k Commands

kb-memory-use-alarm

kb-memory-use-alarm

Syntax

kb-memory-use-alarm rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no kb-memory-use-warn

Context

[Tree] (config>system>thresholds kb-memory-use-alarm)

Full Context

configure system thresholds kb-memory-use-alarm

Description

This command configures memory use, in kilobytes, alarm thresholds.

The no form of the command removes the parameters from the configuration.

Parameters

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold value.

The threshold value represents units of kilobytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal the rising-threshold value.

The threshold value represents units of kilobytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — In the case of log, an entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

startup-alarm alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, then a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Platforms

All

kb-memory-use-warn

kb-memory-use-warn

Syntax

kb-memory-use-warn rising-threshold threshold [falling-threshold threshold] interval seconds [rmon-event-type] [startup-alarm alarm-type]

no kb-memory-use-warn

Context

[Tree] (config>system>thresholds kb-memory-use-warn)

Full Context

configure system thresholds kb-memory-use-warn

Description

This command configures memory usage, in kilobytes, for warning thresholds

Parameters

rising-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is greater than or equal to this threshold and the associated startup-alarm is equal to rising or either.

After a rising threshold crossing event is generated, another such event will not be generated until the sampled value falls below this threshold and reaches less than or equal the falling-threshold value.

The threshold value represents units of kilobytes.

Values

-2147483648 to 2147483647

Default

0

falling-threshold threshold

Specifies a threshold for the sampled statistic. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single threshold crossing event will be generated. A single threshold crossing event will also be generated if the first sample taken is less than or equal to this threshold and the associated startup-alarm is equal to falling or either.

After a falling threshold crossing event is generated, another such event will not be generated until the sampled value rises above this threshold and reaches greater than or equal the rising-threshold value.

The threshold value represents units of kilobytes.

Values

-2147483648 to 2147483647

Default

0

seconds

Specifies the polling period over which the data is sampled and compared with the rising and falling thresholds.

Values

1 to 2147483647

rmon-event-type

Specifies the type of notification action to be taken when this event occurs.

Values

log — An entry is made in the RMON-MIB log table for each event occurrence. This does not create an SR OS logger entry. The RMON-MIB log table entries can be viewed using the show>system>thresholds CLI command.

trap — An SR OSS logger event is generated. The SR OS logger utility then distributes the notification of this event to its configured log destinations which may be CONSOLE, telnet session, memory log, cflash file, syslog, or SNMP trap destinations logs.

both — Both an entry in the RMON-MIB logTable and an SR OS logger event are generated.

none — No action is taken.

Default

both

alarm-type

Specifies the alarm that may be sent when this alarm is first created. If the first sample is greater than or equal to the rising threshold value and startup-alarm is equal to rising or either, then a single rising threshold crossing event is generated. If the first sample is less than or equal to the falling threshold value and startup-alarm is equal to falling or either, a single falling threshold crossing event is generated.

Values

rising, falling, either

Default

either

Platforms

All

keep-alive

keep-alive

Syntax

keep-alive [interval seconds] [retry-count value] [timeout retry-seconds]

no keep-alive

Context

[Tree] (config>subscr-mgmt>gtp>peer-profile keep-alive)

Full Context

configure subscriber-mgmt gtp peer-profile keep-alive

Description

This command configures Echo-Request messages.

The no form of this command reverts to the default values.

Default

keep-alive interval 60 retry-count 4 timeout 5

Parameters

seconds

Specifies, in seconds, the interval between keep-alive Echo-Request messages towards the same peer.

Values

0, 60 to 180

Default

60

value

Specifies, in seconds, the interval between keep-alive Echo-Request messages towards the same peer.

Values

1 to 15

Default

4

retry-seconds

Specifies the retry timeout, in seconds.

Values

1 to 20

Default

5

Platforms

7750 SR, 7750 SR-e, 7750 SR-s, VSR

keep-alive

Syntax

keep-alive timer

no keep-alive

Context

[Tree] (config>port>ethernet>dwl keep-alive)

Full Context

configure port ethernet down-when-looped keep-alive

Description

This command configures the time interval between keep-alive PDUs.

Default

no keep-alive

Parameters

timer

Specifies the time interval, in seconds, between keep-alive PDUs.

Values

1 to 120

Platforms

All

keep-alive

Syntax

keep-alive seconds

Context

[Tree] (config>li>x-interfaces>x3>timeouts keep-alive)

[Tree] (config>li>x-interfaces>x2>timeouts keep-alive)

Full Context

configure li x-interfaces x3 timeouts keep-alive

configure li x-interfaces x2 timeouts keep-alive

Description

This command configures the X2 and X3 keep-alive timeout.

Parameters

seconds

Specifies the maximum time to wait for a LIC reply to a keep alive request. The system retries up to three more times, and if no reply is received, the system declares a connection fault and logs the failure event.

Values

300 to 600

Default

300

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, 7950 XRS

keep-alive

Syntax

keep-alive

Context

[Tree] (config>service>sdp keep-alive)

Full Context

configure service sdp keep-alive

Description

This command enables the context to configure SDP connectivity monitoring keepalive messages for the SDP ID.

SDP ID keepalive messages use SDP Echo Request and Reply messages to monitor SDP connectivity. The operating state of the SDP is affected by the keepalive state on the SDP ID. SDP Echo Request messages are only sent when the SDP ID is completely configured and administratively up. If the SDP ID is administratively down, keepalives for that SDP ID are disabled. SDP Echo Requests (when sent for keepalive messages) are always sent with the originator-sdp-id. All SDP ID keepalive SDP Echo Replies are sent using generic IP/GRE OAM encapsulation.

When a keepalive response is received that indicates an error condition, the SDP ID will immediately be brought operationally down. Once a response is received that indicates the error has cleared and the hold-down-time interval has expired, the SDP ID will be eligible to be put into the operationally up state. If no other condition prevents the operational change, the SDP ID will enter the operational state.

A set of event counters track the number of keepalive requests sent, the size of the message sent, non-error replies received and error replies received. A keepalive state value is kept indicating the last response event. A keepalive state timestamp value is kept indicating the time of the last event. With each keepalive event change, a log message is generated indicating the event type and the timestamp value.

Keepalive Interpretation and Effect of SDP Echo Reply describes the keepalive interpretation of SDP echo reply response conditions and the effect on the SDP ID operational status.

Table 1. Keepalive Interpretation and Effect of SDP Echo Reply

Result of Request

Stored Response State

Operational State

keepalive request timeout without reply

Request Timeout

Down

keepalive request not sent due to non-existent orig-sdp-id

(This condition should not occur)

Orig-SDP Non-Existent

Down

keepalive request not sent due to administratively down orig-sdp-id

Orig-SDP Admin-Down

Down

keepalive reply received, invalid origination-id

Far End: Originator-ID Invalid

Down

keepalive reply received, invalid responder-id

Far End: Responder-ID Error

Down

keepalive reply received, No Error

Success

Up

(If no other condition prevents)

Platforms

All

keep-alive-interval

keep-alive-interval

Syntax

keep-alive-interval interval

no keep-alive-interval

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-lag keep-alive-interval)

Full Context

configure redundancy multi-chassis peer mc-lag keep-alive-interval

Description

This command sets the interval at which keep-alive messages are exchanged between two systems participating in MC-LAG. These keep-alive messages are used to determine remote-node failure and the interval is set in deciseconds.

The no form of this command sets the interval to default value.

Default

keep-alive-interval 10

Parameters

interval

The time interval expressed in tenths of a second.

Values

5 to 500

Platforms

All

keep-alive-interval

Syntax

keep-alive-interval interval

no keep-alive-interval

Context

[Tree] (config>service>vprn>sub-if>grp-if>srrp keep-alive-interval)

[Tree] (config>service>ies>sub-if>grp-if>srrp keep-alive-interval)

Full Context

configure service vprn subscriber-interface group-interface srrp keep-alive-interval

configure service ies subscriber-interface group-interface srrp keep-alive-interval

Description

This command defines the interval between SRRP advertisement messages sent when operating in the master state. The interval is also the basis for setting the master-down timer used to determine when the master is no longer sending. The system uses three times the keep-alive interval to set the timer. Every time an SRRP advertisement is seen that is better than the local priority, the timer is reset. If the timer expires, the SRRP instance assumes that a master does not exist and initiates the attempt to become master.

When in backup state, the SRRP instance takes the keep-alive interval of the master as represented in the masters SRRP advertisement message. Once in master state, the SRRP instance uses its own configured keep-alive interval.

The keep-alive-interval may be changed at any time, but will have no effect until the SRRP instance is in the master state.

The no form of this command restores the default interval.

Default

keep-alive-interval 10

Parameters

interval

Specifies the interval, in deciseconds, between SRRP advertisement messages sent when operating in the master state.

Values

1 to 100

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keep-alive-interval

Syntax

keep-alive-interval interval

no keep-alive-interval

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ep keep-alive-interval)

Full Context

configure redundancy multi-chassis peer mc-endpoint keep-alive-interval

Description

This command sets the interval at which keep-alive messages are exchanged between two systems participating in MC-EP when bfd is not enabled or is down. These fast keep-alive messages are used to determine remote-node failure and the interval is set in deciseconds.

The no form of this command sets the interval to default value

Default

no keep-alive-interval

Parameters

interval

The time interval expressed in tenths of a second.

Values

5 to 500

Platforms

All

keep-alive-interval

Syntax

keep-alive-interval interval

no keep-alive-interval

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec keep-alive-interval)

Full Context

configure redundancy multi-chassis peer mc-ipsec keep-alive-interval

Description

This command specifies the time interval of the mastership election protocol sending keep-alive packet.

The no form of this command reverts to the default.

Default

keep-alive-interval 10

Parameters

interval

Specifies the keep alive interval in tenths of seconds.

Values

5 to 500

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

keep-count

keep-count

Syntax

keep-count count

no keep-count

Context

[Tree] (config>bmp>station>connection>tcp-keepalive keep-count)

Full Context

configure bmp station connection tcp-keepalive keep-count

Description

This command configures the number of missed keepalives before the TCP connection is declared down.

The no form of this command reverts to the default.

Default

keep-count 4

Parameters

count

Specifies the number of missed keepalives before the TCP connection is declared down.

Values

3 to 100

Platforms

All

keep-idle

keep-idle

Syntax

keep-idle idle

no keep-idle

Context

[Tree] (config>bmp>station>connection>tcp-keepalive keep-idle)

Full Context

configure bmp station connection tcp-keepalive keep-idle

Description

This command configures the time until the first TCP keepalive probe is sent.

The no form of this command reverts to the default.

Default

keep-idle 600

Parameters

idle

Specifies the time, in seconds, until the first TCP keepalive probe is sent.

Values

1 to 100000

Platforms

All

keep-interval

keep-interval

Syntax

keep-interval interval

no keep-interval

Context

[Tree] (config>bmp>station>connection>tcp-keepalive keep-interval)

Full Context

configure bmp station connection tcp-keepalive keep-interval

Description

This command configures the time between two TCP keepalives probes.

The no form of this command reverts to the default.

Default

keep-interval 15

Parameters

interval

Specifies the time, in seconds, between two TCP keepalives probes.

Values

1 to 100000

Platforms

All

keep-multiplier

keep-multiplier

Syntax

[no] keep-multiplier number

no keep-multiplier

Context

[Tree] (config>router>rsvp keep-multiplier)

Full Context

configure router rsvp keep-multiplier

Description

The keep-multiplier number is an integer used by RSVP to declare that a reservation is down or the neighbor is down.

The no form of this command reverts to the default value.

Default

keep-multiplier 3

Parameters

number

Specifies the keep-multiplier value.

Values

1 to 255

Platforms

All

keepalive

keepalive

Syntax

keepalive seconds [hold-up-multiplier multiplier]

no keepalive

Context

[Tree] (config>service>vprn>l2tp>group>tunnel>ppp keepalive)

[Tree] (config>service>vprn>l2tp>group>ppp keepalive)

[Tree] (config>router>l2tp>group>tunnel>ppp keepalive)

[Tree] (config>router>l2tp>group>ppp keepalive)

Full Context

configure service vprn l2tp group tunnel ppp keepalive

configure service vprn l2tp group ppp keepalive

configure router l2tp group tunnel ppp keepalive

configure router l2tp group ppp keepalive

Description

This command configures the PPP keepalive interval and multiplier.

Default

keepalive 30 hold-up-multiplier 3

Parameters

seconds

Specifies in seconds the interval.

Values

10 to 300

multiplier

Specifies the multiplier.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds [hold-up-multiplier multiplier]

no keepalive

Context

[Tree] (config>subscr-mgmt>ppp-policy keepalive)

Full Context

configure subscriber-mgmt ppp-policy keepalive

Description

This command defines the keepalive interval and the number of keepalives that can be missed before the session is declared down for this PPP policy.

The no form of this command reverts to the default value.

Default

keepalive 30 hold-up-multiplier 3

Parameters

seconds

Specifies the keepalive interval in seconds.

Values

4 to 300

hold-up-multiplier multiplier

Specifies the number of keepalives that can be missed.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds [hold-up-multiplier multiplier]

no keepalive

Context

[Tree] (config>subscr-mgmt>loc-user-db>ppp>host>plcy-parms keepalive)

Full Context

configure subscriber-mgmt local-user-db ppp host ppp-policy-parameters keepalive

Description

This command configures the keepalive time interval in seconds at which LCP echo requests are transmitted for the PPP session and the number of LCP echo replies that can be missed before the PPP session is brought down. Overrides the values configured in subscriber-mgmt ppp-policy for PPPoE PTA sessions or in the Base router or VPRN service l2tp group context for L2TP LNS sessions.

The no form of this command removes the LCP keepalive parmeter overrides.

Default

no keepalive

Parameters

seconds

Specifies the keepalive interval in seconds.

Values

4 to 300

hold-up-multiplier multiplier

Specifies the number of keepalives that can be missed.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds

no keepalive

Context

[Tree] (config>subscr-mgmt>bgp-prng-plcy keepalive)

Full Context

configure subscriber-mgmt bgp-peering-policy keepalive

Description

This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires.

The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:

If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.

If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.

If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

Default

keepalive 30

Parameters

seconds

Specifies the keepalive timer in seconds, expressed as a decimal integer.

Values

0 to 21845

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds

no keepalive

Context

[Tree] (config>service>vpls>gsmp>group keepalive)

[Tree] (config>service>vprn>gsmp>group keepalive)

Full Context

configure service vpls gsmp group keepalive

configure service vprn gsmp group keepalive

Description

This command configures keepalive values for the GSMP connections in this group.

The no form of this command reverts to the default.

Default

no keepalive

Parameters

seconds

Specifies the GSMP keepalive timer value in seconds.

Values

1 to 25

Platforms

All

keepalive

Syntax

keepalive seconds [hold-up-multiplier multiplier]

no keepalive

Context

[Tree] (config>subscr-mgmt>pppoe-client-policy keepalive)

Full Context

configure subscriber-mgmt pppoe-client-policy keepalive

Description

This command defines the keepalive interval and the number of times the keepalive can be missed before the session is declared down for this PPPoE client policy.

The no form of this command reverts to the default.

Default

keepalive 30 hold-up-multiplier 3

Parameters

seconds

Specifies the keepalive interval in seconds.

Values

10 to 300

multiplier

Specifies the number times keepalive can be missed.

Values

1 to 5

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds

no keepalive

Context

[Tree] (config>service>vprn>bgp keepalive)

[Tree] (config>service>vprn>bgp>group>neighbor keepalive)

[Tree] (config>service>vprn>bgp>group keepalive)

Full Context

configure service vprn bgp keepalive

configure service vprn bgp group neighbor keepalive

configure service vprn bgp group keepalive

Description

This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires. The seconds parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:

If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.

If the specified hold-time interval is less than the configured hold-time value, then the keepalive value is reset to one third of the specified hold-time interval.

If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

keepalive 30

Parameters

seconds

The keepalive timer in seconds, expressed as a decimal integer.

Values

0 to 21845

Platforms

All

keepalive

Syntax

keepalive timeout factor

no keepalive

Context

[Tree] (config>router>ldp>targ-session>peer-template keepalive)

[Tree] (config>router>ldp>if-params>ipv6 keepalive)

[Tree] (config>router>ldp>if-params>if>ipv6 keepalive)

[Tree] (config>router>ldp>targ-session>peer keepalive)

[Tree] (config>router>ldp>if-params>if>ipv4 keepalive)

[Tree] (config>router>ldp>if-params>ipv4 keepalive)

[Tree] (config>router>ldp>targ-session>ipv6 keepalive)

[Tree] (config>router>ldp>targ-session>ipv4 keepalive)

Full Context

configure router ldp targeted-session peer-template keepalive

configure router ldp interface-parameters ipv6 keepalive

configure router ldp interface-parameters interface ipv6 keepalive

configure router ldp targeted-session peer keepalive

configure router ldp interface-parameters interface ipv4 keepalive

configure router ldp interface-parameters ipv4 keepalive

configure router ldp targeted-session ipv6 keepalive

configure router ldp targeted-session ipv4 keepalive

Description

This command configures the time interval (in s), that LDP waits before tearing down the session. The factor parameter derives the keepalive interval.

The config>router>ldp>if-params>ipv6>keepalive and config>router>ldp>targ-session>ipv6>keepalive commands are not supported on the 7450 ESS.

If no LDP messages are exchanged for the configured time interval, the LDP session is torn down. Keepalive timeout is usually three times the keepalive interval. To maintain the session permanently, regardless of the activity, set the value to zero.

When LDP session is being set up, the keepalive timeout is negotiated to the lower of the two peers. Once an operational value is agreed upon, the keepalive factor is used to derive the value of the keepalive interval.

The no form of the command at the interface-parameters and targeted-session levels sets the keepalive timeout and the keepalive factor to the default value.

The no form of this command, at the interface level, sets the keepalive timeout and the keepalive factor to the value defined under the interface-parameters level.

The no form of this command, at the peer level, sets the keepalive timeout and the keepalive factor to the value defined under the targeted-session level.

The session must be flapped for the new settings to operate.

Default

Timeout Factor Defaults lists the default values.

Table 2. Timeout Factor Defaults

Context

Timeout

Factor

config>router>ldp>if-params

30

3

config>router>ldp>targ-session

40

4

config>router>ldp>if-params>if

Inherits values from interface-parameters context.

config>router>ldp>targ-session>peer

Inherits values from targeted-session context.

Parameters

timeout

Configures the time interval, in seconds, that LDP waits before tearing down the session.

Values

1 to 65535

factor

Specifies the number of keepalive messages, expressed as a decimal integer, that should be sent on an idle LDP session in the keepalive timeout interval.

Values

1 to 255

Platforms

All

keepalive

Syntax

[no] keepalive

Context

[Tree] (debug>router>ldp>peer>packet keepalive)

Full Context

debug router ldp peer packet keepalive

Description

This command enables debugging for LDP Keepalive packets.

The no form of the command disables the debugging output.

Platforms

All

keepalive

Syntax

keepalive seconds

no keepalive

Context

[Tree] (config>router>pcep>pce keepalive)

[Tree] (config>router>pcep>pcc keepalive)

Full Context

configure router pcep pce keepalive

configure router pcep pcc keepalive

Description

This command configures the PCEP session keep-alive value. A PCEP speaker (PCC or PCE) must send a keep-alive message if no other PCEP message is sent to the peer at the expiry of this timer. This timer is restarted every time a PCEP message or keep-alive message is sent.

The keep-alive mechanism is asymmetric, meaning that each peer can use a different keep-alive timer value at its end.

The no form of the command returns the keep-alive timer to the default value.

Default

keepalive 30

Parameters

seconds

the keep-alive value, in seconds

Values

1 to 255

Platforms

VSR-NRC

  • configure router pcep pce keepalive

All

  • configure router pcep pcc keepalive

keepalive

Syntax

keepalive deciseconds dropcount count

Context

[Tree] (config>isa>nat-group>inter-chassis-redundancy keepalive)

Full Context

configure isa nat-group inter-chassis-redundancy keepalive

Description

This command configures keepalives between the CPMs residing on different chassis. The keepalives are used to detect the presence of the peering node. If the redundant peer connectivity is lost beyond the limit defined by keepalives, then each node in the redundant pair transitions into a standalone mode. Keepalives use UDP transport.

Default

keepalive 30 dropcount 2

Parameters

deciseconds

Specifies the number of keepalives that are transported periodically at intervals defined by this parameter.

Values

2 to 250

count

Specifies the drop count. If the number of consecutive keepalives defined by this parameter is lost, then the peer is considered unreachable and the node transitions into a standalone mode of operation.

Values

2 to 20

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

keepalive

Syntax

keepalive seconds

no keepalive

Context

[Tree] (config>router>bgp keepalive)

[Tree] (config>router>bgp>group>neighbor keepalive)

[Tree] (config>router>bgp>group keepalive)

Full Context

configure router bgp keepalive

configure router bgp group neighbor keepalive

configure router bgp group keepalive

Description

This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires.

The keepalive parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The keepalive value is generally one-third of the hold-time interval. Even though the implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:

  • If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored and the keepalive is set to one third of the current hold-time value.

  • If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.

  • If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

keepalive 30

Parameters

seconds

Specifies the keepalive timer, in seconds, expressed as a decimal integer.

Values

0 to 21845

Platforms

All

keepalive

Syntax

keepalive [neighbor ip-addr | group name]

no keepalive

Context

[Tree] (debug>router>bgp keepalive)

Full Context

debug router bgp keepalive

Description

This command decodes and logs all sent and received keepalive messages in the debug log.

The no form of this command disables the debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

  • a.b.c.d (host bits must be 0)

ipv6-address:

  • x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

  • x:x:x:x:x:x:d.d.d.d [-interface]

  • x: [0 to FFFF]H

  • d: [0 to 255]D

  • interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

All

keepalive-override

keepalive-override

Syntax

keepalive-override keepalive-timer

no keepalive-override

Context

[Tree] (config>mcast-mgmt>mcast-info-policy>bundle keepalive-override)

[Tree] (config>mcast-mgmt>mcast-info-policy>bundle>channel>source-override keepalive-override)

[Tree] (config>mcast-mgmt>mcast-info-policy>bundle>channel keepalive-override)

Full Context

configure mcast-management mcast-info-policy bundle keepalive-override

configure mcast-management mcast-info-policy bundle channel source-override keepalive-override

configure mcast-management mcast-info-policy bundle channel keepalive-override

Description

This command configures the keepalive timer override. The PIM (S,G) Keepalive Timer (KAT) is used to maintain the (S,G) state when (S,G) join is not received. Expiry of the KAT causes the (S,G) entry to be removed.

The KAT override configuration is performed with a multicast information policy, which must be applied to the related PIM routing instance. When a KAT override is configured under a channel (a group or a group range), it applies to all (S,G) entries that fall under it, except when the source-override is configured and a KAT override is also configured under the source-override. In this scenario, the specific KAT override must be used for the (S,G) entries that fall under the source-override, while other (S,G) entries under the bundle use the KAT override configured under the channel.

Parameters

keepalive-timer

Specifies the keepalive timer override, in seconds.

Values

10 to 86000

kernel

kernel

Syntax

kernel password password

no kernel

Context

[Tree] (environment kernel)

Full Context

environment kernel

Description

This command enables and disables the kernel.

Parameters

password

Specifies the password to access the kernel, up to 256 characters.

Platforms

All

kex

kex

Syntax

kex index name kex-name

no kex index

Context

[Tree] (config>system>security>ssh>client-kex-list kex)

[Tree] (config>system>security>ssh>server-kex-list kex)

Full Context

configure system security ssh client-kex-list kex

configure system security ssh server-kex-list kex

Description

This command allows the user to configure phase 1 SSH v2 KEX algorithms for SR OS as an SSH server or an SSH client. By default, the client and server lists are empty. If the user configures this list, SSH uses the hard-coded list with the first-listed algorithm having the highest priority and so on. An empty server or client list is the default list and contains the following algorithms:

diffie-hellman-group16-sha512

diffie-hellman-group14-sha256

diffie-hellman-group14-sha1

diffie-hellman-group14-sha1

diffie-hellman-group1-sha1

The no form of this command removes the specified KEX index. If all KEX indexes are removed, the default list is used again.

Parameters

index

Specifies the index of the algorithm in the list. The lowest index in the list is negotiated first on the SSH negotiation list, while the highest index is at the bottom of the SSH negotiation list.

Values

1 to 255

kex-name

Specifies the KEX algorithm for computing the shared secret key.

Values

diffie-hellman-group16-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1

Platforms

All

key

key

Syntax

key key-file-name

Context

[Tree] (config>system>security>pki>cert-auto-upd>cert key)

Full Context

configure system security pki certificate-auto-update cert key

Description

This command configures the filename of the key corresponding to the certificate.

Parameters

key-file-name

Specifies the filename of the key.

Platforms

All

key

Syntax

key packet-type {accept | request} attribute-type attribute-type [vendor vendor-id]

no key

Context

[Tree] (config>router>radius-proxy>server>cache key)

[Tree] (config>service>vprn>radius-proxy>server>cache key)

Full Context

configure router radius-proxy server cache key

configure service vprn radius-proxy server cache key

Description

This command specifies the RADIUS cache key that is used to match the information in subsequent DHCP requests for authorization.

Parameters

packet-type

Specifies the packet type of the RADIUS messages to use to generate the key for the cache of this RADIUS proxy server.

Values

accept, request

attribute-type

Specifies the RADIUS attribute type to cache for this RADIUS proxy. server.

Values

1 to 255

vendor-id

Specifies the RADIUS vendor ID.

Values

1 to 16777215, nokia

Platforms

7450 ESS, 7750 SR, 7750 SR-a, 7750 SR-e, 7750 SR-s, VSR

key

Syntax

key key-filename

no key

Context

[Tree] (config>ipsec>cert-profile>entry key)

Full Context

configure ipsec cert-profile entry key

Description

This command specifies the filename of an imported key for the cert-profile entry.

The no form of this command removes the key filename from the entry configuration.

Default

no key

Parameters

key-filename

Specifies the filename of an imported key.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

key

Syntax

key password [hash | hash2 | custom] reference reference-number

no key reference reference-number

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2>key-list key)

Full Context

configure system security pki ca-profile cmpv2 key-list key

Description

This command specifies a pre-shared key used for CMPv2 initial registration. Multiples of key commands are allowed to be configured under this context.

The password and reference-number is distributed by the CA via out-of-band means.

The configured password is stored in configuration file in an encrypted form by using SR OS hash2 algorithm.

The no form of this command removes the parameters from the configuration.

Parameters

password

Specifies a printable ASCII string, up to 64 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

reference reference-number

Specifies a printable ASCII string, up to 64 characters in length.

Platforms

All

key

Syntax

key key-filename

no key

Context

[Tree] (config>system>security>tls>cert-profile>entry key)

Full Context

configure system security tls cert-profile entry key

Description

This command specifies the file name of an imported key for the cert-profile entry.

The no form of the command removes the key.

Default

no key

Parameters

key-filename

Specifies the file name of the key.

Platforms

All

key-generation

key-generation

Syntax

key-generation dsa size bits

key-generation ecdsa curve curve

key-generation rsa size bits

key-generation same-as-existing-key

Context

[Tree] (config>system>security>pki>cert-upd-prof key-generation)

Full Context

configure system security pki certificate-update-profile key-generation

Description

This command configures the key generation algorithm and behavior.

Default

key-generation same-as-existing-key

Parameters

bits

Specifies the size in bits..

Values

512 to 8192

Default

2048

curve

Specifies the elliptic curve for key generation.

Values

secp256r1, secp384r1, secp521r1

Default

secp256r1

same-as-existing-key

Specifies to use the same algorithm and key or size curve as the existing key.

Platforms

All

key-list

key-list

Syntax

key-list

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 key-list)

Full Context

configure system security pki ca-profile cmpv2 key-list

Description

This command enables the context to configure pre-shared key list parameters.

Platforms

All

key-re-exchange

key-re-exchange

Syntax

key-re-exchange

Context

[Tree] (config>system>security>ssh key-re-exchange)

Full Context

configure system security ssh key-re-exchange

Description

This command enables the key re-exchange context.

Platforms

All

key-rollover-interval

key-rollover-interval

Syntax

key-rollover-interval key-rollover-interval

Context

[Tree] (config>service>vprn>ospf3>area key-rollover-interval)

Full Context

configure service vprn ospf3 area key-rollover-interval

Description

This command configures the key rollover interval.

The no form of this command reverts to the default.

Default

key-rollover-interval 10

Parameters

key-rollover-interval

Specifies the time, in seconds, after which a key rollover will start.

Values

10 to 300

Platforms

All

key-rollover-interval

Syntax

key-rollover-interval seconds

Context

[Tree] (config>router>ospf3>area key-rollover-interval)

Full Context

configure router ospf3 area key-rollover-interval

Description

This command configures the key rollover interval.

Default

key-rollover-interval 10

Parameters

seconds

Specifies the time, in seconds, after which a key rollover will start.

Values

10 to 300

Platforms

All

key-update

key-update

Syntax

key-update ca ca-profile-name newkey key-filename oldkey key-filename oldcert cert-filename [hash-alg hash-algorithm] save-as save-path-of-result-cert

Context

[Tree] (admin>certificate>cmpv2 key-update)

Full Context

admin certificate cmpv2 key-update

Description

This command requests a new certificate from the CA to update an existing certificate due to reasons such as key refresh or replacing compromised key.

In some cases, the CA may not return certificate immediately, due to reasons such as request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command can be used to poll the status of the request.

Parameters

ca-profile-name

Specifies a ca-profile name which includes CMP server information, up to 32 characters.

newkey key-filename

Specifies the key file of the requesting certificate, up to 95 characters.

oldkey key-filename

Specifies the key to be replaced, up to 95 characters.

cert-filename

Specifies the file name of an imported certificate to be replaced, up to 95 characters.

hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

save-path-of-result-cert

Specifies the save full path name of saving the result certificate, up to 200 characters.

Platforms

All

key-value

key-value

Syntax

key-value public-key-value

no key-value

Context

[Tree] (config>system>security>user>public-keys>ecdsa>ecdsa-key key-value)

[Tree] (config>system>security>user>public-keys>rsa>rsa-key key-value)

Full Context

configure system security user public-keys ecdsa ecdsa-key key-value

configure system security user public-keys rsa rsa-key key-value

Description

This command configures a value for the RSA or ECDSA public key. The public key must be enclosed in quotation marks. For RSA, the key is between 768 and 4096 bits. For ECDSA, the key is between 1 and 1024 bits.

Default

no key-value

Parameters

public-key-value

Specifies the public key value, up to 800 characters for RSA and up to 255 characters for ECDSA.

Platforms

All

keychain

keychain

Syntax

[no] keychain keychain-name

Context

[Tree] (config>system>security keychain)

Full Context

configure system security keychain

Description

This command enables the context to configure keychain parameters. A keychain must be configured on the system before it can be applied to a session.

The no form of this command removes the keychain nodal context and everything under it from the configuration. If the keychain to be removed is in use when the no keychain command is entered, the command will not be accepted and an error indicating that the keychain is in use will be printed.

Parameters

keychain-name

Specifies a keychain name which identifies this particular keychain entry.

Values

An ASCII string up to 32 characters.

Platforms

All

keygroup-name

keygroup-name

Syntax

keygroup-name keygroup-name

no keygroup-name

Context

[Tree] (config>grp-encryp>encryp-keygrp keygroup-name)

Full Context

configure group-encryption encryption-keygroup keygroup-name

Description

This command is used to name the key group. The key group name can be used to reference a key group when configuring services or displaying information.

The no form of the command reverts to the default value.

Parameters

keygroup-name

The name of the key group, up to 64 characters.

Platforms

7450 ESS, 7750 SR, 7750 SR-e, 7750 SR-s, VSR

kill-session

kill-session

Syntax

[no] kill-session

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization kill-session)

Full Context

configure system security profile netconf base-op-authorization kill-session

Description

This command authorizes a user associated with the profile to send a NETCONF <kill-session> operation. This kill session operation allows a NETCONF client to kill another NETCONF session, but not the session in which the operation is requested.

The no form of the command denies the user from requesting a kill-session.

Default

no kill-session

Platforms

All