1 of 91

CLI Configuration Guide

This CLI Configuration Guide is designed to provide you with instructions and guidance on configuring and managing the Open Packet Broker using the command line interface.

To explore specific topics and access more detailed information, please use the left side column as a navigation tool in the guide. By selecting a particular section from the left side column, you will be able to delve deeper into that specific topic.

Configuring License

When the OPBNOS boots UP, it prompts the user for a License key that can be requested by contacting Aviz Support. More information on Licensing can be found here.

opb-nos login: admin
Password: 
Linux opb-nos 5.10.0-18-2-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64
You are on
  ___  ____  _____  _   _  ___   ____
 / _ \|  _ \|  _  \| \ | |/ _ \ / ___|
| | | | |_| |_|_|_/|  \| | | | |\___ \
| |_| |  __/| |_| \| |\  | |_| | ___) |
 \___/|_|   |_____/|_| \_|\___/ |____/
                      Powered by AVIZ Networks

-- Software for Open Networking in the Cloud --

Version: 20230714.2.5.0

Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.

Help:    www.aviznetworks.com

Device Serial Number : MT2040X05753
Enter the License Key: ffa08***************f6ec544

Verify the currently installed license:

pbnoscli# show license 
=================================================
License Key:  ffa08********************f6ec544
License Type: BASIC
=================================================
pbnoscli#

Use the 'License' command to change the license(if required):

pbnoscli# configure terminal 
pbnoscli(config)# license 
 <licensekey>             
pbnoscli(config)# license db9b0********************b66f12
Current user: root
pbnoscli# 

//Verify the License Key
pbnoscli# show license 
=================================================
License Key:  db9b0********************b66f12
License Type: ADV-T
=================================================
pbnoscli#

The license can be upgraded without requiring a reinstallation or reset.

Configuring Hostname

You can set the hostname using the below command:

pbnoscli# configure terminal 
pbnoscli(config)# hostname Switch-1
Switch-1(config)#

save config after changing hostname using 'save' command

Switch-1# show running-config 
configure terminal
hostname Switch-1
!
Switch-1#

Configuring Username

You can configure the username based on the role(RBAC) using the below command:

Reference

Command

[no] username <user_name> password <user_password> role [network-operator/network-admin]

Description

username configuration

Parameters

username

Mode

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# username 
 <user_name>  
pbnoscli(config)# username test 
  password              Create user password
pbnoscli(config)# username test password 
  <user_pwd>            Enter password
pbnoscli(config)# username test password pass@123 role 
  network-admin         Admin
  network-operator      Operator
pbnoscli(config)# username test password pass@123 role network-admin 
pbnoscli#

pbnoscli(config)# no username test 
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show users 
==================================
Users           Role                            
==================================
root            network-admin                   
test            network-admin                   
*admin          network-admin                   
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
username test role network-admin
!
pbnoscli#

On-Box FlowVision

FlowVision offers a user-friendly graphical interface (GUI) that allows users to configure and monitor the OPBNOS switch.

By enabling the on-box FlowVision feature on the switch, users can access the GUI through the management IP. This enables them to efficiently manage, monitor, and configure the OPBNOS using the intuitive GUI.

The GUI of FlowVision utilizes TCP port 443 & GUI will be reachable at https://<MGMT-IP>/

Users can follow the FlowVision GUI Guide to manage the device using GUI.

This feature is specific to individual switches and cannot be used to manage multiple switches

Enabling On-Box FlowVision will prevent the Switch from being added to a remote FlowVision Controller.

More information is available here.

Reference

Command

[no] flowvision enable

Description

enable/disable the flowvision tool

Parameters

NONE

Mode

CONFIG

Example

pbnoscli# configure terminal
pbnoscli(config)# flowvision 
  enable                enable/disable the flowvision tool
pbnoscli(config)# flowvision enable 
pbnoscli(config)#

Configuring AAA

AAA stands for Authentication, Authorization and Accounting. These protocols were defined by the Internet Engineering Task Force and are intended to provide an Authentication, Authorization, and Accounting (AAA) framework for applications, such as network access or IP mobility in both local and roaming situations.

TACACS uses (either TCP or UDP) port 49 by default. TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. It would determine whether to accept or deny the authentication request and send a response back. In this way, the process of making the decision is "opened up" and the algorithms and data used to make the decision are under the complete control of the TACACS daemon.

RADIUS, which stands for Remote Authentication Dial-In User Service, is a network protocol commonly used for centralized authentication, authorization, and accounting (AAA) management. Similar to TACACS, RADIUS is designed to allow clients to authenticate and request services from a centralized server, referred to as a RADIUS server or RADIUS daemon.

Configuring AAA

TACACS Failthrough:

When using fail-through, if the primary TACACS server fails to respond within a specified timeout period, the authentication request is automatically forwarded to the next authentication method configured, such as a local database or a different authentication server.

If we disable fail-through, the system fails to authenticate with a reachable TACACS+ server the system does not attempt to authenticate with the next TACACS+ server.

TACACS Fallback:

The fallback is mainly intended to provide an alternative way to authenticate users when there’s an issue with the primary authentication server or method, not to give users multiple attempts to authenticate with different methods.

Fallback operates at the AAA (Authentication, Authorization, and Accounting) level, allowing the network device or system to switch to the secondary TACACS server when the primary server is not available.

In summary, failthrough refers to the process of falling back to an alternative authentication method if the primary TACACS server fails to respond, while fallback involves switching to a backup TACACS server when the primary server is unavailable for AAA services.

Configuring AAA

You can configure the Authentication, Authorization and Accounting (AAA) using the following command:

Reference

Command

[no] aaa authentication (failthrough disable | fallback disable |login tacacs)

Description

AAA configuration

Parameters

None

Mode

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# aaa authentication 
  failthrough           Configure failthrough, default : enable
  fallback              Configure fallback, default : enable
  login                 Configure login, default : local
pbnoscli(config)# aaa authentication failthrough disable
pbnoscli(config)# aaa authentication fallback disable
pbnoscli(config)# aaa authentication login tacacs
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show aaa authentication 
================================
Type            Value          
================================
Failthrough        Disabled          
Fallback           Disabled    
login              tacacs   
pbnoscli#

pbnoscli# show running-config 
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#

Configuring TACACS

Server Level Configurations

You can configure the TACACS server using the following command:

Reference

Example

 pbnoscli(config)# tacacs-server host 10.0.0.1           
  <cr>
  auth_type             Authentication type, default pap
  key                   Add Key
  port                  TCP port range is <1...65535>, default 49
  priority              Priority <1..64>, default 1
  timeout               Transmission timeout interval <0-60>, default 5
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type 
  chap                  chap
  login                 login
  mschap                mschap
  pap                   pap
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show tacacs-sever 10.0.0.1
TACPLUS global auth_type pap (Default)
TACPLUS global passkey <EMPTY_STRING> (Default)
TACPLUS global timeout 5 (Default)
=====================================================================================================================
IP              Auth_type       Passkey         Tcp_port        Priority        Mgmtvrf         Timeout        
=====================================================================================================================
10.0.0.1        pap               key_val          44               1              N/A             60             
pbnoscli#

pbnoscli# show running-config 
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#

Global TACACS Parameters

To Configure Global TACACS parameters, use the below command:

Reference

Example

pbnoscli(config)# tacacs 
  authtype              Configure authentication type, default : pap
  passkey               Specify TACACS server global passkey, default : <EMPTY_STRING>
  timeout               Specify TACACS server global timeout <0-60>, default : 5      

//configuring authentication type
pbnoscli(config)# tacacs authtype 
  chap                  chap
  login                 login
  mschap                mschap
  pap                   pap
pbnoscli(config)# tacacs authtype pap 

//configuring tacacs passkey
pbnoscli(config)# tacacs passkey key_value

//configuring timout value
pbnoscli(config)# tacacs timeout 60

You can verify the configuration by using the command(s) below:

pbnoscli# show tacacs-sever 
TACPLUS global auth_type pap            
TACPLUS global passkey key_value      
TACPLUS global timeout 60             
=====================================================================================================================
IP              Auth_type       Passkey         Tcp_port        Priority        Mgmtvrf         Timeout        
=====================================================================================================================
10.0.0.1        pap               key_val          44               1              N/A             60             
pbnoscli#

pbnoscli# show running-config 
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
tacacs auth_type pap
tacacs passkey key_value
tacacs timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#

Configuring RADIUS

RADIUS is commonly used in enterprise and service provider networks to authenticate and authorize users before granting them access to network services.

In SONiC NOS, RADIUS is supported to achieve a crucial role in securing and managing network access by providing a centralized authentication, authorization, and accounting framework. SONiC switch performs a Client - network access server (NAS) role.

RADIUS is not supported on these platforms: EdgeCore AS5812 & EdgeCore AS7712

Global Level:

Reference

Command

[no] radius [auth-type <<chap|pap|mschapv2> default pap>] [nasip ] [key ] [source-ip ] [retransmit ] [timeout ]

Description

Configure RADIUS

Parameters

auth-type, nasip, key, source-ip, retransmit, timeout

Mode

CONFIG

Example

pbnoscli(config)# radius 
  <cr>
  auth-type             Authentication type, default pap
  key                   Add key
  nasip                 NAS IP address
  retransmit            Number of retries, default 3
  source-ip             source ip address
  timeout               Transmission timeout interval <1-60>, default 5
pbnoscli(config)# radius timeout 60
pbnoscli(config)# radius source-ip 10.4.4.52
pbnoscli(config)# radius key testing123
pbnoscli(config)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show radius 
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#

Server Level

Reference

Command

[no] radius-server host key [auth-type <chap|pap|mschapv2> default pap] [auth-port <range[1:65535] default 1812>] [priority <integer default 1>] source-intf [retransmit ] [timeout ]

Description

Configure RADIUS

Parameters

auth-type, auth-port, priority,source-interface, retransmit, timeout

Mode

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# radius 
  host                  Add host
pbnoscli(config)# radius-server host 
  <ipaddr>              A.B.C.D
  <ip6addr>             A:B::C:D
pbnoscli(config)# radius-server host 10.4.4.11

You can verify the configuration by using the command(s) below:

pbnoscli# show radius 10.4.4.11
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#

Configure Packet Timestamping

Timestamping packets is crucial in networking, Accurately recording time references for packets as they travel through the network. This technology aids in performance monitoring, latency analysis, network troubleshooting, and system synchronization. Precise timestamps help pinpoint delays, identify network bottlenecks, optimize routing, and ensure adherence to service-level agreements.

Timestamps are also crucial for coordinating distributed systems by maintaining a consistent time reference across geographically dispersed components. To do this, Specialized hardware or software captures and records these timestamps. Protocols like Precision Time Protocol (PTP) or Network Time Protocol (NTP), facilitate high-precision synchronization.

Timestamping feature is needed for below major use-cases:

Detecting the congestion point on the path of a flow
Path Tracing
Real-time performance monitoring
Arrival sequence validation

This feature is only supported on Broadcom TD3 platforms, specifically EC7326, and EC7726.

Enable Timestamping Globally

You can configure the Timestamping glo using the following command:

Reference

Example

pbnoscli# configure terminal
pbnoscli(config)# timestamping
  enable                enable/disable the OPB Packet Timestamping
pbnoscli(config)# timestamping enable
pbnoscli(config)#

#Disable#
pbnoscli# configure terminal
pbnoscli(config)# timestamping
  enable                enable/disable the OPB Packet Timestamping
pbnoscli(config)#no timestamping enable
pbnoscli(config)#

pbnoscli# show running-config
configure terminal
!
timestamping enable
!
!
pbnoscli#

Enable Timestamp Per-Interface

To Configure Timestamping per interface, use the below command:

Reference

Example

pbnoscli# configure terminal
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# timestamp
  enable                Enable timestamp
pbnoscli(config-if)# timestamp enable 
pbnoscli(config-if)# timestamp enable stage
  egress                Egress
  ingress               Ingress
pbnoscli(config-if)# timestamp enable stage egress
  source-id             Specify source id
pbnoscli(config-if)# timestamp enable stage egress source-id 0x8233
pbnoscli(config-if)#end
pbnoscli#


#Disable#
pbnoscli(config-if)# no timestamp enable stage egress source-id 0x8233

pbnoscli# show running-config
configure terminal
interface ethernet Ethernet1/1
mtu 9100
speed 25000
timestamp enable stage egress source-id 0x8233
!
timestamping enable
!
!
pbnoscli#

Interface Management

Configuring Management Interface

The Management Interface is an external port (non-ASIC) on the switch that allows you to perform switch management tasks. It is a layer 3 interface and it cannot be configured as a layer 2 interface. The management interface cannot forward traffic.

To configure the management interface, use the following command:

pbnoscli# configure terminal 
pbnoscli(config)# interface mgmt 
pbnoscli(config-if)# ip address <ip/mask> gateway <ip>
pbnoscli(config-if)#

When you run the aforementioned command, the system enters the Interface Configuration Mode for the management port. By default, the management interface is created by the switch and it cannot be removed.

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface mgmt 
pbnoscli(config-if)# ip address 10.4.4.53/23 gateway 10.4.4.1
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show ip management 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.4.4.53  netmask 255.255.254.0  broadcast 10.4.5.255
        inet6 fe80::1e34:daff:fe62:28f4  prefixlen 64  scopeid 0x20<link>
        ether 1c:34:da:62:28:f4  txqueuelen 1000  (Ethernet)
        RX packets 11605  bytes 792951 (774.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2309  bytes 1076201 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xdfc00000-dfc1ffff  
pbnoscli#

pbnoscli# show running-config 
configure terminal
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Physical Interface

Physical Interfaces are switch front panel ethernet ports which are ASIC ports. The physical ports are created by default and cannot be deleted.

To change or update the physical port configuration, use the following command:

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet0
pbnoscli(config-if)# 
  !                         Exit from the current prompt
  autoneg                   Auto-Negotiation
  breakout-mode             Breakout configuration
  description               Add description
  egress-tagging            Add egress tagging
  end                       Exit to exec prompt
  exit                      Exit from the current prompt
  forward-error-correction  Interface FEC configuration
  ingress-vlan              Add ingress vlan (range 500...4094)
  ip                        IP Configuration
  lldp                      LLDP configuration
  loopback-mode             Activate loopback mode
  mode                      Interface vlan awareness
  mtu                       Interface MTU configuration
  no                        no form
  sflow                     Sflow configuration
  show                      Show commands
  shutdown                  Disable interface
  speed                     Interface speed configuration
  top                       Exit to the configuration prompt
  truncate                  Truncate the packet
  type                      Add type
pbnoscli(config-if)#

When you run the aforementioned command, the system enters the Interface Configuration mode for the specified physical port.

To change the physical port Admin status, use the following command:

Reference

You can verify the configuration by using the command(s) below:

pbnoscli# show interface status
================================================================================================
Port            Name                            Oper    Admin   Vlan    Speed   MTU     AutoNeg 
================================================================================================
Ethernet1/1     etp1                            up      up      trunk   100000  9100    N/A     
Ethernet2/1     etp2                            up      up      trunk   100000  9100    N/A     
Ethernet3/1     etp3                            up      up      trunk   100000  9100    N/A     
Ethernet4/1     etp4                            down    up      trunk   100000  9100    N/A     
Ethernet5/1     etp5                            down    up      trunk   100000  9100    N/A     
Ethernet6/1     etp6                            down    up      trunk   100000  9100    N/A     
Ethernet7/1     etp7                            down    up      trunk   100000  9100    N/A     
Ethernet8/1     etp8                            down    up      trunk   100000  9100    N/A     
Ethernet9/1     etp9                            down    up      trunk   100000  9100    N/A     
Ethernet10/1    etp10                           down    up      trunk   100000  9100    N/A     
Ethernet11/1    etp11                           down    up      trunk   100000  9100    N/A     
Ethernet12/1    etp12                           down    up      trunk   100000  9100    N/A     
Ethernet13/1    etp13                           up      up      trunk   100000  9100    N/A     
Ethernet14/1    etp14                           up      up      trunk   100000  9100    N/A     
<...>
Ethernet61/1    etp61                           down    up      trunk   100000  9100    N/A     
Ethernet62/1    etp62                           down    up      trunk   100000  9100    N/A     
Ethernet63/1    etp63                           up      up      routed  100000  9100    N/A     
Ethernet64/1    etp64                           up      up      routed  100000  9100    N/A     
pbnoscli#

pbnoscli# show interface summary 
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     0,1,2,3           100G    9100    none    etp1            trunk   up      up      QSFP28 or later   N/A     
Ethernet2/1     8,9,10,11         100G    9100    none    etp2            trunk   up      up      QSFP28 or later   N/A     
Ethernet3/1     16,17,18,19       100G    9100    none    etp3            trunk   up      up      QSFP28 or later   N/A     
Ethernet4/1     24,25,26,27       100G    9100    none    etp4            trunk   down    up      N/A               N/A     
Ethernet5/1     32,33,34,35       100G    9100    none    etp5            trunk   down    up      QSFP28 or later   N/A     
Ethernet6/1     40,41,42,43       100G    9100    none    etp6            trunk   down    up      QSFP28 or later   N/A     
Ethernet7/1     48,49,50,51       100G    9100    none    etp7            trunk   down    up      QSFP28 or later   N/A     
Ethernet8/1     56,57,58,59       100G    9100    none    etp8            trunk   down    up      N/A               N/A     
Ethernet9/1     64,65,66,67       100G    9100    none    etp9            trunk   down    up      N/A               N/A     
Ethernet10/1    72,73,74,75       100G    9100    none    etp10           trunk   down    up      N/A               N/A     
Ethernet11/1    80,81,82,83       100G    9100    none    etp11           trunk   down    up      N/A               N/A     
Ethernet12/1    88,89,90,91       100G    9100    none    etp12           trunk   down    up      N/A               N/A     
Ethernet13/1    96,97,98,99       100G    9100    none    etp13           trunk   up      up      QSFP28 or later   N/A     
Ethernet14/1    104,105,106,107   100G    9100    none    etp14           trunk   up      up      QSFP28 or later   N/A     
<...>
Ethernet60/1    472,473,474,475   100G    9100    none    etp60           trunk   down    up      N/A               N/A     
Ethernet61/1    480,481,482,483   100G    9100    none    etp61           trunk   down    up      N/A               N/A     
Ethernet62/1    488,489,490,491   100G    9100    none    etp62           trunk   down    up      N/A               N/A     
Ethernet63/1    496,497,498,499   100G    9100    rs      etp63           routed  up      up      QSFP28 or later   N/A     
Ethernet64/1    504,505,506,507   100G    9100    rs      etp64           routed  up      up      QSFP28 or later   N/A     
pbnoscli#

pbnoscli# show queue counters         
        PORT    TxQ    Counter/pkts    Counter/bytes    Drop/pkts    Drop/bytes
------------  -----  --------------  ---------------  -----------  ------------
Ethernet1/1     UC0               0                0            0           N/A
Ethernet1/1     UC1               0                0            0           N/A
Ethernet1/1     UC2               0                0            0           N/A
Ethernet1/1     UC3               0                0            0           N/A
Ethernet1/1     UC4               0                0            0           N/A
Ethernet1/1     UC5               0                0            0           N/A
Ethernet1/1     UC6               0                0            0           N/A
Ethernet1/1     UC7            1344           324624            0           N/A
Ethernet1/1     MC8             N/A              N/A          N/A           N/A
Ethernet1/1     MC9             N/A              N/A          N/A           N/A
Ethernet1/1    MC10             N/A              N/A          N/A           N/A
Ethernet1/1    MC11             N/A              N/A          N/A           N/A
Ethernet1/1    MC12             N/A              N/A          N/A           N/A
Ethernet1/1    MC13             N/A              N/A          N/A           N/A
Ethernet1/1    MC14             N/A              N/A          N/A           N/A
Ethernet1/1    MC15             N/A              N/A          N/A           N/A

<...>

        PORT    TxQ    Counter/pkts    Counter/bytes    Drop/pkts    Drop/bytes
------------  -----  --------------  ---------------  -----------  ------------
Ethernet64/1    UC0          200000         14800000            0           N/A
Ethernet64/1    UC1               0                0            0           N/A
Ethernet64/1    UC2               0                0            0           N/A
Ethernet64/1    UC3               0                0            0           N/A
Ethernet64/1    UC4               0                0            0           N/A
Ethernet64/1    UC5               0                0            0           N/A
Ethernet64/1    UC6               0                0            0           N/A
Ethernet64/1    UC7            1223           313620            0           N/A
Ethernet64/1    MC8             N/A              N/A          N/A           N/A
Ethernet64/1    MC9             N/A              N/A          N/A           N/A
Ethernet64/1   MC10             N/A              N/A          N/A           N/A
Ethernet64/1   MC11             N/A              N/A          N/A           N/A
Ethernet64/1   MC12             N/A              N/A          N/A           N/A
Ethernet64/1   MC13             N/A              N/A          N/A           N/A
Ethernet64/1   MC14             N/A              N/A          N/A           N/A
Ethernet64/1   MC15             N/A              N/A          N/A           N/A

pbnoscli# show queue counters Ethernet2/1 
        PORT    TxQ    Counter/pkts    Counter/bytes    Drop/pkts    Drop/bytes
------------  -----  --------------  ---------------  -----------  ------------
Ethernet2/1     UC0               0                0            0           N/A
Ethernet2/1     UC1               0                0            0           N/A
Ethernet2/1     UC2               0                0            0           N/A
Ethernet2/1     UC3               0                0            0           N/A
Ethernet2/1     UC4               0                0            0           N/A
Ethernet2/1     UC5               0                0            0           N/A
Ethernet2/1     UC6               0                0            0           N/A
Ethernet2/1     UC7            1348           325748            0           N/A
Ethernet2/1     MC8             N/A              N/A          N/A           N/A
Ethernet2/1     MC9             N/A              N/A          N/A           N/A
Ethernet2/1    MC10             N/A              N/A          N/A           N/A
Ethernet2/1    MC11             N/A              N/A          N/A           N/A
Ethernet2/1    MC12             N/A              N/A          N/A           N/A
Ethernet2/1    MC13             N/A              N/A          N/A           N/A
Ethernet2/1    MC14             N/A              N/A          N/A           N/A
Ethernet2/1    MC15             N/A              N/A          N/A           N/A
pbnoscli#

Link Layer Discovery Protocol (LLDP)

Link Layer Discovery Protocol (LLDP) is an IEEE 802.1AB-2009 that defines messages, encapsulated in Ethernet frames for the purpose of giving devices a means of announcing basic device information to other devices on the LAN (Local Area Network) through periodic retransmissions out each port every 30 seconds by default.

This implementation of LLDP is compatible with the IEEE 802.1AB-2005 standard. LLDP uses Layer 2 (the data link layer), and allows network management applications to extend their awareness of the network by discovering devices that are direct neighbors of already known devices.

With LLDP, the switch can advertise the presence of its ports, their major capabilities, and their current status to adjacent LLDP neighbours. LLDP transmissions occur on ports at regular intervals or whenever there is a relevant change to their status. The switch can also receive LLDP information advertised from adjacent LLDP-capable network devices.

The following topics provide more information on configuring LLDP:

Enabling LLDP

You can enable or disable LLDP using the below command:

Reference

CLI Example

pbnoscli# configure terminal
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# lldp 
  disabled              Disable LLDP
  rx-and-tx             Enable Rx and Tx
  rx-only               Enable Rx-Only
  tx-only               Enable Tx-Only
pbnoscli(config-if)# lldp rx-and-tx 
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# sh running-config 
configure terminal
interface ethernet Ethernet1/1
lldp rx-and-tx
!
interface ethernet Ethernet2/1
lldp rx-only
!
interface ethernet Ethernet3/1
lldp disabled
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#

Displaying LLDP Neighbors

You can use the below commands to verify LLDP information:

Reference

Example

pbnoscli# show lldp neighbors
Capability codes: (R) Router, (B) Bridge, (O) Other
LocalPort    RemoteDevice    RemotePortID    Capability    RemotePortDescr
-----------  --------------  --------------  ------------  -----------------
Ethernet1/1  sonic           etp1            BR            Ethernet0
Ethernet2/1  sonic           etp2            BR            Ethernet4
Ethernet3/1  sonic           etp3            BR            Ethernet8
Ethernet13/1 sonic           hundredGigE13   BR            Ethernet48
Ethernet14/1 sonic           hundredGigE14   BR            Ethernet52
Ethernet15/1 sonic           hundredGigE15   BR            Ethernet56
eth0         HP2848          12              B             12
--------------------------------------------------
Total entries displayed:  7
pbnoscli#

To display the LLDP neighbor's information in detail, use the following command:

Reference

Example

pbnoscli# show lldp neighbors detail
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    eth0, via: LLDP, RID: 1, Time: 0 day, 10:12:31
  Chassis:     
    ChassisID:    mac 00:0e:7f:01:2f:00
    SysName:      HP2848
    SysDescr:     ProCurve J4904A Switch 2848, revision I.10.105, ROM I.08.07 (/sw/code/build/mako)
    Capability:   Bridge, on
    Capability:   Router, off
  Port:        
    PortID:       local 12
    PortDescr:    12
    TTL:          120
-------------------------------------------------------------------------------
<...>
-------------------------------------------------------------------------------
Interface:    Ethernet15/1, via: LLDP, RID: 3, Time: 0 day, 10:12:20
  Chassis:     
    ChassisID:    mac 80:a2:35:57:49:a7
    SysName:      sonic
    SysDescr:     SONiC Software Version: SONiC.master.0-dirty-20230123.005620 - HwSku: Accton-AS7712-32X - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64
    MgmtIP:       10.4.4.56
    Capability:   Bridge, on
    Capability:   Router, on
    Capability:   Wlan, off
    Capability:   Station, off
  Port:        
    PortID:       local hundredGigE15
    PortDescr:    Ethernet56
    TTL:          120
-------------------------------------------------------------------------------
pbnoscli#

pbnoscli# show lldp neighbors detail interface Ethernet2/1
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    Ethernet2/1, via: LLDP, RID: 2, Time: 0 day, 10:13:33
  Chassis:     
    ChassisID:    mac 04:3f:72:da:74:ee
    SysName:      sonic
    SysDescr:     SONiC Software Version: SONiC.master.0-8202018d - HwSku: ACS-MSN3700C - Distribution: Debian 11.6 - Kernel: 5.10.0-8-2-amd64
    MgmtIP:       10.4.4.52
    Capability:   Bridge, on
    Capability:   Router, on
    Capability:   Wlan, off
    Capability:   Station, off
  Port:        
    PortID:       local etp2
    PortDescr:    Ethernet4
    TTL:          120
-------------------------------------------------------------------------------
pbnoscli#

Configuring Interface Description

Use 'description' to set custom interface level description

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1
pbnoscli(config-if)# descript    
  description           Add description
pbnoscli(config-if)# description "interface description"

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1

===================================
Interface : Ethernet4/1       
===================================
Description    : interface description
Mode           : vlan-aware      
Ingress-vlan   : 6               
Egress-tagging : disable         
Truncate       : 64              

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet4/1
description interface description
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Auto Negotiation

Autonegotiation is a signalling mechanism in which two devices connected over Ethernet can choose common transmission parameters such as speed, duplex, mode and flow control.

In this process, the connected device first shares its capabilities regarding these parameters and then chooses the highest performance mode that both support.

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# autoneg 
  disable               Disable Auto-Negotiation
pbnoscli(config-if)# autoneg disable
pbnoscli(config-if)#  

//to enable again
pbnoscli(config-if)# no autoneg disable 
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface status 
================================================================================================
Port            Name                            Oper    Admin   Vlan    Speed   MTU     AutoNeg 
================================================================================================
Ethernet1/1     etp1                            up      up      trunk   100000  9100    off     
Ethernet2/1     etp2                            up      up      trunk   100000  9100    N/A     
Ethernet3/1     etp3                            up      up      trunk   100000  9100    N/A     
Ethernet4/1     etp4                            down    up      trunk   100000  9100    N/A     
Ethernet5/1     etp5                            down    up      trunk   100000  9100    N/A     
Ethernet6/1     etp6                            down    up      trunk   100000  9100    N/A     
Ethernet7/1     etp7                            down    up      trunk   100000  9100    N/A     
Ethernet8/1     etp8                            down    up      trunk   100000  9100    N/A     
Ethernet9/1     etp9                            down    up      trunk   100000  9100    N/A     
Ethernet10/1    etp10                           down    up      trunk   100000  9100    N/A     
Ethernet11/1    etp11                           down    up      trunk   100000  9100    N/A     
Ethernet12/1    etp12                           down    up      trunk   100000  9100    N/A     
Ethernet13/1    etp13                           up      up      trunk   100000  9100    N/A     
Ethernet14/1    etp14                           up      up      trunk   100000  9100    N/A     
<...>
Ethernet60/1    etp60                           down    up      trunk   100000  9100    N/A     
Ethernet61/1    etp61                           down    up      trunk   100000  9100    N/A     
Ethernet62/1    etp62                           down    up      trunk   100000  9100    N/A     
Ethernet63/1    etp63                           up      up      routed  100000  9100    N/A     
Ethernet64/1    etp64                           up      up      routed  100000  9100    N/A     
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
autoneg disable
!
interface ethernet Ethernet4
description interface description
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring FEC

Forward error correction (FEC) is an error correction technique to detect and correct a limited number of errors in transmitted data without the need for retransmission.

In this method, the sender sends a redundant error-correcting code along with the data frame. The receiver performs necessary checks based on the additional redundant bits. If it finds that the data is free from errors, it executes the error-correcting code that generates the actual frame. It then removes the redundant bits before passing the message to the upper layers.

Reference

Command

forward-error-correction {rs | fs | none}

Description

Configure forward error correction method

Parameters

None

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# forward-error-correction 
  fs                    Firecode Forward Error Correction
  none                  None
  rs                    Reed Solomon Forward Error Correction
pbnoscli(config-if)# forward-error-correction rs

You can verify the configuration by using the command(s) below:

pbnoscli# show interface summary 
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     0,1,2,3           100G    9100    rs      etp1            trunk   up      up      QSFP28 or later   N/A     
Ethernet2/1     8,9,10,11         100G    9100    none    etp2            trunk   up      up      QSFP28 or later   N/A     
Ethernet3/1     16,17,18,19       100G    9100    none    etp3            trunk   up      up      QSFP28 or later   N/A     
Ethernet4/1     24,25,26,27       100G    9100    rs      etp4            trunk   down    up      N/A               N/A     
Ethernet5/1     32,33,34,35       100G    9100    none    etp5            trunk   down    up      QSFP28 or later   N/A     
Ethernet6/1     40,41,42,43       100G    9100    none    etp6            trunk   down    up      QSFP28 or later   N/A     
Ethernet7/1     48,49,50,51       100G    9100    none    etp7            trunk   down    up      QSFP28 or later   N/A     
Ethernet8/1     56,57,58,59       100G    9100    none    etp8            trunk   down    up      N/A               N/A     
Ethernet9/1     64,65,66,67       100G    9100    none    etp9            trunk   down    up      N/A               N/A     
Ethernet10/1    72,73,74,75       100G    9100    none    etp10           trunk   down    up      N/A               N/A     
Ethernet11/1    80,81,82,83       100G    9100    none    etp11           trunk   down    up      N/A               N/A     
Ethernet12/1    88,89,90,91       100G    9100    none    etp12           trunk   down    up      N/A               N/A     
Ethernet13/1    96,97,98,99       100G    9100    none    etp13           trunk   up      up      QSFP28 or later   N/A     
Ethernet14/1    104,105,106,107   100G    9100    none    etp14           trunk   up      up      QSFP28 or later   N/A     
<...>
Ethernet60/1    472,473,474,475   100G    9100    none    etp60           trunk   down    up      N/A               N/A     
Ethernet61/1    480,481,482,483   100G    9100    none    etp61           trunk   down    up      N/A               N/A     
Ethernet62/1    488,489,490,491   100G    9100    none    etp62           trunk   down    up      N/A               N/A     
Ethernet63/1    496,497,498,499   100G    9100    rs      etp63           routed  up      up      QSFP28 or later   N/A     
Ethernet64/1    504,505,506,507   100G    9100    rs      etp64           routed  up      up      QSFP28 or later   N/A     
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
!
interface ethernet Ethernet4/1
forward-error-correction fs
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Maximum Transition Unit

Maximum transmission unit (MTU) defines the largest size of the packet that can be transmitted as a single entity through the port. The size of the MTU dictates the amount of data that can be transmitted in bytes over a network.

Reference

Command

mtu <mtu val>

Description

Configure MTU in bytes

Parameters

Mtu value (MAX: 9100)

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# mtu 
  <mtuval>              Mtu value (1..9100)
pbnoscli(config-if)# mtu 1600
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface summary 
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     0,1,2,3           100G    1500    rs      etp1            trunk   up      up      QSFP28 or later   N/A     
Ethernet2/1     8,9,10,11         100G    9100    none    etp2            trunk   up      up      QSFP28 or later   N/A     
Ethernet3/1     16,17,18,19       100G    9100    none    etp3            trunk   up      up      QSFP28 or later   N/A     
Ethernet4/1     24,25,26,27       100G    9100    none    etp4            trunk   down    up      N/A               N/A     
Ethernet5/1     32,33,34,35       100G    9100    none    etp5            trunk   down    up      QSFP28 or later   N/A     
Ethernet6/1     40,41,42,43       100G    9100    none    etp6            trunk   down    up      QSFP28 or later   N/A     
Ethernet7/1     48,49,50,51       100G    9100    none    etp7            trunk   down    up      QSFP28 or later   N/A     
Ethernet8/1     56,57,58,59       100G    9100    none    etp8            trunk   down    up      N/A               N/A     
Ethernet9/1     64,65,66,67       100G    9100    none    etp9            trunk   down    up      N/A               N/A     
Ethernet10/1    72,73,74,75       100G    9100    none    etp10           trunk   down    up      N/A               N/A     
Ethernet11/1    80,81,82,83       100G    9100    none    etp11           trunk   down    up      N/A               N/A     
Ethernet12/1    88,89,90,91       100G    9100    none    etp12           trunk   down    up      N/A               N/A     
Ethernet13/1    96,97,98,99       100G    9100    none    etp13           trunk   up      up      QSFP28 or later   N/A     
Ethernet14/1    104,105,106,107   100G    9100    none    etp14           trunk   up      up      QSFP28 or later   N/A  
<...>
Ethernet60/1    472,473,474,475   100G    9100    none    etp60           trunk   down    up      N/A               N/A     
Ethernet61/1    480,481,482,483   100G    9100    none    etp61           trunk   down    up      N/A               N/A     
Ethernet62/1    488,489,490,491   100G    9100    none    etp62           trunk   down    up      N/A               N/A     
Ethernet63/1    496,497,498,499   100G    9100    rs      etp63           routed  up      up      QSFP28 or later   N/A     
Ethernet64/1    504,505,506,507   100G    9100    rs      etp64           routed  up      up      QSFP28 or later   N/A     
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
mtu 1600
forward-error-correction rs
!
interface ethernet Ethernet4/1
description interface description
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Port Speed

Port speed refers to the maximum amount of data that the line card transmits through a port at any given second.

Reference

Example

pbnoscli# configure terminal
pbnoscli(config)# interface ethernet Ethernet4/1
pbnoscli(config-if)# speed 
  1000                  1G
  10000                 10G
  100000                100G
  25000                 25G
  40000                 40G
pbnoscli(config-if)# speed 1000
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface summary 
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     0,1,2,3           100G    1500    rs      etp1            trunk   up      up      QSFP28 or later   N/A     
Ethernet2/1     8,9,10,11         100G    9100    none    etp2            trunk   up      up      QSFP28 or later   N/A     
Ethernet3/1     16,17,18,19       100G    9100    none    etp3            trunk   up      up      QSFP28 or later   N/A     
Ethernet4/1     24,25,26,27       1G      9100    fs      etp4            trunk   down    up      N/A               N/A     
Ethernet5/1     32,33,34,35       100G    9100    none    etp5            trunk   down    up      QSFP28 or later   N/A     
Ethernet6/1     40,41,42,43       100G    9100    none    etp6            trunk   down    up      QSFP28 or later   N/A     
Ethernet7/1     48,49,50,51       100G    9100    none    etp7            trunk   down    up      QSFP28 or later   N/A     
Ethernet8/1     56,57,58,59       100G    9100    none    etp8            trunk   down    up      N/A               N/A     
Ethernet9/1     64,65,66,67       100G    9100    none    etp9            trunk   down    up      N/A               N/A     
Ethernet10/1    72,73,74,75       100G    9100    none    etp10           trunk   down    up      N/A               N/A     
Ethernet11/1    80,81,82,83       100G    9100    none    etp11           trunk   down    up      N/A               N/A     
Ethernet12/1    88,89,90,91       100G    9100    none    etp12           trunk   down    up      N/A               N/A     
Ethernet13/1    96,97,98,99       100G    9100    none    etp13           trunk   up      up      QSFP28 or later   N/A     
Ethernet14/1    104,105,106,107   100G    9100    none    etp14           trunk   up      up      QSFP28 or later   N/A     
<...>
Ethernet60/1    472,473,474,475   100G    9100    none    etp60           trunk   down    up      N/A               N/A     
Ethernet61/1    480,481,482,483   100G    9100    none    etp61           trunk   down    up      N/A               N/A     
Ethernet62/1    488,489,490,491   100G    9100    none    etp62           trunk   down    up      N/A               N/A     
Ethernet63/1    496,497,498,499   100G    9100    rs      etp63           routed  up      up      QSFP28 or later   N/A     
Ethernet64/1    504,505,506,507   100G    9100    rs      etp64           routed  up      up      QSFP28 or later   N/A     
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
!
interface ethernet Ethernet4/1
speed 1000
forward-error-correction fs
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Port Breakout

The Port Breakout feature allows high-speed ports to be split into multiple lower-speed ports on supported platforms through interface configuration. This enables flexibility in network deployments by adapting port speeds to specific requirements.

Supported Platforms for Port Breakout:

EC7816
EC7726
EC7326
SN4600C

Supported Breakout Configurations

For example, a 100G port can be split into:

4x 25G ports
2x 50G ports
4x 10G ports (if supported)

Checking the Current Breakout Mode

To view the current breakout mode for an interface, use:

pbnoscli# show interface breakout current-mode Ethernet49/1
======================================
Interface       Breakout
======================================
Ethernet49/1    1x100G[40G]

Viewing Available Breakout Modes

Before changing the breakout configuration, check the supported breakout modes using:

pbnoscli# show interface breakout
{
    "Ethernet1/1": {
        "index": "1",
        "lanes": "3",
        "breakout_modes": {
            "1x25G": [
                "Eth1(Port1)"
            ]
        },
        "default_brkout_mode": "1x25G",
        "Current Breakout Mode": "1x25G",
        "child ports": "Ethernet1/1",
        "child port speeds": "25G"
    },
    
<skipped>

    "Ethernet49/1": {
        "index": "49,49,49,49",
        "lanes": "77,78,79,80",
        "breakout_modes": {
            "1x100G[40G]": [
                "Eth49(Port49)"
            ],
            "2x50G": [
                "Eth49/1(Port49)",
                "Eth49/2(Port49)"
            ],
            "4x25G": [
                "Eth49/1(Port49)",
                "Eth49/2(Port49)",
                "Eth49/3(Port49)",
                "Eth49/4(Port49)"
            ],
            "4x10G": [
                "Eth49/1(Port49)",
                "Eth49/2(Port49)",
                "Eth49/3(Port49)",
                "Eth49/4(Port49)"
            ]
        },
        "default_brkout_mode": "1x100G[40G]",
        "Current Breakout Mode": "1x100G[40G]",
        "child ports": "Ethernet49/1",
        "child port speeds": "100G"
    }
}

From the above output, the platform supports four breakout modes for Ethernet49/1:

1x100G
2x50G
4x25G
4x10G

Note:

Ensure there are no interface-dependent configurations before applying a breakout change.
A system reboot is required after configuring port breakout.

Configuring Port Breakout

To change the breakout mode to 4x25G, use the following command:

pbnoscli(config)# interface ethernet Ethernet49/1
pbnoscli(config-if)# breakout-mode "4x25G"
Checking for port dependencies....
Configuring interface breakout....
Breakout process got successfully completed!
Reboot is required to apply the breakout changes!
Do you want to save and reboot to apply the changes [y/n]: y
Saving configuration...
Rebooting the device...

After the system reboots, verify the new breakout configuration using:


//After reboot

pbnoscli# show interface  status
================================================================================================
Port            Name                            Oper    Admin   Vlan    Speed   MTU     AutoNeg
================================================================================================
Ethernet1/1     Eth1(Port1)                     down    up      routed  25000   9100    N/A
Ethernet2/1     Eth2(Port2)                     down    up      routed  25000   9100    N/A
Ethernet3/1     Eth3(Port3)                     down    up      routed  25000   9100    N/A
Ethernet4/1     Eth4(Port4)                     up      up      routed  25000   9100    N/A
Ethernet5/1     Eth5(Port5)                     down    up      routed  25000   9100    N/A
Ethernet6/1     Eth6(Port6)                     down    up      routed  25000   9100    N/A
Ethernet7/1     Eth7(Port7)                     down    up      routed  25000   9100    N/A
Ethernet8/1     Eth8(Port8)                     down    up      routed  25000   9100    N/A
Ethernet9/1     Eth9(Port9)                     down    up      routed  25000   9100    N/A
Ethernet10/1    Eth10(Port10)                   down    up      routed  25000   9100    N/A
<skipped>
Ethernet48/1    Eth48(Port48)                   down    up      routed  25000   9100    N/A
Ethernet49/1    Eth49/1(Port49)                 up      up      routed  25000   9100    N/A
Ethernet49/2    Eth49/2(Port49)                 up      up      routed  25000   9100    N/A
Ethernet49/3    Eth49/3(Port49)                 up      up      routed  25000   9100    N/A
Ethernet49/4    Eth49/4(Port49)                 up      up      routed  25000   9100    N/A
Ethernet50/1    Eth50(Port50)                   down    up      routed  100000  9100    N/A
Ethernet51/1    Eth51(Port51)                   down    up      routed  100000  9100    N/A
Ethernet52/1    Eth52(Port52)                   down    up      routed  100000  9100    N/A
Ethernet53/1    Eth53(Port53)                   up      up      routed  100000  9100    N/A
Ethernet54/1    Eth54(Port54)                   up      up      routed  100000  9100    N/A
Ethernet55/1    Eth55(Port55)                   up      up      routed  100000  9100    N/A
Ethernet56/1    Eth56(Port56)                   down    up      routed  100000  9100    N/A

pbnoscli# show running-config
configure terminal
interface ethernet Ethernet1/1
mtu 9100
speed 25000
!
<skipped>
interface ethernet Ethernet48/1
mtu 9100
speed 25000
!
interface ethernet Ethernet49/1
mtu 9100
speed 25000
forward-error-correction none
!
interface ethernet Ethernet49/2
mtu 9100
speed 25000
forward-error-correction none
!
interface ethernet Ethernet49/3
mtu 9100
speed 25000
forward-error-correction none
!
interface ethernet Ethernet49/4
mtu 9100
speed 25000
forward-error-correction none
!
interface ethernet Ethernet50/1
mtu 9100
speed 100000
!


pbnoscli# show interface breakout current-mode Ethernet49/1
======================================
Interface       Breakout
======================================
Ethernet49/1    4x25G

pbnoscli# show in summary
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     3                 25G     9100    N/A     Eth1(Port1)     routed  down    up      SFP/SFP+/SFP28    N/A
Ethernet2/1     2                 25G     9100    N/A     Eth2(Port2)     routed  down    up      N/A               N/A
Ethernet3/1     4                 25G     9100    N/A     Eth3(Port3)     routed  down    up      N/A               N/A
Ethernet4/1     8                 25G     9100    N/A     Eth4(Port4)     routed  up      up      SFP/SFP+/SFP28    N/A
Ethernet5/1     7                 25G     9100    N/A     Eth5(Port5)     routed  down    up      N/A               N/A
Ethernet6/1     1                 25G     9100    N/A     Eth6(Port6)     routed  down    up      N/A               N/A
Ethernet7/1     5                 25G     9100    N/A     Eth7(Port7)     routed  down    up      N/A               N/A
Ethernet8/1     16                25G     9100    N/A     Eth8(Port8)     routed  down    up      N/A               N/A
<skipped>
Ethernet49/1    77                25G     9100    none    Eth49/1(Port49) routed  up      up      QSFP28 or later   N/A
Ethernet49/2    78                25G     9100    none    Eth49/2(Port49) routed  up      up      QSFP28 or later   N/A
Ethernet49/3    79                25G     9100    none    Eth49/3(Port49) routed  up      up      QSFP28 or later   N/A
Ethernet49/4    80                25G     9100    none    Eth49/4(Port49) routed  up      up      QSFP28 or later   N/A
Ethernet50/1    85,86,87,88       100G    9100    N/A     Eth50(Port50)   routed  down    up      N/A               N/A
Ethernet51/1    93,94,95,96       100G    9100    N/A     Eth51(Port51)   routed  down    up      N/A               N/A
Ethernet52/1    97,98,99,100      100G    9100    N/A     Eth52(Port52)   routed  down    up      N/A               N/A
Ethernet53/1    105,106,107,108   100G    9100    N/A     Eth53(Port53)   routed  up      up      QSFP28 or later   N/A
Ethernet54/1    113,114,115,116   100G    9100    N/A     Eth54(Port54)   routed  up      up      QSFP28 or later   N/A
Ethernet55/1    121,122,123,124   100G    9100    N/A     Eth55(Port55)   routed  up      up      QSFP28 or later   N/A
Ethernet56/1    125,126,127,128   100G    9100    N/A     Eth56(Port56)   routed  down    up      QSFP28 or later   N/A

Now if we want to change breakout mode from "4x25G" to "2x50G" then we can do it using below commands

pbnoscli# configure
pbnoscli(config)# interface ethernet Ethernet49/1
pbnoscli(config-if)# breakout-mode "2x50G"
Checking for port dependencies....
Configuring interface breakout....
Breakout process got successfully completed!
Reboot is required to apply the breakout changes!
Do you want to save and reboot to apply the changes [y/n]: y
Saving configuration...
Rebooting the device...
requested COLD shutdown

// After reboot
pbnoscli# show running-config
configure terminal
interface ethernet Ethernet1/1
mtu 9100
speed 25000
!
interface ethernet Ethernet2/1
mtu 9100
speed 25000
!
<skipped>
interface ethernet Ethernet49/1
mtu 9100
speed 50000
forward-error-correction none
!
interface ethernet Ethernet49/2
mtu 9100
speed 50000
forward-error-correction none
!
interface ethernet Ethernet50/1
mtu 9100
speed 100000
!

pbnoscli# show interface  status
================================================================================================
Port            Name                            Oper    Admin   Vlan    Speed   MTU     AutoNeg
================================================================================================
Ethernet1/1     Eth1(Port1)                     down    up      routed  25000   9100    N/A
Ethernet2/1     Eth2(Port2)                     down    up      routed  25000   9100    N/A
<skipped>
Ethernet48/1    Eth48(Port48)                   down    up      routed  25000   9100    N/A
Ethernet49/1    Eth49/1(Port49)                 down    up      routed  50000   9100    N/A
Ethernet49/2    Eth49/2(Port49)                 down    up      routed  50000   9100    N/A
Ethernet50/1    Eth50(Port50)                   down    up      routed  100000  9100    N/A
Ethernet51/1    Eth51(Port51)                   down    up      routed  100000  9100    N/A
Ethernet52/1    Eth52(Port52)                   down    up      routed  100000  9100    N/A
Ethernet53/1    Eth53(Port53)                   up      up      routed  100000  9100    N/A
Ethernet54/1    Eth54(Port54)                   up      up      routed  100000  9100    N/A
Ethernet55/1    Eth55(Port55)                   up      up      routed  100000  9100    N/A
Ethernet56/1    Eth56(Port56)                   down    up      routed  100000  9100    N/A

pbnoscli# show interface summary
============================================================================================================================
Interface       Lanes             Speed   MTU     FEC     Alias           Vlan    Oper    Admin   Type              Asym PFC
============================================================================================================================
Ethernet1/1     3                 25G     9100    N/A     Eth1(Port1)     routed  down    up      SFP/SFP+/SFP28    N/A
<skipped>
Ethernet49/1    77,78             50G     9100    none    Eth49/1(Port49) routed  down    up      QSFP28 or later   N/A
Ethernet49/2    79,80             50G     9100    none    Eth49/2(Port49) routed  down    up      QSFP28 or later   N/A
Ethernet50/1    85,86,87,88       100G    9100    N/A     Eth50(Port50)   routed  down    up      N/A               N/A
Ethernet51/1    93,94,95,96       100G    9100    N/A     Eth51(Port51)   routed  down    up      N/A               N/A
Ethernet52/1    97,98,99,100      100G    9100    N/A     Eth52(Port52)   routed  down    up      N/A               N/A
Ethernet53/1    105,106,107,108   100G    9100    N/A     Eth53(Port53)   routed  up      up      QSFP28 or later   N/A
Ethernet54/1    113,114,115,116   100G    9100    N/A     Eth54(Port54)   routed  up      up      QSFP28 or later   N/A
Ethernet55/1    121,122,123,124   100G    9100    N/A     Eth55(Port55)   routed  up      up      QSFP28 or later   N/A
Ethernet56/1    125,126,127,128   100G    9100    N/A     Eth56(Port56)   routed  down    up      QSFP28 or later   N/A

pbnoscli# show interface breakout current-mode Ethernet49/1
======================================
Interface       Breakout
======================================
Ethernet49/1    2x50G

Configuring Interface Type

You can configure the interface type based on the connection point. Here, “network” corresponds to the network (TAPs) and “tool” corresponds to analytics tools.

Reference

Command

type (network | tool)

no type

Description

Type Configuration

Parameters

None

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet1/1
pbnoscli(config-if)# type 
  network               Network
  tool                  Tool
pbnoscli(config-if)#type network

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet1/1

===================================
Interface : Ethernet1/1       
===================================
Type           : network         
Mode           : vlan-aware      
Ingress-vlan   : 2               
Egress-tagging : disable         

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
mtu 1600
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring VLAN Modes

VLAN modes in OPB provide administrators to match flow based on the VLAN tag in the packet and redirect to the tool ports

OPB supports two VLAN modes;

VLAN-aware mode will match traffic based on both configured ingress-VLAN and VLAN configured in flow rules
VLAN-unaware mode will allow all VLAN traffic and does not follow the ingress-VLAN configuration

By default, the port is in VLAN-aware mode and will accept traffic tagged with VLAN 'n+2', where 'n' is the port number i.e. Eth2+2 = VLAN 4

Reference

Command

mode vlan-aware

mode vlan-unaware

Description

vlan-aware: used for matching packets based on VLAN id

Parameters

None

Mode

INTERFACE

This feature is only supported on the NVIDIA platforms and is applicable only for network ports.

Example

pbnoscli# configure terminal
pbnoscli(config)# interface ethernet Ethernet16/1
pbnoscli(config-if)# mode vlan-
  vlan-aware            dot1_q mode
  vlan-unaware          q_inq mode
pbnoscli(config-if)# mode vlan-aware 
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet16/1

===================================
Interface : Ethernet16/1      
===================================
Mode           : vlan-aware      
Ingress-vlan   : 18              
Egress-tagging : disable         

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet16/1
mode vlan-aware
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Loopback Mode

Loopback-mode means that a physical port can become network-port (ingress) and tool-port(egress) to which flow rules can be applied. A loopback-mode port is operated in loopback mode and avoids customers connecting a physical cable to make it operate in Loopback mode.

As soon as a port is configured as a loopback-mode port, it is internally changed to a loopback mode state. This means that the link is UP with or without cables being inserted. Traffic flows out of a loopback-mode port (Tx direction) and loops back to it (Rx direction).

loopback-mode ports can provide the following flexibility:

Support for multiple lookups on the same packet. For example, decapsulate the tunnel and look up based on the inner header.
Multiple egress actions on the same traffic. For example (shown here) send to tool as-is and add VLAN tag.

The following command is used to configure the interface to work as both network-port and tool-port. When enabled on an interface, it acts like a mac loopback which loops back the egress packets back to the device on the same port.

Reference

Command

loopback-mode no loopback-mode

Description

Activation loopback mode

Parameters

None

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1
pbnoscli(config-if)# loopback      
  loopback-mode         Activate loopback mode
pbnoscli(config-if)# loopback-mode 
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1
===================================
Interface : Ethernet4/1      
===================================
Mode           : vlan-aware      
Ingress-vlan   : 6              
Egress-tagging : disable         
Loopback-mode  : enable          

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet4/1
speed 1000
description interface description
mode vlan-aware
loopback-mode
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Packet Slicing

You can use packet truncation, which is a unique capability available only on NVIDIA platforms, to truncate the packets which are sent to the tool. This helps tools reduce the storage capacity needed for saving packets for future analysis. It truncates the packet for the given offset.

This feature is only supported on the NVIDIA platforms

The packet will be truncated beginning at the Ethernet header

Reference

Command

truncate <offset value>

no truncate

Description

Truncate packets after offset

Parameters

Offset-value – multiple of 4 within 48 to 4088

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1
pbnoscli(config-if)# trunc    
  truncate              Truncate the packet
pbnoscli(config-if)# truncate 64

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1

===================================
Interface : Ethernet4/1       
===================================
Mode           : vlan-aware      
Ingress-vlan   : 6               
Egress-tagging : disable         
Truncate       : 64              

pbnoscli#

pbnoscli# sh running-config 
configure terminal
!
interface ethernet Ethernet4/1
truncate 64
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Ingress VLAN

You can use the Ingress VLAN functionality to assign dedicated identification tags (VLAN Tags) and thereby creating a mapping between the network port and tool ports. Traffic received on network ports can be added with an additional VLAN tag and sent towards the tools for identifying the Network Port. Ingress VLAN is configured in the interface configuration of the network port.

Reference

Command

[no] ingress-vlan <value>

Description

Ingress-vlan configuration

Parameters

value within 500 to 4094

Mode

INTERFACE

This feature should only be configured on Network ports

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet8/1
pbnoscli(config-if)# ingress-     
  ingress-vlan          Add ingress vlan (range 500...4094)
pbnoscli(config-if)# ingress-vlan 501
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet8/1

===================================
Interface : Ethernet8/1       
===================================
Type           : network         
Mode           : vlan-aware      
Ingress-vlan   : 501             
Egress-tagging : disable         

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet8/1
ingress-vlan 501
mode vlan-aware
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Egress Tagging

You can use the egress tagging functionality to add a VLAN tag to the packet transmitted from the tool port.

Reference

This feature should only be configured on Tool ports

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1
pbnoscli(config-if)# egress-        
  egress-tagging        Add egress tagging
pbnoscli(config-if)# egress-tagging enable 
pbnoscli(config-if)#

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1

===================================
Interface : Ethernet4/1       
===================================
Type           : tool            
Mode           : vlan-aware      
Ingress-vlan   : 6               
Egress-tagging : enable          
Loopback-mode  : disable         

pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet4/1
type tool
egress-tagging enable
mode vlan-aware
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Rx-only

You can use the Rx-only functionality to have only a Receive link on the network ports for BiDi SFPs

This feature is only supported on Edgecore AS7816-64X

Reference

Command

{no} receive-only

Description

rx-only configuration

Parameters

None

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1                  
pbnoscli(config-if)# receive-only
pbnoscli(config-if)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1
===================================
Interface : Ethernet4/1
===================================
Ingress-vlan   : 18
Egress-tagging : disable
Receive-only  : enable

pbnoscli#

pbnoscli# show running-config 
configure terminal
interface ethernet Ethernet4/1
receive-only
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring Tx-only

You can use the Tx-only functionality to have only a Transmit link on the tool ports

This feature is only supported on Broadcom platforms

Reference

Command

{no} transmit-only

Description

Tx-only configuration

Parameters

None

Mode

INTERFACE

Example

pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet4/1                  
pbnoscli(config-if)# tr            
  transmit-only         Activate tx-only mode
pbnoscli(config-if)# transmit-only 
pbnoscli(config-if)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show interface npb Ethernet4/1
===================================
Interface : Ethernet4/1
===================================
Ingress-vlan   : 18
Egress-tagging : disable
Transmit-only  : enable

pbnoscli#

pbnoscli# show running-config 
configure terminal
interface ethernet Ethernet4/1
transmit-only
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring An-clause

You can use the an-clause functionality to enable support for 1G Electrical SFP

This feature is only supported on Broadcom platforms

Reference

Command

{no} an-clause cl37

Description

Auto-Negotiation clause

Parameters

cl37

Mode

INTERFACE

Example


pbnoscli# configure terminal 
pbnoscli(config)# interface ethernet Ethernet2/1
pbnoscli(config-if)# an
  an-clause             Auto-Negotiation clause
pbnoscli(config-if)# an-clause cl37
pbnoscli(config-if)# end

pbnoscli# show running-config 
configure terminal
interface ethernet Ethernet2/1
an-clause cl37
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring PortChannel

You can use the port-channel command to create groups of tool ports and provide traffic load-balancing. By default, symmetric hashing is enabled for IPv4 and IPv6 traffic, redirecting the source-destination pair to the same tool-connected port.

Reference

Command

port-channel <channelid>ports<portname>[description<string>] no port-channel <channelid>ports

Description

Port-channel configuration

Parameters

channelid - within 1 to 16 portname - valid interface names delimited by (,) string - a maximum of 50 characters, within double quotes

Mode

CONFIG

PortChannel can only be configured as a Tool port in a flow

Example

pbnoscli# configure terminal  
pbnoscli(config)# port-channel 1 
  ports                 Add physical ports to port channel
pbnoscli(config)# port-channel 1 ports 
  <portname>            Add ports (Add multiple ports comma delimited)
pbnoscli(config)# port-channel 1 ports Ethernet63/1,Ethernet64/1
pbnoscli(config)# 

pbnoscli(config)# no port-channel 1 ports 
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show port-channel information 
===================================
Name         : port-channel1
Member ports : Ethernet63/1[up] Ethernet64/1[up] 

===================================
pbnoscli# 

pbnoscli# show port-channel rate
=====================================================
Port-channel Rate Counter
=====================================================

	Port-Channel                  :1
	Member Port                   :Ethernet1/1[up],Ethernet2/1[up],Ethernet3/1[up],Ethernet4/1[down],Ethernet5/1[down]
	PACKETS RECEIVED              :0
	PACKETS RECEIVED BPS          :51.25 B/s
	PACKETS RECEIVED PPS          :0.20 P/s
	RECEIVED UTIL                 :0.00 %
	RECEIVED ERROR PACKETS        :0
	RECEIVED DISCARDED PACKETS    :0
	RECEIVED OVERSIZE PACKETS     :0
	PACKETS TRANSMITTED           :0
	PACKETS TRANSMITTED BPS       :20.51 B/s
	PACKETS TRANSMITTED PPS       :0.09 P/s
	TRANSMITTED UTIL              :0.00 %
	TRANSMITTED ERROR PACKETS     :0
	TRANSMITTED DISCARDED PACKETS :0
	TRANSMITTED OVERSIZE PACKETS  :0

pbnoscli#

pbnoscli# show running-config
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
pbnoscli#

Configuring LAG Hash

LAG-Hash is used to describe the load-balancing algorithm used for distributing traffic across the links within a port channel. This algorithm plays a crucial role in determining the distribution of traffic evenly among the member links of the port channel.

OPBNOS uses the CRC2 for NVIDIA ASIC and CRC32_LO for Broadcom ASIC for load-balancing traffic across a port channel.

Reference

Command

lag-hash seed <int seed_value>

Description

seed value 0 - 4294967295

Parameters

integer seed value

Mode

CONFIG

pbnoscli# configure terminal 
pbnoscli(config)# lag-hash 
  seed                  seed configuration
pbnoscli(config)# lag-hash seed 
  <seed_val>            seed value 0..4294967295
pbnoscli(config)# lag-hash seed 429496723
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show lag-hash config 
===================================================
LAG Hash Parameters
===================================================
Hash Algorithm : CRC2
Symmetric Hash : Enabled
SEED Value     : 429496723
pbnoscli#

Configuring Flows and Rules

This section provides information about configuring flows and rules.

Configuring Network Ports

Network ports are the source port(s) that can be specified in a flow for matching and filtering on one or more ingress traffic ports.

Reference

CLI Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-               
  network-ports         Configure network or TAP ports
pbnoscli(config-flow-flow01)# network-ports Ethernet1/1,Ethernet2/1
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet0,Ethernet4
!
pbnoscli#

Configuring Tool Ports

You can specify the destination(s) for packets matching the flow. The supported destinations are as follows:

port-id(s): matching traffic redirected to one or more tool ports
port-channel: matching traffic redirected to multiple tool ports with symmetric load balancing

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-ports Ethernet1/1,Ethernet2/1
pbnoscli(config-flow-flow01)# tool-      
  tool-ports            Configure network tool or analyzer ports
pbnoscli(config-flow-flow01)# tool-ports port-channel1,Ethernet8/1
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1
pbnoscli#

pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
!
pbnoscli#

Configuring Flows

You can configure flows with rules to replicate and filter traffic between the network and tool ports.

Flow can be used to create a traffic stream between the network port and tool port, The traffic can be filtered by configuring rule(s) to permit/deny matching traffic.

Reference

Command

[no] flow <flow-name>

Description

Create/Delete Flow

Parameters

Flow-name—maximum of 10 characters

Interface

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# exit

//to delete a flow
pbnoscli(config)# no flow flow01
pbnoscli(config)

Configuring Flow Description

You can specify the description of the flow. The description can contain upto 48 characters long and is case-sensitive.

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# descript    
  description           Configure description for flow
pbnoscli(config-flow-flow01)# description "--Flow Description--"
pbnoscli(config-flow-flow01)# 

//to remove flow description
pbnoscli(config-flow-flow01)# no description
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Description  : --Flow Description--
pbnoscli#

pbnoscli# show running-config
configure terminal
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
!
pbnoscli#

Configuring Flow Rules (NVIDIA)

NVIDIA ASIC

You can configure a rule with certain qualifiers to aggregate and filter traffic from network port(s) to tool port(s) for monitoring.

Before configuring flow rules, Network and Tool ports must be configured

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 
  action                Add rule specific action
  deny                  Deny traffic
  permit                Permit traffic
pbnoscli(config-flow-flow01)# rule 1 permit 
  <cr>
  counters              Enable counters
  description           Add description within double quotes
  dest-ip               Destination IP address
  dscp                  Differentiated services code point
  ethertype             ethernet type, 0x800, 0x8100
  gtp                   GTP Tunneling
  l4portdst             L4 destination port
  l4portsrc             L4 source port
  match-all             Match all
  protocol              IP protocol
  qualifiers            Flow Rule Qualifiers
  src-ip                Source IP address
  tcpctl                TCP Control Flags
  tosval                Type of Service
  ttl                   Time-to-live
  vlan                  Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable 

//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow summary 
Flow-Name       Rule-Id        Status      Counter-Value
=========================================================
flow01          1             Active          1675               
pbnoscli# 

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 2401::1         
Source Mask              : f::f            
Destination IP           : 2401::2         
Destination Mask         : f::f            
Counters                 : enable          
pbnoscli#

\\Configuring IPv4 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli#

\\Configuring IPv6 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli#

Configuring Flow Rules (Broadcom)

Broadcom ASIC

You can configure a rule with certain qualifiers to aggregate and filter traffic from network port(s) to tool port(s) for monitoring.

Before configuring flow rules, Network and Tool ports must be configured

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 
  action                Add rule specific action
  deny                  Deny traffic
  ipv6                  IPv6 Rule
  permit                Permit traffic
pbnoscli(config-flow-flow01)# rule 1 ipv6   
  deny                  Deny traffic
  permit                Permit traffic
pbnoscli(config-flow-flow01)# rule 1 ipv6 
pbnoscli(config-flow-flow01)# rule 1 permit 
  <cr>
  counters              Enable counters
  description           Add description within double quotes
  dest-ip               Destination IP address
  dscp                  Differentiated services code point
  ethertype             ethernet type, 0x800, 0x8100
  l4portdst             L4 destination port
  l4portsrc             L4 source port
  match-all             Match all
  protocol              IP protocol
  src-ip                Source IP address
  tcpctl                TCP Control Flags
  tosval                Type of Service
  ttl                   Time-to-live
  vlan                  Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable 

//to remove a rule
pbnoscli(config-flow-flow01)# no rule 1
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow summary 
Flow-Name       Rule-Id        Status      Counter-Value
=========================================================
flow01          1             Active          1671               

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 10.10.0.0       
Source Mask              : 255.255.255.0   
Destination IP           : 20.0.20.0       
Destination Mask         : 255.255.255.0   
Counters                 : enable          
pbnoscli#

\\Configuring IPv4 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
!
pbnoscli#

\\Configuring IPv6 rules
pbnoscli# show running-config 
configure terminal
port-channel 1 ports Ethernet63/1,Ethernet64/1
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
description "--Flow Description--"
network-ports Ethernet1/1,Ethernet2/1
tool-ports port-channel1,Ethernet8/1
rule 1 ipv6 permit src-ip 2401::1 src-netmask f::f dest-ip 2401::2 dest-netmask f::f counters enable
!
pbnoscli#

Configuring Flow Match Expression Rules

Using this command, users can configure a rule using an expression string for both inner and outer headers in encapsulated packets.

Before configuring flow rules, Network and Tool ports must be configured

This feature is supported only on NVIDIA spectrum-2/3 platforms

Reference

Command

rule ((deny | permit) [description ] [match-expression ] [counters (enable | disable )]

no rule <ruleid>

Description

Rule configuration

Parameters

ruleid: It should be in the range 1 to 6000
description: max 50 characters. match
expression: qualifiers can be added to this string
counters: can be enabled or disabled

Mode

FLOW

Expression qualifiers -
ethertype - L2 Ethertype, vlan - Vlan header value, src-ip - Source IP prefix, src-netmask - Source IP mask, dest-ip- Destination IP prefix, dest-netmask- Destination IP mask, protocol - Protocol type, l4portsrc- Transport layer source port, l4portdst - Transport layer destination port, tosval - Type of Service value, dscp - Differentiated services field value, ttl - Packet TTL, tcpctl - TCP control value, tcpctlmask - TCP control mask, teid - Encapsulation tunnel ID, inner-sip - Inner IP Source Address, inner-dip - Inner IP Destination Address, inner-protocol - Inner Header Protocol, inner_l4srcport - Inner Header UDP Source Port, inner_l4destport - Inner Header UDP Destination Port

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression" 
  <cr>
  counters              Enable counters
  dest-ip               Destination IP address
  dscp                  Differentiated services code point
  ethertype             ethernet type, 0x800, 0x8100
  gtp                   GTP Tunneling
  l4portdst             L4 destination port
  l4portsrc             L4 source port
  match-all             Match all
  match-expression      Flow Rule Qualifiers
  protocol              IP protocol
  src-ip                Source IP address
  tcpctl                TCP Control Flags (maximum value is 0x3f)
  tosval                Type of Service
  ttl                   Time-to-live
  udf-data              User Defined Data
  vlan                  Vlan Identifier
pbnoscli(config-flow-flow01)# rule 1 permit description "Match Expression" 
pbnoscli(config-flow-flow01)# $Match Expression" match-expression 
  <matchexpression>     Example qualifiers: ethertype, vlan, src-ip, src-netmask, 
                                            dest-ip, dest-netmask, protocol, l4portsrc,
                                            l4portdst, tosval, dscp, ttl, tcpctl, tcpctlmask,
                                            teid, inner-sip, inner-dip, inner-protocol, 
                                            inner_l4srcport, inner_l4destport
pbnoscli(config-flow-flow01)# $Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
pbnoscli(config-flow-flow01)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : port-channel1,Ethernet8/1

Rule : 1               
++++++++++++++++++++++++++++++++++
Vlan                     : 100             
Source IP                : 1.1.1.1         
Source Mask              : 255.255.255.255 
Destination IP           : 2.2.2.2         
Destination Mask         : 255.255.255.255 
Protocol                 : udp             
Inner Source IP          : 10.10.10.1      
Inner Source Mask        : 255.255.255.255 
Inner Destination IP     : 20.20.20.2      
Inner Destination Mask   : 255.255.255.255 
Action                   : permit          
Description              : Match Expression
Counters                 : enable          
pbnoscli# 

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          DropRule        40960           42156085        
flow01          1               57344           455049065       
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
port-channel 1 ports Ethernet63/1,Ethernet64/1
flow flow01
network-ports Ethernet16
tool-ports Ethernet20
rule 1 permit description "Match Expression" match-expression "vlan 100 src-ip 1.1.1.1/32 dest-ip 2.2.2.2/32 protocol udp inner-sip 10.10.10.1/32 inner-dip 20.20.20.2/32" counters enable
!
pbnoscli#

Configuring Flow UDF Rules

User Defined Filtering can be considered an inspection of a packet based on offset values. An ACL can be defined with UDF matching capabilities to give granularity and flexibility when identifying traffic patterns. It is often used for deeper packet analysis. Typical use cases include finding patterns inside the inner header when packets are tunnelled.

Using UDF, users can configure a rule to match specific bytes in the ingress packet based on a given offset to permit or deny matched packets

Offset for the L3 packet starts from the IP header in the packet
offset for the L2 packet starts from EtherType in the packet

Note: The maximum length that can be matched is 40 characters (i.e. 20 bytes), and the minimum is 4 characters (i.e. 2 bytes), excluding the "0x" prefix. The character string must be an even number of characters.

Before configuring flow rules, Network and Tool ports must be configured

This feature is supported only on NVIDIA spectrum-2/3 platforms

UDF and GTP can not be configured together on a device

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# 
  !                     Exit from the current prompt
  description           Configure description for flow
  enable                Enable the flow
  end                   Exit to exec prompt
  exit                  Exit from the current prompt
  network-ports         Configure network or TAP ports
  no                    no form
  pop-vlan              Pop Vlan Tag
  push-vlan-tag         Push VLAN tag
  rule                  Configure rule
  show                  Show commands
  tool-ports            Configure network tool or analyzer ports
  top                   Exit to the configuration prompt
pbnoscli(config-flow-flow01)# rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
pbnoscli(config-flow-flow01)# rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable 
pbnoscli(config-flow-flow01)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1     
Tool-Port    : Ethernet2/1     

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Description              : UDF             
UDF Data                 : 0xb166          
UDF Extraction Group     : l2              
UDF Offset               : 2               
Counters                 : enable          

Rule : 2               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Description              : UDF             
UDF Data                 : 0x4500          
UDF Extraction Group     : l3              
UDF Extraction Point     : ipv4            
UDF Offset               : 0               
Counters                 : enable          
pbnoscli# 
 

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          2               98304           503378220       
flow01          DropRule        73728           4390145               
flow01          1               90112           2270112825               
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1
tool-ports Ethernet2/1
rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable 
!
pbnoscli#

Configuring Push/Pop VLAN

VLAN aware mode provides OPB administrators with the ability to match and modify packets in the flow before forwarding them to the tool port(s).

You can configure the OPBNOS to modify the flow as below:

Push VLAN - Push a new VLAN Tag onto the egress traffic.
Pop VLAN - Pop(remove) the VLAN Tag from the egress traffic.

This feature is only supported on the NVIDIA platforms

Reference

Command

push-vlan-tag <vid>

Description

push VLAN to traffic matching the rules configured in the map

Parameters

vlanid—within 1 to 4094

Mode

flow

Example

pbnoscli# configure terminal
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# push-vlan-tag 
  <pushvlanid>          Add VLAN tag (1...4094)
pbnoscli(config-flow-flow01)# push-vlan-tag 1002
pbnoscli(config-flow-flow01)# 

//to remove push tag
pbnoscli(config-flow-flow01)# no push-vlan-tag 
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : Ethernet8/1       
Push vlan     : enable          
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet2/1
tool-ports Ethernet8/1
push-vlan-tag 1002
!
pbnoscli#

Reference

Command

pop-vlan

Description

pop Vlan Tag from ingress packets received

Parameters

disable/enable

Mode

flow

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01             
pbnoscli(config-flow-flow01)# pop-vlan 
  disable               Disable Vlan stripping
  enable                Enable Vlan stripping
pbnoscli(config-flow-flow01)# pop-vlan enable 
pbnoscli(config-flow-flow01)#  

//to disable pop-vlan
pbnoscli(config-flow-flow01)# pop-vlan disable 
pbnoscli(config-flow-flow01)#

You can verify the configuration by using the command(s) below:

pbnoscli# show flow flow01

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1,Ethernet2/1
Tool-Port    : Ethernet8/1       
Pop vlan     : enable          
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet2/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet4/1
tool-ports Ethernet8/1
pop-vlan enable
!
pbnoscli#

Configuring Flow Override Action(s)

You can configure a rule to override the configured flow action for egress ports to push and/or pop VLAN. You can also override tool port(s) for egress traffic.

override-action is per-rule and will require override-action for every rule in the flow

Reference

Command

rule 1 action

override-pop-vlan Override action to pop the VLAN override-push-vlan-tag Override action to push VLAN Tag override-to Override to configure a rule specific network tool or analyzer ports

Description

Rule actions

Parameters

● ruleid: It should be in the range 1 to 6000 ● override-to: override egress ports ● override-push-vlan: override MAP push VLAN ● override-pop-vlan: override pop VLAN

Mode

FLOW

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-ports Ethernet4
pbnoscli(config-flow-flow01)# tool-ports Ethernet8
pbnoscli(config-flow-flow01)# rule 1 
  action                Add rule specific action
  deny                  Deny traffic
  permit                Permit traffic
pbnoscli(config-flow-flow01)# rule 1 action 
  <cr>
  override-pop-vlan       Override action to pop the VLAN
  override-push-vlan-tag  Override action to push VLAN Tag
  override-to             Override to configure a rule specific network tool or analyzer ports
pbnoscli(config-flow-flow01)# rule 1 action override-to Ethernet12

You can verify the configuration by using the command(s) below:

pbnoscli# show flow all

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet4/1       
Tool-Port    : Ethernet8/1       

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 10.10.0.0       
Source Mask              : 255.255.255.0   
Destination IP           : 20.0.20.0       
Destination Mask         : 255.255.255.0   
Counters                 : enable          
Override To        : Ethernet12/1      
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface ethernet Ethernet1/1
forward-error-correction rs
type network
!
interface ethernet Ethernet4/1
forward-error-correction rs
type network
!
interface ethernet Ethernet8/1
forward-error-correction rs
type tool
!
interface ethernet Ethernet12/1
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.53/23 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1,Ethernet4/1
tool-ports Ethernet8/1
rule 1 permit src-ip 10.10.0.0/24 dest-ip 20.0.20.0/24 counters enable
rule 1 action override-to Ethernet12/1
!
pbnoscli#

Display Flow Information

Use the following command to check the rate of data flowing through a flow:

Reference

Command

show flow (all | <flow-name> ) rate

Description

Display flow rate for a flow

Parameters

flow-name - max 20 characters

Mode

EXEC

Example

pbnoscli# show flow counters all rate
Flow-Name                  Rate (BPS)          Rate (PPS)
===============================================================
flow1                        0.15 B/s            0.00 P/s
pbnoscli#

You can display the flow configuration and operational status as follows:

Reference

Command

show flow (all | <flow-name> rule <rule-id> )

Description

Displays all the flow configurations and rule configurations

Parameters

flow-name—max 20 characters

rule-id – within 1 to 6000

Mode

EXEC

Example

pbnoscli# show flow all

===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet4/1       
Tool-Port    : Ethernet8/1       

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 10.10.0.0       
Source Mask              : 255.255.255.0   
Destination IP           : 20.0.20.0       
Destination Mask         : 255.255.255.0   
Counters                 : enable          
Override To        : Ethernet12/1      

===================================
Flow : flow02 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet16/1      
Tool-Port    : Ethernet20/1      

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 2401::1         
Source Mask              : f::f            
Destination IP           : 2401::2         
Destination Mask         : f::f            
TTL                      : 30              
Protocol                 : tcp             
Tosval                   : 4               
Counters                 : enable          
pbnoscli#

pbnoscli# show flow flow02 rule 1

===================================
Flow : flow02 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet16/1      
Tool-Port    : Ethernet20/1      

Rule : 1               
++++++++++++++++++++++++++++++++++
Action                   : permit          
Source IP                : 2401::1         
Source Mask              : f::f            
Destination IP           : 2401::2         
Destination Mask         : f::f            
TTL                      : 30              
Protocol                 : tcp             
Tosval                   : 4               
Counters                 : enable          
pbnoscli#

Use the following command to show the flow summary:

Reference

Command

show flow summary

Description

Displays the summary of all OPB flows

Parameters

None

Mode

EXEC

Example

pbnoscli# show flow summary 
Flow-Name       Rule-Id        Status      Counter-Value
=========================================================
flow01          1             Active          5643               
flow02          1             Active          18236               
pbnoscli#

Use the following command to display the counters of all the flows:

Reference

Command

show flow counters (all |<flow-name> )

Description

Displays the counters of all the OPB flows

Parameters

flow-name – max 20 characters

Mode

EXEC

Example

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow02          1               65536           18236               
flow01          1               40960           5643               
flow02          DropRule        57344           14               
flow01          DropRule        32768           18               
pbnoscli#

pbnoscli# show flow counters flow01
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          1               40960           5643               
flow01          DropRule        32768           18               
pbnoscli#

Clear Flow Counters

You can use the following command to clear all ASIC Flow counters:

Reference

Command

clear flow counters (all | <flow-name> [rule <ruleid> ])

Description

Clear command

Parameters

None

Mode

EXEC

Example

pbnoscli# clear flow counters all 
pbnoscli# 
pbnoscli# clear flow counters flow01
pbnoscli#

pbnoscli# show flow counters all
Flow-Name       Rule-Id        ASIC-Stat-Id   Counter-Value
=============================================================
flow01          DropRule        32768           0               
flow01          1               40960           0               
pbnoscli#

Configuring GTP Flow

Enable GTP Parsing

Reference

Command

gtp no gtp

Description

Global GTP Parsing

Parameters

None

Mode

EXEC

Example

//enabling GTP
pbnoscli(config)# gtp 

//disabling GTP
pbnoscli(config)# no gtp

GTP Rule Match For Inner Headers

Using the following commands, you can configure a rule with GTP packet qualifiers to monitor the packets.

Before configuring rules, network and tool ports must be configured.
GTP must be enabled in config mode.

GTP and UDF can not be configured together on a device

Reference

Command

rule <ruleid> ( permit ) [description <cstring>] [gtp <gtpexpression> ] [counters (enable | disable)]

no rule <ruleid>

Description

Rule Configuration

Parameters

ruleid: It should be in the range 1 to 6000 description: max 50 characters.

gtp Example qualifiers: teid - Tunnel ID, match-all-ipv4 - Match all inner IPv4, match-all-ipv6 - Match all inner IPv6 ,inner-sip - Inner IP Source Address, inner-dip - Inner IP Destination Address, inner-protocol - Inner Header Protocol, inner_l4srcport - Inner Header UDP Source Port, inner_l4destport - Inner Header UDP Destination Port

Mode

FLOW

Example

pbnoscli# configure terminal 
pbnoscli(config)# flow flow01
pbnoscli(config-flow-flow01)# network-ports Ethernet1/1
pbnoscli(config-flow-flow01)# tool-ports Ethernet4/1
pbnoscli(config-flow-flow01)# rule 1 permit gtp "teid 0x11112222 inner-sip 10.10.10.10/24 inner-dip 20.20.20.20/24 inner_protocol tcp inner_l4srcport 2152 inner_l4destport 2153" counters enable
pbnoscli(config-flow-flow01)# rule 2 permit gtp "teid 0x11112222 inner-sip 1001:11::1 inner-smask ffff:: inner-dip 2002:22::2 inner-dmask f::f inner_protocol tcp inner_l4srcport 2152 inner_l4destport 2153" counters enable
pbnoscli(config-flow-flow01)#

To verify flow, use the following command:

pbnoscli# show flow summary 
Flow-Name       Rule-Id        Status      Counter-Value
=========================================================
flow01          2             Active          3574             
flow01          1             Active          1123               
pbnoscli# 

pbnoscli# show flow all
===================================
Flow : flow01 (CLI)
===================================
Status       : enable          
Network-Port : Ethernet1/1     
Tool-Port    : Ethernet4/1     

Rule : 1               
++++++++++++++++++++++++++++++++++
TEID                     : 0x11112222      
Inner Source IP          : 10.10.10.10     
Inner Source Mask        : 255.255.255.0   
Inner Destination IP     : 20.20.20.20     
Inner Destination Mask   : 255.255.255.0   
Inner Protocol           : tcp             
Inner Source l4port      : 2152            
Inner Destination l4port : 2153            
Action                   : permit          
Counters                 : enable          

Rule : 2               
++++++++++++++++++++++++++++++++++
Inner Source IP          : 1001:11::1      
Inner Source Mask        : ffff::          
Inner Destination IP     : 2002:22::2      
Inner Destination Mask   : f::f            
Inner Protocol           : tcp             
Inner Source l4port      : 2152            
Inner Destination l4port : 2153            
Action                   : permit          
pbnoscli#

pbnoscli# show running-config
configure terminal
gtp
interface ethernet Ethernet120
forward-error-correction rs
type network
!
interface ethernet Ethernet124
forward-error-correction rs
type tool
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
flow flow01
network-ports Ethernet1/1
tool-ports Ethernet4/1
rule 1 permit gtp "teid 0x11112222 inner-sip 10.10.10.10/24 inner-dip 20.20.20.20/24 inner_protocol tcp inner_l4srcport 2152 inner_l4destport 2153" counters enable
rule 2 permit gtp ""teid 0x11112222 inner-sip 1001:11::1 inner-smask ffff:: inner-dip 2002:22::2 inner-dmask f::f inner_protocol tcp inner_l4srcport 2152 inner_l4destport 2153"
!
pbnoscli#

Configuring IPv6 Reachability Check

Before sending the VXLAN encapsulated packets to the OPBNOS switch, the peer node can check the IPv6 reachability to the switch using the ping command. Here, we can configure multiple vlan and SVI configurations with multiple IPv6 to each vlan. Each IPv6 would be reachable(ping check) from the peer node. It ensures proper handling of VXLAN and ICMP packets through flow-based rules.

This feature is supported only on the Nvidia platforms

Configuration steps on the OPB switch

1. Create VLAN

pbnoscli# configure terminal 
pbnoscli(config)# vlan <vlan-id>
pbnoscli(config)# end
pbnoscli# save

2. SVI Configuration (Configure IPv6 to Switched Virtual Interface with VLAN)

pbnoscli# configure terminal
pbnoscli(config)# interface vlan <vlan-id> //associated with one VLAN only
pbnoscli(config-if)# ip add <ipv6-address/64>
pbnoscli(config-if)# ip add <ipv6-address/64>
..
..
pbnoscli(config-if)# end
pbnoscli#save

3. VLAN Membership (Static)

pbnoscli# configure terminal
pbnoscli(config-if)# interface ethernet <Ethernet Name>
pbnoscli(config-if)# switchport vlan <vlan-id>
pbnoscli(config-if)# end
pbnoscli# save

4. VXLAN Encapsulation and Packet Handling

When the peer device checks for OPBNOS reachability, certain types of packets, including ARP, ICMP, and ICMPv6, need to be processed along with the VXLAN packet that needs to be forwarded. But to achieve this PING related packets are lifted to the CPU.

There are two types of traffic discussed:

ICMP/ICMPv6 Traffic for Reachability: The CPU should always process this traffic.
VXLAN Data Traffic from the Peer: This traffic should always be handled in the data path or hardware.

However, when a flow is configured to match all IP traffic, ICMP/ICMPv6 packets are also matched and forwarded to tool ports, which causes the ping to fail. To address this, we added a flow provision to send only ICMP/ICMPv6 packets to the CPU for ping handling, while the rest of the data traffic is handled and forwarded by the hardware.

Example

pbnoscli# configure terminal
pbnoscli(config)# flow flow1
pbnoscli(config-flow-flow1)# network-ports Ethernet2/1
pbnoscli(config-flow-flow1)# tool-ports Ethernet32/1 
pbnoscli(config-flow-flow1)# rule 10 permit ethertype 0x0806 counters enable 
pbnoscli(config-flow-flow1)# rule 10 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 20 permit protocol 1 counters enable 
pbnoscli(config-flow-flow1)# rule 20 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 30 permit protocol 58 counters enable 
pbnoscli(config-flow-flow1)# rule 30 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 40 permit match-all ipv6 counters enable
pbnoscli(config-flow-flow1)# end
pbnoscli# save

If the vxlan packet is not destined to OPBNOS, add another rule and set dest-mac from the tunnel Source MAC

Example

rule 50 action overwrite dest-mac 1c:34:da:24:de:00 dest-port 4789

EtherType and Protocol Numbers to Distinguish ARP, ICMP, and ICMPv6:

ARP: EtherType 0x0806
IPv4 Ping (ICMP): Protocol Number 1
IPv6 Ping (ICMPv6): Protocol Number 58

Configuration and ping check on the Peer Node

1. Configure IPv6 on interfaces(not associated with VLAN)

// sonic command
sudo config interface ip add <Ethernet Name> <ipv6-address/64>

2. Ping to the IPv6 address configured on the OPBNOS switch

ping <ipv6-address>

Configuring VXLAN Flow

Limitations

Modification to the Tunnel config or Tunnel-related Flow is not supported. However, you can delete the existing configuration and create a new one as needed.
Flow with Tunnel interface cannot have an 'override-to' action in the rule configuration
Configure Tunnel Flow only after the VxLAN tunnel is operationally 'UP' in the "show vxlan tunnel all/<tunnel-id>" output
Only 1 rule can be configured in tunnel-related flow
The current release doesn't support VxLAN tunnel over a LAG interface
For remote VxLAN-VTEP(Different subnet), the below order has to be followed for configuration

tunnel tunnel1
interface <interface>
source-ip <src-ip>       
gateway <gateway-ip>
destination-ip <dest-ip>
vni <vni-id>
vlan-tagging disable

Tunnel Configuration

Reference

Command

tunnel <tunnelname> no tunnel <tunnelname>

Description

Create tunnel

Parameters

Tunnelname

Mode

CONFIG

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config)# no tunnel tunnel1

Tunnel Attributes

Using this command, you can configure the attributes of the tunnel. Gateway is provisioned only when the nodes are not directly connected

Note: Updation of the tunnel is not supported. The tunnel must be deleted and re-configured for any change

Reference

Command

[no] tunnel <tunnel-name>

Description

Create tunnel

Parameters

interface: Configure tunnel ports

source-ip : Source IP address destination-ip : Destination IP address

gateway : Gateway IPv4 Address

vni : VXLAN network identifier[ range: 4096 - 16777215]

source-port : Tunnel Source Port vlan-tagging : Tunnel VLAN Tagging

Mode

TUNNEL

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config-tunnel-tunnel1)# interface Ethernet4/1
pbnoscli(config-tunnel-tunnel1)# source-ip 1.1.1.1
pbnoscli(config-tunnel-tunnel1)# destination-ip 2.2.2.2
pbnoscli(config-tunnel-tunnel1)# source-port 10
pbnoscli(config-tunnel-tunnel1)# vlan-tagging enable
pbnoscli(config-tunnel-tunnel1)# vni 4096
pbnoscli(config-tunnel-tunnel1)#

Flow based Encap Configuration

You can set the rules for the VxLAN Encap using flow. Here the tool port must be the tunnel name created using tunnel config command.

Reference

Command

flow flowname

network-ports Ethernet4/1

tool-ports tunnel1

rule 1 permit match all

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt from Configure network or TAP ports

no no form

rule Configure rule

to Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow flow1
pbnoscli(config-flow-flow1)# network-ports Ethernet4/1
pbnoscli(config-flow-flow1)# tool-ports tunnel1
pbnoscli(config-flow-flow1)# rule 1 permit match-all
pbnoscli(config-flow-flow1)# end
pbnoscli#

Flow-Based Decap Configuration

You can set the rules for the VxLAN Decap using flow.. Here the Network port must be the tunnel name created using tunnel config command.

Reference

Command

flow flowname

network-ports tunnel1

tool-ports Ethernet10/1

rule 1 permit match all

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt from Configure network or TAP ports

no no form

rule Configure rule

to Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow flow1
pbnoscli(config-flow-flow1)# network-ports tunnel1
pbnoscli(config-flow-flow1)# tool-ports Ethernet10/1
pbnoscli(config-flow-flow1)# rule 1 permit match-all
pbnoscli(config-flow-flow1)# end
pbnoscli#

Show VXLAN Tunnel Command

You can display the Vxlan tunnel configurations using this command.

Reference

Command

vxlan ("VxLAN Tunnel") tunnel ("Tunnel Information") (all ("Displays all VXLAN Tunnel configuration") | ("Displays specific VXLAN Tunnel configuration") <tunnelid:string length[10]> ("Tunnel Name")),

Description

Displays VXLAN tunnel

Example

pbnoscli# show vxlan tunnel all

===============================================
VXLAN Tunnel - tunnel
===============================================

===============================================
VXLAN Tunnel - tunnel1
===============================================
Tunnel Port       : Ethernet4/1
Source IP         : 1.1.1.1
Destination IP    : 2.2.2.2
Source MAC        : 1c:34:da:23:77:00
VN-ID             : 1335637472
pbnoscli#

Configuring VXLAN Stripping

Configure this feature to strip all incoming IPv4/IPv6 VxLAN traffic.

This feature is supported only on NVIDIA spectrum-2/3 platforms

Restrictions

The source-IP in tunnel configuration & dest-IP in flow rule configuration should be the same for VxLAN stripping to work.
The dest-mac in the flow rule configuration should be the system-mac of the switch, this can be retrieved using the "show platform syseeprom" command.
The strip-vxlan interface in the tunnel configuration should be a configured as logical loopback.
A physical loopback is required between egress-interface from the tunnel and the tool port as Egress interface for Inner Tagged Vlan.

Flow-based IP-Swap Configuration

Use the below command to configure the flow to swap the MAC & the IP address of incoming traffic:

Reference

Command

flow <name>

network-ports <port>

tool-ports <tunnel>

rule <to wap IP & MAC>

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt network-ports Configure network or TAP ports

no no form

rule Configure rule

tool-ports Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow swap
pbnoscli(config-flow-swap)# network-ports Ethernet1/1
pbnoscli(config-flow-swap)# tool-ports Ethernet50/1
pbnoscli(config-flow-swap)# rule 5 permit protocol 58 counters enable
pbnoscli(config-flow-swap)# rule 5 action override-to cpu
pbnoscli(config-flow-swap)# rule 6 permit match-all counters enable
pbnoscli(config-flow-swap)# rule 6 action overwrite dest-ip 10.10.10.1 dest-mac 1c:34:da:23:77:00 dest-port 4789
pbnoscli(config-flow-swap)# rule 7 permit match-all ipv6 counters enable
pbnoscli(config-flow-swap)# rule 7 action overwrite dest-mac 1c:34:da:23:77:00 dest-port 4789
pbnoscli(config-flow-swap)# end
pbnoscli#

A Physical loop is required from the tunnel1-egress_interface (Ethernet41/1) to Tool port to (Ethernet42/1) egress interface for Tagged inner Vlan .

Tunnel Configuration

Reference

Command

tunnel <tunnelname> no tunnel <tunnelname>

Description

Create tunnel

Parameters

Tunnelname

Mode

CONFIG

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config)# no tunnel tunnel1

Tunnel Attributes

Use the below command to configure the tunnel attributes:

Tunnel attributes cannot be modified directly. To make changes, delete the existing tunnel and configure a new one.

Reference

Command

[no] tunnel <tunnel-name>

Description

Create tunnel

Parameters

comment: Configure comment for tunnel

decap-vxlan: Enable Tunnel to decap VXLAN packet destined to the device

destination-ip: Destination IP address

gateway: Gateway IPv4 Address

ingress-interface: Configure tunnel port

source-ip: Source IP address

source-port: Tunnel Source Port

strip-vxlan: Enable Tunnel to STRIP all the incoming VXLAN packet

vlan-tagging: Tunnel VLAN Tagging

vni: VXLAN network identifier

Mode

TUNNEL

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config-tunnel-tunnel1)# ingress-interface Ethernet50/1
pbnoscli(config-tunnel-tunnel1)# strip-vxlan egress Ethernet41/1
pbnoscli(config-tunnel-tunnel1)# source-ip 10.10.10.1
pbnoscli(config-tunnel-tunnel1)# destination-ip 10.10.10.2
pbnoscli(config-tunnel-tunnel1)# vni 4098
pbnoscli(config-tunnel-tunnel1)# vlan-tagging disable
pbnoscli(config-tunnel-tunnel1)#

Flow-Based Egress Configuration

Use the below command to configure the flow to egress the stripped traffic

Reference

Command

flow <name>

network-ports <port>

tool-ports <port>

rule 1 permit match all

rule 2 permit match-all ipv6

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt network-ports Configure network or TAP ports

no no form

rule Configure rule

tool-ports Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow egress
pbnoscli(config-flow-egress)# network-ports Ethernet42/1
pbnoscli(config-flow-egress)# tool-ports Ethernet64/1
pbnoscli(config-flow-egress)# rule 10 permit match-all counters enable
pbnoscli(config-flow-egress)# rule 20 permit match-all ipv6 counters enable
pbnoscli(config-flow-egress)# rule 20 action override-to Ethernet64/1
pbnoscli(config-flow-egress)# end
pbnoscli#

Show VXLAN Tunnel Command

You can display the Vxlan tunnel configurations using this command.

Reference

Command

vxlan ("VxLAN Tunnel") tunnel ("Tunnel Information") (all ("Displays all VXLAN Tunnel configuration") | ("Displays specific VXLAN Tunnel configuration") <tunnelid:string length[10]> ("Tunnel Name")),

Description

Displays VXLAN tunnel

Example

pbnoscli# show vxlan tunnel all

===============================================
VXLAN Tunnel - tunnel1
===============================================
Tunnel Port       : Ethernet50/1
Source IP         : 10.10.10.1
Destination IP    : 10.10.10.2
Source MAC        : 1c:34:da:23:77:00
VN-ID             : 4098
Vlan Tagging      : false
Tunnel Status     : UP
pbnoscli#

Configuring SNMP

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour.

SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the managed systems organized in a Management Information Base (MIB) which describes the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.

Configure SNMP community

You can configure the SNMP Community string using the below command:

Reference

Example

pbnoscli# configure terminal
pbnoscli(config)# snmp-server 
  community             Community string authentication
  contact               Configure SNMP contact
  location              Configure SNMP location
  trap                  Trap configuration
  user                  SNMP user
pbnoscli(config)# snmp-server community 
 <comm>                
pbnoscli(config)# snmp-server community public
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-community
===================================================
Community    
===================================================
public (Read-only)
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
snmp-server community public
!
pbnoscli#

Configuring SNMP Trap

Configure SNMP Trap

Traps are used when the Device needs to alert the Network Management software of an event without being polled. Traps ensure that the NMS gets information if a certain event occurs on the device that needs to be recorded without being polled by the NMS first. Managed network devices will have Trap MIBs with predefined conditions built into them. It’s crucial that the Network management system has these MIBs compiled into them to receive any traps sent by the given device/s. The primary focus of this feature is to support SNMP Trap notifications and in particular, linkUp, linkDown and config change trap notifications.

Supported MIBs

MIBS added to support SNMP Trap
DISMAN-EVENT-MIB.txt
INET-ADDRESS-MIB.txt
IPV6-TC.txt
SNMP-FRAMEWORK-MIB.txt
SNMPv2-SMI.txt
DISMAN-SCHEDULE-MIB.txt
IP-FORWARD-MIB.txt
IPV6-UDP-MIB.txt
SNMP-MPD-MIB.txt
SNMPv2-TC.txt
ENTITY-MIB.txt
IP-MIB.txt
MTA-MIB.txt
SNMP-NOTIFICATION-MIB.txt
SNMPv2-TM.txt
HOST-RESOURCES-MIB.txt
IPV6-ICMP-MIB.txt
NETWORK-SERVICES-MIB.txt
SNMP-TARGET-MIB.txt
SNMP-VIEW-BASED-ACM-MIB.txt
HOST-RESOURCES-TYPES.txt
IPV6-MIB.txt
NOTIFICATION-LOG-MIB.txt
SNMP-USER-BASED-SM-MIB.txt
TCP-MIB.txt
IF-MIB.txt
IPV6-TCP-MIB.txt
SNMP-COMMUNITY-MIB.txt
SNMPv2-MIB.txt
UDP-MIB.txt

With these MIBs, you can trigger sending an SNMP trap to a configured SNMP-server host based on certain events. Also, GET/GETNext/WALK operations can be supported on these mibs. The linkUp and linkDown traps are sent to the configured host in the event that an interface Admin or Oper status changes from up to down or vice-versa. The configChange trap monitors NPB (MAP, rule, port-npb config) and port (Speed, MTU, FEC, Autoneg) configuration changes. A configChangeTrap PDU is sent to the host when any value in these tables are modified, added or removed.

It's recommended not to set up more than 4 SNMP-Trap servers.

Reference

Command

[no] snmp-server trap modify <version><ip4addr|ip6addr> [port <value>] [community

<value>]

Description

SNMP trap configuration

Parameters

Version, IPv4 or v6 Address , port, community values

Mode

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# snmp-server 
  community             Community string authentication
  contact               Configure SNMP contact
  location              Configure SNMP location
  trap                  Trap configuration
  user                  SNMP user
pbnoscli(config)# snmp-server trap 
  cpu-util              CPU utilization
  disk-util             Disk utilization
  fan-util              FAN utilization
  mem-util              Memory utilization
  modify                Modify
  psu-util              PSU utilization
pbnoscli(config)# snmp-server trap modify 
  <version>             Version value
pbnoscli(config)# snmp-server trap modify 2 
  <ipaddr>              A.B.C.D
  <ip6addr>             A:B::C:D
  server-id             Server ID
pbnoscli(config)# snmp-server trap modify 2tr server-id 1 
  <ipaddr>              A.B.C.D
  <ip6addr>             A:B::C:D
pbnoscli(config)# snmp-server trap modify 2 server-id 1 10.2.2.11 port 29 community public
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-trap            
=====================================================================================
Host          Version       Dest IP         Dest Port    Community     Vrf         
=====================================================================================
1                2	   10.2.2.11         29             public     None      
pbnoscli#

Traps are only supported on SNMPv2c

Disable PSU/FAN traps:

Below commands can be used to disable FAN/PSU traps temporarily,

Reference

Command

snmp-server trap (psu-util/fan-util) disable

Description

disable PSU/FAN traps temperoraly

Parameters

FAN/PSU

Mode

EXEC

pbnoscli# configure terminal
pbnoscli(config)# snmp
  snmp-server           SNMP server configuration
pbnoscli(config)# snmp-server
  community             Community string authentication
  trap                  Trap configuration
pbnoscli(config)# snmp-server trap
  cpu-util              CPU utilization
  disk-util             Disk utilization
  fan-util              FAN utilization
  mem-util              Memory utilization
  modify                Modify
  psu-util              PSU utilization
pbnoscli(config)# snmp-server trap psu-util
  disable               Disable the PSU traps
pbnoscli(config)# snmp-server trap psu-util 
  disable               Disable the PSU traps. Notify only on state change
pbnoscli(config)# snmp-server trap psu-util disable
pbnoscli(config)# snmp-server trap fan-util disable 
pbnoscli(config)# end
pbnoscli#

By default, traps are generated every 60 seconds, which may cause unnecessary stress on memory and CPU. To mitigate this, disabling the default behaviour using the above command is recommended for disabling PSU and FAN traps.

This will result in traps being generated only when the PSU/FAN state changes, reducing the load on memory and CPU.

SNMP Trap Logs:

// As received on the SNMP server


//Disk Traps
10.4.5.244.47699 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.3="Current Disk usage 78% falls below threshold 79%" } }
10.4.5.244.47549 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.2="Current Disk usage 88% raised above threshold 80%" } }
10.4.5.244.47239 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.4="Disk /dev/sda3 failed" } }

//CPU Traps
10.4.5.244.49899 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.3="Current CPU usage 70% falling below threshold 80%" } }
10.4.5.244.35699 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.2="Current CPU usage 88% raised above threshold 80%" } }

//Memory Traps
10.4.5.244.47689 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.3="Current mem usage 71% falling below threshold 80%" } }
10.4.5.244.47656 > npbsrv01.snmp: [udp sum ok]  { SNMPv2c C="Aviz" { V2Trap(55) R=755944523  system.sysUpTime.0=5574 S:1.1.4.1.0=88.2.0.2="Current mem usage 88% raised above threshold 80%" } }

//PSU Traps
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(101)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.1 E:58564.2.1.1.1="PSU 2 present, status OK"

//FAN Traps
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan1 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan2 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan3 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan4 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan5 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan6 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan7 present, status OK"
10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(100)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="fan8 present, status OK"

10.4.4.52.32850 > npbsrv01.snmp:  V2Trap(105)  system.sysUpTime.0=42198 S:1.1.4.1.0=E:58564.2.1.1.2 E:58564.2.1.1.2="psu2_fan1 present, status OK"

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
snmp-server trap modify 2 server-id 1 10.2.2.11 port 29 community public
snmp-server community public
snmp-server trap fan-util disable
snmp-server trap psu-util disable
!
pbnoscli#

Configuring SNMP Threshold

You can configure the SNMP Threshold using the below command:

Reference

Example


pbnoscli# configure terminal 
pbnoscli(config)# snmp-server trap 
  cpu-util              CPU utilization
  disk-util             Disk utilization
  fan-util              FAN utilization
  mem-util              Memory utilization
  modify                Modify
  psu-util              PSU utilization
pbnoscli(config)# snmp-server trap disk-util 
  threshold             Threshold limit
pbnoscli(config)# snmp-server trap disk-util threshold 
  <diskutil>            Percentage
pbnoscli(config)# snmp-server trap disk-util threshold 80 
pbnoscli(config)# snmp-server trap cpu-util threshold 82
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-trap thresholds 
======================================
System-Object Threshold
======================================
CPU utilization          : 82
Memory utilization       : 80
Disk utilization         : 80
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
snmp-server trap modify 2 server-id 1 10.2.2.11 port 29 community public
snmp-server community public
snmp-server trap cpu-util threshold 82
snmp-server trap disk-util threshold 80
snmp-server trap fan-util disable
snmp-server trap psu-util disable
!
pbnoscli#

Configuring SNMP User

You can configure the SNMP User string using the below command:

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# snmp-server 
 community              contact                location               trap               user                  
pbnoscli(config)# snmp-server 
  community             Community string authentication
  contact               Configure SNMP contact
  location              Configure SNMP location
  trap                  Trap configuration
  user                  SNMP user
pbnoscli(config)# snmp-server user 
  <user_name>           Enter Username
pbnoscli(config)# snmp-server user aviz 
  priv_type             User Privilage
pbnoscli(config)# snmp-server user aviz priv_type 
  AuthNoPriv            User Authentication and No Encryption
  Priv                  User Authentication and Encryption
  noAuthNoPriv          No user authentication and No Encryption
pbnoscli(config)# snmp-server user aviz priv_type au
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv 
  access                User access permission
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access 
  RO                    Read only
  RW                    Read & Write
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO 
  auth                  Authentication
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth 
  HMAC-SHA-2            
  MD5                   
  SHA                   
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth md
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth MD5 
  auth-password         
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth MD5 auth-password 
  <auth_password>       Auth Password length 8 to 64       
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth MD5 auth-password password 
  <cr>
pbnoscli(config)# snmp-server user aviz priv_type AuthNoPriv access RO auth MD5 auth-password password 
pbnoscli(config)# 


pbnoscli(config)# no snmp-server user aviz
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-users     
======================================================================================================
Users                           Privilage           Access  Authentication      Encryption
======================================================================================================
aviz                            AuthNoPriv          RO      MD5                         
pbnoscli#

Configuring SNMP Location

You can configure the SNMP Location string using the below command:

Reference

Example


pbnoscli# configure terminal
pbnoscli(config)# snmp-server 
  community             Community string authentication
  contact               Configure SNMP contact
  location              Configure SNMP location
  trap                  Trap configuration
  user                  SNMP user
pbnoscli(config)# snmp-server location 
  <loc_str>                
pbnoscli(config)# snmp-server location Location-1
pbnoscli(config)#

pbnoscli(config)# no snmp-server location           
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-location 
===================================================
Location     
===================================================
Location-1
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
snmp-server location Location-1
!
pbnoscli#

Configuring SNMP Contact

You can configure the SNMP Contact string using the below command:

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# snmp-server
pbnoscli(config)# snmp-server contact contact-name 
 <cont_name>           
pbnoscli(config)# snmp-server contact contact-name test-engineer 
  contact-mail
pbnoscli(config)# snmp-server contact contact-name test-engineer contact-mail test@example.com 
pbnoscli#


pbnoscli(config)# no snmp-server contact
pbnoscli#

You can verify the configuration by using the command(s) below:

pbnoscli# show snmp-contact 
===================================================
Contact      
===================================================
Contact Name : test-engineer
Contact Mail : test@example.com
pbnoscli#

pbnoscli# show running-config 
configure terminal
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
snmp-server contact contact-name test-engineer contact-mail test@example.com
snmp-server location Location-1
!
pbnoscli#

Configuring SYSLOG

syslog is a standard for message logging, it's the mechanism through which messages generated by different containers are reported by the switch. These messages are reported in log files, or they can be sent to a remote syslog server.

Logging messages provide operational information about software components, including the status of the application, error reports, and detailed debugging data.

It's recommended not to set up more than 8 SYSLOG servers.

SYSLOG Servers

You can configure the logging of messages to a remote dedicated syslog server using the below command:

Reference

Example

pbnoscli(config)# syslog add 10.4.4.254
Syslog server 10.4.4.254 added to configuration
Restarting rsyslog-config service...
pbnoscli(config)#

pbnoscli(config)# syslog add 2401::1
Syslog server 2401::1 added to configuration
Restarting rsyslog-config service...
pbnoscli(config)#

SYSLOG Severity configuration (Local and Remote)

You can configure the logging of messages to a remote dedicated syslog server. Syslog message whose priority is equal and higher than the configured numerical value (i.e. If the severity level "warning(4)" is set, syslog messages with severity levels of emergency(0), alert(1), critical(2), error(3), and warning(4) will be logged).

Reference

Example

pbnoscli# configure terminal 
pbnoscli(config)# logging level 
  alert                 Alert level(1)
  critical              Critical level(2)
  debug                 Debug level(7)
  emergency             Emergency level(0)
  error                 Error level(3)
  info                  informational level(6)
  notice                Notice level(5)
  warning               Warning level(4)
pbnoscli(config)# logging level debug
pbnoscli(config)#

You can verify the configuration by using the command(s) below:

pbnoscli# show syslog messages 
Sep 25 21:37:07.055105 opb-nos WARNING systemd[1]: snmp.service: Start request repeated too quickly.
Sep 25 21:37:07.055184 opb-nos WARNING systemd[1]: snmp.service: Failed with result 'start-limit-hit'.
Sep 25 21:37:07.055260 opb-nos ERR systemd[1]: Failed to start SNMP container.
Sep 25 21:37:07.056253 opb-nos WARNING systemd[1]: snmp.service: Start request repeated too quickly.
Sep 25 21:37:07.056342 opb-nos WARNING systemd[1]: snmp.service: Failed with result 'start-limit-hit'.
Sep 25 21:37:07.056416 opb-nos ERR systemd[1]: Failed to start SNMP container.
Sep 25 21:37:07.057744 opb-nos WARNING systemd[1]: snmp.service: Start request repeated too quickly.
Sep 25 21:37:07.057842 opb-nos WARNING systemd[1]: snmp.service: Failed with result 'start-limit-hit'.
Sep 25 21:37:07.057923 opb-nos ERR systemd[1]: Failed to start SNMP container.
Sep 25 21:37:07.564801 opb-nos WARNING systemd[1]: snmp.service: Start request repeated too quickly.
Sep 25 21:37:07.565078 opb-nos WARNING systemd[1]: snmp.service: Failed with result 'start-limit-hit'.
Sep 25 21:37:07.565278 opb-nos ERR systemd[1]: Failed to start SNMP container.
Sep 25 21:37:07.566579 opb-nos INFO systemd[1]: Stopping System Logging Service...
Sep 25 21:37:07.566723 opb-nos WARNING systemd[1]: snmp.service: Start request repeated too quickly.
Sep 25 21:37:07.566856 opb-nos WARNING systemd[1]: snmp.service: Failed with result 'start-limit-hit'.
<...>
Sep 25 21:38:47.838099 opb-nos ERR systemd[1]: Failed to start SNMP container.
pbnoscli#

configure terminal
syslog add 10.4.4.254
syslog add 2401::1
logging level debug
!
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#

Ping

Ping is an administration utility used to test the connectivity between two network IP devices.

Ping functions by sending an Internet Control Message Protocol (ICMP) echo request to the specified remote host and waiting for an ICMP reply from that host. Using this method, ping also determines the time interval between when the echo request is sent and when the echo reply is received. This interval is called round-trip time.

At the end of the test, ping displays the minimum, maximum, and average round-trip times, and the standard deviation of the mean. Besides the round-trip time, ping can also measure the rate of packet loss. This is determined by the number of received echo replies over the number of sent echo requests. It is displayed as a percentage.

Reference

Example

pbnoscli# ping 192.168.0.98
ping 192.168.0.98
PING 192.168.0.98 (192.168.0.98) 56(84) bytes of data.
64 bytes from 192.168.0.98: icmp_seq=1 ttl=64 time=1.05 ms
64 bytes from 192.168.0.98: icmp_seq=2 ttl=64 time=0.333 ms
^C
--- 192.168.0.98 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.333/0.691/1.050/0.359 ms

pbnoscli# ping 192.168.0.98 count 2
ping 192.168.0.98 -c 2
PING 192.168.0.98 (192.168.0.98) 56(84) bytes of data.
64 bytes from 192.168.0.98: icmp_seq=1 ttl=64 time=0.548 ms
64 bytes from 192.168.0.98: icmp_seq=2 ttl=64 time=0.497 ms
--- 192.168.0.98 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 0.497/0.522/0.548/0.034 ms

pbnoscli# ping 192.168.0.98 size 100
ping 192.168.0.98 -s 100
PING 192.168.0.98 (192.168.0.98) 100(128) bytes of data.
108 bytes from 192.168.0.98: icmp_seq=1 ttl=64 time=0.548 ms
108 bytes from 192.168.0.98: icmp_seq=2 ttl=64 time=0.510 ms
108 bytes from 192.168.0.98: icmp_seq=3 ttl=64 time=0.496 ms