 |
FD.io VPP
v17.04.2-2-ga8f93f8
Vector Packet Processing
|
|
FD.io VPP
v17.04.2-2-ga8f93f8
Vector Packet Processing
|
clear ioam rewrite.
This command clears all the In-band OAM (iOAM) features enabled by the 'set ioam rewrite' command. Use 'show ioam summary' to verify the configured settings cleared.
vpp# clear ioam rewrite
Declaration: ip6_clear_ioam_rewrite_cmd (src/vnet/ip/ip6_hop_by_hop.c line 956)
Implementation: clear_ioam_rewrite_command_fn.
disable ip6 interface <interface>.
This command is used to disable IPv6 on a given interface.
vpp# disable ip6 interface GigabitEthernet2/0/0
Declaration: disable_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 3508)
Implementation: disable_ip6_interface_cmd.
enable ip6 interface <interface>.
This command is used to enable IPv6 on a given interface.
vpp# enable ip6 interface GigabitEthernet2/0/0
Declaration: enable_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 3469)
Implementation: enable_ip6_interface_cmd.
Internet protocol (IP) commands.
Declaration: vlib_cli_ip_command (src/vnet/ip/lookup.c line 724)
ip mroute [add|del] <dst-ip-addr>/<width> [table <table-id>] [via <next-hop-ip-addr> [<interface>],.
This command is used to add or delete IPv4 or IPv6 multicastroutes. All IP Addresses ('<dst-ip-addr>/<width>', '<next-hop-ip-addr>' and '<adj-hop-ip-addr>') can be IPv4 or IPv6, but all must be of the same form in a single command. To display the current set of routes, use the commands 'show ip mfib' and 'show ip6 mfib'. The full set of support flags for interfaces and route is shown via; 'show mfib route flags' and 'show mfib itf flags' respectively.
vpp# ip mroute add 232.1.1.1 via GigabitEthernet2/0/0 Forward
vpp# ip mroute add 232.1.1.1 via GigabitEthernet2/0/1 Accept
vpp# ip mroute add 232.1.1.1 Signal
Declaration: ip_mroute_command (src/vnet/ip/lookup.c line 1011)
Implementation: vnet_ip_mroute_cmd.
ip probe-neighbor <interface> <ip4-addr> | <ip6-addr> [retry nn].
The 'ip probe-neighbor' command ARPs for IPv4 addresses or attempts IPv6 neighbor discovery depending on the supplied IP address format.
vpp# ip probe-neighbor GigabitEthernet2/0/0 172.16.1.2
Declaration: ip_probe_neighbor_command (src/vnet/ip/lookup.c line 1216)
Implementation: probe_neighbor_address.
ip route [add|del] [count <n>] <dst-ip-addr>/<width> [table <table-id>] [via <next-hop-ip-addr> [<interface>] [weight <weight>]] | [via arp <interface> <adj-hop-ip-addr>] | [via drop|punt|local<id>|arp|classify <classify-idx>] [lookup in table <out-table-id>].
This command is used to add or delete IPv4 or IPv6 routes. All IP Addresses ('<dst-ip-addr>/<width>', '<next-hop-ip-addr>' and '<adj-hop-ip-addr>') can be IPv4 or IPv6, but all must be of the same form in a single command. To display the current set of routes, use the commands 'show ip fib' and 'show ip6 fib'.
vpp# ip route add 6.0.1.2/32 via 6.0.0.1 GigabitEthernet2/0/0
vpp# ip route del 6.0.1.2/32 via 6.0.0.1 GigabitEthernet2/0/0
vpp# ip route add count 10 7.0.0.0/24 via 6.0.0.1 GigabitEthernet2/0/0
vpp# ip route add 7.0.0.1/32 via 6.0.0.1 GigabitEthernet2/0/0
vpp# ip route add 7.0.0.1/32 via 6.0.0.2 GigabitEthernet2/0/0
vpp# ip route add 7.0.0.1/32 via 6.0.0.1 GigabitEthernet2/0/0 weight 1
vpp# ip route add 7.0.0.1/32 via 6.0.0.2 GigabitEthernet2/0/0 weight 3
vpp# ip route add 172.16.24.0/24 table 7 via GigabitEthernet2/0/0
Declaration: ip_route_command (src/vnet/ip/lookup.c line 779)
Implementation: vnet_ip_route_cmd.
ip urpf-accept [table <table-id>] [add|del].
Add an exemption for a prefix to pass the Unicast Reverse Path Forwarding (uRPF) loose check. This is for testing purposes only. If the 'table' is not enter it is defaulted to 0. Default is to 'add'. VPP always performs a loose uRPF check for for-us traffic.
vpp# ip urpf-accept table 7 add
Declaration: ip_source_check_accept_command (src/vnet/ip/ip4_source_check.c line 554)
Implementation: ip_source_check_accept.
Internet protocol version 6 (IPv6) commands.
Declaration: vlib_cli_ip6_command (src/vnet/ip/lookup.c line 731)
ip6 nd <interface> ...
This command is used to configure the neighbor discovery parameters on a given interface. Use the 'show ip6 interface' command to display some of the current neighbor discovery parameters on a given interface. This command has three formats:
Format 1 - Router Advertisement Options: (Only one can be entered in a single command)
'ip6 nd <interface> [no] [ra-managed-config-flag] | [ra-other-config-flag] | [ra-suppress] | [ra-suppress-link-layer] | [ra-send-unicast] | [ra-lifetime <lifetime>] | [ra-initial <cnt> <interval>] | [ra-interval <max-interval> [<min-interval>]] | [ra-cease]'
Where:
[no] ra-managed-config-flag - Advertises in ICMPv6 router-advertisement messages to use stateful address auto-configuration to obtain address information (sets the M-bit). Default is the M-bit is not set and the 'no' option returns it to this default state.
[no] ra-other-config-flag - Indicates in ICMPv6 router-advertisement messages that hosts use stateful auto configuration to obtain nonaddress related information (sets the O-bit). Default is the O-bit is not set and the 'no' option returns it to this default state.
[no] ra-suppress - Disables sending ICMPv6 router-advertisement messages. The 'no' option implies to enable sending ICMPv6 router-advertisement messages.
[no] ra-suppress-link-layer - Indicates not to include the optional source link-layer address in the ICMPv6 router-advertisement messages. Default is to include the optional source link-layer address and the 'no' option returns it to this default state.
[no] ra-send-unicast - Use the source address of the router-solicitation message if availiable. The default is to use multicast address of all nodes, and the 'no' option returns it to this default state.
[no] ra-lifetime <lifetime> - Advertises the lifetime of a default router in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds. '<lifetime>' must be greater than '<max-interval>'. The default value is 600 seconds and the 'no' option returns it to this default value.
[no] ra-initial <cnt> <interval> - Number of initial ICMPv6 router-advertisement messages sent and the interval between each message. Range for count is 1 - 3 and default is 3. Range for interval is 1 to 16 seconds, and default is 16 seconds. The 'no' option returns both to their default value.
[no] ra-interval <max-interval> [<min-interval>] - Configures the interval between sending ICMPv6 router-advertisement messages. The range for max-interval is from 4 to 200 seconds. min-interval can not be more than 75% of max-interval. If not set, min-interval will be set to 75% of max-interval. The range for min-interval is from 3 to 150 seconds. The 'no' option returns both to their default value.
[no] ra-cease - Cease sending ICMPv6 router-advertisement messages. The 'no' options implies to start (or restart) sending ICMPv6 router-advertisement messages.
Format 2 - Prefix Options:
'ip6 nd <interface> [no] prefix <ip6-address>/<width> [<valid-lifetime> <pref-lifetime> | infinite] [no-advertise] [off-link] [no-autoconfig] [no-onlink]'
Where:
no - All additional flags are ignored and the prefix is deleted.
<valid-lifetime> <pref-lifetime> - '<valid-lifetime>' is the length of time in seconds during what the prefix is valid for the purpose of on-link determination. Range is 7203 to 2592000 seconds and default is 2592000 seconds (30 days). '<pref-lifetime>' is the prefered-lifetime and is the length of time in seconds during what addresses generated from the prefix remain preferred. Range is 0 to 604800 seconds and default is 604800 seconds (7 days).
infinite - Both '<valid-lifetime>' and '<<pref-lifetime>' are inifinte, no timeout.
no-advertise - Do not send full router address in prefix advertisement. Default is to advertise (i.e. - This flag is off by default).
off-link - Prefix is off-link, clear L-bit in packet. Default is on-link (i.e. - This flag is off and L-bit in packet is set by default and this prefix can be used for on-link determination). 'no-onlink' also controls the L-bit.
no-autoconfig - Do not use prefix for autoconfiguration, clear A-bit in packet. Default is autoconfig (i.e. - This flag is off and A-bit in packet is set by default.
no-onlink - Do not use prefix for onlink determination, clear L-bit in packet. Default is on-link (i.e. - This flag is off and L-bit in packet is set by default and this prefix can be used for on-link determination). 'off-link' also controls the L-bit.
Format 3: - Default of Prefix:
'ip6 nd <interface> [no] prefix <ip6-address>/<width> default'
When a new prefix is added (or existing one is being overwritten) default uses default values for the prefix. If no is used, the default is ignored and the prefix is deleted.
vpp# ip6 nd GigabitEthernet2/0/0 ra-interval 100 20
vpp# ip6 nd GigabitEthernet2/0/0 prefix fe80::fe:28ff:fe9c:75b3/64 infinite no-advertise
vpp# ip6 nd GigabitEthernet2/0/0 no prefix fe80::fe:28ff:fe9c:75b3/64
Declaration: ip6_nd_command (src/vnet/ip/ip6_neighbor.c line 3632)
Implementation: ip6_neighbor_cmd.
ping {<ip-addr> | ipv4 <ip4-addr> | ipv6 <ip6-addr>} [ipv4 <ip4-addr> | ipv6 <ip6-addr>] [source <interface>] [size <pktsize>] [interval <sec>] [repeat <cnt>] [table-id <id>] [verbose].
This command sends an ICMP ECHO_REQUEST to network hosts. The address can be an IPv4 or IPv6 address (or both at the same time).
Example of how ping an IPv4 address:
vpp# ping 172.16.1.2 source GigabitEthernet2/0/0 repeat 2
64 bytes from 172.16.1.2: icmp_seq=1 ttl=64 time=.1090 ms 64 bytes from 172.16.1.2: icmp_seq=2 ttl=64 time=.0914 ms
Statistics: 2 sent, 2 received, 0% packet loss
Example of how ping both an IPv4 address and IPv6 address at the same time:
vpp# ping 172.16.1.2 ipv6 fe80::24a5:f6ff:fe9c:3a36 source GigabitEthernet2/0/0 repeat 2 verbose
Adjacency index: 10, sw_if_index: 1 Adj: ip6-discover-neighbor Adj Interface: 0 Forced set interface: 1 Adjacency index: 0, sw_if_index: 4294967295 Adj: ip4-miss Adj Interface: 0 Forced set interface: 1 Source address: 172.16.1.1 64 bytes from 172.16.1.2: icmp_seq=1 ttl=64 time=.1899 ms Adjacency index: 10, sw_if_index: 1 Adj: ip6-discover-neighbor Adj Interface: 0 Forced set interface: 1 Adjacency index: 0, sw_if_index: 4294967295 Adj: ip4-miss Adj Interface: 0 Forced set interface: 1 Source address: 172.16.1.1 64 bytes from 172.16.1.2: icmp_seq=2 ttl=64 time=.0910 ms
Statistics: 4 sent, 2 received, 50% packet loss
Declaration: ping_command (src/vnet/ip/ping.c line 885)
Implementation: ping_ip_address.
IP4/IP6 commands.
Declaration: set_interface_ip_command (src/vnet/ip/ip46_cli.c line 73)
set interface ip address [del] <interface> <ip-addr>/<mask> | [all].
Add an IP Address to an interface or remove and IP Address from an interface. The IP Address can be an IPv4 or an IPv6 address. Interfaces may have multiple IPv4 and IPv6 addresses. There is no concept of primary vs. secondary interface addresses; they're just addresses.
To display the addresses associated with a given interface, use the command 'show interface address <interface>'.
Note that the debug CLI does not enforce classful mask-width / addressing constraints.
An example of how to add an IPv4 address to an interface:
vpp# set interface ip address GigabitEthernet2/0/0 172.16.2.12/24
An example of how to add an IPv6 address to an interface:
vpp# set interface ip address GigabitEthernet2/0/0 ::a:1:1:0:7/126
To delete a specific interface ip address:
vpp# set interface ip address GigabitEthernet2/0/0 172.16.2.12/24 del
To delete all interfaces addresses (IPv4 and IPv6):
vpp# set interface ip address GigabitEthernet2/0/0 del all
Declaration: set_interface_ip_address_command (src/vnet/ip/ip46_cli.c line 214)
Implementation: add_del_ip_address.
set interface ip source-and-port-range-check <interface> [tcp-out-vrf <table-id>] [udp-out-vrf <table-id>] [tcp-in-vrf <table-id>] [udp-in-vrf <table-id>] [del].
Add the 'ip4-source-and-port-range-check-rx' or 'ip4-source-and-port-range-check-tx' graph node for a given interface. 'tcp-out-vrf' and 'udp-out-vrf' will add to the RX path. 'tcp-in-vrf' and 'udp-in-vrf' will add to the TX path. A graph node will be inserted into the chain when the range check is added to the first interface. It will not be removed from when range check is removed from the last interface.
By adding the range check graph node to the interface, incoming or outgoing TCP/UDP packets will be validated using the provided IPv4 FIB table (VRF).
Example of graph node before range checking is enabled:
vpp# show vlib graph ip4-source-and-port-range-check-tx
Name Next Previous
ip4-source-and-port-range- error-drop [0]
Example of how to enable range checking on TX:
vpp# set interface ip source-and-port-range-check GigabitEthernet2/0/0 udp-in-vrf 7
Example of graph node after range checking is enabled:
vpp# show vlib graph ip4-source-and-port-range-check-tx
Name Next Previous
ip4-source-and-port-range- error-drop [0] ip4-rewrite
interface-output [1]
Example of how to display the features enabed on an interface:
vpp# show ip interface features GigabitEthernet2/0/0
IP feature paths configured on GigabitEthernet2/0/0...
ipv4 unicast: ip4-source-and-port-range-check-rx ip4-lookup
ipv4 multicast: ip4-lookup-multicast
ipv4 multicast: interface-output
ipv6 unicast: ip6-lookup
ipv6 multicast: ip6-lookup
ipv6 multicast: interface-output
Declaration: set_interface_ip_source_and_port_range_check_command (src/vnet/ip/ip4_source_and_port_range_check.c line 817)
Implementation: set_ip_source_and_port_range_check_fn.
set interface ip source-check <interface> [strict|loose] [del].
This command adds the 'ip4-source-check-via-rx' graph node for a given interface. By adding the IPv4 source check graph node to an interface, the code verifies that the source address of incoming unicast packets are reachable over the incoming interface. Two flavours are supported (the default is strict):
Example of graph node before range checking is enabled:
vpp# show vlib graph ip4-source-check-via-rx
Name Next Previous
ip4-source-check-via-rx error-drop [0]
Example of how to enable unicast source checking on an interface:
vpp# set interface ip source-check GigabitEthernet2/0/0 loose
Example of graph node after range checking is enabled:
vpp# show vlib graph ip4-source-check-via-rx
Name Next Previous
ip4-source-check-via-rx error-drop [0] ip4-input-no-checksum
ip4-source-and-port-range- ip4-input
Example of how to display the feature enabed on an interface:
vpp# show ip interface features GigabitEthernet2/0/0
IP feature paths configured on GigabitEthernet2/0/0...
ipv4 unicast: ip4-source-check-via-rx ip4-lookup
ipv4 multicast: ip4-lookup-multicast
ipv4 multicast: interface-output
ipv6 unicast: ip6-lookup
ipv6 multicast: ip6-lookup
ipv6 multicast: interface-output
Example of how to disable unicast source checking on an interface:
vpp# set interface ip source-check GigabitEthernet2/0/0 del
Declaration: set_interface_ip_source_check_command (src/vnet/ip/ip4_source_check.c line 465)
Implementation: set_ip_source_check.
set interface ip table <interface> <table-id>.
Place the indicated interface into the supplied IPv4 FIB table (also known as a VRF). If the FIB table does not exist, this command creates it. To display the current IPv4 FIB table, use the command 'show ip fib'. FIB table will only be displayed if a route has been added to the table, or an IP Address is assigned to an interface in the table (which adds a route automatically).
vpp# set interface ip table GigabitEthernet2/0/0 2
Declaration: set_interface_ip_table_command (src/vnet/ip/ip4_forward.c line 2885)
Implementation: add_del_interface_table.
set interface ip6 table <interface> <table-id>.
Place the indicated interface into the supplied IPv6 FIB table (also known as a VRF). If the FIB table does not exist, this command creates it. To display the current IPv6 FIB table, use the command 'show ip6 fib'. FIB table will only be displayed if a route has been added to the table, or an IP Address is assigned to an interface in the table (which adds a route automatically).
vpp# set interface ip6 table GigabitEthernet2/0/0 2
Declaration: set_interface_ip6_table_command (src/vnet/ip/ip6_forward.c line 3026)
Implementation: add_del_ip6_interface_table.
set ioam [trace] [pot] [seqno] [analyse].
This command is used to enable In-band OAM (iOAM) features on IPv6. 'trace' is used to enable iOAM trace feature. 'pot' is used to enable the Proof Of Transit feature. 'ppc' is used to indicate the Per Packet Counter feature for Edge to Edge processing. 'ppc' is used to indicate if this node is an 'encap' node (iOAM edge node where packet enters iOAM domain), a 'decap' node (iOAM edge node where packet leaves iOAM domain) or 'none' (iOAM node where packet is in-transit through the iOAM domain). 'ppc' can only be set if 'trace' or 'pot' is enabled.
Use 'clear ioam rewrite' to disable all features enabled by this command. Use 'show ioam summary' to verify the configured settings.
vpp# set ioam rewrite trace pot ppc encap
Declaration: ip6_set_ioam_rewrite_cmd (src/vnet/ip/ip6_hop_by_hop.c line 1063)
Implementation: ip6_set_ioam_rewrite_command_fn.
set ip classify intfc <interface> table-index <classify-idx>.
Assign a classification table to an interface. The classification table is created using the 'classify table' and 'classify session' commands. Once the table is create, use this command to filter packets on an interface.
vpp# set ip classify intfc GigabitEthernet2/0/0 table-index 1
Declaration: set_ip_classify_command (src/vnet/ip/ip4_forward.c line 3261)
Implementation: set_ip_classify_command_fn.
set ip flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse].
Configure the set of IPv4 fields used by the flow hash.
vpp# set ip flow-hash table 7 dst sport dport proto
vpp# show ip fib
ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
[0] [@0]: dpo-drop ip6
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
[0] [@0]: dpo-drop ip6
224.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
[0] [@0]: dpo-drop ip6
6.0.1.2/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
[0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
7.0.0.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
[0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
240.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
[0] [@0]: dpo-drop ip6
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
[0] [@0]: dpo-drop ip6
ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
[0] [@0]: dpo-drop ip6
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
[0] [@0]: dpo-drop ip6
172.16.1.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
[0] [@4]: ipv4-glean: af_packet0
172.16.1.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
[0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
172.16.1.2/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
[0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
172.16.2.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
[0] [@4]: ipv4-glean: af_packet1
172.16.2.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
[0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
224.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
[0] [@0]: dpo-drop ip6
240.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
[0] [@0]: dpo-drop ip6
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
[0] [@0]: dpo-drop ip6
Declaration: set_ip_flow_hash_command (src/vnet/ip/ip4_forward.c line 3138)
Implementation: set_ip_flow_hash_command_fn.
set ip source-and-port-range-check vrf <table-id> <ip-addr>/<mask> {port nn | range <nn> - <nn>} [del].
This command adds an IP Subnet and range of ports to be validated by an IP FIB table (VRF).
vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 port 23
vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 range 23 - 100
vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 port 23 del
vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 range 23 - 100 del
Declaration: ip_source_and_port_range_check_command (src/vnet/ip/ip4_source_and_port_range_check.c line 1275)
Implementation: ip_source_and_port_range_check_command_fn.
set ip6 classify intfc <interface> table-index <classify-idx>.
Assign a classification table to an interface. The classification table is created using the 'classify table' and 'classify session' commands. Once the table is create, use this command to filter packets on an interface.
vpp# set ip6 classify intfc GigabitEthernet2/0/0 table-index 1
Declaration: set_ip6_classify_command (src/vnet/ip/ip6_forward.c line 3401)
Implementation: set_ip6_classify_command_fn.
set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse].
Configure the set of IPv6 fields used by the flow hash.
Example of how to set the flow hash on a given table:
vpp# set ip6 flow-hash table 8 dst sport dport proto
Example of display the configured flow hash:
vpp# show ip6 fib
ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
::/0
unicast-ip6-chain
[@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
[0] [@0]: dpo-drop ip6
fe80::/10
unicast-ip6-chain
[@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
[0] [@2]: dpo-receive
ff02::1/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
[0] [@2]: dpo-receive
ff02::2/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
[0] [@2]: dpo-receive
ff02::16/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
[0] [@2]: dpo-receive
ff02::1:ff00:0/104
unicast-ip6-chain
[@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
[0] [@2]: dpo-receive
ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
::/0
unicast-ip6-chain
[@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
[0] [@0]: dpo-drop ip6
::a:1:1:0:4/126
unicast-ip6-chain
[@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
[0] [@4]: ipv6-glean: af_packet0
::a:1:1:0:7/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
[0] [@2]: dpo-receive: ::a:1:1:0:7 on af_packet0
fe80::/10
unicast-ip6-chain
[@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
[0] [@2]: dpo-receive
fe80::fe:3eff:fe3e:9222/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
[0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
ff02::1/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
[0] [@2]: dpo-receive
ff02::2/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
[0] [@2]: dpo-receive
ff02::16/128
unicast-ip6-chain
[@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
[0] [@2]: dpo-receive
ff02::1:ff00:0/104
unicast-ip6-chain
[@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
[0] [@2]: dpo-receive
Declaration: set_ip6_flow_hash_command (src/vnet/ip/ip6_forward.c line 3237)
Implementation: set_ip6_flow_hash_command_fn.
set ip6 link-local address <interface> <ip6-address>.
This command is used to assign an IPv6 Link-local address to an interface. This command will enable IPv6 on an interface if it is not already enabled. Use the 'show ip6 interface' command to display the assigned Link-local address.
vpp# set ip6 link-local address GigabitEthernet2/0/0 FE80::AB8
Declaration: set_ip6_link_local_address_command (src/vnet/ip/ip6_neighbor.c line 3731)
Implementation: set_ip6_link_local_address_cmd.
set ip6 nd proxy <HOST> <INTERFACE>.
Declaration: set_ip6_nd_proxy_command (src/vnet/ip/ip6_neighbor.c line 4159)
Implementation: set_ip6_nd_proxy_cmd.
set ip6 neighbor [del] <interface> <ip6-address> <mac-address> [static].
This command is used to manually add an entry to the IPv6 neighbor adjacency table. Optionally, the entry can be added as static. It is also used to remove an entry from the table. Use the 'show ip6 neighbors' command to display all learned and manually entered entries.
vpp# set ip6 neighbor GigabitEthernet2/0/0 ::1:1:c:0:9 02:fe:e4:45:27:5b static
vpp# set ip6 neighbor del GigabitEthernet2/0/0 ::1:1:c:0:9 02:fe:e4:45:27:5b
Declaration: set_ip6_neighbor_command (src/vnet/ip/ip6_neighbor.c line 919)
Implementation: set_ip6_neighbor.
set punt udp [del] <all | port-num1 [port-num2 ...]>.
The set of 'set punt' commands allows specific IP traffic to be punted to the host TCP/IP stack
Note
Example of how to request NTP traffic to be punted
vpp# set punt udp 125
Example of how to request all 'unknown' UDP traffic to be punted
vpp# set punt udp all
Example of how to stop all 'unknown' UDP traffic to be punted
vpp# set punt udp del all
Declaration: punt_udp_command (src/vnet/ip/punt.c line 310)
Implementation: udp_punt_cli.
show ioam summary.
This command displays the current configuration data for In-band OAM (iOAM).
vpp# show ioam summary
REWRITE FLOW CONFIGS -
Destination Address : ff02::1
Flow operation : 2 (Pop)
TRACE OPTION - 1 (Enabled)
Try 'show ioam trace and show ioam-trace profile' for more information
POT OPTION - 1 (Enabled)
Try 'show ioam pot and show pot profile' for more information
EDGE TO EDGE - PPC OPTION - 1 (Encap)
Declaration: ip6_show_ioam_run_cmd (src/vnet/ip/ip6_hop_by_hop.c line 1147)
Implementation: ip6_show_ioam_summary_cmd_fn.
Internet protocol (IP) show commands.
Declaration: vlib_cli_show_ip_command (src/vnet/ip/lookup.c line 738)
show ip local.
Display the set of protocols handled by the local IPv4 stack.
vpp# show ip local
Protocols handled by ip4_local
1
17
47
Declaration: show_ip_local (src/vnet/ip/ip4_forward.c line 1975)
Implementation: show_ip_local_command_fn.
show ip source-and-port-range-check vrf <table-id> <ip-addr> [port <n>].
Display the range of ports being validated by an IPv4 FIB for a given IP or subnet, or test if a given IP and port are being validated.
vpp# show ip source-and-port-range-check vrf 7 172.16.2.0
172.16.2.0: 23 - 101
vpp# show ip source-and-port-range-check vrf 7 172.16.2.2 port 23
172.16.2.2 port 23 PASS
vpp# show ip source-and-port-range-check vrf 7 172.16.2.2 port 250
172.16.2.2 port 250 FAIL
Declaration: show_source_and_port_range_check (src/vnet/ip/ip4_source_and_port_range_check.c line 1401)
Implementation: show_source_and_port_range_check_fn.
Internet protocol version 6 (IPv6) show commands.
Declaration: vlib_cli_show_ip6_command (src/vnet/ip/lookup.c line 745)
show ip6 interface <interface>.
This command is used to display various IPv6 attributes on a given interface.
vpp# show ip6 interface GigabitEthernet2/0/0
GigabitEthernet2/0/0 is admin up
Link-local address(es):
fe80::ab8/64
Joined group address(es):
ff02::1
ff02::2
ff02::16
ff02::1:ff00:ab8
Advertised Prefixes:
prefix fe80::fe:28ff:fe9c:75b3, length 64
MTU is 1500
ICMP error messages are unlimited
ICMP redirects are disabled
ICMP unreachables are not sent
ND DAD is disabled
ND advertised reachable time is 0
ND advertised retransmit interval is 0 (msec)
ND router advertisements are sent every 200 seconds (min interval is 150)
ND router advertisements live for 600 seconds
Hosts use stateless autoconfig for addresses
ND router advertisements sent 19336
ND router solicitations received 0
ND router solicitations dropped 0
vpp# show ip6 interface GigabitEthernet2/0/0
show ip6 interface: IPv6 not enabled on interface
Declaration: show_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 3288)
Implementation: show_ip6_interface_cmd.
show ip6 local.
Display the set of protocols handled by the local IPv6 stack.
vpp# show ip6 local
Protocols handled by ip6_local
17
43
58
115
Declaration: show_ip6_local (src/vnet/ip/ip6_forward.c line 3279)
Implementation: show_ip6_local_command_fn.
show ip6 neighbors [<interface>].
This command is used to display the adjacent IPv6 hosts found via neighbor discovery. Optionally, limit the output to the specified interface.
vpp# show ip6 neighbors
Time Address Flags Link layer Interface
34.0910 a:1:1:0:7 02:fe:6a:07:39:6f GigabitEthernet2/0/0
173.2916 ::b:5:1:c:2 02:fe:50:62:3a:94 GigabitEthernet2/0/0
886.6654 ::1:1:c:0:9 S 02:fe:e4:45:27:5b GigabitEthernet3/0/0
vpp# show ip6 neighbors GigabitEthernet2/0/0
Time Address Flags Link layer Interface
34.0910 a:1:1:0:7 02:fe:6a:07:39:6f GigabitEthernet2/0/0
173.2916 ::b:5:1:c:2 02:fe:50:62:3a:94 GigabitEthernet2/0/0
Declaration: show_ip6_neighbors_command (src/vnet/ip/ip6_neighbor.c line 854)
Implementation: show_ip6_neighbors.
test ip6 link <mac-address>.
This command converts the given MAC Address into an IPv6 link-local address.
vpp# test ip6 link 16:d9:e0:91:79:86
Link local address: fe80::14d9:e0ff:fe91:7986
Original MAC address: 16:d9:e0:91:79:86
Declaration: test_link_command (src/vnet/ip/ip6_forward.c line 3094)
Implementation: test_ip6_link_command_fn.
test lookup <ipv4-addr> [table <fib-id>] [count <nn>].
Perform a lookup of an IPv4 Address (or range of addresses) in the given FIB table to determine if there is a conflict with the adjacency table. The fib-id can be determined by using the 'show ip fib' command. If fib-id is not entered, default value of 0 is used.
vpp# test lookup 172.16.1.1 table 1 count 2
No errors in 2 lookups
Declaration: lookup_test_command (src/vnet/ip/ip4_forward.c line 2987)
Implementation: test_lookup_command_fn.
test route [seed <seed-num>] [niter <num-iter>] [ninterfaces <num-iface>] [min-mask-bits <min-mask>] [max-mask-bits <max-mask>] [verbose].
This command in not in the build by default. It is an internal command used to test the route functonality.
Create test routes on IPv4 FIB table 11. Table will be created if it does not exist.
There are several optional attributes:
vpp# test route
Declaration: test_route_command (src/vnet/ip/ip4_test::c line 326)
Implementation: thrash.
1.8.11