System Configure Mode Commands
This chapter provides a reference for the system configure mode commands.
delay-profile interfaces
Use this command to go into the delay-profile mode to edit the parameters of the "interfaces" profile. In this mode, the user is able to edit the delay measurement profile parameters.
Command Syntax
delay-profile interfaces
Parameters
None
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 5.1.
Examples
#configure terminal
(config)#delay-profile interfaces
(config-dp-intf)#
delay-profile interfaces subcommands
The following commands are to edit the delay-profile parameters.
Command Syntax
mode <two-way>
burst-interval <1000-15000>
burst-count <1-5>
interval < 30-3600>
sender-port <VALUE>
advertisement periodic
advertisement periodic threshold <1-100>
advertisement periodic minimum-change <0-10000>
no advertisement periodic
advertisement accelerated
advertisement accelerated threshold <1-100>
advertisement accelerated minimum-change <0-10000>
no advertisement accelerated
Parameters
two-way
Sets the mode of the measurement. Only "two-way" is supported for now.
<1000-15000>
Set the burst interval in milliseconds. The default value is 3000 milliseconds and the range is 1000-15000 milliseconds
<1-5>
Set the number of packets to be sent at each burst interval. The default value is 1 and the range is 1-5
<30-3600>
Set the computation interval in seconds. The default computation interval is 30 seconds. The range is 30-3600 seconds. This will be used also as the periodic advertisement interval.
<1-100>
Set the advertisement threshold percentage in the range of 1-100 (for periodic, default=10% and for accelerated, default=20%)
<1025-65535>
Set the TWAMP sender port value in the range 1025-65535. If not specified, the default value is 862.
<0-10000>
Set the advertisement minimum change in microseconds in the range 0-10000 (for periodic, default=1000 and for accelerated, default=2000)
Command Mode
delay-profile interfaces mode
Applicability
This command was introduced in OcNOS version 5.1.
Examples
#configure terminal
(config)#delay-profile interfaces
(config-dp-intf)#mode two-way
(config-dp-intf)#burst-count 5
(config-dp-intf)#burst-interval 3000
(config-dp-intf)#interval 30
(config-dp-int)#sender-port 862
(config-dp-intf)#advertisement periodic threshold 10
(config-dp-intf)#advertisement periodic minimum-change 1000
(config-dp-intf)#advertisement accelerated
(config-dp-intf)#advertisement accelerated threshold 20
(config-dp-intf)#advertisement accelerated minimum-change 2000
(config-dp-intf)#no advertisement periodic
(config-dp-intf)#commit
(config-dp-intf)#exit
(config)#
evpn mpls irb
Use this command to enable EVPN MPLS IRB (Integrated Routing & Bridging) feature.
Command Syntax
evpn mpls irb
Parameters
None
Default
Disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 6.0.0
Examples
(config)#evpn mpls irb
The following table list the qualifiers for TCAM group.
Table 34-98: TCAM Group
Group | Qualifiers |
evpn-irb | L4 Ports Destination Port Source IP Destination IP Source/Destination MAC1/MAC2 Ethertype |
forwarding profile
Use this command to configure different forwarding profiles in hardware.
Use the no form of this command to set the forwarding profile to default.
Note: It is required to save the configuration and reboot the board for the new forwarding profile to come into effect in the hardware.
Use
show forwarding profile limit to verify the configured profile.
Command Syntax
forwarding profile (kaps (profile-one | profile-two)) | (elk-tcam (profile-one | profile-two | profile-three | custom-profile))
no forwarding profile (kaps) | (elk-tcam (custom-profile))
Parameters
For details about these profiles, see
show forwarding profile limit.
kaps
Internal KBP routing table
profile-one
KAPS profile one
profile-two
KAPS profile two
elk-tcam
External TCAM routing table
profile-one
external TCAM profile one
profile-two
external TCAM profile two
profile-three
external TCAM profile three
custom-profile
external TCAM custom profile
< 10-90>
percent of ipv4 routes
< 10-90>
percent of ipv6 routes
Default
The default forwarding profile are as below
Table 34-99:
Is ELK-TCAM present | KAPS | ELK-TCAM |
|---|
Yes | profile-two | profile-one |
No | profile-one | N/A |
Note:
1. elk-tcam profiles are supported only on hardware models which have external TCAM for routing.
2. forwarding profile-three is applicable on hardware model Agema AGC7648A.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version SP 1.0. The no version of the command was introduced in OcNOS version 5.0.
Examples
#configure terminal
(config)# forwarding profile elk-tcam profile-one
(config)# no forwarding profile elk-tcam
hardware-profile filter
Use this command to enable or disable ingress IPv4 or IPv6, egress IPv6 filter groups, EVPN-MPLS, VxLAN filter and TWAMP IPv4 or IPv6 groups. Disabling filter groups increases the configurable filter entries.
Disabling a TCAM filter group is not allowed if the group has any entries configured in hardware. Group dependent entries must be explicitly removed before disabling the TCAM group.
Note: This feature is supported for IPv4 unicast and IPv4 BGP/MPLS VPN service based on RFC 8955.
The qos, qos-ext, and qos-policer filter groups can only be used for Layer 2 and IPv4 traffic. For IPv6 traffic QoS classification and actions, you must enable the ingress-ipv6-qos group and create an IPv6 ACL which can be matched in a class-map for applying QoS actions. For more, see the Quality of Service Guide.
Usually the number of extended ingress filter groups that can be created at the same time is 3. If the PIM bidirectional feature is enabled, only 2 ingress extended filter groups can be created.
The ipv4-ext and qos-policer grp parameters are not supported together.
For better utilization of TCAM resources, it is recommended to enable the large groups first and then smaller groups. For example, Using admin credentials, configure evpn-mpls-mh as last filter as it is the smallest group.
Example 1:
(config)#hardware-profile filter ingress-ipv4-ext enable
(config)#hardware-profile filter ingress-ipv6 enable
(config)#hardware-profile filter qos-ext enable
(config)#hardware-profile filter ingress-l2 enable
(config)#hardware-profile filter evpn-mpls-mh enable
Example 2:
(config)#hardware-profile filter ingress-ipv4-qos enable
(config)#hardware-profile filter ipv4-bgp-flowspec enable
(config)#hardware-profile filter ingress-l2 enable
(config)#hardware-profile filter vxlan enable
(config)#hardware-profile filter vxlan-mh enable
Example 3:
(config)#hardware-profile filter qos-ext enable
(config)#hardware-profile filter egress-ipv4 enable
(config)#hardware-profile filter ipv4-bgp-flowspec enable
(config)#hardware-profile filter ingress-ipv4 enable
Command Syntax
hardware-profile filter (ingress-l2|ingress-l2-ext|ingress-ipv4|ingress-ipv4-ext|ingress-ipv4-qos|ingress-ipv6|ingress-ipv6-ext|ingress-ipv6-ext-vlan|ingress-ipv6-qos|qos-ipv6|ingress-arp|qos|qos-ext|qos-policer|egress-l2|egress-ipv4|evpn-mpls-cw|evpn-mpls-mh|vxlan|vxlan-mh|cfm-domain-name-str|twamp-ipv4|twamp-ipv6|ipv4-bgp-flowspec|) (enable|disable)
Parameter
ingress-l2
Ingress L2 ACL filter group.
ingress-l2-ext
Ingress L2 ACL, QoS, mirror filter group.
ingress-ipv4
Ingress IP ACL filter group.
ingress-ipv4-ext
Ingress IP ACL, mirror, PBR filter group.
ingress-ipv4-qos
Ingress IPv4 group for ACL match QoS.
ingress-ipv6
Ingress IPv6 ACL, mirror, PBR filter group.
ingress-ipv6-ext
Ingress IPv6 group to support 128-bit address qualification support on physical interface.
ingress-ipv6-ext-vlan
Ingress IPv6 group to support 128-bit address qualification support on vlan interface and subinterface.
ingress-ipv6-qos
Ingress IPv6 group for ACL match QoS.
qos-ipv6
Ingress QOS IPv6 group for IPv6 QoS support with statistics.
ingress-arp
Ingress ARP group.
qos
Ingress QoS filter group.
qos-ext
Ingress QoS extended filter group.
qos-policer
Ingress extended QoS group for hierarchical policer support.
egress-l2
Egress L2 ACL filter group.
egress-ipv4
Egress IP ACL filter group.
evpn-mpls-mh
Ingress EVPN MPLS Multi-Homing Forwarding Group
vxlan
Ingress VxLAN Forwarding group
vxlan-mh
Ingress VxLAN Multi-Homing Forwarding Group.
cfm-domain-name-str
Egress CFM domain group.
twamp-ipv4
TWAMP IPv4 filter group.
twamp-ipv6
TWAMP IPv6 filter group.
ipv4-bgp-flowspec
IPv4 BGP FlowSpec filter group.
enable
Enable filter group.
disable
Disable filter group.
no
Reset the group to as it was during init
Default
By default, all filter groups are disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3 and changed in OcNOS version 3.0.
Examples
#configure terminal
(config)#hardware-profile filter ingress-ipv4 enable
(config)#hardware-profile filter ingress-ipv4 disable
(config)#hardware-profile filter egress-ipv4 enable
(config)#hardware-profile filter egress-ipv4 disable
Table 34-100: Supported groups and the feature dependency on the groups
Group | Key Size | Security | QoS | PBR | Mirror | Statistics |
|---|
| | | | | | QMX | QAX | QUX |
|---|
ingress-l2 | 160 | Yes | No | N/A | No | Yes | Yes | Yes |
ingress-l2-ext | 320 | Yes | No | N/A | Yes | Yes | Yes | Yes |
ingress-ipv4 | 160 | Yes | No | No | No | Yes | Yes | Yes |
ingress-ipv4-ext | 320 | Yes | No | Yes | Yes | Yes | Yes | Yes |
ingress-ipv4-qos | 320 | N/A | Yes | N/A | N/A | Yes | Yes | Yes |
ingress-ipv6 | 320 | Yes | No | Yes | Yes | Yes | Yes | Yes |
Ingress-ipv6-ext | 320 | N/A | Yes | No | Yes | Yes | Yes | Yes |
Ingress-ipv6-ext-vlan | 320 | N/A | Yes | No | Yes | Yes | Yes | Yes |
ingress-ipv6-qos | 320 | N/A | Yes | N/A | N/A | Yes | Yes | Yes |
qos-ipv6 | 320 | N/A | Yes | N/A | N/A | Yes | Yes | Yes |
qos | 160 | N/A | Yes | N/A | N/A | No | No | No |
qos-ext | 320 | N/A | Yes | N/A | N/A | Yes | Yes | Yes |
qos-policer | 320 | N/A | Yes | N/A | N/A | Yes | Yes | Yes |
egress-l2 | 320 | Yes | N/A | N/A | N/A | Yes | Yes | Yes |
egress-ipv4 | 320 | Yes | N/A | N/A | N/A | Yes | Yes | Yes |
evpn-mpls-mh | 160 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
vxlan | 160 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
vxlan-mh | 160 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
cfm-domain-name-str | 160 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
twamp-ipv4 | 320 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
twamp-ipv6 | 320 | N/A | N/A | N/A | N/A | Yes | Yes | Yes |
Ipv4-bgp-flowspec | 320 | N/A | N/A | N/A | N/A | No | No | No |
Table 34-101: Comparison between basic and extended group qualifiers
Basic Group | Qualifiers | Extended Group | Supported qualifiers |
|---|
ingress-l2 | Source MAC Destination MAC Ether Type (ip, ipv6, mpls, arp, cfm, fcoe) VLAN ID Inner VLAN ID | ingress-l2-ext | Source MAC Destination MAC Ether Type VLAN ID Inner VLAN ID COS |
ingress-ipv4 | Source IP Destination IP IP Protocols L4 Ports | ingress-ipv4-ext | Source IP Destination IP IP Protocols L4 Ports DSCP VLAN ID Inner VLAN ID TCP flags |
qos | VLAN ID COS Inner VLAN ID Inner COS Ether Type DSCP Topmost EXP | qos-ext | VLAN ID COS Inner VLAN ID Inner COS Ether Type DSCP Topmost EXP IP RTP L4 Ports Destination MAC Traffic type |
Table 34-102: Qualifiers for other groups
Group | Qualifiers |
|---|
ingress-ipv6 | Source IPv6 (n/w part) Destination IPv6 (n/w part) IPv6 Protocols L4 Ports |
ingress-ipv6-ext | src ipv6 address full 128 bits dest ipv6 address full 128 bits L4ports Ipv6 protocols Physical interface |
ingress-ipv6-ext-vlan | src ipv6 address full 128 bits dest ipv6 address full 128 bits L4ports Ipv6 protocols vlan interface subinterface |
egress-l2 | Source MAC Destination MAC VLAN ID Inner VLAN ID COS |
egress-ipv4 | Source IP Destination IP IP Protocols L4 Ports DSCP VLAN ID Inner VLAN ID |
evpn-mpls-mh | USER_DEFINED_IP MPLS LABEL |
vxlan | |
vxlan-mh | Source IP
Destination IP |
qos-policer | VLAN ID COS Inner VLAN ID Inner COS Ether Type DSCP Topmost EXP IP RTP L4 Ports |
ingress-ipv4-qos | Source IP Destination IP IP Protocols L4 Ports DSCP VLAN ID Inner VLAN ID TCP flags |
ingress-ipv6-qos | Source IPv6 (n/w part) Destination IPv6 (n/w part) IPv6 Protocols L4 Ports |
qos-ipv6 | Source IPv6 (n/w part) Destination IPv6 (n/w part) IPv6 Protocols L4 Ports VLAN ID COS Inner VLAN ID Inner COS Ether Type DSCP |
cfm-domain-name-str | MA ID |
twamp-ipv4 | IPv4 Source IP IPv4 Destination IP UDP Source port UDP Destination port IPv4 Type of Service |
twamp-ipv6 | UDP Source port UDP Destination port IPv6 Source IP IPv6 Destination IP IPv6 Traffic Class |
Ipv4-bgp-flowspec | VRF ID Destination IP Source IP IP Protocols L4 Ports ICMP Type/Code TCP Flags PacketSize DSCP IP Fragmentation Note: The following traffic filter types of the components range value can be specified only with non-range value. • Type 3: IP Protocol • Type 7: ICMP type • Type 8: ICMP code • Type 10: Packet length • Type 11: DSCP (Diffserv Code Point) |
hardware-profile flowcontrol
Use this command to globally enable or disable hardware-based flow control.
Syntax
hardware-profile flowcontrol (disable|enable)
Parameters
disable
Disable flow control globally
enable
Enable flow control globally
Default
By default flow control is disabled.
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 3.0.
Examples
#configure terminal
(config)#hardware-profile flowcontrol enable
hardware-profile service-queue
Use this command to set the number of service-queue counts to create in hardware.
Use the no form of this command to set the service queue profile to default
Note: Reboot the switch after giving this command for the changes to take effect.
Command Syntax
hardware-profile service-queue (profile1| profile2)
no hardware-profile service-queue
Parameter
profile1
Supports new 4 queue-bundle per service (default)
profile2
Supports new 8 queue-bundle per service
Default
By default, profile1 is enabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
This command is only available on Qumran platforms.
Examples
#configure terminal
(config)#hardware-profile service-queue profile2
(config)#no hardware-profile service-queue
hardware-profile statistics
Use this command to enable or disable filter statistics in hardware.
Note: In Q1, you must reboot the switch after giving this command for the changes to take effect. For Q2, Statistic profiles are updated dynamically.
Note: If both ACL and QOS statistics are required on the same interface, then both ingress-acl and ingress-qos profiles must be enabled and this will limit other profiles from being enabled. More details on restrictions explained below.
Note: When any two or all of MAC ACL or IP ACL or QoS service-policy are configured on the same interface or in its dependent interface, their entries will use statistics entries from ingress-acl statistics profile, and as a result the statistics is updated on only one entry based on the hardware-profile filter created later.
Note: Cfm-slm statistics is supported only on Q2 devices.
Command Syntax
hardware-profile statistics (ac-lif|cfm-ccm|cfm-lm |cfm-slm|ingress-acl|ingress-qos|egress-acl|mpls-pwe|tunnel-lif|voq-full-color|voq-fwd-drop) (enable|disable)
Parameter
ac-lif
VXLAN access ports statistics
cfm-ccm
Cfm ccm counter statistics
cfm-lm
Cfm Loss Measurements statistics
cfm-slm
Cfm Synthetic Loss Measurements statistics
tunnel-lif
VXLAN tunnels statistics
ingress-acl
Ingress ACL, QoS, and PBR statistics
ingress-qos
Ingress QoS statistics (explicit)
egress-acl
Egress ACL statistics
mpls-pwe
Pseudowire logical interfaces statistics
voq-full-color
Statistics for all VOQ counters
voq-fwd-drop
Statistics for forward drop VOQ counters
enable
Enable statistics
disable
Disable statistics
Default
In Q1, By default, only ingress-acl statistics profile is enabled. Other statistics profiles are disabled.
In Q2, By default, voq-full-color, cfm-ccm statistics profile is enabled. Other statistics profiles are disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3 and this command is applicable for Qumran. The voq- full-color and voq-fwd-drop,cfm-slm,cfm-lm and cfm-ccm options are applicable for Qumran2.
Examples
#configure terminal
(config)#hardware-profile statistics tunnel-lif enable
Table 34-103 provides details of scalable numbers of each statistics profiles and the applications that use the statistics profiles. For example, the
ingress-acl profile is used by ACL, QoS, and PBR applications and all of them share the statistics entries from this profile. So, consuming 8k statistics entries for ACL application means that QOS and PBR applications do not get any statistics.
There are limitations on the number of statistics profiles that can be enabled at a time. This limitation is based on the stages that each profile uses.
Table 34-103 shows the four stages: ingress, ingress queuing, egress1, and egress2; and only two statistics profiles per stage can be configured.
For example, if both the ingress-acl and mpls-acl profiles are configured, then no more profiles that use the “ingress stage” can be enabled because only two profiles are allowed per stage. To use another “ingress-based” profile, you must first disable at least one of the profiles that are currently using the ingress stage.
Table 34-103: Statistics profile capacity (maximum numbers in best case scenario)
Statistics profile | Stage | QMX | QAX | QUX | Application |
|---|
ingress-acl | Ingress | ~8k | ~6k | ~1.5K | Ingress ACL, QoS, PBR |
egress-acl | Egress1 | ~8k | ~2k | ~2k | Egress ACL |
ingress-qos | Ingress | ~8k | ~6k | ~1.5K | QoS |
voq-full-color | Ingress queuing | ~13k | ~6k | ~1.5K | QoS (queue statictics) |
voq-fwd-drop | Ingress queuing | ~32k | ~16k | ~4K | QoS (queue statictics) |
tunnel-lif | Ingress | ~16k | N/A | N/A | VXLAN and MPLS (LSP/tunnels) |
| Egress2 | | | | |
mpls-pwe | Ingress | ~16k | ~8k | ~1K | MPLS (pseudowire) |
| Egress2 | | | | |
cfm-ccm | Ingress | ~3k | ~800 | ~800 | CFM (ccm) |
cfm-lm | Ingress | ~6k | ~1.5k | NA | CFM (loss measurement) |
| Egress2 | | | | |
ac-lif | Ingress | ~32k | N/A | N/A | VXLAN and MPLS (access-port) |
| Egress2 | | | | |
hardware-profile bgp-flowspec-mode
Use this command to set BGP flowspec mode that specifies the installation rules to the hardware.
Note: No support for Install-partial option in Q2.
Setting hardware profile to bgp-flowspec-mode requires, disabling and enabling the ipv4-bgp-flowspec to take effect.
Chose a appropriate option based on usage. Use install-all option for normal case.
Syntax
hardware-profile bgp-flowspec-mode (install-all|install-partial|no-prioritizing)
Parameters
install-all
FLOWSPEC rules are prioritized. The already installed all rules are reinstalled when a new rule is added. (default)
install-partial
FLOWSPEC rules are prioritized. Do not reinstall all previously installed rules when a new rule is added to avoid unnecessary reinstallation.
no-prioritizing
FLOWSPEC rules are not prioritized. Install only rules requested to add but not reinstall any other rules when a new rule is added.
Default
None
Command Mode
Configure mode
Applicability
This command was introduced in OcNOS version 6.3.5.
Example
(config)#hardware-profile filter ipv4-bgp-flowspec disable
(config)#commit
(config)#hardware-profile bgp-flowspec-mode no-prioritizing
(config)#commit
(config)#hardware-profile filter ipv4-bgp-flowspec enable
(config)#commit
ip redirects
Use this global command to trap ICMP redirect packets to the CPU and on interface to enable ICMP redirects in kernel.
Use the no form of this command to disable the ICMP redirect message on an interface.
Note: This command is applicable for both ipv4 and ipv6 interfaces.
Syntax
ip redirects
no ip redirects
Parameters
None
Default
None
Command Mode
Configure and Interface mode
Applicability
This command was introduced in OcNOS version 3.0.
Example
#configure terminal
(config)#ip redirects
(config)#no ip redirects
#configure terminal
(config)#interface xe1/1
(config-if)#ip redirects
#configure terminal
(config)#interface xe1/1
(config-if)#no ip redirects
load-balance enable
Use this command to enable load-balancing configurations in hardware.
Use the no option to reset the load balancing to default settings.
Note: When the command "load-balance enable" is issued, the default load-balance settings are unset. User then has to configure the new load-balancing parameters.
Command Syntax
This form unsets load balancing globally:
load-balance enable
This form resets load balancing globally to default settings:
no load-balance enable
By default, load balancing is enabled for ECMP and LAG.
This form sets hashing based on IPv4 fields:
load-balance (ipv4 {src-ipv4 | dest-ipv4 | srcl4-port | destl4-port | protocol-id})
no load-balance (ipv4 {src-ipv4 | dest-ipv4 | srcl4-port | destl4-port | protocol-id})
This form sets hashing based on IPv6 fields:
load-balance (ipv6 {src-ipv6 | dest-ipv6 | srcl4-port | destl4-port | protocol-id})
no load-balance (ipv6 {src-ipv6 | dest-ipv6 | srcl4-port | destl4-port | protocol-id})
This form sets hashing based on L2 fields:
load-balance (l2 {src-dest-mac|non-symmetrice|ether-type|vlan})
no load-balance (l2 {src-dest-mac|non-symmetrice|ether-type|vlan})
This form sets hashing on an MPLS fields:
load-balance (mpls {labels})
no load-balance (mpls {labels})
Note: The configured load balancing parameters are global and will be applicable to all LAG & ECMP created in the hardware.
Parameters
ipv4
Load balance IPv4 packets
src-ipv4
Source IPv4 based load balancing
dest-ipv4
Destination IPv4 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
protocol-id
Protocol ID based load balancing
ipv6
Load balance IPv6 packets
src-ipv6
Source IPV6 based load balancing
dest-ipv6
Destination IPv6 based load balancing
srcl4-port
Source L4 port based load balancing
destl4-port
Destination L4 port based load balancing
l2
Load balance L2 packets
src-dest-mac
Source Destination based load balancing
non-symmetric
Non symmetrical based load balancing
ether-type
Ether-type based load balancing
Vlan
VLAN-based load balancing
mpls
Load balance MPLS packets
labels
label stack based load balancing.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 3.0.
Examples
(config)#load-balance enable
(config)#load-balance ipv4 src-ipv4
show forwarding profile limit
Use this command to display the forwarding profile table sizes.
Note: 1k is 1024 entries.
Command Syntax
show forwarding profile limit
Parameters
None
Default
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version SP 1.0.
Examples
#show forwarding profile limit
------------------------------------------------------------------------------
L3 (Ipv4/Ipv6) KAPS Forwarding Profile
------------------------------------------------------------------------------
Active (*) Configured (*) Profile-type IPv4-db-size IPv6-db-size
profile-one NA NA
* * profile-two - 200k
------------------------------------------------------------------------------
L3 (Ipv4/Ipv6) ELK TCAM Forwarding Profile
------------------------------------------------------------------------------
Active (*) Configured (*) Profile-type IPv4-db-size IPv6-db-size
* * profile-one ~1024k -
profile-two - ~1024k
profile-three ~2048k -
NOTE: for external-tcam profile-three, URPF should be disabled &
number of vrf's limited to 255
------------------------------------------------------------------------------
L2 forwarding table
------------------------------------------------------------------------------
Max Entries: 768k
NOTE: 1k is 1024 entries
#
show hardware-profile filters
Use this command to show details of TCAM filter groups which are enabled. By default, all filter groups are disabled.
Command Syntax
show hardware-profile filters
Parameter
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 3.0.
Examples
#show hardware-profile filters
Note: Shared count is the calculated number from available resources.
Dedicated count provides allocated resource to the group.
If group shares the dedicated resource with other groups, then dedicated
count of group will reduce with every resource usage by other groups.
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 10495 0 1 10486 2048 8448
Table 34-104 explains the output fields.
Table 34-104: show hardware-profile filters
Field | Description |
|---|
Ingress | Ingress filtering is a method used to prevent suspicious traffic from entering a network. |
TCAMS | Number of ternary content addressable memory (TCAM) entries a particular firewall filter. |
Free Entries | Number of TCAM filter entries available for use by the filter group. |
Used Entries | Number of TCAM filter entries used by the filter group. |
Total Entries | Number of TCAM total filter entries to the filter group. |
Dedicated Entries | Number of TCAM filter entries dedicated to the filter group. |
Shared Entries | Number of TCAM filter entries shared to the filter groups. |
Operational details of TCAM profiles
TCAM group statistics comprises of three parts:
• Total Entries – Total configurable entries on the TCAM group. Total has two parts. One is dedicated and other is shared. Dedicated count is the guaranteed entry count for the group. Shared count a logical count calculated for the group from shared pool available at the time of show command execution
• Used Entries – Count of entries that have been configured on the TCAM group. Used entries are shown are shown in percentage format as well as an indication of how much TCAM space is used up. However, percentage calculation includes shared pool and subject to change drastically when shared pool is taken up by different group.
• Free Entries – Count of possible remaining entries on the TCAM group. Free entries count is not the guaranteed count as the count includes the shared pool count into account.
When a TCAM group is enabled in the device, no hardware resource (bank) is associated with the group. Thus, dedicated count will be initially zero. Total count will be same as shared count which is calculated based on the group width. Group width is determined by width consumed by the qualifiers or width consumed by the actions.
Example of show output when qos-ext group is enabled on QMX device is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 10496 0 0 10496 0 10496
When an entry is created on the group for the first time, either a single bank or a bank pair is allocated to the group. A group consuming single bank or a bank pair is decided by group width. Groups like qos, ingress-l2, and ingress-ipv4 consume single bank and groups like qos-ext, qos-policer, ingress-l2-ext, ingress-ipv4-ext, ingress-ipv4-qos, ingress-ipv6, ingress-ipv6-qos, egress-l2, and egress-ipv4 consume a bank pair.
An example of output when a single entry is created in hardware for qos-ext group on QMX device is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 10495 0 1 10496 2048 8448
In the above example, dedicated entry count has increased to 2048 as a bank pair is allocated for the group. Unallocated banks capacity is calculated for qos-ext group and counted under shared entries as 8448.
An example of output when 2048 entries are created in hardware for qos-ext group and ingress-l2 and ingress-ipv4-ext groups is enabled with no entries created on those groups for QMX device is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 8448 20 2048 10496 2048 8448
INGRESS L2 16896 0 0 16896 0 16896
INGRESS IPV4-EXT 8448 0 0 8448 0 8448
In the above example, note that the number of entries between ingress-l2 and ingress-ipv4-ext groups vary as ingress-l2 group is a 160-bit wide group consuming only one bank at a time. On the other hand, ingress-ipv4-ext group is 320 bit wide group consuming a group pair at a time. With a bank pair already being consumed by qos-ext group, ingress-ipv4-ext group gets possible total entries of 8448 in comparison to 10496 by qos-ext group.
When all the created entry count goes beyond the entries of dedicated bank pair (or a bank), group will be allocated with another bank pair (or a bank) and subsequently shared pool count will reduce across all other groups.
An example of output when 2049 entries are created in hardware for qos-ext group with ingress-l2 and ingress-ipv4-ext groups enabled with no entries created on those groups for QMX device is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 8447 20 2049 10496 4096 6400
INGRESS L2 12800 0 0 12800 0 12800
INGRESS IPV4-EXT 6400 0 0 6400 0 6400
When a bank is consumed by ingress-l2 group, effect on qos-ext group will still be the count of a bank pair with one bank not usable for qos-ext group even if it is available. The bank can be used by groups which consume single bank.
An example of output when an entry is created in hardware for ingress-l2 group with qos-ext and ingress-ipv4-ext groups in the state as mentioned in above example is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 6399 24 2049 8448 4096 4352
INGRESS L2 12799 0 1 12800 2048 10752
INGRESS IPV4-EXT 4352 0 0 4352 0 4352
In the above example scenario, it can be noted that the used entry percentage for qos-ext group jumped from 20 to 24 as a result of drastic reduction in total entry count due to bank movement from shared pool to dedicated bank.
Hardware doesn’t optimize the utilization of banks when entries are removed from one of the banks resulting in entries used shown up less than capacity of one bank but still multiple banks would be dedicated to a group.
An extended example of above scenario with 10 entries removed from qos-ext group is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
INGRESS-QOS-EXT 6409 24 2039 8448 4096 4352
INGRESS L2 12799 0 1 12800 2048 10752
INGRESS IPV4-EXT 4352 0 0 4352 0 4352
It can be noted that the used entry count has come down to 2039 which is less than the capacity of bank pair i.e. 2048. However, since entries are used up across two set of bank pairs, both bank pairs will still be dedicated. If there is a need to recover bank pair from dedicated pool, all the entries should be deleted and re-created in hardware.
TCAM groups are further divided into sub-categories which can share the dedicated banks between the groups. TCAM groups such as ingress-l2, ingress-l2-ext, ingress-ipv4, ingress-ipv4-ext, ingress-ipv4-qos, qos, qos-ext, qos-policer are considered under default sub-category and don't serve IPv6 traffic. TCAM groups such as ingress-ipv6, ingress-ipv6-qos, and qos-ipv6 are meant for IPv6 traffic and are considered under IPv6 sub-category.
Only four 320-bit wide groups that belong to same sub-category can be created. For default sub-category, number is limited to three as system group will be created by default.
When three default sub-category groups are created along with one group from IPv6 sub-category, one of the default sub-category group will share the bank pair with IPv6 group. This will result in dedicated count to be shown lesser by the number that the other shared group is consuming. With every single resource consumed by one group will reduce the same number from other shared group.
An example of above scenario is shown below:
#show hardware-profile filters
...
+--------------------+---------+---------------+----------------------------+
| | Free | Used | Total Entries |
| TCAMS | Entries |---------------|----------------------------|
| | | % | Entries | Total | Dedicated | shared |
+--------------------+---------+-----+---------+-------+-----------+--------+
QOS-EXT 6399 0 1 6400 2048 4352
INGRESS IPV4-ACL-EXT 6398 0 2 6400 2048 4352
INGRESS IPV4-QOS 6382 0 1 6383 2031 4352
INGRESS IPV6-ACL 6382 0 17 6399 2047 4352
Note that ingress-ipv4-qos group has shared the resource with ingress-ipv6 group. TCAM group ingress-ipv4-qos has consumed 1 entry and ingress-ipv6 group has consumed 17 entries. Hence, dedicated count for ingress-ipv4-qos group is shown as 2031 (2048 - 17) and dedicated count for ingress-ipv6 group is shown as 2047 (2048 - 1).
Capacity of TCAM profiles
Entries created on other TCAM groups affect the capacity of a particular TCAM group. This dependency is explained in the section
Operational details of TCAM profiles.
In this section maximum configurable entries per group when no entries created on other groups are listed below.
Table 34-105: Maximum configurable entries
TCAM Groups | QMX | QAX | QUX |
|---|
ingress-l2 | 20992 (2048 x 10 + 256 x 2) | 9728 (1024 x 9 + 256 x 2) | 3584 |
ingress-l2-ext | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 +256 x 1) | 1792 |
ingress-ipv4 | 20992 (2048 x 10 + 256 x 2) | 9728 (1024 x 9 + 256 x 2) | 3584 |
ingress-ipv4-ext | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
ingress-ipv4-qos | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
ingress-ipv6 | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
ingress-ipv6-ext | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
ingress-ipv6-ext-vlan | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
ingress-ipv6-qos | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
qos-ipv6 | 12288 (2048 x 6) | 5120 (1024 x 5) | 1792 |
qos | 20992 (2048 x 10 + 256 x 2) | 9728 (1024 x 9 + 256 x 2) | 3584 |
qos-ext | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
qos-policer | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
egress-l2 | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
egress-ipv4 | 10496 (2048 x 5 + 256 x 1) | 4352 (1024 x 4 + 256 x 1) | 1792 |
cfm-domain-name-str | 20992 (2048 x 10 + 256 x 2) | 9728 (1024 x 9 + 256 x 2) | 3584 |
Ipv4-bgp-flowspec | 10496 (2048 x 5 + 256 * 1) | 8704 (1024 * 8 + 256 * 2) | |
Combination of TCAM profiles
Device supports configuration of only one egress group in the system. Hence out of the egress groups cfm-domain-name-str, egress-l2 and egress-ipv4, only one egress group can be enabled.
In other words, solution with CFM features enabled, cannot have egress security filters.
Configuration of ingress groups are subject to the sub-category to which a group belongs. Sub-category of each group is shown below:
Table 34-106: Sub-category of groups
Category | Groups in the category |
|---|
default (ingress) | ingress-l2 ingress-l2-ext ingress-ipv4 ingress-ipv4-ext ingress-ipv4-qos qos qos-ext qos-policer ipv4-bgp-flowspec |
Ipv6 (ingress) | ingress-ipv6, ingress-ipv6-qos, qos-ipv6, ingress-ipv6-ext, ingress-ipv6-ext-vlan |
default (egress) | egress-l2, egress-ipv4 |
cfm (egress) | cfm-domain-name-str |
Note: Per sub-category, not more than three groups can be created if the group key size is 320 bits wide.
show nsm forwarding-timer
Use this command to display the information of Graceful Restart capable MPLS clients to NSM that are currently shutdown. Use the option LDP or RSVP to see the particular module information.
Command Syntax
show nsm (ldp| rsvp) forwarding-timer
Parameters
ldp
Use this parameter to display the protocol LDP information.
rsvp
Use this parameter to display the protocol RSVP information.
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 5.0.
Example
#sh nsm rsvp forwarding-timer
Protocol-Name GR-State Time Remaining (sec) Disconnected-time
RSVP ACTIVE 100 2021/08/18 04:49:23
#sh nsm ldp forwarding-timer
Protocol-Name GR-State Time Remaining (sec) Disconnected-time
LDP ACTIVE 111 2021/08/18 04:50:37
#sh nsm forwarding-timer
Protocol-Name GR-State Time Remaining (sec) Disconnected-time
LDP ACTIVE 110 2021/08/18 04:50:37
RSVP ACTIVE 96 2021/08/18 04:49:23
show queue remapping
Use this command to display the traffic class-to-hardware-queue mapping in hardware.
Command Syntax
show queue remapping
Parameters
N/A
Default
N/A
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
This command is only available on Qumran platforms.
Examples
When service-queue profile1 is set:
#show queue remapping
Port queue remapping:
+------------+-----------------------+
| Queue/tc | hardware-queue |
+------------+-----------------------+
| 0 | 0 |
| 1 | 1 |
| 2 | 2 |
| 3 | 3 |
| 4 | 4 |
| 5 | 5 |
| 6 | 6 |
| 7 | 7 |
+------------+-----------------------+
Service queue remapping:
+------------+-----------------------+
| Queue/tc | hardware-queue |
+------------+-----------------------+
| 0 | 0 |
| 1 | 1 |
| 2 | 1 |
| 3 | 1 |
| 4 | 2 |
| 5 | 2 |
| 6 | 3 |
| 7 | 3 |
+------------+-----------------------+
When service-queue profile2 is set:
#show queue remapping
Port queue remapping:
+------------+-----------------------+
| Queue/tc | hardware-queue |
+------------+-----------------------+
| 0 | 0 |
| 1 | 1 |
| 2 | 2 |
| 3 | 3 |
| 4 | 4 |
| 5 | 5 |
| 6 | 6 |
| 7 | 7 |
+------------+-----------------------+
Service queue remapping:
+------------+-----------------------+
| Queue/tc | hardware-queue |
+------------+-----------------------+
| 0 | 0 |
| 1 | 1 |
| 2 | 2 |
| 3 | 3 |
| 4 | 4 |
| 5 | 5 |
| 6 | 6 |
| 7 | 7 |
+------------+-----------------------+
snmp restart
Use this command to restart SNMP for a given process.
Command Syntax
snmp restart (auth | bfd | bgp | isis | lacp| ldp | lldp | mrib | mstp | nsm | ospf | ospf6 | pim | rib| rip | rsvp |vrrp)
Parameters
auth
Authentication
bfd
Bidirectional Forwarding Detection (BFD)
bgp
Border Gateway Protocol (BGP)
isis
Intermediate System - Intermediate System (IS-IS)
lacp
Link Aggregation Control Protocol (LACP)
ldp
Label Distribution Protocol (LDP)
lldp
Link Layer Discovery Protocol (LLDP)
mrib
Multicast Routing Information Base (MRIB)
mstp
Multiple Spanning Tree Protocol (MSTP)
nsm
Network Service Module (NSM)
ospf
Open Shortest Path First (OSPFv2)
ospf6
Open Shortest Path First (OSPFv3)
pim
Protocol Independent Multicast (PIM)
rib
Routing Information Base (RIB)
rip
Routing Information Protocol (RIP)
rsvp
Resource Reservation Protocol (RSVP)
vrrp
Virtual Router Redundancy Protocol (VRRP)
Default
N/A
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#snmp restart nsm