System Configure Mode Commands
This chapter provides a reference for system-level configure mode commands.
delay-profile interfaces
Use this command to go into the delay-profile mode to edit the parameters of the "interfaces" profile. In this mode, the user is able to edit the delay measurement profile parameters.
Command Syntax
delay-profile interfaces
Parameters
None
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 5.1.
Examples
#configure terminal
OcNOS(config)#delay-profile interfaces
OcNOS(config-dp-intf)#
delay-profile interfaces subcommands
The following commands are to edit the delay-profile parameters.
Command Syntax
mode <two-way>|<one-way>
burst-interval <1000-15000>
burst-count <1-30>
interval < 30-3600>
sender-port <VALUE>
advertisement periodic
advertisement periodic threshold <1-100>
advertisement periodic minimum-change <0-10000>
no advertisement periodic
advertisement accelerated
advertisement accelerated threshold <1-100>
advertisement accelerated minimum-change <0-10000>
no advertisement accelerated
Parameters
two-way
Sets the mode of the measurement. Only "two-way" is supported for now.
<1000-15000>
Set the burst interval in milliseconds. The default value is 3000 milliseconds and the range is 1000-15000 milliseconds
<1-30>
Set the number of packets to be sent at each burst interval. The default value is 10 and the range is 1-30
<30-3600>
Set the computation interval in seconds. The default computation interval is 30 seconds. The range is 30-3600 seconds. This will be used also as the periodic advertisement interval.
<1-100>
Set the advertisement threshold percentage in the range of 1-100 (for periodic, default=10% and for accelerated, default=20%)
<1025-65535>
Set the TWAMP sender port value in the range 1025-65535. If not specified, the default value is 862.
<0-10000>
Set the advertisement minimum change in microseconds in the range 0-10000 (for periodic, default=1000 and for accelerated, default=2000)
Command Mode
delay-profile interfaces mode
Applicability
This command was introduced in OcNOS version 5.1.
Examples
#configure terminal
OcNOS(config)#delay-profile interfaces
OcNOS(config-dp-intf)#mode two-way
OcNOS(config-dp-intf)#burst-count 30
OcNOS(config-dp-intf)#burst-interval 3000
OcNOS(config-dp-intf)#interval 30
OcNOS(config-dp-int)#sender-port 862
OcNOS(config-dp-intf)#advertisement periodic threshold 10
OcNOS(config-dp-intf)#advertisement periodic minimum-change 1000
OcNOS(config-dp-intf)#advertisement accelerated
OcNOS(config-dp-intf)#advertisement accelerated threshold 20
OcNOS(config-dp-intf)#advertisement accelerated minimum-change 2000
OcNOS(config-dp-intf)#no advertisement periodic
OcNOS(config-dp-intf)#commit
OcNOS(config-dp-intf)#exit
OcNOS(config)#
forwarding custom-profile
Use this command to configure forwarding table sizes.
Note: You must reboot after any profile change, except a change to the default profile. The configuration is applied only after a reboot.
Use show-running configuration or
show forwarding profile limit to verify the selected profile.
Use the forwarding custom-profile default command (with no parameters) to set the forwarding table size to its default.
Command Syntax
Tomahawk platform:
forwarding custom-profile {l2-banks <1-4>|l3-banks <1-4>|lpm-banks 2}
Helix4 platform:
forwarding custom-profile {l2-banks <1-24>|l3-banks <1-23>|vlan-xlate-banks <1-23>|ep-vlan-xlate-banks <1-23>}
Tomahawk and Helix4 platforms:
forwarding custom-profile default
Parameters
l2-banks
L2 banks. Unspecified banks are used as L2 banks.
<1-4>
Number of L2 banks. Each bank size is 32k entries and each entry is 105 bits.
<1-24>
Number of L2 banks. Each bank size is 1k entries and each entry is 420 bits.
l3-banks
L3 banks. Unspecified banks are used as L2 banks.
<1-4>
Number of L3 banks. Each bank size is 32k entries and each entry is 105 bits.
<1-23>
Number of L3 banks. Each bank size is 1k entries and each entry is 420 bits.
lpm-banks
Longest-prefix match banks. Unspecified banks are used as L2 banks.
2
Two LPM banks per entry. The remaining banks can be used by any.
vlan-xlate-banks
VLAN translate banks. Unspecified banks are used as L2 banks.
<1-23>
Number of VLAN translate banks. Each bank size is 1k entries and each entry is 420 bits.
ep-vlan-xlate-banks
Egress VLAN translate banks. Unspecified banks are used as L2 banks.
<1-23>
Number of EP VLAN translate banks. Each bank size is 1k entries and each entry is 420 bits.
default
Use L2 profile Three; the size of the l2 table (MAC address table) and L3 table (host table) is almost equal.
Default
By default, the forwarding table size is L2 profile three: the sizes of the L2 table (MAC address table) and L3 table (host table) are almost equal.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
This command only applies to Tomahawk and Helix4 platforms.
Examples
#configure terminal
(config)#forwarding custom-profile l3-banks 4
forwarding profile
Use this command to configure different forwarding profiles in hardware.
Note: To apply profile configuration changes in the hardware, you must save the configuration and reboot, except when modifying the default profile. .
Note: The use of k for “kilo” (as in 1k) does not represent 1,000. Instead, in all cases, k corresponds to the binary value: 1,024.
Use show-running configuration or
show forwarding profile limit to verify the selected profile.
Use this no command to set the forwarding table size to the default.
Command Syntax
forwarding profile (l2-profile-one | l2-profile-two | l2-profile-three | l3-profile | l3-128bit-profile | lpm-profile | lpm-128bit-profile)
no forwarding profile
Parameters
For details about these profiles, see
show forwarding profile limit.
l2-profile-one
L2 profile One
l2-profile-two
L2 profile Two
l2-profile-three
L2 profile Three (default); the sizes of the L2 table (MAC address table) and L3 table (host table) are almost equal
l3-profile
L3 profile
l3-128bit-profile
L3 profile with IPv6 prefix >64 support
lpm-profile
Longest-prefix match profile
lpm-128bit-profile
LPM profile with IPv6 prefix >64 support
Default
The default forwarding table size is l2-profile-three.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#forwarding profile l2-profile-one
hardware-profile filter (XGS)
Use this command to enable or disable ingress IPv4 or IPv6 and egress IPv6 filter groups. Disabling filter groups increases the configurable filter entries.
Use the no command to remove explicit enable/disable config for the filter group and switch to default behavior for that filter group.
Command Syntax
hardware-profile filter port-isolation (ingress-mirror|ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
no hardware-profile filter (ingress-ipv4|ingress-ipv6|egress-ipv6|bfd-group)
Note: 'no' command is provided only for ingress-ipv4, ingress-ipv6 and egress-ipv6. By default, group is enabled. To increase scalability for other groups, disable the group.
During multiple add/delete entry operation execution in TCAM, entry movement is possible which may lead to delay in completion of operation in hardware resulting into higher cpu utilization.
bfd-group filter is applicable only for Trident-3 devices. Only after enabling the bfd-group filter bfd sessions will be up in Trident-3.
Trident4 devices share hardware resources between some ingress and egress profiles. For instance, ingress-ipv4 and ingress-ipv6 will share physical resources, and egress-ipv6 will share resources with the egress l2/ipv4/QoS profile enabled by default. Consequently, resource usage is counted equally for all shared profiles whenever one of the profiles uses more entries. Shared profiles are marked with the (*) in the output of the `show hardware-profile filters` command.
Parameter
ingress-mirror
Ingress TCAM group for Port-mirroring
ingress-ipv4
IPv4 filter ingress group.
ingress-ipv6
IPv6 filter ingress group.
egress-ipv6
IPv6 filter egress group.
enable
Enable filter group.
disable
Disable filter group.
ingress-arp
ARP filter ingress group
bfd-group
BFD filter group
port-isolation
The filter must be enabled before configuring port isolation. Since default filter groups are full, some unused filter needs be disabled in order to enable port-isolation filter.
no
Reset the group to as it was during init
Default
By default, all filter groups are enabled except the ingress-arp, bfd-group, port-isolation filter group.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
The no command is introduced in OcNOS version 4.2.
The ingress-mirror option was introduced in OcNOS Version 6.4.1 release.
Examples
#configure terminal
(config)#hardware-profile filter ingress-ipv4 disable
(config)#hardware-profile filter ingress-ipv4 enable
(config)#no hardware-profile filter ingress-ipv4
(config)#hardware-profile filter ingress-ipv6 disable
(config)#hardware-profile filter port-isolation enable
(config)# hardware-profile filter ingress-mirror enable
The following command sets the BFD echo with no values.
#configure terminal
(config)# hardware-profile filter bfd-group enable
#configure terminal
(config)# hardware-profile filter bfd-group disable
load-balance enable
Use this command to enable load-balancing configurations in hardware.
Use the no option to reset the load balancing to default settings.
Note: When the command "load-balance enable" is issued, the default load-balance settings are unset. User then has to configure the new load-balancing parameters.
Command Syntax
This form unsets load balancing globally:
load-balance enable
This form resets load balancing globally to default settings:
no load-balance enable
By default, load balancing is enabled for ECMP and LAG.
This form sets hashing based on IPv4 fields:
load-balance (ipv4 {src-ipv4 | dest-ipv4 | srcl4-port | destl4-port | protocol-id})
no load-balance (ipv4 {src-ipv4 | dest-ipv4 | srcl4-port | destl4-port | protocol-id})
This form sets hashing based on IPv6 fields:
load-balance (ipv6 {src-ipv6 | dest-ipv6 | srcl4-port | destl4-port | protocol-id | next-hdr})
no load-balance (ipv6 {src-ipv6 | dest-ipv6 | srcl4-port | destl4-port | protocol-id | next-hdr})
This form sets hashing based on L2 fields:
load-balance (l2 {dest-mac|src-mac|ether-type|vlan})
no load-balance (l2 {dest-mac|src-mac|ether-type|vlan})
Following additional parameters are supported on Dune DNX boards:
load-balance inner-ipv4 ({non-symmetric| protocol-id| src-dest-ipv4})
no load-balance inner-ipv4 ({non-symmetric| protocol-id| src-dest-ipv4})
load-balance inner-l2 ({ether-type| non-symmetric| src-dest-mac| vlan})
no load-balance inner-l2 ({ether-type| non-symmetric| src-dest-mac| vlan})
load-balance src-dest-l4port (non-symmetric)
no load-balance src-dest-l4port
Note: The configured load balancing parameters are global and will be applicable to all LAG & ECMP created in the hardware.
Parameters
ipv4
Load balance IPv4 packets
src-ipv4
Source IPv4 based load balancing
dest-ipv4
Destination IPv4 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
protocol-id
Protocol ID based load balancing
ipv6
Load balance IPv6 packets
src-ipv6
Source IPV6 based load balancing
dest-ipv6
Destination IPv6 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
l2
Load balance L2 packets
src-dest-mac
Source Destination based load balancing
non-symmetric
Non symmetrical based load balancing
ether-type
Ether-type based load balancing
Vlan
VLAN-based load balancing
labels
label stack based load balancing
inner-ipv4
Load balancing on IPv4 packet
inner-l2
Load balancing on L2 packet
src-dest-l4port
Source Destination l4port based load balancing
non-symmetric
Non symmetric based load balancing
protocol-id
Protocol Id based load balancing
src-dest-ipv4
Source Destination IPV4 based load balancing
ether-type
Ether-type based load balancing
src-dest-mac
Source Destination based load balancing
next-hdr
Next Header Field for IPV6
src-dest-ipv6
Source Destination IPV6 based load balancing
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 3.0.
Examples
(config)#load-balance enable
(config)#load-balance ipv4 src-ipv4
load-balance rtag7
Use this command to configure rtag7 load balancing.
Use the no option to disable the rtag7 load balancing.
Note: Configuring the load-balance rtag7 removes the default load-balance settings. Hence, reconfigure the load-balance parameters again.
Command Syntax
This form enables or disables rtag7 load balancing globally:
load-balance rtag7
no load-balance rtag7
By default, load balancing is enabled for ECMP, and LAG.
This form sets rtag7 hashing for ECMP and L3 LAG based on IPv4 fields:
load-balance rtag7 (ipv4 {src-ipv4|dest-ipv4|srcl4-port|destl4-port|protocol-id})
no load-balance rtag7 (ipv4 {src-ipv4|dest-ipv4|srcl4-port|destl4-port|protocol- id})
By default, IPv4 ECMP is configured with the fields src-ipv4, dest-ipv4, srcl4-port, and dest-l4port.
By default, L3 LAG is configured with the fields src-ipv4 and dest-ipv4.
This form sets rtag7 hashing for ECMP based on IPv6 fields:
load-balance rtag7 (ipv6 {src-ipv6|dest-ipv6|srcl4-port|destl4-port|next-hdr})
no load-balance rtag7 (ipv6 {src-ipv6|dest-ipv6|srcl4-port|destl4-port|next-hdr})
By default, IPv6 ECMP is configured with the fields src-ipv6, dest-ipv6, srcl4-port, and dest-l4port.
This form sets rtag7 hashing for L2 LAG based on L2 fields:
load-balance rtag7 (l2 {dest-mac|src-mac|ether-type|vlan})
no load-balance rtag7 (l2 {dest-mac|src-mac|ether-type|vlan})
Please note the following:
• For ingress LER nodes, hashing is done on L2 fields, L3 fields (outer IPx), or inner IP fields (only for IPx-over-IPx or IPx-over-GRE-IPx).
This form sets rtag7 hashing based on the outer IP address:
load-balance rtag7 (tunnel outer-l3-header)
no load-balance rtag7 (tunnel outer-l3-header)
Parameters
ipv4
Load balance IPv4 packets
src-ipv4
Source IPv4 based load balancing
dest-ipv4
Destination IPv4 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
protocol-id
Protocol ID based load balancing
ipv6
Load balance IPv6 packets
src-ipv6
Source IPV6 based load balancing
dest-ipv6
Destination IPv6 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
next-hdr
Next header field for IPv6
l2
Load balance L2 packets
dest-mac
Destination MAC address based load balancing
src-mac
Source MAC address based load balancing
ether-type
Ether-type based load balancing
vlan
VLAN-based load balancing
tunnel
Load balance tunneled packets based on outer header (default uses the inner-header)
outer-l3-header
Use outer header for hashing (ip-over-ip, ipv6-over-ip, ip-over-gre-ip, ipv6-over-gre-ip, ipv6-over-ipv6, ip-over-ipv6, ip-over-gre-ipv6, ipv6-over-gre-ipv6)
inner-l2
Load balance Inner l2 header
dest-mac
Destination MAC address load balancing
src-mac
Source MAC address
ether-type
Ether-type based load balancing
vlan
VLAN tag id
inner-l3
Inner l3 header
dest-ip
Destination IP address
src-ip
Source IP address
srcl4-port
Source L4 port based load balancing
protocol ID
Protocol (IPv4), nxt-hdr (IPv6)
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#load-balance rtag7
(config)#load-balance rtag7 ipv4 src-ipv4
load-balance rtag7 hash
Use this command to set the rtag7 hash computation method.
Use the no parameter to set the rtag7 hash computation method to its default.
Command Syntax
load-balance rtag7 hash (crc16-bisync|crc16-ccitt|crc32-lo|crc32-hi)
no load-balance rtag7 hash
Parameters
crc16-bisync
16-bit CRC16 using the binary synchronous polynomial.
crc16-ccitt
16-bit CRC16 using the CCITT polynomial.
crc16-hi
16 most significant bits of computed CRC32.
crc16-lo
16 least significant bits of computed CRC32
Default
The default rtag7 hash computation method is 16-bit CRC16 using the binary synchronous polynomial (crc16-bisync).
Command Mode
Configure mode
Default settings
load-balance rtag7 hash crc16-bisync
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)#load-balance rtag7
(config)#load-balance rtag7 hash crc16-ccit
(config)#show running-config | inc rtag7
!
load-balance rtag7
load-balance rtag7 hash crc16-ccitt
!
(config)#no load-balance rtag7 hash
(config)#
load-balance rtag7 macro-flow
Use this command to enable rtag7 macro-flow based hashing.
When macro-flow is enabled, a hash function is chosen dynamically based on corresponding macro flow. It is useful when hash polarization is observed in the topology.
Note: In case of topology having multiple level of split paths, macro-flow improves the distribution but can still have variation in traffic distribution. It is observed that when 2 level of hashing is present in topology (LAG after ECMP split traffic to half), 6% of variation was observed.
Use the no parameter to disable rtag7 macro-flow based hashing.
Command Syntax
load-balance rtag7 macro-flow
no load-balance rtag7 macro-flow
Parameters
None
Default
By default, rtag7 macro-flow based hashing is disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)#load-balance rtag7
(config)#load-balance rtag7 macro-flow
(config)#show running-config | inc rtag7
!
load-balance rtag7
load-balance rtag7 macro-flow
!
(config)#no load-balance rtag7 macro-flow
show forwarding profile limit
Use this command to show all the forwarding table sizes.
Note: The use of k for “kilo” (as in 1k) does not equal 1,000. In all cases, k equals 2 ^10: 1,024.
Command Syntax
show forwarding profile limit
Parameters
None
Default
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show forwarding profile limit
Configured profile : custom-profile
Forwarding profile : custom-profile(Active in hardware)
------------------------------------------------------------------------
| Forwarding Profile Table Size |
|------------------------------------------------------------------------|
|Profile Name |MAC |Host-Table |Prefix- |Vlan- |Egress- |
| |ADDR |Table(UC) |Table(UC) |xlate- |Vlan-xlate |
| |Table |IPV4 |IPv6 |IPV4 |IPV6 |Table |Table |
------------------------------------------------------------------------
l2-profile-one 96k 0k 0k 8k 4k 0k 0k
l2-profile-two 64k 8k 4k 8k 4k 8k 8k
l2-profile-three 32k 16k 8k 8k 4k 16k 16k
l3-profile 4k 92k 46k 8k 4k 0k 0k
custom-profile 576k 60k 30k 8k 4k 0k 0k#
Table P‑8-34 explains the show command output fields.
Table 8-34: show forwarding profile limit output
Field | Description |
---|
Profile Name | Names of the forwarding profiles |
MAC ADDR Table | MAC address table sizes |
Host-Table (UC) IPv4 | IPv4 unicast host table sizes |
Host-Table (UC) IPv6 | IPv6 unicast host table sizes |
Prefix-Table (UC) IPv4 | IPv4 unicast prefix table sizes |
Prefix-Table (UC) IPv6 | IPv6 unicast prefix table sizes |
Vlan-xlate-Table | Number of VLAN translate banks |
Egress-Vlan-xlate-Table | Number of egress VLAN translate banks |
show hardware-profile filters
Use this command to check the status of hardware filter groups. Status is not shown for filter groups which are disabled.
Command Syntax
show hardware-profile filters
Parameters
None
Default
None
Command Mode
Exec and privileged exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show hardware-profile filters
INGRESS:
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
QOS 244 5 12 256 256 0
L2-ACL 253 1 3 256 256 0
IPV4-ACL 256 0 0 256 256 0
ARP-ACL 242 5 14 256 256 0
EGRESS:
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
L2-ACL/IPV4-ACL/QOS 512 0 0 512 256 256
Table P‑8-35 explains the output fields.
Table 8-35: show hardware-profile filters
Field | Description |
---|
EGRESS | Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet certain security requirements. |
INGRESS | Ingress filtering is a method used to prevent suspicious traffic from entering a network. |
TCAMS | Number of ternary content addressable memory (TCAM) entries a particular firewall filter. |
Free Entries | Number of TCAM filter entries available for use by the filter group. |
Used Entries | Number of TCAM filter entries used by the filter group. |
Total Entries | Number of TCAM total filter entries to the filter group. |
Dedicated Entries | Number of TCAM filter entries dedicated to the filter group. |
Shared Entries | Number of TCAM filter entries shared to the filter group. |