FD.io VPP
v19.08.3-2-gbabecb413
Vector Packet Processing
|
clear ioam rewrite.
This command clears all the In-band OAM (iOAM) features enabled by the 'set ioam rewrite' command. Use 'show ioam summary' to verify the configured settings cleared.
vpp# clear ioam rewrite
Declaration: ip6_clear_ioam_rewrite_cmd (src/vnet/ip/ip6_hop_by_hop.c line 1268)
Implementation: clear_ioam_rewrite_command_fn.
disable ip6 interface <interface>.
This command is used to disable IPv6 on a given interface.
vpp# disable ip6 interface GigabitEthernet2/0/0
Declaration: disable_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 4293)
Implementation: disable_ip6_interface_cmd.
enable ip6 interface <interface>.
This command is used to enable IPv6 on a given interface.
vpp# enable ip6 interface GigabitEthernet2/0/0
Declaration: enable_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 4254)
Implementation: enable_ip6_interface_cmd.
Internet protocol (IP) commands.
Declaration: vlib_cli_ip_command (src/vnet/ip/lookup.c line 588)
ip container <address> <interface>.
Declaration: ip_container_command_node (src/vnet/ip/lookup.c line 1429)
Implementation: ip_container_cmd.
ip mroute [add|del] <dst-ip-addr>/<width> [table <table-id>] [rpf-id <ID>] [via <next-hop-ip-addr> [<interface>],.
This command is used to add or delete IPv4 or IPv6 multicast routes. All IP Addresses ('<dst-ip-addr>/<width>', '<next-hop-ip-addr>' and '<adj-hop-ip-addr>') can be IPv4 or IPv6, but all must be of the same form in a single command. To display the current set of routes, use the commands 'show ip mfib' and 'show ip6 mfib'. The full set of support flags for interfaces and route is shown via; 'show mfib route flags' and 'show mfib itf flags' respectively.
vpp# ip mroute add 232.1.1.1 via GigabitEthernet2/0/0 Forward
Example of how to add an accepting interface to a route (and create the route if it does not exist) vpp# ip mroute add 232.1.1.1 via GigabitEthernet2/0/1 Accept
Example of changing the route's flags to send signals via the API vpp# ip mroute add 232.1.1.1 Signal
Declaration: ip_mroute_command (src/vnet/ip/lookup.c line 1038)
Implementation: vnet_ip_mroute_cmd.
ip probe-neighbor <interface> <ip4-addr> | <ip6-addr> [retry nn].
The 'ip probe-neighbor' command ARPs for IPv4 addresses or attempts IPv6 neighbor discovery depending on the supplied IP address format.
vpp# ip probe-neighbor GigabitEthernet2/0/0 172.16.1.2
Declaration: ip_probe_neighbor_command (src/vnet/ip/lookup.c line 1243)
Implementation: probe_neighbor_address.
ip punt policer [add|del] <index>.
vpp# set ip punt policer <INDEX>
Declaration: ip4_punt_policer_command (src/vnet/ip/ip4_punt_drop.c line 284)
Implementation: ip4_punt_police_cmd.
ip punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>.
vpp# set ip punt policer
Declaration: ip4_punt_redirect_command (src/vnet/ip/ip4_punt_drop.c line 404)
Implementation: ip4_punt_redirect_cmd.
ip route [add|del] [count <n>] <dst-ip-addr>/<width> [table <table-id>] via [next-hop-address] [next-hop-interface] [next-hop-table <value>] [weight <value>] [preference <value>] [udp-encap-id <value>] [ip4-lookup-in-table <value>] [ip6-lookup-in-table <value>] [mpls-lookup-in-table <value>] [resolve-via-host] [resolve-via-connected] [rx-ip4 <interface>] [out-labels <value value value>].
This command is used to add or delete IPv4 or IPv6 routes. All IP Addresses ('<dst-ip-addr>/<width>', '<next-hop-ip-addr>' and '<adj-hop-ip-addr>') can be IPv4 or IPv6, but all must be of the same form in a single command. To display the current set of routes, use the commands 'show ip fib' and 'show ip6 fib'.
vpp# ip route add 6.0.1.2/32 via 6.0.0.1 GigabitEthernet2/0/0
Example of how to delete a straight forward static route: vpp# ip route del 6.0.1.2/32 via 6.0.0.1 GigabitEthernet2/0/0
Mainly for route add/del performance testing, one can add or delete multiple routes by adding 'count N' to the previous item: vpp# ip route add count 10 7.0.0.0/24 via 6.0.0.1 GigabitEthernet2/0/0
Add multiple routes for the same destination to create equal-cost multipath: vpp# ip route add 7.0.0.1/32 via 6.0.0.1 GigabitEthernet2/0/0
vpp# ip route add 7.0.0.1/32 via 6.0.0.2 GigabitEthernet2/0/0
For unequal-cost multipath, specify the desired weights. This combination of weights results in 3/4 of the traffic following the second path, 1/4 following the first path: vpp# ip route add 7.0.0.1/32 via 6.0.0.1 GigabitEthernet2/0/0 weight 1
vpp# ip route add 7.0.0.1/32 via 6.0.0.2 GigabitEthernet2/0/0 weight 3
To add a route to a particular FIB table (VRF), use: vpp# ip route add 172.16.24.0/24 table 7 via GigabitEthernet2/0/0
Declaration: ip_route_command (src/vnet/ip/lookup.c line 643)
Implementation: vnet_ip_route_cmd.
ip scan-neighbor [ip4|ip6|both|disable] [interval <n-min>] [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>].
The 'ip scan-neighbor' command can be used to enable and disable periodic IP neighbor scan and change various scan parameters.
vpp# ip neighbor-scan enable
Declaration: ip_scan_neighbor_command (src/vnet/ip/ip_neighbor.c line 421)
Implementation: ip_neighbor_scan_cli.
ip table [add|del] <table-id>.
This command is used to add or delete IPv4 Tables. All Tables must be explicitly added before that can be used. Creating a table will add both unicast and multicast FIBs
Declaration: ip4_table_command (src/vnet/ip/lookup.c line 658)
Implementation: vnet_ip4_table_cmd.
ip urpf-accept [table <table-id>] [add|del].
Add an exemption for a prefix to pass the Unicast Reverse Path Forwarding (uRPF) loose check. This is for testing purposes only. If the 'table' is not enter it is defaulted to 0. Default is to 'add'. VPP always performs a loose uRPF check for for-us traffic.
vpp# ip urpf-accept table 7 add
Declaration: ip_source_check_accept_command (src/vnet/ip/ip4_source_check.c line 520)
Implementation: ip_source_check_accept.
Internet protocol version 6 (IPv6) commands.
Declaration: vlib_cli_ip6_command (src/vnet/ip/lookup.c line 595)
ip6 nd <interface> ...
This command is used to configure the neighbor discovery parameters on a given interface. Use the 'show ip6 interface' command to display some of the current neighbor discovery parameters on a given interface. This command has three formats:
Format 1 - Router Advertisement Options: (Only one can be entered in a single command)
'ip6 nd <interface> [no] [ra-managed-config-flag] | [ra-other-config-flag] | [ra-suppress] | [ra-suppress-link-layer] | [ra-send-unicast] | [ra-lifetime <lifetime>] | [ra-initial <cnt> <interval>] | [ra-interval <max-interval> [<min-interval>]] | [ra-cease]'
Where:
[no] ra-managed-config-flag - Advertises in ICMPv6 router-advertisement messages to use stateful address auto-configuration to obtain address information (sets the M-bit). Default is the M-bit is not set and the 'no' option returns it to this default state.
[no] ra-other-config-flag - Indicates in ICMPv6 router-advertisement messages that hosts use stateful auto configuration to obtain nonaddress related information (sets the O-bit). Default is the O-bit is not set and the 'no' option returns it to this default state.
[no] ra-suppress - Disables sending ICMPv6 router-advertisement messages. The 'no' option implies to enable sending ICMPv6 router-advertisement messages.
[no] ra-suppress-link-layer - Indicates not to include the optional source link-layer address in the ICMPv6 router-advertisement messages. Default is to include the optional source link-layer address and the 'no' option returns it to this default state.
[no] ra-send-unicast - Use the source address of the router-solicitation message if availiable. The default is to use multicast address of all nodes, and the 'no' option returns it to this default state.
[no] ra-lifetime <lifetime> - Advertises the lifetime of a default router in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds. '<lifetime>' must be greater than '<max-interval>'. The default value is 600 seconds and the 'no' option returns it to this default value.
[no] ra-initial <cnt> <interval> - Number of initial ICMPv6 router-advertisement messages sent and the interval between each message. Range for count is 1 - 3 and default is 3. Range for interval is 1 to 16 seconds, and default is 16 seconds. The 'no' option returns both to their default value.
[no] ra-interval <max-interval> [<min-interval>] - Configures the interval between sending ICMPv6 router-advertisement messages. The range for max-interval is from 4 to 200 seconds. min-interval can not be more than 75% of max-interval. If not set, min-interval will be set to 75% of max-interval. The range for min-interval is from 3 to 150 seconds. The 'no' option returns both to their default value.
[no] ra-cease - Cease sending ICMPv6 router-advertisement messages. The 'no' options implies to start (or restart) sending ICMPv6 router-advertisement messages.
Format 2 - Prefix Options:
'ip6 nd <interface> [no] prefix <ip6-address>/<width> [<valid-lifetime> <pref-lifetime> | infinite] [no-advertise] [off-link] [no-autoconfig] [no-onlink]'
Where:
no - All additional flags are ignored and the prefix is deleted.
<valid-lifetime> <pref-lifetime> - '<valid-lifetime>' is the length of time in seconds during what the prefix is valid for the purpose of on-link determination. Range is 7203 to 2592000 seconds and default is 2592000 seconds (30 days). '<pref-lifetime>' is the prefered-lifetime and is the length of time in seconds during what addresses generated from the prefix remain preferred. Range is 0 to 604800 seconds and default is 604800 seconds (7 days).
infinite - Both '<valid-lifetime>' and '<<pref-lifetime>' are inifinte, no timeout.
no-advertise - Do not send full router address in prefix advertisement. Default is to advertise (i.e. - This flag is off by default).
off-link - Prefix is off-link, clear L-bit in packet. Default is on-link (i.e. - This flag is off and L-bit in packet is set by default and this prefix can be used for on-link determination). 'no-onlink' also controls the L-bit.
no-autoconfig - Do not use prefix for autoconfiguration, clear A-bit in packet. Default is autoconfig (i.e. - This flag is off and A-bit in packet is set by default.
no-onlink - Do not use prefix for onlink determination, clear L-bit in packet. Default is on-link (i.e. - This flag is off and L-bit in packet is set by default and this prefix can be used for on-link determination). 'off-link' also controls the L-bit.
Format 3: - Default of Prefix:
'ip6 nd <interface> [no] prefix <ip6-address>/<width> default'
When a new prefix is added (or existing one is being overwritten) default uses default values for the prefix. If no is used, the default is ignored and the prefix is deleted.
vpp# ip6 nd GigabitEthernet2/0/0 ra-interval 100 20
Example of how to add a prefix: vpp# ip6 nd GigabitEthernet2/0/0 prefix fe80::fe:28ff:fe9c:75b3/64 infinite no-advertise
Example of how to delete a prefix: vpp# ip6 nd GigabitEthernet2/0/0 no prefix fe80::fe:28ff:fe9c:75b3/64
Declaration: ip6_nd_command (src/vnet/ip/ip6_neighbor.c line 4417)
Implementation: ip6_neighbor_cmd.
ip6 nd address autoconfig <interface> [default-route|disable].
This command is used to enable ND address autoconfiguration on particular interface including setting up default routes.
vpp# ip6 nd address autoconfig GigabitEthernet2/0/0
Example of how to enable ND address autoconfiguration with setting up default routes: vpp# ip6 nd address autoconfig GigabitEthernet2/0/0 default-route
Example of how to disable ND address autoconfiguration: vpp# ip6 nd address autoconfig GigabitEthernet2/0/0 disable
Declaration: ip6_nd_address_autoconfig_command (src/vnet/ip/rd_cp.c line 621)
Implementation: ip6_nd_address_autoconfig.
ip6 punt policer [add|del] <index>.
vpp# set ip punt policer <INDEX>
Declaration: ip6_punt_policer_command (src/vnet/ip/ip6_punt_drop.c line 223)
Implementation: ip6_punt_police_cmd.
ip6 punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>.
vpp# set ip punt policer <INDEX>
Declaration: ip6_punt_redirect_command (src/vnet/ip/ip6_punt_drop.c line 390)
Implementation: ip6_punt_redirect_cmd.
ip6 table [add|del] <table-id>.
This command is used to add or delete IPv4 Tables. All Tables must be explicitly added before that can be used. Creating a table will add both unicast and multicast FIBs
Declaration: ip6_table_command (src/vnet/ip/lookup.c line 673)
Implementation: vnet_ip6_table_cmd.
punt socket deregister [IPV4|ipv6] [UDP|tcp] [ALL|<port-num>].
vpp# punt socket register
Declaration: punt_socket_deregister_command (src/vnet/ip/punt.c line 646)
Implementation: punt_socket_deregister_cmd.
punt socket register [IPV4|ipv6] [UDP|tcp] [ALL|<port-num>] socket <socket>.
vpp# punt socket register socket punt_l4_foo.sock
Declaration: punt_socket_register_command (src/vnet/ip/punt.c line 580)
Implementation: punt_socket_register_cmd.
IP4/IP6 commands.
Declaration: set_interface_ip_command (src/vnet/ip/ip46_cli.c line 75)
set interface ip address [del] <interface> <ip-addr>/<mask> | [all].
Add an IP Address to an interface or remove and IP Address from an interface. The IP Address can be an IPv4 or an IPv6 address. Interfaces may have multiple IPv4 and IPv6 addresses. There is no concept of primary vs. secondary interface addresses; they're just addresses.
To display the addresses associated with a given interface, use the command 'show interface address <interface>'.
Note that the debug CLI does not enforce classful mask-width / addressing constraints.
An example of how to add an IPv4 address to an interface:
vpp# set interface ip address GigabitEthernet2/0/0 172.16.2.12/24
An example of how to add an IPv6 address to an interface:
vpp# set interface ip address GigabitEthernet2/0/0 ::a:1:1:0:7/126
To delete a specific interface ip address:
vpp# set interface ip address GigabitEthernet2/0/0 172.16.2.12/24 del
To delete all interfaces addresses (IPv4 and IPv6):
vpp# set interface ip address GigabitEthernet2/0/0 del all
Declaration: set_interface_ip_address_command (src/vnet/ip/ip46_cli.c line 216)
Implementation: add_del_ip_address.
set interface ip source-and-port-range-check <interface> [tcp-out-vrf <table-id>] [udp-out-vrf <table-id>] [tcp-in-vrf <table-id>] [udp-in-vrf <table-id>] [del].
Add the 'ip4-source-and-port-range-check-rx' or 'ip4-source-and-port-range-check-tx' graph node for a given interface. 'tcp-out-vrf' and 'udp-out-vrf' will add to the RX path. 'tcp-in-vrf' and 'udp-in-vrf' will add to the TX path. A graph node will be inserted into the chain when the range check is added to the first interface. It will not be removed from when range check is removed from the last interface.
By adding the range check graph node to the interface, incoming or outgoing TCP/UDP packets will be validated using the provided IPv4 FIB table (VRF).
Example of graph node before range checking is enabled:
vpp# show vlib graph ip4-source-and-port-range-check-tx
Name Next Previous ip4-source-and-port-range- ip4-drop [0]
Example of how to enable range checking on TX:
vpp# set interface ip source-and-port-range-check GigabitEthernet2/0/0 udp-in-vrf 7
Example of graph node after range checking is enabled:
vpp# show vlib graph ip4-source-and-port-range-check-tx
Name Next Previous ip4-source-and-port-range- ip4-drop [0] ip4-rewrite interface-output [1]
Example of how to display the features enabed on an interface:
vpp# show ip interface features GigabitEthernet2/0/0
IP feature paths configured on GigabitEthernet2/0/0...
ipv4 unicast: ip4-source-and-port-range-check-rx ip4-lookup
ipv4 multicast: ip4-lookup-multicast
ipv4 multicast: interface-output
ipv6 unicast: ip6-lookup
ipv6 multicast: ip6-lookup
ipv6 multicast: interface-output
Declaration: set_interface_ip_source_and_port_range_check_command (src/vnet/ip/ip4_source_and_port_range_check.c line 817)
Implementation: set_ip_source_and_port_range_check_fn.
set interface ip source-check <interface> [strict|loose] [del].
This command adds the 'ip4-source-check-via-rx' graph node for a given interface. By adding the IPv4 source check graph node to an interface, the code verifies that the source address of incoming unicast packets are reachable over the incoming interface. Two flavours are supported (the default is strict):
Example of graph node before range checking is enabled:
vpp# show vlib graph ip4-source-check-via-rx
Name Next Previous ip4-source-check-via-rx ip4-drop [0]
Example of how to enable unicast source checking on an interface:
vpp# set interface ip source-check GigabitEthernet2/0/0 loose
Example of graph node after range checking is enabled:
vpp# show vlib graph ip4-source-check-via-rx
Name Next Previous ip4-source-check-via-rx ip4-drop [0] ip4-input-no-checksum ip4-source-and-port-range- ip4-input
Example of how to display the feature enabed on an interface:
vpp# show ip interface features GigabitEthernet2/0/0
IP feature paths configured on GigabitEthernet2/0/0...
ipv4 unicast: ip4-source-check-via-rx ip4-lookup
ipv4 multicast: ip4-lookup-multicast
ipv4 multicast: interface-output
ipv6 unicast: ip6-lookup
ipv6 multicast: ip6-lookup
ipv6 multicast: interface-output
Example of how to disable unicast source checking on an interface:
vpp# set interface ip source-check GigabitEthernet2/0/0 del
Declaration: set_interface_ip_source_check_command (src/vnet/ip/ip4_source_check.c line 431)
Implementation: set_ip_source_check.
set interface ip table <interface> <table-id>.
Place the indicated interface into the supplied IPv4 FIB table (also known as a VRF). The FIB table must be created using "ip table add" already. To display the current IPv4 FIB table, use the command 'show ip fib'. FIB table will only be displayed if a route has been added to the table, or an IP Address is assigned to an interface in the table (which adds a route automatically).
vpp# set interface ip table GigabitEthernet2/0/0 2
Declaration: set_interface_ip_table_command (src/vnet/ip/lookup.c line 766)
Implementation: ip4_table_bind_cmd.
set interface ip6 table <interface> <table-id>.
Place the indicated interface into the supplied IPv6 FIB table (also known as a VRF). The FIB table must be created using "ip6 table add" already. To display the current IPv6 FIB table, use the command 'show ip6 fib'. FIB table will only be displayed if a route has been added to the table, or an IP Address is assigned to an interface in the table (which adds a route automatically).
vpp# set interface ip6 table GigabitEthernet2/0/0 2
Declaration: set_interface_ip6_table_command (src/vnet/ip/lookup.c line 794)
Implementation: ip6_table_bind_cmd.
set interface reassembly <interface-name> [on|off|ip4|ip6].
Declaration: set_reassembly_command (src/vnet/ip/ip46_cli.c line 298)
Implementation: set_reassembly_command_fn.
set ioam [trace] [pot] [seqno] [analyse].
This command is used to enable In-band OAM (iOAM) features on IPv6. 'trace' is used to enable iOAM trace feature. 'pot' is used to enable the Proof Of Transit feature. 'ppc' is used to indicate the Per Packet Counter feature for Edge to Edge processing. 'ppc' is used to indicate if this node is an 'encap' node (iOAM edge node where packet enters iOAM domain), a 'decap' node (iOAM edge node where packet leaves iOAM domain) or 'none' (iOAM node where packet is in-transit through the iOAM domain). 'ppc' can only be set if 'trace' or 'pot' is enabled.
Use 'clear ioam rewrite' to disable all features enabled by this command. Use 'show ioam summary' to verify the configured settings.
vpp# set ioam rewrite trace pot ppc encap
Declaration: ip6_set_ioam_rewrite_cmd (src/vnet/ip/ip6_hop_by_hop.c line 1375)
Implementation: ip6_set_ioam_rewrite_command_fn.
set ip classify intfc <interface> table-index <classify-idx>.
Assign a classification table to an interface. The classification table is created using the 'classify table' and 'classify session' commands. Once the table is create, use this command to filter packets on an interface.
vpp# set ip classify intfc GigabitEthernet2/0/0 table-index 1
Declaration: set_ip_classify_command (src/vnet/ip/ip4_forward.c line 3187)
Implementation: set_ip_classify_command_fn.
set ip flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse].
Configure the set of IPv4 fields used by the flow hash.
vpp# set ip flow-hash table 7 dst sport dport proto
Example of display the configured flow hash: vpp# show ip fib
ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
[0] [@0]: dpo-drop ip6
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
[0] [@0]: dpo-drop ip6
224.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
[0] [@0]: dpo-drop ip6
6.0.1.2/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
[0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
7.0.0.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
[0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
[3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
240.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
[0] [@0]: dpo-drop ip6
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
[0] [@0]: dpo-drop ip6
ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
[0] [@0]: dpo-drop ip6
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
[0] [@0]: dpo-drop ip6
172.16.1.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
[0] [@4]: ipv4-glean: af_packet0
172.16.1.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
[0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
172.16.1.2/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
[0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
172.16.2.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
[0] [@4]: ipv4-glean: af_packet1
172.16.2.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
[0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
224.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
[0] [@0]: dpo-drop ip6
240.0.0.0/8
unicast-ip4-chain
[@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
[0] [@0]: dpo-drop ip6
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
[0] [@0]: dpo-drop ip6
Declaration: set_ip_flow_hash_command (src/vnet/ip/ip4_forward.c line 3062)
Implementation: set_ip_flow_hash_command_fn.
set ip source-and-port-range-check vrf <table-id> <ip-addr>/<mask> {port nn | range <nn> - <nn>} [del].
This command adds an IP Subnet and range of ports to be validated by an IP FIB table (VRF).
vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 port 23
Example of how to add an IPv4 subnet and range of ports to an IPv4 FIB table: vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 range 23 - 100
Example of how to delete an IPv4 subnet and single port from an IPv4 FIB table: vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 port 23 del
Example of how to delete an IPv4 subnet and range of ports from an IPv4 FIB table: vpp# set ip source-and-port-range-check vrf 7 172.16.1.0/24 range 23 - 100 del
Declaration: ip_source_and_port_range_check_command (src/vnet/ip/ip4_source_and_port_range_check.c line 1284)
Implementation: ip_source_and_port_range_check_command_fn.
set ip6 classify intfc <interface> table-index <classify-idx>.
Assign a classification table to an interface. The classification table is created using the 'classify table' and 'classify session' commands. Once the table is create, use this command to filter packets on an interface.
vpp# set ip6 classify intfc GigabitEthernet2/0/0 table-index 1
Declaration: set_ip6_classify_command (src/vnet/ip/ip6_forward.c line 3251)
Implementation: set_ip6_classify_command_fn.
set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse].
Configure the set of IPv6 fields used by the flow hash.
Example of how to set the flow hash on a given table:
vpp# set ip6 flow-hash table 8 dst sport dport proto
Example of display the configured flow hash:
vpp# show ip6 fib
ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto ::/0 unicast-ip6-chain [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]] [0] [@0]: dpo-drop ip6 fe80::/10 unicast-ip6-chain [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]] [0] [@2]: dpo-receive ff02::1/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]] [0] [@2]: dpo-receive ff02::2/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]] [0] [@2]: dpo-receive ff02::16/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]] [0] [@2]: dpo-receive ff02::1:ff00:0/104 unicast-ip6-chain [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]] [0] [@2]: dpo-receive ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto ::/0 unicast-ip6-chain [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]] [0] [@0]: dpo-drop ip6 ::a:1:1:0:4/126 unicast-ip6-chain [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]] [0] [@4]: ipv6-glean: af_packet0 ::a:1:1:0:7/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]] [0] [@2]: dpo-receive: ::a:1:1:0:7 on af_packet0 fe80::/10 unicast-ip6-chain [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]] [0] [@2]: dpo-receive fe80::fe:3eff:fe3e:9222/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]] [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0 ff02::1/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]] [0] [@2]: dpo-receive ff02::2/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]] [0] [@2]: dpo-receive ff02::16/128 unicast-ip6-chain [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]] [0] [@2]: dpo-receive ff02::1:ff00:0/104 unicast-ip6-chain [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]] [0] [@2]: dpo-receive
Declaration: set_ip6_flow_hash_command (src/vnet/ip/ip6_forward.c line 3078)
Implementation: set_ip6_flow_hash_command_fn.
set ip6 nd proxy <HOST> <INTERFACE>.
Declaration: set_ip6_nd_proxy_command (src/vnet/ip/ip6_neighbor.c line 4898)
Implementation: set_ip6_nd_proxy_cmd.
set ip6 neighbor [del] <interface> <ip6-address> <mac-address> [static].
This command is used to manually add an entry to the IPv6 neighbor adjacency table. Optionally, the entry can be added as static. It is also used to remove an entry from the table. Use the 'show ip6 neighbors' command to display all learned and manually entered entries.
vpp# set ip6 neighbor GigabitEthernet2/0/0 ::1:1:c:0:9 02:fe:e4:45:27:5b static
Example of how to delete an entry from the IPv6 neighbor adjacency table: vpp# set ip6 neighbor del GigabitEthernet2/0/0 ::1:1:c:0:9 02:fe:e4:45:27:5b
Declaration: set_ip6_neighbor_command (src/vnet/ip/ip6_neighbor.c line 1133)
Implementation: set_ip6_neighbor.
set punt [IPV4|ip6|ipv6] [UDP|tcp] [del] [ALL|<port-num>].
The set of 'set punt' commands allows specific IP traffic to be punted to the host TCP/IP stack
Note
Example of how to request NTP traffic to be punted
vpp# set punt udp 125
Example of how to request all 'unknown' UDP traffic to be punted
vpp# set punt udp all
Example of how to stop all 'unknown' UDP traffic to be punted
vpp# set punt udp del all
Declaration: punt_command (src/vnet/ip/punt.c line 508)
Implementation: punt_cli.
show ioam summary.
This command displays the current configuration data for In-band OAM (iOAM).
vpp# show ioam summary
REWRITE FLOW CONFIGS -
Destination Address : ff02::1
Flow operation : 2 (Pop)
TRACE OPTION - 1 (Enabled)
Try 'show ioam trace and show ioam-trace profile' for more information
POT OPTION - 1 (Enabled)
Try 'show ioam pot and show pot profile' for more information
EDGE TO EDGE - PPC OPTION - 1 (Encap)
Declaration: ip6_show_ioam_run_cmd (src/vnet/ip/ip6_hop_by_hop.c line 1459)
Implementation: ip6_show_ioam_summary_cmd_fn.
Internet protocol (IP) show commands.
Declaration: vlib_cli_show_ip_command (src/vnet/ip/lookup.c line 602)
show ip container <address> <interface>.
Declaration: show_ip_container_command (src/vnet/ip/lookup.c line 1488)
Implementation: show_ip_container_cmd_fn.
show ip local.
Display the set of protocols handled by the local IPv4 stack.
vpp# show ip local
Protocols handled by ip4_local
1
17
47
Declaration: show_ip_local (src/vnet/ip/ip4_forward.c line 1925)
Implementation: show_ip_local_command_fn.
show ip punt redirect.
vpp# set ip punt redierect
Declaration: show_ip4_punt_redirect_command (src/vnet/ip/ip4_punt_drop.c line 428)
Implementation: ip4_punt_redirect_show_cmd.
show ip scan-neighbor.
The 'show ip scan-neighbor' command can be used to show the current periodic IP neighbor scan parameters
vpp# show ip neighbor-scan
Declaration: show_ip_scan_neighbor_command (src/vnet/ip/ip_neighbor.c line 478)
Implementation: show_ip_neighbor_scan.
show ip source-and-port-range-check vrf <table-id> <ip-addr> [port <n>].
Display the range of ports being validated by an IPv4 FIB for a given IP or subnet, or test if a given IP and port are being validated.
vpp# show ip source-and-port-range-check vrf 7 172.16.2.0
172.16.2.0: 23 - 101
Example of how to test to determine of a given Pv4 address and port are being validated: vpp# show ip source-and-port-range-check vrf 7 172.16.2.2 port 23
172.16.2.2 port 23 PASS
vpp# show ip source-and-port-range-check vrf 7 172.16.2.2 port 250
172.16.2.2 port 250 FAIL
Declaration: show_source_and_port_range_check (src/vnet/ip/ip4_source_and_port_range_check.c line 1410)
Implementation: show_source_and_port_range_check_fn.
Internet protocol version 6 (IPv6) show commands.
Declaration: vlib_cli_show_ip6_command (src/vnet/ip/lookup.c line 609)
show ip6 hbh.
Display the set of ip6 local hop-by-hop next protocol handler nodes
vpp# show ip6 hbh
Declaration: show_ip6_hbh (src/vnet/ip/ip6_hop_by_hop.c line 1063)
Implementation: show_ip6_hbh_command_fn.
show ip6 interface <interface>.
This command is used to display various IPv6 attributes on a given interface.
vpp# show ip6 interface GigabitEthernet2/0/0
GigabitEthernet2/0/0 is admin up
Link-local address(es):
fe80::ab8/64
Joined group address(es):
ff02::1
ff02::2
ff02::16
ff02::1:ff00:ab8
Advertised Prefixes:
prefix fe80::fe:28ff:fe9c:75b3, length 64
MTU is 1500
ICMP error messages are unlimited
ICMP redirects are disabled
ICMP unreachables are not sent
ND DAD is disabled
ND advertised reachable time is 0
ND advertised retransmit interval is 0 (msec)
ND router advertisements are sent every 200 seconds (min interval is 150)
ND router advertisements live for 600 seconds
Hosts use stateless autoconfig for addresses
ND router advertisements sent 19336
ND router solicitations received 0
ND router solicitations dropped 0
Example of output if IPv6 is not enabled on the interface: vpp# show ip6 interface GigabitEthernet2/0/0
show ip6 interface: IPv6 not enabled on interface
Declaration: show_ip6_interface_command (src/vnet/ip/ip6_neighbor.c line 4060)
Implementation: show_ip6_interface_cmd.
show ip6 local.
Display the set of protocols handled by the local IPv6 stack.
vpp# show ip6 local
Protocols handled by ip6_local
17
43
58
115
Declaration: show_ip6_local (src/vnet/ip/ip6_forward.c line 3127)
Implementation: show_ip6_local_command_fn.
show ip6 neighbors [<interface>].
This command is used to display the adjacent IPv6 hosts found via neighbor discovery. Optionally, limit the output to the specified interface.
vpp# show ip6 neighbors
Time Address Flags Link layer Interface
34.0910 a:1:1:0:7 02:fe:6a:07:39:6f GigabitEthernet2/0/0
173.2916 ::b:5:1:c:2 02:fe:50:62:3a:94 GigabitEthernet2/0/0
886.6654 ::1:1:c:0:9 S 02:fe:e4:45:27:5b GigabitEthernet3/0/0
Example of how to display the IPv6 neighbor adjacency table for given interface: vpp# show ip6 neighbors GigabitEthernet2/0/0
Time Address Flags Link layer Interface
34.0910 a:1:1:0:7 02:fe:6a:07:39:6f GigabitEthernet2/0/0
173.2916 ::b:5:1:c:2 02:fe:50:62:3a:94 GigabitEthernet2/0/0
Declaration: show_ip6_neighbors_command (src/vnet/ip/ip6_neighbor.c line 1072)
Implementation: show_ip6_neighbors.
show ip6 punt redirect.
vpp# set ip punt policer <INDEX>
Declaration: show_ip6_punt_redirect_command (src/vnet/ip/ip6_punt_drop.c line 418)
Implementation: ip6_punt_redirect_show_cmd.
show ip6-ll [summary] [interface] [<ip6-addr>[/<width>]] [detail].
Declaration: ip6_show_fib_command (src/vnet/ip/ip6_ll_table.c line 348)
Implementation: ip6_ll_show_fib.
show punt socket registrations [l4|exception].
vpp# show punt socket ipv4
Declaration: show_punt_socket_registration_command (src/vnet/ip/punt.c line 782)
Implementation: punt_socket_show_cmd.
test ip checksum.
Declaration: test_checksum (src/vnet/ip/ip_checksum.c line 169)
Implementation: test_ip_checksum_fn.
test ip6 link <mac-address>.
This command converts the given MAC Address into an IPv6 link-local address.
vpp# test ip6 link 16:d9:e0:91:79:86
Link local address: fe80::14d9:e0ff:fe91:7986
Original MAC address: 16:d9:e0:91:79:86
Declaration: test_link_command (src/vnet/ip/ip6_forward.c line 2933)
Implementation: test_ip6_link_command_fn.
test lookup <ipv4-addr> [table <fib-id>] [count <nn>].
Perform a lookup of an IPv4 Address (or range of addresses) in the given FIB table to determine if there is a conflict with the adjacency table. The fib-id can be determined by using the 'show ip fib' command. If fib-id is not entered, default value of 0 is used.
vpp# test lookup 172.16.1.1 table 1 count 2
No errors in 2 lookups
Declaration: lookup_test_command (src/vnet/ip/ip4_forward.c line 2909)
Implementation: test_lookup_command_fn.