FD.io VPP
v19.01.3-6-g70449b9b9
Vector Packet Processing
|
clear l2fib.
This command clears all the MAC Address entries from the L2 FIB table.
vpp# clear l2fib
Example to show the L2 FIB Table has been cleared: vpp# show l2fib verbose
no l2fib entries
Declaration: clear_l2fib_cli (src/vnet/l2/l2_fib.c line 376)
Implementation: clear_l2fib.
create bridge-domain <bridge-domain-id> [learn <0|1>] [forward <0|1>] [uu-flood <0|1>] [flood <0|1>] [arp-term <0|1>] [mac-age <nn>] [bd-tag <tag>] [del].
Create/Delete bridge-domain instance
Example of creating bridge-domain 1:
vpp# create bridge-domain 1
bridge-domain 1
Example of creating bridge-domain 2 with enabling arp-term, mac-age 60:
vpp# create bridge-domain 2 arp-term 1 mac-age 60
bridge-domain 2
vpp# show bridge-domain
ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
0 0 0 off off off off off off local0
1 1 0 off on on off on off N/A
2 2 0 60 on on off on on N/A
Example of delete bridge-domain 1:
vpp# create bridge-domain 1 del
Declaration: bd_create_cli (src/vnet/l2/l2_bd.c line 1403)
Implementation: bd_add_del_command_fn.
l2 rewrite entry [index <index>] [mask <hex-mask>] [value <hex-value>] [skip <n_bytes>] [del].
Layer 2-Rewrite node uses classify tables to match packets. Then, using the provisioned mask and value, modifies the packet header.
Declaration: l2_rw_entry_cli (src/vnet/l2/l2_rw.c line 448)
Implementation: l2_rw_entry_cli_fn.
l2fib add <mac> <bridge-domain-id> filter | <intf> [static | bvi].
This command adds a MAC Address entry to the L2 FIB table of an existing bridge-domain. The MAC Address can be static or dynamic. This command also allows a filter to be added, such that packets with given MAC Addresses (source mac or destination mac match) are dropped.
vpp# l2fib add 52:54:00:53:18:33 200 GigabitEthernet0/8/0.200
Example of how to add a static MAC Address entry to the L2 FIB table of a bridge-domain (where 200 is the bridge-domain-id): vpp# l2fib add 52:54:00:53:18:55 200 GigabitEthernet0/8/0.200 static
Example of how to add a filter such that a packet with the given MAC Address will be dropped in a given bridge-domain (where 200 is the bridge-domain-id): vpp# l2fib add 52:54:00:53:18:77 200 filter
Example of show command of the provisioned MAC Addresses and filters: vpp# show l2fib verbose
Mac Address BD Idx Interface Index static filter bvi refresh timestamp
52:54:00:53:18:33 1 GigabitEthernet0/8/0.200 3 0 0 0 0 0
52:54:00:53:18:55 1 GigabitEthernet0/8/0.200 3 1 0 0 0 0
52:54:00:53:18:77 1 N/A -1 1 1 0 0 0
3 l2fib entries
Declaration: l2fib_add_cli (src/vnet/l2/l2_fib.c line 541)
Implementation: l2fib_add.
l2fib del <mac> <bridge-domain-id> [].
This command deletes an existing MAC Address entry from the L2 FIB table of an existing bridge-domain.
vpp# l2fib del 52:54:00:53:18:33 200
Declaration: l2fib_del_cli (src/vnet/l2/l2_fib.c line 770)
Implementation: l2fib_del.
l2fib flush-mac all.
This command kick off ager to delete all existing MAC Address entries, except static ones, associated with an interface from the L2 FIB table.
vpp# l2fib flush-mac interface GigabitEthernet2/1/0
Declaration: l2fib_flush_mac_all_cli (src/vnet/l2/l2_fib.c line 884)
Implementation: l2fib_flush_mac_all.
l2fib flush-mac bridge-domain <bd-id>.
This command kick off ager to delete all existing MAC Address entries, except static ones, in a bridge domain from the L2 FIB table.
vpp# l2fib flush-mac bridge-domain 1000
Declaration: l2fib_flush_mac_bd_cli (src/vnet/l2/l2_fib.c line 949)
Implementation: l2fib_flush_mac_bd.
l2fib flush-mac interface <if-name>.
This command kick off ager to delete all existing MAC Address entries, except static ones, associated with an interface from the L2 FIB table.
vpp# l2fib flush-mac interface GigabitEthernet2/1/0
Declaration: l2fib_flush_mac_int_cli (src/vnet/l2/l2_fib.c line 900)
Implementation: l2fib_flush_mac_int.
set bridge-domain arp entry <bridge-domain-id> [<ip-addr> <mac-addr> [del] | del-all].
Add an ARP entry to an existing bridge-domain.
vpp# set bridge-domain arp entry 200 192.168.72.45 52:54:00:3b:83:1a
Example of how to delete an ARP entry (where 200 is the bridge-domain-id): vpp# set bridge-domain arp entry 200 192.168.72.45 52:54:00:3b:83:1a del
Declaration: bd_arp_entry_cli (src/vnet/l2/l2_bd.c line 920)
Implementation: bd_arp_entry.
set bridge-domain arp term <bridge-domain-id> [disable].
Modify whether or not an existing bridge-domain should terminate and respond to ARP Requests. ARP Termination is disabled by default.
vpp# set bridge-domain arp term 200
Example of how to disable ARP termination (where 200 is the bridge-domain-id): vpp# set bridge-domain arp term 200 disable
Declaration: bd_arp_term_cli (src/vnet/l2/l2_bd.c line 722)
Implementation: bd_arp_term.
set bridge-domain flood <bridge-domain-id> [disable].
Layer 2 flooding can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage bridge-domains. It is enabled by default.
vpp# set bridge-domain flood 200
Example of how to disable flooding (where 200 is the bridge-domain-id): vpp# set bridge-domain flood 200 disable
Declaration: bd_flood_cli (src/vnet/l2/l2_bd.c line 527)
Implementation: bd_flood.
set bridge-domain forward <bridge-domain-id> [disable].
Layer 2 unicast forwarding can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage bridge-domains. It is enabled by default.
vpp# set bridge-domain forward 200
Example of how to disable forwarding (where 200 is the bridge-domain-id): vpp# set bridge-domain forward 200 disable
Declaration: bd_fwd_cli (src/vnet/l2/l2_bd.c line 462)
Implementation: bd_fwd.
set bridge-domain learn <bridge-domain-id> [disable].
Layer 2 learning can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage bridge-domains. It is enabled by default.
vpp# set bridge-domain learn 200
Example of how to disable learning (where 200 is the bridge-domain-id): vpp# set bridge-domain learn 200 disable
Declaration: bd_learn_cli (src/vnet/l2/l2_bd.c line 397)
Implementation: bd_learn.
set bridge-domain mac-age <bridge-domain-id> <mins>.
Layer 2 mac aging can be enabled and disabled on each bridge-domain. Use this command to set or disable mac aging on specific bridge-domains. It is disabled by default.
vpp# set bridge-domain mac-age 200 5
Example of how to disable mac aging (where 200 is the bridge-domain-id): vpp# set bridge-domain flood 200 0
Declaration: bd_mac_age_cli (src/vnet/l2/l2_bd.c line 704)
Implementation: bd_mac_age.
set bridge-domain rewrite <bridge-domain> [disable].
Layer 2-Rewrite node uses classify tables to match packets. Then, using the provisioned mask and value, modfies the packet header.
Declaration: l2_rw_set_cli (src/vnet/l2/l2_rw.c line 639)
Implementation: l2_rw_set_cli_fn.
set bridge-domain uu-flood <bridge-domain-id> [disable].
Layer 2 unknown-unicast flooding can be enabled and disabled on each bridge-domain. It is enabled by default.
vpp# set bridge-domain uu-flood 200
Example of how to disable unknown-unicast flooding (where 200 is the bridge-domain-id): vpp# set bridge-domain uu-flood 200 disable
Declaration: bd_uu_flood_cli (src/vnet/l2/l2_bd.c line 592)
Implementation: bd_uu_flood.
set interface l2 bridge <interface> <bridge-domain-id> [bvi|uu-fwd] [shg].
Use this command put an interface into Layer 2 bridge domain. If a bridge-domain with the provided bridge-domain-id does not exist, it will be created. Interfaces in a bridge-domain forward packets to other interfaces in the same bridge-domain based on destination mac address. To remove an interface from a the Layer 2 bridge domain, put the interface in a different mode, for example Layer 3 mode.
Optionally, an interface can be added to a Layer 2 bridge-domain as a Bridged Virtual Interface (bvi). Only one interface in a Layer 2 bridge-domain can be a bvi.
Optionally, a split-horizon group can also be specified. This defaults to 0 if not specified.
vpp# set interface l2 bridge GigabitEthernet0/8/0.200 200
This interface is added a BVI interface: vpp# set interface l2 bridge GigabitEthernet0/9/0.200 200 bvi
This interface also has a split-horizon group of 1 specified: vpp# set interface l2 bridge GigabitEthernet0/a/0.200 200 1
Example of how to remove an interface from a Layer2 bridge-domain: vpp# set interface l3 GigabitEthernet0/a/0.200
Declaration: int_l2_bridge_cli (src/vnet/l2/l2_input.c line 960)
Implementation: int_l2_bridge.
set interface l2 efp-filter <interface> [disable].
EFP filtering is a basic switch feature which prevents an interface from transmitting a packet that doesn't match the interface's ingress match criteria. The check has two parts, one performed before egress vlan tag rewrite and one after. This command enables or disables the EFP filtering for a given sub-interface.
vpp# set interface l2 efp-filter GigabitEthernet0/8/0.200
Example of how to disable a Layer 2 efp-filter on a sub-interface: vpp# set interface l2 efp-filter GigabitEthernet0/8/0.200 disable
Declaration: int_l2_efp_filter_cli (src/vnet/l2/l2_efp_filter.c line 558)
Implementation: int_l2_efp_filter.
set interface l2 flood <interface> [disable].
Layer 2 flooding can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage interfaces. It is enabled by default.
vpp# set interface l2 flood GigabitEthernet0/8/0
Example of how to disable flooding: vpp# set interface l2 flood GigabitEthernet0/8/0 disable
Declaration: int_flood_cli (src/vnet/l2/l2_flood.c line 472)
Implementation: int_flood.
set interface l2 forward <interface> [disable].
Layer 2 unicast forwarding can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage interfaces. It is enabled by default.
vpp# set interface l2 forward GigabitEthernet0/8/0
Example of how to disable forwarding: vpp# set interface l2 forward GigabitEthernet0/8/0 disable
Declaration: int_fwd_cli (src/vnet/l2/l2_fwd.c line 528)
Implementation: int_fwd.
set interface l2 input classify intfc <interface-name> [ip4-table <n>]
[ip6-table <n>] [other-table <n>].
Configure l2 input classification.
vpp# set interface l2 input classify intfc <interface-name> [ip4-table <index>] [ip6-table <index>] [other-table <index>]
Declaration: int_l2_input_classify_cli (src/vnet/l2/l2_input_classify.c line 647)
Implementation: int_l2_input_classify_command_fn.
set interface l2 learn <interface> [disable].
Layer 2 learning can be enabled and disabled on each interface and on each bridge-domain. Use this command to manage interfaces. It is enabled by default.
vpp# set interface l2 learn GigabitEthernet0/8/0
Example of how to disable learning: vpp# set interface l2 learn GigabitEthernet0/8/0 disable
Declaration: int_learn_cli (src/vnet/l2/l2_learn.c line 526)
Implementation: int_learn.
set interface l2 output classify intfc <<interface-name>> [ip4-table <n>]
[ip6-table <n>] [other-table <n>].
Configure Layer 2 output classification.
vpp# set interface l2 output classify intfc <interface-name> [ip4-table <index>] [ip6-table <index>] [other-table <index>]
Declaration: int_l2_output_classify_cli (src/vnet/l2/l2_output_classify.c line 639)
Implementation: int_l2_output_classify_command_fn.
set interface l2 pbb-tag-rewrite <interface> [disable | pop | push | translate_pbb_stag <outer_tag> dmac <address> smac <address> s_id <nn> [b_vlanid <nn>]].
Declaration: int_l2_pbb_vtr_cli (src/vnet/l2/l2_vtr.c line 820)
Implementation: int_l2_pbb_vtr.
set interface l2 rewrite <interface> [table <table index>] [miss-index <entry-index>].
Layer 2-Rewrite node uses classify tables to match packets. Then, using the provisioned mask and value, modifies the packet header.
Declaration: l2_rw_interface_cli (src/vnet/l2/l2_rw.c line 520)
Implementation: l2_rw_interface_cli_fn.
set interface l2 tag-rewrite <interface> [disable | pop {1|2} | push {dot1q|dot1ad} <tag> <tag>].
VLAN tag rewrite provides the ability to change the VLAN tags on a packet. Existing tags can be popped, new tags can be pushed, and existing tags can be swapped with new tags. The rewrite feature is attached to a subinterface as input and output operations. The input operation is explicitly configured. The output operation is the symmetric opposite and is automatically derived from the input operation.
POP: For pop operations, the subinterface encapsulation (the vlan tags specified when it was created) must have at least the number of popped tags. e.g. the "pop 2" operation would be rejected on a single-vlan interface. The output tag-rewrite operation for pops is to push the specified number of vlan tags onto the packet. The pushed tag values are the ones in the subinterface encapsulation.
PUSH: For push operations, the ethertype is also specified. The output tag-rewrite operation for pushes is to pop the same number of tags off the packet. If the packet doesn't have enough tags it is dropped.
By default a subinterface has no tag-rewrite. To return a subinterface to this state use:
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 disable
To pop vlan tags off packets received from a subinterface, use:
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 pop 1
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 pop 2
To push one or two vlan tags onto packets received from an interface, use:
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 push dot1q 100
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 push dot1ad 100 150
Tags can also be translated, which is basically a combination of a pop and push.
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 translate 1-1 dot1ad 100
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 translate 2-2 dot1ad 100 150
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 translate 1-2 dot1q 100
vpp# set interface l2 tag-rewrite GigabitEthernet0/8/0.200 translate 2-1 dot1q 100 150
To display the VLAN Tag settings, show the associate bridge-domain:
vpp# show bridge-domain 200 detail
ID Index Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
200 1 on on on on off N/A
Interface Index SHG BVI VLAN-Tag-Rewrite
GigabitEthernet0/8/0.200 5 0 - trans-1-1 dot1ad 100
GigabitEthernet0/9/0.200 4 0 - none
GigabitEthernet0/a/0.200 6 0 - none
Declaration: int_l2_vtr_cli (src/vnet/l2/l2_vtr.c line 674)
Implementation: int_l2_vtr.
set interface l2 xconnect <interface> <peer interface>.
Use this command put an interface into Layer 2 cross-connect mode. Both interfaces must be in this mode for bi-directional traffic. All packets received on one interface will be transmitted to the other. To remove the Layer 2 cross-connect, put the interface in a different mode, for example Layer 3 mode.
vpp# set interface l2 xconnect GigabitEthernet0/8/0.300 GigabitEthernet0/9/0.300
vpp# set interface l2 xconnect GigabitEthernet0/9/0.300 GigabitEthernet0/8/0.300
Example of how to remove a Layer2 cross-connect: vpp# set interface l3 GigabitEthernet0/8/0.300
vpp# set interface l3 GigabitEthernet0/9/0.300
Declaration: int_l2_xc_cli (src/vnet/l2/l2_input.c line 1026)
Implementation: int_l2_xc.
set interface l2 xcrw <interface> next <node-name> [del] [tx-fib-id <id>] [ipv6] rw <hex-bytes>.
Add or delete a Layer 2 to Layer 3 rewrite cross-connect. This is used to hook Layer 2 interface(s) up to the Layer 3 stack in arbitrary ways. For example, cross-connect an L2 interface or (future) bridge to an mpls-o-gre tunnel. Set up the L2 rewrite string as shown in mpls_gre_rewrite, and use "mpls-post-rewrite" to fix the GRE IP header checksum and length fields.
Declaration: set_l2_xcrw_command (src/vnet/l2/l2_xcrw.c line 508)
Implementation: set_l2_xcrw_command_fn.
show bridge-domain [bridge-domain-id [detail|int|arp|bd-tag]].
Show a summary of all the bridge-domain instances or detailed view of a single bridge-domain. Bridge-domains are created by adding an interface to a bridge using the 'set interface l2 bridge' command.
Example of displaying all bridge-domains:
vpp# show bridge-domain
ID Index Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
0 0 off off off off off local0
200 1 on on on on off N/A
Example of displaying details of a single bridge-domains:
vpp# show bridge-domain 200 detail
ID Index Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
200 1 on on on on off N/A
Interface Index SHG BVI VLAN-Tag-Rewrite
GigabitEthernet0/8/0.200 3 0 - none
GigabitEthernet0/9/0.200 4 0 - none
Declaration: bd_show_cli (src/vnet/l2/l2_bd.c line 1180)
Implementation: bd_show.
show l2 rewrite entries.
Layer 2-Rewrite node uses classify tables to match packets. Then, using the provisioned mask and value, modifies the packet header.
Declaration: l2_rw_show_entries_cli (src/vnet/l2/l2_rw.c line 589)
Implementation: l2_rw_show_entries_cli_fn.
show l2 rewrite interfaces.
Layer 2-Rewrite node uses classify tables to match packets. Then, using the provisioned mask and value, modifies the packet header.
Declaration: l2_rw_show_interfaces_cli (src/vnet/l2/l2_rw.c line 555)
Implementation: l2_rw_show_interfaces_cli_fn.
show l2fib [all] | [bd_id <nn> | bd_index <nn>] [learn | add] | [raw].
This command displays the MAC Address entries of the L2 FIB table. Output can be filtered to just get the number of MAC Addresses or display each MAC Address for all bridge domains or just a single bridge domain.
vpp# show l2fib
3 l2fib entries
Example of how to display all the MAC Address entries in the L2 FIB table: vpp# show l2fib all
Mac Address BD Idx Interface Index static filter bvi refresh timestamp
52:54:00:53:18:33 1 GigabitEthernet0/8/0.200 3 0 0 0 0 0
52:54:00:53:18:55 1 GigabitEthernet0/8/0.200 3 1 0 0 0 0
52:54:00:53:18:77 1 N/A -1 1 1 0 0 0
3 l2fib entries
Declaration: show_l2fib_cli (src/vnet/l2/l2_fib.c line 332)
Implementation: show_l2fib.
Show l2 interface cross-connect entries.
Show Layer 2 patch entries.
vpp# show l2patch
Declaration: show_l2patch_cli (src/vnet/l2/l2_patch.c line 422)
Implementation: show_l2patch.
show l2xcrw.
Display a Layer 2 to Layer 3 rewrite cross-connect. This is used to hook Layer 2 interface(s) up to the Layer 3 stack in arbitrary ways.
Declaration: show_l2xcrw_command (src/vnet/l2/l2_xcrw.c line 595)
Implementation: show_l2xcrw_command_fn.
show mode [<if-name1> <if-name2> ...].
Modify the packet processing mode of the interface to Layer 3, which implies packets will be routed. This is the default mode of an interface. Use this command to remove an interface from a Layer 2 cross-connect or a Layer 2 bridge.
vpp# set interface l3 GigabitEthernet0/8/0.200
Show the packet processing mode (Layer2 cross-connect, Layer 2 bridge, Layer 3 routed) of all interfaces and sub-interfaces, or limit the output to just the provided list of interfaces and sub-interfaces. The output shows the mode, the interface, and if the interface is a member of a bridge, the bridge-domain-id and the split horizon group (shg).
vpp# show mode
l3 local0
l3 GigabitEthernet0/8/0
l3 GigabitEthernet0/9/0
l3 GigabitEthernet0/a/0
l2 bridge GigabitEthernet0/8/0.200 bd_id 200 shg 0
l2 bridge GigabitEthernet0/9/0.200 bd_id 200 shg 0
l2 bridge GigabitEthernet0/a/0.200 bd_id 200 shg 0
l2 xconnect GigabitEthernet0/8/0.300 GigabitEthernet0/9/0.300
l2 xconnect GigabitEthernet0/9/0.300 GigabitEthernet0/8/0.300
Example of displaying the mode of a selected list of interfaces: vpp# show mode GigabitEthernet0/8/0 GigabitEthernet0/8/0.200
l3 GigabitEthernet0/8/0
l2 bridge GigabitEthernet0/8/0.200 bd_id 200 shg 0
Declaration: show_l2_mode (src/vnet/l2/l2_input.c line 1192)
Implementation: show_int_mode.
test l2fib [add|del|check] mac <base-addr> count <nn>.
The set of 'test l2fib' commands allow the L2 FIB table of the default bridge domain (bridge-domain-id of 0) to be modified.
Example of how to add a set of 4 sequential MAC Address entries to L2 FIB table of the default bridge-domain:
vpp# test l2fib add mac 52:54:00:53:00:00 count 4
Show the set of 4 sequential MAC Address entries that were added:
vpp# show l2fib verbose
Mac Address BD Idx Interface Index static filter bvi refresh timestamp
52:54:00:53:00:00 0 GigabitEthernet0/8/0.300 8 0 0 0 0 0
52:54:00:53:00:01 0 GigabitEthernet0/8/0.300 8 0 0 0 0 0
52:54:00:53:00:03 0 GigabitEthernet0/8/0.300 8 0 0 0 0 0
52:54:00:53:00:02 0 GigabitEthernet0/8/0.300 8 0 0 0 0 0
4 l2fib entries
Example of how to check that the set of 4 sequential MAC Address entries were added to L2 FIB table of the default bridge-domain. Used a count of 5 to produce an error:
vpp# test l2fib check mac 52:54:00:53:00:00 count 5
The output of the check command is in the log files. Log file location may vary based on your OS and Version:
# tail -f /var/log/messages | grep l2fib_test_command_fn
Sep 7 17:15:24 localhost vnet[4952]: l2fib_test_command_fn:446: key 52:54:00:53:00:04 AWOL
Example of how to delete a set of 4 sequential MAC Address entries from L2 FIB table of the default bridge-domain:
vpp# test l2fib del mac 52:54:00:53:00:00 count 4
Declaration: l2fib_test_command (src/vnet/l2/l2_fib.c line 670)
Implementation: l2fib_test_command_fn.
test l2patch rx <intfc> tx <intfc> [del].
Create or delete a Layer 2 patch.
vpp# test l2patch rx <intfc> tx <intfc> [del]
Declaration: test_patch_command (src/vnet/l2/l2_patch.c line 370)
Implementation: test_patch_command_fn.