.

Queue rate overrides can only be specified in the form as configured in the QoS policy (a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QOS policy.

When no percent-rate is defined within a SAP ingress or egress queue-override, the queue reverts to the defined shaping and CIR rates within the SAP ingress and egress QOS policy associated with the queue.

Parameters

percent-of-line-rate

The percent-of-line-rate parameter is used to express the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

pir-percent

Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue’s CIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.00 to 100.00

Default

100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress queue-override queue percent-rate
  • configure service cpipe sap egress queue-override queue percent-rate

All

  • configure service ipipe sap ingress queue-override queue percent-rate
  • configure service ipipe sap egress queue-override queue percent-rate
  • configure service epipe sap egress queue-override queue percent-rate

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>service>ipipe>sap>egress>queue-override>hs-wrr-group percent-rate)

[Tree] (config>service>epipe>sap>egress>queue-override>hs-wrr-group percent-rate)

Full Context

configure service ipipe sap egress queue-override hs-wrr-group percent-rate

configure service epipe sap egress queue-override hs-wrr-group percent-rate

Description

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy maximum rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>vpls>sap>ingress>policer-override>plcr percent-rate)

[Tree] (config>service>vpls>sap>egress>policer-override>plcr percent-rate)

Full Context

configure service vpls sap ingress policer-override policer percent-rate

configure service vpls sap egress policer-override policer percent-rate

Description

This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.

The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters

pir-percent

Specifies the policer's PIR as a percentage of the policers' parent arbiter rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the policer's CIR as a percentage of the policers' parent arbiter rate.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>service>vpls>sap>egress>queue-override>hs-wrr-group percent-rate)

Full Context

configure service vpls sap egress queue-override hs-wrr-group percent-rate

Description

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

Context

[Tree] (config>service>vpls>sap>ingress>queue-override>queue percent-rate)

[Tree] (config>service>vpls>sap>egress>queue-override>queue percent-rate)

Full Context

configure service vpls sap ingress queue-override queue percent-rate

configure service vpls sap egress queue-override queue percent-rate

Description

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10-Gb port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters

pir-percent

Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.00 to 100.00

Default

100.00

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>ies>if>sap>ingress>policer-override>plcr percent-rate)

[Tree] (config>service>ies>if>sap>egress>policer-override>plcr percent-rate)

Full Context

configure service ies interface sap ingress policer-override policer percent-rate

configure service ies interface sap egress policer-override policer percent-rate

Description

This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.

The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters

pir-percent

Specifies the policer's PIR as a percentage of the policers's parent arbiter rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the policer's CIR as a percentage of the policers's parent arbiter rate.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>service>ies>if>sap>egress>queue-override>hs-wrr-group percent-rate)

Full Context

configure service ies interface sap egress queue-override hs-wrr-group percent-rate

Description

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue percent-rate)

[Tree] (config>service>ies>if>sap>egress>queue-override>queue percent-rate)

Full Context

configure service ies interface sap ingress queue-override queue percent-rate

configure service ies interface sap egress queue-override queue percent-rate

Description

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters

pir-percent

Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.00 to 100.00

Default

100.00

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>vprn>if>sap>egress>policer-override>plcr percent-rate)

[Tree] (config>service>vprn>if>sap>ingress>policer-override>plcr percent-rate)

Full Context

configure service vprn interface sap egress policer-override policer percent-rate

configure service vprn interface sap ingress policer-override policer percent-rate

Description

This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.

The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters

pir-percent

Specifies the policer's PIR as a percentage of the policers's parent arbiter rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the policer's CIR as a percentage of the policers's parent arbiter rate.

Values

0.00 to 100.00

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>hs-wrr-group percent-rate)

Full Context

configure service vprn interface sap egress queue-override hs-wrr-group percent-rate

Description

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue percent-rate)

Full Context

configure service vprn interface sap egress queue-override queue percent-rate

Description

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters

pir-percent

Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.

Values

0.00 to 100.00

Default

100.00

Platforms

All

percent-rate

Syntax

percent-rate percentage [local-limit | reference-port-limit]

no percent-rate

Context

[Tree] (config>qos>plcr-ctrl-plcy>tier>arbiter percent-rate)

Full Context

configure qos policer-control-policy tier arbiter percent-rate

Description

This command configures the percent rate of this contexts policer policy.

The no form of this command removes the configuration.

Parameters

percentage

Specifies the percentage.

Values

0.01 to 100.00

local-limit

Keyword used to specify the local limit.

reference-port-limit

Keyword used to specify the reference port limit.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent] [local-limit | reference-port-limit]

no percent-rate

Context

[Tree] (config>qos>sap-ingress>policer percent-rate)

[Tree] (config>qos>sap-egress>policer percent-rate)

Full Context

configure qos sap-ingress policer percent-rate

configure qos sap-egress policer percent-rate

Description

The percent-rate command within the SAP ingress and egress QoS policies enables supports for a policer’s PIR and CIR rate to be configured as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

This enables the same QoS policy to be used on SAPs on different FPs without needing to use SAP-based policer overrides to modify a policer’s rate to get the same relative performance from the policer.

If the parent arbiter rate changes after the policer is created, the policer’s PIR and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a policer is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A policer’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

The no form of this command returns the queue to its default shaping rate and CIR rate.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

Percentage ranging from 0.01 to 100.00

Default

100.00

cir-percent

The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

Percentage ranging from 0.00 to 100.00

Default

100.00

local-limit

Keyword used to specify the local limit.

reference-port-limit

Keyword used to specify the reference port limit.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent] [fir fir-percent] [{ port-limit | local-limit | reference-port-limit}]

percent-rate pir-percent police [{port-limit | local-limit | reference-port-limit}]

no percent-rate

Context

[Tree] (config>qos>sap-ingress>queue percent-rate)

Full Context

configure qos sap-ingress queue percent-rate

Description

This command configures a queue's PIR and CIR as a percentage of the ingress port line rate or as a percentage of its parent scheduler rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue's rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s PIR, CIR, and FIR rates will be recalculated based on the defined percentage value.

When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue's parent scheduler rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue's PIR, CIR, and FIR will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue's rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

Queue rate overrides can only be specified in the form configured in the QoS policy (for example, a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.

When no percent-rate is defined within a SAP ingress queue-override, the queue uses the defined shaping rate, CIR, and FIR within the SAP ingress QoS policy associated with the queue.

The no form of this command returns the queue to its default shaping rate, CIR, and FIR.

Parameters

pir-percent

Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue's CIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.00 to 100.00

Default

100.00

fir-percent

Specifies the queue's FIR as a percentage dependent on the use of the port-limit or local-limit. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

Values

0.00 to 100.00

Default

100.00

police

Keyword used to specify that traffic feeding into the physical queue instance above the specified PIR rate is dropped. When the police keyword is defined, only the PIR rate may be overridden. The police keyword is only applicable to SAP ingress.

port-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the port (including the ingress-rate setting) to which the queue is attached. The port-limit is the default.

local-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the queue’s parent scheduler rate. If there is no parent scheduler rate, or its rate is max, the port-limit is used.

reference-port-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the reference port (including the ingress-rate setting) to which the queue is attached.

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent] [{port-limit | local-limit | reference-port-limit}]

no percent-rate

Context

[Tree] (config>qos>sap-egress>queue percent-rate)

Full Context

configure qos sap-egress queue percent-rate

Description

This command configures a queue's PIR and CIR as a percentage of the egress port line rate or as a percentage of its parent scheduler rate or agg-rate rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s PIR and CIR will be recalculated based on the defined percentage value.

When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue’s parent scheduler rate or agg-rate rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue’s rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue’s PIR and CIR will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

Queue rate overrides can only be specified in the form as configured in the QoS policy (a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.

When configured on an egress HSQ queue group queue, the cir keyword is ignored.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

When no percent-rate is defined within a SAP egress queue-override, the queue uses the defined shaping rate and CIR within the SAP egress QoS policy associated with the queue.

The no form of this command returns the queue to its default shaping rate and CIR.

Parameters

pir-percent

Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue’s CIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.00 to 100.00

Default

100.00

port-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the port (including the egress-rate setting) to which this queue connects. The port-limit is the default.

local-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the queue’s parent scheduler rate or agg-rate rate at egress. If there is no parent scheduler rate or agg-rate rate, or those rates are max, the port-limit is used.

reference-port-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the reference port (including the egress-rate setting) to which this queue connects.

Platforms

All

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>qos>sap-egress>hs-wrr-group percent-rate)

Full Context

configure qos sap-egress hs-wrr-group percent-rate

Description

This command specifies the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The percent-rate and rate commands are mutually exclusive.

The no form of the command reverts to the rate max.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate percent

no percent-rate

Context

[Tree] (config>qos>qgrps>egr>qgrp>hs-wrr-group percent-rate)

Full Context

configure qos queue-group-templates egress queue-group hs-wrr-group percent-rate

Description

This command specifies the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress-rate and port's HS scheduler policy max-rate, if configured. The percent-rate and rate commands are mutually exclusive.

The no form of the command reverts to the rate max.

Parameters

percent

Specifies the percent rate of the HS WRR group.

Values

0.01 to 100.00

Platforms

7750 SR-7/12/12e

percent-rate

Syntax

percent-rate pir-percent [cir cir-percentage] [local-limit | reference-port-limit]

no percent-rate

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer percent-rate)

Full Context

configure qos queue-group-templates egress queue-group policer percent-rate

Description

This command configures the percent rate for this contexts policer.

The no form of this command removes the configuration.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.01 to 100.00

cir-percent

The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.00 to 100.00, sum

local-limit

Keyword used to specify the local limit.

reference-port-limit

Keyword used to specify the reference port limit.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate pir-percent [cir cir-percentage]

no percent-rate

Context

[Tree] (config>qos>qgrps>ing>qgrp>policer percent-rate)

Full Context

configure qos queue-group-templates ingress queue-group policer percent-rate

Description

This command configures the percent rate for this contexts policer.

The no form of this command removes the configuration.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.01 to 100.00

cir-percent

The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.00 to 100.00, sum

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent] [fir fir-percent] [{ port-limit | local-limit | reference-port-limit}]

percent-rate pir-percent police [{port-limit | local-limit | reference-port-limit}]

no percent-rate

Context

[Tree] (config>qos>queue-group-templates>ingress>queue-group>queue percent-rate)

Full Context

configure qos queue-group-templates ingress queue-group queue percent-rate

Description

This command configures a queue's PIR and CIR as a percentage of the ingress port line rate or as a percentage of its parent scheduler rate. When the rates are expressed as a port-limit, the actual rates used per instance of the queue will vary based on the port speed. For example, when the same QoS policy is used on a 1 Gb and a 10 Gb Ethernet port, the queue's rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same QoS policy to be used on SAPs on different ports without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s PIR, CIR, and FIR rates will be recalculated based on the defined percentage value.

When the rates are expressed as a local-limit, the actual rates used per instance of the queue are relative to the queue's parent scheduler rate. This enables the same QoS policy to be used on SAPs with different parent scheduler rates without needing to use SAP-based queue overrides to modify a queue's rate to get the same relative performance from the queue. If the parent scheduler rate changes after the queue is created, the queue's PIR, CIR, and FIR will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue's rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

Queue rate overrides can only be specified in the form configured in the QoS policy (for example, a SAP override can only be specified as a percent-rate if the associated QoS policy was also defined as percent-rate). Likewise, a SAP override can only be specified as a rate (kb/s) if the associated QoS policy was also defined as a rate. Queue-overrides are relative to the limit type specified in the QoS policy.

When no percent-rate is defined within a SAP ingress queue-override, the queue uses the defined shaping rate, CIR, and FIR within the SAP ingress QoS policy associated with the queue.

The no form of this command returns the queue to its default shaping rate, CIR, and FIR.

Parameters

pir-percent

Specifies the queue’s PIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.01 to 100.00

Default

100.00

cir-percent

Specifies the queue's CIR as a percentage dependent on the use of the port-limit or local-limit.

Values

0.00 to 100.00

Default

100.00

fir-percent

Specifies the queue's FIR as a percentage dependent on the use of the port-limit or local-limit. FIR is only supported on FP4 hardware and is ignored when the related policy is applied to FP2- or FP3-based hardware.

Values

0.00 to 100.00

Default

100.00

police

Keyword used to specify that traffic feeding into the physical queue instance above the specified PIR rate will be dropped. When the police keyword is defined, only the PIR rate may be overridden. The police keyword is only applicable to SAP ingress.

port-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the port (including the ingress-rate setting) to which the queue is attached. The port-limit is the default.

local-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the queue’s parent scheduler rate. If there is no parent scheduler rate, or its rate is max, the port-limit is used.

reference-port-limit

Keyword used to specify that the configured PIR, CIR, and FIR percentages are relative to the rate of the reference port (including the ingress-rate setting) to which the queue is attached.

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent] [{port-limit | local-limit | reference-port-limit}]

no percent-rate

Context

[Tree] (config>qos>qgrps>egr>queue-group>queue percent-rate)

Full Context

configure qos queue-group-templates egress queue-group queue percent-rate

Description

The percent-rate command within the egress queue group template enables support for a queue’s PIR and CIR rate to be configured as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gb and a 10-Gb Ethernet port, the queue’s rates will be 10 times greater on the 10 Gb port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port-based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

When configured on an egress HSQ queue group queue, the cir keyword is ignored.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case the configuration of the rate is performed under the hs-wrr-group within the egress queue group template.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. Similarly, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

The no form of this command returns the queue to its default shaping rate and CIR rate.

Parameters

pir-percent

Expresses the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation and the egress rate setting.

Values

0.01 to 100.00 percent

Default

100.0

cir-percent

The cir keyword is optional and when defined, the required pir-percent parameter expresses the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may change dynamically due to configuration or auto-negotiation and the egress rate setting.

Values

0.01 to 100.00 percent

Default

100.0

port-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the port (including the egress-rate setting) to which this queue connects. The port-limit is the default.

local-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the queue’s parent scheduler rate or agg-rate rate at egress. If there is no parent scheduler rate or agg-rate rate, or those rates are max, the port-limit is used.

reference-port-limit

Keyword used to specify that the configure PIR and CIR percentages are relative to the rate of the reference port (including the egress-rate setting) to which this queue connects.

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percentage] [local-limit | reference-port-limit]

no percent-rate

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler percent-rate)

Full Context

configure qos scheduler-policy tier scheduler percent-rate

Description

This command configures the percentage rate for the scheduler policy.

The no form of this command removes the configuration.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.01 to 100.00

cir-percent

The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

0.00 to 100.00, sum

local-limit

Keyword used to specify the local limit.

reference-port-limit

Keyword used to specify the reference port limit.

Platforms

All

percent-rate

Syntax

percent-rate pir-percent [cir cir-percent]

no percent-rate

Context

[Tree] (config>qos>port-scheduler-policy>group percent-rate)

Full Context

configure qos port-scheduler-policy group percent-rate

Description

The percent-rate command within the port scheduler policy group enables support for a policer’s PIR and CIR rate to be configured as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

If the parent arbiter rate changes after the policer is created, the policer’s PIR and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a policer is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A policer’s rate may dynamically be changed back and forth from a percentage to an explicit rate at any time.

The no form of this command returns the queue to its default shaping rate and cir rate.

Parameters

pir-percent

Specifies the policer’s PIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

Percentage ranging from 0.01 to 100.00.

Default

100.00

cir cir-percent

The cir keyword is optional and, when defined, the required cir-percent CIR parameter expresses the policer’s CIR as a percentage of the immediate parent root policer/arbiter rate or the FP capacity.

Values

Percentage ranging from 0.00 to 100.00.

Default

100.00

Platforms

All

percent-reduction-from-mbs

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2>prim-path>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>mcast-mgmt>bw-plcy>t2>sec-path>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure mcast-management bandwidth-policy t2-paths primary-path queue-parameters drop-tail low percent-reduction-from-mbs

configure mcast-management bandwidth-policy t2-paths secondary-path queue-parameters drop-tail low percent-reduction-from-mbs

Description

This command overrides the default percentage value used to determine the low drop-tail value for the queue. By default, 10 percent of the queue depth is reserved for high congestion priority traffic. When specified, the percent-reduction-from-mbs percentage value is applied to the queues’ MBS threshold. The resulting value is subtracted from the MBS to derive the low drop-tail threshold maintained by the queue. The low drop-tail threshold defines the point at which all low-congestion priority packets destined for the queue are discarded based on queue depth. Low- and high-congestion priority is derived from the multicast records preference value compared to the record’s bundle priority threshold.

The no form of this command restores the default value.

Default

percent-reduction-from-mbs 10

Parameters

percent

Specifies the percent of queue depth reserved for high-congestion priority traffic.

Values

0 to 100, default

0 specifies that the MBS and low drop-tail thresholds be set to the same value resulting in high- and low-congestion priority packets being treated equally.

100 specifies that the low drop-tail threshold is set to 0, resulting in all low-congestion priority packets being discarded.

Values between 0 and 100 result in a corresponding differential between the MBS and the low drop-tail threshold values.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>service>ies>if>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>vpls>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>ies>if>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>vpls>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure service ies interface sap egress queue-override queue drop-tail low percent-reduction-from-mbs

configure service vpls sap egress queue-override queue drop-tail low percent-reduction-from-mbs

configure service ies interface sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

configure service vpls sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

Description

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail is at 420 kbytes and out-of-profile packets are not accepted into the queue if its depth is greater than this value, and discarded.

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>port>ethernet>access>egr>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>port>ethernet>network>egr>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>port>ethernet>access>ing>qgrp>qover>q>drop-tail>low percent-reduction-from-mbs)

Full Context

configure port ethernet access egress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs

configure port ethernet network egress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs

configure port ethernet access ingress queue-group queue-overrides queue drop-tail low percent-reduction-from-mbs

Description

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>service>epipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>epipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>cpipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>ipipe>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>ipipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>cpipe>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure service epipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs

configure service epipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

configure service cpipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

configure service ipipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

configure service ipipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs

configure service cpipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs

Description

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes. Any out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

  • configure service epipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
  • configure service ipipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
  • configure service ipipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs
  • configure service epipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress queue-override queue drop-tail low percent-reduction-from-mbs
  • configure service cpipe sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>service>vprn>if>sap>ingress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>service>vprn>if>sap>egress>queue-override>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure service vprn interface sap ingress queue-override queue drop-tail low percent-reduction-from-mbs

configure service vprn interface sap egress queue-override queue drop-tail low percent-reduction-from-mbs

Description

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>sap-ingress>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure qos sap-ingress queue drop-tail low percent-reduction-from-mbs

Description

This command configures the ingress SAP low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.

Default

percent-reduction-from-mbs 10

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>sap-egress>queue>drop-tail>highplus percent-reduction-from-mbs)

[Tree] (config>qos>sap-egress>queue>drop-tail>low percent-reduction-from-mbs)

[Tree] (config>qos>sap-egress>queue>drop-tail>exceed percent-reduction-from-mbs)

[Tree] (config>qos>sap-egress>queue>drop-tail>high percent-reduction-from-mbs)

Full Context

configure qos sap-egress queue drop-tail highplus percent-reduction-from-mbs

configure qos sap-egress queue drop-tail low percent-reduction-from-mbs

configure qos sap-egress queue drop-tail exceed percent-reduction-from-mbs

configure qos sap-egress queue drop-tail high percent-reduction-from-mbs

Description

This command configures the egress SAP queue drop tails as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and this percentage is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.

The drop tails apply to packets with the following profile state:

  • Exceed drop tail: exceed-profile

  • High drop tail: in-profile

  • Highplus drop tail: inplus-profile

  • Low drop tail: out-of-profile

Default

Exceed drop tail: 20%

Low drop tail: 10%

High drop tail: 0%

Highplus drop tail: 0%

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>network-queue>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure qos network-queue queue drop-tail low percent-reduction-from-mbs

Description

This command configures the ingress and egress network queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and percent-reduction-from-mbs is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.

The exceed drop tail is not configurable for network queues, however, it is set to a value of 10% in addition to low drop tail and capped by the MBS.

Default

percent-reduction-from-mbs 10

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>qgrps>ing>qgrp>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure qos queue-group-templates ingress queue-group queue drop-tail low percent-reduction-from-mbs

Description

This command configures the ingress queue group queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, the low drop tail will be at 420 kbytes. Out-of-profile packets will not be accepted into the queue and will be discarded if the queue depth is greater than this value.

Default

10%

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>exceed percent-reduction-from-mbs)

[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>high percent-reduction-from-mbs)

[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>highplus percent-reduction-from-mbs)

[Tree] (config>qos>qgrps>egr>qgrp>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure qos queue-group-templates egress queue-group queue drop-tail exceed percent-reduction-from-mbs

configure qos queue-group-templates egress queue-group queue drop-tail high percent-reduction-from-mbs

configure qos queue-group-templates egress queue-group queue drop-tail highplus percent-reduction-from-mbs

configure qos queue-group-templates egress queue-group queue drop-tail low percent-reduction-from-mbs

Description

This command configures the egress queue group queue drop tails as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, the low drop tail will be at 420 kbytes. Out-of-profile packets will not be accepted into the queue and will be discarded if the queue depth is greater than this value.

The drop tails apply to packets with the following profile states:

  • exceed drop tail: exceed-profile

  • high drop tail: in-profile

  • highplus drop tail: inplus-profile

  • low drop tail: out-of-profile

Default

exceed drop tail: 20%

low drop tail: 10%

high drop tail: 0%

highplus drop tail: 0%

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

percent-reduction-from-mbs

Syntax

percent-reduction-from-mbs percent

no percent-reduction-from-mbs

Context

[Tree] (config>qos>shared-queue>queue>drop-tail>low percent-reduction-from-mbs)

Full Context

configure qos shared-queue queue drop-tail low percent-reduction-from-mbs

Description

This command configures the ingress shared queue low drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and percent-reduction-from-mbs is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value and will be discarded.

Default

percent-reduction-from-mbs 10

Parameters

percent

Specifies the percentage reduction from the MBS for a queue drop tail.

Values

0 to 100, default

Platforms

All

performance

performance

Syntax

performance

Context

[Tree] (config>isa>aa-grp>statistics performance)

Full Context

configure isa application-assurance-group statistics performance

Description

This command configures the ISA group to enable the aa-performance statistic record. This record contains information on the traffic load and resource consumption for each ISA in the group, to allow tracking of ISA load for long term capacity planning and short term anomalies. The user can configure the accounting policy to be used, and enables the record using the [no] collect-stats command.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

performance

Syntax

[no] performance

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types performance)

Full Context

configure test-oam service-activation-testhead service-test service-stream test-types performance

Description

This command configures the performance test of the service stream.

The no form of this command removes the configured performance test.

Default

no performance

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

performance

Syntax

performance

Context

[Tree] (config>test-oam>service-activation-testhead>service-test>test-duration performance)

Full Context

configure test-oam service-activation-testhead service-test test-duration performance

Description

Commands in this context configure the duration for the performance test type.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

period

period

Syntax

period milli-seconds

no period

Context

[Tree] (config>router>rsvp>msg-pacing period)

Full Context

configure router rsvp msg-pacing period

Description

This command specifies the time interval (in ms), when the router can send the specified number of RSVP messages which is specified in the max-burst command.

Default

period 100

Parameters

milli-seconds

Specifies the time interval in increments of 10 ms.

Values

100 to 1000

Platforms

All

periodic

periodic

Syntax

periodic

Context

[Tree] (config>subscr-mgmt>shcv-policy periodic)

Full Context

configure subscriber-mgmt shcv-policy periodic

Description

Commands in this context configure periodic SHCV properties for the subscriber management group-interface. This tool periodically scans all known DHCP hosts only and perform unicast ARP/NS requests. The subscriber host connectivity verification maintains state (connected versus not-connected) for all hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

periodic-sm

periodic-sm

Syntax

[no] periodic-sm

Context

[Tree] (debug>service>id>mrp periodic-sm)

Full Context

debug service id mrp periodic-sm

Description

This command enables debugging of the periodic state machine.

The no form of this command disables debugging of the periodic state machine.

Platforms

All

periodic-time

periodic-time

Syntax

periodic-time value

no periodic-time

Context

[Tree] (config>service>vpls>spoke-sdp>mrp periodic-time)

[Tree] (config>service>vpls>mesh-sdp>mrp periodic-time)

[Tree] (config>service>vpls>sap>mrp periodic-time)

Full Context

configure service vpls spoke-sdp mrp periodic-time

configure service vpls mesh-sdp mrp periodic-time

configure service vpls sap mrp periodic-time

Description

This command controls the frequency the Periodic Transmission state machine generates periodic events if the Periodic Transmission Timer is enabled. The timer is required on a per-Port basis. The Periodic Transmission Timer is set to one second when it is started.

Default

periodic-time 10

Parameters

value

The frequency with which the Periodic Transmission state machine generates periodic events, in tenths of a second.

Values

10 to 100

Platforms

All

periodic-timer

periodic-timer

Syntax

[no] periodic-timer

Context

[Tree] (config>service>vpls>mesh-sdp>mrp periodic-timer)

[Tree] (config>service>vpls>sap>mrp periodic-timer)

[Tree] (config>service>vpls>spoke-sdp>mrp periodic-timer)

Full Context

configure service vpls mesh-sdp mrp periodic-timer

configure service vpls sap mrp periodic-timer

configure service vpls spoke-sdp mrp periodic-timer

Description

This command enables or disables the Periodic Transmission Timer.

Default

no periodic-timer

Platforms

All

periodic-update

periodic-update

Syntax

periodic-update interval hours [rate-limit rate]

no periodic-update

Context

[Tree] (config>aaa>isa-radius-plcy periodic-update)

Full Context

configure aaa isa-radius-policy periodic-update

Description

This command enables periodic RADIUS logging of currently allocated port blocks for a NAT subscriber (NAT binding).

Default

no periodic-update (no Interim Update messages are sent)

Parameters

interval hours

Specifies the interval at which RADIUS logging is refreshed. The log generation might delayed past the configured interval value if the message pacing (rate-limit) is enabled or when the number of un-acknowledged (pending) messages in SR OS has reached its upper limit. An increased number of pending Interim Update messages in SR OS is due to lack of adequate responsiveness of the RADIUS server.

Values

1 to 72

rate-limit rate

Specifies the pacing of the Interim Update messages related to refreshment of the currently allocated port blocks. By default, when this command is disabled, the messages are sent at a high rate determined by the processing capability of the SR OS. Such a high message rate can exceed the processing power of the logging server which can result in the loss of logging information. To overcome this, the Interim Update messages can be generated in a staggered manner at a configured interval that is accommodating toward the processing capabilities of the logging server.

Default

1 to 100000 messages per second

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

periodic-update-interval

periodic-update-interval

Syntax

periodic-update-interval [days days] [ hrs hours] [min minutes] [sec seconds]

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update periodic-update-interval)

Full Context

configure system security pki ca-profile auto-crl-update periodic-update-interval

Description

This command specifies the interval for periodic updates. The minimal interval is 1 hour. The maximum interval is 366 days.

Default

periodic-update-interval days 1

Parameters

days days

Specifies the number of days for periodic updates.

Values

0 to 366

hours

Specifies the number of hours for periodic updates.

Values

0 to 23

minutes

Specifies the number of minutes for periodic updates.

Values

0 to 59

seconds

Specifies the number of seconds for periodic updates.

Values

0 to 59

Platforms

All

permit-empty-passwords

permit-empty-passwords

Syntax

[no] configure system security ssh permit-empty-passwords

Context

[Tree] (config>system>security>ssh permit-empty-passwords)

Full Context

configure system security ssh permit-empty-passwords

Description

This command configures the permission of users with empty password strings to log in.

The no form of this command prevents users with empty password strings from logging in.

Default

permit-empty-passwords

Platforms

All

persist

persist

Syntax

persist {on | off}

Context

[Tree] (bof persist)

Full Context

bof persist

Description

This command specifies whether the system will preserve system indexes when a save command is executed in classic or mixed configuration mode. During a subsequent boot, the index file is read along with the configuration file. As a result, a number of system indexes are preserved between reboots, including the interface index, LSP IDs, path IDs, and so on. This reduces resynchronizations of the Network Management System (NMS) with the affected network element.

This command is ignored in model-driven configuration mode. In model-driven mode, system indices are always saved and they are embedded in the configuration file.

In the event that persist is on and the reboot with the appropriate index file fails in classic or mixed configuration mode, SNMP is operationally shut down to prevent the management system from accessing and possibly synchronizing with a partially booted or incomplete network element. To enable SNMP access, enter the config>system>snmp>no shutdown command.

If persist is enabled and the admin save url command is executed with an FTP path used as the url parameter, two FTP sessions simultaneously open to the FTP server. The FTP server must be configured to allow multiple sessions from the same login, otherwise, the configuration and index files will not be saved correctly.

Note:

  • In classic or mixed configuration mode, persistency files (.ndx) are saved on the same disk as the configuration files and the image files.

  • When an operator sets the location for the persistency file in classic or mixed configuration mode, the system will check to ensure that the disk has enough free space. If there is not enough free space, the persistency will not become active and a trap will be generated. Then, it is up to the operator to free adequate disk space. In the meantime, the system will perform a space availability check every 30 seconds. As soon as the space is available the persistency will become active on the next (30 second) check.

Default

persist off

Parameters

on

Enables the system index saves between reboots.

off

Disables the system index saves between reboots.

Platforms

All

persistence

persistence

Syntax

persistence seconds

no persistence

Context

[Tree] (config>python>py-pol>cache>minimum-lifetimes persistence)

Full Context

configure python python-policy cache minimum-lifetimes persistence

Description

This command configures the minimum lifetime for a cache entry to be made persistent.

The no form of this command reverts to the default.

Parameters

persistence

The minimum lifetime, in seconds.

Values

1 to 600

Platforms

All

persistence

Syntax

[no] persistence

Context

[Tree] (config>python>py-pol>cache persistence)

Full Context

configure python python-policy cache persistence

Description

This command enables persistency support for the cached entries of the python-policy.

The no form of this command reverts to the default.

Platforms

All

persistence

Syntax

persistence

Context

[Tree] (config>system persistence)

Full Context

configure system persistence

Description

Commands in this context configure persistence parameters on the system.

The persistence feature enables state information learned through applications such as subscriber management, DHCP server, or application assurance to be retained across reboots.

Platforms

All

persistence

Syntax

persistence [persistence-client]

no persistence

Context

[Tree] (debug>system persistence)

Full Context

debug system persistence

Description

This command displays persistence debug information.

Parameters

persistence-client

Displays persistence debug information.

Values

ancp

ANCP

application-assurance

application-assurance

dhcp-server

local DHCP server

nat-fwds

NAT port forwarding

python-policy-cache

Python Cache

submgt

subscriber management

Platforms

All

persistency-database

persistency-database

Syntax

[no] persistency-database

Context

[Tree] (config>service>vpls>gsmp>group persistency-database)

[Tree] (config>service>vprn>gsmp>group persistency-database)

Full Context

configure service vpls gsmp group persistency-database

configure service vprn gsmp group persistency-database

Description

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for RADIUS authentication and accounting.

The no form of this command reverts to the default.

Platforms

All

persistency-database

Syntax

[no] persistency-database

Context

[Tree] (config>service>vpls>gsmp persistency-database)

Full Context

configure service vpls gsmp persistency-database

Description

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for Radius authentication and accounting.

Default

no persistency-database

Platforms

All

persistency-database

Syntax

[no] persistency-database

Context

[Tree] (config>service>vprn>gsmp persistency-database)

Full Context

configure service vprn gsmp persistency-database

Description

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information remains in memory and accessible for RADIUS authentication and accounting.

The no form of this command reverts to the default.

Default

no persistency-database

Platforms

All

persistent-subscriptions

persistent-subscriptions

Syntax

persistent-subscriptions

Context

[Tree] (config>system>telemetry persistent-subscriptions)

Full Context

configure system telemetry persistent-subscriptions

Description

Commands in this context configure persistent subscriptions.

Platforms

All

pfcp

pfcp

Syntax

pfcp

Context

[Tree] (config>service>vpls>sap pfcp)

Full Context

configure service vpls sap pfcp

Description

Commands in this context configure an active PFCP association for the VPLS capture SAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pfcp

Syntax

pfcp

Context

[Tree] (debug>subscr-mgmt pfcp)

Full Context

debug subscriber-mgmt pfcp

Description

Commands in this context use debug commands associated with the PFCP protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pfcp-association

pfcp-association

Syntax

pfcp-association name [create]

no pfcp-association name

Context

[Tree] (config>subscr-mgmt pfcp-association)

Full Context

configure subscriber-mgmt pfcp-association

Description

This command creates a PFCP association towards a BNG CUPS CPF.

The no form of this command removes the association.

Parameters

name

Specifies the name of the PFCP association, up to 32 characters.

create

Keyword used to create the PFCP association.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pfcp-li-shared-key

pfcp-li-shared-key

Syntax

pfcp-li-shared-key secret

pfcp-li-shared-key secret hash2

no pfcp-li-shared-key

Context

[Tree] (config>li>sci pfcp-li-shared-key)

Full Context

configure li sci pfcp-li-shared-key

Description

This command configures the shared secret key that SR OS uses in its role as a user plane (UP) to the MAG-c. The SR OS UP uses the shared secret key to encrypt and decrypt the LI PFCP IEs it exchanges with the MAG-c. The SR OS UP and the MAG-c must use matching secret keys. The system only accepts a secret key configured as a printable string.

The no form of this command removes the configuration.

Parameters

secret

Specifies the name of the shared secret key, up to 128 characters. The system only accepts a secret key configured as a printable string.

hash2

Keyword used to apply hash2 to the shared key.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pfcp-mappings

pfcp-mappings

Syntax

pfcp-mappings

Context

[Tree] (config>subscr-mgmt>sla-prof pfcp-mappings)

Full Context

configure subscriber-mgmt sla-profile pfcp-mappings

Description

Commands in this context configure the mapping of PFCP QoS IEs (such as QER GBR/MBR IEs), to local QoS overrides (such as queue and policer rates).

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

pfs

pfs

Syntax

pfs [dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}]

no pfs

Context

[Tree] (config>ipsec>ike-policy pfs)

Full Context

configure ipsec ike-policy pfs

Description

This command enables perfect forward secrecy on the IPsec tunnel using this policy. PFS provides for a new Diffie-Hellman key exchange each time the SA key is renegotiated. After that SA expires, the key is forgotten and another key is generated (if the SA remains up). This means that an attacker who cracks part of the exchange can only read the part that used the key before the key changed. There is no advantage in cracking the other parts if they attacker has already cracked one.

The no form of this command disables PFS. If this it turned off during an active SA, when the SA expires and it is time to re-key the session, the original Diffie-Hellman primes will be used to generate the new keys.

Default

no pfs

Parameters

dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}

Specifies which Diffie-Hellman group to use for calculating session keys. More bits provide a higher level of security, but require more processing. Three groups are supported with IKE-v1:

Group 1: 768 bits

Group 2: 1024 bits

Group 5: 1536 bits

Group 14: 2048 bits

Group 15: 3072 bits

Group 19: P-256 ECC Curve, 256 bits

Group 20: P-384 ECC Curve, 384 bits

Group 21: P-512 ECC Curve, 512 bits

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pfs-dh-group

pfs-dh-group

Syntax

pfs-dh-group {1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}

pfs-dh-group inherit

no pfs-dh-group

Context

[Tree] (config>ipsec>ipsec-transform pfs-dh-group)

Full Context

configure ipsec ipsec-transform pfs-dh-group

Description

This command specifies the Diffie-Hellman group to be used for Perfect Forward Secrecy (PFS) computation during CHILD_SA rekeying.

The no form of this command reverts to the default.

Default

pfs-dh-group inherit

Parameters

{1 | 2 | 5 | 14 | 15 | 19 | 20 | 21}

Specifies the Diffie-Hellman group to achieve PFS.

inherit

Specifies that the value of the DH group used by the system is inherited from the IPsec gateway or IPsec tunnel.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pgw

pgw

Syntax

pgw

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile pgw)

Full Context

configure subscriber-mgmt gtp peer-profile pgw

Description

Commands in this context configure communication with a Packet Data Network Gateway.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

phone

phone

Syntax

[no] phone phone-number

Context

[Tree] (config>service>cust phone)

Full Context

configure service customer phone

Description

This command adds telephone number information for a customer ID. The no form of this command removes the phone number value from the customer ID.

Parameters

string

Specifies the customer phone number entered as an ASCII string up to 80 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Any printable, seven bit ASCII characters may be used within the string.

Platforms

All

physical-access-id

physical-access-id

Syntax

[no] physical-access-id

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gx>include-avp physical-access-id)

Full Context

configure subscriber-mgmt diameter-application-policy gx include-avp physical-access-id

Description

This command includes the physical access ID.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pid-pmt-unref

pid-pmt-unref

Syntax

[no] pat-syntax

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pid-pmt-unref)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pid-pmt-unref)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pid-pmt-unref)

Full Context

configure mcast-management multicast-info-policy bundle video analyzer alarms pid-pmt-unref

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pid-pmt-unref

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pid-pmt-unref

Description

This command configures the analyzer to check for unreferenced PIDs that have not been referred in the PMT.

Default

no pid-pmt-unref

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pim

pim

Syntax

pim {asm | ssm} grp-ip-address

no pim

Context

[Tree] (config>service>vprn>mvpn>pt>inclusive pim)

Full Context

configure service vprn mvpn provider-tunnel inclusive pim

Description

This command specifies the PIM mode to use, ASM or SSM, for PIM-based inclusive provider tunnels and the multicast group address to use. Also enables the context for specifying parameters for PIM peering on the inclusive provider tunnel.

Auto-discovery must be enabled in order for SSM to operate.

The no form of this command removes the pim context including the statements under the context.

Default

no pim

Parameters

asm

Specifies to use PIM ASM for inclusive provider tunnels.

ssm

Specifies to u PIM SSM for inclusive provider tunnels.

group-address

Specifies the multicast group address to use.

Platforms

All

pim

Syntax

[no] pim

Context

[Tree] (config>service>vprn pim)

Full Context

configure service vprn pim

Description

This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When an PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).

The no form of this command deletes the PIM protocol instance removing all associated configuration parameters.

Platforms

All

pim

Syntax

[no] pim

Context

[Tree] (config>router pim)

Full Context

configure router pim

Description

This command enables a Protocol Independent Multicast (PIM) instance.

PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router OS supports PIM sparse mode (PIM-SM).

The no form of this command disables the PIM instance.

Default

no pim

Platforms

All

pim

Syntax

pim [grp-address]

no pim

Context

[Tree] (debug>router>msdp pim)

Full Context

debug router msdp pim

Description

This command enables debugging for Multicast Source Discovery Protocol (MSDP) PIM.

The no form of the command disables MSDP PIM debugging.

Parameters

grp-address

Debugs the IP multicast group address for which this entry contains information.

Platforms

All

pim-asm

pim-asm

Syntax

pim-asm {grp-ip-address/mask | grp-ip-address netmask}

no pim-asm

Context

[Tree] (config>service>vprn>mvpn>pt>selective pim-asm)

Full Context

configure service vprn mvpn provider-tunnel selective pim-asm

Description

This command specifies the range of PIM-ASM groups to use on the sender PE to setup ASM multicast tree for draft Rosen based Data MDT.

Parameters

grp-ip-address

Specifies the multicast group address.

mask

Specifies the mask of the multicast-ip-address.

Values

4 to 32

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

All

pim-policy

pim-policy

Syntax

pim-policy pim-policy-name [create]

no pim-policy pim-policy-name

Context

[Tree] (config>subscr-mgmt pim-policy)

Full Context

configure subscriber-mgmt pim-policy

Description

This command creates a PIM policy or enters the context to configure a PIM policy.

The no form of this command deletes the specified PIM policy.

Parameters

pim-policy-name

Specifies the PIM policy name, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

create

Specifies the keyword used to create the PIM policy. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pim-policy

Syntax

pim-policy policy-name

no pim-policy policy-name

Context

[Tree] (config>subscr-mgmt>sub-prof pim-policy)

Full Context

configure subscriber-mgmt sub-profile pim-policy

Description

This command adds an existing PIM policy to this subscriber profile.

The no form of this command removes the specified PIM policy from this subscriber profile.

Parameters

policy-name

Specifies the name of the PIM policy name, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pim-snooping

pim-snooping

Syntax

pim-snooping [saps] [spoke-sdps]

no pim-snooping

Context

[Tree] (config>redundancy>multi-chassis>peer>sync pim-snooping)

Full Context

configure redundancy multi-chassis peer sync pim-snooping

Description

This command specifies whether PIM snooping for IPv4 information should be synchronized with a multi-chassis peer. Entering pim-snooping without any parameters results in the synchronization being applied only to SAPs.

Specifying the spoke-sdps parameter results in the synchronization being applied to manually configured spoke SDPs. Specifying both the saps and spoke-sdps parameters results in the synchronization being applied to both SAPs and manually configured spoke SDPs.

The synchronization of PIM snooping is only supported for manually configured spoke SDPs but is not supported for spoke SDPs configured within an endpoint. See PIM Snooping for IPv4 Synchronization for service support.

Default

no pim-snooping

Parameters

saps

Specifies that SAPs are to be synchronized with the multi-chassis peer according to the synchronization tags configured on the port. This is the default when no parameters are specified.

spoke-sdps

Specifies that spoke SDPs are to be synchronized with the multi-chassis peer according to the synchronization tags configured on spoke SDPs.

Platforms

All

pim-snooping

Syntax

pim-snooping

Context

[Tree] (config>service>vpls>spoke-sdp pim-snooping)

[Tree] (config>service>vpls pim-snooping)

[Tree] (config>service>vpls>sap pim-snooping)

Full Context

configure service vpls spoke-sdp pim-snooping

configure service vpls pim-snooping

configure service vpls sap pim-snooping

Description

This command enables PIM snooping for the VPLS service. When enabled, it is enabled for all SAPs except default SAPs. A default SAP is a SAP that has a wild card VLAN ID, such as sap 1/1/1:*.

The no form of this command removes the PIM snooping configuration.

Platforms

All

pim-snooping

Syntax

[no] pim-snooping

Context

[Tree] (debug>service>id pim-snooping)

Full Context

debug service id pim-snooping

Description

This command enables PIM-snooping debugging.

Platforms

All

pim-ssm

pim-ssm

Syntax

pim-ssm {grp-ip-address/mask | grp-ip-address netmask}

no pim-ssm

Context

[Tree] (config>service>vprn>mvpn>pt>selective pim-ssm)

Full Context

configure service vprn mvpn provider-tunnel selective pim-ssm

Description

This command specifies the PIM SSM groups to use for the selective provider tunnel.

Parameters

group-address/mask

Specifies a multicast group address and netmask length.

Platforms

All

pim-ssm-scaling

pim-ssm-scaling

Syntax

[no] pim-ssm-scaling

Context

[Tree] (config>router>pim pim-ssm-scaling)

Full Context

configure router pim pim-ssm-scaling

Description

This command enables an increase of PIM SSM (S,G) scaling to a maximum of 256kper system. The per-complex (FP) multicast scaling limit is still in place, but multiple complexes can be used to achieve the 256k per-system (S,G) scaling.

The no form of this command disables the increase in PIM SSM scaling.

Default

no pim-ssm-scaling

Platforms

All

ping

ping

Syntax

ping ip-address | dns-name [bypass-routing | {interface interface-name} | {next-hop ip-address}] [{router router-or-service} | {router-instance router-instance} | {service-name service-name}] [source ip-address] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]

ping ipv4-address subscriber-id sub-ident-string [{router router-or-service} | {router-instance router-instance} | {service-name service-name}] [source ip-address] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]

ping srv6-policy color color endpoint ipv6-address [segment-list segment-list] [candidate-path protocol-owner static | bgp [preference preference] [distinguisher distinguisher]] [count requests] [detail | rapid] [do-not-fragment] [fc fc-name] [interval centisecs | secs] [pattern pattern] [size bytes] [timeout timeout] [tos type-of-service] [ttl time-to-live]

Context

[Tree] (ping)

Full Context

ping

Description

This command sends a ping to a destination to verify IP reachability.

Use the ping {ip-address | dns-name} [{bypass-routing | {interface interface-name} | {next-hop ip-address}}] command syntax to send a generic ping. This is the basic TCP/IP utility to verify IP reachability.

Use the ping ipv4-address subscriber-id sub-ident-string command syntax to send a ping to verify L2-Aware remote host reachability.

The L2-Aware form of this command can be initiated from the gateway IPv4 address in the inside routing context or from any IPv4 address in the outside routing context. If the gateway IPv4 address is used as the source address, it must be explicitly specified in conjunction with the L2-Aware syntax.

Any source address can be used for the ping to test the relevant NAT policy. If the source address refers to a policy that is not configured on the router, the message "MINOR: OAM #2160 router ID is not an outside router for this subscriber” is displayed. The source address does not need to belong to the system.

If the outside routing context is not specified, by default, the Base router is selected. If the specified or default Base router instance is not the outside routing context for the subscriber, the L2-Aware form of this command fails to execute, and the message "MINOR: OAM #2160 router ID is not an outside router for this subscriber” is displayed.

The NAT application shares query IDs between L2-Aware pings and ICMP or GRE traffic that has undergone NAT and is destined for a DMZ host. If there is query ID space exhaustion, ICMP or GRE flows destined for DMZ hosts are deleted, so their query IDs can be reused for the requested L2-Aware pings.

Use the ping srv6-policy color color endpoint ipv6-address command syntax to launch a ping for an SRv6 policy matching a specific color and endpoint. The ping probe may optionally be targeted at a specific segment list of the SRv6 policy. When the segment list is not specified, the ping probe is sent on the lowest available segment list.

Parameters

bypass-routing

Specifies whether to send the ping request to a host on a directly attached network, bypassing the routing table.

bytes

Specifies the request packet size in bytes, expressed as a decimal integer.

Values

0 to 16384

Default

56

candidate-path

Specifies a candidate path of the SRv6 policy to ping. The candidate path does not need to be the currently active candidate path.

centiseconds

Sets the interval in centiseconds.

Values

1 to 10000 centiseconds if rapid is selected.

Default

1 centisecond if rapid is selected.

detail

Displays detailed information.

distinguisher
Specifies the distinguisher of the SRv6 policy candidate path to send the ping probe on. This parameter must be configured if protocol-owner is configured to bgp.
Values

1 to 4294967295

do-not-fragment

Sets the DF (Do Not Fragment) bit in the ICMP ping packet (does not apply to ICMPv6).

dns-name

Specifies the DNS name of the far-end device on which to send the svc-ping request message, expressed as a character string.

fc-name

Specifies the forwarding class of the MPLS echo request packets.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

interface-name

Specifies the name of an IP interface. The name must already exist in the configure router interface context.

ip-address

Specifies the far-end IP address, in dotted decimal notation, on which to send the svc-ping request message.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x:

[0 to FFFF]H

d:

[0 to 255]D

interface:

up to 32 characters, mandatory for link local addresses

next-hop ip-address

Displays only static routes with the specified next hop IP address.

Values

ipv4-address:

a.b.c.d (host bits must be 0)

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]

pattern

Specifies that the date portion in a ping packet that is filled with the pattern value specified. If not specified, position information is filled instead.

Values

0 to 65535

Default

system-generated sequential pattern

preference
Specifies the preference of the SRv6 policy candidate path to send the ping probe on.
Values

0 to 4294967295

Default

100

protocol-owner
Specifies the protocol owner of the SRv6 policy candidate path to ping.
Values

bgp — Specifies a BGP SRv6 policy.

static — Specifies a locally configured static SRv6 policy.

rapid

Specifies that packets be generated as fast as possible instead of the default 1 per second. Changes the units for the interval command from seconds to centiseconds.

requests

Specifies the number of times to perform an OAM ping probe operation. Each OAM echo message request must either time out or receive a reply before the next message request is sent.

Values

1 to 100000

Default

5

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. This is the only service-linking function allowed for both mixed-mode and model-driven configuration modes.

Values

router-name: Base, management, cpm-vr-name, vpls-management

vprn-svc-name: The service name, up to 64 characters

cpm-vr-name: The CPM VR name, up to 32 characters

router-or-service

Specifies the routing instance or service, by number. The router-instance parameter is preferred for specifying the router or service.

Values

router-name: Base, management, vpls-management

vprn-svc-id: 1 to 2147483647

Default

Base

seconds

Overrides the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.

Default

5

Values

1 to 10

secs

Sets the interval in seconds.

Values

1 to 1000 seconds if secs is selected.

Default

1 second if secs is selected.

service-name

Specifies the alias function that allows the service-name to be used, converted, and stored as a service ID.

sub-ident-string

Specifies the L2-Aware NAT subscriber to which ICMP-ping is sent, up to 32 characters. The subscriber-id keyword serves as a differentiator between the subscribers with the same IP address in the same routing context (which is allowed in L2-Aware NAT). The subscriber-id keyword is mandatory for L2-Aware IPv4 ping, but optional in generic ping framework.

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

timeout

Specifies the time out, in seconds.

Values

1 to 10

Default

5

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

time-to-live

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 128

Default

64

srv6-policy
Keyword to specify that the ping probe is applied to an SRv6 policy.
color-id
Specifies the SRv6 policy color ID.
Values

0 to 4294967295

endpoint ipv6-address
Specifies an endpoint as the target of the ping.
Values

ipv6-address:

x:x:x:x:x:x:x:x

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

segment-list
Specifies the segment list to trace.
Values

1 to 32

Platforms

All

ping-reply

ping-reply

Syntax

[no] ping-reply

Context

[Tree] (config>service>ies>if>ipv6>vrrp ping-reply)

Full Context

configure service ies interface ipv6 vrrp ping-reply

Description

This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental Ip interface or based on the ping source host address). when ping-reply is not enabled, icmp Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.

Default

no ping-reply

Platforms

All

ping-reply

Syntax

[no] ping-reply

Context

[Tree] (config>service>ies>if>vrrp ping-reply)

Full Context

configure service ies interface vrrp ping-reply

Description

This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.

Default

no ping-reply

Platforms

All

ping-reply

Syntax

[no] ping-reply

Context

[Tree] (config>service>vprn>if>vrrp ping-reply)

[Tree] (config>service>vprn>if>ipv6>vrrp ping-reply)

Full Context

configure service vprn interface vrrp ping-reply

configure service vprn interface ipv6 vrrp ping-reply

Description

This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.

Default

no ping-reply

Platforms

All

ping-reply

Syntax

[no] ping-reply

Context

[Tree] (config>router>if>vrrp ping-reply)

[Tree] (config>router>if>ipv6>vrrp ping-reply)

Full Context

configure router interface vrrp ping-reply

configure router interface ipv6 vrrp ping-reply

Description

This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses.

Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues.

SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.

The ping-reply command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The Ping request can be received on any routed interface. Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address).

When ping-reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the ping-reply setting.

The ping-reply command is only available in non-owner vrrp nodal context.

By default, ICMP echo requests to the virtual router instance IP addresses are silently discarded.

The no form of the command configures discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.

Default

no ping-reply — ICMP echo requests to the virtual router instance IP addresses are discarded.

Platforms

All

ping-template

ping-template

Syntax

ping-template template-name [create]

no ping-template template-name

Context

[Tree] (config>test-oam>icmp ping-template)

Full Context

configure test-oam icmp ping-template

Description

This command creates a ping-template that can be assigned to a VPRN or IES service IP interface.

The no form of this command removes the template name from the configuration.

Parameters

template-name

Specifies the name of the ping template, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ping-template

Syntax

ping-template template-name

no ping-template

Context

[Tree] (config>service>ies>if ping-template)

[Tree] (config>service>vprn>if ping-template)

Full Context

configure service ies interface ping-template

configure service vprn interface ping-template

Description

This command maps a ping-template name to the service IP interface. The ping-template template-name is configured in the config>test-oam>icmp context and assigned to the service IP interface using this command.

The config>service>ies|vprn>if>ping-template must be shut down to remove or change the destination-address value.

The no form of this command removes the template name from the configuration.

Parameters

template-name

Specifies the name of the ping template to be assigned to the IP interface, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ping-test

ping-test

Syntax

[no] ping-test

Context

[Tree] (config>filter>redirect-policy>dest ping-test)

Full Context

configure filter redirect-policy destination ping-test

Description

This command configures parameters to perform connectivity ping tests to validate the ability for the destination to receive redirected traffic.

Default

no ping-test

Platforms

All

pip

pip

Syntax

pip

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>video-policy>video-if pip)

Full Context

configure mcast-management multicast-info-policy video-policy video-interface pip

Description

Commands in this context configure within a video interface policy the properties relating to requests received by the video interface for Picture-in-Picture (PIP) channel requests.

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pir

pir

Syntax

pir pir-rate

pir max

no pir

Context

[Tree] (config>subscr-mgmt>cat-map>category>exh-lvl pir)

Full Context

configure subscriber-mgmt category-map category exhausted-credit-service-level pir

Description

This command configures the PIR which is enforced for all queues pertaining to this category.

The no form of this command reverts to the default.

Parameters

pir-rate

Specifies the amount of bandwidth in kilobits per second.

Values

1 to 100000000

max

Specifies to use the maximum amount of bandwidth.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pir

Syntax

pir congested-pir

no pir

Context

[Tree] (config>app-assure>group>policer>congestion-override pir)

Full Context

configure application-assurance group policer congestion-override pir

Description

This command provides a mechanism to configure the PIR for the congestion override policer. It is recommended that the PIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic.

The no form of this command resets the PIR value to its default.

Default

pir max

Parameters

congested-pir

Specifies an integer value defining size, in kbytes, for the PIR of the policer.

Values

0 to 100000000, max

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pir

Syntax

pir pir-rate

no pir

Context

[Tree] (config>app-assure>group>pol>cng-ovrd-stg2 pir)

Full Context

configure application-assurance group policer congestion-override-stage2 pir

Description

This command provides a mechanism to configure the PIR for the congestion override policer. It is recommended that the PIR is configured larger than twice the maximum MTU for the traffic handled by the policer to allow for some burstiness of the traffic.

The no form of this command resets the PIR value to its default.

Default

pir max

Parameters

congested-pir

Specifies an integer value defining size, in kbytes, for the PIR of the policer.

Values

0 to 100000000, max

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pir-threshold

pir-threshold

Syntax

pir-threshold kbps

no pir-threshold

Context

[Tree] (config>test-oam>sath>accept-crit-tmpl pir-threshold)

Full Context

configure test-oam service-activation-testhead acceptance-criteria-template pir-threshold

Description

This command configures a PIR value that is compared to the measured results for the cir- pir, policing, and performance test types. If the measured value is greater than or equal to the configured value, the test passes; otherwise, it fails. For more information, see the m-factor command.

The no form of this command disables the comparison of the parameter with the measured value; the threshold value is ignored while declaring the test result.

Default

no pir-threshold

Parameters

kbps

Specifies the value, in kb/s, for comparison with the measured value.

Values

1 to 400,000,000

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

pki

pki

Syntax

pki

Context

[Tree] (config>system>security pki)

Full Context

configure system security pki

Description

Commands in this context configure PKI related parameters.

Platforms

All

pkt-too-big

pkt-too-big

Syntax

[no] pkt-too-big

Context

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>icmp6-gen pkt-too-big)

[Tree] (config>ipsec>tnl-temp>icmp6-gen pkt-too-big)

[Tree] (config>service>vprn>if>sap>ipsec-tun>icmp6-gen pkt-too-big)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>icmp6-gen pkt-too-big)

[Tree] (config>router>if>ipsec-tunnel>icmp-gen pkt-too-big)

Full Context

configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big

configure ipsec tunnel-template icmp6-generation pkt-too-big

configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big

configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big

configure router interface ipsec-tunnel icmp-gen pkt-too-big

Description

This command enables the system to send ICMPv6 PTB (Packet Too Big) messages on the private side and optionally specifies the rate.

With this command configured, the system sends PTB back if it received an IPv6 packet on the private side that is bigger than 1280 bytes and also exceeds the private MTU of the tunnel.

The ip-mtu command (under ipsec-tunnel or tunnel-template) specifies the private MTU for the ipsec-tunnel or dynamic tunnel.

The no form of this command reverts interval and message-count values to their default values.

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel icmp6-generation pkt-too-big
  • configure service vprn interface ipsec ipsec-tunnel icmp6-generation pkt-too-big

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template icmp6-generation pkt-too-big
  • configure service vprn interface sap ipsec-tunnel icmp6-generation pkt-too-big

platform-type

platform-type

Syntax

platform-type type

no platform type

Context

[Tree] (config>system>ned>profile platform-type)

Full Context

configure system network-element-discovery profile platform-type

Description

This command configures the platform name and chassis type to be advertised.

The no form of this command removes any explicitly defined type and the default type of "chassis-name, chassis-type" is used.

Default

no platform-type

Parameters

type

Specifies the platform type to be associates with the profile, up to 255 characters.

Platforms

All

pm-tti

pm-tti

Syntax

pm-tti

Context

[Tree] (config>port>otu pm-tti)

Full Context

configure port otu pm-tti

Description

Commands in this context configure path monitoring trail trace identifier parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pmt-repetition

pmt-repetition

Syntax

pcr-repetition [tnc tnc-milli-seconds qos qos-milli-seconds poa poa-milli-seconds]

no pcr-repetition

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pmt-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pmt-repetition)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pmt-repetition)

Full Context

configure mcast-management multicast-info-policy bundle video analyzer alarms pmt-repetition

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pmt-repetition

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pmt-repetition

Description

This command configures the analyzer to check for the program map table (PMT). It is expected that the PMT arrives periodically within a certain interval range. It is possible to configure the type of alarm that is raised when the PMT fails to arrive within the specified interval. As the delay increases between two consecutive PMTs, the type of alarm raised becomes more critical, from TNC to POA.

Default

no pmt-repetition

Parameters

tnc-milli-seconds

Specifies the time, in milliseconds, for which a TNC alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.

Values

100 to 4800 in multiples of 100 only

Default

400

qos-milli-seconds

Specifies the time, in milliseconds, for which a QoS alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.

Values

200 to 4900 in multiples of 100 only and higher than the tnc-milli-seconds value

Default

800

poa-milli-seconds

Specifies the time, in milliseconds, for which a POA alarm is raised if the interval between two consecutive PMTs is greater than or equal to this configured value.

Values

300 to 5000 in multiples of 100 only and higher than the qos-milli-seconds value

Default

2000

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pmt-syntax

pmt-syntax

Syntax

[no] pat-syntax

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override>video>analyzer>alarms pmt-syntax)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>video>analyzer>alarms pmt-syntax)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>video>analyzer>alarms pmt-syntax)

Full Context

configure mcast-management multicast-info-policy bundle channel source-override video analyzer alarms pmt-syntax

configure mcast-management multicast-info-policy bundle video analyzer alarms pmt-syntax

configure mcast-management multicast-info-policy bundle channel video analyzer alarms pmt-syntax

Description

This command configures the analyzer to check for PMT syntax errors.

Default

no pmt-syntax

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

pmtu-discovery-aging

pmtu-discovery-aging

Syntax

pmtu-discovery-aging seconds

no pmtu-discovery-aging

Context

[Tree] (config>service>ies>if>sap>ip-tunnel pmtu-discovery-aging)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel pmtu-discovery-aging)

[Tree] (config>service>vprn>if>sap>ip-tunnel pmtu-discovery-aging)

[Tree] (config>ipsec>tnl-temp pmtu-discovery-aging)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel pmtu-discovery-aging)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel pmtu-discovery-aging)

[Tree] (config>router>if>ipsec>ipsec-tunnel pmtu-discovery-aging)

Full Context

configure service ies interface sap ip-tunnel pmtu-discovery-aging

configure service vprn interface sap ipsec-tunnel pmtu-discovery-aging

configure service vprn interface sap ip-tunnel pmtu-discovery-aging

configure ipsec tunnel-template pmtu-discovery-aging

configure service vprn interface ipsec ipsec-tunnel pmtu-discovery-aging

configure service ies interface ipsec ipsec-tunnel pmtu-discovery-aging

configure router interface ipsec ipsec-tunnel pmtu-discovery-aging

Description

This command configures the time used to age out the learned temporary MTU which is from the public network. The temporary MTU is used for MTU propagation.

The no form of of this command reverts to the default value.

Default

pmtu-discovery-aging 900

Parameters

seconds

specifies the time, in seconds, used to age out the learned MTU

Values

900 to 3600

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template pmtu-discovery-aging
  • configure service vprn interface sap ip-tunnel pmtu-discovery-aging
  • configure service ies interface sap ip-tunnel pmtu-discovery-aging
  • configure service vprn interface sap ipsec-tunnel pmtu-discovery-aging

VSR

  • configure router interface ipsec ipsec-tunnel pmtu-discovery-aging
  • configure service vprn interface ipsec ipsec-tunnel pmtu-discovery-aging
  • configure service ies interface ipsec ipsec-tunnel pmtu-discovery-aging

poi-tlv-enable

poi-tlv-enable

Syntax

[no] poi-tlv-enable

Context

[Tree] (config>service>vprn>isis poi-tlv-enable)

Full Context

configure service vprn isis poi-tlv-enable

Description

Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.

The no form of this command removes the POI functionality from the configuration.

Default

no poi-tlv-enable

Platforms

All

poi-tlv-enable

Syntax

[no] poi-tlv-enable

Context

[Tree] (config>router>isis poi-tlv-enable)

Full Context

configure router isis poi-tlv-enable

Description

Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.

The no form of this command removes the POI functionality from the configuration.

Default

no poi-tlv-enable

Platforms

All

policer

policer

Syntax

policer policer-id {ingress-only | egress-only | ingress-egress}

no policer policer-id

Context

[Tree] (config>subscr-mgmt>cat-map>category policer)

Full Context

configure subscriber-mgmt category-map category policer

Description

This command configures a policer in this category.

The no form of this command reverts to the default.

Parameters

policer-id

Specifies an existing policer identifier.

Values

1 to 63

ingress-only

Specifies that ingress policers are defined in this category.

egress-only

Specifies that egress policers are defined in this category.

ingress-egress

Specifies that ingress and egress policers are defined in this category.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

[no] policer policer-id

Context

[Tree] (config>subscr-mgmt>sla-prof>egress>qos policer)

[Tree] (config>subscr-mgmt>sla-prof>ingress>qos policer)

Full Context

configure subscriber-mgmt sla-profile egress qos policer

configure subscriber-mgmt sla-profile ingress qos policer

Description

This command is used in the sap-ingress and sap-egress QoS policies to create, modify or delete a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may have up to 32 policers (numbered 1 through 32) may be defined while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers associated with the policy until a forwarding class is mapped to the policer’s ID.

All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.

Once a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS respectively). Unlike queues which have dedicated counters, policers allow various stat-mode settings that define the counters that is associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.

Once a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.

The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping will fail.

The no form of this command is used to delete a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscribers associated with the QoS policy once all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.

Parameters

policer-id

Specifies the policer ID. The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID is created (depending on the system's current create keyword requirements which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

policer policer-name

no policer

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>xconnect policer)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>xconnect policer)

Full Context

configure service ies subscriber-interface group-interface wlan-gw ranges range vrgw lanext xconnect policer

configure service vprn subscriber-interface group-interface wlan-gw ranges range vrgw lanext xconnect policer

Description

This command configures an ISA policer for cross-connect traffic.

The no form of this command removes the policer name from the configuration.

Default

no policer

Parameters

policer-name

Specifies the name of the policer, up to 32 characters.

policer

Syntax

policer policer-name

no policer

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>network policer)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>network policer)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network policer

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext network policer

Description

This command configures an ISA policer for HLE network (such as DC) access facing connection traffic, per tunnel.

The no form of this command removes the policer name from the configuration.

Default

no policer

Parameters

policer-name

Specifies the name of the policer, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

policer policer-name

no policer

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>access policer)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>vrgw>lanext>access policer)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access policer

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range vrgw lanext access policer

Description

This command configures an ISA policer for HLE ingress (such as home) access facing connection traffic, per tunnel

The no form of this command removes the policer name from the configuration.

Default

no policer

Parameters

policer-name

Specifies the name of the policer, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>card>fp>ingress>access>qgrp>policer-over policer)

[Tree] (config>card>fp>ingress>network>qgrp>policer-over policer)

Full Context

configure card fp ingress access queue-group policer-override policer

configure card fp ingress network queue-group policer-override policer

Description

This command creates, modifies or deletes a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may have up to 32 policers (numbered 1 through 32) may be defined while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers associated with the policy until a forwarding class is mapped to the policer’s ID.

All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.

Once a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS respectively). Unlike queues which have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.

Once a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.

The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping fails.

The no form of this command deletes a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscribers associated with the QoS policy once all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.

Parameters

policer-id

Specifies that the policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.

Values

1 to 32

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>service>ipipe>sap>ingress>policer-over policer)

[Tree] (config>service>cpipe>sap>ingress>policer-over policer)

[Tree] (config>service>epipe>sap>egress>policer-over policer)

[Tree] (config>service>cpipe>sap>egress>policer-over policer)

[Tree] (config>service>ipipe>sap>egress>policer-over policer)

Full Context

configure service ipipe sap ingress policer-override policer

configure service cpipe sap ingress policer-override policer

configure service epipe sap egress policer-override policer

configure service cpipe sap egress policer-override policer

configure service ipipe sap egress policer-override policer

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of this command is used to remove any existing overrides for the specified policer-id.

Parameters

policer-id

The policer-id parameter is required when executing the policer command within the policer-overrides context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.

create

The create keyword is required when a policer policer-id override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap ingress policer-override policer
  • configure service epipe sap egress policer-override policer
  • configure service ipipe sap egress policer-override policer

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress policer-override policer
  • configure service cpipe sap ingress policer-override policer

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>service>vpls>sap>ingress>policer-override policer)

[Tree] (config>service>vpls>sap>egress>policer-override policer)

Full Context

configure service vpls sap ingress policer-override policer

configure service vpls sap egress policer-override policer

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of this command is used to remove any existing overrides for the specified policer-id.

Parameters

policer-id

The policer-id parameter is required when executing the policer command within the policer-overrides context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.

create

The create keyword is required when a policer policer-id override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>service>ies>if>sap>ingress>policer-override policer)

[Tree] (config>service>ies>if>sap>egress>policer-override policer)

Full Context

configure service ies interface sap ingress policer-override policer

configure service ies interface sap egress policer-override policer

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of this command is used to remove any existing overrides for the specified policer-id.

Parameters

policer-id

This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.

create

The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>service>vprn>if>sap>ingress>policer-override policer)

[Tree] (config>service>vprn>if>sap>egress>policer-override policer)

Full Context

configure service vprn interface sap ingress policer-override policer

configure service vprn interface sap egress policer-override policer

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of this command is used to remove any existing overrides for the specified policer-id.

Parameters

policer-id

This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.

create

The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-name type type granularity granularity [create]

policer policer-name

no policer policer-name

Context

[Tree] (config>app-assure>group policer)

Full Context

configure application-assurance group policer

Description

This command creates application assurance policer profile of a specified type. Policers can be bandwidth or flow limiting and can have a system scope (limits traffic entering AA ISA for all or a subset of AA subscribers), subscriber scope or granularity (limits apply to each AA subscriber traffic).

The policer type and granularity can only be configured during creation. They cannot be modified. The policer profile must be removed from all AQPs in order to be removed. Changes to policer profile parameters take effect immediately for policers instantiated as result of AQP actions using this profile.

The no form of this command deletes the specified policer from the configuration.

Parameters

policer-name

Specifies a string of up to 32 characters that identifies the policer.

type

Specifies the policer type.

Values

single-bucket-bandwidth — Creates a profile for a single bucket (PIR) bandwidth limiting policer.

dual-bucket-bandwidth — Creates profile for a dual bucket (PIR, CIR) bandwidth limiting policer.

flow-rate-limit — Creates profile for a policer limiting rate of flow set-ups.

flow-count-limit — Creates profile for a policer limiting total flow count.

granularity

Specifies the granularity type.

Values

system — Creates a system policer profile for a policer that limits the traffic in the scope of all or a subset of AA subscribers on a given AA ISA.

subscriber — Creates a policer profile for a policer for each AA subscriber that limits the traffic in the scope of that subscriber.

access-network-location — Creates a policer profile for a policer instance for each ANL that limits traffic bandwidth in the scope of that ANL. For ANL, only single-bucket bandwidth policers can be configured.

create

Keyword used to create the policer name and parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

policer policer-name direction direction [create]

no policer policer-name direction direction

Context

[Tree] (config>app-assure>group>statistics>tca policer)

Full Context

configure application-assurance group statistics threshold-crossing-alert policer

Description

This command configures a TCA for the counter capturing drops or admit events due to the specified flow policer. A policer TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a policer TCA.

Parameters

policer-name

Specifies the name of the flow policer, up to 32 characters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer

Syntax

policer policer-id [fp-redirect-group]

no policer

Context

[Tree] (config>qos>sap-ingress>fc policer)

Full Context

configure qos sap-ingress fc policer

Description

Within a sap-ingress QoS policy forwarding class context, the policer command is used to map packets that match the forwarding class and are considered unicast in nature to the specified policer-id. The specified policer-id must already exist within the sap-ingress QoS policy. While the system is determining the forwarding class of a packet, it is also looking up its forwarding destination. If ingress forwarding logic has resolved a unicast destination (the packet does not need to be sent to multiple destinations), it is considered to be a unicast packet and will be mapped to either an ingress queue (using the queue queue-id or queue queue-id group ingress-queue-group commands) or an ingress policer ( policer policer-id). The queue and policer commands within the forwarding class context are mutually exclusive. By default, the unicast forwarding type is mapped to the SAP ingress default queue (queue 1). If the policer policer-id command is executed, any previous policer mapping or queue mapping for the unicast forwarding type within the forwarding class is overridden if the policer mapping is successful.

A policer defined within the sap-ingress policy is not actually created on an ingress SAP or a subscriber using an sla-profile where the policy is applied until at least one forwarding type (unicast, broadcast, unknown, or multicast) from one of the forwarding classes is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber or multiservice site or ingress policing is not supported on the port associated with the SAP or subscriber or multiservice site, the initial forwarding class forwarding type mapping will fail.

When the unicast forwarding type within a forwarding class is mapped to a policer, the unicast packets classified to the subclasses within the forwarding class are also mapped to the policer.

The no form of this command is used to restore the mapping of the unicast forwarding type within the forwarding class to the default queue. If all forwarding class forwarding types had been removed from the default queue, the queue will not exist on the SAPs or subscriber or multiservice sites associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the unicast forwarding type within the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscriber will be lost.

Parameters

policer-id

When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.

Values

1 to 63

fp-redirect-group

Redirects a forwarding class to a forwarding plane queue-group as specified in a SAP QoS policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (config>qos>sap-ingress policer)

Full Context

configure qos sap-ingress policer

Description

This command is used in the sap-ingress and sap-egress QoS policies to create, modify, or delete a policer. Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. The sap-ingress policy may be defined to have up to 63 policers (numbered 1 through 63) while the sap-egress QoS policy supports a maximum of 8 (numbered 1 through 8). While a policer may be defined within a QoS policy, it is not actually created on SAPs or subscribers or multiservice sites associated with the policy until a forwarding class is mapped to the policer’s ID.

All policers must be created within the QoS policies. A default policer is not created when a sap-ingress or sap-egress QoS policy is created.

When a policer is created, the policer's metering rate and profiling rates may be defined as well as the policer's maximum and committed burst sizes (MBS and CBS, respectively). Unlike queues that have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet, based on a defined number of bytes.

When a policer is created, it cannot be deleted from the QoS policy unless any forwarding classes that are mapped to the policer are first moved to other policers or queues.

The system will allow a policer to be created on a SAP QoS policy regardless of the ability to support policers on objects where the policy is currently applied. The system only scans the current objects for policer support and sufficient resources to create the policer when a forwarding class is first mapped to the policer ID. If the policer cannot be created due to one or more instances of the policy not supporting policing or having insufficient resources to create the policer, the forwarding class mapping will fail.

The no form of this command is used to delete a policer from a sap-ingress or sap-egress QoS policy. The specified policer cannot currently have any forwarding class mappings for the removal of the policer to succeed. It is not necessary to actually delete the policer ID for the policer instances to be removed from SAPs or subscriber or multiservice sites associated with the QoS policy when all forwarding classes have been moved away from the policer. It is automatically deleted from each policing instance although it still appears in the QoS policy.

Parameters

policer-id

The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements, which may require the create keyword to actually add the new policer ID to the QoS policy) and the system will enter that new policer’s context for possible parameter modification.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [{[port-redirect-group-queue] [queue queue-id] | group group-name [instance instance-id] [queue queue-id]}]

no policer

Context

[Tree] (config>qos>sap-egress>fc policer)

Full Context

configure qos sap-egress fc policer

Description

Within a sap-egress QoS policy forwarding class context, the policer command is used to map packets that match the forwarding class to the specified policer-id. The specified policer-id must already exist within the sap-egress QoS policy. The forwarding class of the packet is first discovered at ingress, based on the ingress classification rules. When the packet arrives at egress, the sap-egress QoS policy may match a forwarding class reclassification rule that overrides the ingress derived forwarding class. The forwarding class context within the sap-egress QoS policy is then used to map the packet to an egress queue (using the queue queue-id, or port-redirect-group queue queue-id, or group queue-group-name instance instance-id queue queue-id commands) or an egress policer (policer policer-id). The queue and policer commands within the forwarding class context are mutually exclusive. By default, the forwarding class is mapped to the SAP egress default queue (queue 1). If the policer policer- id command is executed, any previous policer mapping or queue mapping for the forwarding class is overridden if the policer mapping is successful.

A policer defined within the sap-egress policy is not actually created on an egress SAP, or a subscriber using an SLA profile where the policy is applied, until at least one forwarding class is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber, or egress policing is not supported on the port associated with the SAP or subscriber, the initial forwarding class mapping will fail.

Packets that are mapped to an egress policer that are not discarded by the policer must be placed into a default queue on the packet’s destination port. The system uses egress port queue groups for this purpose. An egress queue group named policer-output-queues is automatically created on each port that supports egress policers. By default, the system uses the forwarding class mappings within this queue group to decide which queue within the group will receive each packet output from the policer. This default policer output queuing behavior may be overridden for non-subscriber packets by redirection to a queue group. The name and instance of the queue group to redirect to is either specified in the QoS policy, or the fact that a forwarding class must be redirected is identified in the QoS policy and the specific queue group instance is only identified at the time the QoS policy is applied:

  • If the policer policer-id command is successfully executed, the default egress queuing is performed for the forwarding class using the policer-output-queues queue group and the queue-id within the group based on the forwarding class map from the group template.

  • If the policer policer-id queue queue-id command is successfully executed, the specified SAP queue-id within the egress QoS policy is used instead of the default policer output queues.

  • If the policer policer-id port-redirect-group-queue keyword is successfully executed, the system will map the forwarding class to the queue within the egress queue group instance specified at the time the QoS policy is applied to the SAP, using the forwarding class map from the queue group template.

  • If the policer policer-id port-redirect-group queue queue-id command is successfully executed, the system will map the forwarding class to the configured queue-id within the egress queue group instance that is specified at the time the QoS policy is applied to the SAP (ignoring using the forwarding class map from the queue group template).

  • If the policer policer-id group queue-group-name instance instance-id command is successfully executed, the system will map the forwarding class to the queue within the specified egress queue group instance using the forwarding class map from the group template.

  • If the policer policer-id group queue-group-name instance instance-id queue queue-id command is successfully executed, the system will map the forwarding class to the specified queue-id within the specified egress queue group instance (ignoring the forwarding class map in the group template).

If the specified group group-name is not defined as an egress queue-group-template, the policer command will fail. Also, if the specified group does not exist on the port for the SAPs or subscribers associated with the sap-egress QoS policy, the policer command will fail. While a group queue-group-name is specified in a sap-egress QoS policy, the groups corresponding egress template cannot be deleted. While a port egress queue group is associated with a policer instance, the port queue group cannot be deleted.

If the specified queue queue-id is not defined in the egress queue-group-template queue-group- name, the policer command will fail. While a queue-id within an egress queue group template is referenced by a sap-egress QoS policy forwarding class policer command, the queue cannot be deleted from the queue group template.

If an egress policed packet is discarded by the egress port queue group queue, the source policer discard stats are incremented. This means that the discard counters for the policer represent both the policer discard events and the destination queue drop tail events associated with the policer.

The no form of this command is used to restore the mapping of the forwarding class to the default queue. If all forwarding classes have been removed from the default queue, the queue will not exist on the SAPs or subscribers associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscribers will be lost.

Default

no policer

Parameters

policer-id

When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-egress QoS policy.

Values

1 to 63

port-redirect-group-queue

Used to override the forwarding class default egress queue destination to an egress port queue group. The specific egress queue group instance to use is specified at the time the QoS policy is applied to the SAP. Therefore, this parameter is only valid if SAP-based redirection is required.

queue queue-id

This parameter overrides the forwarding class default egress queue destination to a specified queue-id. If port-redirect-group is not configured, this will be a local SAP queue of that queue-id. A queue of ID queue-id must exist within the egress QoS policy. If port-redirect-group-queue is configured, the queue queue-id in the egress port queue group instance is used.

Values

1 to 8

Default

Derived from forwarding class assignment in queue-group definition.

group group-name

The group queue-group-name is optional and is used to override the forwarding class's default egress queue destination. If the queue group-queue-id parameter is not specified, the forwarding class map within the specified group's template is used to derive which queue within the group will receive the forwarding class's packets. An egress queue group template must exist for the specified queue-group-name or the policer command will fail. The specified queue-group-name must also exist as an egress queue group on the ports where SAPs and subscribers associated with the sap-egress policy are applied or the policer command will fail.

Values

Any qualifying egress queue group name

Default

policer-output-queues

queue queue-id

The queue group-queue-id is optional when the group queue-group-name parameter is specified and is used to override the forwarding class mapping within the group's egress queue group template. The specified group-queue-id must exist within the group's egress queue group template or the policer command will fail.

Values

1 to 8

Default

Derived from forwarding class assignment in queue-group definition

instance instance-id

This parameter is used to specify the specific instance of a queue group with template queue-group-name to which this queue should be redirected. This parameter is only valid for queue groups on egress ports where policy-based redirection is required.

Values

1 to 40960

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer

Context

[Tree] (config>qos>sap-egress policer)

Full Context

configure qos sap-egress policer

Description

A policer defined within the sap-egress policy is not actually created on an egress SAP, or a subscriber using an SLA profile where the policy is applied, until at least one forwarding class is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber, or egress policing is not supported on the port associated with the SAP or subscriber, the initial forwarding class mapping will fail.

Packets that are mapped to an egress policer that are not discarded by the policer must be placed into a default queue on the packet’s destination port. The system uses egress port queue groups for this purpose. An egress queue group named policer-output-queues is automatically created on each port that supports egress policers. By default, the system uses the forwarding class mappings within this queue group to decide which queue within the group will receive each packet output from the policer. This default policer output queuing behavior may be overridden for non-subscriber packets by redirection to a queue group. The name and instance of the queue group to redirect to is either specified in the QoS policy, or the fact that a forwarding class must be redirected is identified in the QoS policy and the specific queue group instance is only identified at the time the QoS policy is applied:

  • If the policer policer-id command is successfully executed, the default egress queuing is performed for the forwarding class using the policer-output-queues queue group and the queue-id within the group based on the forwarding class map from the group template.

  • If the policer policer-id queue queue-id command is successfully executed, the specified SAP queue-id within the egress QoS policy is used instead of the default policer output queues.

  • If the policer policer-id port-redirect-group-queue keyword is successfully executed, the system will map the forwarding class to the queue within the egress queue group instance specified at the time the QoS policy is applied to the SAP, using the forwarding class map from the queue group template.

  • If the policer policer-id port-redirect-group queue queue-id command is successfully executed, the system will map the forwarding class to the configured queue-id within the egress queue group instance that is specified at the time the QoS policy is applied to the SAP (ignoring using the forwarding class map from the queue group template).

  • If the policer policer-id group queue-group-name instance instance-id command is successfully executed, the system will map the forwarding class to the queue within the specified egress queue group instance using the forwarding class map from the group template.

  • If the policer policer-id group queue-group-name instance instance-id queue queue-id command is successfully executed, the system will map the forwarding class to the specified queue-id within the specified egress queue group instance (ignoring the forwarding class map in the group template).

If the specified group group-name is not defined as an egress queue-group-template, the policer command will fail. Also, if the specified group does not exist on the port for the SAPs or subscribers associated with the sap-egress QoS policy, the policer command will fail. While a group queue-group-name is specified in a sap-egress QoS policy, the groups corresponding egress template cannot be deleted. While a port egress queue group is associated with a policer instance, the port queue group cannot be deleted.

If the specified queue queue-id is not defined in the egress queue-group-template queue-group- name, the policer command will fail. While a queue-id within an egress queue group template is referenced by a sap-egress QoS policy forwarding class policer command, the queue cannot be deleted from the queue group template.

If an egress policed packet is discarded by the egress port queue group queue, the source policer discard stats are incremented. This means that the discard counters for the policer represent both the policer discard events and the destination queue drop tail events associated with the policer.

The no form of this command is used to restore the mapping of the forwarding class to the default queue. If all forwarding classes have been removed from the default queue, the queue will not exist on the SAPs or subscribers associated with the QoS policy and the no policer command will cause the system to attempt to create the default queue on each object. If the system cannot create the default queue in each instance, the no policer command will fail and the forwarding class will continue its mapping to the existing policer-id. If the no policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscribers will be lost.

Default

no policer

Parameters

policer-id

When the forwarding class policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-egress QoS policy.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

policer policer-id [create]

no policer policer-id

Context

[Tree] (cfg>qos>qgrps>egr>queue-group policer)

[Tree] (config>qos>qgrps>ing>queue-group policer)

Full Context

configure qos queue-group-templates egress queue-group policer

configure qos queue-group-templates ingress queue-group policer

Description

This command is used in ingress and egress queue-group templates to create, modify, or delete a policer.

Policers are created and used in a similar manner to queues. The policer ID space is separate from the queue ID space, allowing both a queue and a policer to share the same ID. While a policer may be defined in a queue-group template, it is not actually created until the queue-group template is instantiated on the ingress context of a forwarding plane or on the egress context of a port.

When a policer is created, the policer's metering rate and profiling rates may be defined, as well as the policer's maximum and committed burst sizes (MBS and CBS, respectively). Unlike queues that have dedicated counters, policers allow various stat-mode settings that define the counters that will be associated with the policer. Another supported feature—packet-byte-offset—provides a policer with the ability to modify the size of each packet based on a defined number of bytes.

When a policer is created, it cannot be deleted from the queue-group template unless any forwarding classes that are redirected to the policer are first removed.

The no version of this command deletes the policer.

Parameters

policer-id

The policer-id must be specified when executing the policer command. If the specified ID already exists, the system enters that policer's context to allow the policer’s parameters to be modified. If the ID does not exist and is within the allowed range for the QoS policy type, a context for the policer ID will be created (depending on the system's current create keyword requirements, which may require the create keyword to actually add the new policer ID to the QoS policy) and the system enters that new policer’s context for possible parameter modification.

Values

ingress

all platforms

1 to 32

egress VSR 1 to 8

egress

all other platforms

1 to 16

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer

Syntax

[no] policer policer-id

Context

[Tree] (config>log>acct-policy>cr policer)

Full Context

configure log accounting-policy custom-record policer

Description

This command creates a policer context for which counters should be included in the custom-record.

The no form of this command deletes the policer and its counters from the custom-record.

Parameters

policer-id

Specifies the policer for which counters should be included in or deleted from the custom-record.

Values

1 to 63

Platforms

All

policer

Syntax

[no] policer policer-id

Context

[Tree] (config>router>policy-acct-template policer)

Full Context

configure router policy-acct-template policer

Description

Commands in this context configure policer index information. Each policy accounting template supports up to 63 policers.

Policing by action of a policy accounting template is only supported by FP4 cards and systems.

The no form of this command deletes the policer ID from the configuration.

Parameters

policer-id

Specifies the policer index.

Values

1 to 63

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policer-control-override

policer-control-override

Syntax

policer-control-override [create]

no policer-control-override

Context

[Tree] (config>card>fp>ingress>access>queue-group policer-control-override)

[Tree] (config>card>fp>ingress>network>queue-group policer-control-override)

Full Context

configure card fp ingress access queue-group policer-control-override

configure card fp ingress network queue-group policer-control-override

Description

This command configures policer control overrides.

Parameters

create

Keyword required to create a new policer control override instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-override

Syntax

policer-control-override [create]

no policer-control-override

Context

[Tree] (config>service>epipe>sap>egress policer-control-override)

[Tree] (config>service>epipe>sap>ingress policer-control-override)

[Tree] (config>service>ipipe>sap>egress policer-control-override)

[Tree] (config>service>cpipe>sap>egress policer-control-override)

[Tree] (config>service>cpipe>sap>ingress policer-control-override)

[Tree] (config>service>ipipe>sap>ingress policer-control-override)

Full Context

configure service epipe sap egress policer-control-override

configure service epipe sap ingress policer-control-override

configure service ipipe sap egress policer-control-override

configure service cpipe sap egress policer-control-override

configure service cpipe sap ingress policer-control-override

configure service ipipe sap ingress policer-control-override

Description

This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.

The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.

Default

no policer-control-override

Parameters

create

The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe sap egress policer-control-override
  • configure service ipipe sap ingress policer-control-override
  • configure service ipipe sap egress policer-control-override
  • configure service epipe sap ingress policer-control-override

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-control-override
  • configure service cpipe sap egress policer-control-override

policer-control-override

Syntax

policer-control-override [create]

no policer-control-override

Context

[Tree] (config>service>vpls>sap>egress policer-control-override)

[Tree] (config>service>vpls>sap>ingress policer-control-override)

Full Context

configure service vpls sap egress policer-control-override

configure service vpls sap ingress policer-control-override

Description

This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.

The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.

Default

no policer-control-override

Parameters

create

The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-override

Syntax

policer-control-override [create]

no policer-control-override

Context

[Tree] (config>service>ies>if>sap>egress policer-control-override)

[Tree] (config>service>ies>if>sap>ingress policer-control-override)

Full Context

configure service ies interface sap egress policer-control-override

configure service ies interface sap ingress policer-control-override

Description

This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.

The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.

Default

no policer-control-override

Parameters

create

The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-override

Syntax

policer-control-override [create]

no policer-control-override

Context

[Tree] (config>service>vprn>if>sap>egress policer-control-override)

[Tree] (config>service>vprn>if>sap>ingress policer-control-override)

Full Context

configure service vprn interface sap egress policer-control-override

configure service vprn interface sap ingress policer-control-override

Description

This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.

The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.

Default

no policer-control-override

Parameters

create

The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

policer-control-policy

Syntax

policer-control-policy policy-name [create]

no policer-control-policy

Context

[Tree] (config>subscr-mgmt>sub-prof>ingress policer-control-policy)

[Tree] (config>subscr-mgmt>sub-prof>egress policer-control-policy)

Full Context

configure subscriber-mgmt sub-profile ingress policer-control-policy

configure subscriber-mgmt sub-profile egress policer-control-policy

Description

This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the policer control policy name. Each policer-control-policy must be created with a unique policy name. The name given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

create

The create keyword is required when a new policy is being created and the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>egress policer-control-policy)

[Tree] (config>service>vprn>sub-if>grp-if>sap>egress policer-control-policy)

[Tree] (config>service>ies>sub-if>grp-if>sap>ingress policer-control-policy)

Full Context

configure service ies subscriber-interface group-interface sap egress policer-control-policy

configure service vprn subscriber-interface group-interface sap egress policer-control-policy

configure service ies subscriber-interface group-interface sap ingress policer-control-policy

Description

This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.

The no form of this command resets the command to the default setting.

Parameters

policy-name

Specifies the policer control policy name. Each policer control policy name must be unique and adhere to the system policy ASCII naming requirements. If the defined policy name already exists, the system enters that policy’s context for editing purposes. If policy-name does not exist, the system attempts to create a policy with the specified name.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer-control-policy

Syntax

policer-control-policy policer-control-policy-name

no policer-control-policy

Context

[Tree] (config>card>fp>ingress>access>queue-group policer-control-policy)

[Tree] (config>card>fp>ingress>network>queue-group policer-control-policy)

Full Context

configure card fp ingress access queue-group policer-control-policy

configure card fp ingress network queue-group policer-control-policy

Description

This command configures an policer-control policy that can apply to a queue-group on the forwarding plane.

The no form of this command removes the policer-control policy association from the queue-group.

Default

no policer-control-policy

Parameters

policer-control-policy-name

Specifies the name of the policer-control policy to use for the queue-group. The name can be up to 32 characters long.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>port>ethernet>network>egress>queue-group>policer-control-policy policer-control-policy)

Full Context

configure port ethernet network egress queue-group policer-control-policy policer-control-policy

Description

This command configures the policer control policy for the QoS egress queue-group.

Parameters

policy-name

Specifies the name of the policer control policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>cpipe>sap>ingress policer-control-policy)

[Tree] (config>service>cpipe>sap>egress policer-control-policy)

[Tree] (config>service>ipipe>sap>egress policer-control-policy)

[Tree] (config>service>ipipe>sap>ingress policer-control-policy)

[Tree] (config>service>epipe>sap>ingress policer-control-policy)

[Tree] (config>service>epipe>sap>egress policer-control-policy)

Full Context

configure service cpipe sap ingress policer-control-policy

configure service cpipe sap egress policer-control-policy

configure service ipipe sap egress policer-control-policy

configure service ipipe sap ingress policer-control-policy

configure service epipe sap ingress policer-control-policy

configure service epipe sap egress policer-control-policy

Description

This command, within the QoS CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied.

When applied to a sub-profile on a 7450 ESS and 7750 SR, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis.

For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As previously stated, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated in the Tier 1 and Tier 2 Arbiter subsection, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

Each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP context.

Parameters

policy-name

Each policer-control-policy must be created with a unique policy name. The name given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

create

The keyword is required when a new policy is being created and the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-control-policy
  • configure service cpipe sap egress policer-control-policy

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap ingress policer-control-policy
  • configure service ipipe sap egress policer-control-policy
  • configure service epipe sap egress policer-control-policy
  • configure service epipe sap ingress policer-control-policy

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>vpls>sap>ingress policer-control-policy)

[Tree] (config>service>vpls>sap>egress policer-control-policy)

[Tree] (config>service>template>vpls-sap-template>ingress policer-control-policy)

[Tree] (config>service>template>vpls-sap-template>egress policer-control-policy)

Full Context

configure service vpls sap ingress policer-control-policy

configure service vpls sap egress policer-control-policy

configure service template vpls-sap-template ingress policer-control-policy

configure service template vpls-sap-template egress policer-control-policy

Description

This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.

Parameters

policy-name

Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

create

The keyword is required when a new policy is being created and the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>ies>if>sap>ingress policer-control-policy)

[Tree] (config>service>ies>if>sap>egress policer-control-policy)

Full Context

configure service ies interface sap ingress policer-control-policy

configure service ies interface sap egress policer-control-policy

Description

This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.

Parameters

policy-name

Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>vprn>if>sap>ingress policer-control-policy)

[Tree] (config>service>vprn>if>sap>egress policer-control-policy)

Full Context

configure service vprn interface sap ingress policer-control-policy

configure service vprn interface sap egress policer-control-policy

Description

This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.

Parameters

policy-name

Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name [create]

no policer-control-policy policy-name

Context

[Tree] (config>qos policer-control-policy)

Full Context

configure qos policer-control-policy

Description

This command is used to create, delete, or modify policer control policies. The policer-control-policy controls the aggregate bandwidth available to a set of child policers. When created, the policy can be applied to ingress or egress SAPs. The policy can also be applied to the ingress or egress context of a sub-profile.

Parameters

policy-name

Each policer-control-policy must be created with a unique policy name. The policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system enters that policy’s context for editing purposes. If policy-name does not exist, the system attempts to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

create

The create keyword is required when a new policy is being created and the system is configured for explicit object creation mode.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy policy-name

no policer-control-policy

Context

[Tree] (config>service>cust>multi-service-site>ingress policer-control-policy)

[Tree] (config>service>cust>multi-service-site>egress policer-control-policy)

Full Context

configure service customer multi-service-site ingress policer-control-policy

configure service customer multi-service-site egress policer-control-policy

Description

This command, within the QoS CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a 7750 SR or 7450 ESS sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and not subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For 7750 SR or 7450 ESS subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and thus the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

In order to derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of the command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP context.

Parameters

policy-name

Specifies the policy name up to 32 characters in length. Each policer-control-policy must be created with a unique policy name. The name must adhere to the system policy ASCII naming requirements. If the defined policy name already exists, the system will enter that policy’s context for editing purposes. If policy name does not exist, the system will attempt to create a policy with the specified name.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-control-policy

Syntax

policer-control-policy src-name dst-name [ overwrite]

Context

[Tree] (config>qos>copy policer-control-policy)

Full Context

configure qos copy policer-control-policy

Description

This command copies an existing policer-control-policy to another policer-control-policy. The copy command is a configuration level maintenance tool used to create new entries using an existing profile ID. If overwrite is not specified, an error occurs if the destination policy exists.

Parameters

src-name

Specifies the existing source policer-control-policy, up to 32 characters, from which the copy command attempts to copy.

dst-name

Specifies the destination policer-control-policy dst-name, up to 32 characters, to which the copy command attempts to copy.

overwrite

Use this parameter when the policer-control-policy dst-name already exists. If it does, everything in the existing destination policer-control-policy dst-name is completely overwritten with the contents of the policer-control-policy src-name. The overwrite parameter must be specified or else the following error message is returned:

MINOR: CLI Destination "pcp-name2" exists - use {overwrite}.

If overwrite is specified, the function of copying from source to destination occurs in a "break before make” manner and therefore should be handled with care.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-override

policer-override

Syntax

[no] policer-override

Context

[Tree] (config>card>fp>ingress>access>queue-group policer-override)

[Tree] (config>card>fp>ingress>network>queue-group policer-override)

Full Context

configure card fp ingress access queue-group policer-override

configure card fp ingress network queue-group policer-override

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command removes any existing policer overrides.

Default

no policer-override

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-override

Syntax

[no] policer-override

Context

[Tree] (config>service>epipe>sap>ingress policer-override)

[Tree] (config>service>cpipe>sap>ingress policer-override)

[Tree] (config>service>cpipe>sap>egress policer-override)

[Tree] (config>service>ipipe>sap>egress policer-override)

[Tree] (config>service>ipipe>sap>ingress policer-override)

[Tree] (config>service>epipe>sap>egress policer-override)

Full Context

configure service epipe sap ingress policer-override

configure service cpipe sap ingress policer-override

configure service cpipe sap egress policer-override

configure service ipipe sap egress policer-override

configure service ipipe sap ingress policer-override

configure service epipe sap egress policer-override

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command is used to remove any existing policer overrides.

Default

no policer-overrides

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap ingress policer-override
  • configure service ipipe sap egress policer-override
  • configure service epipe sap ingress policer-override
  • configure service epipe sap egress policer-override

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-override
  • configure service cpipe sap egress policer-override

policer-override

Syntax

[no] policer-override

Context

[Tree] (config>service>vpls>sap>ingress policer-override)

[Tree] (config>service>vpls>sap>egress policer-override)

Full Context

configure service vpls sap ingress policer-override

configure service vpls sap egress policer-override

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command is used to remove any existing policer overrides.

Default

no policer-overrides

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-override

Syntax

[no] policer-override

Context

[Tree] (config>service>ies>if>sap>egress policer-override)

[Tree] (config>service>ies>if>sap>ingress policer-override)

Full Context

configure service ies interface sap egress policer-override

configure service ies interface sap ingress policer-override

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command is used to remove any existing policer overrides.

Default

no policer-override

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-override

Syntax

[no] policer-override

Context

[Tree] (config>service>vprn>if>sap>ingress policer-override)

[Tree] (config>service>vprn>if>sap>egress policer-override)

Full Context

configure service vprn interface sap ingress policer-override

configure service vprn interface sap egress policer-override

Description

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command is used to remove any existing policer overrides.

Default

no policer-override

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

policer-stats

policer-stats

Syntax

[no] policer-stats

Context

[Tree] (config>app-assure>group>statistics>aa-admit-deny policer-stats)

Full Context

configure application-assurance group statistics aa-admit-deny policer-stats

Description

This command configures whether to include or exclude system and subscriber-level flow count and flow-setup rate policer admit-deny statistics in accounting records.

Default

no policer-stats

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policer-stats-resources

policer-stats-resources

Syntax

[no] policer-stats-resources

Context

[Tree] (config>app-assure>group>statistics>aa-admit-deny policer-stats-resources)

Full Context

configure application-assurance group statistics aa-admit-deny policer-stats-resources

Description

This command allows the operator to allocate or deallocate AA partition resources for policer admit-deny statistics.

Default

no policer-stats-resources

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policers

policers

Syntax

policers policy-limit

no policers

Context

[Tree] (config>card>fp>ingress>policy-accounting policers)

Full Context

configure card fp ingress policy-accounting policers

Description

This command configures the number of policer resources for an policy accounting. Policy accounting can be used to collect statistics about the amount of traffic matching particular routes and, on FP4 cards and systems only, it can also be used to police traffic associated with certain routes as destinations of the traffic.

Using only statistics (policing is not performed) requires the reservation of policer statistics index resources on each FP receiving the traffic to be counted. Every policy-accounting interface on a card or FP uses one of these resources for every source and destination class index listed in the template referenced by the interface. The total reservation at the FP level is set using the configure card slot-number fp fp-number policy-accounting command.

Using FP4 policing requires the above resource, and in addition, policer index resources. Every policy-accounting interface on a card or FP uses one of these resources for every destination class associated with a policer in the template referenced by the interface. The total reservation of this second resource at the FP level is set using the configure card slot-number fp fp-number ingress policy-accounting policers command.

The total number of the above resources, per FP, must be less than or equal to 128000. In addition, the second resource pool size must be less than or equal to the size of the first resource pool.

It is possible to increase or decrease the size of either resource sub pool at any time. A decrease can cause some interfaces (randomly selected) to immediately lose their resources and stop counting or policing some traffic that was previously being counted or policed.

If the policy accounting is enabled on a spoke SDP or R-VPLS interface all FPs in the system should have a reservation for each of the above resources, otherwise the show router interface policy-accounting command output reports that statistics are possibly incomplete.

Default

no policers

Parameters

policy-limit

Specifies the number of policer resources for policy accounting.

Values

1 to 64000

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policers-hqos-manageable

policers-hqos-manageable

Syntax

[no] policers-hqos-manageable

Context

[Tree] (config>qos>sap-egress policers-hqos-manageable)

Full Context

configure qos sap-egress policers-hqos-manageable

Description

This command enables Hierarchical QoS (HQoS) management of the policiers within the SAP egress policy, when the policy is applied to either the egress SAP configuration or the egress SLA profile, with multiservice sites (MSS) supported for SAPs. When enabled, the system can manage egress policers and queues together in the same HQoS hierarchy.

To be managed by HQoS, egress policers within a SAP egress QoS policy must be configured with either a scheduler-parent or port-parent command or be orphaned to an egress port scheduler applied on a Vport or port.

The policers-hqos-manageable command and parent-location sla or policers with enable-exceed-pir or stat-mode no-stats within a SAP egress QoS policy are mutually exclusive.

To prevent HQoS from measuring the traffic through both a policer managed by HQoS, then again through a post-policer access egress queue group queue, configure post-policer access egress queue groups with no queues-hqos-manageable so their queues are not managed by HQoS.

A post-policer local queue is not supported with HQoS managed policers, nor are those mapped by the use-fc-mapped-queue parameter in a criteria action statement. The policers-hqos-manageable command is not supported for SAP egress dynamic policers or on a 7950 XRS.

The no form of this command rdisables HQoS management of policers within the SAP QoS egress policy.

Default

no policers-hqos-manageable

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR

policers-hqos-manageable

Syntax

[no] policers-hqos-manageable

Context

[Tree] (config>qos>sap-ingress policers-hqos-manageable)

Full Context

configure qos sap-ingress policers-hqos-manageable

Description

This command specifies that the policers within this SAP ingress policy are to be managed by the Hierarchical QoS (HQoS) process when the policy is applied to either the ingress part of a SAP configuration or the ingress part of an SLA profile, with multiservice sites (MSS) supported for SAPs. When enabled, ingress policers and queues can be managed together in the same HQoS hierarchy.

To be managed by HQoS, ingress policers within a SAP ingress QoS policy must be configured with either a scheduler-parent or parent command or be orphaned to an ingress port scheduler applied on a Vport or port. The scheduler-parent and parent commands are mutually exclusive.

The policers-hqos-manageable command and the stat-mode no-stats command within a SAP ingress QoS policy are mutually exclusive.

The no form of this command results in policers within this SAP QoS ingress policy being non-HQoS-manageable.

Default

no policers-hqos-manageable

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s

policing

policing

Syntax

[no] policing

Context

[Tree] (config>test-oam>sath>svc-test>svc-stream>test-types policing)

Full Context

configure test-oam service-activation-testhead service-test service-stream test-types policing

Description

This command configures the policing test on the service stream.

The no form of this command removes the configured policing test.

Default

no policing

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policing

Syntax

policing

Context

[Tree] (config>test-oam>service-activation-testhead>service-test>test-duration policing)

Full Context

configure test-oam service-activation-testhead service-test test-duration policing

Description

Commands in this context configure the duration for the policing test type.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy

policy

Syntax

policy msap-policy-name

no policy

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>msap-defaults policy)

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>msap-defaults policy)

Full Context

configure subscriber-mgmt local-user-db ipoe host msap-defaults policy

configure subscriber-mgmt local-user-db ppp host msap-defaults policy

Description

This command configures the MSAP policy.

The no form of this command removes the MSAP policy name from the configuration.

Parameters

msap-policy-name

Specifies the policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy ppp-policy-name

no policy

Context

[Tree] (config>service>ies>sub-if>grp-if>pppoe policy)

[Tree] (config>service>vprn>sub-if>grp-if>pppoe policy)

Full Context

configure service ies subscriber-interface group-interface pppoe policy

configure service vprn subscriber-interface group-interface pppoe policy

Description

This command specifies the PPPoE policy on this interface.

The no form of this command reverts to the default.

Default

policy "default”

Parameters

ppp-policy-name

Specifies the PPP policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>igmp-snp>mcac policy)

Full Context

configure subscriber-mgmt msap-policy vpls-only-sap-parameters igmp-snooping mcac policy

Description

This command configures the multicast CAC policy name.

The no form of this command reverts to the default.

Parameters

policy-name

The multicast CAC policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy name1 [name2] [ name3] [name4] [name5]

no policy

Context

[Tree] (config>subscr-mgmt>sub-prof>rad-acct policy)

Full Context

configure subscriber-mgmt sub-profile radius-accounting policy

Description

This command specifies the RADIUS accounting policy for the subscriber that is using this subscriber profile. This command allows the configuration of up to five RADIUS accounting policies. The RADIUS accounting policies function according to their respective configuration, including the individual accounting mode, their own included attributes, and the update interval.

Parameters

name1

Specifies the name of the RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.

name2

Specifies the name of the second RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.

name3

Specifies the name of the third RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.

name4

Specifies the name of the fourth RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.

name5

Specifies the name of the fifth RADIUS accounting policy, up to 32 characters, to be used for the subscriber profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy vrrp-policy-id

no policy[vrrp-policy-id]

Context

[Tree] (config>service>vprn>sub-if>grp-if>srrp policy)

[Tree] (config>service>ies>sub-if>grp-if>srrp policy)

Full Context

configure service vprn subscriber-interface group-interface srrp policy

configure service ies subscriber-interface group-interface srrp policy

Description

This command associates one or more VRRP policies with the SRRP instance. A VRRP policy is a collection of connectivity and verification tests used to manipulate the in-use priorities of VRRP and SRRP instances. A VRRP policy can test the link state of ports, ping IP hosts, discover the existence of routes in the routing table or the ability to reach Layer 2 hosts. When one or more of these tests fail, the VRRP policy has the option of decrementing or setting an explicit value for the in-use priority of an SRRP instance.

More than one VRRP policy may be associated with an SRRP instance. When more than one VRRP policy is associated with an SRRP instance the delta decrement of the in-use priority is cumulative unless one or more test fail that have explicit priority values. When one or more explicit tests fail, the lowest priority value event takes effect for the SRRP instance. When the highest delta-in-use-limit is used to manage the lowest delta derived in-use priority for the SRRP instance.

VRRP policy associations may be added and removed at any time. A maximum of two VRRP policies can be associated with a single SRRP instance.

The no form of this command removes the association with the vrrp-policy-id from the SRRP instance.

Parameters

vrrp-policy-id

Specifies one or more VRRP policies with the SRRP instance.

Values

1 to 9999

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

[no] policy policy-name

Context

[Tree] (debug>diam>application policy)

Full Context

debug diameter application policy

Description

This command debugs Diameter applications for a particular application policy.

Parameters

policy-name

Specifies the policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy msap-policy-name

no policy

Context

[Tree] (config>service>vpls>sap>msap-defaults policy)

Full Context

configure service vpls sap msap-defaults policy

Description

This command sets default msap-policy for all subscribers created based on trigger packets received on the specified capture-sap in case the corresponding VSA is not included in the RADIUS authentication response. This command is applicable to capture SAP only.

Default

no policy

Platforms

All

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>service>pw-template>igmp-snooping>mcac policy)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>mcac policy)

[Tree] (config>service>vpls>sap>igmp-snooping>mcac policy)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>mcac policy)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>mcac policy)

[Tree] (config>service>vpls>sap>mld-snooping>mcac policy)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>mcac policy)

Full Context

configure service pw-template igmp-snooping mcac policy

configure service vpls spoke-sdp mld-snooping mcac policy

configure service vpls sap igmp-snooping mcac policy

configure service vpls mesh-sdp igmp-snooping mcac policy

configure service vpls mesh-sdp mld-snooping mcac policy

configure service vpls sap mld-snooping mcac policy

configure service vpls spoke-sdp igmp-snooping mcac policy

Description

This command configures the multicast CAC policy name. MCAC policy is not supported with MLD-snooping, therefore executing the command in the mld-snooping contexts will return an error.

Parameters

policy-name

Specifies the multicast CAC policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

policy

Syntax

policy vrrp-policy-id

no policy

Context

[Tree] (config>service>ies>if>ipv6>vrrp policy)

Full Context

configure service ies interface ipv6 vrrp policy

Description

This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.

The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.

The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.

The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.

Parameters

vrrp-policy-id

The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.

Values

1 to 9999

Platforms

All

policy

Syntax

policy vrrp-policy-id

no policy

Context

[Tree] (config>service>ies>if>vrrp policy)

Full Context

configure service ies interface vrrp policy

Description

This command creates VRRP control policies. The VRRP policy ID must be created by the policy command prior to association with the virtual router instance.

The policy command provides the ability to associate a VRRP priority control policy to a virtual router instance. The policy may be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base-priority dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority may eventually be restored to the base-priority value.

The policy command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base-priority will be used as the in-use priority.

The no form of this command removes any existing VRRP priority control policy association from the virtual router instance. All such associations must be removed prior to the policy being deleted from the system.

Parameters

vrrp-policy-id

The vrrp-policy-id parameter associated the corresponding VRRP priority control policy-id with the virtual router instance. The vrrp-policy-id must already exist in the system for the policy command to be successful.

Values

1 to 9999

Platforms

All

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>service>vprn>bgp>next-hop-res policy)

Full Context

configure service vprn bgp next-hop-resolution policy

Description

This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next-hops to MPLS tunnels. If a BGP next-hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved; if the route N is accepted by the policy then it becomes the resolving route for R.

The default next-hop resolution policy (when the no policy command is configured) is to use the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.

Default

no policy

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>service>vprn>igmp>if>mcac policy)

[Tree] (config>service>vprn>pim>if>mcac policy)

[Tree] (config>service>vprn>mld>grp-if>mcac policy)

[Tree] (config>service>vprn>igmp>grp-if>mcac policy)

Full Context

configure service vprn igmp interface mcac policy

configure service vprn pim interface mcac policy

configure service vprn mld group-interface mcac policy

configure service vprn igmp group-interface mcac policy

Description

This command references the global channel bandwidth definition policy that is used for HMCAC and HQoS Adjust.

HQoS Adjustment is supported with redirection enabled or per-host-replication disabled. In other words, the policy from the redirected interface is used for HQoS Adjustment.

Hierarchical MCAC (HMCAC) is supported with redirection enabled or per-host-replication disabled. In HMCAC, the subscriber is checked first against its bandwidth limits followed by the check on the redirected interface against the bandwidth limits defined under the redirected interface. In the HMCAC case, the channel definition policy must be referenced under the redirected interface level.

Parameters

policy-name

Specifies the name of the global MCAC channel definition policy defined under the hierarchy config>router>mcac>policy. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

Platforms

All

  • configure service vprn pim interface mcac policy
  • configure service vprn igmp interface mcac policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn mld group-interface mcac policy
  • configure service vprn igmp group-interface mcac policy

policy

Syntax

policy vrrp-policy-id

no policy

Context

[Tree] (config>service>vprn>if>ipv6>vrrp policy)

[Tree] (config>service>vprn>if>vrrp policy)

Full Context

configure service vprn interface ipv6 vrrp policy

configure service vprn interface vrrp policy

Description

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).

Parameters

vrrp-policy-id

Specifies a VRRP priority control policy.

Values

1 to 9999

Platforms

All

policy

Syntax

policy

Context

[Tree] (config>app-assure>group policy)

Full Context

configure application-assurance group policy

Description

Commands in this context configure parameters for application assurance policy. To edit any policy content begin command must be executed first to enter editing mode. The editing mode is left when the abort or commit commands are issued.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy aa-sub {sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name} [create]

no policy aa-sub {sap sap-id | spoke-sdp sdp-id:vc-id | transit transit-aasub-name}

Context

[Tree] (config>app-assure>group>policy-override policy)

Full Context

configure application-assurance group policy-override policy

Description

This command specifies a given SAP or SDP to be used for a static policy override.

The no form of this command removes the policy override.

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

sdp-id:vc-id

Specifies the spoke SDP ID and VC ID.

Values

1 to 32767

1 to 4294967295

transit-aasub-name

Specifies an existing transit subscriber name, up to 32 characters.

create

Keyword used to create the policy override.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>router>pim>interface policy)

[Tree] (config>router>igmp>interface>mcac policy)

[Tree] (config>router>mld>interface policy)

[Tree] (config>router>igmp>grp-if>mcac policy)

[Tree] (config>router>mld>group-interface policy)

[Tree] (config>router>mcac policy)

Full Context

configure router pim interface policy

configure router igmp interface mcac policy

configure router mld interface policy

configure router igmp group-interface mcac policy

configure router mld group-interface policy

configure router mcac policy

Description

This command references the global channel bandwidth definition policy that is used for (H)MCAC and HQoS adjustment.

Within the scope of HQoS adjustment, the channel definition policy under the group-interface is used if redirection is disabled. In this case, the HQoS adjustment can be applied to IPoE subscribers in per-SAP replication mode.

If redirection is enabled, the channel bandwidth definition policy applied under the Layer 3 redirected interface is in effect.

Hierarchical MCAC (HMCAC) is supported on two levels simultaneously:

  • subscriber level and redirected interface in case that redirection is enabled

  • subscriber level and group-interface level in case that redirection is disabled

In HMCAC, the subscriber is first checked against its bandwidth limits followed by the check on the redirected interface (or group-interface) against the bandwidth limits there.

In the case that the redirection is enabled but the policy is referenced only under the group-interface, no admission control will be executed (HMCAC or MCAC).

Parameters

policy-name

Specifies the name of the global MCAC channel definition policy, up to 32 characters, defined under the hierarchy config>router>mcac>policy.

Platforms

All

  • configure router pim interface policy
  • configure router mcac policy
  • configure router mld interface policy
  • configure router igmp interface mcac policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router mld group-interface policy
  • configure router igmp group-interface mcac policy

policy

Syntax

policy vrrp-policy-id

no policy

Context

[Tree] (config>router>if>ipv6>vrrp policy)

[Tree] (config>router>if>vrrp policy)

Full Context

configure router interface ipv6 vrrp policy

configure router interface vrrp policy

Description

This command adds a VRRP priority control policy association with the virtual router instance.

To further augment the virtual router instance base priority, VRRP priority control policies can be used to override or adjust the base priority value depending on events or conditions within the chassis.

The policy can be associated with more than one virtual router instance. The priority events within the policy either override or diminish the base priority set with the priority command dynamically affecting the in-use priority. As priority events clear in the policy, the in-use priority can eventually be restored to the base priority value.

The policy command is only available in the non-owner vrrp nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed by VRRP priority control policies. For non-owner virtual router instances, if the policy command is not executed, the base priority is used as the in-use priority.

The no form of the command removes existing VRRP priority control policy associations from the virtual router instance. All associations must be removed prior to deleting the policy from the system.

Default

no policy — No VRRP priority control policy is associated with the virtual router instance.

Parameters

vrrp-policy-id

The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp-policy-id must already exist for the command to function.

Values

1 to 9999

Platforms

All

policy

Syntax

policy policy-id context context-value

policy policy-id context name name

no policy policy-id

Context

[Tree] (config>vrrp policy)

Full Context

configure vrrp policy

Description

This command creates the context to configure a VRRP priority control policy which is used to control the VRRP in-use priority based on priority control events. It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions.

The virtual router instance priority command defines the initial or base value to be used by non-owner virtual routers. This value can be modified by assigning a VRRP priority control policy to the virtual router instance. The VRRP priority control policy can override or diminish the base priority setting to establish the actual in-use priority of the virtual router instance.

The policy policy-id command must be created first, before it can be associated with a virtual router instance.

Because VRRP priority control policies define conditions and events that must be maintained, they can be resource intensive. The number of policies is limited to 1000.

The policy-id do not have to be consecutive integers. The range of available policy identifiers is from 1 to 9999.

The no form of the command deletes the specific policy-id from the system. The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail.

Parameters

policy-id

The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 1000 policies can be defined.

Values

1 to 9999

context-value

Specifies the service ID to which this policy applies. A value of zero (0) means that this policy does not apply to a service but applies to the base router instance.

Values

1 to 2147483647

Platforms

All

policy

Syntax

policy cpu-protection-policy-id [create]

no policy cpu-protection-policy-id

Context

[Tree] (config>sys>security>cpu-protection policy)

Full Context

configure system security cpu-protection policy

Description

This command configures CPU protection policies.

The no form of this command deletes the specified policy from the configuration.

Policies 254 and 255 are reserved as the default access and network interface policies, and cannot de deleted. The parameters within these policies can be modified. An event will be logged (warning) when the default policies are modified.

Default

Policy 254 (default access interface policy):

  • per-source-rate: max (no limit)

  • overall-rate: 6000

  • out-profile–rate: 6000

  • alarm

Policy 255 (default network interface policy):

  • per-source-rate: max (no limit)

  • overall-rate: max (no limit)

  • out-profile-rate: 3000

  • alarm

Parameters

cpu-protection-policy-id

Assigns a policy ID to the specific CPU protection policy.

Values

1 to 255

create

Keyword used to create CPU protection policy. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

policy

Syntax

policy policy-name [create] [type {access-network | port}]

no policy policy-name

Context

[Tree] (config>sys>security>dist-cpu-protection policy)

Full Context

configure system security dist-cpu-protection policy

Description

This command configures one of the maximum 18 Distributed CPU Protection (DCP) policies. These policies can be applied to objects such as SAPs, network interfaces or ports.

Parameters

policy-name

Specifies the name of the policy, up to 32 characters.

create

Keyword used to create a new policy.

type

Specifies the Distributed CPU protection type for the policy.

Values

access-network — Specifies this is a distributed CPU protection policy for access or network interfaces.

port — Specifies this is a distributed CPU protection policy for ports.

Default

access-network

Platforms

All

policy

Syntax

policy policy-name

no policy

Context

[Tree] (config>router>bgp>next-hop-resolution policy)

Full Context

configure router bgp next-hop-resolution policy

Description

This command specifies the policy statement name to use with the BGP next-hop resolution process. The policy determines the eligibility of IP routes in the RTM to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next hops to MPLS tunnels.

For example, if a BGP next hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved. If the route N is accepted by the policy, it becomes the resolving route for R.

The no form of this command reverts to the default next-hop resolution policy, which uses the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.

Default

no policy

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

All

policy

Syntax

policy plcy-or-long-expr

no policy

Context

[Tree] (config>router>policy-options>policy-statement>entry>from policy)

Full Context

configure router policy-options policy-statement entry from policy

Description

This command is used to call another policy by name and evaluate it as a subroutine, or to evaluate a logical expression of subroutine policies.

If the result of the subroutine evaluation is an 'accept', then the route is considered to match the entry in the parent policy that called the subroutine. If the result of the subroutine evaluation is a 'reject’, then the route is considered a non-match of the entry in the parent policy that called the subroutine.

Up to 3 levels of subroutine calls are supported. If a subroutine at maximum depth has this command, it is automatically considered a non-match of all routes.

The no form of this command removes the policy statement as a match criterion.

Default

no policy

Parameters

plcy-or-long-expr

Specifies the name of a single policy-statement (up to 64 characters in length) or a policy logical expression (up to 255 characters in length) consisting of policy-statement names (enclosed in square brackets), logical operations ('and’, 'or’, 'not’), and parentheses for grouping.

Platforms

All

policy

Syntax

policy plcy-or-long-expr

no policy

Context

[Tree] (config>router>policy-options>policy-statement>entry>action policy)

Full Context

configure router policy-options policy-statement entry action policy

Description

This command configures a nested policy statement as a match criterion for the route policy entry.

Policy statements are configured at the global route policy level (config>router>policy-options policy-statement).

The command is used to call another policy by name and evaluate it as a subroutine. If the result of the subroutine evaluation is an 'accept', then the route is considered to match the entry in the parent policy that called the subroutine. If the result of the subroutine evaluation is a 'reject’, then the route is considered a non-match of the entry in the parent policy that called the subroutine. Up to 3 levels of subroutine calls are supported. If a subroutine at maximum depth has this command, it is automatically considered a non-match of all routes.

The no form of this command removes the policy statement as a match criterion.

Default

no policy

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

policy

Syntax

[no] policy association-name

Context

[Tree] (config>router>pcep>pcc>pce-assoc policy)

Full Context

configure router pcep pcc pce-associations policy

Description

This command creates a named PCE policy association from which the parameters for specified policy association are configured.

The no form of the command deletes the specified policy association.

Parameters

association-name

Specifies the name of the policy association, up to 32 characters.

Platforms

All

policy

Syntax

[no] policy policy-assoc-name

Context

[Tree] (config>router>mpls>lsp>pce-assoc policy)

[Tree] (config>router>mpls>lsp-template>pce-assoc policy)

Full Context

configure router mpls lsp pce-associations policy

configure router mpls lsp-template pce-associations policy

Description

This command binds the LSP to a named policy association. The policy association name must exist under the PCC. Up to five policy associations can be configured per LSP.

The no form of the command removes the LSP binding from the specified policy association.

Parameters

policy-assoc-name

Specifies the name of an existing policy association, up to 32 characters.

Platforms

All

policy-accounting

policy-accounting

Syntax

policy-accounting

Context

[Tree] (config>card>fp>ingress policy-accounting)

Full Context

configure card fp ingress policy-accounting

Description

Commands in this context configure policy accounting FP information.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy-accounting

Syntax

policy-accounting template-name

no policy-accounting

Context

[Tree] (config>service>vprn>sub-if>grp-if>ingress policy-accounting)

Full Context

configure service vprn subscriber-interface group-interface ingress policy-accounting

Description

This command configures the specified policy accounting template.

The no form of this command disables the policy accounting template.

Parameters

template-name

Specifies the template name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s

policy-accounting

Syntax

policy-accounting <template-name>

no policy-accounting

Context

[Tree] (config>service>vprn>if>ingress policy-accounting)

Full Context

configure service vprn interface ingress policy-accounting

Description

This command configures the service VPRN interface ingress policy accounting

Parameters

template-name

Specifies the template name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy-accounting

Syntax

policy-accounting <template-name>

no policy-accounting

Context

[Tree] (config>service>ies>if>ingress policy-accounting)

Full Context

configure service ies interface ingress policy-accounting

Description

This command configures the service IES interface ingress policy accounting

Parameters

template-name

Specifies the template name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy-accounting

Syntax

policy-accounting template-name

no policy-accounting

Context

[Tree] (config>router>if>ingress policy-accounting)

Full Context

configure router interface ingress policy-accounting

Description

This command applies a policy accounting template to the associated interface.

The no form of this command removes the policy accounting template.

Parameters

template-name

Specifies the template name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy-acct-template

policy-acct-template

Syntax

[no] policy-acct-template template-name

Context

[Tree] (config>router policy-acct-template)

Full Context

configure router policy-acct-template

Description

This command configures a policy accounting template.

The no form of this command deletes the specified policy accounting template.

Parameters

template-name

Specifies the template name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS

policy-control

policy-control

Syntax

policy-control diameter-policy-name

no policy-control

Context

[Tree] (config>service>ies>sub-if>grp-if policy-control)

[Tree] (config>service>vprn>sub-if>grp-if policy-control)

Full Context

configure service ies subscriber-interface group-interface policy-control

configure service vprn subscriber-interface group-interface policy-control

Description

This command configures a policy-control policy for the interface.

The no form of this command reverts to the default.

Parameters

diameter-policy-name

Specifies the name of an existing diameter policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

policy-options

policy-options

Syntax

[no] policy-options

Context

[Tree] (config>router policy-options)

Full Context

configure router policy-options

Description

Commands in this context configure route policies. Route policies are applied to the routing protocol.

The no form of this command deletes the route policy configuration.

Platforms

All

policy-override

policy-override

Syntax

policy-override

Context

[Tree] (config>app-assure>group policy-override)

Full Context

configure application-assurance group policy-override

Description

Commands in this context configure policy override parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

policy-reference-checks

policy-reference-checks

Syntax

[no] policy-reference-checks

Context

[Tree] (config>router policy-reference-checks)

Full Context

configure router policy-reference-checks

Description

This command checks policy references to ensure that a policy exists and displays a CLI error if the policy does not exist. Enabling this option protects against accidentally referencing a missing or misspelled policy, that can lead to unexpected results when the policy is evaluated.

The no version of this command disables policy reference checks and allows policies that do not exist to be referenced.

Default

no policy-reference-checks

Platforms

All

policy-statement

policy-statement

Syntax

policy-statement policy-name [policy-name]

no policy-statement

Context

[Tree] (config>test-oam>ldp-treetrace>path-discovery policy-statement)

Full Context

configure test-oam ldp-treetrace path-discovery policy-statement

Description

This command configures the FEC policy to determine which routes are imported from the LDP FEC database to discover its paths and probing them.

If no policy is specified, the ingress LER imports the full list of FECs from the LDP FEC database. New FECs are added to the discovery list at the next path discovery and not when they are learned and added into the FEC database. The maximum number of FECs to be discovered with path discovery is limited to 500.

The user can configure FECs to include or exclude.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Default

no policy-statement

Parameters

policy-name

Specifies up to five route policy names to filter LDP imported address FECs. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified policy name(s) must already be defined.

Platforms

All

policy-statement

Syntax

[no] policy-statement name

Context

[Tree] (config>router>policy-options policy-statement)

Full Context

configure router policy-options policy-statement

Description

This command creates the context to configure a route policy statement.

Route policy statements control the flow of routing information to and from a specific protocol, set of protocols, or to a specific BGP neighbor.

The policy-statement is a logical grouping of match and action criteria. A single policy-statement can affect routing in one or more protocols and/or one or more protocols peers/neighbors. A single policy-statement can also affect both the import and export of routing information.

The no form of this command deletes the policy statement.

Default

no policy-statement

Parameters

name

Specifies the route policy statement name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Platforms

All

policy-variables

policy-variables

Syntax

policy-variables

Context

[Tree] (config>router>policy-options>policy-statement>entry>from policy-variables)

Full Context

configure router policy-options policy-statement entry from policy-variables

Description

Commands in this context configure policy-variables parameters.

The no form of this command removes all policy variables.

Platforms

All

poll

poll

Syntax

poll ca ca-profile-name

Context

[Tree] (admin>certificate>cmpv2 poll)

Full Context

admin certificate cmpv2 poll

Description

This command polls the status of the pending CMPv2 request toward the specified CA.

If the response is ready, this command will resume the CMPv2 protocol exchange with server as the original command would do. The requests could be also still be pending as a result, then this command could be used again to poll the status.

SR OS allows only one pending CMP request per CA, which means no new request is allowed when a pending request is present.

Parameters

ca-profile-name

Specifies a ca-profile name up to 32 characters.

Platforms

All

poll-interval

poll-interval

Syntax

poll-interval seconds

no poll-interval

Context

[Tree] (config>service>vprn>ospf>area>if poll-interval)

[Tree] (config>service>vprn>ospf3>area>if poll-interval)

Full Context

configure service vprn ospf area interface poll-interval

configure service vprn ospf3 area interface poll-interval

Description

This command configures the poll interval, in seconds. The poll interval is the time between two Hello packets to a dead (non-adjacent) OSPF NBMA neighbor. The default value of the poll interval timer is higher than the hello interval timer to avoid wasting bandwidth on non-broadcast networks, since OSPF messages are unicast to each configured neighbor. The poll interval timer is used only on non-broadcast interface types and has no effect if configured on other interface types.

The no form of this command removes the poll-interval configuration.

Default

120

Parameters

seconds

Specifies the poll interval, in seconds.

Values

0 to 4294967295

Platforms

All

poll-interval

Syntax

poll-interval seconds

no poll-interval

Context

[Tree] (config>router>ospf>area>interface poll-interval)

[Tree] (config>router>ospf3>area>interface poll-interval)

Full Context

configure router ospf area interface poll-interval

configure router ospf3 area interface poll-interval

Description

This command configures the poll interval, in seconds. The poll interval is the time between two Hello packets to a dead (non-adjacent) OSPF NBMA neighbor. The default value of the poll interval timer is higher than the hello interval timer to avoid wasting bandwidth on non-broadcast networks, since OSPF messages are unicast to each configured neighbor. The poll interval timer is used only on non-broadcast interface types and has no effect if configured on other interface types.

The no form of this command removes the poll-interval configuration.

Default

120

Parameters

seconds

Specifies the poll interval, in seconds.

Values

0 to 4294967295

Platforms

All

pool

pool

Syntax

pool pool-name [create]

no pool pool-name

Context

[Tree] (config>service>vprn>dhcp>server pool)

[Tree] (config>service>vprn>dhcp6>server pool)

[Tree] (config>router>dhcp>server pool)

[Tree] (config>router>dhcp6>server pool)

Full Context

configure service vprn dhcp local-dhcp-server pool

configure service vprn dhcp6 local-dhcp-server pool

configure router dhcp local-dhcp-server pool

configure router dhcp6 local-dhcp-server pool

Description

This command configures a DHCP address pool on the router.

The no form of this command removes the pool name from the configuration.

Parameters

pool name

Specifies the name of this IP address pool. Allowed values are any string, up to 32 characters.

create

Keyword used to create the pool. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pool

Syntax

pool pool-name router router-instance [create]

no pool pool-name router router-instance

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>evpn>export>ip-advertise-routes pool)

Full Context

configure subscriber-mgmt isa-service-chaining evpn export ip-advertise-routes pool

Description

This command configures NAT pools that are advertised in EVPN type 5 routes to the peer participating in service chaining.

The no form of this command removes the parameters from the configuration.

Parameters

pool-name

Specifies the name of the NAT pool up, to 32 characters.

router-instance

Specifies the router instance belonging to the pool.

Values

router-name | vprn-svc-id

router-name: Base, management, cpm-vr-name, vpls-management Default - Base

vprn-svc-id: [1 to 2147483647]

cpm-vr-name: [up to 32 characters]

service-name: [up to 64 characters]

create

Keyword used to create a pool instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool

Syntax

pool [name]

Context

[Tree] (config>port>access>egress pool)

[Tree] (config>port>network>egress pool)

[Tree] (config>port>access>ingress pool)

Full Context

configure port access egress pool

configure port network egress pool

configure port access ingress pool

Description

This command configures pool policies.

On the MDA level, access and network egress and access ingress pools are only allocated on channelized MDAs. Network ingress pools are allocated on the FP level for non-channelized MDAs.

Default

pool default

Parameters

name

If specified, the name must be default.

Platforms

All

pool

Syntax

pool [name]

Context

[Tree] (config>card>fp>ingress>network pool)

Full Context

configure card fp ingress network pool

Description

This command configures the per-FP network ingress pool.

Default

pool default

Parameters

name

If specified, the name must be default.

Platforms

All

pool

Syntax

pool nat-pool-name [nat-group nat-group-id type pool-type [ applications applications] [create]

no pool nat-pool-name

Context

[Tree] (config>service>vprn>nat>outside pool)

Full Context

configure service vprn nat outside pool

Description

This command configures a NAT pool.

Parameters

nat-pool-name

Specifies the NAT pool name.

Values

32 chars max

nat-group-id

Specifies the NAT group ID.

Values

1 to 4

create

This parameter must be specified to create the instance.

pool-type

Specifies the pool type.

Values

large-scale, l2-aware, wlan-gw-anchor

applications

Specifies the application.

Values

agnostic

flexible-port-allocation

create

Keyword used to create the pool.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool

Syntax

pool nat-pool-name nat-group nat-group-id type pool-type [applications applications] [create]

no pool nat-pool-name

Context

[Tree] (config>router>nat>outside pool)

Full Context

configure router nat outside pool

Description

This command creates a NAT pool in the outside routing context. The NAT pool defines the parameters that will be used for IP address and port translation within the pool.

Parameters

nat-pool-name

Specifies the NAT pool name, up to 32 characters.

nat-group-id

Specifies the NAT group ID.

Values

1 to 4

create

Creates the instance.

pool-type

Species the pool type.

Values

large-scale, l2-aware, wlan-gw-anchor

applications

This creation-time parameter configures the NAT pool for protocol agnostic operation. The IP addresses are translated in 1:1 fashion regardless of the protocol. No ports are translated for TCP or UDP traffic. Traffic through the pool can be initiated from inside or outside. When nat-pool is configured in agnostic mode, certain parameters in the pool are pre-set and cannot be changed:

  • mode one-to-one

  • port-forwarding-range 0

  • port-reservation blocks 1

  • subscriber-limit 1

  • deterministic port-reservation 65536.

This pool is used to configure static 1:1 NAT, where the operator have the control of the mapping between the inside and outside IP addresses. The static IP address mapping is using CLI constructs used in deterministic NAT (prefix and map deterministic NAT commands in the inside routing context).

ALG for TCP/UDP is supported in the protocol agnostic pool.

Values

agnostic

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool

Syntax

pool [name]

no pool

Context

[Tree] (config>isa>aa-grp>qos>egress>to-subscriber pool)

[Tree] (config>isa>aa-grp>qos>egress>from-subscriber pool)

Full Context

configure isa application-assurance-group qos egress to-subscriber pool

configure isa application-assurance-group qos egress from-subscriber pool

Description

Commands in this context configure an IOM pool as applicable to the specific application assurance group traffic. The user can configure resv-cbs (as percentage) values and slope-policy similarly to other IOM pool commands.

Default

pool default

Parameters

name

If specified, the name must be default.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool

Syntax

pool nat-pool-name service-name service-name

pool nat-pool-name router router-instance

no pool

Context

[Tree] (config>service>nat>nat-policy pool)

Full Context

configure service nat nat-policy pool

Description

This command configures the NAT pool of this policy.

Parameters

nat-pool-name

Specifies the name of the NAT pool, up to 32 characters.

router-instance

Specifies the router instance the pool belongs to, either by router name or service ID.

Values

1 to 2147483647 svc-name — a string up to 64 characters.

Values

router-name: "Base” | "management”

Default

Base

service-name

Specifies the name of the service, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool-manager

pool-manager

Syntax

pool-manager

Context

[Tree] (config>service>ies>sub-if>wlan-gw pool-manager)

[Tree] (config>service>vprn>sub-if>wlan-gw pool-manager)

Full Context

configure service ies subscriber-interface wlan-gw pool-manager

configure service vprn subscriber-interface wlan-gw pool-manager

Description

Commands in this context configure pool manager data for a WLAN GW subscriber interface.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool-name

pool-name

Syntax

[no] pool-name

Context

[Tree] (config>service>ies>sub-if>grp-if>dhcp>option>vendor pool-name)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp>option>vendor pool-name)

[Tree] (config>service>vprn>if>dhcp>option>vendor pool-name)

[Tree] (config>service>ies>if>dhcp>option>vendor pool-name)

Full Context

configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name

configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name

configure service vprn interface dhcp option vendor-specific-option pool-name

configure service ies interface dhcp option vendor-specific-option pool-name

Description

This command sends the pool name in the Nokia vendor specific sub-option of the DHCP relay packet.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp option vendor-specific-option pool-name
  • configure service ies subscriber-interface group-interface dhcp option vendor-specific-option pool-name

All

  • configure service ies interface dhcp option vendor-specific-option pool-name
  • configure service vprn interface dhcp option vendor-specific-option pool-name

pool-name

Syntax

pool-name name

no pool-name

Context

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>dhcpv4-nat pool-name)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>ia-na pool-name)

[Tree] (config>service>vprn>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)

[Tree] (config>service>ies>sub-if>wlan-gw>pool-manager>dhcp6-client>slaac pool-name)

Full Context

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client dhcpv4-nat pool-name

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client ia-na pool-name

configure service vprn subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name

configure service ies subscriber-interface wlan-gw pool-manager dhcpv6-client slaac pool-name

Description

This command specifies the pool name that should be sent in the DHCPv6 messages. This is reflected in the Nokia vendor specific pool option (vendor-id 6527, option-id 0x02).

The no form of this command removes pool-name and the option will not be sent in DHCPv6.

Parameters

name

Specifies the pool name up with 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

pool-name

Syntax

[no] pool-name

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option pool-name)

Full Context

configure router interface dhcp option vendor-specific-option pool-name

Description

This command enables the sending of the pool name in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of this command disables the feature.

Default

no pool-name

Platforms

All

pool-type

pool-type

Syntax

pool-type pool-type

Context

[Tree] (config>test-oam>twamp>twl>src-udp-pools>port pool-type)

Full Context

configure test-oam twamp twamp-light source-udp-port-pools port pool-type

Description

This command maps the specified source UDP port to the TWAMP Light application allowed to configure the source UDP port. The OAM-PM IP family of tests can only configure the source UDP port when the port pool UDP source port is configured with a pool-type oam-pm. The test-oam link-measurement measurement-template can only configure the src-udp-port when the port pool UDP source port is configured with pool-type link-measurement.A pool type cannot be changed if its current application (either an oam-pm session or link-measurement template) is configured to use the specified port, regardless of the administrative or operational state. The configuration reference linking to the source UDP prevents the change.

Default

pool-type oam-pm

Parameters

pool-type

Specifies the port to an application pool.

Values

oam-pm, link-measurement

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pop

pop

Syntax

[no] pop

Context

[Tree] (config>router>mpls>if>label-map pop)

Full Context

configure router mpls interface label-map pop

Description

This command specifies that the incoming label must be popped (removed). No label stacking is supported for a static LSP. The service header follows the top label. Once the label is popped, the packet is forwarded based on the service header.

The no form of this command removes the pop action for the in-label.

Platforms

All

populate

populate

Syntax

populate {static | dynamic | evpn} [ route-tag [1..255]]

no populate {static | dynamic | evpn}

Context

[Tree] (config>service>vprn>if>ipv6>nd-host-route populate)

[Tree] (config>service>vprn>if>arp-host-route populate)

[Tree] (config>service>ies>if>arp-host-route populate)

Full Context

configure service vprn interface ipv6 nd-host-route populate

configure service vprn interface arp-host-route populate

configure service ies interface arp-host-route populate

Description

This command enables the creation of ARP/ND host-route entries in the route-table out of a certain ARP/ND entry type.

The no form of this command reverts to the default.

Default

no populate

Parameters

evpn

Enables the creation of ARP-ND host routes in the route table out of EVPN ARP/ND entries (entries learned from EVPN MAC/IP routes).

dynamic

Enables the creation of ARP-ND host routes in the route table out of dynamic ARP/ND entries (learned from received ARP/ND messages from the hosts).

static

Enables the creation of ARP-ND host routes in the route table out of configured static ARP/ND entries.

route-tag [1..255]

Specifies the route tag that is added in the route table for ARP-ND host routes of type evpn, dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.

Platforms

All

port

port

Syntax

port port-id [sync-tag sync-tag] [create]

no port port-id]

Context

[Tree] (config>redundancy>multi-chassis>peer>sync port)

Full Context

configure redundancy multi-chassis peer sync port

Description

This command specifies the port to be synchronized with the multi-chassis peer and a synchronization tag to be used while synchronizing this port with the multi-chassis peer.

Parameters

port-id

Specifies the port to be synchronized with the multi-chassis peer.

Values

port-id

slot/mda/port

lag-id

lag-id

lag

keyword

id

1 to 200

pw-id

pw-id

pw

keyword

id

1 to 10239

sync-tag

Specifies a synchronization tag, up to 32 characters in length, to be used while synchronizing this port with the multi-chassis peer.

create

Creates an entry; mandatory while creating an entry.

Platforms

All

port

Syntax

[no] port {port-id | aps-id | connector-port-id}

Context

[Tree] (config port)

Full Context

configure port

Description

This command enables access to the context to configure ports, multilink bundles, and bundle protection groups (BPGs). Before a port can be configured, the chassis slot must be provisioned with a valid card type and the MDA parameter must be provisioned with a valid MDA type.

Default

No ports are configured. All ports must be explicitly configured and enabled.

Parameters

port-id

Specifies the physical port ID in the following format:

Values

slot/mda/port [.channel]

for GNSS RF ports:

A/gnss or B/gnss

eth-sat-id

Specifies the Ethernet satellite ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.

Values

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

Specifies the PXC ID to be associated with this IP interface. This parameter applies to the 7950 XRS only.

Values

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

aps-id

This option configures APS on unbundled SONET/SDH ports. All SONET-SDH port parameters, with certain exceptions, for the working and protection circuit ports must be configured in the config>port>aps-id context. The working and protection circuit ports inherit all those parameters configured. The exception parameters for the working and protect circuits can be configured in the config>port>sonet-sdh context. Exception list commands include:

  • clock-source

  • [no] loopback

  • [no] report-alarm

  • section-trace

  • [no] threshold

When an configure port aps-id is created all applicable parameters under the port CLI tree (including parameters under any submenus) assume aps-id defaults, or when those are not explicitly specified, default to SONET/SDH port defaults for any SONET port.

All but a few exception SONET/SDH parameters for the working channel port must be configured in the configure port sonet-sdh context. The protection channel inherits all the configured parameters. The exception parameters for the protection channel can be configured in the configure port sonet-sdh context.

Signal failure (SF) and signal degrade (SD) alarms are not enabled by default on POS interfaces. It is recommended to change the default alarm notification configuration for POS ports that belong to APS groups in order to be notified of SF/SD occurrences to be able to interpret the cause for an APS group to switch the active line.

For path alarms, modify the logical line aps-id in the configure port aps-id <sonet-sdh>path report-alarm context. For example:

configure port aps-1 sonet-sdh path report-alarm p-ais

For line alarms, separately, modify the 2 physical ports that are members of the logical aps-id port (the working and protect lines). APS reacts only to line alarms, not path alarms. For example:

configure port 1/2/3 sonet-sdh report-alarm lb2er-sd

configure port 4/5/6 sonet-sdh report-alarm lb2er-sd

If the SD and SF threshold rates must be modified, the changes must be performed at the line level on both the working and protect APS port member.

The no form of this command deletes an aps-group-id or bundle-aps-group-id. In order for an aps- group-id to be deleted,

The same rules apply for physical ports, bundles deletions apply to APS ports/bundles deletions (for example an aps-group-id must be shutdown, have no service configuration on it, and no path configuration on it). In addition working and protection circuits must be removed before an aps-group-id may be removed.

Values

port aps-group-id aps: keyword where group-id: 1 to 64

Example: port aps-64

connector-port-id

Specifies the physical port of a connector in the following format.

Values

slot/mda/connector/port

Platforms

All

port

Syntax

port port-id

no port

Context

[Tree] (config>port-xc>pxc port)

Full Context

configure port-xc pxc port

Description

This command configures the referenced Ethernet port as a loopback or a cross-connect port (PXC). When this command is executed, the system automatically creates two PXC subports under this Ethernet port.

The physical PXC port does not require any external connectivity or optical transceivers to function properly. Consequently, all optic-related alarms are disabled on the port.

The physical PXC port is automatically configured as a hybrid port. The MTU is preset to 9212 bytes, the encapsulation type is set to dot1q, and dot1x tunneling is turned on.

A single physical port can be associated with more than one PXC. In other words, multiple PXCs are supported per physical port. Because PXC subports use a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).

Since the PXC uses a single physical port to transmit traffic in both directions, the nominal port bandwidth is asymmetrically divided between the two directions. For example, a 10 Gb/s Ethernet port in PXC mode can accommodate 9 Gb/s of traffic in one direction and 1 Gb/s in the other. Any other ratio can be achieved as long as the sum of the bandwidth of the two PXC subports does not exceed the bandwidth capacity of the physical port (10 Gb/s in this case).

The following rules apply to PXC port configurations:

  • Only unused physical ports (not associated with an interface or SAP) can be referenced inside of a PXC ID configuration.

  • The physical port cannot be removed from a PXC ID configuration if the corresponding PXC subports are currently in use.

  • A physical port cannot be used outside the configured PXC context. For example, a regular IP interface cannot use this physical port, or a SAP on that port cannot be associated with a service.

The no form of this command removes the port ID from the configuration.

Parameters

port-id

Specifies the physical port in the slot/mda/port format.

Platforms

All

port

Syntax

port port-id [port-id] [priority priority] [sub-group sub-group-id] [hash-weight weight]

no port port-id [port-id]

Context

[Tree] (config>lag port)

Full Context

configure lag port

Description

This command adds ports to a Link Aggregation Group (LAG).

The port configuration of the first port added to the LAG is used as a basis to compare to subsequently added ports. If a discrepancy is found with a newly added port, that port will not be added to the LAG.

Multiple (space separated) ports can be added or removed from the LAG link assuming the maximum of number of ports is not exceeded.

Ports that are part of a LAG must be configured with auto-negotiate limited or disabled.

The no form of this command removes ports from the LAG.

Default

No ports are defined as members of a LAG.

Parameters

port-id

Specifies the port ID.

The maximum number of ports in a LAG depends on the platform type, the hardware deployment, and the SR OS software release. Adding a port over the maximum allowed per given router or switch is blocked. Some platforms support double port scale for specific port types on LAGs with LAG ID in the range of 1 to 64 inclusive. Up to 16 ports can be specified in a single statement, up to 64 ports total.

Values

These values apply to the 7950 XRS only.

slot/mda/port

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a to b

priority

Specifies the port priority used by LACP. The port priority is also used to determine the primary port. The port with the lowest priority is the primary port. In the event of a tie, the smallest port ID becomes the primary port.

Values

1 to 65535

sub-group-id

Identifies a LAG subgroup. When using subgroups in a LAG, they should only be configured on one side of the LAG, not both. Only having one side perform the active/standby selection guarantees a consistent selection and fast convergence. The active or standby selection is signaled through LACP to the other side. The hold time should be configured when using subgroups to prevent the LAG going down when switching between active and standby subgroup since momentarily all ports are down in a LAG (break-before-make).

Values

1 to 8 identifies a LAG subgroup The auto-iom subgroup is defined based on the IOM (all ports of the same IOM are assigned to the same subgroup). The auto-mda subgroup is defined based on the MDA. (all ports of the same MDA are assigned to the same subgroup).

weight

Specifies the flow hashing distribution between LAG ports.

Values

1 to 100000, port-speed

Platforms

All

port

Syntax

port port-id

no port

Context

[Tree] (config>service>system>bgp-evpn>eth-seg port)

Full Context

configure service system bgp-evpn ethernet-segment port

Description

This command configures a port-id associated with the Ethernet-Segment. If the Ethernet-Segment is configured as all-active, then only a lag or a PW port can be associated to the Ethernet-Segment. If the Ethernet-Segment is configured as single-active, then a lag, port or sdp can be associated to the Ethernet-Segment. In any case, only one of the four objects can be configured in the Ethernet-Segment. A specified port can be part of only one Ethernet-Segment. Only Ethernet ports can be added to an Ethernet-Segment.

Default

no port

Parameters

port-id

Specifies the port ID associated to the Ethernet-Segment.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

Platforms

All

port

Syntax

port [port-id | lag-id]

no port

Context

[Tree] (config>service>sdp>binding port)

Full Context

configure service sdp binding port

Description

This command specifies the port or lag identifier, to which the pseudowire ports associated with the underlying SDP are bound. If the underlying SDP is re-routed to a port or lag other than the specified one, the pseudowire ports on the SDP are operationally brought down.

The no form of the command removes the value from the configuration.

Default

no port

Parameters

port-id

Specifies the identifier of the port in the slot/mda/port format.

port-id

slot/mda/port[.channel]

pxc-id

psc-id.sub-port

pxc psc-id.sub-port

pxc: keyword

id: 1 to 64

sub-port: a, b

aps-id

aps-group-id[.channel]

aps keyword

group-id

1 to 64

group-id

1 to 16

ccag-id - ccag-<id>.<path-id>[cc-type]

ccag

keyword

id

1 to 8

path-id

a, b

cc-type[.sap-net | .net-sap]

lag-id

lag-id

lag

keyword

id

1 to 800

lag-id

Specifies the LAG identifier.

Platforms

All

port

Syntax

port [evpn-mpls | sap sap-id | sdp sdp-id:vc-id | vxlan vtep ip-address vni vni-id] [detail]

no port

Context

[Tree] (debug>service>id>pim-snooping port)

Full Context

debug service id pim-snooping port

Description

This command enables or disables debugging for PIM ports.

Parameters

sap-id

Only debugs packets associated with the specified SAP

sdp-id:vc-id

Only debugs packets associated with the specified SDP

detail

Provides detailed debugging information

evpn-mpls

Debugs PIM snooping statistics for EVPN-MPLS destinations

Platforms

All

port

Syntax

[no] port port-id

Context

[Tree] (config>service>pw-port-list port)

Full Context

configure service pw-port-list port

Description

This command is only applicable for VSR configurations. This command is used to select ports eligible for use with Flex PW port. Physical ports used by Flex PW port can be shared with any other Layer 2 or Layer 3 service. In other words, a Layer 3 interface using a regular SAP can be associated with a VPRN service, while the port is used by a Flex PW port. Another regular SAP from the same port can be associated with a VPLS or Epipe service at the same time.

The following rules should be followed when populating a pw-port-list:

  • A port must be in hybrid mode before it is added to a pw-port-list.

  • Before a port is removed from or added to a pw-port-list, all PW ports must be dissociated from the corresponding Epipe services (PW ports must be unconfigured). This implies that all PW SAPs must be deleted.

  • Network interfaces (configured in the Base routing context) can be configured only on ports that are in the pw-port-list.

  • A port mode (access, network, or hybrid) cannot be changed while the port is in the pw-port-list.

From this, the operator can consider adding all ports that are in hybrid mode to a pw-port-list at the beginning of the system configuration. This ensures that those ports can be used by a Flex PW port at any later time, independently of their current use.

The no form of this command removes the port ID from the configuration.

Parameters

port-id

Specifies the IP of the port.

Values

slot/mda/port: 1 to 16

port

Syntax

port port

no port

Context

[Tree] (config>service>vprn>aaa>remote-servers>radius port)

Full Context

configure service vprn aaa remote-servers radius port

Description

This command configures the UDP port number to contact the RADIUS server.

The no form of this command reverts to the default value.

Default

port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))

Parameters

port

Specifies the UDP port number to contact the RADIUS server.

Values

1 to 65535

Platforms

All

port

Syntax

port value

no port

Context

[Tree] (config>service>vprn>log>syslog port)

Full Context

configure service vprn log syslog port

Description

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of this command reverts to default value.

Default

no port

Parameters

value

The value is the configured UDP port number used when sending syslog messages.

Values

1 to 65535

Platforms

All

port

Syntax

port port

Context

[Tree] (config>app-assure>group>event-log>syslog port)

Full Context

configure application-assurance group event-log syslog port

Description

This command specifies the UDP port used by application assurance to inject the syslog events inband.

Default

port 514

Parameters

port

Specifies the UDP port number.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port

Syntax

[no] port port-number

[no] port range start-port-num end-port-num

Context

[Tree] (config>app-assure>group>port-list port)

Full Context

configure application-assurance group port-list port

Description

This command specifies the server TCP or UDP port number to use in the port list definition.

The no form of this command restores the default by removing port number from the port list.

Default

no port

Parameters

port-number

Specifies the port number.

Values

0 to 65535

start-port-number

Specifies the start port number.

Values

0 to 65535

end-port-number

Specifies the end port number.

Values

0 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port

Syntax

port {port-id | lag lag-id} [egress] [ingress]

no port {port-id | lag lag-id} {[egress] [ ingress]}

Context

[Tree] (config>mirror>mirror-source port)

Full Context

configure mirror mirror-source port

Description

This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).

The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.

The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.

The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.

If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.

If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.

The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).

The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.

Parameters

port-id

Specifies the port ID of the 7750 SR or 7950 XRS.

The following syntax applies to the 7750 SR:

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

bgrp-id

bpgrp-type-bpgrp-num

bgrp

keyword

type

ima, ppp

bgrp-num

1 to 2000

ccag-id

ccag-id.path-id cc-type:cc-id

ccag

keyword

id

1 to 8

path-id

a, b

cc-type

sap-net, .net-sap

cc-id

0 to 4094

The following syntax applies to the 7950 XRS:

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

lag-id

The LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

Platforms

All

port

Syntax

port {port-id | lag lag-id} {[ egress] [ingress]}

no port {port-id | lag lag-id} [ egress] [ingress]

Context

[Tree] (config>li>li-source port)

Full Context

configure li li-source port

Description

This command specifies the port to perform lawful intercept. It is recommended when configuring li-source>port criteria, the li-source should only contain ports. All other criteria such as SAPs and subscribers should use a different li-source.

The no form of this command reverts to the default.

Parameters

port-id

Specifies the port ID to perform lawful intercept.

port-id

slot/mda/port [.channel]

aps-id

aps-<group-id>[.channel]

aps

keyword

group-id

1 to 128

eth-sat-id

esat-<id>/<slot>/[u]<port>

esat

keyword

id

1 to 20

u

keyword for up-link port

tdm-sat-id

tsat-<id>/<slot>/[<u>]<port>.<channel>

tsat

keyword

id

1 to 20

u

keyword for up-link port

pxc-id

pxc-<id>.<sub-port>

pxc

keyword

id

1 to 64

sub-port

a, b

lag-id

The LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Performs lawful intercept on egress traffic.

ingress

Performs lawful intercept on ingress traffic.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port tcp-port

no port

Context

[Tree] (config>li>x-interfaces>lics>lic port)

Full Context

configure li x-interfaces lics lic port

Description

This command configures the TCP port associated with this LIC.

The no form of this command reverts to the default.

Parameters

tcp-port

Specifies the TCP source port of the LIC.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port tcp-port

no port

Context

[Tree] (config>li>x-interfaces>x1 port)

Full Context

configure li x-interfaces x1 port

Description

This command configures the TCP port for the X1 interface. The system listens to this port and uses it as the source TCP port.

The no form of this command reverts to the default.

Parameters

tcp-port

Specifies the TCP port.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port {port-id | lag lag-id} {[egress] [ingress]}

no port {port-id | lag lag-id} [egress] [ ingress]

Context

[Tree] (debug>mirror-source port)

Full Context

debug mirror-source port

Description

This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, SONET/SDH channel, TDM channel, or Link Aggregation Group (LAG)).

The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, Access or network, SONET/SDH, or TDM channel access. A network port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is given as the port-id, mirroring is enabled on all ports making up the LAG. If the port is a SONET/SDH interface, the channel-id must be specified to identify which channel is being mirrored (applies to the 7450 ESS and 7750 SR). Either a LAG port member or the LAG port can be mirrored.

The port is only referenced in the mirror source for mirroring purposes. The mirror source association does not need to be removed before deleting the card to which the port belongs. If the port is removed from the system, the mirroring association will be removed from the mirror source.

The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.

If a SAP is mirrored on an access port, the SAP mirroring will have precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations will also precedence over a port-mirroring destination.

If the port is not associated with a mirror-source, packets on that port will not be mirrored. Mirroring may still be defined for a SAP, label or filter entry, which will mirror based on a more specific criteria.

The encapsulation type on an access port or channel cannot be changed to Frame Relay if it is being mirrored (applies to the 7750 SR and 7450 ESS).

The no port command disables port mirroring for the specified port. Mirroring of packets on the port may continue due to more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition will be removed.

Parameters

port-id

Specifies the port ID of the 7750 SR or 7950 XRS.

The following syntax applies to the 7750 SR:

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

ccag-id

ccag-id.path-id cc-type:cc-id

ccag

keyword

id

1 to 8

path-id

a,b

cc-type

sap-net, net-sap

cc-id

0 to 4094

The following syntax applies to the 7950 XRS:

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

lag-id

Specifies the LAG identifier, expressed as a decimal integer.

Note:

On the 7950 XRS, the XMA ID takes the place of the MDA.

Values

1 to 800

egress

Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress

Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination prior to ingress packet modification.

Platforms

All

port

Syntax

port {lt | gt | eq} port-number

port port-list port-list-name

port range port-number port-number

no port

Context

[Tree] (config>filter>ipv6-exception>entry>match port)

[Tree] (config>filter>ip-filter>entry>match port)

[Tree] (config>filter>ipv6-filter>entry>match port)

Full Context

configure filter ipv6-exception entry match port

configure filter ip-filter entry match port

configure filter ipv6-filter entry match port

Description

This command configures a TCP/UDP/SCTP source or destination port match criterion in IPv4 and IPv6 CPM (SCTP not supported) and/or ACL filter policies. A packet matches this criterion if the packet TCP/UDP/SCTP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port-list.

Operational Note: This command is mutually exclusive with src-port and dst-port commands. Configuring "port eq 0", may match non-initial fragments where the source/destination port values are not present in a packet fragment if other match criteria are also met.

The no form of this command deletes the specified port match criterion.

Default

no port

Parameters

lt | gt | eq

Specifies the operator to use relative to port-number for specifying the port number match criteria.

lt

Specifies that all port numbers less than port-number match.

gt

Specifies that all port numbers greater than port-number match.

eq

Specifies that the port-number must be an exact match.

port-number

Specifies a source or destination port to be used as a match criterion. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. The following value shows a decimal integer only.

Values

0 to 65535

port-list port-list-name

Specifies an inclusive range of source or destination port values to be used as match criteria.

range port-number port-number

Specifies an inclusive range of source or destination port values to be used as match criteria.

Platforms

VSR

  • configure filter ipv6-exception entry match port

All

  • configure filter ip-filter entry match port
  • configure filter ipv6-filter entry match port

port

Syntax

[no] port port-number

[no] port range start end

Context

[Tree] (config>filter>match-list>port-list port)

Full Context

configure filter match-list port-list port

Description

This command adds a port or a range of ports to an existing port match list. The no form of this command deletes the specified port or range of ports form the list.

Parameters

port-number

Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

start end

Specifies an inclusive port range between two port numbers values. The start of the range and end of the range can be expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

0 to 65535

Platforms

All

port

Syntax

port port-id

no port

Context

[Tree] (config>router>origin-validation>rpki-session port)

Full Context

configure router origin-validation rpki-session port

Description

This command configures the destination port number to use when contacting the cache server. The default port number is 323. The port cannot be changed without first shutting down the session.

Default

no port

Parameters

port-id

Specifies a port ID.

Values

0 to 65535

Platforms

All

port

Syntax

port port-name

no port

Context

[Tree] (config>router>if port)

Full Context

configure router interface port

Description

This command creates an association with a logical IP interface and a physical port.

An interface can also be associated with the system (loopback address).

The command returns an error if the interface is already associated with another port or the system. In this case, the association must be deleted before the command is re-attempted. The port-id or port-id for Ethernet ports can be in one of the following forms:

Ethernet interfaces

If the card in the slot has MDAs/XMAs, port-id is in the slot_number/MDA or XMA _number/port_number format; for example, 1/1/3 specifies port 3 of the MDA/XMA installed in MDA/XMA slot 1 on the card installed in chassis slot 1.

SONET/SDH interfaces

When the port-id represents a POS interface, the port-id must include the channel-id. The POS interface must be configured as a network port.

The no form of this command deletes the association with the port. The no form of this command can only be performed when the interface is administratively down.

Default

no port

Parameters

port-name

The physical port identifier to associate with the IP interface.

Values

The following values apply to the 7750 SR and 7450 ESS:

Table 7. Port Names

port-name

port-id[:encap-val]

encap-val

0 for null

[0 to 4094] for dot1q

[0 to 4094].*

[1 to 4094].[0to 4094] for qinq

port-id

slot/mda/port[.channel]

aps-id

aps-<group-id>[.channel]

aps

keyword

group-id

1 to 128

ccag-id

ccag-<id>.<path-id>[cc-type]

ccag

keyword

id

1 to 8

path-id

a, b

cc-type

[.sap-net| .net-sap]

eth-tunnel-id

eth-tunnel-<id>

eth-tunnel

keyword

id

1 to 1024

lag-id

lag-<id>

lag

keyword

id

1 to 800

id

1 to 1024

eth-sat-id

esat-<id>/<slot>/[u]<port>

esat

keyword

id

1 to 20

u

keyword for up-link port

Values

The following values apply to the 7950 XRS:

Table 8. Port Names

port-name

<port-id>[:encap-val]

encap-val

0 for null

0 to 4094 for dot1q

0 to 4094.*

[1..4094].[0..4094] for qinq

port-id

slot/mda/port[.channel]

eth-tunnel-id

eth-tunnel-<id>

eth-tunnel

keyword

id

1 to 1024

lag-id

lag-<id>

lag

keyword

id

1 to 800

id

1 to 1024

eth-sat-id

esat-<id>/<slot>/[u]<port>

esat

keyword

id

1 to 20

u

keyword for up-link port

pxc-id

pxc-<id>.<sub-port>

pxc

keyword

id

1 to 64

sub-port

a to b

Platforms

All

port

Syntax

port port-id to port-id [create]

no port port-id

Context

[Tree] (config>system>port-topology port)

Full Context

configure system port-topology port

Description

This command is used for satellites. It identifies to the SR OS that there is an internal connection between two ports.

Permitted pairings of the two ports are:

First port

Second port

Router port

Satellite uplink port

Satellite uplink port

Router port

For satellites, this command configures the binding between a host port ID and the satellite uplink from the satellite chassis. The port topology can be configured with the host connected to a satellite uplink or the satellite uplink port connected to the specified host port. Both configurations are supported, as shown in the following examples:

*A:Dut-A# configure system port-topology port esat-1/1/u4 to 1/2/2 create 
*A:Dut-A# configure system port-topology no port esat-1/1/u4 
*A:Dut-A# configure system port-topology port 1/2/2 to esat-1/1/u4 create 
*A:Dut-A# configure system port-topology no port 1/2/2

The no form of the command removes the internal connection.

Default

no port port-id

Parameters

port-id

Specifies one port of an internal port connection. These ports can be router ports or Ethernet satellite uplink ports. Acceptable pairings are defined in the command description.

Values

(Router port)

slot/mda/port

slot

The slot number of the card in the chassis. The maximum slot number is platform dependent. Refer to the hardware installation guides for more information.

mda

[1 to 2]

port

[1 to 160] (depending on the MDA type)

(Ethernet satellite uplink port)

esat-id/slot/uport

esat

keyword

id

[1 to 20]

slot

[1]

u

keyword for up-link port

port

[1 to 4]

create

Specifies the keyword required to create the binding between the two ports.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port port-id

Context

[Tree] (config>system>satellite>port-template port)

Full Context

configure system satellite port-template port

Description

This command specifies the satellite port to be reconfigured.

The no form of this command deletes the specified port configuration.

Parameters

port-id

Specifies the satellite physical port ID. This must use the format slot/mda/port. Currently, all satellites have a single slot and a single MDA, so these values will always be 1. For example, port 10 would be specified as 1/1/10.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port port-id [create]

no port port-id

Context

[Tree] (config>system>ptp port)

Full Context

configure system ptp port

Description

This command configures PTP over Ethernet on the physical port. The PTP process shall transmit and receive PTP messages through the port using Ethernet encapsulation (as opposed to UDP/IPv4 encapsulation).

The frames are transmitted with no VLAN tags even if the port is configured for dot1q or qinq modes for encap-type. In addition, the received frames from the external PTP clock must also be untagged.

There are two reserved multicast addresses allocated for PTP messages (see Annex F IEEE Std 1588™-2008). Either address can be configured for the PTP messages sent through this port.

A PTP port may not be created if the PTP profile is set g8265dot1-2010.

If the port specified in the port-id supports 1588 port based timestamping, then a side effect of enabling PTP over Ethernet on the port shall be the enabling of Synchronous Ethernet on that port.

De-provisioning of the card or MDA containing the specified port is not permitted while the port is configured within PTP.

Changing the encapsulation or the port type of the Ethernet port is not permitted when PTP Ethernet Multicast operation is configured on the port.

To allocate an ethernet satellite client port as a PTP port, the ethernet satellite must first be enabled for the transparent clock function. For more information, see the config>system>satellite>eth-sat ptp-tc command.

The SyncE/1588 ports of the CPM and CCMs can be specified as a PTP port. These use the 'A/3’ and 'B/3’ designation and they both must be specified as two PTP ports if both are to be used. The active CPM sends and receives messages on both ports if they are specified and enabled.

Parameters

port-id

Specifies a specific physical port.

Values

slot/mda/port

create

Creates the PTP port. This keyword is required when first creating the PTP port, if the system is configured to require it (enabled in the environment create command). Once the PTP port is created, it is possible to navigate into the context without the create keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port value

no port

Context

[Tree] (config>log>syslog port)

Full Context

configure log syslog port

Description

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of this command removes the value from the configuration.

Parameters

value

Specifies the value that is the configured UDP port number used when sending syslog messages.

Values

1 to 65535

Platforms

All

port

Syntax

port port

no port

Context

[Tree] (config>system>netconf port)

Full Context

configure system netconf port

Description

This command specifies the port on which the SR OS NETCONF server listens for new connections. Only one port can be configured for NETCONF management.

The configured port applies to both non-VPRN and VPRN management. New NETCONF connections are able to use the configured port. The SR OS NETCONF server errors if a port, different from the configured port, is used to SSH to the SR OS NETCONF server. For NETCONF connections not using VPRN management, active NETCONF connections are not disconnected if the port used to establish the connections is changed. For NETCONF connections using VPRN management, active NETCONF connections are disconnected if the port used to establish the connections is changed.

The no form of this command resets the port on which the SR OS NETCONF server listens to the default port of 830.

Parameters

port

Specifies the port on which NETCONF listens for new connections.

Values

22, 830

Default

830

Platforms

All

port

Syntax

port tcp/udp port-number [mask]

port port-list port-list-name

port range tcp/udp port-number tcp/udp port-number

no port

Context

[Tree] (config>system>security>cpm-filter>ip-filter>entry>match port)

[Tree] (config>system>security>cpm-filter>ipv6-filter>entry>match port)

Full Context

configure system security cpm-filter ip-filter entry match port

configure system security cpm-filter ipv6-filter entry match port

Description

This command configures a TCP/UDP source or destination port match criterion in IPv4 and IPv6 CPM filter policies. A packet matches this criterion if packet’s TCP/UDP (as configured by protocol/next-header match) source OR destination port matches either the specified port value or a port in the specified port range or port list.

This command is mutually exclusive with src-port and dst-port commands.

The no form of this command deletes the specified port match criterion.

Default

no port

Parameters

tcp/udp port-number

Specifies the source or destination port to be used as a match criterion specified as a decimal integer.

Values

0 to 65535

mask

Specifies the 16 bit mask to be applied when matching the port.

Values

[0x0000 to 0xFFFF] | [0 to 65535] | [0b0000000000000000. to 0b1111111111111111]

range tcp/udp port-number

Specifies an inclusive range of source or destination port values to be used as match criteria. start of the range and end of the range are expressed as decimal integers.

Values

start, end, port-number: 1 to 65535

port-list port-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port port

no port

Context

[Tree] (config>system>security>radius port)

Full Context

configure system security radius port

Description

This command configures the TCP port number to contact the RADIUS server.

The no form of this command reverts to the default value.

Default

port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))

Parameters

port

Specifies the TCP port number to contact the RADIUS server.

Values

1 to 65535

Platforms

All

port

Syntax

[no] port port-number

[no] port range start end

Context

[Tree] (config>qos>match-list>port-list port)

Full Context

configure qos match-list port-list port

Description

This command adds a port or a range of ports to an existing port match list.

The no form of this command deletes the specified port or range of ports form the list.

Parameters

port-number

Specifies the port number to add to the list. The port number can be expressed as a decimal integer, as well as in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

range

Keyword specifying a range of port values.

start

Specifies the start of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

0 to 65534

end

Specifies the end of the port range, expressed as decimal integers, as well as in hexadecimal or binary format. The following value shows decimal integer only.

Values

1 to 65535

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port

Syntax

port port

no port

Context

[Tree] (config>system>grpc-tunnel>tunnel>handler port)

Full Context

configure system grpc-tunnel tunnel handler port

Description

This command assigns the TCP port number that the handler listens to internally.

The no form of this command disables the handler from listening to a TCP port.

Default

no port

Parameters

port

Specifies the TCP port number.

Values

1 to 65535

Platforms

All

port

Syntax

port port-number

Context

[Tree] (config>test-oam>twamp>twl>src-udp-pools port)

Full Context

configure test-oam twamp twamp-light source-udp-port-pools port

Description

This command configures the TWAMP Light reserved source UDP ports to be mapped to a specific TWAMP Light or STAMP application.

Parameters

port-number

Specifies the TWAMP Light reserved source UDP port number.

Values

64374 to 64383

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port-block-extensions

port-block-extensions

Syntax

port-block-extensions ports num-ports subscriber-limit number

port-block-extension no ports

Context

[Tree] (config>service>vprn>nat>outside>pool port-block-extensions)

[Tree] (config>router>nat>outside>pool port-block-extensions)

Full Context

configure service vprn nat outside pool port-block-extensions

configure router nat outside pool port-block-extensions

Description

This command configures a port block reserved for a dynamic NAT traffic flow for each subscriber with a port forwarding entry.

The no form of this command removes the values from the configuration.

Parameters

num-ports

Specifies the size of extended port-block for L2-aware subscribers

Values

10 to 5000

number

Specifies the limit of L2-aware NAT subscribers per an outside IP address

Values

2 to 2000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-block-extensions

Syntax

port-block-extensions

Context

[Tree] (config>service>nat>up-nat-policy port-block-extensions)

Full Context

configure service nat up-nat-policy port-block-extensions

Description

Commands in this context configure the attributes for dynamic allocation of NAT port blocks beyond the initial port blocks.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-bw-oversub-factor

port-bw-oversub-factor

Syntax

port-bw-oversub-factor oversubscription-factor

no port-bw-oversub-factor

Context

[Tree] (config>qos>hs-pool-policy>mid-tier>mid-pool port-bw-oversub-factor)

Full Context

configure qos hs-pool-policy mid-tier mid-pool port-bw-oversub-factor

Description

This command modifies the size of the mid-pool when calculating the port-class pool sizes based on port bandwidth ratios. The command does not actually change the size of the mid-pool, only the size reported to the port-class pool sizing function.

Port-class pools can be sized in one of two ways: dynamically (proportionate to the bandwidth of each port) or explicitly (based on a percentage of the parent mid-pool). Explicit percentages require careful determination of the amount to give each pool. The dynamic sizing function attempts to automatically size each pool based on the relative amount of bandwidth each port-class pool is supporting compared to other port’s port-class pools. This is accomplished by determining a dynamic weight for each port with port-class pools mapped to a given mid-pool. As true with any weighted behavior, the mid-pool buffer allocation resource is distributed in a non-oversubscribed manner to its child port-class pools. The port-bw-oversub-factor oversubscription-factor allows this distribution mechanism to become proportionally oversubscribed based on the defined factor. An oversubscription-factor of 1.5 causes the port-class pool dynamic sizes to be 1.5 times bigger, allowing for a potentially more efficient utilization of the buffers represented by mid-pool.

The port-bw-oversub-factor oversubscription-factor for a mid-pool can be modified at any time, causing the corresponding port-class pool dynamic sizes to be recalculated.

A similar behavior can be obtained by increasing the mid-pool’s allocation-percent of its parent root-pool. However, the major difference in using port-bw-oversub-factor is that it provides larger port-class pools without allowing the mid-pool to use a higher number of buffers in the root pool.

The no form of the command reverts to the default.

Default

port-bw-oversub-factor 1

Parameters

oversubscription-factor

Specifies the factor by which the dynamically-sized port-class pools associated with the mid-pool may oversubscribe the mid-pool. This parameter is required when the port-bw-oversub-factor command is executed.

Values

1 to 10

Platforms

7750 SR-7/12/12e

port-control

port-control

Syntax

port-control [auto | force-auth | force-unauth]

Context

[Tree] (config>port>ethernet>dot1x port-control)

Full Context

configure port ethernet dot1x port-control

Description

This command configures the 802.1x authentication mode.

The no form of this command returns the value to the default.

Default

port-control force-auth

Parameters

force-auth

Disables 802.1x authentication and causes the port to transition to the authorized state without requiring any authentication exchange. The port transmits and receives normal traffic without requiring 802.1x-based host authentication.

force-unauth

Causes the port to remain in the unauthorized state, ignoring all attempts by the hosts to authenticate. The switch cannot provide authentication services to the host through the interface.

auto

Enables 802.1x authentication. The port starts in the unauthorized state, allowing only EAPoL frames to be sent and received through the port. Both the router and the host can initiate an authentication procedure. The port will remain in unauthorized state (no traffic except EAPoL frames is allowed) until the first client is authenticated successfully. After this, traffic is allowed on the port for all connected hosts.

Platforms

All

port-down

port-down

Syntax

[no] port-down

Context

[Tree] (config>subscr-mgmt>ancp>ancp-policy port-down)

Full Context

configure subscriber-mgmt ancp ancp-policy port-down

Description

Commands in this context configure the actions taken on port-down.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

port-down

Syntax

[no] port-down port-id

Context

[Tree] (config>vrrp>policy>priority-event port-down)

Full Context

configure vrrp policy priority-event port-down

Description

This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel. When the port or channel enters the operational down state, the event is considered set. When the port or channel enters the operational up state, the event is considered cleared.

Multiple unique port-down event nodes can be configured within the priority-event context up to the overall limit of 32 events. Up to 32 events can be defined in any combination of types.

The port-down command can reference an arbitrary port or channel. The port or channel does not need to be preprovisioned or populated within the system. The operational state of the port-down event is set as follows:

  • Set – non-provisioned

  • Set – not populated

  • Set – down

  • Cleared – up

When the port or channel is provisioned, populated, or enters the operationally up or down state, the event operational state is updated appropriately.

When the event enters the operationally down, non-provisioned, or non-populated state, the event is considered to be set. When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from cleared to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

When the event enters the operationally up state, the event is considered to be cleared. Once the events hold-set expires, the effects of the events priority value are immediately removed from the in-use priority of all associated virtual router instances.

The actual effect on the virtual router instance in-use priority value depends on the defined event priority and its delta or explicit nature.

The no form of the command deletes the specific port or channel monitoring event. The event may be removed at anytime. When the event is removed, the in-use priority of all associated virtual router instances will be re-evaluated. The events hold-set timer has no effect on the removal procedure.

Default

no port-down — No port down priority control events are defined.

Parameters

port-id

The port ID of the port monitored by the VRRP priority control event.

The port-id can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy.

Values

The following values apply to the 7750 SR:

slot/mda/port[.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

aps-id

aps-group-id[.channel]

aps

keyword

group-id

1 to 64

ccag-id

ccag-id. path-id[cc-type]

ccag

keyword

id

1 to 8

path-id

a, b

cc-type

.sap-net, .net-sap

Values

The following values apply to the 7450 ESS:

port-id

slot/mda/port[.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

ccag-id

ccag-id. path-id[cc-type]

ccag

keyword

id

1 to 8

path-id

a, b

cc-type

.sap-net, .net-sap

The POS channel on the port monitored by the VRRP priority control event. The port-id. channel-id can only be monitored by a single event in this policy. The channel can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy.

If the port is provisioned, but the channel does not exist or the port has not been populated, the appropriate event operational state is Set – non-populated.

If the port is not provisioned, the event operational state is Set – non-provisioned.

If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port.

Platforms

All

port-format

port-format

Syntax

port-format formatting

no port-format

Context

[Tree] (config>service>vprn>wpp>portals>portal port-format)

[Tree] (config>router>wpp>portals>portal port-format)

Full Context

configure service vprn wpp portals portal port-format

configure router wpp portals portal port-format

Description

This command specifies the encoding format of WPP port attribute.

The standard format is as follows:

<0 to 20 character system-name><1 character separator><2-digit slot><1-digit mda><2-digit port><4-digit top><5-digit bottom>

As a general rule, if a value is not present or is too large to fit in the field, is the field set to all zeros. The following rules apply to standard formats.

  • With a standard port, when the separator is a "-” character, the slot is the slot-id, mda is the mda-id, and the port is the port-id.

  • With an ESAT port, when the separator is a ":” character, the slot is the satellite-id, MDA is satellite slot-id, and the port is satellite port-id.

  • With a PXC port, when separator is a "#” character, the MDA is the PXC subport-id, and the port is the PXC port-id.

  • With a LAG port, the port is the lag-id.

  • With a connector port, the slot is the slot-id, the MDA is the mda-id, and the port is the connector-id.

The vendor-specific format is as follows:

With dot1q, append "%u” with the top vlan-id.

With qinq, append "%u.%u” with the top vlan-id and the bottom vlan-id.

As a general rule, there can be no trailing zeros. The string truncates if it becomes too long. 0 to 16 characters are allowed for the system name. The following rules apply to vendor-specific formats.

  • With a standard port, append "%s-%u/%u/%” with the system-name, slot-id, mda-id, and port-id.

  • With an ESAT port, append "%s-S%u/%u/%u” with the system-name, satellite-id, satellite-slot-id, and satellite-port-id.

  • With a PXC port, append "%s-P%u%c” with the system-name, PXC port-id, and PXC subport-id ? 'a' : 'b'.

  • With a LAG port, append "%s-L%u” with the system-name and lag-id.

  • With a connector port append "%s-%u%uc%u/%u” with the system-name, slot-id, mda-id, connector-id, and connector-port-id.

The no form of this command reverts to the default.

Default

port-format standard

Parameters

formatting

Specifies the encoding format of the WPP port attribute.

Values

standard, vendor-specific

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

port-forwarding

port-forwarding

Syntax

port-forwarding

Context

[Tree] (config>service>nat port-forwarding)

Full Context

configure service nat port-forwarding

Description

Commands in this context configure NAT port forwarding parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-forwarding-dyn-block-reservation

port-forwarding-dyn-block-reservation

Syntax

[no] port-forwarding-dyn-block-reservation

Context

[Tree] (config>service>vprn>nat>outside>pool port-forwarding-dyn-block-reservation)

[Tree] (config>router>nat>outside>pool port-forwarding-dyn-block-reservation)

Full Context

configure service vprn nat outside pool port-forwarding-dyn-block-reservation

configure router nat outside pool port-forwarding-dyn-block-reservation

Description

This command will enable the reservation of the dynamic port blocks when the first port forward for the subscriber is created. The dynamic port bloc allocation is logged only if the block is being utilized (mapping are created). In other words, dynamic port block reservation due to the port forward creation but without any dynamic mapping, will not be logged.

The reserved port block will be released only when the last mapping in the block expires and there is not port forward associated with the subscriber. The de-allocation log (syslog or Radius) will be generated when the dynamic port block is completely released.

Dynamic port block reservation can be enabled only if the configured maximum number of subscriber per outside IP address is less or equal then the maximum number of configured port blocks per outside IP address.

Default

no port-forwarding-dyn-block-reservation

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-forwarding-range

port-forwarding-range

Syntax

port-forwarding-range [range-start] range-end

no port-forwarding-range

Context

[Tree] (config>service>vprn>nat>outside>pool port-forwarding-range)

[Tree] (config>router>nat>outside>pool port-forwarding-range)

Full Context

configure service vprn nat outside pool port-forwarding-range

configure router nat outside pool port-forwarding-range

Description

This command configures the lower and upper limit for port forwards in the ephemeral port space (wildcard port space) of all IP addresses in a NAT pool. A well-known port range (ports 1 to 1023) is always enabled for port forwards, and it cannot be disabled for pools in NAPT mode.

Pools in 1:1 mode do not support configured port forwards. These pools do not perform port translation and they automatically forward traffic initiated on the outside toward the inside.

Port 0 is always excluded from the port forwarding range.

The upper bound of the wildcard port range is reserved for port forwards. If the value for the range-start is not provided, the wildcard port range implicitly starts at 1024.

range-start 0 cannot be configured by an operator because it is reserved for 1:1 pools that do not support configured port forwards.

If you configure port-forwarding-range 3000, configures ports 1 to 3000 as port forwards. This implies that the well-known ports and wildcard ports are contiguous. If you configure port-forwarding-range 2000 3000, the router implicitly includes ports 1 to 1023, plus enables the wildcard port range 2000 to 3000, which is now disjoined from the well-known ports.

The range-start parameter has additional values that are configurable in the CLI. 0 is reserved for pools that do not support configured port forwards (those are 1:1 pools).

range-start 1 means that well-known ports and wildcard port forwards are contiguous. This is configured by omitting the range-start parameter and only configuring the range-end parameter.

The no form of this command disables the port forwards capability in the wildcard port range of all IP addresses in a NAT pool.

Default ranges in the range-start and range-end parameters in the MIB for the NAT pools that support port forwarding ranges are set to include only well-known ports, range-start 1 and range-end 1023.

Parameters

range-start

Specifies the lower boundary of the wildcard port range reserved for port forwards. When configured, the value must be less than the range-end value.

Values

0, 1, 1025 to 65535

Default

1

range-end

Specifies the upper boundary of the wildcard port range reserved for port forwards.

Values

0, 1023 to 65535

Default

1023

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-forwarding-range

Syntax

port-forwarding-range range-end

no port-forwarding-range

Context

[Tree] (config>service>nat>firewall-policy port-forwarding-range)

[Tree] (config>service>nat>nat-policy port-forwarding-range)

Full Context

configure service nat firewall-policy port-forwarding-range

configure service nat nat-policy port-forwarding-range

Description

This command configures the end of the port range available for port forwarding. The start of the range is always equal to one.

The number of ports that can be configured is half of the available block => 64512 : 2 = 32256

In combination with port-forwarding-range the formulas are:

"max port-reservation blocks" = 65535 - "port-forwarding-range"

"max port-reservation ports" = (65535 - "port-forwarding-range") / 2

with:

the default min value for "port-forwarding-range" = 1023

Also, the same applies for max port-forwarding-range if the port-reservation is already configured:

"max port-forwarding-range" = 65535 - "port-reservation blocks"

"max port-forwarding-range" = 65535 - ("port-reservation ports" * 2)

The no form of the command reverts to the default.

Default

port-forwarding-range 1023

Parameters

range-end

Specifies the end of the port range available for port forwarding.

Values

1023 to 65535

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy port-forwarding-range

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy port-forwarding-range

port-id

port-id

Syntax

[no] port-id

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option port-id)

Full Context

configure router interface dhcp option vendor-specific-option port-id

Description

This command enables sending of the port-id in the Nokia vendor specific suboption of the DHCP relay packet

The no form of this command disables the sending.

Default

no port-id

Platforms

All

port-id-subtype

port-id-subtype

Syntax

port-id-subtype {tx-if-alias | tx-if-name | tx-local}

Context

[Tree] (config>port>ethernet>lldp>dstmac port-id-subtype)

Full Context

configure port ethernet lldp dest-mac port-id-subtype

Description

This command specifies how to encode the PortID TLV transmit to the peer. The default setting tx-local (ifindex value) is required by some versions of the NSP NSM-P to properly build the Layer 2 topology map using LLDP. Changing this value to transmit the ifname ( tx-if-name) or ifAlias (tx-if-alias) in place of the ifindex (tx-local) may affect the ability of the NSP NFM-P to build the Layer 2 topology map using LLDP.

Default

port-id-subtype tx-local

Parameters

tx-if-alias

Transmits the ifAlias String (subtype 1) that describes the port as stored in the IF-MIB, either user configured or the default entry (i.e. 10/100/Gig Ethernet SFP).

tx-if-name

Transmits the ifName string (subtype 5) that describes the port as stored in the IF-MIB ifName info.

tx-local

The interface ifIndex value (subtype 7) as the PortID.

Platforms

All

port-limits

port-limits

Syntax

port-limits

Context

[Tree] (config>service>nat>nat-policy port-limits)

[Tree] (config>service>nat>up-nat-policy port-limits)

[Tree] (config>service>nat>firewall-policy port-limits)

Full Context

configure service nat nat-policy port-limits

configure service nat up-nat-policy port-limits

configure service nat firewall-policy port-limits

Description

This command configures the port limits of this policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat up-nat-policy port-limits
  • configure service nat nat-policy port-limits

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy port-limits

port-list

port-list

Syntax

port-list port-list-name [create]

no port-list port-list-name

Context

[Tree] (config>app-assure>group port-list)

Full Context

configure application-assurance group port-list

Description

This command defines an AA group or partition named port-list, which contains a list of port numbers or port ranges. The port list is then referenced in AA policy app-filters, allowing increased flexibility in the use of server ports or HTTP proxy ports for application definition.

The no form of this command removes the list.

Parameters

port-list-name

Specifies the name of the port list.

Default

default

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-list

Syntax

port-list port-list-name [create]

no port-list port-list-name

Context

[Tree] (config>filter>match-list port-list)

Full Context

configure filter match-list port-list

Description

This command creates a list of TCP/UDP/SCTP port values or ranges for match criteria in IPv4 and IPv6 ACL and CPM filter policies.

The no form of this command deletes the specified list.

Operational notes:

SCTP port match is supported in ACL filter policies only.

A port-list must contain only TCP/UDP/SCTP port values or ranges.

A TCP/UDP/SCTP port match list cannot be deleted if it is referenced by a filter policy.

See general description related to match-list usage in filter policies.

Parameters

port-list-name

Specifies a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

All

port-list

Syntax

port-list port-list-name [create]

no port-list port-list-name

Context

[Tree] (config>qos>match-list port-list)

Full Context

configure qos match-list port-list

Description

This command creates a list of port values or ranges for match criteria in QoS policies.

The no form of this command deletes the specified list.

Parameters

port-list-name

Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port-map

port-map

Syntax

port-map client-port-id primary primary-uplink-port-id [secondary secondary-uplink-port-id]

port-map client-port-id system-default

Context

[Tree] (config>system>satellite>eth-sat port-map)

Full Context

configure system satellite eth-sat port-map

Description

This command configures the mapping between a satellite client port and its associated uplink. This command allows both a primary and an optional secondary uplink to be configured.

If a secondary uplink is configured, it is used to forward traffic if the primary uplink is down for any reason.

Before an uplink can be used as either a primary or secondary uplink, it must be configured using the port-topology configuration command.

To return the uplink association to its default the port-map client-port-id system-default command should be used.

Parameters

client-port-id

Specifies the satellite client port associated with the port mapping, in the format esat- id/slot/port.

primary-uplink-port-id

Specifies the primary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.

secondary-uplink-port-id

Specifies the secondary satellite uplink to be associated with the associate client port, in the format esat-id/slot/uport where id is 1 to 20.

system-default

Specifies to set the port map to the system default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port-num

port-num

Syntax

port-num virtual-port-number

no port-num [virtual-port-number]

Context

[Tree] (config>service>vpls>spoke-sdp>stp port-num)

[Tree] (config>service>vpls>sap>stp port-num)

Full Context

configure service vpls spoke-sdp stp port-num

configure service vpls sap stp port-num

Description

This command configures the virtual port number which uniquely identifies a SAP within configuration bridge protocol data units (BPDUs). The internal representation of a SAP is unique to a system and has a reference space much bigger than the 12 bits definable in a configuration BPDU. STP takes the internal representation value of a SAP and identifies it with its own virtual port number that is unique to every other SAP defined on the TLS. The virtual port number is assigned at the time that the SAP is added to the TLS. Since the order that the SAP was added to the TLS is not preserved between reboots of the system, the virtual port number may change between restarts of the STP instance.

The virtual port number cannot be administratively modified.

Platforms

All

port-overall-rate

port-overall-rate

Syntax

port-overall-rate packet-rate-limit [low-action-priority]

no port-overall-rate

Context

[Tree] (config>sys>security>cpu-protection port-overall-rate)

Full Context

configure system security cpu-protection port-overall-rate

Description

This command configures a per-port overall rate limit for CPU protection.

Default

port-overall-rate max

Parameters

packet-rate-limit

Specifies an overall per-port packet arrival rate limit in packets per second.

Values

1 to 65535, max (indicates no limit)

action-low-priority

Marks packets that exceed the rate as low-priority (for preferential discard later if there is congestion in the control plane) instead of discarding them immediately.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

port-parent

port-parent

Syntax

parent [weight weight] [level level] [ cir-weight cir-weight] [cir-level cir-level]

no parent

Context

[Tree] (config>qos>sap-egress>dynamic-queue port-parent)

Full Context

configure qos sap-egress dynamic-queue port-parent

Description

This command configures the queue treatment by the port parent that governs the available bandwidth for the queue. When multiple queues share a child status with the parent port, the weight and level options define how this queue contends with the other children for the above-CIR parent bandwidth. The cir-weight and cir-level options specify the weight the queue uses for the within-CIR port priority.

Parameters

weight

Specifies the relative weight of this queue in comparison to other child queues while vying for above-CIR priority level bandwidth on the parent scheduler. Any queues defined as weighted receive no parental bandwidth, until all strict queues and schedulers on the parent have reached their maximum bandwidth or are idle. In this manner, weighted children are considered to be the lowest priority.

Values

1 to 100

Default 1
level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to feed to the parent, for above-CIR offered load bandwidth passes.

Values

1 to 8

Default 1
cir-weight

Specifies the weight the queue uses at the within-CIR port priority level. This applies to any charging statistics also. The weight is specified as an integer value from 0 to 100, with 100 being the highest weight. When the cir-weight option is set to 0 (the default), the queue does not receive bandwidth during the port scheduler's within-CIR passes and the cir-level option is ignored. If the cir-weight is 1 or greater, the cir-level option comes into play.

Values

0 to 100

Default 0
cir-level

Specifies the priority level of the queue (as compared to other competing schedulers and queues) used to fed to the port parent, for within-CIR offered load bandwidth passes.

Values

0 to 8

Default 0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

port-parent

Syntax

port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]

no port-parent

Context

[Tree] (config>qos>sap-egress>policer port-parent)

Full Context

configure qos sap-egress policer port-parent

Description

This command specifies whether this SAP egress policer feeds off a port-level scheduler. When configured, the policer is parented by a port-level scheduler. This requires that policers-hqos-manageable be configured in the SAP egress QoS policy. This command and the SAP egress policer scheduler-parent and the parent commands are mutually exclusive.

The port-parent command defines a child/parent association between an egress policer and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the policer. If the port-parent command is executed without any parameters, the default parameters are used.

In this context, the port-parent command and the scheduler-parent command (used to create a parent/child association between a queue and an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a scheduler-parent definition exists causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a scheduler-parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler association.

Changing the parent context on a SAP egress policy policer may cause a SAP or subscriber or a multiservice site context of the policer (policy associated with a SAP or subscriber profile or a multiservice site) to enter an orphaned state. If an instance of a policer is created on a port or channel that does not have a port scheduler enabled, and the SAP egress policy creating the policer has a port parent association, the policer will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer is on a port or channel that has a port scheduler configured and the SAP egress policy defines the policer as having a non-existent intermediate scheduler parent, the policer will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the policer. When removed, if a port scheduler is defined on the port on which the policer instance exists, the policer will be treated as orphaned to the port scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight that the policer will use at the above-CIR port priority level (defined by the level parameter).

All weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the weight parameter is set to a value of 0, the policer receives bandwidth only after other children with a non-zero weight at this level.

Values

0 to 100

Default

1

level level

Specifies the port priority that the policer uses to receive bandwidth for its above-CIR offered load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight that the policer uses at the within-CIR port priority level (defined by the cir-level parameter).

All cir-weight values from all weighted active policers, queues, and schedulers with a common port parent are added together. Then, each individual active weight is divided by the total to determine the percentage of remaining bandwidth provided to the policer, queue, or scheduler after the higher priority level children have been serviced. A weight is considered to be active when the applicable policer, queue, or scheduler has not reached its maximum rate and still has packets to transmit.

The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the policer receives bandwidth only after the other children with a non-zero weight at this level.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority that the policer will use to receive bandwidth for its within-CIR offered load. If the cir-level parameter is set to a value of 0 (the default value), the policer does not receive bandwidth during the port schedulers within-CIR pass and the cir-weight parameter is ignored. If the cir-level parameter is 1 or greater, the cir- weight parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, VSR

port-parent

Syntax

port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]

no port-parent

Context

[Tree] (config>qos>sap-egress>queue port-parent)

Full Context

configure qos sap-egress queue port-parent

Description

This command specifies whether this queue feeds off a port-level scheduler. When configured, this SAP egress queue is parented by a port-level scheduler. This object is mutually exclusive with SAP egress queue parent. Only one kind of parent is allowed.

The port-parent command defines a child/parent association between an egress queue and a port-based scheduler or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the queue or scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.

In this context, the port-parent command is mutually exclusive to the parent command (used to create a parent/child association between a queue and an intermediate scheduler). Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.

Changing the parent context on a SAP egress policy queue may cause a SAP or subscriber or multiservice site context of the queue (policy associated with a SAP or subscriber profile or multiservice site) to enter an orphaned state. If an instance of a queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the queue has a port-parent association, the queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the queue as having a non-existent intermediate scheduler parent, the queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port on which the queue or scheduler instance exists, the queue or scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

port-parent

Syntax

port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]

no port-parent

Context

[Tree] (config>qos>network-queue>queue port-parent)

Full Context

configure qos network-queue queue port-parent

Description

This command specifies whether this queue feeds off a port-level scheduler. For the network-queue policy context, only the port-parent command is supported. When a port scheduler exists on the port, network queues without a port-parent association will be treated as an orphan queue on the port scheduler and treated according to the current orphan behavior on the port scheduler. If the port-parent command is defined for a network queue on a port without a port scheduler defined, the network queue will operate as if a parent association does not exist. When a port scheduler policy is associated with the egress port, the port-parent command will come into effect.

When a network-queue policy is associated with an FP for ingress queue definition, the port-parent association of the queues is ignored.

The no form of this command removes a port scheduler parent association for the queue or scheduler. If a port scheduler is defined on the port then the queue or scheduler instance exists, the queue or scheduler will become orphaned.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

port-parent

Syntax

port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]

no port-parent

Context

[Tree] (config>qos>qgrps>egr>qgrp>queue port-parent)

Full Context

configure qos queue-group-templates egress queue-group queue port-parent

Description

This command defines the port scheduling parameters used to control the queue’s behavior when a virtual egress port scheduling is enabled where the egress queue group template is applied. The port-parent command follows the same behavior and provisioning characteristics as the parent command in the SAP egress QoS policy. The port-parent command and the parent command are mutually exclusive.

The no form of this command removes the values from the configuration.

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port schedulers within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter is used.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

port-parent

Syntax

port-parent [weight weight] [ level level] [cir-weight cir-weight] [cir-level cir-level]

no port-parent

Context

[Tree] (config>qos>scheduler-policy>tier>scheduler port-parent)

Full Context

configure qos scheduler-policy tier scheduler port-parent

Description

The port-parent command defines a child/parent association between an egress scheduler and a port-based scheduler, or between an intermediate service scheduler and a port-based scheduler. The port-parent command allows for a set of within-CIR and above-CIR parameters that define the port priority levels and weights for the scheduler. If the port-parent command is executed without any parameters, the default parameters are assumed.

In this context, the port-parent command and the parent command (used to create a parent/child association to an intermediate scheduler) are mutually exclusive. Executing a port-parent command when a parent definition is in place causes the current intermediate scheduler association to be removed and replaced by the defined port-parent association. Executing a parent command when a port-parent definition exists causes the port scheduler association to be removed and replaced by the defined intermediate scheduler name.

Changing the parent context on a SAP egress policy policer or queue may cause a SAP or subscriber context of the policer or queue (policy associated with a SAP or subscriber profile) to enter an orphaned state. If an instance of a policer or queue is created on a port or channel that does not have a port scheduler enabled and the sap-egress policy creating the policer queue has a port-parent association, the policer or queue will be allowed to run according to its own rate parameters and will not be controlled by a virtual scheduling context. If an instance of a policer or queue is on a port or channel that has a port scheduler configured and the sap-egress policy defines the policer or queue as having a non-existent intermediate scheduler parent, the policer or queue will be treated as an orphan and will be handled according to the current orphan behavior on the port scheduler.

The no form of this command removes a port scheduler parent association for the scheduler. If a port scheduler is defined on the port that the scheduler instance exists, the scheduler will become orphaned if an port scheduler is configured on the egress port of the queue or scheduler.

Default

no port-parent

Parameters

weight weight

Specifies the weight the queue or scheduler will use at the above-CIR port priority level (defined by the level parameter).

Values

0 to 100

Default

1

level level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its above-CIR offered-load.

Values

1 to 8 (8 is the highest priority)

Default

1

cir-weight cir-weight

Specifies the weight the queue or scheduler will use at the within-CIR port priority level (defined by the cir-level parameter). The weight is specified as an integer value from 0 to 100 with 100 being the highest weight. When the cir-weight parameter is set to a value of 0, the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 100

Default

0

cir-level cir-level

Specifies the port priority the queue or scheduler will use to receive bandwidth for its within-CIR offered-load. If the cir-weight parameter is set to a value of 0 (the default value), the queue or scheduler does not receive bandwidth during the port scheduler’s within-CIR pass and the cir-level parameter is ignored. If the cir-weight parameter is 1 or greater, the cir-level parameter comes into play.

Values

0 to 8 (8 is the highest priority)

Default

0

Platforms

All

port-policy

port-policy

Syntax

port-policy [port-policy]

no port-policy

Context

[Tree] (config>isa>wlan-gw-group port-policy)

Full Context

configure isa wlan-gw-group port-policy

Description

This command configures the port policy of this WLAN Gateway ISA group. If a port policy is associated with a WLAN Gateway ISA group, ports created for this group can take applicable configuration from that port policy. This port policy is applicable to those ports that take part in the per-tunnel QoS processing.

The no form of the command removes the port-policy name from the configuration.

Default

no port-policy

Parameters

port-policy

Specifies the port policy of this WLAN Gateway ISA group, up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-policy

Syntax

port-policy port-policy-name [create]

no port-policy port-policy-name

Context

[Tree] (config port-policy)

Full Context

configure port-policy

Description

This command either creates a new port-policy with create parameter or enters the configuration context of an existing port-policy.

The no form of this command removes the port policy name from the configuration.

Parameters

port-policy-name

Specifies the name of port-policy up to 32 characters.

create

Creates the port-policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-policy

Syntax

port-policy policy-name

no port-policy

Context

[Tree] (config>isa>lns-group port-policy)

Full Context

configure isa lns-group port-policy

Description

This command enables policies referenced in the config>port-policy context to be created under ports. These are the ports that link the carrier IOM to the ISA, and are hidden within the system (they cannot be created through the CLI). They are created automatically. Use the show port command to view information.

Currently only the port scheduler policy is supported. Each lns-esm port in the lns-group receives an independent port scheduler instance. The port schedulers are instantiated in the carrier IOM on the lns-esm ports that carry PPPoE traffic in the downstream direction towards the ISA before the PPPoE traffic is L2TP encapsulated.

The no form of the command removes the policy name from the configuration.

Default

no port-policy

Parameters

policy-name

Specifies the port policy of this LNS group, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-range-block

port-range-block

Syntax

[no] port-range-block

Context

[Tree] (config>aaa>isa-radius-plcy>acct-include-attributes port-range-block)

Full Context

configure aaa isa-radius-policy acct-include-attributes port-range-block

Description

This command enables the inclusion of the NAT port range block attributes.

The no form of the command excludes NAT port range block attributes.

Default

no port-range-block

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-recorder

port-recorder

Syntax

[no] port-recorder

Context

[Tree] (debug>app-assure>group port-recorder)

Full Context

debug application-assurance group port-recorder

Description

This commands allows to stop or start the http-host-recorder. To reset the recorded values execute shutdown followed by no shutdown.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-redirect-group

port-redirect-group

Syntax

port-redirect-group {queue queue-id | policer policer-id [queue queue-id]}

no port-redirect-group

Context

[Tree] (config>qos>network>egress>fc port-redirect-group)

Full Context

configure qos network egress fc port-redirect-group

Description

This command is used to redirect the FC of a packet of a pseudowire (PW) or network IP interface to an egress port queue group.

It defines the mapping of an FC to a queue ID or a policer ID and a queue ID and redirects the lookup of the queue or policer of the same ID in some egress port queue-group instance. However, the queue-group name and instance are explicitly provided only at the time the network QoS policy is applied to egress context of a spoke-sdp or a network IP interface.

The no version of this command removes the redirection of the FC.

Parameters

queue-id

This parameter must be specified when executing the port-redirect-group command. The specified queue-id must exist within the egress port queue group on each IP interface where the network QoS policy is applied.

Values

1 to 8

policer id

The specified policer-id must exist within the queue-group template applied to the ingress context of the forwarding plane.

Values

1 to 8

Platforms

All

port-reservation

port-reservation

Syntax

port-reservation blocks num-blocks

port-reservation ports num-ports

no port-reservation

Context

[Tree] (config>router>nat>outside>pool port-reservation)

[Tree] (config>service>vprn>nat>outside>pool port-reservation)

Full Context

configure router nat outside pool port-reservation

configure service vprn nat outside pool port-reservation

Description

This command configures the size of the port-block that will be assigned to a host that is served by this pool. The number of ports configured are available to UDP, TCP and ICMP (as identifiers).

Parameters

num-blocks

Specifies the number of port-blocks per IP address. Setting this parameter to one (1) for large scale NAT enables 1:1 NAT for IP addresses in this pool.

Values

1 to 64512

num-ports

Specifies the number of ports per block.

Values

1 to 32256

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-reservation

Syntax

port-reservation num-ports

no port-reservation

Context

[Tree] (config>service>vprn>nat>outside>pool>deterministic port-reservation)

[Tree] (config>router>nat>outside>pool>deterministic port-reservation)

Full Context

configure service vprn nat outside pool deterministic port-reservation

configure router nat outside pool deterministic port-reservation

Description

This command is applicable only to deterministic NAT. It configures the number of deterministic ports per subscriber (for example a subscriber is an inside IP address in LSN44 or IPv6 address or prefix in DS-Lite). Once this command is enabled, the pool will transition into deterministic mode of operation. This means that the subscribers can use dynamic port-blocks in the pool only as a mean to expand the range of originally assigned deterministic ports. A pool with such property is referred to as deterministic pool. However, deterministic NAT and non-deterministic NAT cannot use the same pool simultaneously.

All subscribers in deterministic pool are pre-mapped during the configuration phase to outside IP addresses and deterministic port-blocks. Because of this, the deterministic pool cannot be oversubscribed with subscribers (first-come, first-served).

Once the deterministic pool becomes operational (no shutdown) a log is created. The same applies if the pool is disabled (shutdown). As a result of this one-time logging, there will be no additional logging when a subscriber starts using ports from the pre-assigned deterministic port block. This drastically reduces the logging overhead. However, when a deterministic port block is expanded by a dynamic port block, a log will be created on any allocation/de-allocation of the dynamic port block. The logs are also created for static port forwards (including PCP).

The number of subscribers per outside IP address (subscriber-limit) multiplied by the number of deterministic ports per subscriber (port-reservation) will determine the port range of an outside IP address that will be dedicated to deterministic mappings. The number of subscribers per outside IP address in deterministic NAT must be power of 2 (2^n). Once the deterministic ports are allocated, the dynamic ports are carved out of the remaining port space of the same outside IP address according to the existing port-reservation command under the same hierarchy,

Parameters

num-ports

Specifies the number of ports in a deterministic port block that is allocated and dedicated to a single subscribers during the configuration phase.

Values

1 to 65536

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-reservation

Syntax

[no] port-reservation

Context

[Tree] (config>service>nat>pcp-server-policy>option port-reservation)

Full Context

configure service nat pcp-server-policy option port-reservation

Description

This command enables/disables support for the port-reservation option.

Default

no port-reservation

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-role

port-role

Syntax

[no] port-role

Context

[Tree] (debug>service>id>stp port-role)

Full Context

debug service id stp port-role

Description

This command enables STP debugging for changes in port roles.

Platforms

All

port-scheduler-policy

port-scheduler-policy

Syntax

port-scheduler-policy port-scheduler-policy-name

no port-scheduler-policy

Context

[Tree] (config>port>ethernet>access>egress>vport port-scheduler-policy)

Full Context

configure port ethernet access egress vport port-scheduler-policy

Description

This command specifies the destination and organization strings to be used for matching subscriber hosts with this Vport.

The parent Vport of a subscriber host queue, which has the port-parent option enabled, is determined by matching the destination string dest string associated with the subscriber and the organization string org string associated with the subscriber host with the strings defined under a Vport on the port associated with the subscriber.

If a given subscriber host policers or queue does not have the port-parent option enabled, it is foster-parented to the Vport used by this subscriber and which is based on matching the dest string and org string. If the subscriber could not be matched with a Vport on the egress port, the host policer or queue will not be bandwidth controlled and competes for bandwidth directly based on its own PIR and CIR parameters.

By default, a subscriber host policer or queue with the port-parent option enabled is scheduled within the context of the port’s port scheduler policy.

The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate or port-scheduler-policy involves removing the existing command and applying the new command. Applying a scheduler policy to a Vport is only applicable to Ethernet interfaces.

The no form of this command removes the port-scheduler-policy-name from the configuration.

The agg-rate rate, port-scheduler-policy and scheduler-policy commands are mutually exclusive. Changing between the use of a scheduler policy and the use of an agg-rate/port-scheduler-policy involves removing the existing command and applying the new command.

The no form of this command reverts to the default.

Parameters

port-scheduler-policy-name

Specifies an existing port-scheduler-policy configured in the config>qos context.

Platforms

All

port-scheduler-policy

Syntax

port-scheduler-policy port-scheduler-policy-name

no port-scheduler-policy

Context

[Tree] (config>isa>aa-grp>qos>egress>to-subscriber port-scheduler-policy)

[Tree] (config>isa>aa-grp>qos>egress>from-subscriber port-scheduler-policy)

Full Context

configure isa application-assurance-group qos egress to-subscriber port-scheduler-policy

configure isa application-assurance-group qos egress from-subscriber port-scheduler-policy

Description

This command assigns an existing port scheduler policy as applicable to the specific application assurance group traffic.

Default

no port-scheduler-policy

Parameters

port-scheduler-policy-name

Specifies the name of an existing port scheduler policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-scheduler-policy

Syntax

port-scheduler-policy port-scheduler-name [ create]

no port-scheduler-policy port-scheduler-name

Context

[Tree] (config>qos port-scheduler-policy)

Full Context

configure qos port-scheduler-policy

Description

When a port scheduler has been associated with an egress port, it is possible to override the following parameters:

  • The max-rate allowed for the scheduler

  • The maximum rate for each priority level (1 to 8)

  • The cir associated with each priority level (1 to 8)

The orphan priority level (level 0) has no configuration parameters and cannot be overridden.

The no form of this command removes a port scheduler policy from the system. If the port scheduler policy is associated with an egress port or channel, the command will fail.

Parameters

port-scheduler-name

Specifies an existing port scheduler name. Each port scheduler must be uniquely named within the system and can be up to 32 ASCII characters.

Platforms

All

port-scheduler-policy

Syntax

port-scheduler-policy src-name dst-name [overwrite]

Context

[Tree] (config>qos>copy port-scheduler-policy)

Full Context

configure qos copy port-scheduler-policy

Description

This command copies existing QoS policy entries for a QoS policy to another QoS policy.

The copy command is a configuration-level maintenance tool used to create new policies using existing policies. It also allows bulk modifications to an existing policy with the use of the overwrite keyword.

If overwrite is not specified, an error will occur if the destination policy exists.

Parameters

src-name dst-name

Indicates that the source policy and the destination policy are port scheduler policy IDs. Specify the source policy that the copy command will attempt to copy from and specify the destination policy name to which the command will copy a duplicate of the policy.

overwrite

Forces the destination policy name to be copied as specified. When forced, everything in the existing destination policy will be completely overwritten with the contents of the source policy.

Platforms

All

port-set

port-set

Syntax

[no] port-set

Context

[Tree] (config>service>nat>pcp-server-policy>option port-set)

Full Context

configure service nat pcp-server-policy option port-set

Description

This command enables PORT_SET option support. When this command is disabled, the PCP uses a plain MAP option to allocate a single port at a time. This is default behavior. Instead of asking for each individual port in multiple requests through the MAP option, this port-set option allows individual ports to ask the SR OS for a set of ports at once in a single request.

The no form of this command disables PORT_SET option support.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port-state

port-state

Syntax

[no] port-state

Context

[Tree] (debug>service>id>stp port-state)

Full Context

debug service id stp port-state

Description

This command enables STP debugging for port states.

The no form of the command disables debugging.

Platforms

All

port-template

port-template

Syntax

port-template template-name sat-type sat-type [create]

no port-template template-name

Context

[Tree] (config>system>satellite port-template)

Full Context

configure system satellite port-template

Description

This command creates a new port template context to define the port usage for a specific satellite type. A port template is specific to the specified satellite type. Port templates must be configured separately using different template names for each different satellite chassis type.

The no form of this command deletes the specified port template.

Parameters

template-name

Specifies the name for the associated port template. This value must be unique in the network.

sat-type

Specifies the type of satellite chassis associated with the port-template.

Values

es24-1gb-sfp, es24-1gb-tx, es24-sass-1gb-sfp, es48-1gb-sfp, es48-1gb-tx, es48-sass-1gb-sfp, es64-10gb-sfpp+4-100gb-cfp4, es24-sasmxp-1gb-sfp

create

Creates a new port template.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port-threshold

port-threshold

Syntax

port-threshold value [action { dynamic-cost | static-cost | down}] [ cost static-cost]

no port-threshold

Context

[Tree] (config>lag port-threshold)

Full Context

configure lag port-threshold

Description

This command configures the behavior for the Link Aggregation Group (LAG) if the number of operational links is equal to or below a threshold level.

Nokia recommends that operators use the weight-threshold or hash-weight-threshold command instead of the port-threshold command to control LAG operational status. For example, when 10GE and 100GE ports are mixed in a LAG, each 10GE port will have a weight of 1, while each 100GE port will have a weight of 10.

The weight-threshold or hash-weight-threshold command can also be used for LAGs with all ports of equal speed to allow a common operational model. For example, each port has a weight of 1 to mimic port-threshold and its related configuration.

The no form of this command reverts to the default values.

Default

port-threshold 0 action down

Parameters

value

Specifies the decimal integer threshold number of operational links for the LAG at or below which the configured action is invoked. If the number of operational links exceeds the port-threshold value, any action taken for being below the threshold value will cease.

Values

0 to 63

action

Specifies the action to take if the number of active links in the LAG is at or below the threshold value.

dynamic-cost

Specifies that dynamic costing is activated. As a result, the LAG remains operationally up with a cost relative to the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.

static-cost

Specifies that static costing is activated. As a result, the LAG remains operationally up with the configured cost, regardless of the number of operational links. The link is only regarded as operationally down when all links in the LAG are down.

down

Specifies that LAG is brought operationally down if the number of operational links is equal to or less than the configured threshold value. The LAG is only regarded as up once the number of operational links exceeds the configured threshold value.

static-cost

Specifies decimal integer static cost of the LAG.

Values

1 to 16777215

Platforms

All

port-topology

port-topology

Syntax

port-topology

Context

[Tree] (config>system port-topology)

Full Context

configure system port-topology

Description

This parameter creates or edits the context to configure intra-node port connections.

Default

disabled

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

port-type

port-type

Syntax

port-type lag-port-type

no port-type

Context

[Tree] (config>lag port-type)

Full Context

configure lag port-type

Description

This command configures the port type for the link aggregation group.

The no form of this command reverts to the default.

Default

port-type standard

Parameters

lag-port-type

Specifies the type of ports allowed in this LAG.

Values

standard — Allows all non-HS type ports to be added to this LAG

hs — Limits the LAG members to be HSQ IOMs (iom4-e-hs) ports

Platforms

7750 SR-7/12/12e

port-xc

port-xc

Syntax

port-xc

Context

[Tree] (config port-xc)

Full Context

configure port-xc

Description

Commands in this context configure port-cross connect functionality.

Platforms

All

port1

port1

Syntax

port1 {eq | neq} port-num

no port1

Context

[Tree] (debug>app-assure>group>traffic-capture>match port1)

Full Context

debug application-assurance group traffic-capture match port1

Description

This command configures debugging on port 1.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

port2

port2

Syntax

port2 {eq | neq} port-num

no port2

Context

[Tree] (debug>app-assure>group>traffic-capture>match port2)

Full Context

debug application-assurance group traffic-capture match port2

Description

This command configures debugging on port 2.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

portal

portal

Syntax

portal router router-instance name wpp-portal-name

no portal

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp portal)

[Tree] (config>service>vprn>sub-if>grp-if>wpp portal)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal)

Full Context

configure service ies subscriber-interface group-interface wpp portal

configure service vprn subscriber-interface group-interface wpp portal

configure subscriber-mgmt local-user-db ipoe host wpp portal

Description

This command specifies the web portal server that system talks to for the hosts on the group-interface. This command is mutually exclusive with the portal-group command.

The no form of this command removes the router instance or portal name from the configuration.

Parameters

router-instance

Specifies the virtual router instance.

Values

router-name:

Base, management

service-id:

1 to 2147483647

service-name:

Specifies the service name up to 64 characters

Default

Base

wpp-portal-name

Specifies the name of the web portal server up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal

Syntax

[no] portal router router-instance name wpp-portal-name

Context

[Tree] (config>aaa>wpp>portal-groups>portal-group portal)

Full Context

configure aaa wpp portal-groups portal-group portal

Description

This command configures the portal for this portal group.

Parameters

router-instance

Specifies the virtual router instance.

Values

router-name:

Base, management

service-id:

1 to 2147483647

service-name:

Specifies the service name up to 64 characters

Default

Base

wpp-portal-name

Specifies the name of the web portal server up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal

Syntax

[no] portal wpp-portal-name

Context

[Tree] (debug>router>wpp portal)

Full Context

debug router wpp portal

Description

This command enables WPP debugging for the specified WPP portal.

Parameters

wpp-portal-name

Specifies the WPP portal name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal

Syntax

[no] portal

Context

[Tree] (config>subscr-mgmt>wlan-gw>ue-query>state portal)

Full Context

configure subscriber-mgmt wlan-gw ue-query state portal

Description

This command enables matching on UEs in a portal state.

The no form of this command disables matching on UEs in a portal state, unless all state matching is disabled.

Default

no portal

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

portal-group

portal-group

Syntax

portal-group portal-group-name

no portal-group

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>wpp portal-group)

Full Context

configure subscriber-mgmt local-user-db ipoe host wpp portal-group

Description

This command configures the WPP portal group name. This command is mutually exclusive with the portal command.

Parameters

portal-group-name

Specifies the WPP portal group name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal-group

Syntax

portal-group portal-group-name [create]

no portal-group portal-group-name

Context

[Tree] (config>aaa>wpp>portal-groups portal-group)

Full Context

configure aaa wpp portal-groups portal-group

Description

This command creates a new portal group or enters the configuration context of an existing port group.

Parameters

portal-group-name

Specifies the portal group name up to 32 characters.

create

Keyword required to create the configuration context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal-group

Syntax

portal-group portal-group-name

no portal-group

Context

[Tree] (config>service>ies>sub-if>grp-if>wpp portal-group)

[Tree] (config>service>vprn>sub-if>grp-if>wpp portal-group)

Full Context

configure service ies subscriber-interface group-interface wpp portal-group

configure service vprn subscriber-interface group-interface wpp portal-group

Description

This command specifies the WPP portal group for the subscriber interface. This command is mutually exclusive with the portal command.

The no form of this command removes the name from the service configuration.

Parameters

portal-group-name

Specifies the portal group name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal-groups

portal-groups

Syntax

portal-groups

Context

[Tree] (config>aaa>wpp portal-groups)

Full Context

configure aaa wpp portal-groups

Description

Commands in this context configure portal group parameters for WPP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

portal-hold-time

portal-hold-time

Syntax

portal-hold-time seconds

no portal-hold-time

Context

[Tree] (config>subscr-mgmt>http-rdr-plcy portal-hold-time)

Full Context

configure subscriber-mgmt http-redirect-policy portal-hold-time

Description

This command configures the time for which the forwarding state applicable during redirect phase is held in the system, after the user has been authenticated on the portal. This allows the HTTP response from the portal to be forwarded back on the existing connection.

Parameters

seconds

Specifies how long the system holds on to re-direct forwarding resources of a subscriber, after it has left the re-direct portal.

Values

1 to 60

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

portals

portals

Syntax

portals

Context

[Tree] (config>service>vprn>wpp portals)

[Tree] (config>router>wpp portals)

Full Context

configure service vprn wpp portals

configure router wpp portals

Description

Commands in this context configure WPP portal server parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ports

ports

Syntax

ports

Context

[Tree] (config>qos>fp-resource-policy ports)

Full Context

configure qos fp-resource-policy ports

Description

This command enters the ports context.

Platforms

7750 SR-1, 7750 SR-s

ports

Syntax

ports num-ports

no ports

Context

[Tree] (config>service>nat>up-nat-policy>port-block-extensions ports)

Full Context

configure service nat up-nat-policy port-block-extensions ports

Description

This command configures the number of ports in extended port blocks for the NAT subscriber.

Parameters

num-ports

Specifies the number of ports per extended port block.

Values

10 to 5000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

positive-app-id

positive-app-id

Syntax

positive-app-id

Context

[Tree] (config>app-assure>group>ip-id-asst positive-app-id)

Full Context

configure application-assurance group ip-identification-assist positive-app-id

Description

Commands in this context implement the positive application identification mechanism, which monitors the correlations between IP addresses and applications identified with a high degree of confidence independently of any IP identification assist mechanism.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

post-policer-mapping

post-policer-mapping

Syntax

post-policer-mapping mapping-policy-name [ create]

no post-policer-mapping mapping-policy-name

Context

[Tree] (config>qos post-policer-mapping)

Full Context

configure qos post-policer-mapping

Description

This command configures a post-policer mapping policy which is used to remap a packet's forwarding class and profile state to another forwarding class and profile state for post-policer traffic.

A post-policer mapping policy is created without any forwarding class or profile remapping statements. If an empty policy is applied to a SAP-egress QoS policy, no remapping occurs.

The no form of this command deletes the post-policer mapping policy. A post-policer mapping policy can only be deleted if there are no references to it.

Parameters

mapping-policy-name

Specifies the name of the post-policer mapping policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

post-policer-mapping

Syntax

post-policer-mapping src-name dst-name [ overwrite]

Context

[Tree] (config>qos>copy post-policer-mapping)

Full Context

configure qos copy post-policer-mapping

Description

This command copies an existing post-policer mapping policy to another policy name.

The copy command is used to create new policies using existing policies and also allows bulk modifications to an existing policy with the use of the overwrite keyword.

Parameters

src-name

Specifies the source policy name that the copy command attempts to copy from.

dst-name

Specifies the destination policy name to which the command copies a duplicate of the policy.

overwrite

Specifies that the existing destination policy is to be replaced. Everything in the existing destination policy is overwritten with the contents of the source policy. If overwrite is not specified, an error occurs if the destination policy name exists.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

post-policer-mapping

Syntax

post-policer-mapping mapping-policy-name

no post-policer-mapping

Context

[Tree] (config>qos>sap-egress post-policer-mapping)

Full Context

configure qos sap-egress post-policer-mapping

Description

This command applies a post-policer mapping policy in a SAP egress QoS policy. The policy contains forwarding class and profile remapping statements, which remap the forwarding class and profile state of an egress policed packet (the profile being the resulting profile after the packet has been processed by the egress policer) to another forwarding class and profile.

The remapping applies to all policers within the SAP egress QoS policy, including regular child policers and policers configured in an IP/IPv6 criteria action statement, except for dynamic policers.

Post-policer mapping is supported on FP3- and higher-based hardware, with the exception of the 7750 SR-a4/a8, which does not support egress policers resulting in the policy being ignored.

The no form of this command deletes the post-policer mapping policy from the SAP egress QoS policy.

Parameters

mapping-policy-name

Specifies the name of the post-policer mapping policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

power

power

Syntax

power power-state

Context

[Tree] (config>system>bluetooth power)

Full Context

configure system bluetooth power

Description

This command sets the operating mode of the Bluetooth module. This can be powered off or powered on but requires the pairing button to initiate the pairing operation, or powered on and continuously pairing.

The pairing-button setting also impacts how pairing operations work.

Default

power off

Parameters

power-state

Specifies the power state.

Values

off — Bluetooth radio disabled.

enabled-manual — Bluetooth is enabled (pairing requires the use of the pairing button).

enabled-automatic — Bluetooth is enabled and continuously attempts to pair whenever it is not actively paired to a device.

Platforms

7750 SR-1, 7750 SR-s, 7950 XRS-20e

power-priority-level

power-priority-level

Syntax

power-priority-level priority

no power-priority-level

Context

[Tree] (config>card>mda power-priority-level)

[Tree] (config>card>xiom>mda power-priority-level)

Full Context

configure card mda power-priority-level

configure card xiom mda power-priority-level

Description

This command sets the power priority value for an XMA or MDA-s on platforms that support intelligent power management.

Default

power-priority-level 150

Parameters

priority

Specifies the power priority level. An operator must assign a priority value to each XMA or MDA-s using a range of number from 1 to 200. The lowest number has the highest priority. The priority number range from 1 to 100 should be used for modules considered essential for system operation. Lower priority values of 101 to 200 should be used for non-essential modules.

Values

1 to 200

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

  • configure card mda power-priority-level

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s

  • configure card xiom mda power-priority-level

power-safety-alert

power-safety-alert

Syntax

power-safety-alert wattage

Context

[Tree] (config>system>pwr-mgmt power-safety-alert)

Full Context

configure system power-management power-safety-alert

Description

This command sets a value in watts for the Power Safety Alert. The Power Safety Alert minor alarm is generated when the system power capacity drops below the Power Safety Level (in watts) plus the Power Safety Alert. This is a critical level, which when breached the system starts shutting down IO cards based on card priority.

Parameters

wattage

Specifies the number of watts for the power safety alert level.

Values

0 to 102600

Default

0

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

power-safety-level

power-safety-level

Syntax

power-safety-level percent

Context

[Tree] (config>system>pwr-mgmt power-safety-level)

Full Context

configure system power-management power-safety-level

Description

This command sets the Power Safety Level, which is a percentage of the calculated worst case power draw value. Once a Power Safety Level is configured by the operator, both the Basic and Advanced modes use the Power Safety Level as a reference for calculating the power redundancy using N+1 algorithm during startup and recovery from power depression.

Default

power-safety-level 100

Parameters

percent

Specifies the Power Safety Level as a percentage of the calculated worst case power draw value.

Values

0 to 100

Platforms

7750 SR-1s, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

power-save

power-save

Syntax

[no] power-save

Context

[Tree] (config>card power-save)

Full Context

configure card power-save

Description

This command enables power-save mode on a specific card when it is not in use. Power-save mode allows a card to be installed and configured in a platform for future use, while having minimal impact on the overall power consumption. The card placed in power-save mode is forced into an idle state to consume minimal power. This command resets the card and then disallows the download of a software image when the card comes back up. To enable power-save mode, the desired card must first be shut down, then placed into power-save mode. In this mode, the card is not counted in the intelligent power management budget. Cards set to power-save mode do not pass traffic.

The no form of this command removes the card from power-save mode.

Default

no power-save

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a8, 7750 SR-2e, 7750 SR-3e, 7750 SR-2s, 7750 SR-2se, 7750 SR-7s, 7750 SR-14s, 7950 XRS

power-supply

power-supply

Syntax

power-supply power-supply-id type

Context

[Tree] (config>system power-supply)

Full Context

configure system power-supply

Description

This command configures information about the type of power supply used for each power feed connection on the router chassis. The information is used to populate queries made using the show>chassis detail and show>chassis power-supply commands.

Parameters

power-supply-id

Specifies the power feed connection.

Values

1, 2

type

Specifies the type of power source that is connected to the power feed connection.

Values

dc — Specifies that a single DC power source is connected to the power feed connector.

ac single — Specifies that a single AC power source is connected to the power feed connector.

ac multiple — Specifies that multiple AC power sources are connected to the power feed connector.

default — Reverts the configured information to the default power source type for the chassis.

none — Specifies that no power source is connected to the power feed connector.

Platforms

7450 ESS, 7750 SR-7/12

ppid

ppid

Syntax

ppid

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid

Description

This command configures a TCA for the counter capturing PPID hits for the specified SCTP filter.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ppid

Syntax

ppid

Context

[Tree] (config>app-assure>group>sctp-filter ppid)

Full Context

configure application-assurance group sctp-filter ppid

Description

Commands in this context configure actions for specific or default Payload Protocol Identifiers (PPIDs).

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ppid-range

ppid-range

Syntax

ppid-range direction direction [create]

no ppid-range direction direction

Context

[Tree] (config>app-assure>group>statistics>tca>sctp-filter ppid-range)

Full Context

configure application-assurance group statistics threshold-crossing-alert sctp-filter ppid-range

Description

This command configures a TCA for the counter capturing hits for the specified SCTP filter PPID range command. An PPIPD range TCA can be created for traffic generated from the subscriber side of AA ( from-sub) or for traffic generated from the network toward the AA subscriber (to-sub). The create keyword is mandatory when creating a TCA.

Parameters

direction

Specifies the traffic direction.

Values

from-sub, to-sub

create

Keyword used to create the TCA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ppid-range

Syntax

ppid-range min min-ppid max max-ppid

no ppid-range

Context

[Tree] (config>app-assure>group>sctp-filter ppid-range)

Full Context

configure application-assurance group sctp-filter ppid-range

Description

This command specifies the range of PPID values that are allowed by AA SCTP filter firewall.

The no form of this command removes this PPID range.

Default

no ppid-range

Parameters

min-ppid

Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be less than or equal to the max max-ppid value.

Values

0 to 4294967295

max-ppid

Specifies the minimum SCTP Payload Protocol Identifier (PPID) to be permitted by the SCTP filter. The value must be greater or equal to the min min-ppid value.

Values

0 to 4294967295

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

ppp

ppp

Syntax

ppp

Context

[Tree] (config>subscr-mgmt>loc-user-db ppp)

Full Context

configure subscriber-mgmt local-user-db ppp

Description

Commands in this context configure PPP host parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

ppp

Context

[Tree] (config>service>vprn>l2tp>group>tunnel ppp)

[Tree] (config>service>vprn>l2tp>group ppp)

[Tree] (config>router>l2tp>group ppp)

[Tree] (config>router>l2tp>group>tunnel ppp)

Full Context

configure service vprn l2tp group tunnel ppp

configure service vprn l2tp group ppp

configure router l2tp group ppp

configure router l2tp group tunnel ppp

Description

This command configures PPP for the L2TP tunnel group.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

[no] ppp [lcp] [pap] [ chap] [ipcp] [ ipv6cp] [other]

Context

[Tree] (debug>router>l2tp>packet ppp)

[Tree] (debug>router>l2tp>assignment-id>packet ppp)

[Tree] (debug>router>l2tp>peer>packet ppp)

[Tree] (debug>router>l2tp>group>packet ppp)

Full Context

debug router l2tp packet ppp

debug router l2tp assignment-id packet ppp

debug router l2tp peer packet ppp

debug router l2tp group packet ppp

Description

This command selects protocol for PPP packet debugging.

The no form of this command disables the protocols selection for PPP packet debugging.

Parameters

lcp

Specifies the LCP protocol.

pap

Specifies the PAP protocol.

chap

Specifies the CHAP protocol.

ipcp

Specifies the IPCP protocol.

ipv6cp

Specifies the IPv6CP protocol.

other

Specifies any other protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

[no] ppp

Context

[Tree] (debug>service>id ppp)

Full Context

debug service id ppp

Description

This command enables and configures PPP debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

ppp [terminate-only]

no ppp

Context

[Tree] (debug>service>id>ppp>event ppp)

Full Context

debug service id ppp event ppp

Description

This command enables debugging for PPP events.

Parameters

terminate-only

Enables debugging for terminate-only PPP events.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

ppp [lcp] [pap] [chap] [ ipcp]

no ppp

Context

[Tree] (debug>service>id>ppp>packet ppp)

Full Context

debug service id ppp packet ppp

Description

This command enables debugging for specific PPP packets

Parameters

lcp

Enables debugging for LCP packets.

pap

Enables debugging for PAP packets.

chap

Enables debugging for CHAP packets.

ipcp

Enables debugging for IPCP packets.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

ppp

Context

[Tree] (debug>call-trace ppp)

Full Context

debug call-trace ppp

Description

Commands in this context set up call trace debugging for Point-to-Point Protocol sessions.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp

Syntax

ppp [lcp] [pap] [ chap] [ipcp] [ipv6cp] [ipv6]

Context

[Tree] (debug>subscr-mgmt>vrgw>brg>pppoe-client>brg-id ppp)

Full Context

debug subscriber-mgmt vrgw brg pppoe-client brg-id ppp

Description

This command specifies which messages in PPP setup are tracked by debugging. If no messages are specified, they are all tracked. LCP Echo Request and Echo Response are never shown during debugging.

Parameters

lcp

Tracks lcp messages during debugging.

pap

Tracks pap messages during debugging.

chap

Tracks chap messages during debugging.

ipcp

Tracks ipcp messages during debugging.

ipv6cp

Tracks ipv6cp messages during debugging.

ipv6

Tracks ipv6 messages during debugging.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-authentication

ppp-authentication

Syntax

ppp-authentication {pap | chap | pref-chap | pref-pap}

no ppp-authentication

Context

[Tree] (config>subscr-mgmt>ppp-policy ppp-authentication)

Full Context

configure subscriber-mgmt ppp-policy ppp-authentication

Description

This command configures the PPP protocol used to authenticate the PPP session.

Default

ppp-authentication pref-chap

Parameters

pap

Specifies to always use PAP to authenticate the sessions.

chap

Specifies to always use CHAP to authenticate the sessions.

pref-chap

Specifies to attempt to use CHAP and if it fails, use PAP.

pref-pap

Specifies to attempt to use PAP and if it fails, use CHAP.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-chap-challenge-length

ppp-chap-challenge-length

Syntax

ppp-chap-challenge-length min minimum-length max maximum-length

no ppp-chap-challenge-length

Context

[Tree] (config>subscr-mgmt>ppp-policy ppp-chap-challenge-length)

Full Context

configure subscriber-mgmt ppp-policy ppp-chap-challenge-length

Description

This command configures the minimum and maximum length of a PPP Chap Challenge.

When the Chap Challenge is exactly 16 bytes, it is send in the [60] CHAP-Challenge RADIUS attribute and copied in the RADIUS Authenticator field from the RADIUS Access Request.

Default

ppp-chap-challenge-length min 32 max 64

Parameters

min minimum-length

Specifies the minimum PPP CHAP challenge length.

Values

8 to 64

max maximum-length

Specifies the maximum PPP CHAP challenge length.

Values

8 to 64

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-initial-delay

ppp-initial-delay

Syntax

[no] ppp-initial-delay

Context

[Tree] (config>subscr-mgmt>ppp-policy ppp-initial-delay)

Full Context

configure subscriber-mgmt ppp-policy ppp-initial-delay

Description

This command delays the sending of an LCP-configure request after the discovery phase by 40 – 60 milliseconds.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-mtu

ppp-mtu

Syntax

ppp-mtu mtu-bytes

no ppp-mtu

Context

[Tree] (config>subscr-mgmt>ppp-policy ppp-mtu)

Full Context

configure subscriber-mgmt ppp-policy ppp-mtu

Description

This command configures the maximum PPP MTU size.

Parameters

mtu-bytes

Specifies the maximum PPP MTU size.

Values

512 to 9212

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-options

ppp-options

Syntax

ppp-options

Context

[Tree] (config>subscr-mgmt>ppp-policy ppp-options)

Full Context

configure subscriber-mgmt ppp-policy ppp-options

Description

Commands in this context configure PPP options.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-policy

ppp-policy

Syntax

ppp-policy ppp-policy-name [create]

no ppp-policy ppp-policy-name

Context

[Tree] (config>subscr-mgmt ppp-policy)

Full Context

configure subscriber-mgmt ppp-policy

Description

This command configures a PPP policy. These policies are referenced from interfaces configured for PPP. Multiple PPP policies may be configured.

The default policy cannot be modified or deleted.

Default

ppp-policy default

Parameters

ppp-policy-name

Specifies the PPP policy name, up to 32 characters.

create

Keyword used to create the entity. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-policy-parameters

ppp-policy-parameters

Syntax

ppp-policy-parameters

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host ppp-policy-parameters)

Full Context

configure subscriber-mgmt local-user-db ppp host ppp-policy-parameters

Description

This command enables the context to configure PPP policy parameters to override the values from the host associated with the PPP policy.

The PPP host uses the values configured in the PPP policy under the group interface. It is possible to use this command to override the values from the host associated with the PPP policy. Matching a pattern on the subscriber MAC address to limit the number of sessions per MAC address is possible.

When a value is configured, the system overrides that particular PPP policy parameter. The absence of specific parameters means no overriding is performed.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-sub-id-key

ppp-sub-id-key

Syntax

ppp-sub-id-key sub-id-key [sub-id-key]

no ppp-sub-id-key

Context

[Tree] (config>subscr-mgmt>auto-sub-id-key ppp-sub-id-key)

Full Context

configure subscriber-mgmt auto-sub-id-key ppp-sub-id-key

Description

This command enables certain fields to become the base for auto-generation of default sub-id name. The sub-id name is auto-generated if there is not a more specific method available. Examples of these specific methods would be a default sub-id name as a sap-id, a preconfigured static string or explicit mappings based on RADIUS/LUDB returned strings.

In case that a more specific sub-id name generation method is not available and the auto-id keyword is defined under the def-sub-id hierarchy, the sub-id name is generated by concatenating fields defined in this command separated by a "|” character.

The maximum length of the auto-generated sub-id name is 64 characters while the concatenation of subscriber identification fields can exceed 64 characters. Subscriber host instantiation fails if the sub-id name is based on subscriber identification fields whose concatenated length exceeds 64 characters. Failing the host creation rather than truncating the sub-id name on a 64 character boundary prevents collision of sub-ids (subscriber name duplication).

In case that a more specific sub-id name generation method is not available and the auto-id keyword is not defined under the def-sub-id hierarchy, the sub-id name is a random 10 character encoded string based on the fields defined under this command.

There is only one set of identification fields allowed per host type (IPoE or PPP) per chassis.

The no form of this command reverts to the default.

Default

ppp-sub-id-key mac sap-id session-id

Parameters

sub-id-key

Specifies the auto-generated sub-id keys for PPP hosts.

Values

mac — Specifies that the MAC address can be combined with other subscriber host identification fields (circuit-id, remote-id, session-id or sap-id) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the mac address is used as a concatenation field in the sub-id name, then its format becomes a string xx:xx:xx:xx:xx:xx with the length 17B.

The MAC address as the subscriber host identification field is not applicable to static hosts.

circuit-id — Specifies that the circuit-id can be combined with other subscriber host identification fields (mac, remote-id, session-id or sap-id) to form a sub-id name in a user readable format or as a random 10 character encoded value.

If the circuit-id is used as a concatenation field in the sub-id name, then its format becomes access-node-id eth slot/port:[vlan-id] or access-node-id atm slot/port:vpi.vci with a variable length.

Note:

If circuit-id contains any non-printable ASCII characters, the entire circuit-id string is formatted in hex in the sub-id name output. Otherwise all characters in circuit-id is converted to ASCII. ASCII printable characters contain bytes in range 0x20 to 0x7E.

If the circuit-id is used as the subscriber identification field is not applicable to ARP hosts or static hosts.

remote-id — Specifies that the remote-id can be combined with other subscriber host identification fields (mac, circuit-id, session-id or sap-id) to form a sub-id name in a user readable format or as a random 10 character encoded value.

If the remote-id is used as a concatenation field in the sub-id name, then its format becomes a remote-id string with a variable length.

Note:

If the remote ID contains any non-printable ASCII characters, the entire remote-id string is formatted in hex in the sub-id name output. Otherwise all characters in remote-id is converted to ASCII. ASCII printable characters contain bytes in range 0x20 to 0x7E.

The remote ID as the subscriber identification field is not applicable to ARP hosts or static hosts.

sap-id — The SAP ID can be combined with other subscriber host identification fields (mac, circuit-id, remote-id, or session-id) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the circuit-id is used as a concatenation field in the sub-id name, then its format becomes: slot/mda:[outer-vlan].[inner-vlan] with a variable length.

The SAP ID as the subscriber identification field is applicable to all hosts types with exception of static hosts.

session-id — The session ID can be combined with other subscriber host identification fields (mac, circuit-id, remote-id, or sap-id) to form a sub-id name in a user readable format or as a random 10 character encoded value.

In case that the circuit ID is used as a concatenation field in the sub-id name, then its format becomes a decimal number with variable length.

The session ID as the subscriber identification field is applicable only to PPPoE/PPPoEoA type hosts.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ppp-user-db

ppp-user-db

Syntax

ppp-user-db local-user-db-name

no ppp-user-db

Context

[Tree] (config>service>vpls ppp-user-db)

Full Context

configure service vpls ppp-user-db

Description

This command enabled access to LUDB for PPPoE and PPPoEoA v4and v6 hosts under the capture SAP. The name of this local user database must match the name of local user database configured under the config>service>vprn/ies>sub-if>grp-if>pppoe hierarchy.

The no form of this command reverts to the default.

Parameters

local-user-db

Specifies the name of the local-user-database, up to 256 characters.

Platforms

All

ppp-user-name

ppp-user-name

Syntax

ppp-user-name append domain-name

ppp-user-name default-domain domain-name

ppp-user-name replace domain-name

ppp-user-name strip

no ppp-user-name

Context

[Tree] (config>subscr-mgmt>auth-plcy ppp-user-name)

Full Context

configure subscriber-mgmt authentication-policy ppp-user-name

Description

This command specifies the domain name manipulation action to perform on the PAP/CHAP user name prior to authentication.

The no form of this command reverts to the default.

Default

The PAP/CHAP user name is not changed.

Parameters

append domain-name

Appends an "@” delimiter followed by the specified domain-name to the PAP/CHAP user name, independent if a domain name is already present.

default-domain domain-name

Appends an "@” delimiter followed by the specified domain-name to the PAP/CHAP user name only if a domain name is not already present.

replace domain-name

Replaces the string after the "@” delimiter in the PAP/CHAP user name with the specified domain-name.

strip

Removes the "@” delimiter and all subsequent characters from the PAP/CHAP user name.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe

pppoe

Syntax

[no] pppoe

Context

[Tree] (config>service>vprn>sub-if>grp-if pppoe)

[Tree] (config>service>ies>sub-if>grp-if pppoe)

Full Context

configure service vprn subscriber-interface group-interface pppoe

configure service ies subscriber-interface group-interface pppoe

Description

Commands in this context configure PPPoE parameters.

The no form of this command reverts all PPPoE parameters from the PPPoE context to their defaults.

Default

pppoe

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe

Syntax

pppoe type direction {ingress | egress} script name

no pppoe type direction {ingress | egress}

Context

[Tree] (config>python>py-policy pppoe)

Full Context

configure python python-policy pppoe

Description

This command specifies the python-script for the specified PPPoE message type in the specified direction. Multiple pppoe command configuration are allowed in the same Python policy.

The no form of this command reverts to the default.

Parameters

type

Specifies the message type.

Values

session-lcp, session-pap, session-chap, session-ipcp, session-ip6cp, pado, padi, padr, pads, padt

direction {ingress | egress}

Specifies whether the event is incoming or outgoing. The system only invokes the configured script for the specified packet type in the specified direction.

script

Specifies the name of the Python script, up to 32 characters, that is used to handle the specified message.

Platforms

All

pppoe

Syntax

pppoe service-id

no pppoe

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>fwd-wholesale pppoe)

[Tree] (config>service>vprn>if>sap>fwd-wholesale pppoe)

Full Context

configure service vprn subscriber-interface group-interface sap fwd-wholesale pppoe

configure service vprn interface sap fwd-wholesale pppoe

Description

This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 are redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.

The no form of this command removes the redirect.

Parameters

service-id

Specifies the service ID of the Epipe to which packets are redirected.

Values

1 to 2147483647 | svc-name up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe

Syntax

pppoe service-id

no pppoe

Context

[Tree] (config>service>ies>if>sap>fwd-wholesale pppoe)

[Tree] (config>service>ies>sub-if>grp-if>sap>fwd-wholesale pppoe)

Full Context

configure service ies interface sap fwd-wholesale pppoe

configure service ies subscriber-interface group-interface sap fwd-wholesale pppoe

Description

This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 will be redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.

The no form of this command removes the redirect.

Parameters

service-id

Specifies the service ID of the Epipe to which packets are redirected.

Values

1 to 2147483647 | svc-name up to 64 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe

Syntax

pppoe origin

Context

[Tree] (config>li>x-interfaces>correlation-id pppoe)

Full Context

configure li x-interfaces correlation-id pppoe

Description

This command specifies the type of RADIUS accounting session ID to use for PPPoE subscriber correlation.

Default

host

Parameters

origin

Specifies the correlation identifiers origin for PPPoE.

Values

host, queue, session

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pppoe-access-method

pppoe-access-method

Syntax

pppoe-access-method {none | padi | pap-chap}

no pppoe-access-method

Context

[Tree] (config>subscr-mgmt>auth-plcy pppoe-access-method)

Full Context

configure subscriber-mgmt authentication-policy pppoe-access-method

Description

This command indicates the authentication method used towards the RADIUS server in case the policy is used for PPPoE.

The no form of this command reverts to the default.

Parameters

none

Indicates that the client is authenticated by the local user database defined under the group interface and not through RADIUS.

padi

Indicates that the client is authenticated by RADIUS as soon as the PADI packet comes in (there is no PPP authentication done in the session in this case).

pap-chap

Indicates that the RADIUS authentication of the client is delayed until the authentication protocol phase in the PPP session (PAP or CHAP) and authentication is performed with the user name and PAP password / CHAP response supplied by the client.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-client

pppoe-client

Syntax

pppoe-client

Context

[Tree] (debug>subscr-mgmt>vrgw>brg pppoe-client)

Full Context

debug subscriber-mgmt vrgw brg pppoe-client

Description

Commands in this context debug pppoe-client information.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-client-policy

pppoe-client-policy

Syntax

pppoe-client-policy pppoe-client-policy-name [create]

no pppoe-client-policy pppoe-client-policy-name

Context

[Tree] (config>subscr-mgmt pppoe-client-policy)

Full Context

configure subscriber-mgmt pppoe-client-policy

Description

This command provisions a policy containing a set of parameters to be used to configure a PPPoE client.

The no form of this command removes the policy from the system. The policy can only be removed when it is not in use.

Parameters

pppoe-client-policy-name

Specifies a unique name for the policy.

create

Mandatory keyword when creating a new policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-lac

pppoe-lac

Syntax

pppoe-lac max-nr-of-sessions

no pppoe-lac

Context

[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-lac)

[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-lac)

Full Context

configure subscriber-mgmt sub-profile session-limits pppoe-lac

configure subscriber-mgmt sla-profile session-limits pppoe-lac

Description

This command configures the maximum number of PPPoE L2TP LAC sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of PPPoE L2TP LAC sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of PPPoE L2TP LAC sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-local

pppoe-local

Syntax

pppoe-local max-nr-of-sessions

no pppoe-local

Context

[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-local)

[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-local)

Full Context

configure subscriber-mgmt sla-profile session-limits pppoe-local

configure subscriber-mgmt sub-profile session-limits pppoe-local

Description

This command configures the maximum number of PPPoE local-terminated sessions (PTA) per SLA profile instance or per subscriber.

The no form of this command removes maximum number of PPPoE local-terminated sessions (PTA) limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of PPPoE local-terminated sessions (PTA).

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-overall

pppoe-overall

Syntax

pppoe-overall max-nr-of-sessions

no pppoe-overall

Context

[Tree] (config>subscr-mgmt>sla-profile>session-limits pppoe-overall)

[Tree] (config>subscr-mgmt>sub-profile>session-limits pppoe-overall)

Full Context

configure subscriber-mgmt sla-profile session-limits pppoe-overall

configure subscriber-mgmt sub-profile session-limits pppoe-overall

Description

This command configures the maximum number of PPPoE sessions per SLA profile instance or per subscriber.

The no form of this command removes the maximum number of PPPoE sessions limit.

Parameters

max-nr-of-sessions

Specifies the maximum number of PPPoE sessions.

Values

0 to 131071

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-policy

pppoe-policy

Syntax

pppoe-policy pppoe-policy-name

no pppoe-policy

Context

[Tree] (config>service>vpls>sap pppoe-policy)

Full Context

configure service vpls sap pppoe-policy

Description

This command references a pppoe-policy that defines session parameters (ppp-mtu, authentication options, and so on) during the session initiation phase. Normally, the PPPoE policy is referenced under the group-interface hierarchy. But with capture SAP is it not known at the session initiation phase to which group-interface the session belongs. This is why, with the capture SAP, the ppp-policy must be referenced directly under the capture SAP. The pppoe-policy referenced under the group-interface must be the same as the pppoe-policy referenced under the capture SAP. Otherwise the session will not come up.

The no form of this command reverts to the default.

Parameters

pppoe-policy-name

Specifies the pppoe-policy name up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-python-policy

pppoe-python-policy

Syntax

pppoe-python-policy policy-name

no pppoe-python-policy

Context

[Tree] (config>service>vpls>sap pppoe-python-policy)

Full Context

configure service vpls sap pppoe-python-policy

Description

This command specified the Python policy for PPPoE packets sent/received on the capture SAP.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies an existing Python policy name, up to 32 characters.

Platforms

All

pppoe-service-name

pppoe-service-name

Syntax

[no] pppoe-service-name

Context

[Tree] (config>subscr-mgmt>auth-policy>include-radius-attribute pppoe-service-name)

Full Context

configure subscriber-mgmt authentication-policy include-radius-attribute pppoe-service-name

Description

This command enables the generation of the pppoe-service-name RADIUS attribute.

The no form of this command reverts to the default.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-trace

pppoe-trace

Syntax

pppoe-trace [sap sap-id] [ mac ieee-address] circuit-id circuit-id [remote-id remote-id] [username user-name] [profile trace-profile-name] [trace-existing-sessions] [ max-jobs num] [name trace-name]

pppoe-trace [sap sap-id] mac ieee-address [circuit-id circuit-id] [remote-id remote-id] [username user-name] [profile trace-profile-name] [ trace-existing-sessions] [max-jobs num] [name trace-name]

pppoe-trace sap sap-id [mac ieee-address] [ circuit-id circuit-id] [remote-id remote-id] [username user-name] [profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]

pppoe-trace [sap sap-id] [mac ieee-address] [circuit-id circuit-id] remote-id remote-id [username user-name] [ profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]

pppoe-trace [sap sap-id] [ mac ieee-address] [circuit-id circuit-id] [remote-id remote-id] username user-name [profile trace-profile-name] [trace-existing-sessions] [max-jobs num] [name trace-name]

no pppoe-trace name trace-name

no pppoe-trace [sap sap-id] [ mac ieee-address] [circuit-id circuit-id] [remote-id remote-id] [username user-name]

Context

[Tree] (debug>call-trace>ppp pppoe-trace)

Full Context

debug call-trace ppp pppoe-trace

Description

This command enables tracing locally terminated or LAC PPPoE sessions specified by the configured parameters. At least one filter rule must be provisioned. This command can trace a single session or multiple sessions, and can use wildcard characters.

This command can be executed multiple times to start multiple traces. When rules overlap, such as for a wildcard SAP and a specific SAP, the rule that a specific trace is associated with cannot be guaranteed.

The no form of this command prevents new traces from being configured and terminates all trace jobs that were previously started using the trace command.

Parameters

circuit-id

Specifies a circuit ID, up to 255 characters, that is used to filter sessions to trace.

ieee-address

Specifies a MAC address that is used to identify a session to trace, in the format "ab:cd:ef:01:23:45”. A wildcard character can be used to match all remaining octets; for example, the format "ab:cd:ef:*” can be used to filter by OUI.

user-name

Specifies a username, up to 32 characters, that is used to filter sessions to trace. A wildcard character (*) can be used at the beginning and at the end of the filter.

num

Specifies the maximum number of jobs that may be started with this rule.

Values

1 to 50

Default

1

remote-id

Specifies a remote ID, up to 255 characters, that is used to filter sessions to trace.

sap-id

Specifies a SAP to trace. The following formats are accepted:

  • port/lag/pw-port:svlan.cvlan

  • port/lag/pw-port:vlan

  • port/lag/pw-port

  • port/lag/pw-port:vlan.*

  • port/lag/pw-port:* (also matches *.*)

trace-existing-sessions

Specifies that existing PPPoE sessions are traced. If this parameter is not included, only new PPPoE sessions are traced.

trace-name

Specifies the name, up to 32 characters, by which the trace is referenced.

trace-profile-name

Specifies the name of the trace profile to be applied, up to 32 characters. The default parameters are used if a trace profile is not specified.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pppoe-user-db

pppoe-user-db

Syntax

pppoe-user-db local-user-db-name

no pppoe-user-db

Context

[Tree] (config>service>vpls pppoe-user-db)

Full Context

configure service vpls pppoe-user-db

Description

This command enabled access to LUDB for PPPoE and PPPoEoA v4and v6 hosts under the capture SAP. The name of this LUDB must match the name of the LUDB configured under the config>service>vprn/ies>sub-if>grp-if>pppoe hierarchy.

The no form of this command reverts to the default.

Parameters

local-user-db

Specifies the name of the local user database, up to 256 characters.

Platforms

All

pppoe-user-db

Syntax

pppoe-user-db ludb-name

no pppoe-user-db

Context

[Tree] (config>service>vpls>sap pppoe-user-db)

Full Context

configure service vpls sap pppoe-user-db

Description

This command enables LUDB authentication on capture SAPs for PPPoE(oA) clients. If this command is configured along with the authentication-policy command (RADIUS authentication), then the authentication-policy command takes precedence.

The no form of this command reverts to the default.

Parameters

ludb-name

Specifies the name of the local user database up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pptp

pptp

Syntax

[no] pptp

Context

[Tree] (config>service>nat>nat-policy>alg pptp)

[Tree] (config>service>nat>up-nat-policy>alg pptp)

Full Context

configure service nat nat-policy alg pptp

configure service nat up-nat-policy alg pptp

Description

This command enables PPTP ALG.

The call-id is captured in the outgoing call management messages and along with the source IP address and the source TCP, is translated by NAT. Once the PPTP call is established, the call-id in the associated GRE packet in the incoming direction (from outside to inside) is correspondingly translated so that it matches the call-id mapping established during the call establishment phase. The call IDs used in the mappings are selected randomly and they try to honor parity (odds/even).

A PPTP session can be initiated only from the inside of NAT.

GRE traffic is allowed through NAT only if the corresponding mapping exists. This mapping is created during the call negotiation phase.

There can be seven calls (GRE tunnels) per control session.

Default

no pptp

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pre-auth-policy

pre-auth-policy

Syntax

pre-auth-policy policy-name

no pre-auth-policy

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host pre-auth-policy)

Full Context

configure subscriber-mgmt local-user-db ppp host pre-auth-policy

Description

This command configures the RADIUS pre-authentication policy to use to authenticate the PPP host.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the pre-authentication policy of the host, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pre-login-message

pre-login-message

Syntax

pre-login-message login-text-string [name]

no pre-login-message

Context

[Tree] (config>system>login-control pre-login-message)

Full Context

configure system login-control pre-login-message

Description

This command configures a message to display before logging in to the router using Telnet, SSH, or the console port.

Only one message can be configured. If a new pre-login message is configured, the new message overwrites the previous message.

Note: The pre-login message is displayed on both active and standby systems.

The no form of this command removes the pre-login message.

Default

no pre-login-message

Parameters

login-text-string

Specifies the pre-login message text, up to 900 characters. Any printable, 7-bit ASCII characters can be used. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Some special characters can be used to format the message text. Use the newline (\n) character to create multiline messages. A newline (\n) character in the message moves to the beginning of the next line by sending ASCII/UTF-8 characters 0xA (LF) and 0xD (CR) to the client terminal. A carriage return (\r) character in the message sends the ASCII/UTF-8 character 0xD (CR) to the client terminal.

name

Displays the configured system name before the pre-login message. To remove the system name from the pre-login message, remove the current message and configure a new message without using the name parameter.

Platforms

All

pre-shared-key

pre-shared-key

Syntax

pre-shared-key pre-shared-key-index [encryption-type encryption-type] [create]

no pre-shared-key pre-shared-key-index

Context

[Tree] (config>macsec>conn-assoc>static-cak pre-shared-key)

Full Context

configure macsec connectivity-association static-cak pre-shared-key

Description

This command specifies the pre-shared key used to enable MACsec using static connectivity association key (CAK) security mode. This command also specifies the encryption algorithm used for encrypting the SAK.

A pre-shared key includes a connectivity association key name (CKN) and a connectivity association key (CAK). The pre-shared key-the CKN and CAK-must match on both ends of a link.

A pre-shared key is configured on both devices at each end of point-to-point link to enable MACsec using static CAK security mode. The MACsec Key Agreement (MKA) protocol is enabled after the successful MKA liveliness negotiation.

The encryption-type is used for encrypting the SAK and authenticating the MKA packet. The symmetric encryption key SAK (Security Association Key) needs to be encrypted (wrapped) via the MKA protocols. The AES key is derived via pre-shared-key.

The no form of this command removes the index.

Parameters

pre-shared-key-index

Specifies the index of this pre-shared-key.

Values

1, 2

encryption-type

Specifies the type of encryption.

Values

aes-128-cmac, aes-256-cmac

create

Mandatory to create an entry.

Platforms

All

pre-shared-key

Syntax

pre-shared-key key [hash | hash2 | custom]

no pre-shared-key

Context

[Tree] (config>ipsec>client-db>client>credential pre-shared-key)

Full Context

configure ipsec client-db client credential pre-shared-key

Description

This command specifies a pre-shared key used to authenticate peers.

The no form of this command reverts to the default.

Default

no pre-shared-key

Parameters

key

An ASCII string to use as the pre-shared key for dynamic keying. When the hash or hash2 parameters are not used, the key is a clear text key; otherwise, the key text is encrypted.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

pre-shared-key

Syntax

pre-shared-key key [hash | hash2 | custom]

no pre-shared-key

Context

[Tree] (config>service>ies>if>sap>ipsec-gw pre-shared-key)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>dynamic-keying pre-shared-key)

[Tree] (config>ipsec>trans-mode-prof>dyn pre-shared-key)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn pre-shared-key)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn pre-shared-key)

[Tree] (config>service>vprn>if>sap>ipsec-gw pre-shared-key)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn pre-shared-key)

Full Context

configure service ies interface sap ipsec-gw pre-shared-key

configure service vprn interface sap ipsec-tunnel dynamic-keying pre-shared-key

configure ipsec ipsec-transport-mode-profile dynamic-keying pre-shared-key

configure service vprn interface ipsec ipsec-tunnel dynamic-keying pre-shared-key

configure router interface ipsec ipsec-tunnel dynamic-keying pre-shared-key

configure service vprn interface sap ipsec-gw pre-shared-key

configure service ies interface ipsec ipsec-tunnel dynamic-keying pre-shared-key

Description

This command configures the pre-shared key for authentication.

The no form of this command reverts to the default.

Default

no pre-shared-key

Parameters

key

Specifies an ASCII string to use as the pre-shared key for dynamic keying. When the hash or hash2 parameters are not used, the key is a clear text key; otherwise, the key text is encrypted.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-tunnel dynamic-keying pre-shared-key
  • configure service vprn interface sap ipsec-gw pre-shared-key
  • configure ipsec ipsec-transport-mode-profile dynamic-keying pre-shared-key
  • configure service ies interface sap ipsec-gw pre-shared-key

VSR

  • configure router interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying pre-shared-key
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying pre-shared-key

pre-update-time

pre-update-time

Syntax

pre-update-time [days days] [ hrs hours] [min minutes] [sec seconds]

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update pre-update-time)

Full Context

configure system security pki ca-profile auto-crl-update pre-update-time

Description

This command specifies the pre-download time for next-update-based update.

Default

pre-update-time hrs 1

Parameters

days

Specifies the time period, in days, prior to the next update time of the current CRL.

Values

0 to 366

hours

Specifies the time period, in hours, prior to the next update time of the current CRL.

Values

0 to 23

minutes

Specifies the time period, in minutes, prior to the next update time of the current CRL.

Values

0 to 59

seconds

Specifies the time period, in seconds, prior to the next update time of the current CRL.

Values

0 to 59

Platforms

All

prec

prec

Syntax

prec ip-prec-value [fc fc-name] [priority {high | low}]

no prec ip-prec-value

Context

[Tree] (config>qos>sap-ingress prec)

Full Context

configure qos sap-ingress prec

Description

This command explicitly sets the forwarding class or enqueuing priority when a packet is marked with an IP precedence value ( ip-prec-value). Adding an IP precedence rule on the policy forces packets that match the specified ip-prec-value to override the forwarding class and enqueuing priority based on the parameters included in the IP precedence rule.

When the forwarding class is not specified in the rule, a matching packet preserves (or inherits) the existing forwarding class derived from earlier matches in the classification hierarchy.

When the enqueuing priority is not specified in the rule, a matching packet preserves (or inherits) the existing enqueuing priority derived from earlier matches in the classification hierarchy.

The ip-prec-value is derived from the most significant three bits in the IP header ToS byte field (precedence bits). The three precedence bits define eight Class-of-Service (CoS) values commonly used to map packets to per-hop Quality of Service (QoS) behavior. The precedence bits are also part of the DiffServ Code Point (DSCP) method of mapping packets to QoS behavior. The DSCP uses the most significant six bits in the IP header ToS byte and so overlaps with the precedence bits. Both IP precedence and DSCP classification rules are supported. DSCP rules have a higher match priority than IP precedence rules and where a dscp-name DSCP value overlaps an ip-prec-value, the DSCP rule takes precedence.

The no form of this command removes the explicit IP precedence classification rule from the SAP ingress policy. Removing the rule on the policy immediately removes the rule on all ingress SAPs using the policy.

Parameters

ip-prec-value

The ip-prec-value is a required parameter that specifies the unique IP header ToS byte precedence bits value that will match the IP precedence rule. If the command is executed more than once with the same ip-prec-value, the previous forwarding class and enqueuing priority is completely overridden by the new parameters or defined to be inherited when a forwarding class or enqueuing priority parameter is missing.

A maximum of eight IP precedence rules are allowed on a single policy.

The precedence is evaluated from the lowest to highest value.

Values

0 to 7

fc fc-name

The value given for the fc-name parameter must be one of the predefined forwarding classes in the system. Specifying the fc-name is optional. When a packet matches the rule, the forwarding class is only overridden when the fc fc-name parameter is defined on the rule. If the packet matches and the forwarding class is not explicitly defined in the rule, the forwarding class is inherited based on previous rule matches.

The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.

Values

fc:

class[.subclass]

class: be, l2, af, l1, h2, ef, h1, nc

subclass: 29 characters max

Default

Inherit (When fc is not defined, the rule preserves the previous forwarding class of the packet.)

priority

The priority parameter overrides the default enqueuing priority for all packets received on an ingress SAP using this policy that match this rule. Specifying the priority is optional. When a packet matches the rule, the enqueuing priority is only overridden when the priority parameter is defined on the rule. If the packet matches and priority is not explicitly defined in the rule, the enqueuing priority is inherited based on previous rule matches.

Values

high, low

Default

Inherits the priority defined by the default-priority statement.

high

This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to high for a packet increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

low

This parameter is used in conjunction with the priority parameter. Setting the enqueuing parameter to low for a packet decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. When the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

Platforms

All

prec

Syntax

prec {ip-prec-value | in-profile ip-prec-value out-profile ip-prec-value [ exceed-profile ip-prec-value]}

no prec

Context

[Tree] (config>qos>sap-egress>fc prec)

Full Context

configure qos sap-egress fc prec

Description

This command defines a value to be used for remarking packets for the specified FC. If the optional in/out/exceed-profile is specified, the command will remark different IP precedence values depending on whether the packet was classified to be in, exceed, or out-of-profile. All inplus-profile traffic is marked with the same value as in-profile traffic.

Parameters

ip-prec-value

This parameter specifies the IP precedence to be used to remark all traffic.

Values

0 to 7

exceed-profile ip-prec-value

This optional parameter specifies the IP precedence to be used to remark traffic that is exceed-profile. If not specified, this defaults to the same value configured for the out-profile parameter.

Values

0 to 7

in-profile ip-prec-value

This parameter specifies the IP precedence to be used to remark traffic that is in-profile.

Values

0 to 7

out-profile ip-prec-value

This parameter specifies the IP precedence to be used to remark traffic that is out-of-profile.

Values

0 to 7

Platforms

All

prec

Syntax

prec ip-prec-value [fc fc-name] [profile {in | out | exceed | inplus}]

no prec ip-prec-value

Context

[Tree] (config>qos>sap-egress prec)

Full Context

configure qos sap-egress prec

Description

This command defines a specific IP precedence value that must be matched to perform the associated reclassification actions. If an egress packet on the SAP matches the specified IP precedence value, the forwarding class, or profile behavior may be overridden. By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions.

The IP precedence bits used to match against precedence reclassification rules come from the Type of Service (ToS) field within the IPv4 header. If the packet does not have an IPv4 header, precedence-based matching is not performed.

The reclassification actions from a precedence reclassification rule may be overridden by a DSCP or IP flow matching event.

The fc keyword is optional. When specified, the egress classification rule will overwrite the forwarding class derived from ingress. The new forwarding class is used for egress remarking and queue mapping decisions. If a DSCP, ipv6-criteria, or ip-criteria match occurs after the IP precedence match, the new forwarding class may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new fc, the fc from the IP precedence match will be used.

The profile keyword is optional. When specified, the egress classification rule will overwrite the profile of the packet derived from ingress. The new profile value is used for egress remarking and queue congestion behavior. If a DSCP, IPv6 criteria, or IP criteria match occurs after the IP precedence match, the new profile may be overridden by the higher priority match actions. If the higher priority match actions do not specify a new profile, the profile from the IP precedence match will be used.

The no form of this command removes the reclassification rule from the SAP egress QoS policy.

Parameters

fc fc-name

This keyword is optional. When specified, packets matching the IP precedence value will be explicitly reclassified to the forwarding class specified as fc-name regardless of the ingress classification decision. The explicit forwarding class reclassification may be overwritten by a higher priority DSCP, IPv6 criteria, or IP criteria reclassification match. The FC name defined must be one of the eight forwarding classes supported by the system. To remove the forwarding class reclassification action for the specified precedence value, the prec command must be re-executed without the fc parameter defined.

Values

be, l1, af, l2, h1, ef, h2 or nc

profile {in | out | exceed | inplus}

This keyword is optional. When specified, packets matching the IP precedence value will be explicitly reclassified to the specified profile regardless of the ingress profiling decision. The explicit profile reclassification may be overwritten by a higher priority DSCP, IPv6 criteria, or IP criteria reclassification match. To remove the profile reclassification action for the specified precedence value, the prec command must be re-executed without the profile parameter defined.

in

Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out

Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed

Specifies that any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus

Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

Platforms

All

prec

Syntax

prec ip-prec-value fc fc-name profile {in | out | exceed | inplus}

no prec ip-prec-value

Context

[Tree] (config>qos>network>egress prec)

Full Context

configure qos network egress prec

Description

This command defines a specific IP precedence value that must be matched in order to perform the associated reclassification actions. If an egress packet on an IES/VPRN interface spoke SDP, on a CSC network interface in a VPRN, or network interface that the network QoS policy is applied to, matches the specified IP precedence value, the forwarding class and profile may be overridden.

By default, the forwarding class and profile of the packet is derived from ingress classification and profiling functions.

The IP precedence bits used to match against the reclassification rules come from the Type of Service (ToS) field within the IPv4 header or the Traffic Class field from the IPv6 header. If the packet does not have an IP header, IP precedence-based matching is not performed.

The configuration of egress prec classification and the configuration of an egress IP criteria or IPv6 criteria entry statement within a network QoS policy are mutually exclusive.

The IP precedence-based and DSCP-based reclassification are supported on a network interface, on a CSC network interface in a VPRN, and on a PW used in an IES or VPRN spoke interface.

This command will block the application of a network QoS policy with the egress reclassification commands to a spoke SDP part of a Layer 2 service. Conversely, this command will not allow the user to add the egress reclassification commands to a network QoS policy if it is being used by a Layer 2 spoke SDP.

The egress reclassification commands will only take effect if the redirection of the spoke SDP or CSC interface to use an egress port queue-group succeeds. For example, the following commands will succeed:

    - config>service>vprn>if>
spoke-sdp>egress>qos network-policy-id port-redirect-group 
queue-group-name instance instance-id
    - config>service>ies>if>spoke-sdp>
egress>qos network-policy-id port-redirect-group queue-group-name 
instance instance-id
    - config>service>vprn>nw-if> qos network-policy-id port-redirect-group 
queue-group-name instance instance-id

When the redirection command fails in CLI, the PW will use the network QoS policy assigned to the network IP interface; however, any reclassification in the network QoS policy applied to the network interface will be ignored.

The no form of this command removes the egress reclassification rule.

Parameters

ip-prec-value

0 to 7

fc fc-name

be, l2, af, l1, h2, ef, h1, nc

profile {in | out | exceed | inplus}

The profile reclassification action is mandatory. When specified, packets matching the IP precedence value will be explicitly reclassified to the profile specified regardless of the ingress profiling decision. To remove the profile reclassification action for the specified IP precedence value, the no prec command must be executed.

This value may be overwritten by an explicit profile action in an DSCP reclassification match.

in - Specifies that any packets matching the reclassification rule will be treated as in-profile by the egress forwarding plane.

out - Specifies that any packets matching the reclassification rule will be treated as out-of-profile by the egress forwarding plane.

exceed - Specifies that any packets matching the reclassification rule will be treated as exceed-profile by the egress forwarding plane.

inplus - Specifies that any packets matching the reclassification rule will be treated as inplus-profile by the egress forwarding plane.

Platforms

All

precedence

precedence

Syntax

precedence {primary | secondary}

no precedence

Context

[Tree] (config>eth-tunnel>path precedence)

Full Context

configure eth-tunnel path precedence

Description

This command specifies the precedence to be used for the path. Only two precedence options are supported: primary and secondary.

The no form of this command sets the precedence to the default value.

Default

precedence secondary

Parameters

primary | secondary

Specifies the path precedence as either primary or secondary.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

precedence

Syntax

precedence [precedence-value | primary]

no precedence

Context

[Tree] (config>service>epipe>spoke-sdp precedence)

[Tree] (config>service>cpipe>spoke-sdp precedence)

[Tree] (config>service>ipipe>spoke-sdp precedence)

Full Context

configure service epipe spoke-sdp precedence

configure service cpipe spoke-sdp precedence

configure service ipipe spoke-sdp precedence

Description

This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.

The no form of this command returns the precedence value to the default.

Default

precedence 4

Parameters

precedence-value

Specifies the spoke SDP precedence.

Values

1 to 4

primary

Assigns primary precedence to the spoke SDP.

Platforms

All

  • configure service epipe spoke-sdp precedence
  • configure service ipipe spoke-sdp precedence

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe spoke-sdp precedence

precedence

Syntax

precedence prec-value

precedence primary

no precedence

Context

[Tree] (config>service>epipe>spoke-sdp-fec precedence)

Full Context

configure service epipe spoke-sdp-fec precedence

Description

This command specifies the precedence of the SDP binding when there are multiple SDP bindings attached to one service endpoint. The value of zero can only be assigned to one SDP bind making it the primary SDP bind. When an SDP binding goes down, the next highest precedence SDP binding will begin to forward traffic.

The no form of this command returns the precedence value to the default.

Default

precedence 42

Parameters

prec-value

Specifies the spoke SDP precedence.

Values

1 to 4

primary

Assigns primary precedence to this spoke SDP.

Platforms

All

precedence

Syntax

precedence [precedence-value | primary]

no precedence

Context

[Tree] (config>service>vpls>spoke-sdp precedence)

Full Context

configure service vpls spoke-sdp precedence

Description

This command configures the precedence of this SDP bind when there are multiple SDP binds attached to one service endpoint. When an SDP bind goes down, the next highest precedence SDP bind begins forwarding traffic.

Parameters

precedence-value

Specifies the precedence of this SDP bind

Values

1 to 4

primary

Assigns this as the primary spoke-SDP

Platforms

All

precedence

Syntax

precedence {precedence-value | primary}

no precedence

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp precedence)

Full Context

configure mirror mirror-dest spoke-sdp precedence

Description

This command indicates that the SDP is of type secondary with a specific precedence value or of type primary.

The mirror or LI service always uses the primary type as the active pseudowire and only switches to a secondary pseudowire when the primary is down. The mirror service switches the path back to the primary pseudowire when it is back up. The user can configure a timer to delay reverting back to primary or to never revert back.

If the active pseudowire goes down, the mirror service switches the path to a secondary sdp with the lowest precedence value. That is, secondary SDPs which are operationally up are considered in the order of their precedence value, 1 being the lowest value and 4 being the highest value. If the precedence value is the same, then the SDP with the lowest SDP ID is selected.

An explicitly named endpoint can have a maximum of one SAP and one ICB. Once a SAP is added to the endpoint, only one more object of type ICB SDP is allowed. An explicitly named endpoint, which does not have a SAP object, can have a maximum of four SDPs, which can include any of the following: a single primary SDP, one or many secondary SDPs with precedence, and a single ICB SDP.

An SDP is created with type secondary and with the lowest precedence value of 4.

Parameters

precedence-value

Specifies the precedence of the SDP.

Values

1 to 4

primary

Specified that a special value of the precedence which assigns the SDP the lowest precedence and enables the revertive behavior.

Platforms

All

preempt

preempt

Syntax

[no] preempt

Context

[Tree] (config>service>ies>sub-if>grp-if>srrp preempt)

[Tree] (config>service>vprn>sub-if>grp-if>srrp preempt)

Full Context

configure service ies subscriber-interface group-interface srrp preempt

configure service vprn subscriber-interface group-interface srrp preempt

Description

When preempt is enabled, a newly initiated SRRP instance can overrides an existing Master SRRP instance if its priority value is higher than the priority of the current Master.

If preempt is disabled, an SRRP instance only becomes Master if the master down timer expires before an SRRP advertisement message is received from the adjacent SRRP enabled node.

The no form of this command reverts to the default.

Default

preempt

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preempt

Syntax

[no] preempt

Context

[Tree] (config>service>ies>if>ipv6>vrrp preempt)

Full Context

configure service ies interface ipv6 vrrp preempt

Description

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The no form of this command disables preempt mode.

Default

preempt

Platforms

All

preempt

Syntax

[no] preempt

Context

[Tree] (config>service>ies>if>vrrp preempt)

Full Context

configure service ies interface vrrp preempt

Description

The preempt command provides the ability of overriding an existing non-owner master to the virtual router instance. Enabling preempt mode is almost required for proper operation of the base-priority and vrrp-policy-id definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is only available in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted due to the fact that the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.

Non-owner virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the virtual router instances in-use priority.

A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP Advertisement message Priority field value is one of the following:

  • Greater than the virtual router in-use priority value

  • Equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to restore the default mode.

Default

preempt

Platforms

All

preempt

Syntax

[no] preempt

Context

[Tree] (config>service>vprn>if>ipv6>vrrp preempt)

[Tree] (config>service>vprn>if preempt)

Full Context

configure service vprn interface ipv6 vrrp preempt

configure service vprn interface preempt

Description

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The default value for preempt mode is enabled.

Default

preempt

Platforms

All

preempt

Syntax

[no] preempt

Context

[Tree] (config>router>if>vrrp preempt)

[Tree] (config>router>if>ipv6>vrrp preempt)

Full Context

configure router interface vrrp preempt

configure router interface ipv6 vrrp preempt

Description

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The default value for preempt mode is enabled.

Default

preempt

Platforms

All

preemption-timer

preemption-timer

Syntax

preemption-timer seconds

no preemption-timer

Context

[Tree] (config>router>rsvp preemption-timer)

Full Context

configure router rsvp preemption-timer

Description

This parameter configures the time in seconds a node holds to a reservation for which it triggered the soft preemption procedure.

The preempting node starts a separate preemption timer for each preempted LSP path. While this timer is on, the node should continue to refresh the Path and Resv for the preempted LSP paths. When the preemption timer expires, the node tears down the reservation if the head-end node has not already done so.

A value of zero means the LSP should be preempted immediately; hard preempted.

The no form of this command reverts to the default value.

Default

preemption-timer 300

Parameters

seconds

Specifies the time (in s), of the preemption timer.

Values

0 to 1800 seconds

Platforms

All

prefer-failure

prefer-failure

Syntax

[no] prefer-failure

Context

[Tree] (config>service>nat>pcp-server-policy>option prefer-failure)

Full Context

configure service nat pcp-server-policy option prefer-failure

Description

This command enables/disables support for the prefer-failure option.

Default

no prefer-failure

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefer-local-time

prefer-local-time

Syntax

[no] prefer-local-time

Context

[Tree] (config>system>time prefer-local-time)

Full Context

configure system time prefer-local-time

Description

This command sets the preference to use local or UTC time in the system. This preference is applied to objects such as log file names, created and completed times reported in log files, NETCONF and gRPC date-and-time leafs, and rollback times displayed in show routines.

Note:

The operator may force the timezone used for show outputs during a CLI session using an environment variable in the environment>time-display {utc | local} command.

Note:

The preference for CLI output is set with the environment time-display command.

Note:

The format used for the date-time strings may change when the prefer-local-time option is enabled. For example, when enabled, all date-time strings include a suffix of three to five characters that indicates the timezone used for the presentation. This suffix may not be present if the option in not enabled.

Note:

The time format for timestamps on log events is controlled on a per-log basis using the config> log>log-id>time-format {utc | local} CLI command and not via prefer-local-time.

The no form of this command indicates preference for UTC time.

Default

no prefer-local-time

Platforms

All

prefer-mcast-tunnel-in-tunnel

prefer-mcast-tunnel-in-tunnel

Syntax

[no] prefer-mcast-tunnel-in-tunnel

Context

[Tree] (config>router>ldp prefer-mcast-tunnel-in-tunnel)

Full Context

configure router ldp prefer-mcast-tunnel-in-tunnel

Description

At a downstream router, this command specifies that for upstream FEC resolution a T-LDP session to the upstream peer is preferred over an I-LDP session.

At an upstream router, this command specifies that for downstream FEC resolution a T-LDP session to the downstream peer is preferred over an I-LDP session.

The no form of this command reverts to the default value.

Default

no prefer-mcast-tunnel-in-tunnel

Platforms

All

prefer-protocol-stitching

prefer-protocol-stitching

Syntax

[no] prefer-protocol-stitching

Context

[Tree] (config>router>ldp prefer-protocol-stitching)

Full Context

configure router ldp prefer-protocol-stitching

Description

This command stitches an LDP ILM to an SR NHLFE rather than to an LDP NHLFE when both LDP and SR NHLFEs exist.

The no form of this command stitches an LDP ILM to an LDP NHLFE by preference over an SR NHLFE.

Default

no prefer-protocol-stitching

Platforms

All

prefer-tunnel-in-tunnel

prefer-tunnel-in-tunnel

Syntax

[no] prefer-tunnel-in-tunnel

Context

[Tree] (config>router>ldp prefer-tunnel-in-tunnel)

Full Context

configure router ldp prefer-tunnel-in-tunnel

Description

This command specifies to use tunnel-in-tunnel over a simple LDP tunnel. Specifically, the user packets for LDP FECs learned over this targeted LDP session can be sent inside an RSVP LSP which terminates on the same egress router as the destination of the targeted LDP session. The user can specify an explicit list of RSVP LSP tunnels under the Targeted LDP session or LDP will perform a lookup in the Tunnel Table Manager (TTM) for the best RSVP LSP. In the former case, only the specified LSPs will be considered to tunnel LDP user packets. In the latter case, all LSPs available to the TTM and which terminate on the same egress router as this target ed LDP session will be considered. In both cases, the metric specified under the LSP configuration is used to control this selection.

The lookup in the TTM will prefer a LDP tunnel over an LDP-over-RSVP tunnel if both are available. Also, the tunneling operates on the dataplane only. Control packets of this targeted LDP session are sent over the IGP path.

Platforms

All

preference

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>l2tp>group>tunnel preference)

[Tree] (config>service>vprn>l2tp>group>tunnel preference)

Full Context

configure router l2tp group tunnel preference

configure service vprn l2tp group tunnel preference

Description

This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.

The no form of this command removes the preference value from the tunnel configuration.

Default

no preference

Parameters

preference

Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference.

Values

0 to 16777215

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference

Syntax

preference preference-level

no preference

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle preference)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override preference)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel preference)

Full Context

configure mcast-management multicast-info-policy bundle preference

configure mcast-management multicast-info-policy bundle channel source-override preference

configure mcast-management multicast-info-policy bundle channel preference

Description

This command sets the relative preference level for multicast channels. The preference of a channel specifies its relative importance over other multicast channels. Eight levels of preference are supported; 0 through 7. Preference value 7 indicates the highest preference level.

When the multicast ingress path manager is congested on one or more of the switch fabric multicast paths, it uses the preference values associated with each multicast record to determine which records are allowed on the path and which records be placed in a black-hole state.

The preference value is also compared to the bundles cong-priority-threshold setting to determine the congestion priority of the channel. The result also dictates the channels multicast CAC class level (high or low). When the channels preference value is less than the congestion priority threshold, it is considered to have a congestion priority and CAC class value equal to low. When the channels preference value is equal to or greater than the threshold, it is considered to have a congestion priority and a CAC class value equal to high.

The preference value is also compared to the bundles ecmp-opt-threshold setting to determine whether the channel is eligible for ECMP path dynamic optimization. If the preference value is equal to or less than the threshold, the channel may be optimized. If the preference value is greater than the threshold, the channel will not be dynamically optimized.

The preference command may be executed in three contexts; bundle, channel and source-override. The bundle default preference value is 0. The channel and source-override preference settings are considered overrides to the bundle setting and have a default value of null (undefined).

The no form of this command restores the default preference value (0 or null depending on the context).

Parameters

preference-level

The preference-level parameter is required and defines the preference value of the channel.

Values

1 to 7

Bundle default:

0

Channel default:

Null (undefined)

Source-override default:

Null (undefined)

Override sequence — The channel setting overrides the bundle setting. The source-override setting overrides the channel and bundle settings.

Platforms

All

preference

Syntax

[no] preference preference

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy preference)

Full Context

configure subscriber-mgmt bgp-peering-policy preference

Description

This command configures the route preference for routes learned from the configured peer.

The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.

The no form of this command used at the global level reverts to default value.

Default

preference 170

Parameters

preference

The route preference, expressed as a decimal integer.

Values

1 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference

Syntax

preference preference

no preference

Context

[Tree] (config>aaa>diam>node>peer preference)

Full Context

configure aaa diameter node peer preference

Description

This command configures the Diameter routing preference for a peer. All open peers are installed in the Diameter realm routing table but only the one with the lowest numerical value for preference is used as next-hop for a given destination realm. If multiple peers with the same preference are configured for the same realm, the peer index with the lowest value is used to break the tie.

The no form of this command reverts to the default.

Default

preference 50

Parameters

preference

Specifies the peer preference.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference

Syntax

preference preference

no preference

Context

[Tree] (config>aaa>diam>node>peer>route preference)

Full Context

configure aaa diameter node peer route preference

Description

This command configures the preference of the static route. The lower value is preferred during route selection.

The no form of this command reverts to the default.

Default

preference 50

Parameters

preference

Specifies the static route preference.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference

Syntax

preference preference

no preference

Context

[Tree] (config>subscr-mgmt>sub-prof preference)

Full Context

configure subscriber-mgmt sub-profile preference

Description

This command sets the relative preference value for a subscriber profile. When multiple subscriber hosts/sessions of the same subscriber point to a different subscriber profile, the profile with the highest preference value is used. With equal preference, the subscriber profile of the last instantiated subscriber host/session is used.

Note:

Nokia recommends not to configure a subscriber profile preference value unless explicitly required for the targeted design.

The no form of this command reverts to the default value.

Default

preference 5

Parameters

preference

Specifies the preference value. A lower number means a lower preference.

Values

1 to 10

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference

Syntax

preference [create] [non-revertive]

no preference

Context

[Tree] (config>service>system>bgp-evpn>eth-seg>service-carving>manual preference)

Full Context

configure service system bgp-evpn ethernet-segment service-carving manual preference

Description

This command creates the preference context for the Ethernet Segment (ES) and determines whether the DF election for the ES is revertive or not. Creation of the preference context ensures that the PE will run the preference-based DF election algorithm.

Parameters

create

Mandatory keyword required to create the preference context in an ES.

non-revertive

Configures a non-revertive ES, which ensures that when the Ethernet Segment comes back after a failure, it does not take over an existing active DF PE.

Platforms

All

preference

Syntax

[no] preference preference

Context

[Tree] (config>service>vprn>bgp preference)

[Tree] (config>service>vprn>bgp>group preference)

Full Context

configure service vprn bgp preference

configure service vprn bgp group preference

Description

This command configures the route preference for routes learned from the configured peer(s).

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.

The no form of this command, if used at the global level, reverts to default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

preference 170

Parameters

preference

Specifies the route preference, expressed as a decimal integer.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference-value

no preference

Context

[Tree] (config>service>vprn>static-route-entry>grt preference)

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel preference)

[Tree] (config>service>vprn>static-route-entry>black-hole preference)

[Tree] (config>service>vprn>static-route-entry>indirect preference)

[Tree] (config>service>vprn>static-route-entry>next-hop preference)

Full Context

configure service vprn static-route-entry grt preference

configure service vprn static-route-entry ipsec-tunnel preference

configure service vprn static-route-entry black-hole preference

configure service vprn static-route-entry indirect preference

configure service vprn static-route-entry next-hop preference

Description

This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.

Default Route Preference lists the default route preference based on the route source.

Table 9. Default Route Preference

Label

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

OSPF Internal routes

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

Aggregate

130

No

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

The no form of this command returns the returns the associated static route preference to its default value.

Default

preference 5

Parameters

preference-value

Specifies the route preference value.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>service>vprn>isis>level preference)

Full Context

configure service vprn isis level preference

Description

This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the table below. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.

Default

Default preferences are listed in Default Preferences.

Table 10. Default Preferences

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes1

IS-IS level 2 external

165

Yes1

BGP

170

Yes

1 External preferences are changed using the external-preference command in the config>router>isis>level level-number context.

Parameters

preference

The preference for external routes at this level expressed as a decimal integer.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>service>vprn>ospf3 preference)

[Tree] (config>service>vprn>ospf preference)

Full Context

configure service vprn ospf3 preference

configure service vprn ospf preference

Description

This command configures the preference for OSPF internal routes.

A route can be learned by the router from different protocols in which case the costs are not comparable, when this occurs the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference. If the same preference is configured, the tiebreaker is per the default preference table as defined in Default Route Preferences . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Table 11. Default Route Preferences

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes2

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

1 Preference for OSPF internal routes is configured with the preference command.

Default

preference 10 — OSPF internal routes have a preference of 10.

Parameters

preference

The preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in the following table.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>service>vprn>rip>group preference)

[Tree] (config>service>vprn>ripng>group preference)

[Tree] (config>service>vprn>ripng>group>neighbor preference)

[Tree] (config>service>vprn>rip preference)

[Tree] (config>service>vprn>ripng preference)

[Tree] (config>service>vprn>rip>group>neighbor preference)

Full Context

configure service vprn rip group preference

configure service vprn ripng group preference

configure service vprn ripng group neighbor preference

configure service vprn rip preference

configure service vprn ripng preference

configure service vprn rip group neighbor preference

Description

This command sets the route preference assigned to RIP routes. This value can be overridden by route policies.

The no form of this command resets the preference to the default.

Default

no preference

Parameters

preference

Specifies the preference value.

Values

1 to 255

Default

100

Platforms

All

preference

Syntax

preference preference-value

no preference

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy preference)

Full Context

configure router mpls forwarding-policies forwarding-policy preference

Description

This command configures the preference of an MPLS forwarding policy.

The no form of this command removes the preference parameter from the MPLS forwarding policy.

Default

preference 255

Parameters

preference-value

Specifies the preference value.

The preference-value parameter allows the user to configure multiple label-binding forwarding policies with the same binding label or multiple endpoint policies with the same endpoint address. This provides the capability to achieve a 1:N backup strategy for the forwarding policy. Only the most preferred, lowest numerically preference value, policy is activated in data path.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>p2mp-sr-tree>p2mp-policy>p2mp-candidate-path preference)

Full Context

configure router p2mp-sr-tree p2mp-policy p2mp-candidate-path preference

Description

This command sets the candidate path preference for the P2MP SR tree. The candidate path with the highest preference is the active candidate path.

The no form of this command removes the candidate path preference.

Default

no preference

Parameters

preference

Specifies the preference of the candidate path.

Values

0 to 1024

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>static-route-entry>indirect preference)

[Tree] (config>router>static-route-entry>black-hole preference)

[Tree] (config>router>static-route-entry>next-hop preference)

Full Context

configure router static-route-entry indirect preference

configure router static-route-entry black-hole preference

configure router static-route-entry next-hop preference

Description

This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.

Default Route Preference shows the default route preference based on the route source.

Table 12. Default Route Preference

Label

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

OSPF Internal routes

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

Aggregate

130

No

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

The no form of this command returns the returns the associated static route preference to its default value.

Default

preference 5

Parameters

preference

Specifies the route preference value.

Values

1 to 255

Platforms

All

preference

Syntax

[no] preference preference

Context

[Tree] (config>router>bgp>group preference)

[Tree] (config>router>bgp preference)

[Tree] (config>router>bgp>group>neighbor preference)

Full Context

configure router bgp group preference

configure router bgp preference

configure router bgp group neighbor preference

Description

This command configures the route preference for routes learned from the configured peers.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The lower the preference the higher the chance of the route being the active route. The router assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.

The no form of this command used at the global level reverts to default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

preference 170

Parameters

preference

Specifies the route preference expressed as a decimal integer.

Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>isis>level preference)

Full Context

configure router isis level preference

Description

This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.

Default

preference (Level 1) — 15

preference (Level 2) — 18

Parameters

preference

Specifies the preference for external routes at this level expressed as a decimal integer. The default preferences are listed in Default Internal Route Preferences .

Table 13. Default Internal Route Preferences

Route Type

Preference

Configurable

Direct attached

0

Static-route

5

Yes

OSPF internal routes

10

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes3

IS-IS level 2 external

165

Yes3

BGP

170

Yes

1 External preferences are changed using the external-preference command in the config>router>isis>level level-number context.
Values

1 to 255

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>ospf3 preference)

[Tree] (config>router>ospf preference)

Full Context

configure router ospf3 preference

configure router ospf preference

Description

This command configures the preference for OSPF internal routes.

A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in Route Preference Defaults by Route Type . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Default

preference 10

Parameters

preference

Specifies the preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in Route Preference Defaults by Route Type .

Table 14. Route Preference Defaults by Route Type

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes4

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

1 Preference for OSPF internal routes is configured with the preference command.
Values

1 to 255

Platforms

All

preference

Syntax

preference {none | all}

no preference

Context

[Tree] (config>router>ospf>lfa>mhp preference)

[Tree] (config>router>isis>lfa>mhp preference)

Full Context

configure router ospf loopfree-alternates multi-homed-prefix preference

configure router isis loopfree-alternates multi-homed-prefix preference

Description

This command configures the preference for the multihomed prefix LFA backup path. This knob can be enabled at a LFA computing node to force the programming of the multihomed prefix LFA backup path which, in some topologies, can avoid transiting using the best ABR or ASBR.

The no form of this command reverts to the default value.

Default

preference none

Parameters

none

Specifies the preference for an LFA, TI-LFA, or RLFA backup path over the multihomed prefix LFA backup path. The multihomed prefix LFA is only programmed in cases where the prefix is not protected by LFA, RLFA, or TI-LFA.

all

Specifies the forced programming of the multihomed prefix LFA backup path regardless of the outcome of the LFA, TI-LFA, or RLFA backup path computation.

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>ripng preference)

[Tree] (config>router>ripng>group>neighbor preference)

[Tree] (config>router>rip>group>neighbor preference)

[Tree] (config>router>rip preference)

[Tree] (config>router>ripng>group preference)

[Tree] (config>router>rip>group preference)

Full Context

configure router ripng preference

configure router ripng group neighbor preference

configure router rip group neighbor preference

configure router rip preference

configure router ripng group preference

configure router rip group preference

Description

This command configures the preference for RIP routes.

A route can be learned by the router from different protocols in which case the costs are not comparable. When this occurs, the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in Route Preference Defaults by Route Type . If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of the command reverts to the default value.

Default

preference 100

Parameters

preference

Specifies the preference for RIP routes expressed as a decimal integer. Defaults for different route types are listed in Route Preference Defaults by Route Type .

Table 15. Route Preference Defaults by Route Type

Route Type

Preference

Configurable

Direct attached

0

Static routes

5

Yes

OSPF internal

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

Values

0 to 255

Platforms

All

preference

Syntax

preference preference

Context

[Tree] (conf>router>segment-routing>sr-policies>policy preference)

Full Context

configure router segment-routing sr-policies static-policy preference

Description

This command associates a preference value with a statically defined-segment routing policy. This is an optional parameter.

When there are multiple policies for the same (color, endpoint) combination that are targeted for local installation, only one is selected as the active path for the (color, endpoint). In this selection process (which considers both static local policies and BGP signaled policies), the policy with the highest preference value is preferred over all policies with a lower preference value.

The no form of this command reverts to the default value.

Default

preference 100

Parameters

preference

Specifies the preference ID.

Values

0 to 4294967295

Platforms

All

preference

Syntax

preference preference

no preference

Context

[Tree] (config>router>policy-options>policy-statement>name>default-action preference)

[Tree] (config>router>policy-options>policy-statement>entry>action preference)

Full Context

configure router policy-options policy-statement name default-action preference

configure router policy-options policy-statement entry action preference

Description

This command assigns a route preference to routes matching the route policy statement entry.

If no preference is specified, the default Route Table Manager (RTM) preference for the protocol is used.

The no form of this command disables setting an RTM preference in the route policy entry.

Note:

This command is supported with the following protocols: RIP import, BGP import, VPRN VRF import ( vrf-import), and VPRN GRT lookup export (export-grt).

Default

no preference

Parameters

preference

Specifies the route preference expressed as a decimal integer.

Values

1 to 255 (0 represents unset - MIB only)

name — The preference parameter variable name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

Platforms

All

preference

Syntax

preference value

Context

[Tree] (config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes>route-entry preference)

[Tree] (config>service>ies>sub-if>grp-if>sap>static-host>managed-routes>route-entry preference)

Full Context

configure service vprn subscriber-interface group-interface sap static-host managed-routes route-entry preference

configure service ies subscriber-interface group-interface sap static-host managed-routes route-entry preference

Description

This command associates a preference with the provisioned managed route.

Parameters

value

Specifies the preference value.

Values

0 to 255

Default

0

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preference-option

preference-option

Syntax

[no] preference-option

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel preference-option)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel preference-option)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel preference-option)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr preference-option)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>relay>asel>srvr preference-option)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>clnt-mac preference-option)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>relay>asel>srvr preference-option)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection preference-option

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection preference-option

configure service vprn subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option

configure service vprn subscriber-interface ipv6 dhcp6 relay advertise-selection server preference-option

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection client-mac preference-option

configure service ies subscriber-interface group-interface ipv6 dhcp6 relay advertise-selection server preference-option

Description

This command enables the DHCPv6 preference option that is inserted in the DHCPv6 advertise message.

The no form of this command removes the preference option.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preferred

preferred

Syntax

[no] preferred

Context

[Tree] (config>isa>nat-group>inter-chassis-redundancy preferred)

Full Context

configure isa nat-group inter-chassis-redundancy preferred

Description

This command sets the preference for activity of a nat-group in stateful inter-chassis redundancy configuration if both nodes have equal health. An example of where this can be useful is in a load balancing environment where the activity of NAT groups can be distributed between the two redundant nodes.

A nat-group with preferred command configured on a node that freshly became part of multi-chassis redundancy, takes over activity from an existing and traffic-serving node with equal health that does not have the preferred command configured. This causes a switchover and a brief interruption in traffic flow.

By default the preferred status is not set for the node.

The no form of this command reverts to the default.

Default

no preferred

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

preferred-lifetime

preferred-lifetime

Syntax

preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]

preferred-lifetime infinite

no preferred-lifetime

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>ipv6-lease-times preferred-lifetime)

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>ipv6-lease-times preferred-lifetime)

Full Context

configure subscriber-mgmt local-user-db ppp host ipv6-lease-times preferred-lifetime

configure subscriber-mgmt local-user-db ipoe host ipv6-lease-times preferred-lifetime

Description

This command specifies the preferred lifetime for the lease times. When the preferred lifetime expires, then any derived addresses are deprecated.

The no form of this command reverts to the default.

Parameters

infinite

Specifies that the valid lifetime is infinite.

preferred-lifetime

Specifies the preferred lifetime.

Values

days days

0 to 3650

hrs hours

0 to 23

min minutes

0 to 59

sec seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preferred-lifetime

Syntax

preferred-lifetime [days days] [ hrs hours] [min minutes] [sec seconds]

no preferred-lifetime

Context

[Tree] (config>router>dhcp6>server>defaults preferred-lifetime)

[Tree] (config>service>vprn>dhcp6>server>defaults preferred-lifetime)

[Tree] (config>router>dhcp6>server>pool>prefix preferred-lifetime)

[Tree] (config>service>vprn>dhcp6>server>pool>prefix preferred-lifetime)

Full Context

configure router dhcp6 local-dhcp-server defaults preferred-lifetime

configure service vprn dhcp6 local-dhcp-server defaults preferred-lifetime

configure router dhcp6 local-dhcp-server pool prefix preferred-lifetime

configure service vprn dhcp6 local-dhcp-server pool prefix preferred-lifetime

Description

This command configures the preferred lifetime.

The no form of this command reverts to the default value.

Default

preferred-lifetime hrs 1

Parameters

preferred-lifetime

Specifies the preferred time for a prefix.

Values

days:

0 to 3650

hours:

0 to 23

minutes:

0 to 59

seconds

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure router dhcp6 local-dhcp-server defaults preferred-lifetime
  • configure service vprn dhcp6 local-dhcp-server defaults preferred-lifetime

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure router dhcp6 local-dhcp-server pool prefix preferred-lifetime
  • configure service vprn dhcp6 local-dhcp-server pool prefix preferred-lifetime

preferred-lifetime

Syntax

preferred-lifetime seconds

preferred-lifetime infinite

no preferred-lifetime

Context

[Tree] (config>service>ies>if>ipv6>dhcp6>pfx-delegate>prefix preferred-lifetime)

[Tree] (config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix preferred-lifetime)

Full Context

configure service ies interface ipv6 dhcp6-server prefix-delegation prefix preferred-lifetime

configure service vprn interface ipv6 dhcp6-server prefix-delegation prefix preferred-lifetime

Description

This command configures the IPv6 prefix/mask preferred lifetime. The preferred-lifetime value cannot be bigger than the valid-lifetime value.

The no form of this command reverts to the default value.

Default

preferred-lifetime 604800 (7 days)

Parameters

seconds

Specifies the time, in seconds, that this prefix remains preferred.

Values

1 to 4294967294

infinite

Specifies that this prefix remains preferred infinitely.

Platforms

All

preferred-lifetime

Syntax

preferred-lifetime seconds

preferred-lifetime infinite

no preferred-lifetime

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)

[Tree] (config>service>ies>sub-if>ipv6>rtr-adv>pfx-opt preferred-lifetime)

Full Context

configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options preferred-lifetime

configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options preferred-lifetime

configure service vprn subscriber-interface ipv6 router-advertisements prefix-options preferred-lifetime

configure service ies subscriber-interface ipv6 router-advertisements prefix-options preferred-lifetime

Description

This command specifies the remaining time for this prefix to be preferred, thus time until deprecation.

The no form of this command reverts to the default.

Default

preferred-lifetime 3600

Parameters

seconds

Specifies the time for the prefix to remain preferred on this group-interface in seconds.

Values

0 to 4294967295

infinite

Specifies that the remaining time will never expire. The value 4294967295 is interpreted as infinite.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preferred-lifetime

Syntax

preferred-lifetime seconds

preferred-lifetime infinite

no preferred-lifetime

Context

[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateful preferred-lifetime)

[Tree] (config>subscr-mgmt>rtr-adv>pfx-opt>stateless preferred-lifetime)

Full Context

configure subscriber-mgmt router-advertisement-policy prefix-options stateful preferred-lifetime

configure subscriber-mgmt router-advertisement-policy prefix-options stateless preferred-lifetime

Description

This command specifies the remaining time for this prefix to be preferred.

The no form of this command reverts to the default.

Default

preferred-lifetime 3600

Parameters

seconds

Specifies the time, in seconds, for the prefix to remain preferred.

Values

0, 900 to 86400

infinite

Specifies that the remaining time never expires.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preferred-lifetime

Syntax

preferred-lifetime infinite

preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]

no preferred-lifetime

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server preferred-lifetime)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6>proxy-server preferred-lifetime)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy-server preferred-lifetime)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6>proxy-server preferred-lifetime)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server preferred-lifetime

configure service ies subscriber-interface ipv6 dhcp6 proxy-server preferred-lifetime

configure service vprn subscriber-interface ipv6 dhcp6 proxy-server preferred-lifetime

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server preferred-lifetime

Description

This command configures the preferred lifetime. When the preferred lifetime expires, any derived addresses are deprecated.

Default

preferred-lifetime hrs 1

Parameters

infinite

Specifies that the preferred lifetime is infinite.

days days

Specifies the number of days of a preferred lifetime.

Values

0 to 49710

hrs hours

Specifies the number of hours of a preferred lifetime.

Values

0 to 23

min minutes

Specifies the number of minutes of a preferred lifetime.

Values

0 to 59

sec seconds

Specifies the number of seconds of a preferred lifetime.

Values

0 to 59

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

preferred-lifetime

Syntax

[no] preferred-lifetime {seconds | infinite}

Context

[Tree] (config>router>router-advert>if>prefix preferred-lifetime)

[Tree] (config>service>vprn>router-advert>if>prefix preferred-lifetime)

Full Context

configure router router-advertisement interface prefix preferred-lifetime

configure service vprn router-advertisement interface prefix preferred-lifetime

Description

This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.

Default

preferred-lifetime 604800

Parameters

seconds

Specifies the remaining length of time in seconds that this prefix will continue to be preferred.

Values

0 to 4294967294

infinite

Specifies that the prefix will always be preferred. A value of 4,294,967,295 represents infinity.

Platforms

All

prefix

prefix

Syntax

prefix ipv6-addr/prefix-length [failover {local | remote | access-driven}] [pd] [wan-host] [create]

no prefix ipv6-addr/prefix-length

Context

[Tree] (config>service>vprn>dhcp6>server>pool prefix)

[Tree] (config>router>dhcp6>server>pool prefix)

Full Context

configure service vprn dhcp6 local-dhcp-server pool prefix

configure router dhcp6 local-dhcp-server pool prefix

Description

This command allocates a prefix to a pool from which Prefix Delegation prefixes and or WAN addresses can be assigned for DHCP6.

The no form of this command removes the prefix parameters from the configuration.

Default

prefix failover local

Parameters

prefix ipv6-addr/prefix-length

Specifies the prefix.

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

failover {local | remote | access-driven}

This command designates a prefix as local, remote, or access-driven. This is used when multi-chassis synchronization is enabled.

Values

local — An IPv6 prefix designated as local is used for new lease grants or to renew the existing lease grants. Local prefix designation should be always paired with the remote designation of the same prefix on the peering node.

The IPv6 prefix configured as local on one node can only be configured as remote on the other node. No other combination is allowed between the two nodes for an IPv6 prefix that is configured as local.

The DHCPv6 relay could point to both IPv6 DHCP server addresses— the one hosting the local IPv6 prefix and the one hosting the corresponding remote IPv6 prefix. Under normal circumstances the new lease will always be allocated from the local IPv6 prefix while the leases can be renewed from either IPv6 prefix (local or remote). Under network failure, the remote IPv6 prefix can be taken over according to the intercommunication link state transitions and associated timers.

remote — A prefix designated as remote is used only to renew the existing DHCP leases. The new leases are assigned from it only after the maximum-client-lead-time and partner-down-delay time elapses.

To ensure faster takeover, the partner-down-delay can be set to 0 and the MCLT time can be ignored. Extra caution should be exercised when enabling this mode of operation, as described in the configuration guides.

The IPv6 prefix configured as remote on one node can only be configured as local on the other node. No other combination is allowed between the two nodes for an IP address ranges that is configured as remote.

access-driven — A prefix designated as access-driven is like local (a new prefix assignment as well as a renewal). However, as the prefix is shared between the redundant server pair, the following additional conditions should be met to avoid duplicate address allocations:

  • A dual home access protection mechanism such as SRRP or MC-LAG must ensure a single active path from the

    DHCP client to the server.

  • The DHCP relay should point to the local server only.

pd

Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.

wan-host

Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.

create

Keyword used to create the prefix configuration. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

[no] prefix ipv6-address/prefix-length

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-server>pfx-delegate prefix)

Full Context

configure service ies interface ipv6 dhcp6-server prefix-delegation prefix

Description

This command specifies the IPv6 prefix that is delegated by this system.

The no form of this command reverts to the default.

Parameters

ipv6-address/prefix-length

Specifies the IPv6 address on the interface

Values

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

Platforms

All

prefix

Syntax

prefix ipv6-address/prefix-length [pd] [wan-host]

no prefix ipv6-address/prefix-length

Context

[Tree] (config>service>ies>sub-if>ipv6>sub-pfx prefix)

[Tree] (config>service>vprn>sub-if>ipv6>sub-pfx prefix)

Full Context

configure service ies subscriber-interface ipv6 subscriber-prefixes prefix

configure service vprn subscriber-interface ipv6 subscriber-prefixes prefix

Description

This command allows a list of prefixes (using the prefix command multiple times) to be routed to hosts associated with this subscriber interface. Each prefix is represented in the associated FDB with a reference to the subscriber interface. Prefixes are defined as being for prefix delegation (pd) or use on a WAN interface or host (wan-host).

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the 128-bit IPv6 address.

Values

128-bit hexadecimal IPv6 address in compressed form

prefix-length

Specifies the length of any associated aggregate prefix.

Values

32 to 63

pd

Specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation.

wan-host

Specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix low-order-vsi-id

no prefix

Context

[Tree] (config>service>vpls>bgp-ad>vsi-id prefix)

Full Context

configure service vpls bgp-ad vsi-id prefix

Description

This command specifies the low-order 4 bytes used to compose the Virtual Switch Instance Identifier (VSI-ID) to use for NLRI in BGP auto-discovery in this VPLS service.

If no value is set, the system IP address will be used.

Default

no prefix

Parameters

low-order-vsi-id

Specifies a unique VSI ID

Values

0— 4294967295

Platforms

All

prefix

Syntax

[no] prefix ip-prefix/prefix-length

Context

[Tree] (config>service>vprn>bgp>group>dynamic-neighbor>match prefix)

Full Context

configure service vprn bgp group dynamic-neighbor match prefix

Description

This command configures a prefix to accept dynamic BGP sessions (sessions from source IP addresses not matching any configured neighbor addresses). A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the MP-BGP families, the import and export policies, and so on.

The no form of this command removes a prefix entry.

Parameters

ip-prefix/prefix-length

Specifies a prefix from which to accept dynamic BGP sessions.

Values

ipv4-prefix — a.b.c.d (host bits must be 0)

ipv4-prefix-length — 0 to 32

ipv6-prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — [0 to FFFF]H

d — [0 to 255]D

ipv6-prefix-length — 0 to 128

Platforms

All

prefix

Syntax

[no] prefix ipv6-prefix/prefix-length

Context

[Tree] (config>service>vprn>router-advert>if prefix)

Full Context

configure service vprn router-advertisement interface prefix

Description

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.

Parameters

ipv6-prefix

Specifies the IP prefix for prefix list entry in dotted decimal notation.

Values

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

prefix-length

Specifies a route must match the most significant bits and have a prefix length.

Values

1 to 128

Platforms

All

prefix

Syntax

prefix prefix-string

no prefix

Context

[Tree] (config>app-assure>group>cflowd>export-override prefix)

Full Context

configure application-assurance group cflowd export-override prefix

Description

This command specifies the prefix-string associated with the export-override.

Parameters

prefix-string

Specifies a prefix string,up to eight characters. If the eight-character prefix is "ABCDEFG_" for a particular node, the cflowd export override would generate IPv4 interface names such as ABCDEFG_255.255.255.255 or IPv6 as ABCDEFG_2001:DB8:EF01:2345::/64. By default the prefix will be left blank.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix ip-prefix/ip-prefix-length [name prefix-name]

no prefix ip-prefix/ip-prefix-length

Context

[Tree] (config>app-assure>group>ip-prefix-list prefix)

Full Context

configure application-assurance group ip-prefix-list prefix

Description

This command configures an IP prefix within the list.

The no form of this command removes the IP prefix from the configuration.

Parameters

ip-prefix/ip-prefix-length

The IP address in dotted decimal notation.

Values

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

prefix-name

up to 32 characters

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix ipv6-prefix/prefix-length

no prefix

Context

[Tree] (config>service>vprn>nat>inside>nat64 prefix)

[Tree] (config>router>nat>inside>nat64 prefix)

Full Context

configure service vprn nat inside nat64 prefix

configure router nat inside nat64 prefix

Description

This command configures the IPv6 prefix used to derive the IPv6 address from the IPv4 address, and is same as the prefix used by DNS64 to generate AAAA record returned for IPv4 endpoint resolution. NAT64 node announces this prefix in routing to attract traffic from IPv6 hosts. If the prefix is not configured, then a well-known prefix, 64:FF9B::/96, is used.

The no form of the command removes the prefix from the NAT64 configuration.

Parameters

ipv6-prefix/prefix-length

Specifies the NAT64 destination prefix.

Values

ipv6-prefix:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0..FFFF]H

d - [0..255]D

prefix-length

32, 40, 48, 56, 64, 96

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix ip-prefix/length [nat-policy nat-policy-name]

no prefix ip-prefix/length

Context

[Tree] (config>service>nat>nat-prefix-list prefix)

Full Context

configure service nat nat-prefix-list prefix

Description

This command creates a prefix entry in the nat-prefix-list.

This prefix can be used to identify traffic with specific destination IP that needs to be associated with corresponding nat-policy (and implicitly the NAT pool) for L2-aware subscribers. In this fashion, a single L2-aware subscriber can direct traffic to multiple NAT pools, depending on the traffic destination.

Another use for a prefix is in DNAT-only application (DNAT without SNAPT). In this case the prefix identifies the inside source IP range that will be explicitly configured to ensure proper downstream routing in dNAT-only case.

The nat-prefix-list cannot reference the default nat-policy (the one that is referenced in the subscriber-profile).

The no form of the command reverts to the default.

Parameters

ip-prefix/length

Specifies the IP prefix for nat prefix list entry in dotted decimal notation.

Values

ip-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32

nat-policy nat-policy-name

Specifies the NAT policy name. Allowed values are any string up to 32 characters composed of printable,7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes..

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix prefix/prefix-length [ create]

no prefix prefix/prefix-length

Context

[Tree] (config>service>vprn>firewall>domain prefix)

[Tree] (config>router>firewall>domain prefix)

Full Context

configure service vprn firewall domain prefix

configure router firewall domain prefix

Description

This command specifies a prefix for which firewall functionality will apply within the domain. Prefixes cannot be shared or duplicated across multiple domains in the same routing context. A domain can contain multiple prefixes.

The no form of the command removes the prefix from the domain.

Parameters

create

Mandatory keyword used when creating a prefix entry.

prefix/prefix-length

Specifies the prefix.

Values

prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF (in hexadecimal)

d — 0 to 255 (in decimal)

prefix-length — 1 to 64

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix

Syntax

prefix ip-address

no prefix

Context

[Tree] (config>router>bier>template>sub-domain prefix)

Full Context

configure router bier template sub-domain prefix

Description

This command specifies the prefix used for BFR. The prefix should be an IPv4 /32 address. The prefix can be a loopback interface or system IP address.

The no form of this command removes the prefix.

Parameters

ip-address

Specifies the IP address to be used as the BFR prefix in dotted decimal format.

Platforms

All

prefix

Syntax

prefix ip-prefix/prefix-length [create]

no prefix ip-prefix/prefix-length

Context

[Tree] (config>test-oam>twamp>server prefix)

Full Context

configure test-oam twamp server prefix

Description

This command configures an IP address prefix containing one or more TWAMP clients. For a TWAMP client to connect to the TWAMP server (and subsequently conduct tests) it must establish the control connection using an IP address that is part of a configured prefix.

Parameters

ip-prefix/prefix-length

Specifies an IPv4 or IPv6 address prefix.

Values

ipv4-prefix:

a.b.c.d (host bits must be 0)

ipv4-prefix-le:

0 to 32

ipv6-prefix:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

ipv6-prefix-le:

0 to 128

prefix length

Specifies the prefix length.

Values

0 to128

create

Creates a prefix instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

prefix

Syntax

prefix ip-prefix/prefix-length [create]

no prefix ip-prefix/prefix-length

Context

[Tree] (config>router>twamp-light>reflector prefix)

[Tree] (config>service>vprn>twamp-light>reflector prefix)

Full Context

configure router twamp-light reflector prefix

configure service vprn twamp-light reflector prefix

Description

This command defines which TWAMP Light packet prefixes the reflector processes.

The no form of this command with the specific prefix removes the accepted source.

Parameters

ip-prefix/prefix-length

Specifies the IPv4 or IPv6 address and length.

Values

ipv4-prefix:

a.b.c.d (host bits must be 0)

ipv4-prefix-le:

0 to 32

ipv6-prefix:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

ipv6-prefix-le:

0 to 128

create

Creates a prefix instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

prefix

Syntax

[no] prefix ip-prefix/prefix-length

Context

[Tree] (config>qos>match-list>ip-prefix-list prefix)

Full Context

configure qos match-list ip-prefix-list prefix

Description

This command adds an IPv4 address prefix to an existing IPv4 address prefix match list.

To add a set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv4 address space.

An IPv4 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv4 address prefix list.

The no form of this command deletes the specified prefix from the list.

Parameters

ip-prefix

A valid IPv4 address prefix in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (host bit must be 0)

prefix-length

Length of the entered IP prefix

Values

1 to 32

Platforms

All

prefix

Syntax

[no] prefix ipv6-prefix/prefix-length

Context

[Tree] (config>qos>match-list>ipv6-prefix-list prefix)

Full Context

configure qos match-list ipv6-prefix-list prefix

Description

This command adds an IPv6 address prefix to an existing IPv6 address prefix match list.

To add set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space.

An IPv6 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv6 address prefix list.

The no form of this command deletes the specified prefix from the list.

Parameters

ipv6-prefix

Specifies the IPv6 prefix for the IP match criterion in hex digits.

Values

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length

Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer.

Values

1 to 128

Platforms

All

prefix

Syntax

[no] prefix ip-prefix/prefix-length

Context

[Tree] (config>filter>match-list>ip-prefix-list prefix)

Full Context

configure filter match-list ip-prefix-list prefix

Description

This command adds an IPv4 address prefix to an existing IPv4 address prefix match list.

The no form of this command deletes the specified prefix from the list.

Operational Notes:

To add set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv4 address space.

An IPv4 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of filter policies that use this IPv4 address prefix list.

Parameters

ip-prefix

Specifies a valid IPv4 address prefix in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (host bit must be 0)

prefix-length

Specifies the length of the entered IPv4 prefix.

Values

0 to 32

Platforms

All

prefix

Syntax

[no] prefix ipv6-prefix/prefix-length

Context

[Tree] (config>filter>match-list>ipv6-prefix-list prefix)

Full Context

configure filter match-list ipv6-prefix-list prefix

Description

This command adds an IPv6 address prefix to an existing IPv6 address prefix match list.

The no form of this command deletes the specified prefix from the list.

Operational Notes:

To add set of different prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space.

An IPv6 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of filter policies that use this IPv6 address prefix list.

Parameters

ipv6-prefix/prefix-length

Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0. One string of zeros can be omitted, so 2001:db8::700:0:217A is equivalent to 2001:db8:0:0:0:700:0:217A.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

Specifies the length of the entered IPv6 prefix.

Values

1 to 128

Platforms

All

prefix

Syntax

[no] prefix ipv6-prefix/prefix-length

Context

[Tree] (config>router>router-advert>if prefix)

Full Context

configure router router-advertisement interface prefix

Description

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.

Parameters

ipv6-prefix

The IP prefix for prefix list entry in dotted decimal notation.

Values

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

ipv6-prefix-length

0 to 128

prefix-length

Specifies a route must match the most significant bits and have a prefix length.

Values

1 to 128

Platforms

All

prefix

Syntax

[no] prefix ip-prefix/ip-prefix-length

Context

[Tree] (config>router>bgp>group>dynamic-neighbor>match prefix)

Full Context

configure router bgp group dynamic-neighbor match prefix

Description

This command configures a prefix to accept dynamic BGP sessions (sessions from source IP addresses not matching any configured neighbor addresses). A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the MP-BGP families, the import and export policies, and so on.

The no form of this command removes a prefix entry.

Parameters

ip-prefix/ip-prefix-length

Specifies a prefix from which to accept dynamic BGP sessions.

Values

ipv4-prefix — a.b.c.d (host bits must be 0)

ipv4-prefix-length — 0 to 32

ipv6-prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — [0 to FFFF]H

d — [0 to 255]D

ipv6-prefix-length — 0 to 128

Platforms

All

prefix

Syntax

[no] prefix ip-prefix/prefix-length [exact | longer | through length | prefix-length-range length1-length2 | to ip-prefix/prefix-length | address-mask mask-pattern]

Context

[Tree] (config>router>policy-options>prefix-list prefix)

Full Context

configure router policy-options prefix-list prefix

Description

This command creates a prefix entry in the route policy prefix list.

The no form of this command deletes the prefix entry from the prefix list.

Parameters

ip-prefix/prefix-length

Specifies the IP prefix and length for the prefix list entry in dotted decimal notation.

Values

ipv4-prefix:

  • a.b.c.d (host bits must be 0)

ipv4-prefix-length: [0 to 32]

ipv6-prefix:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

ipv6-prefix-length: [0 to 128]

exact

Specifies the prefix list entry only matches the route with the specified ip-prefix and prefix mask (length) values.

longer

Specifies the prefix list entry matches any route that matches the specified ip-prefix and prefix mask length values equal to or greater than the specified mask.

through length

Specifies the prefix list entry matches any route that matches the specified ip-prefix and has a prefix length between the specified length values inclusive.

Values

0 to 32

prefix-length-range length1 - length2

Specifies a route must match the most significant bits and have a prefix length with the given range. The range is inclusive of start and end values.

Values

0 to 32, length2 > length1

to ip-prefix/prefix-length

Specifies a second IP prefix and length used in route policy prefix lists. A route matches prefix1 to prefix2 if it matches prefix1 and prefix2 according to their respective prefix lengths and if the route’s own prefix length is between the prefix lengths of prefix1 and prefix2. It could take many individual 'exact’ match prefix entries to reproduce the same logic.

mask-pattern

Specifies the address mask to use for matching entries to this prefix entry. A route matches a prefix and address mask combination if the bitwise logical AND of this prefix and the mask equals the bitwise logical AND of the route’s address and the same mask and, additionally, the prefix length of the route matches the prefix length of the prefix entry.

Values

ipv4-address:

  • a.b.c.d

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

prefix

Syntax

prefix

Context

[Tree] (config>router>segment-routing>srv6>locator prefix)

Full Context

configure router segment-routing segment-routing-v6 locator prefix

Description

Commands in this context configure IPv6 prefix parameters for an SRv6 locator.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

prefix

Syntax

prefix

Context

[Tree] (conf>router>sr>srv6>ms>block prefix)

Full Context

configure router segment-routing segment-routing-v6 micro-segment block prefix

Description

Commands in this context configure IPv6 prefix parameters for an SRv6 micro-segment locator.

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

prefix

Syntax

prefix ip-prefix/prefix-length

no prefix

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf prefix)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis prefix)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf3 prefix)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf prefix

configure oam-pm session ip tunnel mpls sr-isis prefix

configure oam-pm session ip tunnel mpls sr-ospf3 prefix

Description

This command configures the IP prefix used with the IGP instance to tunnel IP packets for the session tests.

The no form of this command deletes the prefix from the configuration.

Default

no prefix

Parameters

ip-prefix/prefix-length

Specifies an IPv4 or IPv6 address prefix.

Values

ipv4-prefix:

a.b.c.d (host bits must be 0)

ipv4-prefix-le:

0 to 32

ipv6-prefix:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x:

[0 to FFFF]H

d:

[0 to 255]D

ipv6-prefix-le:

0 to 128

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

prefix-attributes-tlv

prefix-attributes-tlv

Syntax

[no] prefix-attributes-tlv

Context

[Tree] (config>service>vprn>isis prefix-attributes-tlv)

Full Context

configure service vprn isis prefix-attributes-tlv

Description

This command enables IS-IS Prefix Attributes TLV support to exchange extended IPv4 and IPv6 reachability information. Extended reachability information is required for traffic engineering features using path computation element (PCE) or optimal route reflection.

The no form of this command removes the prefix-attributes-tlv configuration.

Default

no prefix-attributes-tlv

Platforms

All

prefix-attributes-tlv

Syntax

[no] prefix-attributes-tlv

Context

[Tree] (config>router>isis prefix-attributes-tlv)

Full Context

configure router isis prefix-attributes-tlv

Description

This command enables IS-IS Prefix Attributes TLV support to exchange extended IPv4 and IPv6 reachability information. Extended reachability information is required for traffic engineering features using path computation element (PCE) or optimal route reflection.

The no form of this command removes the prefix-attributes-tlv configuration.

Default

no prefix-attributes-tlv

Platforms

All

prefix-delegation

prefix-delegation

Syntax

[no] prefix-delegation

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-server prefix-delegation)

Full Context

configure service ies interface ipv6 dhcp6-server prefix-delegation

Description

This command enables the prefix delegation options for delegating a long-lived prefix from a delegating router to a requesting router, where the delegating router does not require knowledge about the topology of the links in the network to which the prefixes are assigned.

The no form of this command disables prefix-delegation.

Platforms

All

prefix-exclude

prefix-exclude

Syntax

prefix-exclude policy-name [policy-name]

no prefix-exclude

Context

[Tree] (config>router>ldp>aggregate-prefix-match prefix-exclude)

Full Context

configure router ldp aggregate-prefix-match prefix-exclude

Description

This command specifies the policy name containing the prefixes to be excluded from the aggregate prefix match procedures. In this case, LDP will perform an exact match of a specific FEC element prefix as opposed to a longest match of one or more LDP FEC element prefixes, against this prefix when it receives a FEC-label binding or when a change to this prefix occurs in the routing table.

The no form of this command removes all policies from the configuration.

Default

no prefix-exclude

Parameters

policy-name

Specifies the route policy name, up to five. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Platforms

All

prefix-exclude

Syntax

[no] prefix-exclude ip-prefix/prefix-length

Context

[Tree] (config>filter>match-list>ip-pfx-list prefix-exclude)

Full Context

configure filter match-list ip-prefix-list prefix-exclude

Description

This command excludes IPv4 prefix(es) from an ip-prefix-list. The prefix-exclude command is mutually exclusive with apply-path.

The no form of this command deletes the specified excluded prefixes from the ip-prefix-list.

Parameters

ip-prefix

Specifies a valid IPv4 address prefix in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (host bit must be 0)

prefix-length

Specifies the length of the entered IPv4 prefix.

Values

0 to 32

Platforms

All

prefix-exclude

Syntax

[no] prefix ipv6-prefix/prefix-length

Context

[Tree] (config>filter>match-list>ipv6-pfx-list prefix-exclude)

Full Context

configure filter match-list ipv6-prefix-list prefix-exclude

Description

This command excludes IPv6 prefix(es) from an ipv6-prefix-list.The prefix-exclude command is mutually exclusive with apply-path.

The no form of this command deletes the specified excluded prefixes from the ipv6-prefix-list.

Parameters

ipv6-prefix/prefix-length

Specifies an IPv6 address prefix written as hexadecimal numbers separated by colons with host bits set to 0. One string of zeros can be omitted, so 2001:db8::700:0:217A is equivalent to 2001:db8:0:0:0:700:0:217A.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

Specifies the length of the entered IPv6 prefix.

Values

1 to 128

Platforms

All

prefix-ipv4

prefix-ipv4

Syntax

prefix-ipv4 {enable | disable}

Context

[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability prefix-ipv4)

[Tree] (config>router>ldp>session-params>peer>fec-type-capability prefix-ipv4)

[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability prefix-ipv4)

Full Context

configure router ldp interface-parameters interface ipv4 fec-type-capability prefix-ipv4

configure router ldp session-parameters peer fec-type-capability prefix-ipv4

configure router ldp interface-parameters interface ipv6 fec-type-capability prefix-ipv4

Description

This command enables or disables IPv4 prefix FEC capability on the session or interface.

The config>router>ldp>if-params>if>ipv6>fec-type-capability>prefix-ipv4 command is not supported on the 7450 ESS.

Platforms

All

prefix-ipv6

prefix-ipv6

Syntax

prefix-ipv6 {enable | disable}

Context

[Tree] (config>router>ldp>if-params>if>ipv4>fec-type-capability prefix-ipv6)

[Tree] (config>router>ldp>if-params>if>ipv6>fec-type-capability prefix-ipv6)

[Tree] (config>router>ldp>session-params>peer>fec-type-capability prefix-ipv6)

Full Context

configure router ldp interface-parameters interface ipv4 fec-type-capability prefix-ipv6

configure router ldp interface-parameters interface ipv6 fec-type-capability prefix-ipv6

configure router ldp session-parameters peer fec-type-capability prefix-ipv6

Description

This command enables or disables IPv6 prefix FEC capability on the session or interface.

This command is not supported on the 7450 ESS.

Platforms

All

prefix-limit

prefix-limit

Syntax

prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only | hold-excess percentage] [post-import]

no prefix-limit family

Context

[Tree] (config>service>vprn>bgp>group>neighbor prefix-limit)

[Tree] (config>service>vprn>bgp>group prefix-limit)

Full Context

configure service vprn bgp group neighbor prefix-limit

configure service vprn bgp group prefix-limit

Description

This command configures the maximum number of BGP routes received from a peer before administrative action is taken. The administrative action can include generating a log or taking the session down. If a session is taken down, configure the idle-timeout parameter to bring it back up automatically after a specific duration. Alternatively, it can be configured to stay down indefinitely, until the user performs a reset.

No prefix limits for any address family are configured by default.

This command allows the user to apply a separate limit to each address family. A set of address family limits can be applied to one neighbor or to all neighbors in a group.

The no form of this command removes the prefix-limit.

Parameters

threshold percentage

Specifies the threshold value (as a percentage) that triggers a warning message to be sent.

Values

1 to 100

family

Specifies the address family to which the limit applies.

Values

ipv4, label-ipv4, ipv6, mcast-ipv4, flow-ipv4, flow-ipv6, mcast-ipv6

limit

Specifies the number of routes that can be learned from a peer expressed as a decimal integer.

Values

1 to 4294967295

idle-timeout minutes

Specifies the duration in minutes before automatically re-establishing a session.

Values

1 to 1024

idle-timeout forever

Specifies that the session is re-established only after the clear router bgp command is executed.

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.

post-import

Specifies that the limit should be applied only to the number of routes that are accepted by import policies.

hold-excess percentage
Specifies the percentage of maximum routes that are allowed to be installed in the route table. If a peer within scope of the configuration exceeds the limit, the overflow routes are held in the BGP RIB as inactive routes and are ineligible for forwarding or advertisement to other peers. If the post-import parameter is configured, only routes not rejected by import policies count toward the limit. A BGP route in the overflow state is reconsidered for activation and reinstallation when an UPDATE message is received for the route. This parameter is mutually exclusive with the idle-timeout and log-only parameters.

Platforms

All

prefix-limit

Syntax

prefix-limit limit [log-only] [threshold percent] [overload-timeout { seconds | forever}]

no prefix-limit

Context

[Tree] (config>service>vprn>isis prefix-limit)

Full Context

configure service vprn isis prefix-limit

Description

This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.

The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.

The no form of this command removes the prefix-limit.

Default

prefix-limit overload-timeout forever

Parameters

limit

Specifies the number of prefixes that can be learned, expressed as a decimal integer.

Values

1 to 4294967296

log-only

Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.

percent

Specifies the threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

overload-timeout

Keyword used to control the length of time that IS-IS is in the overload state when the prefix limit is reached.

seconds

Specifies the time in minutes before IS-IS is restarted.

Values

1 to 1800

forever

Specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command.

Platforms

All

prefix-limit

Syntax

prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only | hold-excess percentage] [post-import]

no prefix-limit family

Context

[Tree] (config>router>bgp>group prefix-limit)

[Tree] (config>router>bgp>group>neighbor prefix-limit)

Full Context

configure router bgp group prefix-limit

configure router bgp group neighbor prefix-limit

Description

This command configures the maximum number of BGP routes received from a peer before administrative action is taken. The administrative action can include generating a log or taking the session down. If a session is taken down, configure the idle-timeout parameter to bring it back up automatically after a specific duration. Alternatively, it can be configured to stay down indefinitely, until the user performs a reset.

No prefix limits for any address family are configured by default.

This command allows the user to apply a separate limit to each address family. A set of address family limits can be applied to one neighbor or to all neighbors in a group.

The no form of this command removes the prefix-limit.

Parameters

log-only

Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.

threshold percentage

Specifies the threshold value (as a percentage) that triggers a warning message to be sent.

Values

1 to 100

family

Specifies the address family to which the limit applies.

Values

ipv4, label-ipv4, vpn-ipv4, ipv6, label-ipv6, vpn-ipv6, mcast-ipv4, l2-vpn, mvpn-ipv4, mdt-safi, ms-pw, flow-ipv4, route-target, mcast-vpn-ipv4, mvpn-ipv6, flow-ipv6, evpn, mcast-ipv6, bgp-ls, sr-policy-ipv4, sr-policy-ipv6, mcast-vpn-ipv6, flow-vpn-ipv4, flow-vpn-ipv6

limit

Specifies the number of routes that can be learned from a peer expressed as a decimal integer.

Values

1 to 4294967295

idle-timeout minutes

Specifies the duration in minutes before automatically re-establishing a session.

Values

1 to 1024

idle-timeout forever

Specifies that the session is re-established only after the clear router bgp command is executed.

post-import

Specifies that the limit applies only to the number of routes that are accepted by import policies.

hold-excess percentage
Specifies the percentage of maximum routes that are allowed to be installed in the route table. If a peer within scope of the configuration exceeds the limit, the overflow routes are held in the BGP RIB as inactive routes and are ineligible for forwarding or advertisement to other peers. If the post-import parameter is configured, only routes not rejected by import policies count toward the limit. A BGP route in the overflow state is reconsidered for activation and reinstallation when an UPDATE message is received for the route. This parameter is mutually exclusive with the idle-timeout and log-only parameters.

Platforms

All

prefix-limit

Syntax

prefix-limit limit [log-only] [threshold percent] [overload-timeout { seconds | forever}]

no prefix-limit

Context

[Tree] (config>router>isis prefix-limit)

Full Context

configure router isis prefix-limit

Description

This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.

The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix-limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.

The no form of this command removes the prefix-limit.

Default

no prefix-limit

Parameters

log-only

Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.

limit

Specifies the number of prefixes that can be learned expressed as a decimal integer.

Values

1 to 4294967296

percent

Specifies the threshold value (as a percentage) that triggers a warning message to be sent.

Values

0 to 100

seconds

Specifies the time in minutes before IS-IS is restarted.

Values

1 to 1800

forever

Specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command.

Platforms

All

prefix-limits

prefix-limits

Syntax

prefix-limits family limit [threshold percentage] [idle-timeout minutes] [log-only] [post-import]

no prefix-limits family

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy prefix-limits)

Full Context

configure subscriber-mgmt bgp-peering-policy prefix-limits

Description

This command configures the maximum number of BGP routes per address family that can be received from an ESM dynamic BGP peer before an administrative action is taken. Administrative actions include the generation of a log event and taking down the session. If a session is taken down, it can be brought back up automatically after an idle-timeout period. With no idle timeout configured, the session stays down until the user performs a reset.

The no form of this command removes the prefix limits for the specified family.

Default

prefix-limits threshold 90

Parameters

family

Specifies the IP address family for prefix limits.

Values

ipv4, ipv6

limit

Specifies the prefix limit.

Values

1 to 4294967295

percentage

Specifies the percentage at which a warning log message is sent.

Values

1 to 100

minutes

Specifies the time, in minutes, before a BGP peer is automatically reestablished on reaching the prefix limit.

Values

1 to 1024

log-only

Keyword used to specify if the maximum limit is reached, only a log event is generated. This parameterdoes not disable the BGP session upon reaching the prefix limit.

post-import

Keyword used to specify that limits are only applied to the number of routes accepted by the import policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

prefix-list

prefix-list

Syntax

prefix-list name [{all | none | any}]

no prefix-list [name] [{all | none | any}]

Context

[Tree] (config>service>vprn>static-route-entry>black-hole prefix-list)

[Tree] (config>service>vprn>static-route-entry>next-hop prefix-list)

[Tree] (config>service>vprn>static-route-entry>indirect prefix-list)

Full Context

configure service vprn static-route-entry black-hole prefix-list

configure service vprn static-route-entry next-hop prefix-list

configure service vprn static-route-entry indirect prefix-list

Description

This command associates a new constraint to the associated static route such that the static route is only active if any, none, or all of the routes in the prefix list are present and active in the route-table.

Default

no prefix-list

Parameters

name

Specifies the name of a currently configured prefix-list.

all

Specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active static route.

none

Specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active static route.

any

Specifies that the static route condition is met if any prefixes in the prefix-list are present in the active static route.

Platforms

All

prefix-list

Syntax

prefix-list prefix-list-name [{all | none}]

no prefix-list [prefix-list-name] [{all | none}]

Context

[Tree] (config>router>static-route-entry>indirect prefix-list)

[Tree] (config>router>static-route-entry>black-hole prefix-list)

[Tree] (config>router>static-route-entry>next-hop prefix-list)

Full Context

configure router static-route-entry indirect prefix-list

configure router static-route-entry black-hole prefix-list

configure router static-route-entry next-hop prefix-list

Description

This command associates a new constraint to the associated static route such that the static route is only active if none or all of the routes in the prefix list are present and active in the route-table.

Default

no prefix-list

Parameters

prefix-list-name

Specifies the name of a currently configured prefix-list.

all

Specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active route-table.

none

Specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active route-table.

Platforms

All

prefix-list

Syntax

[no] prefix-list name

Context

[Tree] (config>router>policy-options prefix-list)

Full Context

configure router policy-options prefix-list

Description

This command creates a context to configure a prefix list to use in route policy entries.

The no form of this command deletes the named prefix list.

Parameters

name

Specifies the prefix list name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".

An empty prefix list can be configured for pre-provisioning. This empty prefix list will not find a match when referred to by a policy. When removing member prefixes from a prefix list, the prefix list will not be automatically removed when the last member is removed. If required, an empty prefix list must be explicitly removed using the no form of this command.

Platforms

All

prefix-list

Syntax

prefix-list name [name]

no prefix-list

Context

[Tree] (config>router>policy-options>policy-statement>entry>from prefix-list)

[Tree] (config>router>policy-options>policy-statement>entry>to prefix-list)

Full Context

configure router policy-options policy-statement entry from prefix-list

configure router policy-options policy-statement entry to prefix-list

Description

This command configures a prefix list as a match criterion for a route policy statement entry.

If no prefix list is specified, any network prefix is considered a match.

An empty prefix list will evaluate as if 'no match' was found.

The prefix lists specify the network prefix (this includes the prefix and length) a specific policy entry applies.

A maximum of 28 prefix names can be specified.

The no form of this command removes the prefix list match criterion.

Default

no prefix-list

Parameters

name

Specifies the prefix list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. Policy parameters must be enclosed by at-signs (@) and may be midstring; for example, "@variable@," "start@variable@end"," @variable@end", or "start@variable@".

Platforms

All

prefix-list-override

prefix-list-override

Syntax

no prefix-list-override

prefix-list-override name {exact | longer}

prefix-list-override name prefix-length-range length1-length2

prefix-list-override name through length

Context

[Tree] (config>router>policy-options>policy-statement>entry>from prefix-list-override)

Full Context

configure router policy-options policy-statement entry from prefix-list-override

Description

This command converts a prefix list to a specific match type. The routing policy uses the converted list as a match condition.

The prefix list to be converted can be specified by its name, as an expression containing the name of a global variable that holds the name of the prefix list, or as an expression containing the name of a subroutine variable that holds the name of the prefix list.

Parameters

name

Specifies the prefix list to be converted, up to 64 characters.

exact

Keyword to convert all entries in the specified prefix list to the exact match type.

longer

Keyword to convert all entries in the specified prefix list to the longer match type.

length1-length2

Specifies the start and end length of the prefix range.

Values

0 to 128

Note: length2 (end length) must be equal to or greater than length1 (start length).
length

Specifies the through length of the prefix.

Values

0 to 128

Note: Configure the through length of the prefix to a value higher than the prefix length configured in the configure router policy-options prefix-list prefix command.

Platforms

All

prefix-map

prefix-map

Syntax

prefix-map ip-prefix/length subscriber-type nat-sub-type nat-policy nat-policy-name [ create]

prefi-map ip-prefix/length subscriber-type nat-sub-type

no prefix-map ip-prefix/length subscriber-type nat-sub-type

Context

[Tree] (config>router>nat>inside>deterministic prefix-map)

[Tree] (config>service>vprn>nat>inside>deterministic prefix-map)

Full Context

configure router nat inside deterministic prefix-map

configure service vprn nat inside deterministic prefix-map

Description

This command is applicable to deterministic NAT and static 1:1 NAT. It is used to configure source IP prefixes on the inside and their association with outside deterministic NAT pools via the NAT policy. Hosts within the source IP prefix are deterministically mapped to outside IP addresses and port ranges in the associated deterministic NAT pool.

Multiple source IP prefixes within an inside routing instance can be defined and they can reference different NAT policies (and therefore, outside deterministic NAT pools and routing instances). Source IP prefixes from multiple routing instances can share the same deterministic NAT pool.

With this command, multiple NAT policies based on a destination prefix or filter criteria can be used together with deterministic NAT.

Non-deterministic NAT can be used simultaneously with deterministic NAT within the same inside routing instance. However, they cannot share the same NAT pool.

Source IP prefixes can be added or removed as long as the associated deterministic NAT pool is in a no shutdown mode.

Removing a prefix or modifying the map statement under it requires that the source IP prefix be in a shutdown mode.

Parameters

ip-prefix/length

Specifies source IP prefix on the inside whose hosts is deterministically mapped to an outside IP address and port block in the corresponding deterministic NAT pool.

Values

<ip-prefix/ip-pref*>

<ipv4-prefix>/<ipv4-prefix-length>

<ipv6-prefix>/<ipv6-prefix-length>

<ipv4-prefix>

a.b.c.d (host bits must be 0)

<ipv4-prefix-length>

0 to 32

<ipv6-prefix>

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

<ipv6-prefix-length>

0 to 128

nat-sub-type

Specifies the subscriber type.

Values

classic-lsn-sub: LSN44 subscriber

dslit-lsn-sub: DT-lite subscriber

nat-policy-name

Specifies a NAT policy, up to 32 characters, that points to an outside pool and outside routing instance.

create

Keyword used to create the particular prefix instance.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

prefix-options

prefix-options

Syntax

[no] prefix-options

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6 prefix-options)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>rtr-adv prefix-options)

[Tree] (config>service>ies>sub-if>grp-if>ipv6>rtr-adv prefix-options)

[Tree] (config>service>ies>sub-if>ipv6>rtr-adv prefix-options)

[Tree] (config>subscr-mgmt>rtr-adv-plcy prefix-options)

[Tree] (config>service>vprn>sub-if>ipv6>rtr-adv prefix-options)

[Tree] (config>service>ies>sub-if>grp-if>ipv6 prefix-options)

Full Context

configure service vprn subscriber-interface group-interface ipv6 prefix-options

configure service vprn subscriber-interface group-interface ipv6 router-advertisements prefix-options

configure service ies subscriber-interface group-interface ipv6 router-advertisements prefix-options

configure service ies subscriber-interface ipv6 router-advertisements prefix-options

configure subscriber-mgmt router-advertisement-policy prefix-options

configure service vprn subscriber-interface ipv6 router-advertisements prefix-options

configure service ies subscriber-interface group-interface ipv6 prefix-options

Description

This command configures Router Advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix. All prefixes will inherit these configuration parameters.

The no form of this command unconfigures the Router Advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

prefix-policy

prefix-policy

Syntax

prefix-policy prefix-policy [prefix-policy]

no prefix-policy

Context

[Tree] (config>service>vprn>isis>loopfree-alternates>exclude prefix-policy)

Full Context

configure service vprn isis loopfree-alternates exclude prefix-policy

Description

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this ISIS instance.

The no form of this command deletes the exclude prefix policy.

Default

no prefix-policy

Parameters

prefix-policy prefix-policy

Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

Platforms

All

prefix-policy

Syntax

[no] prefix-policy prefix-policy [prefix-policy]

Context

[Tree] (config>service>vprn>ospf3>loopfree-alternates>exclude prefix-policy)

[Tree] (config>service>vprn>ospf>loopfree-alternates>exclude prefix-policy)

Full Context

configure service vprn ospf3 loopfree-alternates exclude prefix-policy

configure service vprn ospf loopfree-alternates exclude prefix-policy

Description

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this OSPF or OSPF3 instance.

The no form of this command deletes the exclude prefix policy.

Default

no prefix-policy

Parameters

prefix-policy prefix-policy

Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

Platforms

All

prefix-policy

Syntax

prefix-policy prefix-policy [prefix-policy]

no prefix-policy

Context

[Tree] (config>router>isis>loopfree-alternates>exclude prefix-policy)

Full Context

configure router isis loopfree-alternates exclude prefix-policy

Description

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this IS-IS instance.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action, when not explicitly specified by the user in the prefix policy, is a "reject". Thus, regardless if the user did or did not explicitly add the statement "default-action reject" to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default

no prefix-policy

Parameters

prefix-policy prefix-policy

Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

Platforms

All

prefix-policy

Syntax

prefix-policy prefix-policy [prefix-policy]

no prefix-policy

Context

[Tree] (config>router>ospf>loopfree-alternates>exclude prefix-policy)

[Tree] (config>router>ospf3>loopfree-alternates>exclude prefix-policy)

Full Context

configure router ospf loopfree-alternates exclude prefix-policy

configure router ospf3 loopfree-alternates exclude prefix-policy

Description

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this OSPF or OSPF3 instance.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action, when not explicitly specified by the user in the prefix policy, is a "reject”. Thus, regardless if the user did or did not explicitly add the statement "default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default

no prefix-policy

Parameters

prefix-policy

Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

Platforms

All

prefix-sid-range

prefix-sid-range

Syntax

prefix-sid-range global

prefix-sid-range start-label start-label max-index max-index

no prefix-sid-range

Context

[Tree] (config>router>bgp>segment-routing prefix-sid-range)

Full Context

configure router bgp segment-routing prefix-sid-range

Description

This command configures the label block that BGP segment routing is allowed to use.

The start-label and max-index parameters specify that BGP should be restricted to a subrange of the SRGB, with the subrange starting at start-label and ending at max-index.

It is not possible to enable segment routing (perform a no shutdown) unless the prefix-sid-range is configured using the global keyword or using the start-label and max-index parameters.

The no form of the command allocates no labels for BGP segment-routing.

Default

no prefix-sid-range

Parameters

global

Specifies that BGP is allowed to allocate labels from the entire space of the SRGB, as defined under config>router>mpls-labels>sr-labels.

start-label

Specifies the first label value that is available to BGP in a contiguous range of labels.

Values

0 to 524287

max-index

Specifies the last label value that is available to BGP in a contiguous range of labels.

Values

1 to 524287

Platforms

All

prefix-sid-range

Syntax

prefix-sid-range {global | start-label label-value max-index index-value}

no prefix-sid-range

Context

[Tree] (config>router>isis>segment-routing prefix-sid-range)

Full Context

configure router isis segment-routing prefix-sid-range

Description

This command configures the prefix SID index range and offset label value for a given IGP instance.

The key parameter is the configuration of the prefix SID index range and the offset label value which this IGP instance will use. Since each prefix SID represents a network global IP address, the SID index for a prefix must be network-wide unique. Thus, all routers in the network are expected to configure and advertise the same prefix SID index range for a given IGP instance. However, the label value used by each router to represent this prefix; that is, the label programmed in the ILM can be local to that router by the use of an offset label, referred to as a start label:

Local Label (Prefix SID) = start-label + {SID index}

The label operation in the network becomes thus very similar to LDP when operating in the independent label distribution mode (RFC 5036, LDP Specification) with the difference that the label value used to forward a packet to each downstream router is computed by the upstream router based on advertised prefix SID index using the above formula.

There are two mutually exclusive modes of operation for the prefix SID range on the router. In the global mode of operation, the user configures the global value and this IGP instance will assume the start label value is the lowest label value in the SRGB and the prefix SID index range size equal to the range size of the SRGB. Once one IGP instance selected the global option for the prefix SID range, all IGP instances on the system will be restricted to do the same. The user must shutdown the segment routing context and delete the prefix-sid-range command in all IGP instances in order to change the SRGB. Once the SRGB is changed, the user must re-enter the prefix-sid-range command again. The SRGB range change will be failed if an already allocated SID index/label goes out of range.

In the per-instance mode of operation, the user partitions the SRGB into non-overlapping sub-ranges among the IGP instances. The user thus configures a subset of the SRGB by specifying the start label value and the prefix SID index range size. All resulting net label values (start-label + index} must be within the SRGB or the configuration will be failed. Furthermore, the code checks for overlaps of the resulting net label value range across IGP instances and will strictly enforce that these ranges do not overlap. The user must shutdown the segment routing context of an IGP instance in order to change the SID index/label range of that IGP instance using the prefix-sid-range command. In addition, any range change will be failed if an already allocated SID index/label goes out of range. The user can however change the SRGB on the fly as long as it does not reduce the current per IGP instance SID index/label range defined with the prefix-sid-range. Otherwise, the user must shutdown the segment routing context of the IGP instance and delete and re-configure the prefix-sid-range command.

Default

no prefix-sid-range

Parameters

label-value

Specifies the label offset for the SR label range of this IGP instance.

Values

0 to 524287

index-value

Specifies the maximum value of the prefix SID index range for this IGP instance.

Values

1 to 524287

Platforms

All

prefix-sid-range

Syntax

prefix-sid-range global

prefix-sid-range start-label label-value max-index index-value

no prefix-sid-range

Context

[Tree] (config>router>ospf>segm-rtng prefix-sid-range)

[Tree] (config>router>ospf3>segm-rtng prefix-sid-range)

Full Context

configure router ospf segment-routing prefix-sid-range

configure router ospf3 segment-routing prefix-sid-range

Description

This command configures the prefix SID index range and offset label value for an IGP instance.

The key parameter is the configuration of the prefix SID index range and the offset label value that this IGP instance will use. Because each prefix SID represents a network global IP address, the SID index for a prefix must be unique network-wide. Therefore, all routers in the network are expected to configure and advertise the same prefix SID index range for an IGP instance. However, the label value used by each router to represent this prefix, that is, the label programmed in the ILM, can be local to that router by the use of an offset label, referred to as a start label:

Local Label (Prefix SID) = start-label + {SID index}

The label operation in the network is very similar to LDP when operating in independent label distribution mode (RFC 5036, LDP Specification), with the difference being that the label value used to forward a packet to each downstream router is computed by the upstream router based on the advertised prefix SID index using the above formula.

There are two mutually exclusive modes of operation for the prefix SID range on the router. In the global mode of operation, the user configures the global value and this IGP instance will assume the start label value is the lowest label value in the SRGB and the prefix SID index range size equal to the range size of the SRGB. After one IGP instance selected the global option for the prefix SID range, all IGP instances on the system will be restricted to do the same. The user must shutdown the segment routing context and delete the prefix-sid-range command in all IGP instances in order to change the SRGB. After the SRGB is changed, the user must re-enter the prefix-sid-range command again. The SRGB range change will be failed if an already allocated SID index/label goes out of range.

In per-instance mode, the user partitions the SRGB into non-overlapping sub-ranges among the IGP instances. The user configures a subset of the SRGB by specifying the start label value and the prefix SID index range size. All resulting net label values (start-label + index) must be within the SRGB or the configuration will fail. The 7750 SR checks for overlaps of the resulting net label value range across IGP instances and will strictly enforce no overlapping of these ranges. The user must shut down the segment routing context of an IGP instance in order to change the SID index/label range of that IGP instance using the prefix-sid-range command. A range change will fail if an already allocated SID index/label goes out of range. The user can change the SRGB without shutting down the segment routing context as long as it does not reduce the current per-IGP instance SID index/label range defined with the prefix-sid-range command. Otherwise, shut down the segment routing context of the IGP instance, and disable and re-enable the prefix-sid-range command.

Default

no prefix-sid-range

Parameters

label-value

Specifies the label offset for the SR label range of this IGP instance.

Values

0 to 524287

index-value

Specifies the maximum value of the prefix SID index range for this IGP.

Values

1 to 524287

Platforms

All

prefix-sids

prefix-sids

Syntax

prefix-sids ip-int-name

no prefix-sids ip-int-name

Context

[Tree] (config>router>segment-routing>sr-mpls prefix-sids)

Full Context

configure router segment-routing sr-mpls prefix-sids

Description

This command configures the prefix SIDs for an interface.

The no form of this command removes the prefix SIDs list instance.

Default

no prefix-sids

Parameters

ip-int-name

Specifies the loopback or system interface name that owns the prefix to be advertised, up to 32 characters.

Platforms

All

preserve-key

preserve-key

Syntax

[no] preserve-key

Context

[Tree] (config>system>security>ssh preserve-key)

Full Context

configure system security ssh preserve-key

Description

After enabling this command, private keys, public keys, and host key file are saved by the server. It is restored following a system reboot or the ssh server restart.

The no form of this command specifies that the keys are held in memory by an SSH server and is not restored following a system reboot.

Default

no preserve-key

Platforms

All

primary

primary

Syntax

primary

Context

[Tree] (config>aaa>radius-scr-plcy primary)

Full Context

configure aaa radius-script-policy primary

Description

Commands in this context configure a primary script.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

primary

Syntax

primary

Context

[Tree] (config>subscr-mgmt>sub-ident-pol primary)

Full Context

configure subscriber-mgmt sub-ident-policy primary

Description

Commands in this context configure primary identification script parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

primary

Syntax

primary path-name

no primary

Context

[Tree] (config>router>mpls>lsp primary)

Full Context

configure router mpls lsp primary

Description

This command specifies a preferred path for the LSP. This command is optional only if the secondary path-name is included in the LSP definition. Only one primary path can be defined for an LSP.

Some of the attributes of the LSP such as the bandwidth, and hop-limit can be optionally specified as the attributes of the primary path. The attributes specified in the primary path path-name command, override the LSP attributes.

The no form of this command deletes the association of this path-name from the LSP lsp-name. All configurations specific to this primary path, such as record, bandwidth, and hop limit, are deleted. The primary path must be shutdown first in order to delete it. The no primary command will not result in any action except a warning message on the console indicating that the primary path is administratively up.

Parameters

path-name

Specifies the case-sensitive alphanumeric name label for the LSP path up to 64 characters in length.

Platforms

All

primary

Syntax

[no] primary [mda-id | esa-vm-id]

Context

[Tree] (config>isa>aa-grp primary)

Full Context

configure isa application-assurance-group primary

Description

This command assigns an AA ISA or ESA-VM configured in the specified location to this application assurance group. Primary and backup ISAs have equal operational status and when both ISAs are coming up, the one that becomes operational first becomes the active ISA.

On an activity switch from the primary ISA, all configurations are already on the backup ISA but flow state information must be re-learned. Any statistics not yet spooled will be lost. Auto-switching from the backup to primary, once the primary becomes available again, is not supported.

Operator is notified through SNMP events when:

  • When AA service goes down (all ISAs in the group are down) or comes back up (an ISA in the group becomes active)

  • When AA redundancy fails (one of the ISAs in the group is down) or recovers (the failed MDA comes back up)

  • When an AA activity switch occurred.

The no form of this command removes the specified ISA from the application assurance group.

Parameters

mda-id

Specifies the slot/mda or esa/vm, identifying a provisioned AA ISA.

Values

slot/mda

slot

1 to 10, depending on chassis model

mda

1 to 2

esa-vm-id

Specifies the ESA and VM, identifying a provisioned ESA-VM. The value of the esa-vm-id for application assurance is used as the esa-id plus 128. For example, an ESA 1 with VM2 would be referred to as esa-129/2.

Values

esa-id+128/vm-id

esa-id

1 to 16

vm-id

1 to 4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

primary

Syntax

primary mda-id

no primary

Context

[Tree] (config>isa>tunnel-grp primary)

Full Context

configure isa tunnel-group primary

Description

This command assigns an ISA IPsec module configured in the specified slot to this IPsec group. The backup ISA IPsec provides the IPsec group with warm redundancy when the primary ISA IPsec in the group is configured. Primary and backup ISA IPsec have equal operational status and when both MDAs are coming up, the one that becomes operational first becomes the active ISA IPsec.

All configuration information is pushed down to the backup MDA from the CPM once the CPM gets notice that the primary module has gone down. This allows multiple IPsec groups to use the same backup module. Any statistics not yet spooled will be lost. Auto-switching from the backup to primary, once the primary becomes available again, is supported.

The operator is notified through SNMP events when:

  • When the ISA IPsec service goes down (all modules in the group are down) or comes back up (a module in the group becomes active).

  • When ISA IPsec redundancy fails (one of the modules in the group is down) or recovers (the failed module comes back up).

  • When an ISA IPsec activity switch took place.

The no form of this command removes the specified primary ID from the group’s configuration.

Default

no primary

Parameters

mda-id

Specifies the card/slot identifying a provisioned IPsec ISA.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

primary

Syntax

primary primary secondary secondary

Context

[Tree] (config>ipsec>trans-mode-prof>dyn>cert>status-verify primary)

[Tree] (config>router>if>ipsec>ipsec-tun>dyn>cert>status-verify primary)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn>cert>status-verify primary)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn>cert>status-verify primary)

[Tree] (config>service>ies>if>sap>ipsec-gw>cert>status-verify primary)

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn>cert>status-verify primary)

[Tree] (config>service>vprn>if>sap>ipsec-gw>cert>status-verify primary)

Full Context

configure ipsec ipsec-transport-mode-profile dynamic-keying cert primary

configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary

configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary

configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary

configure service ies interface sap ipsec-gw cert status-verify primary

configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify primary

configure service vprn interface sap ipsec-gw cert status-verify primary

Description

This command specifies the primary and secondary CVS methods used to verify the revocation status of the peer’s certificate.

OCSP or CRL uses the corresponding configuration in the CA profile of the issuer of the certificate in question.

Default

primary crl

Parameters

primary

Specifies the primary CSV method used to verify the revocation status of the peer’s certificate.

Values

ocsp — Specifies that the OCSP protocol should be used. The OCSP server is configured in the corresponding CA profile.

crl — Specifies that the local CRL file should be used. The CRL file is configured in the corresponding CA profile.

Default

crl

secondary

Specifies the secondary CSV method used to verify the revocation status of the peer’s certificate.

Values

ocsp — Specifies that the OCSP protocol should be used. The OCSP server is configured in the corresponding CA profile.

crl — Specifies that the local CRL file should be used. The CRL file is configured in the corresponding CA profile.

none — Specifies that no secondary method of CSV is used.

Default

none

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-gw cert status-verify primary
  • configure service vprn interface sap ipsec-tunnel dynamic-keying cert status-verify primary
  • configure service ies interface sap ipsec-gw cert status-verify primary
  • configure ipsec ipsec-transport-mode-profile dynamic-keying cert primary

VSR

  • configure router interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
  • configure service vprn interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary
  • configure service ies interface ipsec ipsec-tunnel dynamic-keying cert status-verify primary

primary

Syntax

[no] primary mda-id

Context

[Tree] (config>isa>video-group primary)

Full Context

configure isa video-group primary

Description

This command configures the primary video group ISA. Only one primary can be configured per video group when ad insertion is enabled. The maximum number of primaries per video-group for FCC and RD is 4.

Parameters

mda-id

Specifies the slot and MDA number for the primary video group ISA.

Values

slot/mda

slot

1 to 10 (depending on the chassis model)

mda

1 to 2

Platforms

7450 ESS, 7750 SR, 7750 SR-1s, 7750 SR-2s, 7750 SR-7s, 7750 SR-14s

primary-cf

primary-cf

Syntax

primary-cf cflash-id

Context

[Tree] (config>call-trace primary-cf)

Full Context

configure call-trace primary-cf

Description

This command specifies which compact-flash is used as the primary CF for call-trace operation.

Default

primary-cf cf1

Parameters

cflash-id

Specifies the compact flash card to be used as the primary local storage location to save the generated call trace log files.

Values

cf1, cf2

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

primary-config

primary-config

Syntax

primary-config file-url

no primary-config

Context

[Tree] (bof primary-config)

Full Context

bof primary-config

Description

This command specifies the name and location of the primary configuration file.

The system attempts to use the configuration specified in primary-config. If the specified file cannot be located, the system automatically attempts to obtain the configuration from the location specified in secondary-config and then the tertiary-config.

If an error in the configuration file is encountered, the boot process aborts.

The no form of this command removes the primary-config configuration.

Parameters

file-url

Specifies the primary configuration file location, expressed as a file URL.

Values

file-url

{local-url | remote-url} (up to 180 characters)

local-url

[cflash-id/][file-path]

remote-url

[{ftp://| tftp://} login:pswd@remote-locn/][file-path]

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

primary-dns

primary-dns

Syntax

primary-dns ip-address

no primary-dns

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-dns)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-dns)

Full Context

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-dns

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-dns

Description

This command configures the primary DNS address to be returned via DHCP on WLAN-GW ISA.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the primary DNS address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

primary-dns

Syntax

primary-dns ip-address

no primary-dns

Context

[Tree] (config>service>vprn>dns primary-dns)

Full Context

configure service vprn dns primary-dns

Description

This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the primary DNS server from the configuration.

Default

no primary-dns — No primary DNS server is configured.

Parameters

ip-address

The IP or IPv6 address of the primary DNS server.

Values

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface - 32 characters max, for link local addresses.

Platforms

All

primary-dns

Syntax

primary-dns ip-address

no primary-dns [ip-address]

Context

[Tree] (bof primary-dns)

Full Context

bof primary-dns

Description

This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the primary DNS server from the configuration.

Default

no primary-dns

Parameters

ip-address

Specifies the IP or IPv6 address of the primary DNS server.

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface

32 chars max, for link local addresses

Note:

IPv6 is applicable to the 7750 SR and 7950 XRS only.

Platforms

All

primary-image

primary-image

Syntax

primary-image file-url

no primary image

Context

[Tree] (bof primary-image)

Full Context

bof primary-image

Description

This command specifies the primary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

All runtime image files (*.tim files) must be located in the same directory.

The no form of this command removes the primary-image configuration.

Parameters

file-url

Specifies the file-url can be either local (this CPM) or a remote FTP server.

Values

file-url

{local-url | remote-url} (up to 180 characters)

local-url

[cflash-id/][file-path]

remote-url

[{ftp://| tftp://} login:pswd@remote-locn/][file-path]

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

All

primary-ip-address

primary-ip-address

Syntax

primary-ip-address ipv4-address

no primary-ip-address

Context

[Tree] (config>router>bgp>orr>location primary-ip-address)

Full Context

configure router bgp optimal-route-reflection location primary-ip-address

Description

This command specifies the primary IP address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the primary IP address information.

Default

no primary-ip-address

Parameters

ipv4-address

Specifies the primary IPv4 address of a location expressed in dotted decimal notation.

Values

a.b.c.d

Platforms

All

primary-ipv6-address

primary-ipv6-address

Syntax

primary-ipv6-address ipv6-address

no primary-ipv6-address

Context

[Tree] (config>router>bgp>orr>location primary-ipv6-address)

Full Context

configure router bgp optimal-route-reflection location primary-ipv6-address

Description

This command specifies the primary IPv6 address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the primary IPv6 address information.

Default

no primary-ipv6-address

Parameters

ipv6-address

Specifies the primary IPv6 address of a location expressed in dotted decimal notation.

Values

ipv6-address:

  • x:x:x:x:x:x:x:x (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d

  • x: [0 to FFFF]H

  • d: [0 to 255]D

Platforms

All

primary-location

primary-location

Syntax

primary-location file-url

no primary-location

Context

[Tree] (config>system>software-repository primary-location)

Full Context

configure system software-repository primary-location

Description

This command configures the primary location for the files in the software repository. See the software-repository command description for more information.

The no form of the command removes the primary location.

Parameters

file-url

Specifies the primary location to be used to access the files in the software repository.

Values

file url

local-url | remote-url

local-url

[cflash-id/][file-path]

200 chars maximum, including cflash-id directory length 99 characters maximum each

remote-url

[{ftp://} login:pswd@remote-locn/][file-path]

243 characters maximum

directory length 99 characters maximum each

remote-locn

[hostname | ipv4-address | [ipv6- address]]

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x - [0 to FFFF]H

d - [0 to 255]D

interface - 32 characters max, for link local addresses

cflash-id

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

primary-nbns

primary-nbns

Syntax

primary-nbns ip-address

no primary-nbns

Context

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-nbns)

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw>ranges>range>dhcp primary-nbns)

Full Context

configure service vprn subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-nbns

configure service ies subscriber-interface group-interface wlan-gw vlan-tag-ranges range dhcp primary-nbns

Description

This command configures the primary NBNS address to be returned via DHCP on WLAN-GW ISA.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the primary NBNS address.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

primary-next-hop

primary-next-hop

Syntax

[no] primary-next-hop

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp primary-next-hop)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop

Description

Commands in this context configure the primary next hop of an NHG entry in a forwarding policy.

The no form of this command removes the primary next-hop context from an NHG entry in a forwarding policy.

Platforms

All

primary-p2mp-instance

primary-p2mp-instance

Syntax

[no] primary-p2mp-instance instance-name

Context

[Tree] (config>router>mpls>lsp primary-p2mp-instance)

Full Context

configure router mpls lsp primary-p2mp-instance

Description

This command creates the primary instance of a P2MP LSP. The primary instance of a P2MP LSP is modeled as a set of root-to-leaf (S2L) sub-LSPs. The root, for example a head-end node triggers signaling using one path message per S2L path. The leaf sub-LSP paths are merged at branching points.

This command is not supported on the 7450 ESS.

Parameters

instance-name

Specifies a name that identifies the P2MP LSP instance. The instance name can be up to 32 characters long and must be unique.

Platforms

All

primary-path

primary-path

Syntax

primary-path

Context

[Tree] (config>mcast-mgmt>bw-plcy>t2-paths primary-path)

Full Context

configure mcast-management bandwidth-policy t2-paths primary-path

Description

Commands in this context configure primary path parameters.

Platforms

7450 ESS, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-7/12/12e, 7750 SR-s, 7950 XRS, VSR

primary-ports

primary-ports

Syntax

primary-ports

Context

[Tree] (config>service>template>vpls-template>mac-move primary-ports)

[Tree] (config>service>vpls>mac-move primary-ports)

Full Context

configure service template vpls-template mac-move primary-ports

configure service vpls mac-move primary-ports

Description

Commands in this context define primary VPLS ports. VPLS ports that were declared as secondary prior to the execution of this command will be moved from secondary port-level to primary port-level. Changing a port to the tertiary level can only be done by first removing it from the secondary port-level.

Platforms

All

primary-tunnel-interface

primary-tunnel-interface

Syntax

primary-tunnel-interface ldp-p2mp p2mp-identifier sender ip-address

primary-tunnel-interface rsvp-p2mp lsp-name sender ip-address

no primary-tunnel-interface

Context

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel primary-tunnel-interface)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle primary-tunnel-interface)

[Tree] (config>mcast-mgmt>mcast-info-plcy>bundle>channel>source-override primary-tunnel-interface)

Full Context

configure mcast-management multicast-info-policy bundle channel primary-tunnel-interface

configure mcast-management multicast-info-policy bundle primary-tunnel-interface

configure mcast-management multicast-info-policy bundle channel source-override primary-tunnel-interface

Description

This command allows the user to define a bundle in the multicast-info-policy and specify channels in the bundle that must be received from the primary tunnel interface associated with an RSVP P2MP LSP. The multicast info policy is applied to the base router instance.

The egress LER can accept multicast packets via two different methods. The regular RPF check on unlabeled IP multicast packets, which is based on routing table lookup. The static assignment which specifies the receiving of a multicast group <*,G> or a specific <S,G> from a primary tunnel-interface associated with an RSVP P2MP LSP.

One or more primary tunnel interfaces in the base router instance can be configured. That is, the user can specify to receive different multicast groups, <*,G> or specific <S,G>, from different P2MP LSPs. This assumes that there are static joins configured for the same multicast groups at the ingress LER to forward over a tunnel interface associated with the same P2MP LSP.

At any given time, packets of the same multicast group can be accepted from either the primary tunnel interface associated with a P2MP LSP or from a PIM interface. These are mutually exclusive options. As soon as a multicast group is configured against a primary tunnel interface in the multicast info policy, it is blocked from other PIM interfaces.

A multicast packet received on a tunnel interface associated with a P2MP LSP can be forwarded over a PIM or IGMP interface which can be an IES interface, a spoke SDP terminated IES interface, or a network interface.

The no form of this command removes the static RPF check.

Parameters

lsp-name

Species a string of up to 32 characters identifying the LSP name as configured at the ingress LER.

ip-address

Specifies a string of 15 characters representing the IP address of the ingress LER for the LSP.

p2mp-id

Identifier used for signaling mLDP P2MP LSP (applies only to the 7750 SR).

Values

1 to 4294967296

Platforms

All

primary-url

primary-url

Syntax

primary-url url

no primary-url

Context

[Tree] (config>python>py-script primary-url)

Full Context

configure python python-script primary-url

Description

This command specifies the location of the primary Python script. The system supports three locations for each Python script. Users can store the script file on either a local CF card or an FTP server.

The no form of this command removes the URL.

Parameters

url

Specifies the primary URL of the Python script up to 180 characters, either a local CF card url or a FTP server URL.

Platforms

All

prio-code-point

prio-code-point

Syntax

prio-code-point priority-code-point

no prio-code-point

Context

[Tree] (config>test-oam>build-packet>header>dot1q prio-code-point)

Full Context

configure test-oam build-packet header dot1q prio-code-point

Description

This command defines the priority code point to be used in the test Dot1Q header.

The no form of this command removes the priority code point value.

Default

prio-code-point 0 (BE)

Parameters

priority-code-point

Specifies the priority code point to be used in the test Dot1Q header.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

prio-code-point

Syntax

prio-code-point priority-code-point

no prio-code-point

Context

[Tree] (debug>oam>build-packet>packet>field-override>header>dot1q prio-code-point)

Full Context

debug oam build-packet packet field-override header dot1q prio-code-point

Description

This command configures a Priority Code Point (PCP) for an IEEE 802.1Q packet header to be launched by the OAM find-egress tool.

The no form of this command removes the priority code point value.

Default

no override

Parameters

priority-code-point

Specifies the priority code point to be used in the test Dot1Q header.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

priority

Syntax

priority level

Context

[Tree] (config>subscr-mgmt>sub-prof>ingress>policer-control-policy>priority-mbs-thresholds priority)

[Tree] (config>subscr-mgmt>sub-prof>egress>policer-control-policy>priority-mbs-thresholds priority)

Full Context

configure subscriber-mgmt sub-profile ingress policer-control-policy priority-mbs-thresholds priority

configure subscriber-mgmt sub-profile egress policer-control-policy priority-mbs-thresholds priority

Description

The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.

Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.

Parameters

level

Specifies the priority level override.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority priority source {python | diameter-gx | ludb | radius | diameter-nasreq | gtp | dhcp | local-address-assignment}

no priority priority

Context

[Tree] (config>subscr-mgmt>auth-orig priority)

Full Context

configure subscriber-mgmt authentication-origin priority

Description

This command allows the relative order of authentication priorities to be swapped between RADIUS and LUDB by configuring the RADIUS source priority to value 3. By moving RADIUS to the third position, LUDB, and all the origins below LUDB, are pushed down.The active order of priorities can be displayed in the output of the show subscriber-mgmt authentication-origin command.

The no form of this command deletes the priority value. To restore defaults, the priority configuration must be deleted.

Parameters

priority

Specifies the authentication origin priority override.

Values

1 to 7

source

Specifies the source of authentication priority. Only radius can be configured. RADIUS as the authentication origin can be assigned priority 3 which places it above LUDB.

Values

python, diameter-gx, ludb, radius, diameter-nasreq, gtp, dhcp, local-address-assignment

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>vprn>sub-if>grp-if>srrp priority)

[Tree] (config>service>ies>sub-if>grp-if>srrp priority)

Full Context

configure service vprn subscriber-interface group-interface srrp priority

configure service ies subscriber-interface group-interface srrp priority

Description

This command overrides the default base priority for the SRRP instance. The SRRP instance priority is advertised by the SRRP instance to its neighbor router and is compared to the priority received from the neighbor router. The router with the best (highest) priority enters the master state while the other router enters the backup state. If the priority of each router is the same, the router with the lowest source IP address in the SRRP advertisement message assumes the master state.

The base priority of an SRRP instance can be managed by VRRP policies. A VRRP policy defines a set of connectivity or verification tests which, when they fail, may lower an SRRP instances base priority (creating an in-use priority for the instance). Every time an SRRP instances in-use priority changes when in master state, it sends an SRRP advertisement message with the new priority. If the dynamic priority drops to zero or receives an SRRP Advertisement message with a better priority, the SRRP instance transitions to the becoming backup state.

When the priority command is not specified, or the no priority command is executed, the system uses a default base priority of 100. The priority command may be executed at any time.

The no form of this command restores the default base priority to the SRRP instance. If a VRRP policy is associated with the SRRP instance, it will use the default base priority as the basis for any modifications to the SRRP instances in-use priority.

Default

priority 100

Parameters

priority

Specifies a base priority for the SRRP instance to override the default.

Values

1 to 254

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

[no] priority level

Context

[Tree] (config>card>fp>ingress>access>queue-group>policer-control-override>priority-mbs-thresholds priority)

[Tree] (config>card>fp>ingress>network>queue-group>policer-control-override>priority-mbs-thresholds priority)

Full Context

configure card fp ingress access queue-group policer-control-override priority-mbs-thresholds priority

configure card fp ingress network queue-group policer-control-override priority-mbs-thresholds priority

Description

The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.

Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.

Parameters

level

Specifies the priority level.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority

Syntax

priority priority-value

no priority

Context

[Tree] (config>port>ethernet>eth-cfm>mep>ais-enable priority)

[Tree] (config>lag>eth-cfm>mep>ais-enable priority)

Full Context

configure port ethernet eth-cfm mep ais-enable priority

configure lag eth-cfm mep ais-enable priority

Description

This command specifies the priority of the AIS messages generated by the node.

The no form of the command reverts to the default values.

Parameters

priority-value

Specifies the priority value of the AIS messages originated by the node.

Values

0 to 7

Default

7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>port>ethernet>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>lag>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>eth-tunnel>path>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>eth-ring>path>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure port ethernet eth-cfm mep grace eth-ed priority

configure lag eth-cfm mep grace eth-ed priority

configure eth-tunnel path eth-cfm mep grace eth-ed priority

configure eth-ring path eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

[no] priority level

Context

[Tree] (config>service>ipipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>epipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>cpipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>epipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>cpipe>sap>egress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>ipipe>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)

Full Context

configure service ipipe sap egress policer-control-override priority-mbs-thresholds priority

configure service epipe sap ingress policer-control-override priority-mbs-thresholds priority

configure service cpipe sap ingress policer-control-override priority-mbs-thresholds priority

configure service epipe sap egress policer-control-override priority-mbs-thresholds priority

configure service cpipe sap egress policer-control-override priority-mbs-thresholds priority

configure service ipipe sap ingress policer-control-override priority-mbs-thresholds priority

Description

The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.

This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.

Parameters

level

The level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service ipipe sap ingress policer-control-override priority-mbs-thresholds priority
  • configure service epipe sap egress policer-control-override priority-mbs-thresholds priority
  • configure service epipe sap ingress policer-control-override priority-mbs-thresholds priority
  • configure service ipipe sap egress policer-control-override priority-mbs-thresholds priority

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap egress policer-control-override priority-mbs-thresholds priority
  • configure service cpipe sap ingress policer-control-override priority-mbs-thresholds priority

priority

Syntax

priority priority-value

no priority

Context

[Tree] (config>service>epipe>sap>eth-cfm>mep priority)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>aid-enable priority)

Full Context

configure service epipe sap eth-cfm mep priority

configure service epipe spoke-sdp eth-cfm aid-enable priority

Description

This command specifies the priority of AIS messages originated by the node.

Parameters

priority-value

Specifies the priority value of the AIS messages originated by the node.

Values

0 to 7

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>ipipe>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>epipe>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>epipe>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure service ipipe sap eth-cfm mep grace eth-ed priority

configure service epipe sap eth-cfm mep grace eth-ed priority

configure service epipe spoke-sdp eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority stp-priority

no priority [stp-priority]

Context

[Tree] (config>service>template>vpls-sap-template>stp priority)

[Tree] (config>service>vpls>stp priority)

[Tree] (config>service>template>vpls-template>stp priority)

Full Context

configure service template vpls-sap-template stp priority

configure service vpls stp priority

configure service template vpls-template stp priority

Description

The bridge-priority command is used to populate the priority portion of the bridge ID field within outbound BPDUs (the most significant 4 bits of the bridge ID). It is also used as part of the decision process when determining the best BPDU between messages received and sent. All values are truncated to multiples of 4096, conforming with IEEE 802.1t and 802.1D-2004.

The no form of this command returns the bridge priority to the default value.

Default

priority 4096

Parameters

bridge-priority

Specifies the bridge priority for the STP instance

Values

Allowed values are integers in the range of 4096 to 65535 with 4096 being the highest priority. The actual bridge priority value stored/used is the number entered with the lowest 12 bits masked off which means the actual range of values is 4096 to 61440 in increments of 4096.

Platforms

All

priority

Syntax

priority stp-priority

no priority

Context

[Tree] (config>service>vpls>spoke-sdp>stp priority)

[Tree] (config>service>vpls>spoke-sdp priority)

[Tree] (config>service>vpls>sap>stp priority)

Full Context

configure service vpls spoke-sdp stp priority

configure service vpls spoke-sdp priority

configure service vpls sap stp priority

Description

This command configures the Nokia Spanning Tree Protocol (STP) priority for the SAP or spoke SDP.

STP priority is a configurable parameter associated with a SAP or spoke SDP. When configuration BPDUs are received, the priority is used in some circumstances as a tie breaking mechanism to determine whether the SAP or spoke SDP be designated or blocked.

In traditional STP implementations (802.1D-1998), this field is called the port priority and has a value of 0 to 255. This field is coupled with the port number (0 to 255 also) to create a 16 bit value. In the latest STP standard (802.1D-2004) only the upper 4 bits of the port priority field are used to encode the SAP or spoke SDP priority. The remaining 4 bits are used to extend the port ID field into a 12 bit virtual port number field. The virtual port number uniquely references a SAP or spoke SDP within the STP instance.

STP computes the actual priority by taking the input value and masking out the lower four bits. The result is the value that is stored in the SDP priority parameter. For instance, if a value of 0 is entered, masking out the lower 4 bits results in a parameter value of 0. If a value of 255 is entered, the result is 240.

The no form of this command returns the STP priority to the default value.

Default

priority 128

Parameters

stp-priority

Specifies the STP priority value for the SAP or spoke SDP. 0 is the highest priority. The actual value used for STP priority (and stored in the configuration) is the result of masking out the lower 4 bits, therefore the actual value range is 0 to 240 in increments of 16.

Values

0 to 255

Platforms

All

priority

Syntax

priority priority-value

no priority

Context

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>ais-enable priority)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>ais-enable priority)

Full Context

configure service vpls mesh-sdp eth-cfm mep ais-enable priority

configure service vpls spoke-sdp eth-cfm mep ais-enable priority

Description

This command specifies the priority of AIS messages originated by the node.

Parameters

priority-value

Specifies the priority value of the AIS messages originated by the node

Values

0 to 7

Default

1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>vpls>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>vpls>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>vpls>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>vpls>mesh-sdp>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure service vpls eth-cfm mep grace eth-ed priority

configure service vpls spoke-sdp eth-cfm mep grace eth-ed priority

configure service vpls sap eth-cfm mep grace eth-ed priority

configure service vpls mesh-sdp eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

[no] priority level

Context

[Tree] (config>service>vpls>sap>egress>policy-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>vpls>sap>ingress>policy-ctrl-over>mbs-thrshlds priority)

Full Context

configure service vpls sap egress policer-control-override priority-mbs-thresholds priority

configure service vpls sap ingress policer-control-override priority-mbs-thresholds priority

Description

The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.

This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.

The no form of this command sets the MBS contribution for the associated priority to its default value.

Parameters

level

Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority

Syntax

priority base-priority

no priority

Context

[Tree] (config>service>ies>if>ipv6>vrrp priority)

Full Context

configure service ies interface ipv6 vrrp priority

Description

This command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

This command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Default

priority 100

Parameters

base-priority

The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.

Values

1 to 254

Default

100

Platforms

All

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>ies>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>ies>if>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>ies>if>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority

configure service ies interface sap eth-cfm mep grace eth-ed priority

configure service ies interface spoke-sdp eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service ies subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service ies interface sap eth-cfm mep grace eth-ed priority
  • configure service ies interface spoke-sdp eth-cfm mep grace eth-ed priority

priority

Syntax

[no] priority level

Context

[Tree] (config>service>ies>if>sap>ingress>policer-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>ies>if>sap>egress>policer-ctrl-over>mbs-thrshlds priority)

Full Context

configure service ies interface sap ingress policer-control-override priority-mbs-thresholds priority

configure service ies interface sap egress policer-control-override priority-mbs-thresholds priority

Description

The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.

This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.

The no form of this command sets the MBS contribution for the associated priority to its default value.

Parameters

level

Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority

Syntax

priority base-priority

no priority

Context

[Tree] (config>service>ies>if>vrrp priority)

Full Context

configure service ies interface vrrp priority

Description

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters

base-priority

The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP Priority Control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.

Values

1 to 254

Default

100

Platforms

All

priority

Syntax

priority {low | high}

no priority [{low | high}]

Context

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel>forwarding-class priority)

[Tree] (config>service>vprn>static-route-entry>indirect>forwarding-class priority)

[Tree] (config>service>vprn>static-route-entry>next-hop>forwarding-class priority)

Full Context

configure service vprn static-route-entry ipsec-tunnel forwarding-class priority

configure service vprn static-route-entry indirect forwarding-class priority

configure service vprn static-route-entry next-hop forwarding-class priority

Description

This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.

Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.

Default

priority low

Parameters

low

Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

high

Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed priority)

[Tree] (config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure service vprn interface sap eth-cfm mep grace eth-ed priority

configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed priority

configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vprn interface spoke-sdp eth-cfm mep grace eth-ed priority
  • configure service vprn interface sap eth-cfm mep grace eth-ed priority

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn subscriber-interface group-interface sap eth-cfm mep grace eth-ed priority

priority

Syntax

[no] priority level

Context

[Tree] (config>service>vprn>if>sap>egress>policer-ctrl-over>mbs-thrshlds priority)

[Tree] (config>service>vprn>if>sap>ingress>policer-ctrl-over>mbs-thrshlds priority)

Full Context

configure service vprn interface sap egress policer-control-override priority-mbs-thresholds priority

configure service vprn interface sap ingress policer-control-override priority-mbs-thresholds priority

Description

The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.

This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.

The no form of this command sets the MBS contribution for the associated priority to its default value.

Parameters

level

Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.

Values

1 to 8

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>vprn>if>ipv6>vrrp priority)

[Tree] (config>service>vprn>if>vrrp priority)

Full Context

configure service vprn interface ipv6 vrrp priority

configure service vprn interface vrrp priority

Description

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters

base-priority

The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.

Values

1 to 254

Default

100

Platforms

All

priority

Syntax

priority number

no priority

Context

[Tree] (config>service>vprn>isis>if>level priority)

Full Context

configure service vprn isis interface level priority

Description

This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.

This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.

The no form of this command reverts to the default value.

Default

priority 64

Parameters

number

Specifies the priority for this interface at this level.

Values

0 to 127

Platforms

All

priority

Syntax

priority number

no priority

Context

[Tree] (config>service>vprn>ospf>area>if priority)

[Tree] (config>service>vprn>ospf3>area>if priority)

Full Context

configure service vprn ospf area interface priority

configure service vprn ospf3 area interface priority

Description

This command configures the priority of the OSPF interface that is used to elect the designated router (DR) on the subnet.

This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the DR. A router with priority 0 is not eligible to be the designated router or backup designated router.

The no form of this command resets the interface priority to the default value.

Default

priority 1

Parameters

number

The interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router of Backup Designated Router on the interface subnet.

Values

0 to 255

Platforms

All

priority

Syntax

priority dr-priority

no priority

Context

[Tree] (config>service>vprn>pim>if priority)

Full Context

configure service vprn pim interface priority

Description

This command sets the priority value to become the rendezvous point (RP) that is included in bootstrap messages sent by the router. The RP is sometimes called the bootstrap router. The priority command indicates whether the router is eligible to be a bootstrap router.

The no form of this command disqualifies the router to participate in the bootstrap election.

Default

priority 1 (The router is the least likely to become the designated router.)

Parameters

dr-priority

Specifies the priority to become the designated router. The higher the value, the higher the priority.

Values

1 to 4294967295

Platforms

All

priority

Syntax

priority bootstrap-priority

Context

[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate priority)

[Tree] (config>service>vprn>pim>rp>bsr-candidate priority)

Full Context

configure service vprn pim rp ipv6 bsr-candidate priority

configure service vprn pim rp bsr-candidate priority

Description

This command defines the priority used to become the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.

Parameters

bootstrap-priority

The priority to become the bootstrap router.

Values

0 to 255

Default

0 (the router is not eligible to be the bootstrap router)

Platforms

All

priority

Syntax

priority priority

no priority

Context

[Tree] (config>service>vprn>pim>rp>rp-candidate priority)

Full Context

configure service vprn pim rp rp-candidate priority

Description

This command defines the priority used to become the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.

Use the no form of this command to revert to the default value.

Default

priority 192

Parameters

priority

Specifies the priority to become the designated router. The higher the value the more likely the router will become the RP.

Values

0 to 255

Platforms

All

priority

Syntax

priority priority-level

no priority

Context

[Tree] (config>router>ldp>lsp-bfd priority)

Full Context

configure router ldp lsp-bfd priority

Description

This command configures a priority value that is used to order prefix list processing if multiple prefix lists are configured.

The no form of this command restores the default priority value.

Default

priority 1

Parameters

priority-level

Specifies the priority value of the prefix list.

Values

1 to 16

Platforms

All

priority

Syntax

priority setup-priority hold-priority

no priority

Context

[Tree] (config>router>mpls>lsp-template priority)

[Tree] (config>router>mpls>lsp>secondary priority)

[Tree] (config>router>mpls>lsp>primary priority)

Full Context

configure router mpls lsp-template priority

configure router mpls lsp secondary priority

configure router mpls lsp primary priority

Description

This command enables the soft preemption procedures for this LSP path. The operator enables the soft preemption mechanism on a specific LSP name by explicitly configuring the setup and holding priorities for the primary path at the head-end node. The operator can similarly configure priority values for a secondary path for this LSP name. Different values could be used for the primary and for any of the secondary paths. In the absence of explicit user configuration, the setup priority is internally set to the default value of 7 and the holding priority is set to the default value of 0.

Note:

Valid user-entered values for these two parameters require that the holding priority be numerically lower than or equal to the setup priority, otherwise preemption loops can occur.

preemption is effected when a router preempting node processes a new RSVP session reservation and there is not enough available bandwidth on the RSVP interface, or the Class Type (CT) when Diff-Serv is enabled, to satisfy the bandwidth in the FlowSpec object while there exist other session reservations for LSP paths with a strictly lower holding priority (numerically higher holding priority value) than the setup priority of the new LSP reservation. If enough available bandwidth is freed on the link or CT to accommodate the new reservation by preempting one or more lower priority LSP paths, the preempting node allows temporary overbooking of the RSVP interface and honors the new reservation.

The preempting node will immediately set the 'Preemption pending’ flag (0x10) in the IPv4 Sub-Object in the RRO object in the Resv refresh for each of the preempted LSP paths. The IPv4 Sub-Object corresponds to the outgoing interface being used by the preempting and preempted LSP paths; however, the bandwidth value in the FlowSpec object is not changed. The Resv flag must also be set if the preempting node is a merge point for the primary LSP path and the backup bypass LSP or detour LSP and the backup LSP is activated.

When evaluating if enough available bandwidth will be freed, the preempting node considers the reservations in order from the lowest holding priority (numerically higher holding priority value) to the holding priority just below the setup priority of the new reservation. A new reservation cannot preempt a reservation which has a value of the holding priority equal to the new reservation setup priority.

When Diff-Serv is enabled on the preempting node and the MAM bandwidth allocation model is used, a new reservation can only preempt a reservation in the same Class Type (CT).

LSP paths which were not flagged at the head-end for soft preemption will be hard preempted. LSP paths with the default holding priority of 0 cannot be preempted. LSP paths with zero bandwidth do not preempt other LSP paths regardless of the values of the path setup priority and the path holding priority. They can also not be preempted.

When evaluating if enough available bandwidth will be freed, the preempting node considers the reservations in order from the lowest holding priority (numerically higher holding priority) to the holding priority just below the setup priority of the new reservation. There is no specific order in which the reservations in the same holding priority are considered.

The preempting node starts a preemption timer for each of the preempted LSP paths. While this timer is on, the node should continue to refresh the Path and Resv for the preempted LSP paths. When the preemption timer expires, the node tears down the reservation if the head-end node has not already done so.

A head-end node upon receipt of the Resv refresh message with the 'Preemption pending’ flag must immediately perform a make-before-break on the affected adaptive CSPF LSP. Both IGP metric and TE metric based CSPF LSPs are included. If an alternative path that excludes the flagged interface is not found, then the LSP is put on a retry in a similar way to the Global Revertive procedure at a head-end node. However, the number of retries and the retry timer are governed by the values of the retry-limit and retry-timer parameters: config>router>mpls>lsp>retry-limit; config>router>mpls>lsp>retry-timer.

MPLS will keep the address list of flagged interfaces for a maximum of 60 s (not user-configurable) from the time the first Resv message with the 'Preemption pending’ flag is received. This actually means that MPLS will request CSPF to find a path that excludes the flagged interfaces in the first few retries until success or until 60 s have elapsed. Subsequent retries after the 60 s will not exclude the flagged interfaces as it is assumed IGP has converged by then and the Unreserved Bandwidth sub-TLV for that priority, or TE Class, in the TE database will show the updated value taking into account the preempting LSP path reservation or a value of zero if overbooked.

If the LSP has a configured secondary standby which is operationally UP, the router will switch the path of the LSP to it and then start the MBB. If no standby path is available and a secondary non-standby is configured, the router will start the MBB and signal the path of the secondary. The LSP path will be switched to either the secondary or the new primary, whichever comes up first.

The no form of this command reverts the LSP path priority to the default values and results in setting the setup priority to 7, in setting the hold priority to 0, and in clearing the 'soft preemption desired’ flag in the RRO in the Resv refresh message.

Default

no priority

Parameters

setup-priority

Specifies the priority of the reservation for this session at setup time.

Values

0 to 7 (0 is the highest priority and 7 is the lowest priority.)

Default

7 — This session does not preempt any other session.

holding-priority

Specifies the priority of the reservation for this session at preemption action.

Values

0 to 7 (0 is the highest priority and 7 is the lowest priority.)

Default

0 — This session does not get preempted by any other session.

Platforms

All

priority

Syntax

priority value

no priority

Context

[Tree] (config>app-assure>aarp priority)

Full Context

configure application-assurance aarp priority

Description

This command defines the priority for the AARP instance. The priority value is used to determine the master/backup upon initialization or re-balance.

The no form of this command reverts to the default value.

Default

priority 100

Parameters

value

Specifies an integer that defines the priority of an AARP instance.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority priority-level

no priority

Context

[Tree] (config>app-assure>group>policy>aqp>entry>action>remark priority)

Full Context

configure application-assurance group policy app-qos-policy entry action remark priority

Description

This command configures remark discard priority action on flows matching this AQP entry. When enabled, all packets for all flows matching this AQP entry will be remarked to the configured discard priority.

Default

no priority

Parameters

priority-level

Specifies the priority to apply to a packet.

Values

high, low

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority priority

no priority

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group priority)

Full Context

configure redundancy multi-chassis peer mc-ipsec tunnel-group priority

Description

This command specifies the local priority of the tunnel-group, this is used to elect master, higher number win. If priority are same, then the peer has more active ISA win; and priority and the number of active ISA are same, then the peer with higher IP address win.

The no form of this command removes the priority value from the configuration.

Default

priority 100

Parameters

priority

Specifies the priority of this tunnel-group.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority dr-priority

no priority

Context

[Tree] (config>router>pim>interface priority)

Full Context

configure router pim interface priority

Description

This command sets the priority value to elect the designated router (DR). The DR election priority is a 32-bit unsigned number and the numerically larger priority is always preferred.

The no form of this command reverts to the default value.

Default

priority 1

Parameters

priority

Specifies the priority to become the designated router. The higher the value, the higher the priority.

Values

1 to 4294967295

Platforms

All

priority

Syntax

priority priority

no priority

Context

[Tree] (config>router>pim>rp>ipv6>rp-candidate priority)

[Tree] (config>router>pim>rp>rp-candidate priority)

Full Context

configure router pim rp ipv6 rp-candidate priority

configure router pim rp rp-candidate priority

Description

This command configures the Candidate-RP priority for becoming a rendezvous point (RP). This value is used to elect RP for a group range.

The no form of this command reverts to the default value.

Default

priority 192

Parameters

priority

Specifies the priority to become a rendezvous point (RP). A value of 0 is considered as the highest priority.

Values

0 to 255

Platforms

All

priority

Syntax

priority priority

no priority

Context

[Tree] (config>oam-pm>session>ethernet priority)

Full Context

configure oam-pm session ethernet priority

Description

This command defines the CoS priority across all tests configured under this session. This CoS value is exposed to the various QoS policies the frame passes through and does not necessarily map directly to the CoS value on the wire.

The no form of this command removes changes the priority to the default value.

Default

priority 0

Parameters

priority

Specifies the CoS value.

Values

0 to 7

Default

0

Platforms

All

priority

Syntax

priority level

Context

[Tree] (config>qos>plcr-ctrl-plcy>root>priority-mbs-thresholds priority)

Full Context

configure qos policer-control-policy root priority-mbs-thresholds priority

Description

The priority level command contains the mbs-contribution configuration command for a given strict priority level. Eight levels are supported numbered 1 through 8 with 8 being the highest strict priority.

Each of the eight priority CLI nodes always exists and do not need to be created. While parameters exist for each priority level, the parameters are only applied when the priority level within a parent policer instance is currently supporting child policers.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority

Syntax

priority [priority]

no priority

Context

[Tree] (config>filter>redirect-policy>dest priority)

Full Context

configure filter redirect-policy destination priority

Description

Redirect policies can contain multiple destinations. Each destination is assigned an initial or base priority which describes its relative importance within the policy.

Default

priority 100

Parameters

priority

Specifies the priority, expressed as a decimal integer, used to weigh the destination’s relative importance within the policy.

Values

1 to 255

Platforms

All

priority

Syntax

priority {low | high}

no priority [{low | high}]

Context

[Tree] (config>router>static-route-entry>next-hop>forwarding-class priority)

[Tree] (config>router>static-route-entry>indirect>forwarding-class priority)

Full Context

configure router static-route-entry next-hop forwarding-class priority

configure router static-route-entry indirect forwarding-class priority

Description

This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.

Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.

Default

priority low

Parameters

low

Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

high

Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>router>if>eth-cfm>mep>grace>eth-ed priority)

Full Context

configure router interface eth-cfm mep grace eth-ed priority

Description

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default

no priority

Parameters

priority

Specifies the priority bit.

Values

0 to 7

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority

Syntax

priority priority

no priority

Context

[Tree] (config>router>fad>flex-algo priority)

Full Context

configure router flexible-algorithm-definitions flex-algo priority

Description

This command configures the priority of the FAD. This priority is used as a tie-breaker when the router has received multiple FADs for the same flexible algorithm.

Every router that is configured to participate in a particular flexible algorithm uses the same tie-breaker logic to select the winning FAD. This allows for consistent FAD definition selection in cases where routers advertise different definitions for a specific flexible algorithm. The following rules apply to the breaker mechanism.

  • From the advertisements of the FAD in the area (including both locally generated advertisements and received advertisements), select the one with the highest priority value.

  • If there are multiple advertisements of the FAD with the same highest priority, select the one that is originated from the router with either the highest system ID or router ID.

The no form of this command sets the priority to the default value.

Default

priority 100

Parameters

priority

Configures the priority of this FAD.

Values

0 to 255

Default

100

Platforms

All

priority

Syntax

priority priority

no priority

Context

[Tree] (config>router>if>ipv6>vrrp priority)

[Tree] (config>router>if>vrrp priority)

Full Context

configure router interface ipv6 vrrp priority

configure router interface vrrp priority

Description

This command configures the base router priority for the virtual router instance used in the master election process.

The priority is the most important parameter set on a non-owner virtual router instance. The priority defines a virtual router’s selection order in the master election process. Together, the priority value and the preempt mode allow the virtual router with the best priority to become the master virtual router.

The base-priority is used to derive the in-use priority of the virtual router instance as modified by any optional VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis.

The priority command is only available in the non-owner vrrp nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed.

For non-owner virtual router instances, the default base priority value is 100.

The no form of the command reverts to the default value.

Default

priority 100

Parameters

priority

The base priority used by the virtual router instance expressed as a decimal integer. If no VRRP priority control policy is defined, the base-priority is the in-use priority for the virtual router instance.

Values

1 to 254

Platforms

All

priority

Syntax

priority priority-level [{delta | explicit}]

no priority

Context

[Tree] (config>vrrp>policy>priority-event>lag-port-down>weight-down priority)

[Tree] (config>vrrp>policy>priority-event>route-unknown priority)

[Tree] (config>vrrp>policy>priority-event>host-unreachable priority)

[Tree] (config>vrrp>policy>priority-event>port-down priority)

[Tree] (config>vrrp>policy>priority-event>lag-port-down>number-down priority)

Full Context

configure vrrp policy priority-event lag-port-down weight-down priority

configure vrrp policy priority-event route-unknown priority

configure vrrp policy priority-event host-unreachable priority

configure vrrp policy priority-event port-down priority

configure vrrp policy priority-event lag-port-down number-down priority

Description

This command controls the effect the set event has on the virtual router instance in-use priority.

When the event is set, the priority-level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keywords are specified.

Multiple set events in the same policy have interaction constraints:

  • If any set events have an explicit priority value, all the delta priority values are ignored.

  • The set event with the lowest explicit priority value defines the in-use priority that are used by all virtual router instances associated with the policy.

  • If no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy.

  • If the delta priorities sum exceeds the delta-in-use-limit parameter, then the delta-in-use-limit parameter is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy.

If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, therefore, there is no impact on the in-use priority.

The no form of the command configures the set event to subtract 0 from the base priority (no effect).

Default

no priority

Parameters

priority-level

The priority level adjustment value expressed as a decimal integer.

Values

0 to 254

delta

Configures what effect the priority-level will have on the base priority value. The default base priority value is delta.

When delta is specified, the priority-level value is subtracted from the associated virtual router instance’s base priority when the event is set and no explicit events are set. The sum of the priority event priority-level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in-use priority value. If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation.

explicit

Configures what effect the priority-level will have on the base priority value.

When explicit is specified, the priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy.

Platforms

All

priority

Syntax

priority priority-level explicit

no priority

Context

[Tree] (config>vrrp>policy>priority-event>mc-ipsec-non-forwarding priority)

Full Context

configure vrrp policy priority-event mc-ipsec-non-forwarding priority

Description

This command controls the effect the set event has on the virtual router instance in-use priority.

When the event is set, the priority-level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keywords are specified.

Multiple set events in the same policy have interaction constraints:

  • If any set events have an explicit priority value, all the delta priority values are ignored.

  • The set event with the lowest explicit priority value defines the in-use priority that are used by all virtual router instances associated with the policy.

  • If no set events have an explicit priority value, all the set events delta priority values are added and subtracted from the base priority value defined on each virtual router instance associated with the policy.

  • If the delta priorities sum exceeds the delta-in-use-limit parameter, then the delta-in-use-limit parameter is used as the value subtracted from the base priority value defined on each virtual router instance associated with the policy.

If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, therefore, there is no impact on the in-use priority.

The no form of the command configures the set event to subtract 0 from the base priority (no effect).

Default

no priority

Parameters

priority-level

The priority level adjustment value expressed as a decimal integer.

Values

0 to 254

explicit

When explicit is specified, the priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority

Syntax

priority bridge-priority

no priority

Context

[Tree] (config>service>pw-template>stp priority)

Full Context

configure service pw-template stp priority

Description

The bridge-priority command is used to populate the priority portion of the bridge ID field within outbound BPDUs (the most significant 4 bits of the bridge ID). It is also used as part of the decision process when determining the best BPDU between messages received and sent. All values will be truncated to multiples of 4096, conforming with IEEE 802.1t and 802.1D-2004.

The no form of this command returns the bridge priority to the default value.

Default

priority 4096

Parameters

bridge-priority

Specifies the bridge priority for the STP instance.

Values

Allowed values are integers in the range of 4096 to 65535 with 4096 being the highest priority. The actual bridge priority value stored/used is the number entered with the lowest 12 bits masked off which means the actual range of values is 4096 to 61440 in increments of 4096.

Platforms

All

priority

Syntax

priority number

no priority

Context

[Tree] (config>router>isis>if>level priority)

Full Context

configure router isis interface level priority

Description

This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.

This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.

The no form of this command reverts to the default value.

Default

priority 64

Parameters

number

Specifies the priority for this interface at this level.

Values

0 to 127

Platforms

All

priority

Syntax

priority number

no priority

Context

[Tree] (config>router>ospf3>area>interface priority)

[Tree] (config>router>ospf>area>interface priority)

Full Context

configure router ospf3 area interface priority

configure router ospf area interface priority

Description

This command configures the priority of the OSPF interface that is used in an election of the designated router on the subnet.

This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the designated router. A router with priority 0 is not eligible to be Designated Router or Backup Designated Router.

The no form of this command reverts the interface priority to the default value.

Default

priority 1

Parameters

number

Specifies the interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router or Backup Designated Router on the interface subnet.

Values

0 to 255

Platforms

All

priority

Syntax

priority [value]

no priority

Context

[Tree] (config>redundancy>multi-chassis>ipsec-domain priority)

Full Context

configure redundancy multi-chassis ipsec-domain priority

Description

This command configures the priority for the tunnel group in the IPsec domain. The node with the higher priority is more likely to be elected as active within the domain.

The no form of this command reverts to the default value.

Default

priority 100

Parameters

value

Specifies the IPsec domain tunnel group priority.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority-event

priority-event

Syntax

[no] priority-event

Context

[Tree] (config>vrrp>policy priority-event)

Full Context

configure vrrp policy priority-event

Description

This command creates the context to configure VRRP priority control events used to define criteria to modify the VRRP in-use priority.

A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance.

Up to 32 priority control events can be configured within the priority-event node.

The no form of the command clears any configured priority events.

Platforms

All

priority-marking

priority-marking

Syntax

priority-marking dscp dscp-name

priority-marking prec ip-prec-value

no priority-marking

Context

[Tree] (config>service>vprn>gsmp>group>neighbor priority-marking)

[Tree] (config>service>vpls>gsmp>group>neighbor priority-marking)

Full Context

configure service vprn gsmp group neighbor priority-marking

configure service vpls gsmp group neighbor priority-marking

Description

This command configures the type of priority marking to be used.

The no form of this command reverts to the default.

Parameters

dscp-name

Specifies the DSCP code-point to be used.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

ip-prec-value

Specifies the precedence value to be used.

Values

0 to 7

Platforms

All

priority-mbs-thresholds

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>subscr-mgmt>sub-prof>ingress>policer-control-policy priority-mbs-thresholds)

[Tree] (config>subscr-mgmt>sub-prof>egress>policer-control-policy priority-mbs-thresholds)

Full Context

configure subscriber-mgmt sub-profile ingress policer-control-policy priority-mbs-thresholds

configure subscriber-mgmt sub-profile egress policer-control-policy priority-mbs-thresholds

Description

The priority-mbs-thresholds command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority sensitive rate-based discards within the root arbiter’s parent policer.

The priority-mbs-thresholds CLI node always exists and does not need to be created.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>card>fp>ingress>access>queue-group>policer-control-override priority-mbs-thresholds)

[Tree] (config>card>fp>ingress>network>queue-group>policer-control-override priority-mbs-thresholds)

Full Context

configure card fp ingress access queue-group policer-control-override priority-mbs-thresholds

configure card fp ingress network queue-group policer-control-override priority-mbs-thresholds

Description

This command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority sensitive rate-based discards within the root arbiter’s parent policer.

The priority-mbs-thresholds CLI node always exists and does not need to be created.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>service>epipe>sap>egress>policer-control-override priority-mbs-thresholds)

[Tree] (config>service>cpipe>sap>egress>policer-control-override priority-mbs-thresholds)

[Tree] (config>service>ipipe>sap>egress>policer-control-override priority-mbs-thresholds)

[Tree] (config>service>cpipe>sap>ingress>policer-control-override priority-mbs-thresholds)

[Tree] (config>service>ipipe>sap>ingress>policer-control-override priority-mbs-thresholds)

[Tree] (config>service>epipe>sap>ingress>policer-control-override priority-mbs-thresholds)

Full Context

configure service epipe sap egress policer-control-override priority-mbs-thresholds

configure service cpipe sap egress policer-control-override priority-mbs-thresholds

configure service ipipe sap egress policer-control-override priority-mbs-thresholds

configure service cpipe sap ingress policer-control-override priority-mbs-thresholds

configure service ipipe sap ingress policer-control-override priority-mbs-thresholds

configure service epipe sap ingress policer-control-override priority-mbs-thresholds

Description

This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure service epipe sap egress policer-control-override priority-mbs-thresholds
  • configure service epipe sap ingress policer-control-override priority-mbs-thresholds
  • configure service ipipe sap egress policer-control-override priority-mbs-thresholds
  • configure service ipipe sap ingress policer-control-override priority-mbs-thresholds

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service cpipe sap ingress policer-control-override priority-mbs-thresholds
  • configure service cpipe sap egress policer-control-override priority-mbs-thresholds

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>service>vpls>sap>egress>policer-ctrl-over priority-mbs-thresholds)

[Tree] (config>service>vpls>sap>ingress>policer-ctrl-over priority-mbs-thresholds)

Full Context

configure service vpls sap egress policer-control-override priority-mbs-thresholds

configure service vpls sap ingress policer-control-override priority-mbs-thresholds

Description

This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>service>ies>if>sap>egress>policer-ctrl-over priority-mbs-thresholds)

[Tree] (config>service>ies>if>sap>ingress>policer-ctrl-over priority-mbs-thresholds)

Full Context

configure service ies interface sap egress policer-control-override priority-mbs-thresholds

configure service ies interface sap ingress policer-control-override priority-mbs-thresholds

Description

This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>service>vprn>if>sap>egress>policer-ctrl-over priority-mbs-thresholds)

[Tree] (config>service>vprn>if>sap>ingress>policer-ctrl-over priority-mbs-thresholds)

Full Context

configure service vprn interface sap egress policer-control-override priority-mbs-thresholds

configure service vprn interface sap ingress policer-control-override priority-mbs-thresholds

Description

This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority-mbs-thresholds

Syntax

priority-mbs-thresholds

Context

[Tree] (config>qos>plcr-ctrl-plcy>root priority-mbs-thresholds)

Full Context

configure qos policer-control-policy root priority-mbs-thresholds

Description

The priority-mbs-thresholds command contains the root arbiter parent policer’s min-thresh-separation command and each priority level’s mbs-contribution command that is used to internally derive each priority level’s shared-portion and fair-portion values. The system uses each priority level’s shared-portion and fair-portion value to calculate each priority level’s discard-unfair and discard-all MBS thresholds that enforce priority-sensitive rate-based discards within the root arbiter’s parent policer.

The priority-mbs-thresholds CLI node always exists and does not need to be created.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

priority-sessions

priority-sessions

Syntax

[no] priority-sessions

Context

[Tree] (config>service>nat>up-nat-policy priority-sessions)

[Tree] (config>service>nat>firewall-policy priority-sessions)

[Tree] (config>service>nat>nat-policy priority-sessions)

Full Context

configure service nat up-nat-policy priority-sessions

configure service nat firewall-policy priority-sessions

configure service nat nat-policy priority-sessions

Description

This command configures the prioritized sessions of this NAT or residential firewall policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat nat-policy priority-sessions
  • configure service nat up-nat-policy priority-sessions

7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service nat firewall-policy priority-sessions

priority1

priority1

Syntax

priority1 priority-value

no priority1

Context

[Tree] (config>system>ptp priority1)

Full Context

configure system ptp priority1

Description

This command configures the priority1 value of the local clock. This parameter is only used when the profile is set to ieee1588-2008. This value is used by the Best Master Clock Algorithm to determine which clock should provide timing for the network.

This value is used for the value to advertise in the Announce messages and for the local clock value in data set comparisons.

The no form of the command reverts to the default configuration.

Default

priority1 128

Parameters

priority-value

Specifies the value of the priority1 field.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priority2

priority2

Syntax

priority2 priority-value

no priority2

Context

[Tree] (config>system>ptp priority2)

Full Context

configure system ptp priority2

Description

This command configures the priority2 value of the local clock. This parameter is only used when the profile is set to ieee1588-2008, g8275dot1-2014, or g8275dot2-2016. The parameter is ignored when any other profile is selected.

This value is used by the Best timeTransmitter Clock algorithm to determine which clock should provide timing for the network.

Note:

This value is used for the value to advertise in the Announce messages and for local clock value in data set comparisons.

The no form of the command reverts to the default configuration.

Default

priority2 128

Parameters

priority-value

Specifies the value of the priority2 field.

Values

0 to 255

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

priv-lvl

priv-lvl

Syntax

priv-lvl priv-lvl user-profile-name

no priv-lvl priv-lvl

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus>priv-lvl-map priv-lvl)

Full Context

configure service vprn aaa remote-servers tacplus priv-lvl-map priv-lvl

Description

This command maps a specific TACACS+ priv-lvl to a locally configured profile for authorization. This mapping is used when the use-priv-lvl option is specified for TACPLUS authorization.

Parameters

priv-lvl

Specifies the privilege level used when sending a TACACS+ ENABLE request.

Values

0 to 15

user-profile-name

Specifies the user profile for this mapping.

Platforms

All

priv-lvl

Syntax

priv-lvl priv-lvl user-profile-name

no priv-lvl priv-lvl

Context

[Tree] (config>system>security>tacplus>priv-lvl-map priv-lvl)

Full Context

configure system security tacplus priv-lvl-map priv-lvl

Description

This command maps a specific TACACS+ priv-lvl to a locally configured profile for authorization. This mapping is used when the use-priv-lvl option is specified for TACPLUS authorization.

Parameters

priv-lvl

Specifies the privilege level used when sending a TACACS+ ENABLE request.

Values

0 to 15

user-profile-name

Specifies the user profile for this mapping.

Platforms

All

priv-lvl-map

priv-lvl-map

Syntax

[no] priv-lvl-map

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus priv-lvl-map)

Full Context

configure service vprn aaa remote-servers tacplus priv-lvl-map

Description

Commands in this context specify a series of mappings between TACACS+ priv-lvl and locally configured profiles for authorization. These mappings are used when the use-priv-lvl option is specified for tacplus authorization.

The no form of this command reverts to the default.

Default

priv-lvl-map

Platforms

All

priv-lvl-map

Syntax

[no] priv-lvl-map

Context

[Tree] (config>system>security>tacplus priv-lvl-map)

Full Context

configure system security tacplus priv-lvl-map

Description

Commands in this context specify a series of mappings between TACACS+ priv-lvl and locally configured profiles for authorization. These mappings are used when the use-priv-lvl option is specified for tacplus authorization.

The no form of this command reverts to the default.

Default

priv-lvl-map

Platforms

All

private-interface

private-interface

Syntax

private-interface ip-int-name

no private-interface

Context

[Tree] (config>ipsec>client-db>client private-interface)

Full Context

configure ipsec client-db client private-interface

Description

This command specifies the private interface name that is used for tunnel setup.

The no form of this command reverts to the default.

Default

no private-interface

Parameters

ip-int-name

Specifies the name of the private interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

private-ki

private-ki

Syntax

private-ki hex-string

no private-ki

Context

[Tree] (config>li>x-interfaces>lics>lic>authentication private-ki)

Full Context

configure li x-interfaces lics lic authentication private-ki

Description

This command configures the private key for the X1 and X2 interfaces.

The no form of this command reverts to the default.

Parameters

hex-string

Specifies the password. Must contain exactly 32 hex nibbles.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

private-retail-subnets

private-retail-subnets

Syntax

[no] private-retail-subnets

Context

[Tree] (config>service>vprn>sub-if private-retail-subnets)

Full Context

configure service vprn subscriber-interface private-retail-subnets

Description

This command controls the export of retail subnets and prefixes to the wholesale forwarding service. When this attribute is configured, subnets and prefixes configured on the retail subscriber interface are no longer exported to the associated wholesale VPRN and remain private to the retail VPRN. This is useful in a IPoE or PPPoE business service context, as it allows retail services to use overlapping IP address spaces even if those services are associated with the same wholesale service. IPoE and PPPoE sessions are actually terminated in the retail service although their traffic transits on a SAP belonging to the wholesale service.

Configuring private retail subnets is not supported for IPv4 static hosts and ARP hosts. If PPPoE sessions need to coexist with IPv4 static hosts or ARP hosts, then this attribute should not be configured on the retail subscriber interface.

This command fails if the subscriber interface is not associated with a wholesale service.

If the retail VPRN is of the type hub, this attribute is mandatory. In this case, private retail subnets are enabled by default and cannot be unconfigured.

The no form of this command disables overlapping IP addresses between different retailers referring to this interface.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

private-service

private-service

Syntax

private-service service-id

private-service name service-name

no private-service

Context

[Tree] (config>ipsec>client-db>client private-service)

Full Context

configure ipsec client-db client private-service

Description

This command specifies the private service ID that is used for tunnel setup.

The no form of this command reverts to the default.

Default

no private-service

Parameters

service-id

Specifies the service ID of the tunnel delivery service.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The private-service name service-name variant can be used in all configuration modes.

Values

{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

name service-name

Identifies the service, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

private-tcp-mss-adjust

private-tcp-mss-adjust

Syntax

private-tcp-mss-adjust octets

private-tcp-mss-adjust default

no private-tcp-mss-adjust

Context

[Tree] (config>service>vprn>l2tp>group>l2tpv3 private-tcp-mss-adjust)

[Tree] (config>service>vprn>l2tp>group>tunnel>l2tpv3 private-tcp-mss-adjust)

[Tree] (config>router>l2tp>group>tunnel>l2tpv3 private-tcp-mss-adjust)

[Tree] (config>service>vprn>l2tp>l2tpv3 private-tcp-mss-adjust)

[Tree] (config>router>l2tp>group>l2tpv3 private-tcp-mss-adjust)

Full Context

configure service vprn l2tp group l2tpv3 private-tcp-mss-adjust

configure service vprn l2tp group tunnel l2tpv3 private-tcp-mss-adjust

configure router l2tp group tunnel l2tpv3 private-tcp-mss-adjust

configure service vprn l2tp l2tpv3 private-tcp-mss-adjust

configure router l2tp group l2tpv3 private-tcp-mss-adjust

Description

This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the group or tunnel level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

With the default parameter, the system uses the upper-level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.

The no form of this command disables TCP MSS adjust on the private side.

Default

no private-tcp-mss-adjust

Parameters

octets

Specifies the new TCP MSS value in octets.

Values

512 to 9000

default

Specifies to use the upper-level configuration

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

private-tcp-mss-adjust

Syntax

private-tcp-mss-adjust bytes

private-tcp-mss-adjust octets

no private-tcp-mss-adjust

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)

[Tree] (config>ipsec>tnl-temp private-tcp-mss-adjust)

[Tree] (config>service>ies>if>sap>ip-tunnel private-tcp-mss-adjust)

[Tree] (config>service>vprn>if>sap>ipsec-tun private-tcp-mss-adjust)

[Tree] (config>service>vprn>if>sap>ip-tunnel private-tcp-mss-adjust)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel private-tcp-mss-adjust)

Full Context

configure router interface ipsec ipsec-tunnel private-tcp-mss-adjust

configure ipsec tunnel-template private-tcp-mss-adjust

configure service ies interface sap ip-tunnel private-tcp-mss-adjust

configure service vprn interface sap ipsec-tunnel private-tcp-mss-adjust

configure service vprn interface sap ip-tunnel private-tcp-mss-adjust

configure service vprn interface ipsec ipsec-tunnel private-tcp-mss-adjust

configure service ies interface ipsec ipsec-tunnel private-tcp-mss-adjust

Description

This command enables TCP MSS to adjust for L2TPv3 tunnels, IPsec, or IP tunnels on the private side. When the command is configured, the system updates the TCP MSS option to the value of the received TCP SYN packet on the private side.

The no form of this command disables TCP MSS adjust on the private side.

Default

no private-tcp-mcc-adjust

Parameters

bytes

Specifies the new TCP MSS value in bytes.

Values

512 to 9000

octets

Specifies the new TCP MSS value in octets.

Values

512 to 9000

Platforms

VSR

  • configure router interface ipsec ipsec-tunnel private-tcp-mss-adjust
  • configure service ies interface ipsec ipsec-tunnel private-tcp-mss-adjust
  • configure service vprn interface ipsec ipsec-tunnel private-tcp-mss-adjust

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template private-tcp-mss-adjust
  • configure service ies interface sap ip-tunnel private-tcp-mss-adjust
  • configure service vprn interface sap ipsec-tunnel private-tcp-mss-adjust
  • configure service vprn interface sap ip-tunnel private-tcp-mss-adjust

probe-count

probe-count

Syntax

probe-count probes-per-hop

no probe-count

Context

[Tree] (config>saa>test>type-multi-line>lsp-trace>sr-policy probe-count)

Full Context

configure saa test type-multi-line lsp-trace sr-policy probe-count

Description

This command configures the number of probes per hop.

The no form of this command reverts to the default value.

Default

probe-count 1

Parameters

probes-per-hop

Specifies the probes-per-hop count, expressed as number of packets.

Values

1 to 10

Default

1

Platforms

All

probe-fail-enable

probe-fail-enable

Syntax

[no] probe-fail-enable

Context

[Tree] (config>saa>test>trap-gen probe-fail-enable)

Full Context

configure saa test trap-gen probe-fail-enable

Description

This command enables the generation of an SNMP trap when the consecutive probe failure threshold (configured using the probe-fail-threshold command) is reached during the execution of the SAA ping test. This command is not applicable to SAA trace route tests.

The no form of this command disables the generation of an SNMP trap.

Platforms

All

probe-fail-threshold

probe-fail-threshold

Syntax

probe-fail-threshold threshold

no probe-fail-threshold

Context

[Tree] (config>saa>test>trap-gen probe-fail-threshold)

Full Context

configure saa test trap-gen probe-fail-threshold

Description

This command configures the threshold for trap generation after ping probe failure.

This command has no effect when probe-fail-enable is disabled. This command is not applicable to SAA trace route tests.

The no form of this command returns the threshold value to the default.

Default

probe-fail-threshold 1

Parameters

threshold

Specifies the number of consecutive ping probe failures required to generate a trap.

Values

0 to 15

Platforms

All

probe-history

probe-history

Syntax

probe-history {keep | drop | auto}

Context

[Tree] (config>saa>test probe-history)

Full Context

configure saa test probe-history

Description

Specifies history probe behavior. Defaults are associated with various configured parameters within the SAA test. Auto (keep) is used for test with probe counts of 100 or less, and intervals of 1 second and above. Auto (drop) only maintains summary information for tests marked as continuous with file functions, probe counts more than 100 and intervals of less than 1 second. SAA tests that are not continuous with a write to file defaults to Auto (keep). The operator is free to change the default behaviors for each type. Each test that maintains per probe history consumes more system memory. When per probe entries are required, the probe history is available at the completion of the test.

Default

probe-history auto

Parameters

auto

An auto selector that determines the storage of the history information.

drop

Stores summarized min/max/avg data not per probe information for test runs. This may be configured for all tests to conserve memory.

keep

Stores per probe information for tests. This consumes significantly more memory than summary information and should only be used if necessary.

Platforms

All

process-arp-probes

process-arp-probes

Syntax

[no] process-arp-probes

Context

[Tree] (config>service>vpls>proxy-arp process-arp-probes)

Full Context

configure service vpls proxy-arp process-arp-probes

Description

This command enables router proxy ARP function replies to Duplicate Address Detection (DAD) ARP probes upon a successful proxy ARP table lookup.

The no form of this command disables the router from replying to DAD ARP probes.

Default

process-arp-probes

Platforms

All

process-cpm-traffic-on-sap-down

process-cpm-traffic-on-sap-down

Syntax

[no] process-cpm-traffic-on-sap-down

Context

[Tree] (config>service>vpls>sap process-cpm-traffic-on-sap-down)

Full Context

configure service vpls sap process-cpm-traffic-on-sap-down

Description

This command is applicable to simple SAPs configured on LAGs that are not part of any "endpoint” configurations or complicated resiliency schemes like MC-LAG with inter-chassis-backup (ICB) configurations. When configured, a simple LAG SAP is not removed from the forwarding plane and flooded traffic (unknown unicast, broadcast and multicast) is dropped on egress. This allows applicable control traffic that is extracted at the egress interface to be processed by the CPM. This command will not prevent a VPLS service from entering an operationally down state if it is the last active connection to enter a nonoperational state. By default, without this command, when a SAP on a LAG enters a nonoperational state, it is removed from the forwarding plane and no forwarding occurs to the egress.

The no form of this command removes a SAP over a LAG that is not operational from the forwarding process.

Default

no process-cpm-traffic-on-sap-down

Platforms

All

process-dad-neighbor-solicitations

process-dad-neighbor-solicitations

Syntax

[no] process-dad-neighbor-solicitations

Context

[Tree] (config>service>vpls>proxy-nd process-dad-neighbor-solicitations)

Full Context

configure service vpls proxy-nd process-dad-neighbor-solicitations

Description

This command enables the router proxy ND replies to Duplicate Address Detection (DAD) neighbor solicitations upon a successful proxy ND table lookup.

The no form of this command disables the router from replying to DAD neighbor solicitations.

Default

process-dad-neighbor-solicitations

Platforms

All

profile

profile

Syntax

profile profile-name [create]

no profile profile-name

Context

[Tree] (config app-assure group url-filter web-service profile)

Full Context

configure application-assurance group url-filter web-service profile

Description

This command configures the category profiles of the web service.

The no form of this command removes the category profiles configuration.

Parameters

profile-name

Specifies the name of the category profile, up to 256 characters.

create

Keyword that specifies to create a category profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

profile

Syntax

[no] profile user-profile-name

Context

[Tree] (config system security profile)

Full Context

configure system security profile

Description

This command creates a context to create user profiles for command authorization and other functions associated with a user.

Profiles can be used to deny or permit user access to entire command branches or to specific commands.

Once the profiles are created, the user command assigns users to one or more profiles. You can define up to 16 user profiles but a maximum of 8 profiles can be assigned to a user.

The no form of this command deletes a user profile.

Parameters

user-profile-name

Specifies the user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.

Platforms

All

profile

Syntax

profile {in | out}

no profile

Context

[Tree] (config saa test type-multi-line lsp-ping sr-policy profile)

[Tree] (config saa test type-multi-line lsp-ping profile)

[Tree] (config saa test type-multi-line lsp-trace sr-policy profile)

Full Context

configure saa test type-multi-line lsp-ping sr-policy profile

configure saa test type-multi-line lsp-ping profile

configure saa test type-multi-line lsp-trace sr-policy profile

Description

This command configures the profile state of the MPLS echo request packet.

The no form of this command reverts to the default value.

Default

profile out

Parameters

in

Specifies "in” as the profile state of the MPLS echo request packet.

out

Specifies "out” as the profile state of the MPLS echo request packet.

Platforms

All

profile

Syntax

profile {in | out}

no profile

Context

[Tree] (config>oam-pm>session>ip profile)

Full Context

configure oam-pm session ip profile

Description

This command defines whether the TWAMP Light PDU packet should be treated as in-profile or out-of-profile. The default has been selected because the forwarding class defaults to best effort.

The no form of this command restores the default value.

Default

profile out

Parameters

in

Specifies that the TWAMP Light PDU packet is sent as in-profile.

out

Specifies that the TWAMP Light PDU packet is sent as out-of-profile.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

profile

Syntax

profile {in | out}

no profile

Context

[Tree] (config>oam-pm>session>mpls profile)

Full Context

configure oam-pm session mpls profile

Description

This command defines whether the DM PDU packet should be treated as in profile or out-of-profile.

The no form of this command reverts the default value.

Default

profile out

Parameters

in

Marks the PDU in profile.

out

Marks the PDU out of profile.

Default

out

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

profile

Syntax

profile {in | out}

no profile

Context

[Tree] (config qos sap-ingress fc profile)

Full Context

configure qos sap-ingress fc profile

Description

This command places a forwarding class or subclass into a color aware profile mode. Normally, packets associated with a class are considered in-profile or out-of-profile solely based on the dynamic rate of the ingress queue relative to its CIR. Explicitly defining a class as in-profile or out-of-profile overrides this function by handling each packet with the defined profile state.

The profile command may only be executed when the forwarding class or the parent forwarding class (for a subclass) is mapped to a queue that has been enabled to support color aware profile packets. The queue may only be configured for profile-mode at the time the queue is created in the SAP ingress QoS policy.

A queue operating in profile-mode may support in-profile, out-of-profile, and non-profiled packets simultaneously. However, the high- and low-priority classification actions are ignored when the queue is in profile-mode.

The no form of this command removes an explicit in-profile or out-of-profile configuration on a forwarding class or subclass.

Default

no profile — The default profile state of a forwarding class or subclass is not to treat ingress packets as color aware. An explicit definition for in-profile or out-of-profile must be specified on the forwarding class or subclass.

Parameters

in

The in keyword is mutually exclusive to the out keyword. When the profile in command is executed, all packets associated with the class will be handled as in-profile. Packets explicitly handled as in-profile or out-of-profile still flow through the ingress service queue associated with the class to preserve order within flows. In-profile packets will count against the CIR of the queue, diminishing the amount of CIR available to other classes using the queue that are not configured with an explicit profile.

out

The out keyword is mutually exclusive to the in keyword. When the profile out command is executed, all packets associated with the class will be handled as out-of-profile. Packets explicitly handled as in-profile or out-of-profile still flow through the ingress service queue associated with the class to preserve order within flows. Out-of-profile packets will not count against the CIR of the queue, allowing other classes using the queue that are not configured with an explicit profile to be measured against the full CIR.

Platforms

All

profile

Syntax

profile {g8265dot1-2010 | ieee1588-2008 | g8275dot1-2014 | g8275dot2-2016}

Context

[Tree] (config system ptp profile)

Full Context

configure system ptp profile

Description

This command configures the profile for the internal PTP clock, which defines the Best timeTransmitter Clock Algorithm (BTCA) behavior.

The profile setting for the clock cannot be changed unless PTP is shutdown.

The clock-type is restricted based on the PTP profile setting.

  • If the profile is ieee1588-2008, the clock-type is not restricted.

  • If the profile is g8265dot1-2010, the clock type may only be ordinary slave or ordinary master; boundary clock is not allowed.

  • If the profile is g8275dot1-2014 or g8275dot2-2016, the clock-type may only be boundary clock or ordinary slave; ordinary master is not allowed.

When the profile is changed, the domain changes to the default value for the new profile. Any command parameters that are set to default for the original profile are changed to the default for the new profile. This applies to the following:

  • log-anno-interval set for the clock

  • log-sync-interval set for a peer or a port

  • log-delay-interval set for a port

Non-default parameter values for the original profile remain unchanged.

Default

profile g8265dot1-2010

Parameters

g8265dot1-2010

Conforms to the ITU-T G.8265.1 specification.

ieee1588-2008

Conforms to the 2008 version of the IEEE1588 standard.

g8275dot1-2014

Conforms to the ITU-T G.8275.1 specification.

g8275dot2-2016

Conforms to the ITU-T G.8275.2 specification.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

profile

Syntax

profile {g8265dot1-2010 | g8275dot1-2014 | g8275dot2-2016 | ieee1588-2008}

Context

[Tree] (config>system>ptp>alternate-profile profile)

Full Context

configure system ptp alternate-profile profile

Description

This command configures the standard profile that is used as the basis for the alternate profile.

The profile setting controls the content of PTP messages sent on ports and peers using this alternate profile.

Modification of this setting is allowed only when the alternate profile is shut down.

Default

profile g8275dot1-2014

Parameters

g8265dot1-2010

Keyword to conform to the ITU-T G.8265.1 specification.

g8275dot1-2014

Keyword to conform to the ITU-T G.8275.1 specification.

g8275dot2-2016

Keyword to conform to the ITU-T G.8275.2 specification.

ieee1588-2008

Keyword to conform to the 2008 version of the IEEE1588 standard.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

profile

Syntax

profile name [create]

no profile name

Context

[Tree] (config system network-element-discovery profile)

Full Context

configure system network-element-discovery profile

Description

This command configures a profile to be used by IGP to advertise the network element information to its neighbors.

The no form of this command deletes the specified profile.

Parameters

name

Specifies the name of the profile, up to 32 characters.

Platforms

All

profile

Syntax

profile user-profile-name

no profile

Context

[Tree] (config system security user-template profile)

Full Context

configure system security user-template profile

Description

This command configures the command authorization profile to associate with a user template. See the user-template command for more details.

Parameters

user-profile-name

The user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.

Platforms

All

profile

Syntax

profile quality-of-service-profile

Context

[Tree] (config>test-oam>link-meas>template>twl profile)

Full Context

configure test-oam link-measurement measurement-template twamp-light profile

Description

This command configures the QoS profile. The profile indicator determines if the packet is treated as in or out of profile as it moves through the local node.

Default

profile in

Parameters

quality-of-service-profile

Specifies the QoS profile used when launching the link measurement test belonging to the specified template.

Values

in, out

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

profile

Syntax

profile cert-update-profile

Context

[Tree] (config system security pki cert-auto-upd cert profile)

Full Context

configure system security pki certificate-auto-update cert profile

Description

This command configures a certificate-update-profile to reference the update behavior.

Parameters

cert-update-profile

Specifies the certificate profile name, up to 32 characters.

Platforms

All

profile-capped

profile-capped

Syntax

[no] profile-capped

Context

[Tree] (config>qos>sap-ingress>policer profile-capped)

[Tree] (config>qos>qgrps>egr>queue-group profile-capped)

[Tree] (config>qos>qgrps>ingress>queue-group profile-capped)

[Tree] (config>qos>sap-egress>policer profile-capped)

Full Context

configure qos sap-ingress policer profile-capped

configure qos queue-group-templates egress queue-group profile-capped

configure qos queue-group-templates ingress queue-group profile-capped

configure qos sap-egress policer profile-capped

Description

Profile-capped mode enforces an overall in-profile burst limit to the CIR bucket for ingress undefined, ingress explicit in-profile, egress soft-in-profile, and egress explicit in-profile packets. The default behavior when profile-capped mode is not enabled is to ignore the CIR output state when an explicit in-profile packet is handled by an ingress or egress policer.

The profile-capped mode makes two changes:

  • At egress, soft-in-profile packets (packets received from ingress as in-profile) are treated the same as explicit in-profile (unless explicitly reclassified as out-of-profile) and have an initial policer state of in-profile.

  • At both ingress and egress, any packet output from the policer with a non-conforming CIR state are treated as out-of-profile (out-of-profile state is ignored for initial in-profile packets when profile-capped mode is not enabled).

Default

no profile-capped

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

  • configure qos sap-egress policer profile-capped
  • configure qos sap-ingress policer profile-capped

All

  • configure qos queue-group-templates egress queue-group profile-capped
  • configure qos queue-group-templates ingress queue-group profile-capped

profile-capped

Syntax

[no] profile-capped

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer profile-capped)

[Tree] (config>qos>qgrps>ing>qgrp>policer profile-capped)

Full Context

configure qos queue-group-templates egress queue-group policer profile-capped

configure qos queue-group-templates ingress queue-group policer profile-capped

Description

This command enables a limit on the profile.

Default

no profile-capped

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

profile-out-preserve

profile-out-preserve

Syntax

[no] profile-out-preserve

Context

[Tree] (config>qos>sap-egress>policer profile-out-preserve)

Full Context

configure qos sap-egress policer profile-out-preserve

Description

This command specifies whether to preserve the color of offered out-of-profile traffic at sap-egress policer (profile of the packet can change based on egress CIR state).

When enabled, traffic determined as out-of-profile at ingress policer will be treated as out-of-profile at sap-egress policer.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

profile-preferred

profile-preferred

Syntax

profile-preferred

no profile-preferred

Context

[Tree] (config>qos>plcr-ctrl-plcy>root profile-preferred)

Full Context

configure qos policer-control-policy root profile-preferred

Description

The profile-preferred command ensures that the root policer provides a preference to consume its PIR bucket tokens at a given priority level to packets that have their profile state set to in-profile by the output of the child policer CIR bucket.

Default

no profile-preferred

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, 7950 XRS, VSR

profiled-traffic-only

profiled-traffic-only

Syntax

[no] profiled-traffic-only

Context

[Tree] (config subscr-mgmt msap-policy sub-sla-mgmt single-sub profiled-traffic-only)

Full Context

configure subscriber-mgmt msap-policy sub-sla-mgmt single-sub-parameters profiled-traffic-only

Description

This command specifies whether only profiled traffic is applicable for an MSAP. When enabled, all queues are deleted.

The no form of this command reverts to the default setting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

profiled-traffic-only

Syntax

[no] profiled-traffic-only

Context

[Tree] (config service ies if sap sub-sla-mgmt single-sub profiled-traffic-only)

[Tree] (config service vpls sap sub-sla-mgmt single-sub-parameters profiled-traffic-only)

[Tree] (config service ies sub-if grp-if sap sub-sla-mgmt single-sub profiled-traffic-only)

[Tree] (config service vprn sub-if grp-if sap sub-sla-mgmt single-sub profiled-traffic-only)

[Tree] (config service vprn if sap sub-sla-mgmt single-sub profiled-traffic-only)

Full Context

configure service ies interface sap sub-sla-mgmt single-sub profiled-traffic-only

configure service vpls sap sub-sla-mgmt single-sub-parameters profiled-traffic-only

configure service ies subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters profiled-traffic-only

configure service vprn subscriber-interface group-interface sap sub-sla-mgmt single-sub-parameters profiled-traffic-only

configure service vprn interface sap sub-sla-mgmt single-sub profiled-traffic-only

Description

This command specifies whether only profiled traffic is applicable for this SAP. The profiled traffic refers to single subscriber traffic on a dedicated SAP (in the VLAN-per-subscriber model). When enabled, subscriber queues are instantiated through the QOS policy defined in the sla-profile and the associated SAP queues are deleted. This can increase subscriber scaling by reducing the number of queues instantiated per subscriber (in the VLAN-per-subscriber model). In order for this to be achieved, any configured multi-sub-sap limit must be removed (leaving the default of 1).

The no form of this command disables the command.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

progress-indicator

progress-indicator

Syntax

progress-indicator

Context

[Tree] (config>system>management-interface>cli>md-cli>environment progress-indicator)

Full Context

configure system management-interface cli md-cli environment progress-indicator

Description

Commands in this context configure progress indicator parameters.

Platforms

All

promiscuous-mode

promiscuous-mode

Syntax

[no] promiscuous-mode

Context

[Tree] (config>service>ies>sub-if>grp-if>wlan-gw promiscuous-mode)

[Tree] (config>service>vprn>sub-if>grp-if>wlan-gw promiscuous-mode)

Full Context

configure service ies subscriber-interface group-interface wlan-gw promiscuous-mode

configure service vprn subscriber-interface group-interface wlan-gw promiscuous-mode

Description

When promiscuous mode is enabled, the router accepts all traffic, including traffic that is not destined for a WLAN gateway group interface MAC or virtual MAC address for ESM processing.

The no form of this command causes the router to only accept traffic that is destined for a WLAN gateway group interface MAC or virtual MAC address for ESM processing.

Default

no promiscuous-mode

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

prompt

prompt

Syntax

prompt

Context

[Tree] (config>system>management-interface>cli>md-cli>environment prompt)

Full Context

configure system management-interface cli md-cli environment prompt

Description

Commands in this context configure prompt parameters.

Platforms

All

propagate-admin-group

propagate-admin-group

Syntax

[no] propagate-admin-group

Context

[Tree] (config>router>mpls>lsp>fast-reroute propagate-admin-group)

[Tree] (config>router>mpls>lsp-template>fast-reroute propagate-admin-group)

Full Context

configure router mpls lsp fast-reroute propagate-admin-group

configure router mpls lsp-template fast-reroute propagate-admin-group

Description

The command enables the signaling of the primary LSP path admin-group constraints in the FRR object at the ingress.

When this command is executed, the admin-group constraints configured in the context of the P2P LSP primary path, or the ones configured in the context of the LSP and inherited by the primary path, are copied into the FAST_REROUTE object. The admin-group constraints are copied into the 'include-any’ or 'exclude-any’ fields.

The ingress LER thus propagates these constraints to the downstream nodes during the signaling of the LSP to allow them to include the admin-group constraints in the selection of the FRR backup LSP for protecting the LSP primary path.

The ingress LER inserts the FAST_REROUTE object by default in a primary LSP path message. If the user disables the object using the following command, the admin-group constraints will not be propagated: config>router>mpls>no frr-object.

Note that the same admin-group constraints can be copied into the Session Attribute object. They are intended for the use of an LSR, typically an ABR, to expand the ERO of an inter-area LSP path. They are also used by any LSR node in the path of a CSPF or non-CSPF LSP to check the admin-group constraints against the ERO regardless if the hop is strict or loose. These are governed strictly by the command:

config>router>mpls>lsp>propagate-admin-group

In other words, the user may decide to copy the primary path admin-group constraints into the FAST_REROUTE object only, or into the Session Attribute object only, or into both. Note, however, that the PLR rules for processing the admin-group constraints can make use of either of the two object admin-group constraints.

This feature is supported with the following LSP types and in both intra-area and inter-area TE where applicable:

  • Primary path of a RSVP P2P LSP.

  • S2L path of an RSVP P2MP LSP instance

  • LSP template for an S2L path of an RSVP P2MP LSP instance.

The no form of this command disables the signaling of administrative group constraints in the FRR object.

Default

no propagate-admin-group

Platforms

All

propagate-admin-group

Syntax

[no] propagate-admin-group

Context

[Tree] (config>router>mpls>lsp-template propagate-admin-group)

[Tree] (config>router>mpls>lsp propagate-admin-group)

Full Context

configure router mpls lsp-template propagate-admin-group

configure router mpls lsp propagate-admin-group

Description

This command enables propagation of session attribute object with resource affinity (C-type 1) in PATH message. If an LSR receives a session attribute with resource affinity, then it will check the compatibility of admin-groups received in PATH message against configured admin-groups on the egress interface of LSP.

To support admin-group for inter-area LSP, the ingress node must configure propagating admin-groups within the session attribute object. If a PATH message is received by an LSR node that has the cspf-on-loose-hop option enabled and the message includes admin-groups, then the ERO expansion by CSPF to calculate the path to the next loose hop includes the admin-group constraints received from ingress node.

If this option is disabled, then the session attribute object without resource affinity (C-Type 7) is propagated in PATH message and CSPF at the LSR node does not include admin-group constraints.

This admin group propagation is supported with a P2P LSP, a P2MP LSP instance, and an LSP template.

The user can change the value of the propagate-admin-group option on the fly. A RSVP P2P LSP performs a Make-Before-Break (MBB) on changing the configuration. A S2L path of an RSVP P2MP LSP performs a Break-Before-Make on changing the configuration.

The no form of this command reverts to the default value.

Default

no propagate-admin-group

Platforms

All

propagate-hold-time

propagate-hold-time

Syntax

propagate-hold-time second

no propagate-hold-time

Context

[Tree] (config>eth-cfm>redundancy>mc-lag propagate-hold-time)

Full Context

configure eth-cfm redundancy mc-lag propagate-hold-time

Description

This command configures the delay, in seconds, that fault propagation is delayed because of port or MC-LAG state changes. This provides the amount of time for system stabilization during a port state changes that may be protected by MC-LAG. This command requires the standby-mep-shutdown command in order to take effect.

The no form of the command reverts to the default.

Default

propagate-hold-time 1

Parameters

seconds

Specifies the amount of time in seconds. Zero means no delay.

Values

0 to 60

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

propagate-mac-flush

propagate-mac-flush

Syntax

[no] propagate-mac-flush

Context

[Tree] (config>service>vpls propagate-mac-flush)

Full Context

configure service vpls propagate-mac-flush

Description

This command enabled propagation of mac-flush messages received from the specified T-LDP on all spoke and mesh-SDPs within the context of the VPLS service. The propagation will follow split-horizon principles and any data-path blocking in order to avoid looping of these messages.

Default

no propagate-mac-flush

Platforms

All

propagate-mac-flush-from-bvpls

propagate-mac-flush-from-bvpls

Syntax

[no] propagate-mac-flush-from-bvpls

Context

[Tree] (config>service>vpls>pbb propagate-mac-flush-from-bvpls)

Full Context

configure service vpls pbb propagate-mac-flush-from-bvpls

Description

This command enables the propagation in the local PBB of any regular LDP MAC Flush received in the related B-VPLS. If an LDP MAC flush-all-but-mine is received in the B-VPLS context, the command controls also whether a flush is performed for all the customer MACs in the associated FDB. The command does not have any effect on a PBB MAC Flush (LDP MAC flush with PBB TLV) received in the related B-VPLS context.

The no form of this command disables the propagation of LDP MAC Flush i from the related B-VPLS.

Default

no propagate-mac-flush-from-bvpls

Platforms

All

propagate-metric

propagate-metric

Syntax

[no] propagate-metric

Context

[Tree] (config>service>vprn>rip propagate-metric)

Full Context

configure service vprn rip propagate-metric

Description

This command enables the BGP MED to be used to configure the RIP metric at the BGP to RIP transition on egress routers. BGP always configures the BGP MED to the RIP metric at the ingress router. When propagate-metric is configured, the RIP metric at egress routers is configured as the BGP MED attribute added to the optional value configured with the metric-out command.

The no version of this command sets the RIP metric to the optional value configured with the metric-out command plus 1.

Default

no propagate-metric

Platforms

All

propagate-pmtu-v4

propagate-pmtu-v4

Syntax

[no] propagate-pmtu-v4

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel propagate-pmtu-v4)

[Tree] (config>ipsec>tnl-temp propagate-pmtu-v4)

[Tree] (config>service>ies>if>sap>ip-tunnel propagate-pmtu-v4)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel propagate-pmtu-v4)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel propagate-pmtu-v4)

[Tree] (config>router>if>ipsec>ipsec-tunnel propagate-pmtu-v4)

[Tree] (config>service>vprn>if>sap>ip-tunnel propagate-pmtu-v4)

Full Context

configure service vprn interface sap ipsec-tunnel propagate-pmtu-v4

configure ipsec tunnel-template propagate-pmtu-v4

configure service ies interface sap ip-tunnel propagate-pmtu-v4

configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v4

configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v4

configure router interface ipsec ipsec-tunnel propagate-pmtu-v4

configure service vprn interface sap ip-tunnel propagate-pmtu-v4

Description

This command enables the system to propagate the path MTU learned from public side to private side (IPv4 hosts).

The no form of this command prevents the learned path MTU propagation.

Default

propagate-pmtu-v4

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ipsec-tunnel propagate-pmtu-v4
  • configure service ies interface sap ip-tunnel propagate-pmtu-v4
  • configure service vprn interface sap ip-tunnel propagate-pmtu-v4
  • configure ipsec tunnel-template propagate-pmtu-v4

VSR

  • configure router interface ipsec ipsec-tunnel propagate-pmtu-v4
  • configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v4
  • configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v4

propagate-pmtu-v6

propagate-pmtu-v6

Syntax

[no] propagate-pmtu-v6

Context

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel propagate-pmtu-v6)

[Tree] (config>ipsec>tnl-temp propagate-pmtu-v6)

[Tree] (config>service>ies>if>sap>ip-tunnel propagate-pmtu-v6)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel propagate-pmtu-v6)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel propagate-pmtu-v6)

[Tree] (config>service>vprn>if>sap>ip-tunnel propagate-pmtu-v6)

[Tree] (config>router>if>ipsec>ipsec-tunnel propagate-pmtu-v6)

Full Context

configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v6

configure ipsec tunnel-template propagate-pmtu-v6

configure service ies interface sap ip-tunnel propagate-pmtu-v6

configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v6

configure service vprn interface sap ipsec-tunnel propagate-pmtu-v6

configure service vprn interface sap ip-tunnel propagate-pmtu-v6

configure router interface ipsec ipsec-tunnel propagate-pmtu-v6

Description

This command enables the system to propagate the path MTU learned from public side to private side (IPv6 hosts).

The no form of this command prevents the learned path MTU propagation.

Default

propagate-pmtu-v6

Platforms

VSR

  • configure service ies interface ipsec ipsec-tunnel propagate-pmtu-v6
  • configure service vprn interface ipsec ipsec-tunnel propagate-pmtu-v6
  • configure router interface ipsec ipsec-tunnel propagate-pmtu-v6

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn interface sap ip-tunnel propagate-pmtu-v6
  • configure service ies interface sap ip-tunnel propagate-pmtu-v6
  • configure service vprn interface sap ipsec-tunnel propagate-pmtu-v6
  • configure ipsec tunnel-template propagate-pmtu-v6

propagate-topology-change

propagate-topology-change

Syntax

[no] propagate-topology-change

Context

[Tree] (config>eth-ring>sub-ring>interconnect propagate-topology-change)

Full Context

configure eth-ring sub-ring interconnect propagate-topology-change

Description

This command configures the G.8032 sub-ring to propagate topology changes. From the sub-ring to the major ring as specified in the G.8032 interconnection flush logic. This command is only valid on the sub-ring and on the interconnection node. Since this command is only valid on a Sub-ring, a virtual link or non-virtual link must be specified to configure this command. The command is blocked on major rings (when both path a and b are specified on a ring).

The no form of this command reverts propagate to the default value.

Default

no propagate-topology-change

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

protect-circuit

protect-circuit

Syntax

protect-circuit port-id

no protect-circuit

Context

[Tree] (config>port>aps protect-circuit)

Full Context

configure port aps protect-circuit

Description

This command configures a physical port that will act as the protection circuit for this APS group. The protect circuit port must contain only the default configuration and cannot belong to another APS group. The protect circuit port must be of the same type as the working circuit for the APS group, for the port to be added to an APS group port. If that’s not the case, the command will return an error.

A protection circuit can only be added if the working circuit already exists; the protection circuit must be removed from the configuration before the working circuit is removed.

When a port is a protect-circuit of an APS group, the configuration options available in the config>port port-id>sonet-sdh context is not allowed for that port unless it is part of the noted exceptions. The exception list includes these SONET/SDH commands:

  • clock-source

  • [no] loopback

  • [no] report-alarm

  • section-trace

  • [no] threshold

When is port configured as a protection circuit of an APS group, the configurations described above and all service configurations related to APS port are operationally inherited by the protect circuit. If the protect circuit cannot inherit the configurations (due to resource limitations), the configuration attempt fails and an error is returned to the user.

The protect circuit must be shutdown before it can be removed from the APS group port. The inherited configuration for the circuit and APS operational commands for that circuit are not preserved when the circuit is removed from the APS group.

The no form of this command removes the protect-circuit.

Parameters

port-id

Specifies the physical port that will act as the protection circuit for this APS group in the following format.

port-id

slot/mda/port

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

Refer to "Modifying Hold-Down Timer Values” in the config>port>aps working-circuit command description for information about modifying the timer defaults in the event of communication delays between the APS controllers.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-a, 7750 SR-e

protect-tp-path

protect-tp-path

Syntax

[no] protect-tp-path

Context

[Tree] (config>router>mpls>lsp protect-tp-path)

Full Context

configure router mpls lsp protect-tp-path

Description

This command creates or edits the protect path for an MPLS-TP LSP. At least one working path must exist before a protect path can be created for an MPLS-TP LSP. If MPLS-TP linear protection is also configured, then this is the path that is used as the default protect path for the LSP. The protect path must be deleted before the working path. Only one protect path can be created for each MPLS-TP LSP.

The following commands are applicable to the working-tp-path: lsp-num, in-label, out-label, mep, shutdown.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

protecting-nexthop-id

protecting-nexthop-id

Syntax

protecting-nexthop-id next-hop-index

no protecting-nexthop-id

Context

[Tree] (config>router>p2mp-sr-tree>replication-segment>next-hop-id protecting-nexthop-id)

Full Context

configure router p2mp-sr-tree replication-segment next-hop-id protecting-nexthop-id

Description

This command provides the ID of the protection next-hop used for FRR.

The protection next-hop outgoing SID is pushed on top of the next-hop SID list.

The no form of this command removes the protection next-hop.

Parameters

next-hop-index

Specifies the ID of the protection next-hop.

Values

1 to 4096

Platforms

All

protection

protection

Syntax

protection none

protection hmac-sha256 key key [hash | hash2 | custom]

no protection

Context

[Tree] (config>python>py-script protection)

Full Context

configure python python-script protection

Description

This command specifies the format of the Python script file(s) in this python-script. Unintentional changing of Python script file could be prevented by using protected format.

The no form of this command equals to protection none.

Parameters

none

Indicates the Python script is stored in plain text, without any mechanism in place to ensure the integrity nor the confidentiality of the content of the Python script.

hmac-sha256

Indicates the first line of the Python script must consist of the hash value obtained by hashing the rest of the Python script using the hmac-sha256 hashing algorithm.

key

The specified key along with original Python script file content are used to compute the hash. The computed hash will be compared to the hash in the Python script file. If there is no match, then system will fail to load the script.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the key entered is a customized hashing scheme.

Platforms

All

protection

Syntax

protection protection

no protection

Context

[Tree] (config>router>segment-routing>srv6>inst>loc>func>end-x protection)

[Tree] (config>router>segment-routing>srv6>inst>ms-loc>func>ua protection)

Full Context

configure router segment-routing segment-routing-v6 base-routing-instance locator function end-x protection

configure router segment-routing segment-routing-v6 base-routing-instance micro-segment-locator function ua protection

Description

This command configures the protection type of the SID.

The no form of this command reverts to the default value of protected.

Default

protection protected

Parameters

protection

Specifies whether the adjacency SID is protected.

Values

protected, unprotected

Platforms

7450 ESS, 7750 SR, 7750 SR-s, 7950 XRS, VSR

protection-template

protection-template

Syntax

protection-template name

no protection-template

Context

[Tree] (config>router>mpls>mpls-tp protection-template)

Full Context

configure router mpls mpls-tp protection-template

Description

Protection templates are used to define generally applicable protection parameters for MPLS-TP tunnels. Only linear protection is supported, and so the application of a named template to an MPLS-TP LSP implies that linear protection is used. A protection template is applied under the MEP context of the protect-path of an MPLS-TP LSP.

The protection-template command creates or edits a named protection template.

Default

no protection-template

Parameters

name

Specifies the protection template name as a text string of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

protection-template

Syntax

protection-template name

no protection-template

Context

[Tree] (config>router>mpls>lsp>protect-tp-path>mep protection-template)

Full Context

configure router mpls lsp protect-tp-path mep protection-template

Description

This command applies a protection template name to an MPLS-TP LSP that the protect path is configured under. If the template is applied, then MPLS-TP 1:1 linear protection is enabled on the LSP, using the parameters specified in the named template.

A named protection template can only be applied to the protect path context of an MPLS-TP LSP.

The no form of this command removes the template and thus disables mpls-tp linear protection on the LSP.

Default

no protection-template

Parameters

name

Specifies at text string for the template up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

protection-type

protection-type

Syntax

protection-type {g8031-1to1 | loadsharing}

Context

[Tree] (config>eth-tunnel protection-type)

Full Context

configure eth-tunnel protection-type

Description

This command configures the model used for determining which members are actively receiving and transmitting data.

When the value is set to "g8031-1to1 (1)”, as per the G.8031 specification, only two members are allowed, and only one of them can be active at one point in time.

When the value is set to "loadsharing (2)”, multiple members can be active at one point in time.

Default

protection-type g8031-1to1

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

protection-type

Syntax

protection-type {link | node}

no protection-type

Context

[Tree] (config>router>route-next-hop-policy>template protection-type)

Full Context

configure router route-next-hop-policy template protection-type

Description

This command configures the protection type constraint into the route next-hop policy template.

The user can select if link protection or node protection is preferred in the selection of an LFA next-hop for all IP prefixes and LDP FEC prefixes to which a route next-hop policy template is applied. The default in SR OS implementation is node protection. The implementation will fall back to the other type if no LFA next-hop of the preferred type is found.

When the route next-hop policy template is applied to an IP interface, all prefixes using this interface as a primary next-hop will follow the protection type preference specified in the template.

The no form deletes the protection type constraint from the route next-hop policy template.

Default

protection-type node

Parameters

{link | node}

Specifies the two possible values for the protection type.

Default

node

Platforms

All

proto-version

proto-version

Syntax

proto-version {v070 | latest}

Context

[Tree] (config>system>grpc>gnmi proto-version)

Full Context

configure system grpc gnmi proto-version

Description

This command sets the gnmi.proto version that the GRPC server should use for all gNMI RPCs.

Default

proto-version latest

Parameters

v070

Specifies to use v0.7.0 for gNMI RPCs. Only use this option for backward compatibility with legacy collectors.

latest

Specifies to use the latest gnmi.proto version for gNMI RPCs. The latest version is v0.8.0.

Platforms

All

protocol

protocol

Syntax

protocol protocol profile-name profile-name

Context

[Tree] (config>system>security>pki>cert-upd-prof protocol)

Full Context

configure system security pki certificate-update-profile protocol

Description

This command configures the protocol to update the certificate.

Default

protocol cmpv2

Parameters

protocol

Specifies the protocol type.

Values

cmpv2, est

profile-name

Specifies the name of the CA or EST profile to be used for the certificate update.

Platforms

All

protocol

Syntax

protocol protocol-id

no protocol

Context

[Tree] (config>subscr-mgmt>isa-svc-chain>vas-filter>entry>match protocol)

Full Context

configure subscriber-mgmt isa-service-chaining vas-filter entry match protocol

Description

This command configures the protocol ID to be matched in this entry of the VAS filter.

The no form of this command removes the protocol ID from the match criterium in the entry.

Parameters

protocol-id

Specifies the protocol to match.

Values

protocol-id: protocol-number | protocol-name

protocol-number: 1, 6, 17]D

[0x1,0x6,0x11]H [0b1,0b110,0b10001]B

protocol-name: none, icmp, tcp, udp

* udp/tcp wildcard

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

protocol protocol-name

Context

[Tree] (config>app-assure protocol)

Full Context

configure application-assurance protocol

Description

This command configures the shutdown of protocols system-wide.

Parameters

protocol-name

A string of up to 32 characters identifying a predefined protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

protocol {eq | neq} protocol-name

no protocol

Context

[Tree] (config>app-assure>group>policy>app-filter>entry protocol)

Full Context

configure application-assurance group policy app-filter entry protocol

Description

This command configures protocol signature in the application definition.

The no form of this command restores the default (removes protocol from match application defined by this app-filter entry).

Default

no protocol

Parameters

eq

Specifies that the value configured and the value in the flow are equal.

neq

Specifies that the value configured differs from the value in the flow.

protocol-name

A string of up to 32 characters identifying a predefined protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

protocol protocol-name export-using export-method

no protocol protocol-name

Context

[Tree] (config>app-assure>group>statistics>aa-sub protocol)

Full Context

configure application-assurance group statistics aa-sub protocol

Description

This command configures aa-sub accounting statistics for export of protocols of a given AA ISA group/partition.

The no form of this command removes the protocol name.

Parameters

protocol-name

Specifies an existing protocol name up to 32 characters in length.

export-using export-method

Specifies that the method of stats export to be used. Accounting-policy is the only option for protocol statistics.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

protocol

Context

[Tree] (config>app-assure>group>statistics protocol)

Full Context

configure application-assurance group statistics protocol

Description

Commands in this context configure accounting and statistics collection parameters per-system for protocols of application assurance for a given AA ISA group/partition.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

protocol ipsec-protocol

no protocol

Context

[Tree] (config>ipsec>static-sa protocol)

Full Context

configure ipsec static-sa protocol

Description

This command configures the security protocol to use for an IPsec manual SA. The no statement resets to the default value.

Default

protocol esp

Parameters

ipsec-protocol

Identifies the IPsec protocol used with this static SA.

Values

ah — Specifies the Authentication Header protocol.esp — Specifies the Encapsulation Security Payload protocol.

Platforms

All

protocol

Syntax

protocol any

protocol protocol-id port opaque

protocol protocol-id port any

protocol protocol-id port from begin-port-id to end-port-id

no protocol

Context

[Tree] (config>ipsec>ts-list>remote>entry protocol)

[Tree] (config>ipsec>ts-list>local>entry protocol)

Full Context

configure ipsec ts-list remote entry protocol

configure ipsec ts-list local entry protocol

Description

This command specifies the protocol and port range in the IKEv2 traffic selector.

The SR OS supports OPAQUE ports and port ranges for the following protocols:

  • TCP

  • UDP

  • SCTP

  • ICMP

  • ICMPv6

  • MIPv6

For ICMP and ICMPv6, the port value takes the form icmp-type/icmp-code. For MIPv6, the port value is the mobility header type. For other protocols, only the port any configuration can be used.

Default

no protocol

Parameters

protocol-id

Specifies the protocol ID. The value can be a number, a protocol name, or any.

begin-port-id

Specifies the beginning of the port range.

Values

For TCP, UDP, and SCTP, the value is the port number.

For ICMP and ICMPv6, the value takes the form icmp-type/icmp-code; for example, 0/0.

For MIPv6, the value is the mobility header type.

end-port-id

Specifies the end of the port range

Values

For TCP, UDP, and SCTP, the value is the port number.

For ICMP and ICMPv6, the value takes the form icmp-type/icmp-code; for example, 0/0.

For MIPv6, the value is the mobility header type.

opaque

Specifies OPAQUE ports.

any

Specifies any port.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

[no] protocol {number | any}

Context

[Tree] (config>service>nat>firewall-policy>unknown-protocols protocol)

Full Context

configure service nat firewall-policy unknown-protocols protocol

Description

This command configures the protocol numbers that are allowed to create unknown flows.

Protocol or IPv6 extension header values that are explicitly supported by SR OS can be configured but will not be treated as unknown protocols.

The no form of the command removes the allowance for the specified protocol to create unknown flows.

Parameters

any

Specifies that unknown flows can be created by any protocol.

number

Specifies the IANA number of a protocol that needs to be allowed to create unknown flows.

Values

0 to 255

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol

Syntax

[no] protocol protocol-id

Context

[Tree] (config>filter>match-list>protocol-list protocol)

Full Context

configure filter match-list protocol-list protocol

Description

This command adds a protocol to the match protocol list.

The no form of this command removes the protocol from the protocol-list.

Parameters

protocol-id

protocol-number, protocol-name

protocol-number

Specifies the protocol number value to be added or removed from the protocol list. The value can be expressed as a decimal integer, or in hexadecimal or binary format.

Values

[0 to 255]D

[0x0 to 0xFF]H

[0b0 to 0b11111111]B

protocol-name

Specifies the protocol name to be added or removed from the protocol list.

Values

icmp, igmp, ip, tcp, egp, igp, udp, rdp, ipv6, ipv6-route, ipv6-frag, idrp, rsvp, gre, ipv6-icmp, ipv6-no-nxt, ipv6-opts, iso-ip, eigrp, ospf-igp, ether-ip, encap, pnni, pim, vrrp, l2tp, stp, ptp, isis, crtp, crudp, sctp.

Platforms

All

protocol

Syntax

protocol protocol

no protocol [protocol]

Context

[Tree] (config>vrrp>policy>priority-event>route-unknown protocol)

Full Context

configure vrrp policy priority-event route-unknown protocol

Description

This command adds one or more route sources to match the route unknown IP route prefix for a route unknown priority control event.

If the route source does not match one of the defined protocols, the match is considered unsuccessful and the route-unknown event transitions to the set state.

The protocol command is optional. If the protocol command is not executed, the comparison between the RTM prefix return and the route-unknown IP route prefix will not include the source of the prefix. The protocol command cannot be executed without at least one associated route source parameter. All parameters are reset each time the protocol command is executed and only the explicitly defined protocols are allowed to match.

The no form of the command removes protocol route source as a match criteria for returned RTM route prefixes.

To remove specific existing route source match criteria, execute the protocol command and include only the specific route source criteria. Any unspecified route source criteria is removed.

Default

no protocol — No route source for the route unknown priority event is defined.

Parameters

protocol

Explicitly defined protocols

Values

bgp - This parameter defines BGP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp parameter, a returned route prefix with a source of BGP will not be considered a match and will cause the event to enter the set state. This parameter only applies to the 7750 SR and 7950 XRS.

bgp-vpn - This parameter defines bgp-vpn as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp-vpn parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp-vpn parameter, a returned route prefix with a source of bgp-vpn will not be considered a match and will cause the event to enter the set state. This parameter only applies to the 7750 SR and 7950 XRS.

ospf - This parameter defines OSPF as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The ospf parameter is not exclusive from the other available protocol parameters. If protocol is executed without the ospf parameter, a returned route prefix with a source of OSPF will not be considered a match and will cause the event to enter the set state.

is-is - This parameter defines IS-IS as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The is-is parameter is not exclusive from the other available protocol parameters. If protocol is executed without the is-is parameter, a returned route prefix with a source of IS-IS will not be considered a match and will cause the event to enter the set state.

rip - This parameter defines RIP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The rip parameter is not exclusive from the other available protocol parameters. If protocol is executed without the rip parameter, a returned route prefix with a source of RIP will not be considered a match and will cause the event to enter the set state.

static - This parameter defines a static route as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The static parameter is not exclusive from the other available protocol parameters. If protocol is executed without the static parameter, a returned route prefix with a source of static route will not be considered a match and will cause the event to enter the set state.

Platforms

All

protocol

Syntax

protocol protocol-id

no protocol

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry protocol)

Full Context

configure system security management-access-filter ip-filter entry protocol

Description

This command configures an IP protocol type to be used as a management access filter match criterion.

The protocol type, such as TCP, UDP, and OSPF, is identified by its respective protocol number. Well-known protocol numbers include ICMP (1), TCP (6), and UDP (17).

The no form the command removes the protocol from the match criteria.

Parameters

protocol

Specifies the protocol number for the match criterion.

Values

1 to 255 (decimal)

Platforms

All

protocol

Syntax

[no] protocol name [create]

Context

[Tree] (config>sys>security>dist-cpu-protection>policy protocol)

Full Context

configure system security dist-cpu-protection policy protocol

Description

This command creates the protocol for control in the policy.

Explanatory notes for some of the protocols:

  • bfd-cpm: includes all bfd handled on the CPM including cpm-np type, single hop and multi-hop, and MPLS-TP CC and CV bfd

  • dhcp: includes dhcp for IPv4 and IPv6

  • eth-cfm: 802.1ag and includes Y.1731. Eth-cfm packets on port and LAG based facility MEPs are not included (but packets on Tunnel MEPs are).

  • icmp: includes IPv4 and IPv6 ICMP (including RS/RA/Redirect) except NS/NA Neighbor Discovery packets which are classified as a separate protocol "ndis”

  • icmp-ping-check: includes those packets associated with ping-template functions

  • isis: includes isis used for SPBM

  • ldp: includes ldp and t-ldp

  • mpls-ttl: MPLS packets that are extracted due to an expired mpls ttl field

  • ndis: IPv6 NS/NA Neighbor Discovery (not including RS/RA/Redirect which are classified as part of the protocol "icmp”)

  • ospf: includes all OSPFv2 and OSPFv3 packets

  • pppoe-pppoa: includes PADx, LCP, PAP/CHAP and NCPs

  • vrrp: includes VRRP and SRRP packets

  • multi-chassis: includes SR OS Multi-Chassis UDP port 1025 packets

  • multi-chassis-sync: includes SR OS Multi-Chassis Sync TCP port 45067 packets

  • all-unspecified: a special "protocol”. When configured, this treats all extracted control packets that are not explicitly created in the dist-cpu-protection policy as a single aggregate flow (or "virtual protocol”). It lumps together "all the rest of the control traffic” to allow it to be rate limited as one flow. It includes all control traffic of all protocols that are extracted and sent to the CPM (even protocols that cannot be explicitly configured with the distributed CPU protection feature). Control packets that are both forwarded and copied for extraction are not included. If a user later explicitly configures a protocol, that protocol is suddenly no longer part of the "all-unspecified” flow. The "all-unspecified” protocol must be explicitly configured in order to operate.

"no protocol x” means packets of protocol x are not monitored and not enforced (although they do count in the fp protocol queue) on the objects to which this dist-cpu-protection policy is assigned, although the packets will be treated as part of the all-unspecified protocol if the all-unspecified protocol is created in the policy.

Parameters

names

Signifies the protocol name.

Values

arp, dhcp, http-redirect, icmp, icmp-ping-check, igmp, mld, ndis, pppoe-pppoa, all-unspecified, mpls-ttl, multi-chassis, multi-chassis-sync, vrrp, bfd-cpm, bgp, eth-cfm, isis, ldp, ospf, pim, rsvp.

Platforms

All

protocol

Syntax

protocol protocol [all | { instance instance}]

protocol protocol2 [protocol2 (up to 5 max)]

no protocol

Context

[Tree] (config>router>policy-options>policy-statement>entry>from protocol)

Full Context

configure router policy-options policy-statement entry from protocol

Description

This command configures a routing protocol as a match criterion for a route policy statement entry. This command is used for both import and export policies depending how it is used.

The protocol direct-interface route type matches the specific direct interface host IPv4 /32 and IPv6 /128 routes. The protocol direct route type matches direct routes and does not match the specific /32 or /128 interface route itself.

Note:

The instance command cannot be used if multiple protocol names are specified for the protocol2 parameter.

The no form of this command removes the protocol match criterion.

Default

no protocol

Parameters

protocol

Specifies the protocol name for the match criterion.

Values

direct, static, bgp, isis, ospf, rip, aggregate, bgp-vpn, igmp, pim, ospf3, ldp, sub-mgmt, mld, managed, vpn-leak, nat, periodic, ipsec, dhcpv6-pd, dhcpv6-na, dhcpv6-ta, dhcpv6-pd-excl, ripng, bgp-label, direct-interface, arp-nd, rib-api, evpn-ifl, evpn-iff, srv6

instance

Specifies the OSPF, OSPFv3, or IS-IS protocol instance.

Values

isis-inst — 0 to 127

ospf-inst — 0 to 31

ospf3-inst — 0 to 31, 64 to 95

protocol2

Specifies up to five protocol names to match on.

Values

direct, static, isis, aggregate, bgp, bgp-label, direct-interface

all

Keyword that specifies to match on any OSPF, OSPFv3, or IS-IS protocol instance.

Platforms

All

protocol

Syntax

protocol protocol [all | instance instance]

protocol bgp bgp-label

no protocol

Context

[Tree] (config>router>policy-options>policy-statement>entry>to protocol)

Full Context

configure router policy-options policy-statement entry to protocol

Description

This command configures a routing protocol as a match criterion for a route policy statement entry. This command is used for both import and export policies depending how it is used.

The no form of this command removes the protocol match criterion.

Default

no protocol

Parameters

protocol

Specifies the protocol name to match on.

Values

bgp, isis, ospf, rip, bgp-vpn, ospf3, vpn-leak, ldp, ripng, bgp-label

instance

Specifies the OSPF, OSPFv3, or IS-IS instance.

Values

isis-inst — 0 to 127

ospf-inst — 0 to 31

ospf3-inst — 0 to 31, 64 to 95

all

Keyword that specifies to match on any OSPF, OSPFv3, or IS-IS protocol instance.

Platforms

All

protocol

Syntax

protocol protocol

Context

[Tree] (config>anysec>tnl-enc>enc-grp>peer-tnl-attrs protocol)

Full Context

configure anysec tunnel-encryption encryption-group peer-tunnel-attributes protocol

Description

This command configures a routing protocol as a match criterion for the outgoing tunnel.

Note: Because the LSP is unidirectional, the incoming tunnel protocol may be different from the outgoing tunnel protocol.

Default

protocol sr-isis

Parameters

protocol

Specifies the protocol name.

Values

sr-isis, sr-ospf, sr-ospf3

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

protocol

Syntax

protocol protocol

Context

[Tree] (config>anysec>tnl-enc>sec-term-pol protocol)

Full Context

configure anysec tunnel-encryption security-termination-policy protocol

Description

This command configures a routing protocol that is used to advertise the node SID of the incoming tunnel.

Default

protocol sr-isis

Parameters

protocol

Specifies the protocol name to match on.

Values

sr-isis, sr-ospf, sr-ospf3

Platforms

7750 SR-1-24D, 7750 SR-1-46S, 7750 SR-1-48D, 7750 SR-1-92S, 7750 SR-1x-48D, 7750 SR-1x-92S, 7750 SR-1se

protocol-configuration-options

protocol-configuration-options

Syntax

protocol-configuration-options {apco | pco}

no protocol-configuration-options

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile protocol-configuration-options)

Full Context

configure subscriber-mgmt gtp peer-profile protocol-configuration-options

Description

This command configures the Information Element to use for the Protocol Configuration Options.

The no form of this command reverts to the default value.

Default

protocol-configuration-options pco

Parameters

apco

Specifies that the system uses the Protocol Configuration Options Information Element.

pco

Specifies that the system uses the Additional Protocol Configuration Options Information Element.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

protocol-list

protocol-list

Syntax

protocol-list protocol-list-name [create]

no protocol-list protocol-list-name

Context

[Tree] (config>filter>match-list protocol-list)

Full Context

configure filter match-list protocol-list

Description

This command creates a list of IP protocols that can be used in line card IP and IPv6 filters.

The no form of this command removes the IP protocol list.

Default

no protocol-list

Parameters

protocol-list-name

Specifies the name of the protocol list.

create

This keyword is required to create the protocol list. After it is created, the protocol list can be enabled with or without the create keyword.

Platforms

All

protocol-port

protocol-port

Syntax

[no] protocol-port

Context

[Tree] (config>cflowd>collector>aggregation protocol-port)

Full Context

configure cflowd collector aggregation protocol-port

Description

This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number.

The no form of this command removes this type of aggregation from the collector configuration.

Platforms

All

protocol-protection

protocol-protection

Syntax

protocol-protection [allow-sham-links] [block-pim-tunneled]

no protocol-protection

Context

[Tree] (config>sys>security>cpu-protection protocol-protection)

Full Context

configure system security cpu-protection protocol-protection

Description

This command causes the network processor on the CPM to discard all packets received for protocols that are not configured on the particular interface. This helps mitigate DoS attacks by filtering invalid control traffic before it hits the CPU. For example, if an interface does not have IS-IS configured, then protocol protection will discard any IS-IS packets received on that interface.

Default

no protocol-protection

Parameters

allow-sham-links

Allows sham links. As OSPF sham links form an adjacency over the MPLS-VPRN backbone network, when protocol-protection is enabled, the tunneled OSPF packets to be received over the backbone network must be explicitly allowed.

block-pim-tunneled

Blocks extraction and processing of PIM packets arriving at the SR OS node inside a tunnel (for example, MPLS or GRE) on a network interface. With protocol-protection enabled and tunneled pim blocked, PIM in an mVPN on the egress DR will not switch traffic from the (*,G) to the (S,G) tree.

Platforms

7450 ESS, 7750 SR-7/12/12e, 7750 SR-7s, 7750 SR-14s, 7950 XRS

protocol-version

protocol-version

Syntax

protocol-version TLS version

no protocol-version

Context

[Tree] (config>system>security>tls>client-tls-profile protocol-version)

Full Context

configure system security tls client-tls-profile protocol-version

Description

This command configures the TLS version to be negotiated between the client and server.

When configured, the client adds the specified version as a supported version in its Hello message to the server. If tls-version-all is specified, the client adds both TLS 1.2 and TLS 1.3 as supported versions in its Hello message.

The no form of this command reverts to the default TLS version.

Default

protocol-version tls-version12

Parameters

TLS version

Specifies the TLS version to include in the client Hello message.

Values

tls-version12, tls-version13, tls-version-all

Platforms

All

protocol-version

Syntax

protocol-version TLS version

no protocol-version

Context

[Tree] (config>system>security>tls>server-tls-profile protocol-version)

Full Context

configure system security tls server-tls-profile protocol-version

Description

This command configures the TLS version to be negotiated between the server and client.

When configured, the server adds the specified version as a supported version in its Hello message to the client. If tls-version-all is specified, the server adds both TLS 1.2 and TLS 1.3 as supported versions in its Hello message.

The no form of this command reverts to the default TLS version.

Default

protocol-version tls-version12

Parameters

TLS version

Specifies the TLS version to include in the server Hello message.

Values

tls-version12, tls-version13, tls-version-all

Platforms

All

provider-tunnel

provider-tunnel

Syntax

[no] provider-tunnel

Context

[Tree] (config>service>vpls provider-tunnel)

Full Context

configure service vpls provider-tunnel

Description

Commands in this context configure the use of a P2MP LSP to forward Broadcast, Unknown unicast, and Multicast (BUM) packets of a VPLS or B-VPLS instance. The P2MP LSP is referred to as the Provider Multicast Service Interface (PMSI).

Platforms

All

provider-tunnel

Syntax

provider-tunnel

Context

[Tree] (config>service>vprn>mvpn provider-tunnel)

Full Context

configure service vprn mvpn provider-tunnel

Description

This command enables context to configure tunnel parameters for the MVPN.

Platforms

All

provider-tunnel

Syntax

provider-tunnel

Context

[Tree] (config>router>gtm provider-tunnel)

Full Context

configure router gtm provider-tunnel

Description

This command enables context to configure tunnel parameters for the GTM.

Platforms

All

proxy-arp

proxy-arp

Syntax

[no] proxy-arp

Context

[Tree] (config>service>vpls proxy-arp)

Full Context

configure service vpls proxy-arp

Description

Commands in this context configure the proxy-ARP parameters in a VPLS service.

Default

no proxy-arp

Platforms

All

proxy-arp

Syntax

[no] proxy-arp [mac [ieee-address]] [ ip [ipaddr] all]]

Context

[Tree] (debug>service>id proxy-arp)

Full Context

debug service id proxy-arp

Description

This command enables the debug of the proxy-arp function for a specified service. Alternatively, the debug can be enabled only for certain entries given by their IP or MAC addresses.

Platforms

All

proxy-arp

Syntax

[no] proxy-arp

Context

[Tree] (config>service>vprn>nw-if proxy-arp)

Full Context

configure service vprn nw-if proxy-arp

Description

This command enables proxy ARP on the interface.

Default

no proxy-arp

proxy-arp-nd

proxy-arp-nd

Syntax

proxy-arp-nd

Context

[Tree] (config>service proxy-arp-nd)

Full Context

configure service proxy-arp-nd

Description

Commands in this context configure the service-level proxy-arp-nd commands.

Platforms

All

proxy-arp-policy

proxy-arp-policy

Syntax

[no] proxy-arp-policy policy-name [policy-name]

Context

[Tree] (config>service>vprn>if proxy-arp-policy)

[Tree] (config>service>vprn>sub-if>grp-if proxy-arp-policy)

[Tree] (config>service>ies>sub-if>grp-if proxy-arp-policy)

[Tree] (config>service>ies>if proxy-arp-policy)

Full Context

configure service vprn interface proxy-arp-policy

configure service vprn subscriber-interface group-interface proxy-arp-policy

configure service ies subscriber-interface group-interface proxy-arp-policy

configure service ies interface proxy-arp-policy

Description

This command specifies an existing policy-statement to analyze match and action criteria that controls the flow of routing information to and from a given protocol, set of protocols, or a neighbor.

The no form of this command disables the proxy ARP capability.

Parameters

policy-name

Specifies the export route policy name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified name must already be defined.

Platforms

All

  • configure service vprn interface proxy-arp-policy
  • configure service ies interface proxy-arp-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service ies subscriber-interface group-interface proxy-arp-policy
  • configure service vprn subscriber-interface group-interface proxy-arp-policy

proxy-arp-policy

Syntax

proxy-arp-policy policy-name [policy-name]

no proxy-arp-policy

Context

[Tree] (config>subscr-mgmt>git>ipv4 proxy-arp-policy)

Full Context

configure subscriber-mgmt group-interface-template ipv4 proxy-arp-policy

Description

This command configures a proxy ARP policy for the interface.

The no form of this command disables the proxy ARP capability.

Default

no proxy-arp-policy

Parameters

policy-name

Specifies the export route policy name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified.

Note:

The specified policy name must already be defined.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

proxy-arp-policy

Syntax

proxy-arp-policy policy-name [policy-name]

no proxy-arp-policy

Context

[Tree] (config>router>if proxy-arp-policy)

Full Context

configure router interface proxy-arp-policy

Description

This command enables and configure proxy ARP on the interface and specifies an existing policy-statement to analyze match and action criteria that controls the flow of routing information to and from a given protocol, set of protocols, or a specific neighbor. The policy-name is configured in the config>router>policy-options context.

Use proxy ARP so the router responds to ARP requests on behalf of another device. Static ARP is used when a router needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the router configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.

Default

no proxy-arp-policy

Parameters

policy-name

Specifies the export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified in a single statement. The specified policy names must already be defined.

Platforms

All

proxy-authentication

proxy-authentication

Syntax

[no] proxy-authentication

Context

[Tree] (config>router>l2tp>group>tunnel>ppp proxy-authentication)

[Tree] (config>service>vprn>l2tp>group>ppp proxy-authentication)

[Tree] (config>router>l2tp>group>ppp proxy-authentication)

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp proxy-authentication)

Full Context

configure router l2tp group tunnel ppp proxy-authentication

configure service vprn l2tp group ppp proxy-authentication

configure router l2tp group ppp proxy-authentication

configure service vprn l2tp group tunnel ppp proxy-authentication

Description

This command configures the use of the authentication AVPs received from the LAC.

Default

no proxy-authentication

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

proxy-lcp

proxy-lcp

Syntax

[no] proxy-lcp

Context

[Tree] (config>router>l2tp>group>ppp proxy-lcp)

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp proxy-lcp)

[Tree] (config>router>l2tp>group>tunnel>ppp proxy-lcp)

[Tree] (config>service>vprn>l2tp>group>ppp proxy-lcp)

Full Context

configure router l2tp group ppp proxy-lcp

configure service vprn l2tp group tunnel ppp proxy-lcp

configure router l2tp group tunnel ppp proxy-lcp

configure service vprn l2tp group ppp proxy-lcp

Description

This command configures the use of the proxy LCP AVPs received from the LAC.

Default

no proxy-lcp

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

proxy-nd

proxy-nd

Syntax

[no] proxy-nd

Context

[Tree] (config>service>vpls proxy-nd)

Full Context

configure service vpls proxy-nd

Description

Commands in this context configure the proxy-ND parameters in a VPLS service.

Default

no proxy-nd

Platforms

All

proxy-nd

Syntax

[no] proxy-nd [mac [ieee-address]] [ ip [ipaddr] all]]

Context

[Tree] (debug>service>id proxy-nd)

Full Context

debug service id proxy-nd

Description

This command enables the debug of the proxy-nd function for a specified service. Alternatively, the debug can be enabled only for certain entries given by their IPv6 or MAC addresses.

Platforms

All

proxy-nd-policy

proxy-nd-policy

Syntax

proxy-nd-policy policy-name [policy-name]

no proxy-nd-policy

Context

[Tree] (config>service>ies>if>ipv6 proxy-nd-policy)

Full Context

configure service ies interface ipv6 proxy-nd-policy

Description

This command configures a proxy neighbor discovery policy for the interface. This policy determines networks and sources for which proxy ND is attempted, when local proxy neighbor discovery is enabled.

The no form of this command reverts to the default value.

Parameters

policy-name

Specifies up to five the export route policy names. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Up to 5 policy-names can be specified in a single statement.

Platforms

All

proxy-nd-policy

Syntax

proxy-nd-policy policy-name [policy-name]

no proxy-nd-policy

Context

[Tree] (config>service>vprn>if>ipv6 proxy-nd-policy)

Full Context

configure service vprn interface ipv6 proxy-nd-policy

Description

This command configures a proxy neighbor discovery policy for the interface.

Parameters

policy-name

Specifies up to five existing policy names.

Platforms

All

proxy-nd-policy

Syntax

proxy-nd-policy policy-name [policy-name]

no proxy-nd-policy

Context

[Tree] (config>router>if>ipv6 proxy-nd-policy)

Full Context

configure router interface ipv6 proxy-nd-policy

Description

This command configure a proxy neighbor discovery policy for the interface.

Parameters

policy-name

The neighbor discovery policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. A maximum of five policy names can be specified in a single statement. The specified policy names must already be defined.

Platforms

All

proxy-server

proxy-server

Syntax

proxy-server

Context

[Tree] (config>service>vpls>sap>dhcp proxy-server)

[Tree] (config>service>ies>if>dhcp proxy-server)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp proxy-server)

[Tree] (config>service>ies>sub-if>grp-if>dhcp proxy-server)

[Tree] (config>subscr-mgmt>msap-policy>vpls-only>dhcp proxy-server)

Full Context

configure service vpls sap dhcp proxy-server

configure service ies interface dhcp proxy-server

configure service vprn subscriber-interface group-interface dhcp proxy-server

configure service ies subscriber-interface group-interface dhcp proxy-server

configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server

Description

Commands in this context configure DHCP proxy server parameters.

Platforms

All

  • configure service vpls sap dhcp proxy-server
  • configure service ies interface dhcp proxy-server

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface group-interface dhcp proxy-server
  • configure service ies subscriber-interface group-interface dhcp proxy-server
  • configure subscriber-mgmt msap-policy vpls-only-sap-parameters dhcp proxy-server

proxy-server

Syntax

[no] proxy-server

Context

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 proxy-server)

Full Context

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server

Description

This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured.

Default

no proxy-server

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

proxy-server

Syntax

[no] proxy-server

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 proxy-server)

Full Context

configure service ies subscriber-interface group-interface ipv6 dhcp6 proxy-server

Description

This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured

Default

no proxy-server

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

ps-information

ps-information

Syntax

[no] ps-information

Context

[Tree] (config>subscr-mgmt>diam-appl-plcy>gy>avp ps-information)

Full Context

configure subscriber-mgmt diameter-application-policy gy include-avp ps-information

Description

This command includes the following AVPs in Diameter DCCA CCR messages encapsulated in [3GPP-873] Service-Information or [3GPP-874] PS-Information grouped AVPs:

  • [8] Framed-IP-Address

  • [30] Called-Station-Id

  • [97] Framed-IPv6-Prefix

  • [123] Delegated-IPv6-Prefix

  • [6527-99] Alc-IPv6-Address

  • [10415-1] 3GPP-IMSI

  • [10415-2] 3GPP-Charging-Id

  • [10415-5] 3GPP-GPRS-Negotiated-QoS-Profile

  • [10415-7] 3GPP-GGSN-Address

  • [10415-10] GGSN-NSAPI

  • [10415-11] 3GPP-Session-Stop-Indicator

  • [10415-12] 3GPP-Selection-Mode

  • [10415-13] 3GPP-Charging-Characteristics

  • [10415-16] 3GPP-GGSN-IPv6-Address

  • [10415-21] 3GPP-RAT-Type

  • [10415-847] GGSN-Address

  • [10415-1004] Charging-Rule-Base-Name

  • [10415-1247] PDP-Context-Type

The AVPs are included when configured in the include-avp context.

By default, these AVPs are included at the command level.

The no form of this command resets to the default setting.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

psi-payload

psi-payload

Syntax

psi-payload

Context

[Tree] (config>port>otu psi-payload)

Full Context

configure port otu psi-payload

Description

Commands in this context configure payload structure identifier payload parameters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

psid-offset

psid-offset

Syntax

psid-offset psid-offset-length

no psid-offset

Context

[Tree] (config>service>nat>map-domain>mapping-rule psid-offset)

Full Context

configure service nat map-domain mapping-rule psid-offset

Description

This command configures the length of the high order bits in the protocol port field whose aggregate value should always be greater than 0. This automatically excludes certain ports (such as well-known ports) from the translation.

It is a function of the CE to make sure that the psid-offset bits are always greater than 0. The VSR does not check whether those bits are 0.

Default

psid-offset 6

Parameters

psid-offset-length

Specifies the length of the psid-offset bits in the protocol port field.

Values

0 to 16

Platforms

VSR

psnp-authentication

psnp-authentication

Syntax

[no] psnp-authentication

Context

[Tree] (config>service>vprn>isis psnp-authentication)

[Tree] (config>service>vprn>isis>level psnp-authentication)

Full Context

configure service vprn isis psnp-authentication

configure service vprn isis level psnp-authentication

Description

This command enables authentication of individual ISIS packets of partial sequence number PDU (PSNP) type.

The no form of this command suppresses authentication of PSNP packets.

Platforms

All

psnp-authentication

Syntax

[no] psnp-authentication

Context

[Tree] (config>router>isis>level psnp-authentication)

[Tree] (config>router>isis psnp-authentication)

Full Context

configure router isis level psnp-authentication

configure router isis psnp-authentication

Description

This command enables authentication of individual IS-IS packets of partial sequence number PDU (PSNP) type.

The no form of this command suppresses authentication of PSNP packets.

Default

psnp-authentication

Platforms

All

ptp

ptp

Syntax

[no] ptp

Context

[Tree] (config>service>vprn ptp)

Full Context

configure service vprn ptp

Description

Commands in this context configure PTP parameters for the VPRN service.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp

Syntax

ptp

Context

[Tree] (config>system ptp)

Full Context

configure system ptp

Description

Commands in this context configure parameters for IEEE 1588-2008, Precision Time Protocol.

This command is only available on the control assemblies that support 1588.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp

Syntax

ptp

Context

[Tree] (config>system>sync-if-timing ptp)

Full Context

configure system sync-if-timing ptp

Description

Commands in this context configure parameters for system timing via IEEE 1588-2008, Precision Time Protocol.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp-asymmetry

ptp-asymmetry

Syntax

ptp-asymmetry nanoseconds

no ptp-asymmetry

Context

[Tree] (config>port>ethernet ptp-asymmetry)

Full Context

configure port ethernet ptp-asymmetry

Description

This command configures the PTP asymmetry delay on an Ethernet port. The command is used to correct for known asymmetry as part of time of day or phase recovery using PTP packets on both local and downstream PTP clocks.

Default

no ptp-asymmetry

Parameters

nanoseconds

Specifies the value, in nanoseconds, that the forward path delay varies from the mean path delay; the value can be a negative number.

Values

-2147483648 to 2147483647

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp-hw-assist

ptp-hw-assist

Syntax

[no] ptp-hw-assist

Context

[Tree] (config>service>ies>if ptp-hw-assist)

Full Context

configure service ies interface ptp-hw-assist

Description

This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.

Only one interface per physical port can have ptp-hw-assist enabled.

no ptp-hw-assist

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp-hw-assist

Syntax

[no] ptp-hw-assist

Context

[Tree] (config>service>vprn>if ptp-hw-assist)

Full Context

configure service vprn interface ptp-hw-assist

Description

This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.

If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

Only one interface per physical port can have ptp-hw-assist enabled.

Default

no ptp-hw-assist

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp-hw-assist

Syntax

[no] ptp-hw-assist

Context

[Tree] (config>router>if ptp-hw-assist)

Full Context

configure router interface ptp-hw-assist

Description

This command configures the 1588 port based timestamping assist function for the interface. Various checks are performed to ensure that this feature can be enabled. If a check fails:

  • The command is blocked/rejected with an appropriate error message.

  • If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

  • If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

The port will validate the destination IP address on received 1588 messages. If the 1588 messages are sent to a loopback address within the node rather than the address of the interface, then the loopback address must be configured in the config>system>security>source-address application ptp context.

Default

no ptp-hw-assist

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptp-tc

ptp-tc

Syntax

[no] ptp-tc

Context

[Tree] (config>system>satellite>eth-sat ptp-tc)

Full Context

configure system satellite eth-sat ptp-tc

Description

This command enables the ethernet satellite IEEE1588 transparent clock function. This function works with the SR OS host router configured as a PTP ordinary clock or boundary clock. This provides increased accuracy on the PTP event messages transiting the satellite. When a IEEE1588 event message transits the ethernet satellite, the correction field of the message is updated with the residence time of that message. This is used in PTP time calculations. All ports of the satellite are enabled for this capability with the one setting. This feature must be enabled to allow the assignment of one of the satellite’s client ports as a PTP port under config>system>ptp>port. This feature is only valid when using PTP over Ethernet encapsulation; it is not valid for PTP over IP encapsulation.

To enable this command, the satellite must have first been configured to support the feature using the config>system>satellite>eth-sat>feature transparent-clock-eth and must have been enabled for synchronous ethernet with config>system>satellite>eth-sat>sync-e.

All host ports connecting to this satellite must support 1588 port-based timestamping.

The no version of this command disables the specific satellite functionality.

Default

no ptp-tc

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

ptsf

ptsf

Syntax

ptsf

Context

[Tree] (config>system>ptp ptsf)

Full Context

configure system ptp ptsf

Description

Commands in this context configure PTSF-unusable configuration.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

public-key-authentication

public-key-authentication

Syntax

[no] public-key-authentication

Context

[Tree] (config>system>security>ldap public-key-authentication)

Full Context

configure system security ldap public-key-authentication

Description

This command enables public key retrieval from the LDAP server. If disabled (no public-key-authentication), password authentication is attempted via LDAP.

Default

no public-key-authentication

Platforms

All

public-key-min-bits

public-key-min-bits

Syntax

public-key-min-bits bits

no public-key-min-bits

Context

[Tree] (config>service>ies>if>ipv6>secure-nd public-key-min-bits)

Full Context

configure service ies interface ipv6 secure-nd public-key-min-bits

Description

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters

bits

Specifies the number of bits.

Values

512 to 1024

Platforms

All

public-key-min-bits

Syntax

public-key-min-bits bits

[no] public-key-min-bits

Context

[Tree] (config>service>vprn>if>secure-nd public-key-min-bits)

Full Context

configure service vprn interface secure-nd public-key-min-bits

Description

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters

bits

Specifies the number of bits.

Values

512 to 1024

public-key-min-bits

Syntax

public-key-min-bits bits

no public-key-min-bits

Context

[Tree] (config>router>if>ipv6>secure-nd public-key-min-bits)

Full Context

configure router interface ipv6 secure-nd public-key-min-bits

Description

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters

bits

Specifies the number of bits.

Values

512 to 1024

Platforms

All

public-key-only

public-key-only

Syntax

[no] public-key-only

Context

[Tree] (config>system>security>ssh>auth-method>server public-key-only)

Full Context

configure system security ssh authentication-method server public-key-only

Description

This command configures the SSH server to accept only the public-key authentication method.

The no form of this command configures the SSH server to accept public-key or password client authentication. If interactive-authentication is enabled in the configure system security aaa remote-servers radius or configure system security aaa remote-servers tacplus contexts, the SSH server also accepts interactive keyboard authentication.

Default

no public-key-only

Platforms

All

public-key-only

Syntax

public-key-only {false|true|system}

Context

[Tree] (config>system>security>user>ssh-auth-method>server public-key-only)

Full Context

configure system security user ssh-authentication-method server public-key-only

Description

This command configures the accepted SSH authentication method for the user connection.

Default

system

Parameters

false

Specifies the use of public-key only, or public-key and password for client authentication. If interactive-authentication is enabled in the configure system security aaa remote-servers radius or configure system security aaa remote-servers tacplus contexts, the SSH server also accepts interactive keyboard authentication.

true

Specifies the use of public-key authentication only.

system

Specifies the use of the SSH authentication method configured at the system level.

Platforms

All

public-keys

public-keys

Syntax

public-keys

Context

[Tree] (config>system>security>user public-keys)

Full Context

configure system security user public-keys

Description

This command allows the user to enter the context to configure public keys for SSH.

Platforms

All

public-tcp-mss-adjust

public-tcp-mss-adjust

Syntax

public-tcp-mss-adjust octets

public-tcp-mss-adjust default

no public-tcp-mss-adjust

Context

[Tree] (config>router>l2tp>group>l2tpv3 public-tcp-mss-adjust)

[Tree] (config>service>vprn>l2tp>l2tpv3 public-tcp-mss-adjust)

[Tree] (config>service>vprn>l2tp>group>l2tpv3 public-tcp-mss-adjust)

[Tree] (config>service>vprn>l2tp>group>tunnel>l2tpv3 public-tcp-mss-adjust)

Full Context

configure router l2tp group l2tpv3 public-tcp-mss-adjust

configure service vprn l2tp l2tpv3 public-tcp-mss-adjust

configure service vprn l2tp group l2tpv3 public-tcp-mss-adjust

configure service vprn l2tp group tunnel l2tpv3 public-tcp-mss-adjust

Description

This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the group or tunnel level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

With the default parameter, the system uses the upper level configuration. With the non-default parameter, the system uses this configuration instead of the upper level configuration.

The no form of this command disables TCP MSS adjust on the public side.

Default

no public-tcp-mss-adjust

Parameters

octets

Specifies the new TCP MSS value in octets

Values

512 to 9000

default

Specifies to use the upper-level configuration

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

public-tcp-mss-adjust

Syntax

public-tcp-mss-adjust bytes

public-tcp-mss-adjust octets

public-tcp-mss-adjust auto

no public-tcp-mss-adjust

Context

[Tree] (config>ipsec>tnl-temp public-tcp-mss-adjust)

[Tree] (config>service>vprn>if>ip-tunnel public-tcp-mss-adjust)

[Tree] (config>service>vprn>if>sap>ipsec-tun public-tcp-mss-adjust)

[Tree] (config>service>ies>if>sap>ip-tunnel public-tcp-mss-adjust)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)

[Tree] (config>router>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel public-tcp-mss-adjust)

Full Context

configure ipsec tunnel-template public-tcp-mss-adjust

configure service vprn interface ip-tunnel public-tcp-mss-adjust

configure service vprn interface sap ipsec-tunnel public-tcp-mss-adjust

configure service ies interface sap ip-tunnel public-tcp-mss-adjust

configure service vprn interface ipsec ipsec-tunnel public-tcp-mss-adjust

configure router interface ipsec ipsec-tunnel public-tcp-mss-adjust

configure service ies interface ipsec ipsec-tunnel public-tcp-mss-adjust

Description

This command enables the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet.

If the auto parameter is specified, the system derives the new MSS value based on the public MTU and IPsec overhead.

The no form of this command disables TCP MSS adjust on the public side.

Default

no public-tcp-mss-adjust

Parameters

auto

Derive the new MSS value based on the public MTU and IPsec overhead.

bytes

Specifies the new TCP MSS value in bytes.

Values

512 to 9000

octets

Specifies the new TCP MSS value in octets

Values

512 to 9000

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

  • configure ipsec tunnel-template public-tcp-mss-adjust
  • configure service vprn interface sap ipsec-tunnel public-tcp-mss-adjust
  • configure service ies interface sap ip-tunnel public-tcp-mss-adjust

VSR

  • configure service ies interface ipsec ipsec-tunnel public-tcp-mss-adjust
  • configure service vprn interface ipsec ipsec-tunnel public-tcp-mss-adjust
  • configure router interface ipsec ipsec-tunnel public-tcp-mss-adjust

purge-timeout

purge-timeout

Syntax

purge-timeout seconds

no purge-timeout

Context

[Tree] (config>system>grpc>rib-api purge-timeout)

Full Context

configure system grpc rib-api purge-timeout

Description

This command configures the purge timeout associated with the RibApi gRPC service.

If a gRPC client used the RibApi gRPC service to program RIB entries into the router, and then the TCP connection drops for any reason, the associated RIB entries are immediately marked as stale and a timer with the purge-timeout value is started. Upon timer expiration, all of the stale entries are removed. While the timer is running, the stale entries remain valid and usable for forwarding but are less preferred than any non-stale entry. The purge-timeout gives an opportunity for the disconnected client, or some other client, to re-program the necessary RIB entries so that forwarding can continue uninterrupted.

The no form of this command resets to the default value of 0. Entries are immediately deleted when the TCP connection drops.

Default

no purge-timeout

Parameters

seconds

Specifies the number of seconds until the stale entries are purged.

Values

1 to 100 000

Default

0

Platforms

All

purge-timer

purge-timer

Syntax

purge-timer minutes

no purge-timer

Context

[Tree] (config>router>bgp purge-timer)

Full Context

configure router bgp purge-timer

Description

When the system sends a VPN-IP Route-Refresh to a peer it sets all the VPN-IP routes received from that peer (in the RIB-IN) to stale and starts the purge-timer. If the routes are not updated (refreshed) before the purge-timer has expired then the routes are removed.

The BGP purge timer configures the time before stale routes are purged.

The no form of this command reverts to the default.

Default

purge-timer 10

Parameters

minutes

Specifies the maximum time before stale routes are purged.

Values

1 to 60

Platforms

All

push

push

Syntax

push {label | implicit-null-label} nexthop ip-address

no push {out-label | implicit-null-label}

Context

[Tree] (config>router>mpls>static-lsp push)

Full Context

configure router mpls static-lsp push

Description

This command specifies the label to be pushed on the label stack and the next hop IP address for the static LSP.

The no form of this command removes the association of the label to push for the static LSP.

Parameters

implicit-null-label

Specifies the use of the implicit label value for the push operation.

label

The label to push on the label stack. Label values 16 through 1,048,575 are defined as follows:

  • label values 16 through 31 are reserved

  • label values 32 through 1,023 are available for static assignment

  • label values 1,024 through 2,047 are reserved for future use

  • label values 2,048 through 18,431 are statically assigned for services

  • label values 28,672 through 131,071 are dynamically assigned for both MPLS and services

  • label values 131,072 through 1,048,575 are reserved for future use

Values

16 to 1048575

nexthop ip-address

Specifies the IP address of the next hop towards the LSP egress router. If an ARP entry for the next hop exists, then the static LSP is marked operational. If ARP entry does not exist, software sets the operational status of the static LSP to down and continues to ARP for the configured nexthop. Software continuously tries to ARP for the configured nexthop at a fixed interval.

Platforms

All

pushed-labels

pushed-labels

Syntax

pushed-labels label [label]

no pushed-labels

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>bkup pushed-labels)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp>pri pushed-labels)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group backup-next-hop pushed-labels

configure router mpls forwarding-policies forwarding-policy next-hop-group primary-next-hop pushed-labels

Description

This command configures the pushed label stack for the primary or backup next hop of a next-hop group of an MPLS forwarding policy.

The no form of this command removes the pushed label stack.

Parameters

label

Specifies the label value; up to a maximum of 10 labels.

Values

0 to 1048575

Platforms

All

pw-cap-list

pw-cap-list

Syntax

pw-cap-list {ethernet | ethernet-vlan} [{ ethernet | ethernet-vlan}]

no pw-cap-list

Context

[Tree] (config>service>vprn>l2tp>group>l2tpv3 pw-cap-list)

Full Context

configure service vprn l2tp group l2tpv3 pw-cap-list

Description

This command configures the allowable pseudowire capability list that is advertised to the far end. An empty list results in both pseudowire capabilities being advertised. Up to two capabilities are allowed to be advertised.

The no form of this command removes the list and advertises both pseudowire capabilities to the far end.

Default

no pw-cap-list

Parameters

ethernet

Specifies that the Ethernet pseudo-wire type is advertised.

ethernet-vlan

Specifies that the Ethernet-VLAN pseudo-wire type is advertised.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

pw-path-id

pw-path-id

Syntax

[no] pw-path-id

Context

[Tree] (config>service>vpls>spoke-sdp pw-path-id)

[Tree] (config>service>cpipe>spoke-sdp pw-path-id)

[Tree] (config>service>epipe>spoke-sdp pw-path-id)

[Tree] (config>service>vprn>if>spoke-sdp pw-path-id)

[Tree] (config>service>vprn>red-if>spoke-sdp pw-path-id)

[Tree] (config>service>ies>if>spoke-sdp pw-path-id)

Full Context

configure service vpls spoke-sdp pw-path-id

configure service cpipe spoke-sdp pw-path-id

configure service epipe spoke-sdp pw-path-id

configure service vprn interface spoke-sdp pw-path-id

configure service vprn redundant-interface spoke-sdp pw-path-id

configure service ies interface spoke-sdp pw-path-id

Description

Commands in this context configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.

For an IES or VPRN spoke-sdp, the pw-path-id is only valid for ethernet spoke-sdps.

The pw-path-id is only configurable if all of the following is true:

  • SDP signaling is off

  • control-word is enabled (control-word is disabled by default)

  • the service type is Epipe, VPLS, Cpipe, or IES/VPRN interface

  • mate SDP signaling is off for vc-switched services

The no form of this command deletes the PW path ID.

Default

no pw-path-id

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

  • configure service vpls spoke-sdp pw-path-id
  • configure service epipe spoke-sdp pw-path-id
  • configure service vprn interface spoke-sdp pw-path-id
  • configure service cpipe spoke-sdp pw-path-id
  • configure service ies interface spoke-sdp pw-path-id

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s

  • configure service vprn redundant-interface spoke-sdp pw-path-id

pw-path-id

Syntax

[no] pw-path-id

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp pw-path-id)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp pw-path-id)

Full Context

configure mirror mirror-dest spoke-sdp pw-path-id

configure mirror mirror-dest remote-source spoke-sdp pw-path-id

Description

Commands in this context configure an MPLS-TP Pseudowire Path Identifier for a spoke SDP. All elements of the PW path ID must be configured in order to enable a spoke SDP with a PW path ID.

For an IES or VPRN spoke SDP, the pw-path-id is only valid for Ethernet spoke SDPs.

The pw-path-id is only configurable if all of the following is true:

  • SDP signaling is off

  • control-word is enabled (control-word is disabled by default)

  • the service type is Epipe, Cpipe, Apipe, IES, VPLS, or VPRN interface

  • mate SDP signaling is off for VC-switched services

The no form of this command deletes the PW path ID.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

pw-port

pw-port

Syntax

pw-port pw-port-id [pw-headend]

no pw-port

Context

[Tree] (config>service>system>bgp-evpn>eth-seg pw-port)

Full Context

configure service system bgp-evpn ethernet-segment pw-port

Description

This command configures a PW port associated to the Ethernet Segment. When the Ethernet Segment is configured as all-active, only a LAG or a PW port can be associated to the Ethernet Segment. When the Ethernet Segment is configured as single-active, then a LAG, port or SDP can be associated to the Ethernet Segment, but not a PW port unless the pw-headend parameter is configured. In either case, only one of the four objects can be configured in the Ethernet Segment. A specified PW port can be part of only one Ethernet Segment.

The no version of this command removes the PW port from the Ethernet Segment.

Default

no pw-port

Parameters

pw-port-id

Specifies the PW port identifier.

Values

1 to 32767

pw-headend

Keyword used to specify multihoming procedures are run in the PW port stitching Epipe and the routes advertised in the context of the stitching Epipe contain the ESI of the Ethernet Segment.

Platforms

All

pw-port

Syntax

pw-port id [create]

no pw-port id

Context

[Tree] (config pw-port)

Full Context

configure pw-port

Description

This command creates a PW port that can be bound to a physical port or associated with an FPE (anchored PW port). A PW port's purpose is to provide, through a PW SAP, access level (or SAP level) capability to customer traffic that is tunneled to the SR OS node through an IP/MPLS network.

The no form of this command removes the pw-port ID.

Default

no pw-port

Parameters

id

Specifies the ID of the PW port.

Values

1 to 32767

create

Keyword required to create the configuration context.

Platforms

All

pw-port

Syntax

pw-port pw-port-id [vc-id vc-id] [ create]

no pw-port pw-port-id

Context

[Tree] (config>service>sdp>binding pw-port)

Full Context

configure service sdp binding pw-port

Description

This command creates a pseudowire port.

The no form of the command removes the pseudowire port ID from the configuration.

Parameters

pw-port-id

Specifies a unique identifier of the pseudowire port.

Values

1 to 10239

vc-id

Specifies a virtual circuit identifier signaled to the peer.

Values

1 to 4294967295

create

This keyword is required when a new pseudowire is being created.

Platforms

All

pw-port

Syntax

pw-port pw-port-id [fpe fpe-id] [ create]

no pw-port

Context

[Tree] (config>service>epipe pw-port)

Full Context

configure service epipe pw-port

Description

This command is used to associate the PW-port with the PXC ports or PXC based LAGs referenced in the FPE. That is, the PW-port becomes anchored by the PXC. This enables an external PW that is mapped to the anchored PW-port to be seamlessly rerouted between the I/O ports without interruption of service on the PW-port. This mapping between the external PW (spoke SDP) and the PXC based PXC-port is performed via an Epipe operating in vc-switching mode (creation time parameter).

Default

no pw-port

Parameters

pw-port-id

Specifies the PW-port associated with this service.

Values

1 to 10239

fpe fpe-id

Specifies the FPE object which contains the PXC-based ports or PXC-based LAGs.

Values

1 to 64

Platforms

All

pw-port

Syntax

pw-port pw-port-id [fpe fpe-id] [create]

no pw-port

Context

[Tree] (config>service>epipe pw-port)

Full Context

configure service epipe pw-port

Description

This command is only applicable for VSR configurations. This command associates a Flex PW port with any of the following constructs:

  • an MPLS-based spoke SDP (PW)

  • L2oGRE tunnel using IPv4 or IPv6 transport

With this configuration, a PW that is terminated on a Flex PW port can be seamlessly rerouted between I/O ports.

The payload from the PW is extracted from the Flex PW port and processed in accordance with the configured application (a capture SAP in ESM, a PW SAP for business services, and so on). The Epipe that associates the Flex PW port with the spoke SDP or with the tunnel is a regular Epipe service (not of type vc-switching).

This command must be configured before a spoke SDP is added to the Epipe.

The no form of this command removes the pw-port-id from the configuration.

Parameters

pw-port-id

Specifies the PW port associated with the PW.

Values

1 to 32767

fpe-id

Specifies the FPE object.

Values

1 to 64

create

Keyword required to create the configuration context.

Platforms

All

pw-port-extension

pw-port-extension

Syntax

[no] pw-port-extension

Context

[Tree] (config>fwd-path-ext>fpe pw-port-extension)

Full Context

configure fwd-path-ext fpe pw-port-extension

Description

Commands in this context configure the type of the cross-connect required to terminate an external tunnel to an anchored PW port. The system automatically builds the internal infrastructure required to perform the tunnel termination on a PW port.

PW ports support the following types of tunnels:

  • GRE/MPLS PW with SDP of type MPLS or GRE

  • L2oGRE bridged Ethernet over GRE, where GRE protocol number is 0x6558

The no form of this command removes the cross-connect type from the configuration.

Default

no pw-port-extension

Platforms

All

pw-port-list

pw-port-list

Syntax

pw-port-list

Context

[Tree] (config>service>system pw-port-list)

Full Context

configure service system pw-port-list

Description

Commands in this context configure a port list to bind to Flex PW ports.

Platforms

VSR

pw-routing

pw-routing

Syntax

pw-routing

Context

[Tree] (config>service pw-routing)

Full Context

configure service pw-routing

Description

Commands in this context configure dynamic multi-segment pseudowire (MS-PW) routing. Pseudowire routing must be configured on each node that will be a T-PE or an S-PE.

Platforms

All

pw-sap-secondary-shaper

pw-sap-secondary-shaper

Syntax

pw-sap-secondary-shaper pw-sap-sec-shaper-name

no pw-sap-secondary-shaper

Context

[Tree] (config>service>sdp>binding>pw-port>egress>shaper pw-sap-secondary-shaper)

Full Context

configure service sdp binding pw-port egress shaper pw-sap-secondary-shaper

Description

This command configures a default secondary shaper applicable to pw-saps under normal interfaces.

The no form of the command removes the shaper name from the configuration.

Platforms

All

pw-status-signaling

pw-status-signaling

Syntax

[no] pw-status-signaling

Context

[Tree] (config>service>epipe>spoke-sdp pw-status-signaling)

Full Context

configure service epipe spoke-sdp pw-status-signaling

Description

This command enables pseudowire status signaling for this spoke SDP binding.

The no form of this command disables the status signaling.

Default

pw-status-signaling

Platforms

All

pw-status-signaling

Syntax

[no] pw-status-signaling

Context

[Tree] (config>service>vpls>spoke-sdp pw-status-signaling)

Full Context

configure service vpls spoke-sdp pw-status-signaling

Description

This command specifies the type of signaling used by this multi-segment pseudowire provider-edge for this service.

When no pw-status-signaling is enabled, a 7450 ESS, 7750 SR, and 7950 XRS will not include the pseudowire status TLV in the initial label mapping message of the pseudowire used for a spoke-SDP. This will force both 7450 ESS, 7750 SR, and 7950 XRS PEs to use the pseudowire label withdrawal method for signaling pseudowire status.

If pw-status-signaling is configured, the node will include the use of the pseudowire status TLV in the initial label mapping message for the pseudowire.

Platforms

All

pw-template

pw-template

Syntax

pw-template policy-id [use-provisioned-sdp | [ prefer-provisioned-sdp] [auto-gre-sdp] ][create] [ name name]

no pw-template policy-id

Context

[Tree] (config>service pw-template)

Full Context

configure service pw-template

Description

This command configures an SDP template.

Parameters

policy-id

Specifies a number that uniquely identifies a template for the creation of an SDP.

Values

policy-id: 1 to 2147483647

use-provisioned-sdp

Specifies whether to use an already provisioned SDP. When specified, the tunnel manager is consulted for an existing active SDP (with a matching far-end address), and the SDP with the lowest metric is chosen. If there are multiple SDPs with the same metric, then the highest SDP identifier that is oper-up is chosen. The choice of SDP can be configured by applying sdp-include/exclude in the PW template together with an sdp-group in the provisioned SDPs. This option, and the auto-gre-sdp option, are mutually exclusive.

prefer-provisioned-sdp

Specifies that if an existing matching SDP that conforms to any restrictions defined in the pw-template is found (for example, sdp-include/exclude group), then it will be used, following the same logic as for the use-provisioned-sdp parameter. Otherwise, the command will automatically create an SDP in the same manner as if the user did not specify any option. This option and the use-provisioned-sdp option are mutually exclusive.

auto-gre-sdp

Specifies that an SDP should automatically be created using a GRE tunnel. This option and the use-provisioned-sdp option are mutually exclusive. The PW template parameters hash-label, entropy-label and sdp-include/exclude are ignored when an GRE SDP is auto-created.

auto-mpls-sdp

Specifies that an SDP should automatically be created using an MPLS tunnel. This is the default.

create

This keyword is required when first creating the configuration context. Once the context is created, it is possible to navigate into the context without the create keyword.

name name

A name of the operator’s choice, up to 64 characters. The name is saved as part of the configuration.

If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.

Values

name: 64 characters maximum

Platforms

All

pw-template-bind

pw-template-bind

Syntax

pw-template-bind policy-id

no pw-template-bind

Context

[Tree] (config>service>epipe>spoke-sdp-fec pw-template-bind)

Full Context

configure service epipe spoke-sdp-fec pw-template-bind

Description

This command binds includes the parameters included in a specific PW template to a spoke SDP.

The no form of this command removes the values from the configuration.

Parameters

policy-id

Specifies the existing policy ID.

Values

1 to 2147483647

Platforms

All

pw-template-binding

pw-template-binding

Syntax

pw-template-binding policy-id [import-rt { ext-community [ext-community]}] [endpoint endpoint-name]

no pw-template-binding policy-id

Context

[Tree] (config>service>epipe>bgp pw-template-binding)

Full Context

configure service epipe bgp pw-template-binding

Description

This command binds the advertisements received with the route targets (RT) that match the configured list (either the generic or the specified import) to a specific pw-template. If the RT list is not present, or if multiple matches are found, the numerically lowest pw-template is used.

The pw-template-binding applies to BGP-VPWS when enabled in the Epipe.

For BGP VPWS, the following additional rules govern the use of pseudowire-template:

  • On transmission, the settings for the L2-Info extended community in the BGP updates are derived from the pseudowire template attributes. If multiple pseudowire template bindings (with or without import-rt) are specified for the same VPWS instance the first pw-template entry will be used for the information in the BGP update sent.

  • On reception, the values of the parameters in the L2-Info extended community of the BGP updates are compared with the settings from the corresponding pseudowire template bindings. The following steps are used to determine the local pw-template:

    • The RT values are matched to determine the pw-template. The route targets configured for each pw-template-binding are compared to the route targets within the BGP update. The PW template corresponding to pw-template-binding with the first matching route target is used to for the SDP. The matching is performed from the lowest PW template binding identifier to the highest.

    • If no pw-template-binding matches are found from the previous step, the first (numerically lowest) configured pw-template entry without any route-target configured will be used.

If the value used for Layer 2 MTU (unless the value zero is received), or control word does not match, the pseudowire is created but with the operationally down state.

If the value used for the S (sequenced delivery) flags is not zero the pseudowire is not created.

The tools perform commands can be used to control the application of changes in pw-template for BGP-VPWS.

The no form of this command removes the values from the configuration.

Parameters

policy-id

Specifies an existing policy ID.

Values

1 to 2147483647

import-rt ext-comm

Specifies the communities, up to five, allowed to be accepted from remote PE neighbors. An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin.

Values

target:{ip-addr:comm-val | 2byte-asnumber:ext-comm-val| 4byte-snumber: comm-val}

ip-addr

a.b.c.d

comm-val

0 to 65535

2byte-asnumber

0 to 65535

ext-comm-val

0 to 4294967295

4byte-asnumber

0 to 4294967295

endpoint-name

Specifies the name of the endpoint the BGP PW template is associated with, up to 32 characters. When the configured endpoint is associated to the pw-template-binding of a BGP VPWS service, EVPN MPLS can also be configured and associated to the same endpoint in the same Epipe service. Modifying this element causes the parent element to be recreated automatically in order for the new value to take effect.

Platforms

All

pw-template-binding

Syntax

pw-template-binding policy-id [split-horizon-group group-name] [import-rt {ext-community}]

no pw-template-bind policy-id

Context

[Tree] (config>service>vpls>bgp pw-template-binding)

[Tree] (config>service>vpls>bgp-ad pw-template-binding)

Full Context

configure service vpls bgp pw-template-binding

configure service vpls bgp-ad pw-template-binding

Description

This command binds the advertisements received with the route target (RT) that matches the configured list (either the generic or the specified import) to a specific PW template. If the RT list is not present the pw-template is used for all of them.

The pw-template-binding applies to both BGP-AD and BGP-VPLS if these features are enabled in the VPLS.

For BGP VPLS the following additional rules govern the use of pseudowire-template.

  • On transmission, the settings for the L2-Info extended community in the BGP update are derived from the pseudowire template attributes. If multiple pseudowire template bindings (with or without import-rt) are specified, the first pw-template entry will be used for the information in the BGP update sent.

  • On reception, the values of the parameters in the L2-Info extended community of the BGP update are compared with the settings from the corresponding pw-template. The following steps are used to determine the local pw-template.

    • The RT values are matched to determine the pw-template. The route targets configured for each pw-template-binding are compared to the route targets within the BGP update. The PW template corresponding to pw-template-binding with the first matching route target is used to for the SDP. The matching is performed from the lowest PW template binding identifier to the highest

    • If no pw-templates matches are found from the previous step, the first (numerically lowest) configured pw-template entry without any route-target configured will be used.

If the values used for Layer 2 MTU (unless the value zero is received) or control word flag do not match, the pseudowire is created but with the operationally down state.

If the value used for the S (sequenced delivery) flags is not zero, the pseudowire is not created.

The tools perform commands can be used to control the application of changes in pw-template for both BGP-AD and BGP-VPLS.

The no form of this command removes the values from the configuration.

Parameters

policy-id

Specifies an existing policy ID

Values

1 to 2147483647

group-name

The specified group-name overrides the split horizon group template settings

import-rt ext-comm

Specifies communities allowed to be accepted from remote PE neighbors. An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers. A maximum of five import-rt ext-com can be specified.

Values

target:{ip-addr:comm-val| 2byte-asnumber:ext-comm-val| 4byte-asnumber:comm-val}

ip-addr: a.b.c.d

comm-val: [0 to 65535]

2byte-as-number: [0 to 65535]

ext-comm-val: [0 to 4294967295]

4byte-asnumber: [0 to 4294967295]

Platforms

All

pw-template-id-range

pw-template-id-range

Syntax

pw-template-id-range start pw-template-id end pw-template-id

no pw-template-id-range

Context

[Tree] (config>service>md-auto-id pw-template-id-range)

Full Context

configure service md-auto-id pw-template-id-range

Description

This command specifies the range of IDs used by SR OS to automatically assign an ID to PW templates that are created in model-driven interfaces without an ID explicitly specified by the user or client.

A PW template created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD-CLI interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the config>service md-auto-id command for further details.

Default

no pw-template-id-range

Parameters

start pw-template-id

Specifies the lower value of the ID range. The value must be less than or equal to the end value.

Values

1 to 2147483647

end pw-template-id

Specifies the upper value of the ID range. The value must be greater than or equal to the start value.

Values

1 to 2147483647

Platforms

All

pw-type

pw-type

Syntax

pw-type ethernet-vlan vlan-id

pw-type ethernet

no pw-type

Context

[Tree] (config>service>vpls>sap>l2tpv3-session pw-type)

[Tree] (config>service>epipe>sap>l2tpv3-session pw-type)

Full Context

configure service vpls sap l2tpv3-session pw-type

configure service epipe sap l2tpv3-session pw-type

Description

This command specifies the PW-type for the associated L2TPv3 session.

The support types are either Ethernet or Ethernet-VLAN. If Ethernet-VLAN is configured, a VLAN value must be specified as well.

The no form of this command deletes the PW-type configuration.

Parameters

vlan-id

Specifies the VLAN-ID.

Platforms

All

pwc

pwc

Syntax

pwc [previous]

Context

[Tree] (pwc)

Full Context

pwc

Description

This command displays the present or previous working context of the CLI session. The pwc command provides a user who is in the process of dynamically configuring a chassis a way to display the current or previous working context of the CLI session. The pwc command displays a list of the CLI nodes that hierarchically define the current context of the CLI instance of the user.

The following example is from a 7750 SR:

A:ALA-1>config>router>bgp>group# pwc
-----------------------------------------------
Present Working Context :
-----------------------------------------------
<root>
  configure
  router Base
  bgp
  group test
  ospf
  area 1
-----------------------------------------------
A:ALA-1>config>router>bgp>group#

When the previous keyword is specified, the previous context displays. This is the context entered by the CLI parser upon execution of the exit command. The current context of the CLI is not affected by the pwc command.

The following example is from a 7450 ESS:

*A:ALA-1>config>router>ospf>area>if# pwc previous
---------------------------------------------------------
Previous Working Context :
---------------------------------------------------------
 <root>
  configure
  router "Base"
  ospf
  area "0.0.0.0"
---------------------------------------------------------
*A:ALA-1config>router>ospf>area>if#

Parameters

previous

Displays the previous present working context.

Platforms

All

pxc

pxc

Syntax

pxc pxc-id [create]

no pxc pxc-id

Context

[Tree] (config>port-xc pxc)

Full Context

configure port-xc pxc

Description

This command creates a port cross-connect (PXC) object. Referencing an Ethernet port within the PXC object will automatically configure this Ethernet port as a loopback port. The node will automatically create two PXC sub-ports under this Ethernet port. The configuration of PXC sub-ports can be accessed through the CLI.

Parameters

pxc-id

Specifies the port cross-connect identifier.

Values

1 to 64

Platforms

All

pxc-pxc-id.sub-port-id

pxc-pxc-id.sub-port-id

Syntax

pxc-pxc-id.sub-port-id

Context

[Tree] (config>port pxc-pxc-id.sub-port-id)

Full Context

configure port pxc-pxc-id.sub-port-id

Description

This command enables access to PXC sub-port level parameters. The PXC sub-ports are automatically created once the external Ethernet port is configured inside of an PXC object. The PXC sub-ports are by default administratively disabled (shutdown). In order for PXC sub-ports to became operational, both, the underlying external Ethernet port and the PXC object must be operationally up.

Parameters

pxc-id

Specifies the unique identifier of this PXC.

Values

1 to 64

sub-port-id

When this the pxc-id is configured, two logical sub-ports are automatically created. These logical sub-ports are used to create two paths within the loop; one upstream path, and one downstream path. These sub-ports are destroyed when either this PXC row is destroyed, this object is de-provisioned.

Values

a, b

Platforms

All

python

python

Syntax

python

Context

[Tree] (config python)

Full Context

configure python

Description

Commands in this context configure Python parameters.

Platforms

All

python

Syntax

[no] python

Context

[Tree] (config>redundancy>multi-chassis>peer>sync python)

Full Context

configure redundancy multi-chassis peer sync python

Description

This command enables syncing of python-policy cached entries to the peer.

Use the mcs-peer command in the Python policy to enable syncing for a specific Python policy.

The no form of this command reverts to the default.

Default

no python

Platforms

All

python-policy

python-policy

Syntax

python-policy python-name

no python-policy

Context

[Tree] (config>service>vprn>if>dhcp python-policy)

[Tree] (config>service>vprn>sub-if>grp-if>dhcp python-policy)

[Tree] (config>service>vprn>sub-if python-policy)

[Tree] (config>service>ies>if>ipv6>dhcp6-relay python-policy)

[Tree] (config>service>ies>sub-if>ipv6>dhcp6 python-policy)

[Tree] (config>service>ies>sub-if>grp-if>dhcp python-policy)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6>proxy python-policy)

[Tree] (config>service>ies>sub-if>dhcp python-policy)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server python-policy)

[Tree] (config>service>vprn>sub-if>dhcp python-policy)

[Tree] (config>service>ies>if>dhcp python-policy)

[Tree] (config>service>vprn>sub-if>ipv6>dhcp6 python-policy)

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay python-policy)

Full Context

configure service vprn interface dhcp python-policy

configure service vprn subscriber-interface group-interface dhcp python-policy

configure service vprn subscriber-interface python-policy

configure service ies interface ipv6 dhcp6-relay python-policy

configure service ies subscriber-interface ipv6 dhcp6 python-policy

configure service ies subscriber-interface group-interface dhcp python-policy

configure service vprn subscriber-interface ipv6 dhcp6 proxy python-policy

configure service ies subscriber-interface dhcp python-policy

configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server python-policy

configure service vprn subscriber-interface dhcp python-policy

configure service ies interface dhcp python-policy

configure service vprn subscriber-interface ipv6 dhcp6 python-policy

configure service vprn interface ipv6 dhcp6-relay python-policy

Description

This command specifies the Python policy to be used for DHCPv6 relay.

The no form of this command reverts to the default.

Parameters

python-name

Specifies the name of an existing python script, up to 32 characters.

Platforms

All

  • configure service vprn interface ipv6 dhcp6-relay python-policy
  • configure service ies interface ipv6 dhcp6-relay python-policy
  • configure service ies interface dhcp python-policy
  • configure service vprn interface dhcp python-policy

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

  • configure service vprn subscriber-interface ipv6 dhcp6 python-policy
  • configure service ies subscriber-interface ipv6 dhcp6 python-policy
  • configure service ies subscriber-interface dhcp python-policy
  • configure service vprn subscriber-interface dhcp python-policy
  • configure service ies subscriber-interface group-interface dhcp python-policy
  • configure service vprn subscriber-interface group-interface dhcp python-policy
  • configure service vprn subscriber-interface group-interface ipv6 dhcp6 proxy-server python-policy
  • configure service vprn subscriber-interface python-policy

python-policy

Syntax

python-policy policy-name

no python-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>pppoe python-policy)

[Tree] (config>service>vprn>sub-if>grp-if>pppoe python-policy)

Full Context

configure service ies subscriber-interface group-interface pppoe python-policy

configure service vprn subscriber-interface group-interface pppoe python-policy

Description

This command specifies the Python policy for PPPoE packets sent/received on the group interface.

The no form of this command removes the policy name from the configuration.

Parameters

policy-name

Specifies an existing Python policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile python-policy)

Full Context

configure subscriber-mgmt gtp peer-profile python-policy

Description

This command specifies the Python policy for MGW profile packets sent/received on the group interface.

The no form of this command removes the policy name from the configuration.

Default

no python-policy

Parameters

name

Specifies an existing Python policy name up to 32 characters.

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy [policy-name]

no python-policy

Context

[Tree] (config>aaa>diam>node python-policy)

Full Context

configure aaa diameter node python-policy

Description

This command specified the python-policy for Diameter messages received or transmitted.

The no form of this command reverts to the default.

Parameters

policy-name

Specifies the name of the Python policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name [create] [wlan-gw-group wlan-gw-group-id] [nat-group nat-group-id]

no python-policy name

Context

[Tree] (config>python python-policy)

Full Context

configure python python-policy

Description

This command creates a new Python policy or enables an existing Python policy configuration context.

There are two types of Python policies: centralized and distributed. A centralized Python policy runs on a CPM, while a distributed Python policy runs on an ISA. With the distributed Python policy, a wlan-gw-group wlan-gw-group-id or a nat-group nat-group-id command must specified.

The no form of this command removes the Python policy from the configuration.

Parameters

name

Specifies the Python policy name up to 32 characters.

create

This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.

wlan-gw-group wlan-gw-group-id

Specifies the ID of the WLAN GW group that the distributed python-policy installs.

nat-group nat-group-id

Specifies the ID of the NAT group that the distributed python-policy installs.

Platforms

All

python-policy

Syntax

python-policy policy-name

no python-policy

Context

[Tree] (config>aaa>isa-radius-policy python-policy)

Full Context

configure aaa isa-radius-policy python-policy

Description

This command specifies the Python policy for the ISA RADIUS proxy server. This is the python policy for RADIUS packets to/from the client.

The no form of this command removes the Python policy from the configuration.

Parameters

name

Specifies the Python policy name, up to 32 characters

create

This keyword is required when first creating the Python policy. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv4>dhcp4 python-policy)

[Tree] (config>service>vprn>sub-if>grp-if>ipv4>dhcp4 python-policy)

Full Context

configure service ies subscriber-interface group-interface ipv4 dhcp4 python-policy

configure service vprn subscriber-interface group-interface ipv4 dhcp4 python-policy

Description

This command specified the Python policy for DHCPv4 packets sent/received on the group interface.

The no form of this command removes the policy name from the configuration.

Parameters

name

Specifies an existing Python policy name, up to 32 characters.

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>service>ies>sub-if>grp-if>ipv6>dhcp6 python-policy)

[Tree] (config>service>vprn>sub-if>grp-if>ipv6>dhcp6 python-policy)

Full Context

configure service ies subscriber-interface group-interface ipv6 dhcp6 python-policy

configure service vprn subscriber-interface group-interface ipv6 dhcp6 python-policy

Description

This command specified the Python policy for DHCPv6 packets sent/received on the group interface.

The no form of this command removes the policy name from the configuration.

Parameters

name

Specifies an existing Python policy name, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>aaa>radius-srv-plcy python-policy)

Full Context

configure aaa radius-server-policy python-policy

Description

This command specifies the Python policy for RADIUS packets to/from the RADIUS servers defined in the specified radius-server-policy.

The no form of this command removes the policy name from the configuration.

Parameters

name

Specifies the name of the Python policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>router>radius-proxy>server python-policy)

[Tree] (config>service>vprn>radius-proxy>server python-policy)

Full Context

configure router radius-proxy server python-policy

configure service vprn radius-proxy server python-policy

Description

This command specifies the Python policy for RADIUS packets sent/received on the client side of the RADIUS proxy server.

This command supports RADIUS proxy on both CPMs and ISAs.

The no form of this command removes the policy name from the configuration.

Parameters

name

Specifies the name of the Python policy, up to 32 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>subscr-mgmt>pppoe-client-policy python-policy)

Full Context

configure subscriber-mgmt pppoe-client-policy python-policy

Description

This command applies a Python policy to all messages sent and received by the PPPoE client.

The no form of this command removes the associated Python policy from the PPPoE client.

Parameters

name

The name of a preconfigured Python policy.

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

python-policy

Syntax

python-policy name

no python-policy

Context

[Tree] (config>service>vprn>if>ipv6 python-policy)

Full Context

configure service vprn interface ipv6 python-policy

Description

This command specifies a python policy. Python policies are configured in the config>python> python-policy name context.

Parameters

name

Specifies the name of an existing python script, up to 32 characters in length.

Platforms

All

python-policy

Syntax

python-policy python-policy-name

no python-policy

Context

[Tree] (config>router>if>dhcp python-policy)

Full Context

configure router interface dhcp python-policy

Description

This command specifies a python policy. Python policies are configured in the config>python>python-policy name context.

Default

no python-policy

Parameters

python-policy-name

Specifies the name of an existing python script, up to 32 characters in length.

Platforms

All

python-policy

Syntax

python-policy policy-name

no python-policy

Context

[Tree] (config>log>log-id python-policy)

Full Context

configure log log-id python-policy

Description

This command associates the Python script with the events sent to this log ID. The Python policy can be associated with the log only if the destination in the log ID is set to syslog.

For information about Python policy configuration, refer to the Python Script Support for ESM in the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide.

The no form of this command disables Python processing of the events in this log ID.

Default

no python-policy

Parameters

policy-name

Specifies a Python policy name, up to 32 characters.

Platforms

All

python-policy-cache

python-policy-cache

Syntax

python-policy-cache

Context

[Tree] (config>system>persistence python-policy-cache)

Full Context

configure system persistence python-policy-cache

Description

This command configures Python policy cache persistency parameters.

Platforms

All

python-script

python-script

Syntax

python-script name [create]

no python-script name

Context

[Tree] (config>python python-script)

Full Context

configure python python-script

Description

Commands in this context configure Python scripts to modify messages of different protocols.

The no form of this command removes the Python script name from the configuration.

Parameters

name

Specifies the name of this Python script policy.

create

This keyword is required when first creating the Python script. Once the context is created, it is possible to navigate into the context without the create keyword.

Platforms

All

python-script

Syntax

python-script script-name

Context

[Tree] (debug>python python-script)

Full Context

debug python python-script

Description

Commands in this context debug the specified Python script.

Parameters

policy-name

Specifies the Python script name, up to 32 characters.

Platforms

All