From 48997c266a68141caee4b2859657d1e94d2fbcce Mon Sep 17 00:00:00 2001 From: davidpil2002 <91657985+davidpil2002@users.noreply.github.com> Date: Sun, 4 Sep 2022 11:11:14 +0300 Subject: [PATCH 01/38] Add Password Hardening CLI support (#2338) - What I did Add Password Hardening CLI - How I did it created the CLI by using YANG model generator, the YANG model can be found in the password hardening HLD https://github.com/Azure/SONiC/blob/master/doc/passw_hardening/hld_password_hardening.md#TestPlan and also in sonic-buildimage will be merged in the path: src/sonic-yang-models/yang-models/sonic-passwh.yang - How to verify it Manually: you can use configurations command like"config passw-hardening policies " or "show passw-hardening policies" (more examples in the HLD.) Auto: 1.There are unitest of each policy including good & bad flow in this commit, that should pass. 2.There are tests in sonic-mgmt repo in the path: sonic-mgmt/tests/passw_hardening/ the test are end to end test and the are testing the config/show CLI commands as well. --- config/plugins/sonic-passwh_yang.py | 380 ++++++++++++++++++ show/plugins/sonic-passwh_yang.py | 126 ++++++ .../assert_show_output.py | 40 ++ .../default_config_db.json | 14 + tests/passw_hardening_test.py | 222 ++++++++++ 5 files changed, 782 insertions(+) create mode 100644 config/plugins/sonic-passwh_yang.py create mode 100644 show/plugins/sonic-passwh_yang.py create mode 100644 tests/passw_hardening_input/assert_show_output.py create mode 100644 tests/passw_hardening_input/default_config_db.json create mode 100644 tests/passw_hardening_test.py diff --git a/config/plugins/sonic-passwh_yang.py b/config/plugins/sonic-passwh_yang.py new file mode 100644 index 0000000000..6cfe2acafe --- /dev/null +++ b/config/plugins/sonic-passwh_yang.py @@ -0,0 +1,380 @@ +import copy +import click +import utilities_common.cli as clicommon +import utilities_common.general as general +from config import config_mgmt + + +# Load sonic-cfggen from source since /usr/local/bin/sonic-cfggen does not have .py extension. +sonic_cfggen = general.load_module_from_source('sonic_cfggen', '/usr/local/bin/sonic-cfggen') + + +def exit_with_error(*args, **kwargs): + """ Print a message with click.secho and abort CLI. + + Args: + args: Positional arguments to pass to click.secho + kwargs: Keyword arguments to pass to click.secho + """ + + click.secho(*args, **kwargs) + raise click.Abort() + + +def validate_config_or_raise(cfg): + """ Validate config db data using ConfigMgmt. + + Args: + cfg (Dict): Config DB data to validate. + Raises: + Exception: when cfg does not satisfy YANG schema. + """ + + try: + cfg = sonic_cfggen.FormatConverter.to_serialized(copy.deepcopy(cfg)) + config_mgmt.ConfigMgmt().loadData(cfg) + except Exception as err: + raise Exception('Failed to validate configuration: {}'.format(err)) + + +def update_entry_validated(db, table, key, data, create_if_not_exists=False): + """ Update entry in table and validate configuration. + If attribute value in data is None, the attribute is deleted. + + Args: + db (swsscommon.ConfigDBConnector): Config DB connector obect. + table (str): Table name to add new entry to. + key (Union[str, Tuple]): Key name in the table. + data (Dict): Entry data. + create_if_not_exists (bool): + In case entry does not exists already a new entry + is not created if this flag is set to False and + creates a new entry if flag is set to True. + Raises: + Exception: when cfg does not satisfy YANG schema. + """ + + cfg = db.get_config() + cfg.setdefault(table, {}) + + if not data: + raise Exception(f"No field/values to update {key}") + + if create_if_not_exists: + cfg[table].setdefault(key, {}) + + if key not in cfg[table]: + raise Exception(f"{key} does not exist") + + entry_changed = False + for attr, value in data.items(): + if value == cfg[table][key].get(attr): + continue + entry_changed = True + if value is None: + cfg[table][key].pop(attr, None) + else: + cfg[table][key][attr] = value + + if not entry_changed: + return + + validate_config_or_raise(cfg) + db.set_entry(table, key, cfg[table][key]) + + +@click.group(name="passw-hardening", + cls=clicommon.AliasedGroup) +def PASSW_HARDENING(): + """ PASSWORD HARDENING part of config_db.json """ + + pass + + + + +@PASSW_HARDENING.group(name="policies", + cls=clicommon.AliasedGroup) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES(db): + """ """ + + pass + + + + +@PASSW_HARDENING_POLICIES.command(name="state") + +@click.argument( + "state", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_state(db, state): + """ state of the feature """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "state": state, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="expiration") + +@click.argument( + "expiration", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_expiration(db, expiration): + """ expiration time (days unit) """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "expiration": expiration, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="expiration-warning") + +@click.argument( + "expiration-warning", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_expiration_warning(db, expiration_warning): + """ expiration warning time (days unit) """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "expiration_warning": expiration_warning, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="history-cnt") + +@click.argument( + "history-cnt", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_history_cnt(db, history_cnt): + """ num of old password that the system will recorded """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "history_cnt": history_cnt, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="len-min") + +@click.argument( + "len-min", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_len_min(db, len_min): + """ password min length """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "len_min": len_min, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="reject-user-passw-match") + +@click.argument( + "reject-user-passw-match", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_reject_user_passw_match(db, reject_user_passw_match): + """ username password match """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "reject_user_passw_match": reject_user_passw_match, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="lower-class") + +@click.argument( + "lower-class", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_lower_class(db, lower_class): + """ password lower chars policy """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "lower_class": lower_class, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="upper-class") + +@click.argument( + "upper-class", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_upper_class(db, upper_class): + """ password upper chars policy """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "upper_class": upper_class, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="digits-class") + +@click.argument( + "digits-class", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_digits_class(db, digits_class): + """ password digits chars policy """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "digits_class": digits_class, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + +@PASSW_HARDENING_POLICIES.command(name="special-class") + +@click.argument( + "special-class", + nargs=1, + required=True, +) +@clicommon.pass_db +def PASSW_HARDENING_POLICIES_special_class(db, special_class): + """ password special chars policy """ + + table = "PASSW_HARDENING" + key = "POLICIES" + data = { + "special_class": special_class, + } + try: + update_entry_validated(db.cfgdb, table, key, data, create_if_not_exists=True) + except Exception as err: + exit_with_error(f"Error: {err}", fg="red") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +def register(cli): + """ Register new CLI nodes in root CLI. + + Args: + cli: Root CLI node. + Raises: + Exception: when root CLI already has a command + we are trying to register. + """ + cli_node = PASSW_HARDENING + if cli_node.name in cli.commands: + raise Exception(f"{cli_node.name} already exists in CLI") + cli.add_command(PASSW_HARDENING) diff --git a/show/plugins/sonic-passwh_yang.py b/show/plugins/sonic-passwh_yang.py new file mode 100644 index 0000000000..04f56877a0 --- /dev/null +++ b/show/plugins/sonic-passwh_yang.py @@ -0,0 +1,126 @@ +""" +Auto-generated show CLI plugin. + + +""" + +import click +import tabulate +import utilities_common.cli as clicommon + + + + + +def format_attr_value(entry, attr): + """ Helper that formats attribute to be presented in the table output. + + Args: + entry (Dict[str, str]): CONFIG DB entry configuration. + attr (Dict): Attribute metadata. + + Returns: + str: fomatted attribute value. + """ + + if attr["is-leaf-list"]: + return "\n".join(entry.get(attr["name"], [])) + return entry.get(attr["name"], "N/A") + + +@click.group(name="passw-hardening", + cls=clicommon.AliasedGroup) +def PASSW_HARDENING(): + """ PASSWORD HARDENING part of config_db.json """ + + pass + + + +@PASSW_HARDENING.command(name="policies") +@clicommon.pass_db +def PASSW_HARDENING_POLICIES(db): + """ """ + + header = [ + +"STATE", +"EXPIRATION", +"EXPIRATION WARNING", +"HISTORY CNT", +"LEN MIN", +"REJECT USER PASSW MATCH", +"LOWER CLASS", +"UPPER CLASS", +"DIGITS CLASS", +"SPECIAL CLASS", + +] + + body = [] + + table = db.cfgdb.get_table("PASSW_HARDENING") + entry = table.get("POLICIES", {}) + row = [ + format_attr_value( + entry, + {'name': 'state', 'description': 'state of the feature', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'expiration', 'description': 'expiration time (days unit)', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'expiration_warning', 'description': 'expiration warning time (days unit)', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'history_cnt', 'description': 'num of old password that the system will recorded', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'len_min', 'description': 'password min length', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'reject_user_passw_match', 'description': 'username password match', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'lower_class', 'description': 'password lower chars policy', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'upper_class', 'description': 'password upper chars policy', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'digits_class', 'description': 'password digits chars policy', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), + format_attr_value( + entry, + {'name': 'special_class', 'description': 'password special chars policy', 'is-leaf-list': False, 'is-mandatory': False, 'group': ''} + ), +] + + body.append(row) + click.echo(tabulate.tabulate(body, header)) + + + + + +def register(cli): + """ Register new CLI nodes in root CLI. + + Args: + cli (click.core.Command): Root CLI node. + Raises: + Exception: when root CLI already has a command + we are trying to register. + """ + cli_node = PASSW_HARDENING + if cli_node.name in cli.commands: + raise Exception(f"{cli_node.name} already exists in CLI") + cli.add_command(PASSW_HARDENING) diff --git a/tests/passw_hardening_input/assert_show_output.py b/tests/passw_hardening_input/assert_show_output.py new file mode 100644 index 0000000000..9500c98be4 --- /dev/null +++ b/tests/passw_hardening_input/assert_show_output.py @@ -0,0 +1,40 @@ +""" +Module holding the correct values for show CLI command outputs for the passw_hardening_test.py +""" + +show_passw_hardening_policies_default="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +disabled 180 15 10 8 true true true true true +""" + +show_passw_hardening_policies_classes_disabled="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +disabled 180 15 10 8 false false false false false +""" + +show_passw_hardening_policies_enabled="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +enabled 180 15 10 8 true true true true true +""" + + +show_passw_hardening_policies_expiration="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +enabled 100 15 10 8 true true true true true +""" + +show_passw_hardening_policies_history_cnt="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +disabled 180 15 40 8 true true true true true +""" + +show_passw_hardening_policies_len_min="""\ +STATE EXPIRATION EXPIRATION WARNING HISTORY CNT LEN MIN REJECT USER PASSW MATCH LOWER CLASS UPPER CLASS DIGITS CLASS SPECIAL CLASS +-------- ------------ -------------------- ------------- --------- ------------------------- ------------- ------------- -------------- --------------- +disabled 180 15 10 30 true true true true true +""" \ No newline at end of file diff --git a/tests/passw_hardening_input/default_config_db.json b/tests/passw_hardening_input/default_config_db.json new file mode 100644 index 0000000000..0eb363eb41 --- /dev/null +++ b/tests/passw_hardening_input/default_config_db.json @@ -0,0 +1,14 @@ +{ + "PASSW_HARDENING|POLICIES": { + "state": "disabled", + "expiration": "180", + "expiration_warning": "15", + "history_cnt": "10", + "len_min": "8", + "reject_user_passw_match": "true", + "digits_class": "true", + "lower_class": "true", + "special_class": "true", + "upper_class": "true" + } +} diff --git a/tests/passw_hardening_test.py b/tests/passw_hardening_test.py new file mode 100644 index 0000000000..e57fdfd0c8 --- /dev/null +++ b/tests/passw_hardening_test.py @@ -0,0 +1,222 @@ +#!/usr/bin/env python + +import os +import logging +import show.main as show +import config.main as config + +from .passw_hardening_input import assert_show_output +from utilities_common.db import Db +from click.testing import CliRunner +from .mock_tables import dbconnector + +logger = logging.getLogger(__name__) +test_path = os.path.dirname(os.path.abspath(__file__)) +mock_db_path = os.path.join(test_path, "passw_hardening_input") + +SUCCESS = 0 +ERROR = 1 +INVALID_VALUE = 'INVALID' +EXP_GOOD_FLOW = 1 +EXP_BAD_FLOW = 0 + +class TestPasswHardening: + @classmethod + def setup_class(cls): + logger.info("SETUP") + os.environ['UTILITIES_UNIT_TESTING'] = "2" + + + @classmethod + def teardown_class(cls): + logger.info("TEARDOWN") + os.environ['UTILITIES_UNIT_TESTING'] = "0" + os.environ["UTILITIES_UNIT_TESTING_TOPOLOGY"] = "" + dbconnector.dedicated_dbs['CONFIG_DB'] = None + + def verify_passw_policies_output(self, db, runner, output, expected=EXP_GOOD_FLOW): + result = runner.invoke(show.cli.commands["passw-hardening"].commands["policies"], [], obj=db) + logger.debug("\n" + result.output) + logger.debug(result.exit_code) + + if expected: # good flow expected (default) + assert result.exit_code == SUCCESS + assert result.output == output + else: # bad flow expected + assert result.exit_code == ERROR + + def passw_hardening_set_policy(self, runner, db, attr, value, expected=EXP_GOOD_FLOW): + result = runner.invoke( + config.config.commands["passw-hardening"].commands["policies"].commands[attr], + [value], obj=db + ) + + if expected: # good flow expected (default) + logger.debug("\n" + result.output) + logger.debug(result.exit_code) + assert result.exit_code == SUCCESS + else: # bad flow expected + assert result.exit_code == ERROR + + + ######### PASSW-HARDENING ######### + + def test_passw_hardening_default(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default) + + def test_passw_hardening_feature_enabled(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "enabled") + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_enabled) + + def test_passw_hardening_feature_disabled(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "enabled") + self.passw_hardening_set_policy(runner, db, "state", "disabled") + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_default) + + def test_passw_hardening_policies_classes_disabled(self): + """Disable passw hardening classes & reject user passw match policies""" + + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + passw_classes = { "reject-user-passw-match": "false", + "digits-class": "false", + "lower-class": "false", + "special-class": "false", + "upper-class": "false" + } + + for k, v in passw_classes.items(): + self.passw_hardening_set_policy(runner, db, k, v) + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_classes_disabled) + + def test_passw_hardening_policies_exp_time(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "enabled") + self.passw_hardening_set_policy(runner, db, "expiration", "100") + self.passw_hardening_set_policy(runner, db, "expiration-warning", "15") + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_expiration) + + def test_passw_hardening_policies_history(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "history-cnt", "40") + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_history_cnt) + + def test_passw_hardening_policies_len_min(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "len-min", "30") + + self.verify_passw_policies_output(db, runner, assert_show_output.show_passw_hardening_policies_len_min) + + def test_passw_hardening_bad_flow_len_min(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "enabled") + self.passw_hardening_set_policy(runner, db, "len-min", "10000", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_history_cnt(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "enabled") + self.passw_hardening_set_policy(runner, db, "history-cnt", "100000", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_state(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "state", "0", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_expiration(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "expiration", "####", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_expiration_warning(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "expiration-warning", "4000", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_upper_class(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "upper-class", "1", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_lower_class(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "lower-class", "1", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_special_class(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "special-class", "1", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_digits_class(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "digits-class", "1", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_reject_user_passw_match(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + + self.passw_hardening_set_policy(runner, db, "reject-user-passw-match", "1", EXP_BAD_FLOW) + + def test_passw_hardening_bad_flow_policy(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'default_config_db') + db = Db() + runner = CliRunner() + try: + self.passw_hardening_set_policy(runner, db, "no-exist-command", "1", EXP_BAD_FLOW) + except Exception as e: + # import pdb;pdb.set_trace() + if 'no-exist-command' in str(e): + pass + else: + raise e + From 676c31bd0e230e6aa613ca3a76008b8ffade9123 Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Mon, 5 Sep 2022 11:02:24 +0800 Subject: [PATCH 02/38] Add verification for override (#2305) What I did Add Yang verification for config override-config-table How I did it Make 3 step verification: running config, golden input, final config How to verify it Run unit test. --- config/main.py | 78 ++++++++++++---- .../final_config_yang_failure.json | 71 +++++++++++++++ .../golden_input_yang_failure.json | 89 +++++++++++++++++++ .../running_config_yang_failure.json | 89 +++++++++++++++++++ tests/config_override_test.py | 89 +++++++++++++++++++ 5 files changed, 397 insertions(+), 19 deletions(-) create mode 100644 tests/config_override_input/final_config_yang_failure.json create mode 100644 tests/config_override_input/golden_input_yang_failure.json create mode 100644 tests/config_override_input/running_config_yang_failure.json diff --git a/config/main.py b/config/main.py index 53180cf519..bbcfc5d84f 100644 --- a/config/main.py +++ b/config/main.py @@ -12,6 +12,7 @@ import sys import time import itertools +import copy from collections import OrderedDict from generic_config_updater.generic_updater import GenericUpdater, ConfigFormat @@ -46,7 +47,7 @@ from . import vlan from . import vxlan from . import plugins -from .config_mgmt import ConfigMgmtDPB +from .config_mgmt import ConfigMgmtDPB, ConfigMgmt from . import mclag from . import syslog @@ -1885,27 +1886,66 @@ def override_config_table(db, input_config_db, dry_run): config_db = db.cfgdb + # Read config from configDB + current_config = config_db.get_config() + # Serialize to the same format as json input + sonic_cfggen.FormatConverter.to_serialized(current_config) + + updated_config = update_config(current_config, config_input) + + yang_enabled = device_info.is_yang_config_validation_enabled(config_db) + if yang_enabled: + # The ConfigMgmt will load YANG and running + # config during initialization. + try: + cm = ConfigMgmt() + cm.validateConfigData() + except Exception as ex: + click.secho("Failed to validate running config. Error: {}".format(ex), fg="magenta") + sys.exit(1) + + # Validate input config + validate_config_by_cm(cm, config_input, "config_input") + # Validate updated whole config + validate_config_by_cm(cm, updated_config, "updated_config") + if dry_run: - # Read config from configDB - current_config = config_db.get_config() - # Serialize to the same format as json input - sonic_cfggen.FormatConverter.to_serialized(current_config) - # Override current config with golden config - for table in config_input: - current_config[table] = config_input[table] - print(json.dumps(current_config, sort_keys=True, + print(json.dumps(updated_config, sort_keys=True, indent=4, cls=minigraph_encoder)) else: - # Deserialized golden config to DB recognized format - sonic_cfggen.FormatConverter.to_deserialized(config_input) - # Delete table from DB then mod_config to apply golden config - click.echo("Removing configDB overriden table first ...") - for table in config_input: - config_db.delete_table(table) - click.echo("Overriding input config to configDB ...") - data = sonic_cfggen.FormatConverter.output_to_db(config_input) - config_db.mod_config(data) - click.echo("Overriding completed. No service is restarted.") + override_config_db(config_db, config_input) + + +def validate_config_by_cm(cm, config_json, jname): + tmp_config_json = copy.deepcopy(config_json) + try: + cm.loadData(tmp_config_json) + cm.validateConfigData() + except Exception as ex: + click.secho("Failed to validate {}. Error: {}".format(jname, ex), fg="magenta") + sys.exit(1) + + +def update_config(current_config, config_input): + updated_config = copy.deepcopy(current_config) + # Override current config with golden config + for table in config_input: + updated_config[table] = config_input[table] + return updated_config + + +def override_config_db(config_db, config_input): + # Deserialized golden config to DB recognized format + sonic_cfggen.FormatConverter.to_deserialized(config_input) + # Delete table from DB then mod_config to apply golden config + click.echo("Removing configDB overriden table first ...") + for table in config_input: + config_db.delete_table(table) + click.echo("Overriding input config to configDB ...") + data = sonic_cfggen.FormatConverter.output_to_db(config_input) + config_db.mod_config(data) + click.echo("Overriding completed. No service is restarted.") + # # 'hostname' command diff --git a/tests/config_override_input/final_config_yang_failure.json b/tests/config_override_input/final_config_yang_failure.json new file mode 100644 index 0000000000..51e5e40098 --- /dev/null +++ b/tests/config_override_input/final_config_yang_failure.json @@ -0,0 +1,71 @@ +{ + "running_config": { + "ACL_TABLE": { + "DATAACL": { + "policy_desc": "DATAACL", + "ports": [ + "Ethernet4" + ], + "stage": "ingress", + "type": "L3" + }, + "NTP_ACL": { + "policy_desc": "NTP_ACL", + "services": [ + "NTP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + } + }, + "AUTO_TECHSUPPORT_FEATURE": { + "bgp": { + "rate_limit_interval": "600", + "state": "enabled" + }, + "database": { + "rate_limit_interval": "600", + "state": "enabled" + } + }, + "PORT": { + "Ethernet4": { + "admin_status": "up", + "alias": "fortyGigE0/4", + "description": "Servers0:eth0", + "index": "1", + "lanes": "29,30,31,32", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + }, + "Ethernet8": { + "admin_status": "up", + "alias": "fortyGigE0/8", + "description": "Servers1:eth0", + "index": "2", + "lanes": "33,34,35,36", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + }, + "golden_config": { + "PORT": { + "Ethernet12": { + "admin_status": "up", + "alias": "fortyGigE0/12", + "description": "Servers2:eth0", + "index": "3", + "lanes": "37,38,39,40", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + } +} diff --git a/tests/config_override_input/golden_input_yang_failure.json b/tests/config_override_input/golden_input_yang_failure.json new file mode 100644 index 0000000000..4b533e1598 --- /dev/null +++ b/tests/config_override_input/golden_input_yang_failure.json @@ -0,0 +1,89 @@ +{ + "running_config": { + "ACL_TABLE": { + "DATAACL": { + "policy_desc": "DATAACL", + "ports": [ + "Ethernet4" + ], + "stage": "ingress", + "type": "L3" + }, + "NTP_ACL": { + "policy_desc": "NTP_ACL", + "services": [ + "NTP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + } + }, + "AUTO_TECHSUPPORT_FEATURE": { + "bgp": { + "rate_limit_interval": "600", + "state": "enabled" + }, + "database": { + "rate_limit_interval": "600", + "state": "enabled" + } + }, + "PORT": { + "Ethernet4": { + "admin_status": "up", + "alias": "fortyGigE0/4", + "description": "Servers0:eth0", + "index": "1", + "lanes": "29,30,31,32", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + }, + "Ethernet8": { + "admin_status": "up", + "alias": "fortyGigE0/8", + "description": "Servers1:eth0", + "index": "2", + "lanes": "33,34,35,36", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + }, + "golden_config": { + "ACL_TABLE": { + "EVERFLOWV6": { + "policy_desc": "EVERFLOWV6", + "ports": [ + "Ethernet0" + ], + "stage": "ingress", + "type": "MIRRORV6" + } + }, + "AUTO_TECHSUPPORT_FEATURE": { + "bgp": { + "state": "disabled" + }, + "database": { + "state": "disabled" + } + }, + "PORT": { + "Ethernet12": { + "admin_status": "up", + "alias": "fortyGigE0/12", + "description": "Servers2:eth0", + "index": "3", + "lanes": "37,38,39,40", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + } +} diff --git a/tests/config_override_input/running_config_yang_failure.json b/tests/config_override_input/running_config_yang_failure.json new file mode 100644 index 0000000000..7060dd4d22 --- /dev/null +++ b/tests/config_override_input/running_config_yang_failure.json @@ -0,0 +1,89 @@ +{ + "running_config": { + "ACL_TABLE": { + "DATAACL": { + "policy_desc": "DATAACL", + "ports": [ + "Ethernet0" + ], + "stage": "ingress", + "type": "L3" + }, + "NTP_ACL": { + "policy_desc": "NTP_ACL", + "services": [ + "NTP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + } + }, + "AUTO_TECHSUPPORT_FEATURE": { + "bgp": { + "rate_limit_interval": "600", + "state": "enabled" + }, + "database": { + "rate_limit_interval": "600", + "state": "enabled" + } + }, + "PORT": { + "Ethernet4": { + "admin_status": "up", + "alias": "fortyGigE0/4", + "description": "Servers0:eth0", + "index": "1", + "lanes": "29,30,31,32", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + }, + "Ethernet8": { + "admin_status": "up", + "alias": "fortyGigE0/8", + "description": "Servers1:eth0", + "index": "2", + "lanes": "33,34,35,36", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + }, + "golden_config": { + "ACL_TABLE": { + "EVERFLOWV6": { + "policy_desc": "EVERFLOWV6", + "ports": [ + "Ethernet12" + ], + "stage": "ingress", + "type": "MIRRORV6" + } + }, + "AUTO_TECHSUPPORT_FEATURE": { + "bgp": { + "state": "disabled" + }, + "database": { + "state": "disabled" + } + }, + "PORT": { + "Ethernet12": { + "admin_status": "up", + "alias": "fortyGigE0/12", + "description": "Servers2:eth0", + "index": "3", + "lanes": "37,38,39,40", + "mtu": "9100", + "pfc_asym": "off", + "speed": "40000", + "tpid": "0x8100" + } + } + } +} diff --git a/tests/config_override_test.py b/tests/config_override_test.py index 255e63989d..1b058ace13 100644 --- a/tests/config_override_test.py +++ b/tests/config_override_test.py @@ -17,10 +17,16 @@ FULL_CONFIG_OVERRIDE = os.path.join(DATA_DIR, "full_config_override.json") PORT_CONFIG_OVERRIDE = os.path.join(DATA_DIR, "port_config_override.json") EMPTY_TABLE_REMOVAL = os.path.join(DATA_DIR, "empty_table_removal.json") +RUNNING_CONFIG_YANG_FAILURE = os.path.join(DATA_DIR, "running_config_yang_failure.json") +GOLDEN_INPUT_YANG_FAILURE = os.path.join(DATA_DIR, "golden_input_yang_failure.json") +FINAL_CONFIG_YANG_FAILURE = os.path.join(DATA_DIR, "final_config_yang_failure.json") # Load sonic-cfggen from source since /usr/local/bin/sonic-cfggen does not have .py extension. sonic_cfggen = load_module_from_source('sonic_cfggen', '/usr/local/bin/sonic-cfggen') +config_mgmt_py_path = os.path.join(os.path.dirname(__file__), '..', 'config', 'config_mgmt.py') +config_mgmt = load_module_from_source('config_mgmt', config_mgmt_py_path) + def write_init_config_db(cfgdb, config): tables = cfgdb.get_config() @@ -163,6 +169,89 @@ def read_json_file_side_effect(filename): assert result.exit_code == 0 assert current_config == expected_config + def test_yang_verification_enabled(self): + def is_yang_config_validation_enabled_side_effect(filename): + return True + + def config_mgmt_side_effect(): + return config_mgmt.ConfigMgmt(source=CONFIG_DB_JSON_FILE) + + db = Db() + with open(FULL_CONFIG_OVERRIDE, "r") as f: + read_data = json.load(f) + + # ConfigMgmt will call ConfigDBConnector to load default config_db.json. + # Here I modify the ConfigMgmt initialization and make it initiated with + # a source file which share the same as what we write to cfgdb. + CONFIG_DB_JSON_FILE = "startConfigDb.json" + write_config_to_file(read_data['running_config'], CONFIG_DB_JSON_FILE) + with mock.patch('config.main.device_info.is_yang_config_validation_enabled', + mock.MagicMock(side_effect=is_yang_config_validation_enabled_side_effect)), \ + mock.patch('config.main.ConfigMgmt', + mock.MagicMock(side_effect=config_mgmt_side_effect)): + self.check_override_config_table( + db, config, read_data['running_config'], read_data['golden_config'], + read_data['expected_config']) + + + def test_running_config_yang_failure(self): + def is_yang_config_validation_enabled_side_effect(filename): + return True + db = Db() + with open(RUNNING_CONFIG_YANG_FAILURE, "r") as f: + read_data = json.load(f) + with mock.patch('config.main.device_info.is_yang_config_validation_enabled', + mock.MagicMock(side_effect=is_yang_config_validation_enabled_side_effect)): + self.check_yang_verification_failure( + db, config, read_data['running_config'], read_data['golden_config'], "running config") + + def test_golden_input_yang_failure(self): + def is_yang_config_validation_enabled_side_effect(filename): + return True + db = Db() + with open(GOLDEN_INPUT_YANG_FAILURE, "r") as f: + read_data = json.load(f) + with mock.patch('config.main.device_info.is_yang_config_validation_enabled', + mock.MagicMock(side_effect=is_yang_config_validation_enabled_side_effect)): + self.check_yang_verification_failure( + db, config, read_data['running_config'], read_data['golden_config'], "config_input") + + def test_final_config_yang_failure(self): + def is_yang_config_validation_enabled_side_effect(filename): + return True + db = Db() + with open(FINAL_CONFIG_YANG_FAILURE, "r") as f: + read_data = json.load(f) + with mock.patch('config.main.device_info.is_yang_config_validation_enabled', + mock.MagicMock(side_effect=is_yang_config_validation_enabled_side_effect)): + self.check_yang_verification_failure( + db, config, read_data['running_config'], read_data['golden_config'], "updated_config") + + def check_yang_verification_failure(self, db, config, running_config, + golden_config, jname): + def read_json_file_side_effect(filename): + return golden_config + + def config_mgmt_side_effect(): + return config_mgmt.ConfigMgmt(source=CONFIG_DB_JSON_FILE) + + # ConfigMgmt will call ConfigDBConnector to load default config_db.json. + # Here I modify the ConfigMgmt initialization and make it initiated with + # a source file which share the same as what we write to cfgdb. + CONFIG_DB_JSON_FILE = "startConfigDb.json" + write_config_to_file(running_config, CONFIG_DB_JSON_FILE) + with mock.patch('config.main.read_json_file', + mock.MagicMock(side_effect=read_json_file_side_effect)), \ + mock.patch('config.main.ConfigMgmt', + mock.MagicMock(side_effect=config_mgmt_side_effect)): + write_init_config_db(db.cfgdb, running_config) + + runner = CliRunner() + result = runner.invoke(config.config.commands["override-config-table"], + ['golden_config_db.json'], obj=db) + assert result.exit_code == 1 + assert "Failed to validate {}. Error:".format(jname) in result.output + @classmethod def teardown_class(cls): print("TEARDOWN") From 0e1b0cf20228972c246086bfccf96448530bfcec Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Mon, 5 Sep 2022 11:02:49 +0800 Subject: [PATCH 03/38] [GCU] Fix missing backend in dry run (#2347) What I did Fix sonic-net/sonic-buildimage#11912 How I did it Add the missing 'remove_backend_tables_from_config' in dry run. How to verify it Run unit test and manual test locally. --- generic_config_updater/change_applier.py | 4 ++++ tests/generic_config_updater/change_applier_test.py | 1 + 2 files changed, 5 insertions(+) diff --git a/generic_config_updater/change_applier.py b/generic_config_updater/change_applier.py index 9871e554b2..f5a365d59f 100644 --- a/generic_config_updater/change_applier.py +++ b/generic_config_updater/change_applier.py @@ -65,6 +65,10 @@ def apply(self, change): self.config_wrapper.apply_change_to_config_db(change) + def remove_backend_tables_from_config(self, data): + return data + + class ChangeApplier: updater_conf = None diff --git a/tests/generic_config_updater/change_applier_test.py b/tests/generic_config_updater/change_applier_test.py index 63944b2571..afe166b008 100644 --- a/tests/generic_config_updater/change_applier_test.py +++ b/tests/generic_config_updater/change_applier_test.py @@ -281,6 +281,7 @@ def test_apply__calls_apply_change_to_config_db(self): # Act applier.apply(change) + applier.remove_backend_tables_from_config(change) # Assert applier.config_wrapper.apply_change_to_config_db.assert_has_calls([call(change)]) From 3be2ad7deea5f00fe20f1e54589a738f066d9ca2 Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Tue, 6 Sep 2022 17:44:43 -0700 Subject: [PATCH 04/38] [fast-reboot]Avoid stopping masked services during fast-reboot (#2335) #### What I did During fast-reboot there were warnings for few services sudo fast-reboot Warning: The unit file, source configuration file or drop-ins of mux.service changed on disk. Run 'systemctl daemon-reload' to reload units. Dumping conntrack entries failed Warning: The unit file, source configuration file or drop-ins of nat.service changed on disk. Run 'systemctl daemon-reload' to reload units. Warning: The unit file, source configuration file or drop-ins of sflow.service changed on disk. Run 'systemctl daemon-reload' to reload units. Warning: Stopping docker.service, but it can still be activated by: docker.socket Watchdog armed for 180 seconds This is due to the fact that the services are masked and trying to stop them will throw warning systemctl is-enabled sflow.service masked systemctl stop sflow.service Warning: The unit file, source configuration file or drop-ins of sflow.service changed on disk. Run 'systemctl daemon-reload' to reload units. #### How I did it Added check to skip stopping the services in fast-reboot if the services are masked. #### How to verify it Execute fast-reboot with the fix and verify. --- scripts/fast-reboot | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/fast-reboot b/scripts/fast-reboot index cd3e8237c3..ac96726281 100755 --- a/scripts/fast-reboot +++ b/scripts/fast-reboot @@ -689,6 +689,12 @@ else fi for service in ${SERVICES_TO_STOP}; do + # Skip the masked services + state=$(systemctl is-enabled ${service}) + if [[ $state == "masked" ]]; then + continue + fi + debug "Stopping ${service} ..." # TODO: These exceptions for nat, sflow, lldp From 6830e01ec1464a60ba5035e5ff525ef035fb6eb0 Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Wed, 7 Sep 2022 03:43:20 -0700 Subject: [PATCH 05/38] [counterpoll]Fixing counterpoll show for tunnel and acl stats (#2355) - What I did Fixing counterpoll show for tunnel and acl stats. - How I did it Corrected the copy paste errors. - How to verify it Updated test config and UT to verify it. --- counterpoll/main.py | 4 ++-- tests/counterpoll_test.py | 3 ++- tests/mock_tables/config_db.json | 6 +++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/counterpoll/main.py b/counterpoll/main.py index f3befe1311..ad15c8c248 100644 --- a/counterpoll/main.py +++ b/counterpoll/main.py @@ -419,9 +419,9 @@ def show(): if buffer_pool_wm_info: data.append(["BUFFER_POOL_WATERMARK_STAT", buffer_pool_wm_info.get("POLL_INTERVAL", DEFLT_60_SEC), buffer_pool_wm_info.get("FLEX_COUNTER_STATUS", DISABLE)]) if acl_info: - data.append([ACL, pg_drop_info.get("POLL_INTERVAL", DEFLT_10_SEC), acl_info.get("FLEX_COUNTER_STATUS", DISABLE)]) + data.append([ACL, acl_info.get("POLL_INTERVAL", DEFLT_10_SEC), acl_info.get("FLEX_COUNTER_STATUS", DISABLE)]) if tunnel_info: - data.append(["TUNNEL_STAT", rif_info.get("POLL_INTERVAL", DEFLT_10_SEC), rif_info.get("FLEX_COUNTER_STATUS", DISABLE)]) + data.append(["TUNNEL_STAT", tunnel_info.get("POLL_INTERVAL", DEFLT_10_SEC), tunnel_info.get("FLEX_COUNTER_STATUS", DISABLE)]) if trap_info: data.append(["FLOW_CNT_TRAP_STAT", trap_info.get("POLL_INTERVAL", DEFLT_10_SEC), trap_info.get("FLEX_COUNTER_STATUS", DISABLE)]) if route_info: diff --git a/tests/counterpoll_test.py b/tests/counterpoll_test.py index 7a8171825a..4a4da07ee9 100644 --- a/tests/counterpoll_test.py +++ b/tests/counterpoll_test.py @@ -25,7 +25,8 @@ QUEUE_WATERMARK_STAT default (60000) enable PG_WATERMARK_STAT default (60000) enable PG_DROP_STAT 10000 enable -ACL 10000 enable +ACL 5000 enable +TUNNEL_STAT 3000 enable FLOW_CNT_TRAP_STAT 10000 enable FLOW_CNT_ROUTE_STAT 10000 enable """ diff --git a/tests/mock_tables/config_db.json b/tests/mock_tables/config_db.json index 1fb2321756..699ef155e0 100644 --- a/tests/mock_tables/config_db.json +++ b/tests/mock_tables/config_db.json @@ -1664,7 +1664,11 @@ "FLEX_COUNTER_STATUS": "enable" }, "FLEX_COUNTER_TABLE|ACL": { - "POLL_INTERVAL": "10000", + "POLL_INTERVAL": "5000", + "FLEX_COUNTER_STATUS": "enable" + }, + "FLEX_COUNTER_TABLE|TUNNEL": { + "POLL_INTERVAL": "3000", "FLEX_COUNTER_STATUS": "enable" }, "FLEX_COUNTER_TABLE|FLOW_CNT_TRAP": { From 491d3d38040cbc8318bb63ce2b7a85ec182ef892 Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Wed, 7 Sep 2022 08:26:58 -0700 Subject: [PATCH 06/38] [generate dump]Added error message when saisdkdump fails (#2356) - What I did Added error message when saisdkdump fails and cont to gather the rest. This is done to provide more readable information to the user when it cannot be avaialble (syncd for example is not running, during restart, etc). - How I did it Checked error code and print log - How to verify it Simulate saisdkdump error and verify the console output. --- scripts/generate_dump | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/generate_dump b/scripts/generate_dump index 62a5a75f17..c9e165c82e 100755 --- a/scripts/generate_dump +++ b/scripts/generate_dump @@ -885,6 +885,10 @@ collect_mellanox() { ${CMD_PREFIX}docker exec syncd mkdir -p $sai_dump_folder ${CMD_PREFIX}docker exec syncd saisdkdump -f $sai_dump_filename + if [ $? != 0 ]; then + echo "Failed to collect saisdkdump." + fi + copy_from_docker syncd $sai_dump_folder $sai_dump_folder echo "$sai_dump_folder" for file in `ls $sai_dump_folder`; do From 3fd537b0a439bbb2887c8810907fbb7756cdfd7d Mon Sep 17 00:00:00 2001 From: xumia <59720581+xumia@users.noreply.github.com> Date: Thu, 8 Sep 2022 10:34:37 +0800 Subject: [PATCH 07/38] Support the bandit check by GitHub Action (#2358) What I did Support the bandit check by GitHub Action to find out the potential security issues in the python code. How I did it Add the bandit check action in GitHub workflow --- .bandit | 0 .github/workflows/bandit.yml | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 .bandit create mode 100644 .github/workflows/bandit.yml diff --git a/.bandit b/.bandit new file mode 100644 index 0000000000..e69de29bb2 diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml new file mode 100644 index 0000000000..954292cc27 --- /dev/null +++ b/.github/workflows/bandit.yml @@ -0,0 +1,20 @@ +# This workflow is to do the bandit check +# + +name: bandit +on: + pull_request: + types: + - opened + - reopened + - synchronize + +jobs: + bendit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: bandit + uses: jpetrucciani/bandit-check@master + with: + path: '.' From bbcdf2ed7b47d6e2f452a5d20f68cc9b71ddf574 Mon Sep 17 00:00:00 2001 From: Renuka Manavalan <47282725+renukamanavalan@users.noreply.github.com> Date: Thu, 8 Sep 2022 15:30:34 -0700 Subject: [PATCH 08/38] disk_check: Publish event for RO state (#2320) Added disk_check failure as event. --- scripts/disk_check.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/scripts/disk_check.py b/scripts/disk_check.py index 4fa8d69746..0f5f882400 100644 --- a/scripts/disk_check.py +++ b/scripts/disk_check.py @@ -33,11 +33,17 @@ import sys import syslog import subprocess +from swsscommon.swsscommon import events_init_publisher, events_deinit_publisher, event_publish +from swsscommon.swsscommon import FieldValueMap UPPER_DIR = "/run/mount/upper" WORK_DIR = "/run/mount/work" MOUNTS_FILE = "/proc/mounts" +EVENTS_PUBLISHER_SOURCE = "sonic-events-host" +EVENTS_PUBLISHER_TAG = "event-disk" +events_handle = None + chk_log_level = syslog.LOG_ERR def _log_msg(lvl, pfx, msg): @@ -45,6 +51,7 @@ def _log_msg(lvl, pfx, msg): print("{}: {}".format(pfx, msg)) syslog.syslog(lvl, msg) + def log_err(m): _log_msg(syslog.LOG_ERR, "Err", m) @@ -57,11 +64,18 @@ def log_debug(m): _log_msg(syslog.LOG_DEBUG, "Debug", m) +def event_pub(): + param_dict = FieldValueMap() + param_dict["fail_type"] = "read_only" + event_publish(events_handle, EVENTS_PUBLISHER_TAG, param_dict) + + def test_writable(dirs): for d in dirs: rw = os.access(d, os.W_OK) if not rw: log_err("{} is not read-write".format(d)) + event_pub() return False else: log_debug("{} is Read-Write".format(d)) @@ -145,12 +159,13 @@ def do_check(skip_mount, dirs): # Check if mounted if (not ret) and is_mounted(dirs): log_err("READ-ONLY: Mounted {} to make Read-Write".format(dirs)) + event_pub() return ret def main(): - global chk_log_level + global chk_log_level, events_handle parser=argparse.ArgumentParser( description="check disk for Read-Write and mount etc & home as Read-Write") @@ -163,7 +178,12 @@ def main(): args = parser.parse_args() chk_log_level = args.loglvl + + events_handle = events_init_publisher(EVENTS_PUBLISHER_SOURCE) + ret = do_check(args.skip_mount, args.dirs.split(",")) + + events_deinit_publisher(events_handle) return ret From 4d377a6203ced173a155f5e1848ec66ed3fdf33e Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Mon, 12 Sep 2022 18:47:06 -0700 Subject: [PATCH 09/38] [subinterface]Added additional checks in portchannel and subinterface commands (#2345) *Added additional checks in subinterface and portchannel commands so they don't conflict. Without the checks, a subinterface could be created on a portchannel member and vice versa which will lead to SAI failure followed by orchagent crash. --- config/main.py | 19 ++++++++++++++----- tests/intfutil_test.py | 12 ++++++------ tests/ip_config_test.py | 20 ++++++++++---------- tests/loopback_action_test.py | 2 +- tests/mock_tables/appl_db.json | 6 +++--- tests/mock_tables/config_db.json | 6 +++--- tests/portchannel_test.py | 13 +++++++++++++ tests/show_vrf_test.py | 10 +++++----- tests/static_routes_test.py | 10 +++++----- tests/subintf_test.py | 21 +++++++++++++++++++++ tests/vrf_input/config_db.json | 2 +- 11 files changed, 82 insertions(+), 39 deletions(-) diff --git a/config/main.py b/config/main.py index bbcfc5d84f..9bb403284d 100644 --- a/config/main.py +++ b/config/main.py @@ -2113,6 +2113,14 @@ def add_portchannel_member(ctx, portchannel_name, port_name): ctx.fail(" {} has ip address configured".format(port_name)) return + for key in db.get_keys('VLAN_SUB_INTERFACE'): + if type(key) == tuple: + continue + intf = key.split(VLAN_SUB_INTERFACE_SEPARATOR)[0] + parent_intf = get_intf_longname(intf) + if parent_intf == port_name: + ctx.fail(" {} has subinterfaces configured".format(port_name)) + # Dont allow a port to be member of port channel if it is configured as a VLAN member for k,v in db.get_table('VLAN_MEMBER'): if v == port_name: @@ -6762,23 +6770,24 @@ def add_subinterface(ctx, subinterface_name, vid): config_db = ctx.obj['db'] port_dict = config_db.get_table(intf_table_name) + parent_intf = get_intf_longname(interface_alias) if interface_alias is not None: if not port_dict: ctx.fail("{} parent interface not found. {} table none".format(interface_alias, intf_table_name)) - if get_intf_longname(interface_alias) not in port_dict.keys(): + if parent_intf not in port_dict.keys(): ctx.fail("{} parent interface not found".format(subinterface_name)) # Validate if parent is portchannel member portchannel_member_table = config_db.get_table('PORTCHANNEL_MEMBER') - if interface_is_in_portchannel(portchannel_member_table, interface_alias): + if interface_is_in_portchannel(portchannel_member_table, parent_intf): ctx.fail("{} is configured as a member of portchannel. Cannot configure subinterface" - .format(interface_alias)) + .format(parent_intf)) # Validate if parent is vlan member vlan_member_table = config_db.get_table('VLAN_MEMBER') - if interface_is_in_vlan(vlan_member_table, interface_alias): + if interface_is_in_vlan(vlan_member_table, parent_intf): ctx.fail("{} is configured as a member of vlan. Cannot configure subinterface" - .format(interface_alias)) + .format(parent_intf)) sub_intfs = [k for k,v in config_db.get_table('VLAN_SUB_INTERFACE').items() if type(k) != tuple] if subinterface_name in sub_intfs: diff --git a/tests/intfutil_test.py b/tests/intfutil_test.py index 081246a488..2a13075919 100644 --- a/tests/intfutil_test.py +++ b/tests/intfutil_test.py @@ -209,7 +209,7 @@ def test_subintf_status(self): expected_output = ( "Sub port interface Speed MTU Vlan Admin Type\n" "-------------------- ------- ----- ------ ------- --------------------\n" - " Eth32.10 40G 9100 100 up 802.1q-encapsulation\n" + " Eth36.10 10M 9100 100 up 802.1q-encapsulation\n" " Ethernet0.10 25G 9100 10 up 802.1q-encapsulation\n" " Po0001.10 40G 9100 100 up 802.1q-encapsulation" ) @@ -248,10 +248,10 @@ def test_single_subintf_status(self): expected_output = ( "Sub port interface Speed MTU Vlan Admin Type\n" "-------------------- ------- ----- ------ ------- --------------------\n" - " Eth32.10 40G 9100 100 up 802.1q-encapsulation" + " Eth36.10 10M 9100 100 up 802.1q-encapsulation" ) - # Test 'intfutil status Eth32.10' - output = subprocess.check_output('intfutil -c status -i Eth32.10', stderr=subprocess.STDOUT, shell=True, text=True) + # Test 'intfutil status Eth36.10' + output = subprocess.check_output('intfutil -c status -i Eth36.10', stderr=subprocess.STDOUT, shell=True, text=True) print(output, file=sys.stderr) self.assertEqual(output.strip(), expected_output) @@ -272,9 +272,9 @@ def test_single_subintf_status_verbose(self): expected_output = "Command: intfutil -c status -i Ethernet0.10" self.assertEqual(result.output.split('\n')[0], expected_output) - result = self.runner.invoke(show.cli.commands["subinterfaces"].commands["status"], ["Eth32.10", "--verbose"]) + result = self.runner.invoke(show.cli.commands["subinterfaces"].commands["status"], ["Eth36.10", "--verbose"]) print(result.output, file=sys.stderr) - expected_output = "Command: intfutil -c status -i Eth32.10" + expected_output = "Command: intfutil -c status -i Eth36.10" self.assertEqual(result.output.split('\n')[0], expected_output) result = self.runner.invoke(show.cli.commands["subinterfaces"].commands["status"], ["Po0001.10", "--verbose"]) diff --git a/tests/ip_config_test.py b/tests/ip_config_test.py index c56b226c74..fd6b4feb9f 100644 --- a/tests/ip_config_test.py +++ b/tests/ip_config_test.py @@ -54,11 +54,11 @@ def test_add_del_interface_valid_ipv4(self): assert result.exit_code == 0 assert ('Ethernet0.10', '10.11.10.1/24') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') - # config int ip add Eth32.10 32.11.10.1/24 - result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["add"], ["Eth32.10", "32.11.10.1/24"], obj=obj) + # config int ip add Eth36.10 32.11.10.1/24 + result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["add"], ["Eth36.10", "32.11.10.1/24"], obj=obj) print(result.exit_code, result.output) assert result.exit_code == 0 - assert ('Eth32.10', '32.11.10.1/24') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') + assert ('Eth36.10', '32.11.10.1/24') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') # config int ip remove Ethernet64 10.10.10.1/24 result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Ethernet64", "10.10.10.1/24"], obj=obj) @@ -72,11 +72,11 @@ def test_add_del_interface_valid_ipv4(self): assert result.exit_code != 0 assert ('Ethernet0.10', '10.11.10.1/24') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') - # config int ip remove Eth32.10 32.11.10.1/24 - result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Eth32.10", "32.11.10.1/24"], obj=obj) + # config int ip remove Eth36.10 32.11.10.1/24 + result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Eth36.10", "32.11.10.1/24"], obj=obj) print(result.exit_code, result.output) assert result.exit_code != 0 - assert ('Eth32.10', '32.11.10.1/24') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') + assert ('Eth36.10', '32.11.10.1/24') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') def test_add_interface_invalid_ipv4(self): db = Db() @@ -129,10 +129,10 @@ def test_add_del_interface_valid_ipv6(self): assert result.exit_code == 0 assert ('Ethernet0.10', '1010:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') - result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["add"], ["Eth32.10", "3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34"], obj=obj) + result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["add"], ["Eth36.10", "3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34"], obj=obj) print(result.exit_code, result.output) assert result.exit_code == 0 - assert ('Eth32.10', '3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') + assert ('Eth36.10', '3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') in db.cfgdb.get_table('VLAN_SUB_INTERFACE') # config int ip remove Ethernet72 2001:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34 result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Ethernet72", "2001:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34"], obj=obj) @@ -145,10 +145,10 @@ def test_add_del_interface_valid_ipv6(self): assert result.exit_code != 0 assert ('Ethernet0.10', '1010:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') - result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Eth32.10", "3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34"], obj=obj) + result = runner.invoke(config.config.commands["interface"].commands["ip"].commands["remove"], ["Eth36.10", "3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34"], obj=obj) print(result.exit_code, result.output) assert result.exit_code != 0 - assert ('Eth32.10', '3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') + assert ('Eth36.10', '3210:1db8:11a3:19d7:1f34:8a2e:17a0:765d/34') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE') def test_del_interface_case_sensitive_ipv6(self): db = Db() diff --git a/tests/loopback_action_test.py b/tests/loopback_action_test.py index 58942b0c4b..b88d36973d 100644 --- a/tests/loopback_action_test.py +++ b/tests/loopback_action_test.py @@ -7,7 +7,7 @@ show_ip_interfaces_loopback_action_output="""\ Interface Action --------------- -------- -Eth32.10 drop +Eth36.10 drop Ethernet0 forward PortChannel0001 drop Vlan3000 forward diff --git a/tests/mock_tables/appl_db.json b/tests/mock_tables/appl_db.json index cd00408b49..ab4e31282f 100644 --- a/tests/mock_tables/appl_db.json +++ b/tests/mock_tables/appl_db.json @@ -188,7 +188,7 @@ "admin_status": "up", "vlan": "10" }, - "INTF_TABLE:Eth32.10": { + "INTF_TABLE:Eth36.10": { "admin_status": "up", "vrf_name": "Vrf1", "vlan": "100" @@ -202,7 +202,7 @@ "family": "IPv4", "scope": "global" }, - "INTF_TABLE:Eth32.10|32.10.11.12/24": { + "INTF_TABLE:Eth36.10|32.10.11.12/24": { "family": "IPv4", "scope": "global" }, @@ -210,7 +210,7 @@ "family": "IPv4", "scope": "global" }, - "INTF_TABLE:Eth32.10|3210::12/126": { + "INTF_TABLE:Eth36.10|3210::12/126": { "family": "IPv6", "scope": "global" }, diff --git a/tests/mock_tables/config_db.json b/tests/mock_tables/config_db.json index 699ef155e0..fcb16e8f2d 100644 --- a/tests/mock_tables/config_db.json +++ b/tests/mock_tables/config_db.json @@ -376,16 +376,16 @@ "VLAN_SUB_INTERFACE|Ethernet0.10|10.11.12.13/24": { "NULL" : "NULL" }, - "VLAN_SUB_INTERFACE|Eth32.10": { + "VLAN_SUB_INTERFACE|Eth36.10": { "admin_status": "up", "loopback_action": "drop", "vrf_name": "Vrf1", "vlan": "100" }, - "VLAN_SUB_INTERFACE|Eth32.10|32.10.11.12/24": { + "VLAN_SUB_INTERFACE|Eth36.10|32.10.11.12/24": { "NULL" : "NULL" }, - "VLAN_SUB_INTERFACE|Eth32.10|3210::12/126": { + "VLAN_SUB_INTERFACE|Eth36.10|3210::12/126": { "NULL" : "NULL" }, "VLAN_SUB_INTERFACE|Po0001.10": { diff --git a/tests/portchannel_test.py b/tests/portchannel_test.py index 9b187f13d5..bd30c73649 100644 --- a/tests/portchannel_test.py +++ b/tests/portchannel_test.py @@ -147,6 +147,19 @@ def test_add_portchannel_member_which_has_ipaddress(self): assert result.exit_code != 0 assert "Error: Ethernet0 has ip address configured" in result.output + def test_add_portchannel_member_which_has_subintf(self): + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + # add a portchannel member with port which has ip-address + result = runner.invoke(config.config.commands["portchannel"].commands["member"].commands["add"], ["PortChannel1001", "Ethernet36"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + print(result.output) + assert "Error: Ethernet36 has subinterfaces configured" in result.output + def test_add_portchannel_member_which_is_member_of_vlan(self): runner = CliRunner() db = Db() diff --git a/tests/show_vrf_test.py b/tests/show_vrf_test.py index 457b3587f6..269a968477 100644 --- a/tests/show_vrf_test.py +++ b/tests/show_vrf_test.py @@ -29,7 +29,7 @@ def test_vrf_show(self): Vrf101 Ethernet0.10 Vrf102 PortChannel0002 Vlan40 - Eth32.10 + Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 @@ -53,7 +53,7 @@ def test_vrf_bind_unbind(self): Vrf101 Ethernet0.10 Vrf102 PortChannel0002 Vlan40 - Eth32.10 + Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 @@ -86,10 +86,10 @@ def test_vrf_bind_unbind(self): assert result.exit_code == 0 assert 'PortChannel002' not in db.cfgdb.get_table('PORTCHANNEL_INTERFACE') - result = runner.invoke(config.config.commands["interface"].commands["vrf"].commands["unbind"], ["Eth32.10"], obj=obj) + result = runner.invoke(config.config.commands["interface"].commands["vrf"].commands["unbind"], ["Eth36.10"], obj=obj) print(result.exit_code, result.output) assert result.exit_code == 0 - assert ('vrf_name', 'Vrf102') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE')['Eth32.10'] + assert ('vrf_name', 'Vrf102') not in db.cfgdb.get_table('VLAN_SUB_INTERFACE')['Eth36.10'] result = runner.invoke(config.config.commands["interface"].commands["vrf"].commands["unbind"], ["Ethernet0.10"], obj=obj) print(result.exit_code, result.output) @@ -114,7 +114,7 @@ def test_vrf_bind_unbind(self): Vrf101 Ethernet0.10 Vrf102 PortChannel0002 Vlan40 - Eth32.10 + Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 diff --git a/tests/static_routes_test.py b/tests/static_routes_test.py index fc7371b344..3fce727ee2 100644 --- a/tests/static_routes_test.py +++ b/tests/static_routes_test.py @@ -403,16 +403,16 @@ def test_static_route_nexthop_subinterface(self): print(result.exit_code, result.output) assert not ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') - # config route add prefix 2.2.3.5/32 nexthop dev Eth32.10 + # config route add prefix 2.2.3.5/32 nexthop dev Eth36.10 result = runner.invoke(config.config.commands["route"].commands["add"], \ - ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth32.10"], obj=obj) + ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth36.10"], obj=obj) print(result.exit_code, result.output) assert ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Eth32.10', 'nexthop-vrf': ''} + assert db.cfgdb.get_entry('STATIC_ROUTE', '2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Eth36.10', 'nexthop-vrf': ''} - # config route del prefix 2.2.3.5/32 nexthop dev Eth32.10 + # config route del prefix 2.2.3.5/32 nexthop dev Eth36.10 result = runner.invoke(config.config.commands["route"].commands["del"], \ - ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth32.10"], obj=obj) + ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth36.10"], obj=obj) print(result.exit_code, result.output) assert not ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') diff --git a/tests/subintf_test.py b/tests/subintf_test.py index 581ea49ce5..c69d87572e 100644 --- a/tests/subintf_test.py +++ b/tests/subintf_test.py @@ -7,6 +7,12 @@ import show.main as show from utilities_common.db import Db +SUB_INTF_ON_LAG_MEMBER_ERR="""\ +Usage: add [OPTIONS] +Try "add --help" for help. + +Error: Ethernet32 is configured as a member of portchannel. Cannot configure subinterface +""" class TestSubinterface(object): @classmethod @@ -141,6 +147,21 @@ def test_invalid_subintf_creation(self): print(result.exit_code, result.output) assert result.exit_code != 0 + def test_subintf_creation_on_lag_member(self): + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["subinterface"].commands["add"], ["Ethernet32.10"], obj=obj) + print(result.exit_code, result.output) + assert result.exit_code != 0 + assert(result.output == SUB_INTF_ON_LAG_MEMBER_ERR) + + result = runner.invoke(config.config.commands["subinterface"].commands["add"], ["Eth32.20"], obj=obj) + print(result.exit_code, result.output) + assert result.exit_code != 0 + assert(result.output == SUB_INTF_ON_LAG_MEMBER_ERR) + def test_subintf_vrf_bind_unbind(self): runner = CliRunner() db = Db() diff --git a/tests/vrf_input/config_db.json b/tests/vrf_input/config_db.json index fe1cb2eb25..1746c14c4f 100644 --- a/tests/vrf_input/config_db.json +++ b/tests/vrf_input/config_db.json @@ -3,7 +3,7 @@ "vrf_name": "Vrf101", "admin_status": "up" }, - "VLAN_SUB_INTERFACE|Eth32.10": { + "VLAN_SUB_INTERFACE|Eth36.10": { "vrf_name": "Vrf102", "admin_status": "up", "vlan": "100" From 1ac584bb3d30ab6dac0396b8998ea12883acde87 Mon Sep 17 00:00:00 2001 From: Sumukha Tumkur Vani Date: Wed, 14 Sep 2022 14:30:29 -0700 Subject: [PATCH 10/38] Use 'default' VRF when VRF name is not provided (#2368) While adding static routes, if VRF name is not present, use default VRF --- config/main.py | 5 +- tests/static_routes_test.py | 106 ++++++++++++++++++------------------ 2 files changed, 56 insertions(+), 55 deletions(-) diff --git a/config/main.py b/config/main.py index 9bb403284d..b6290e6a45 100644 --- a/config/main.py +++ b/config/main.py @@ -1019,6 +1019,7 @@ def cli_sroute_to_config(ctx, command_str, strict_nh = True): elif 'prefix' in prefix_str: # prefix_str: ['prefix', ip] ip_prefix = prefix_str[1] + vrf_name = "default" else: ctx.fail("prefix is not in pattern!") @@ -5314,7 +5315,7 @@ def add_route(ctx, command_str): # Check if exist entry with key keys = config_db.get_keys('STATIC_ROUTE') - if key in keys: + if tuple(key.split("|")) in keys: # If exist update current entry current_entry = config_db.get_entry('STATIC_ROUTE', key) @@ -5339,7 +5340,7 @@ def del_route(ctx, command_str): key, route = cli_sroute_to_config(ctx, command_str, strict_nh=False) keys = config_db.get_keys('STATIC_ROUTE') prefix_tuple = tuple(key.split('|')) - if not key in keys and not prefix_tuple in keys: + if not tuple(key.split("|")) in keys and not prefix_tuple in keys: ctx.fail('Route {} doesnt exist'.format(key)) else: # If not defined nexthop or intf name remove entire route diff --git a/tests/static_routes_test.py b/tests/static_routes_test.py index 3fce727ee2..da8a4ea97b 100644 --- a/tests/static_routes_test.py +++ b/tests/static_routes_test.py @@ -45,8 +45,8 @@ def test_simple_static_route(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "1.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('1.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '1.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '1.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|1.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route del prefix 1.2.3.4/32 nexthop 30.0.0.5 result = runner.invoke(config.config.commands["route"].commands["del"], \ @@ -119,8 +119,8 @@ def test_dest_vrf_static_route(self): ["prefix", "3.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) print(db.cfgdb.get_table('STATIC_ROUTE')) - assert ('3.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '3.2.3.4/32') == {'nexthop': '30.0.0.6', 'nexthop-vrf': 'Vrf-RED', 'blackhole': 'false', 'distance': '0', 'ifname': ''} + assert ('default', '3.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|3.2.3.4/32') == {'nexthop': '30.0.0.6', 'nexthop-vrf': 'Vrf-RED', 'blackhole': 'false', 'distance': '0', 'ifname': ''} # config route del prefix 3.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ @@ -140,22 +140,22 @@ def test_multiple_nexthops_with_vrf_static_route(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "6.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.6,30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': 'Vrf-RED,Vrf-RED'} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': 'Vrf-RED,Vrf-RED'} ''' Del ''' # config route del prefix 6.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.7 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "6.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': 'Vrf-RED'} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': 'Vrf-RED'} # config route del prefix 6.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "6.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert not ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') def test_multiple_nexthops_static_route(self): db = Db() @@ -167,30 +167,30 @@ def test_multiple_nexthops_static_route(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "6.2.3.4/32", "nexthop", "30.0.0.6,30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} # config route add prefix 6.2.3.4/32 nexthop 30.0.0.8 result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "6.2.3.4/32", "nexthop", "30.0.0.8"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7,30.0.0.8', 'blackhole': 'false,false,false', 'distance': '0,0,0', 'ifname': ',,', 'nexthop-vrf': ',,'} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7,30.0.0.8', 'blackhole': 'false,false,false', 'distance': '0,0,0', 'ifname': ',,', 'nexthop-vrf': ',,'} ''' Del ''' # config route del prefix 6.2.3.4/32 nexthop 30.0.0.8 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "6.2.3.4/32", "nexthop", "30.0.0.8"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {"nexthop": '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {"nexthop": '30.0.0.6,30.0.0.7', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} # config route del prefix 6.2.3.4/32 nexthop 30.0.0.7 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "6.2.3.4/32", "nexthop", "30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '6.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '6.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|6.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route del prefix 6.2.3.4/32 nexthop 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ @@ -228,23 +228,23 @@ def test_static_route_ECMP_nexthop(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "10.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '10.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|10.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route add prefix 10.2.3.4/32 nexthop 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "10.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ('10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '10.2.3.4/32') == {'nexthop': '30.0.0.5,30.0.0.6', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} + assert ('default', '10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|10.2.3.4/32') == {'nexthop': '30.0.0.5,30.0.0.6', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ',', 'nexthop-vrf': ','} ''' Del ''' # config route del prefix 10.2.3.4/32 nexthop 30.0.0.5 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "10.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '10.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '10.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|10.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route del prefix 1.2.3.4/32 nexthop 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ @@ -264,8 +264,8 @@ def test_static_route_ECMP_nexthop_with_vrf(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "11.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '11.2.3.4/32') == {'nexthop': '30.0.0.5', 'nexthop-vrf': 'Vrf-RED', 'blackhole': 'false', 'distance': '0', 'ifname': ''} + assert ('default', '11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|11.2.3.4/32') == {'nexthop': '30.0.0.5', 'nexthop-vrf': 'Vrf-RED', 'blackhole': 'false', 'distance': '0', 'ifname': ''} result = runner.invoke(config.config.commands["vrf"].commands["add"], ["Vrf-BLUE"], obj=obj) print(result.exit_code, result.output) @@ -273,22 +273,22 @@ def test_static_route_ECMP_nexthop_with_vrf(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "11.2.3.4/32", "nexthop", "vrf", "Vrf-BLUE", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ('11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '11.2.3.4/32') == {"nexthop": "30.0.0.5,30.0.0.6", "nexthop-vrf": "Vrf-RED,Vrf-BLUE", 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ','} + assert ('default', '11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|11.2.3.4/32') == {"nexthop": "30.0.0.5,30.0.0.6", "nexthop-vrf": "Vrf-RED,Vrf-BLUE", 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ','} ''' Del ''' # config route del prefix 11.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.5 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "11.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '11.2.3.4/32') == {"nexthop": "30.0.0.6", "nexthop-vrf": "Vrf-BLUE", 'blackhole': 'false', 'distance': '0', 'ifname': ''} + assert ('default', '11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|11.2.3.4/32') == {"nexthop": "30.0.0.6", "nexthop-vrf": "Vrf-BLUE", 'blackhole': 'false', 'distance': '0', 'ifname': ''} # config route del prefix 11.2.3.4/32 nexthop vrf Vrf-BLUE 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "11.2.3.4/32", "nexthop", "vrf", "Vrf-BLUE", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert not ('11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '11.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') def test_static_route_ECMP_mixed_nextfop(self): db = Db() @@ -300,8 +300,8 @@ def test_static_route_ECMP_mixed_nextfop(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "12.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ('12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '12.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|12.2.3.4/32') == {'nexthop': '30.0.0.6', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} result = runner.invoke(config.config.commands["vrf"].commands["add"], ["Vrf-RED"], obj=obj) print(result.exit_code, result.output) @@ -309,22 +309,22 @@ def test_static_route_ECMP_mixed_nextfop(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "12.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '12.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'nexthop-vrf': ',Vrf-RED', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ','} + assert ('default', '12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|12.2.3.4/32') == {'nexthop': '30.0.0.6,30.0.0.7', 'nexthop-vrf': ',Vrf-RED', 'blackhole': 'false,false', 'distance': '0,0', 'ifname': ','} ''' Del ''' # config route del prefix 12.2.3.4/32 nexthop vrf Vrf-Red 30.0.0.7 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "12.2.3.4/32", "nexthop", "vrf", "Vrf-RED", "30.0.0.7"], obj=obj) print(result.exit_code, result.output) - assert ('12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '12.2.3.4/32') == {'nexthop': '30.0.0.6', 'nexthop-vrf': '', 'ifname': '', 'blackhole': 'false', 'distance': '0'} + assert ('default', '12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|12.2.3.4/32') == {'nexthop': '30.0.0.6', 'nexthop-vrf': '', 'ifname': '', 'blackhole': 'false', 'distance': '0'} # config route del prefix 12.2.3.4/32 nexthop 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "12.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert not ('12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '12.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') def test_del_nonexist_key_static_route(self): db = Db() @@ -335,7 +335,7 @@ def test_del_nonexist_key_static_route(self): result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "17.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ERROR_DEL_NONEXIST_KEY_STR.format("17.2.3.4/32") in result.output + assert ERROR_DEL_NONEXIST_KEY_STR.format("default|17.2.3.4/32") in result.output def test_del_nonexist_entry_static_route(self): db = Db() @@ -346,20 +346,20 @@ def test_del_nonexist_entry_static_route(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "13.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('13.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '13.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '13.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|13.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route del prefix 13.2.3.4/32 nexthop 30.0.0.6 <- nh ip that doesnt exist result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "13.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ERROR_DEL_NONEXIST_ENTRY_STR.format(('30.0.0.6', '', ''), "13.2.3.4/32") in result.output + assert ERROR_DEL_NONEXIST_ENTRY_STR.format(('30.0.0.6', '', ''), "default|13.2.3.4/32") in result.output # config route del prefix 13.2.3.4/32 nexthop 30.0.0.5 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "13.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert not '13.2.3.4/32' in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '13.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') def test_del_entire_ECMP_static_route(self): db = Db() @@ -370,20 +370,20 @@ def test_del_entire_ECMP_static_route(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "14.2.3.4/32", "nexthop", "30.0.0.5"], obj=obj) print(result.exit_code, result.output) - assert ('14.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '14.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} + assert ('default', '14.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|14.2.3.4/32') == {'nexthop': '30.0.0.5', 'blackhole': 'false', 'distance': '0', 'ifname': '', 'nexthop-vrf': ''} # config route add prefix 14.2.3.4/32 nexthop 30.0.0.6 result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "14.2.3.4/32", "nexthop", "30.0.0.6"], obj=obj) print(result.exit_code, result.output) - assert ('14.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '14.2.3.4/32') == {'nexthop': '30.0.0.5,30.0.0.6', 'nexthop-vrf': ',', 'ifname': ',', 'blackhole': 'false,false', 'distance': '0,0'} + assert ('default', '14.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|14.2.3.4/32') == {'nexthop': '30.0.0.5,30.0.0.6', 'nexthop-vrf': ',', 'ifname': ',', 'blackhole': 'false,false', 'distance': '0,0'} # config route del prefix 14.2.3.4/32 result = runner.invoke(config.config.commands["route"].commands["del"], ["prefix", "14.2.3.4/32"], obj=obj) print(result.exit_code, result.output) - assert not '14.2.3.4/32' in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '14.2.3.4/32') in db.cfgdb.get_table('STATIC_ROUTE') def test_static_route_nexthop_subinterface(self): db = Db() @@ -394,27 +394,27 @@ def test_static_route_nexthop_subinterface(self): result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "2.2.3.5/32", "nexthop", "dev", "Ethernet0.10"], obj=obj) print(result.exit_code, result.output) - assert ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Ethernet0.10', 'nexthop-vrf': ''} + assert ('default', '2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Ethernet0.10', 'nexthop-vrf': ''} # config route del prefix 2.2.3.5/32 nexthop dev Ethernet0.10 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "2.2.3.5/32", "nexthop", "dev", "Ethernet0.10"], obj=obj) print(result.exit_code, result.output) - assert not ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') # config route add prefix 2.2.3.5/32 nexthop dev Eth36.10 result = runner.invoke(config.config.commands["route"].commands["add"], \ ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth36.10"], obj=obj) print(result.exit_code, result.output) - assert ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') - assert db.cfgdb.get_entry('STATIC_ROUTE', '2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Eth36.10', 'nexthop-vrf': ''} + assert ('default', '2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert db.cfgdb.get_entry('STATIC_ROUTE', 'default|2.2.3.5/32') == {'nexthop': '', 'blackhole': 'false', 'distance': '0', 'ifname': 'Eth36.10', 'nexthop-vrf': ''} # config route del prefix 2.2.3.5/32 nexthop dev Eth36.10 result = runner.invoke(config.config.commands["route"].commands["del"], \ ["prefix", "2.2.3.5/32", "nexthop", "dev", "Eth36.10"], obj=obj) print(result.exit_code, result.output) - assert not ('2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') + assert not ('default', '2.2.3.5/32') in db.cfgdb.get_table('STATIC_ROUTE') @classmethod def teardown_class(cls): From 29a3e51804a3fa7d13bfbfb00360d41a6fe5b46d Mon Sep 17 00:00:00 2001 From: siqbal1986 Date: Thu, 15 Sep 2022 13:42:45 -0700 Subject: [PATCH 11/38] Added support for tunnel route status in show vnet routes all. (#2341) * Added support for tunnel route status in show vnet routes all. * Added a test for the CLI. Fixed a bug. * Updated command reference. --- doc/Command-Reference.md | 22552 +++++++++++++++--------------- show/vnet.py | 9 +- tests/mock_tables/appl_db.json | 12 + tests/mock_tables/state_db.json | 12 + tests/show_vnet_test.py | 29 + 5 files changed, 11335 insertions(+), 11279 deletions(-) create mode 100644 tests/show_vnet_test.py diff --git a/doc/Command-Reference.md b/doc/Command-Reference.md index 36231e3e80..5f188e7a78 100644 --- a/doc/Command-Reference.md +++ b/doc/Command-Reference.md @@ -1,11277 +1,11275 @@ -# SONiC Command Line Interface Guide - -## Table of Contents - -* [Document History](#document-history) -* [Introduction](#introduction) -* [Basic Tasks](#basic-tasks) - * [SSH Login](#ssh-login) - * [Show Management Interface](#show-management-interface) - * [Configuring Management Interface](#configuring-management-interface) -* [Getting Help](#getting-help) - * [Help for Config Commands](#help-for-config-commands) - * [Help for Show Commands](#help-for-show-commands) -* [Basic Show Commands](#basic-show-commands) - * [Show Versions](#show-versions) - * [Show System Status](#show-system-status) - * [Show Hardware Platform](#show-hardware-platform) - * [Transceivers](#transceivers) -* [AAA & TACACS+](#aaa--tacacs) - * [AAA](#aaa) - * [AAA show commands](#aaa-show-commands) - * [AAA config commands](#aaa-config-commands) - * [TACACS+](#tacacs) - * [TACACS+ show commands](#tacacs-show-commands) - * [TACACS+ config commands](#tacacs-config-commands) -* [ACL](#acl) - * [ACL show commands](#acl-show-commands) - * [ACL config commands](#acl-config-commands) -* [ARP & NDP](#arp--ndp) - * [ARP show commands](#arp-show-commands) - * [NDP show commands](#ndp-show-commands) -* [BFD](#bfd) - * [BFD show commands](#bfd-show-commands) -* [BGP](#bgp) - * [BGP show commands](#bgp-show-commands) - * [BGP config commands](#bgp-config-commands) -* [Console](#console) - * [Console show commands](#console-show-commands) - * [Console config commands](#console-config-commands) - * [Console connect commands](#console-connect-commands) - * [Console clear commands](#console-clear-commands) -* [DHCP Relay](#dhcp-relay) - * [DHCP Relay config commands](#dhcp-relay-config-commands) -* [Drop Counters](#drop-counters) - * [Drop Counter show commands](#drop-counters-show-commands) - * [Drop Counter config commands](#drop-counters-config-commands) - * [Drop Counter clear commands](#drop-counters-clear-commands) -* [Dynamic Buffer Management](#dynamic-buffer-management) - * [Configuration commands](#configuration-commands) - * [Show commands](#show-commands) -* [ECN](#ecn) - * [ECN show commands](#ecn-show-commands) - * [ECN config commands](#ecn-config-commands) -* [Feature](#feature) - * [Feature show commands](#feature-show-commands) - * [Feature config commands](#feature-config-commands) -* [Flow Counters](#flow-counters) - * [Flow Counters show commands](#flow-counters-show-commands) - * [Flow Counters clear commands](#flow-counters-clear-commands) - * [Flow Counters config commands](#flow-counters-config-commands) -* [Gearbox](#gearbox) - * [Gearbox show commands](#gearbox-show-commands) -* [Interfaces](#interfaces) - * [Interface Show Commands](#interface-show-commands) - * [Interface Config Commands](#interface-config-commands) -* [Interface Naming Mode](#interface-naming-mode) - * [Interface naming mode show commands](#interface-naming-mode-show-commands) - * [Interface naming mode config commands](#interface-naming-mode-config-commands) - * [Interface Vrf binding](#interface-vrf-binding) - * [Interface vrf bind & unbind config commands](#interface-vrf-bind-&-unbind-config-commands) - * [Interface vrf binding show commands](#interface-vrf-binding-show-commands) -* [IP / IPv6](#ip--ipv6) - * [IP show commands](#ip-show-commands) - * [IPv6 show commands](#ipv6-show-commands) -* [IPv6 Link Local](#ipv6-link-local) - * [IPv6 Link Local config commands](#ipv6-link-local-config-commands) - * [IPv6 Link Local show commands](#ipv6-link-local-show-commands) -* [Kubernetes](#Kubernetes) - * [Kubernetes show commands](#Kubernetes-show-commands) - * [Kubernetes config commands](#Kubernetes-config-commands) -* [Linux Kernel Dump](#kdump) - * [Linux Kernel Dump show commands](#Linux-Kernel-Dump-show-commands) - * [Linux Kernel Dump config commands](#Linux-Kernel-Dump-config-command) -* [LLDP](#lldp) - * [LLDP show commands](#lldp-show-commands) -* [Loading, Reloading And Saving Configuration](#loading-reloading-and-saving-configuration) - * [Loading configuration from JSON file](#loading-configuration-from-json-file) - * [Loading configuration from minigraph (XML) file](#loading-configuration-from-minigraph-xml-file) - * [Reloading Configuration](#reloading-configuration) - * [Loading Management Configuration](#loading-management-configuration) - * [Saving Configuration to a File for Persistence](saving-configuration-to-a-file-for-persistence) - * [Loopback Interfaces](#loopback-interfaces) - * [Loopback show commands](#loopback-show-commands) - * [Loopback config commands](#loopback-config-commands) -* [VRF Configuration](#vrf-configuration) - * [VRF show commands](#vrf-show-commands) - * [VRF config commands](#vrf-config-commands) -* [Management VRF](#Management-VRF) - * [Management VRF Show commands](#management-vrf-show-commands) - * [Management VRF Config commands](#management-vrf-config-commands) -* [Mirroring](#mirroring) - * [Mirroring Show commands](#mirroring-show-commands) - * [Mirroring Config commands](#mirroring-config-commands) -* [Muxcable](#muxcable) - * [Muxcable Show commands](#muxcable-show-commands) - * [Muxcable Config commands](#muxcable-config-commands) -* [NAT](#nat) - * [NAT Show commands](#nat-show-commands) - * [NAT Config commands](#nat-config-commands) - * [NAT Clear commands](#nat-clear-commands) -* [NTP](#ntp) - * [NTP show commands](#ntp-show-commands) - * [NTP config commands](#ntp-config-commands) -* [NVGRE](#nvgre) - * [NVGRE show commands](#nvgre-show-commands) - * [NVGRE config commands](#nvgre-config-commands) -* [PBH](#pbh) - * [PBH show commands](#pbh-show-commands) - * [PBH config commands](#pbh-config-commands) -* [PFC Watchdog Commands](#pfc-watchdog-commands) -* [Platform Component Firmware](#platform-component-firmware) - * [Platform Component Firmware show commands](#platform-component-firmware-show-commands) - * [Platform Component Firmware config commands](#platform-component-firmware-config-commands) - * [Platform Component Firmware vendor specific behaviour](#platform-component-firmware-vendor-specific-behaviour) -* [Platform Specific Commands](#platform-specific-commands) - * [Mellanox Platform Specific Commands](#mellanox-platform-specific-commands) - * [Barefoot Platform Specific Commands](#barefoot-platform-specific-commands) -* [PortChannels](#portchannels) - * [PortChannel Show commands](#portchannel-show-commands) - * [PortChannel Config commands](#portchannel-config-commands) -* [QoS](#qos) - * [QoS Show commands](#qos-show-commands) - * [PFC](#pfc) - * [Queue And Priority-Group](#queue-and-priority-group) - * [Buffer Pool](#buffer-pool) - * [QoS config commands](#qos-config-commands) -* [Radius](#radius) - * [radius show commands](#show-radius-commands) - * [radius config commands](#Radius-config-commands) -* [sFlow](#sflow) - * [sFlow Show commands](#sflow-show-commands) - * [sFlow Config commands](#sflow-config-commands) -* [SNMP](#snmp) - * [SNMP Show commands](#snmp-show-commands) - * [SNMP Config commands](#snmp-config-commands) -* [Startup & Running Configuration](#startup--running-configuration) - * [Startup Configuration](#startup-configuration) - * [Running Configuration](#running-configuration) -* [Static routing](#static-routing) -* [Subinterfaces](#subinterfaces) - * [Subinterfaces Show Commands](#subinterfaces-show-commands) - * [Subinterfaces Config Commands](#subinterfaces-config-commands) -* [Syslog](#syslog) - * [Syslog show commands](#syslog-show-commands) - * [Syslog config commands](#syslog-config-commands) -* [System State](#system-state) - * [Processes](#processes) - * [Services & Memory](#services--memory) -* [System-Health](#System-Health) -* [VLAN & FDB](#vlan--fdb) - * [VLAN](#vlan) - * [VLAN show commands](#vlan-show-commands) - * [VLAN Config commands](#vlan-config-commands) - * [FDB](#fdb) - * [FDB show commands](#fdb-show-commands) -* [VxLAN & Vnet](#vxlan--vnet) - * [VxLAN](#vxlan) - * [VxLAN show commands](#vxlan-show-commands) - * [Vnet](#vnet) - * [Vnet show commands](#vnet-show-commands) -* [Warm Reboot](#warm-reboot) -* [Warm Restart](#warm-restart) - * [Warm Restart show commands](#warm-restart-show-commands) - * [Warm Restart Config commands](#warm-restart-config-commands) -* [Watermark](#watermark) - * [Watermark Show commands](#watermark-show-commands) - * [Watermark Config commands](#watermark-config-commands) -* [Software Installation and Management](#software-installation-and-management) - * [SONiC Package Manager](#sonic-package-manager) - * [SONiC Installer](#sonic-installer) -* [Troubleshooting Commands](#troubleshooting-commands) - * [Debug Dumps](#debug-dumps) - * [Event Driven Techsupport Invocation](#event-driven-techsupport-invocation) -* [Routing Stack](#routing-stack) -* [Quagga BGP Show Commands](#Quagga-BGP-Show-Commands) -* [ZTP Configuration And Show Commands](#ztp-configuration-and-show-commands) - * [ ZTP show commands](#ztp-show-commands) - * [ZTP configuration commands](#ztp-configuration-commands) -* [MACsec Commands](#macsec-commands) - * [MACsec config command](#macsec-config-command) - * [MACsec show command](#macsec-show-command) - * [MACsec clear command](#macsec-clear-command) - - -## Document History - -| Version | Modification Date | Details | -| --- | --- | --- | -| v6 | May-06-2021 | Add SNMP show and config commands | -| v5 | Nov-05-2020 | Add document for console commands | -| v4 | Oct-17-2019 | Unify usage statements and other formatting; Replace tabs with spaces; Modify heading sizes; Fix spelling, grammar and other errors; Fix organization of new commands | -| v3 | Jun-26-2019 | Update based on 201904 (build#19) release, "config interface" command changes related to interfacename order, FRR/Quagga show command changes, platform specific changes, ACL show changes and few formatting changes | -| v2 | Apr-22-2019 | CLI Guide for SONiC 201811 version (build#32) with complete "config" command set | -| v1 | Mar-23-2019 | Initial version of CLI Guide with minimal command set | - -## Introduction -SONiC is an open source network operating system based on Linux that runs on switches from multiple vendors and ASICs. SONiC offers a full-suite of network functionality, like BGP and RDMA, that has been production-hardened in the data centers of some of the largest cloud-service providers. It offers teams the flexibility to create the network solutions they need while leveraging the collective strength of a large ecosystem and community. - -SONiC software shall be loaded in these [supported devices](https://github.com/Azure/SONiC/wiki/Supported-Devices-and-Platforms) and this CLI guide shall be used to configure the devices as well as to display the configuration, state and status. - -Follow the [Quick Start Guide](https://github.com/Azure/SONiC/wiki/Quick-Start) to boot the device in ONIE mode, install the SONiC software using the steps specified in the document and login to the device using the default username and password. - -After logging into the device, SONiC software can be configured in following three methods. - 1. Command Line Interface (CLI) - 2. [config_db.json](https://github.com/Azure/SONiC/wiki/Configuration) - 3. [minigraph.xml](https://github.com/Azure/SONiC/wiki/Configuration-with-Minigraph-(~Sep-2017)) - -This document explains the first method and gives the complete list of commands that are supported in SONiC 201904 version (build#19). -All the configuration commands need root privileges to execute them. Note that show commands can be executed by all users without the root privileges. -Root privileges can be obtained either by using "sudo" keyword in front of all config commands, or by going to root prompt using "sudo -i". -Note that all commands are case sensitive. - -- Example: - ``` - admin@sonic:~$ sudo config aaa authentication login tacacs+ - - OR - - admin@sonic:~$ sudo -i - root@sonic:~# config aaa authentication login tacacs+ - ``` - -Note that the command list given in this document is just a subset of all possible configurations in SONiC. -Please follow config_db.json based configuration for the complete list of configuration options. - -**Scope of this Document** - -It is assumed that all configuration commands start with the keyword “config” as prefix. -Any other scripts/utilities/commands that need user configuration control are wrapped as sub-commands under the “config” command. -The direct scripts/utilities/commands (examples given below) that are not wrapped under the "config" command are not in the scope of this document. - 1. acl_loader – This script is already wrapped inside “config acl” command; i.e. any ACL configuration that user is allowed to do is already part of “config acl” command; users are not expected to use the acl_loader script directly and hence this document need not explain the “acl_loader” script. - 2. crm – this command is not explained in this document. - 3. sonic-clear, sfputil, etc., This document does not explain these scripts also. - -## Basic Tasks - -This section covers the basic configurations related to the following: - 1. [SSH login](#SSH-Login) - 2. [Configuring the Management Interface](#Configuring-Management-Interface) - -### SSH Login - -All SONiC devices support both the serial console based login and the SSH based login by default. -The default credential (if not modified at image build time) for login is `admin/YourPaSsWoRd`. -In case of SSH login, users can login to the management interface (eth0) IP address after configuring the same using serial console. -Refer the following section for configuring the IP address for management interface. - -- Example: - ``` - At Console: - Debian GNU/Linux 9 sonic ttyS1 - - sonic login: admin - Password: YourPaSsWoRd - - SSH from any remote server to sonic can be done by connecting to SONiC IP - user@debug:~$ ssh admin@sonic_ip_address(or SONIC DNS Name) - admin@sonic's password: - ``` - -By default, login takes the user to the default prompt from which all the show commands can be executed. - -Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-tasks) - -### Show Management Interface - -Please check [show ip interfaces](#show-ip-interfaces) - -### Configuring Management Interface - -The management interface (eth0) in SONiC is configured (by default) to use DHCP client to get the IP address from the DHCP server. Connect the management interface to the same network in which your DHCP server is connected and get the IP address from DHCP server. -The IP address received from DHCP server can be verified using the `/sbin/ifconfig eth0` Linux command. - -SONiC provides a CLI to configure the static IP for the management interface. There are few ways by which a static IP address can be configured for the management interface. - 1. Use the `config interface ip add eth0` command. - - Example: - ``` - admin@sonic:~$ sudo config interface ip add eth0 20.11.12.13/24 20.11.12.254 - ``` - 2. Use config_db.json and configure the MGMT_INTERFACE key with the appropriate values. Refer [here](https://github.com/Azure/SONiC/wiki/Configuration#Management-Interface) - 3. Use minigraph.xml and configure "ManagementIPInterfaces" tag inside "DpgDesc" tag as given at the [page](https://github.com/Azure/SONiC/wiki/Configuration-with-Minigraph-(~Sep-2017)) - -Once the IP address is configured, the same can be verified using either `show management_interface address` command or the `/sbin/ifconfig eth0` linux command. -Users can SSH login to this management interface IP address from their management network. - -- Example: - ``` - admin@sonic:~$ /sbin/ifconfig eth0 - eth0: flags=4163 mtu 1500 - inet 10.11.11.13 netmask 255.255.255.0 broadcast 10.11.12.255 - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-tasks) - -## Getting Help - -Subsections: - 1. [Help for Config Commands](#Config-Help) - 2. [Help for Show Commands](#Show-Help) - 3. [Show Versions](#Show-Versions) - 4. [Show System Status](#Show-System-Status) - 5. [Show Hardware Platform](#Show-Hardware-Platform) - -### Help for Config Commands - -All commands have in-built help that aids the user in understanding the command as well as the possible sub-commands and options. -"--help" can be used at any level of the command; i.e. it can be used at the command level, or sub-command level or at argument level. The in-built help will display the available possibilities corresponding to that particular command/sub-command. - -**config --help** - -This command lists all the possible configuration commands at the top level. - -- Usage: - ``` - config --help - ``` - -- Example: - ``` - admin@sonic:~$ config --help - Usage: config [OPTIONS] COMMAND [ARGS] - SONiC command line - 'config' command - - Options: - --help Show this message and exit. - - Commands: - aaa AAA command line - acl ACL-related configuration tasks - bgp BGP-related configuration tasks - ecn ECN-related configuration tasks - feature Modify configuration of features - hostname Change device hostname without impacting traffic - interface Interface-related configuration tasks - interface_naming_mode Modify interface naming mode for interacting... - kubernetes Kubernetes server related configuration - load Import a previous saved config DB dump file. - load_mgmt_config Reconfigure hostname and mgmt interface based... - load_minigraph Reconfigure based on minigraph. - loopback Loopback-related configuration tasks. - mirror_session - nat NAT-related configuration tasks - platform Platform-related configuration tasks - portchannel - qos - reload Clear current configuration and import a... - route route-related configuration tasks - save Export current config DB to a file on disk. - tacacs TACACS+ server configuration - vlan VLAN-related configuration tasks - vrf VRF-related configuration tasks - warm_restart warm_restart-related configuration tasks - watermark Configure watermark - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#getting-help) - -### Help For Show Commands - -**show help** - -This command displays the full list of show commands available in the software; the output of each of those show commands can be used to analyze, debug or troubleshoot the network node. - -- Usage: - ``` - show (-?|-h|--help) - ``` - -- Example: - ``` - admin@sonic:~$ show -? - Usage: show [OPTIONS] COMMAND [ARGS]... - SONiC command line - 'show' command - - Options: - -?, -h, --help Show this message and exit. - - Commands: - aaa Show AAA configuration - acl Show ACL related information - arp Show IP ARP table - buffer_pool Show details of the Buffer-pools - clock Show date and time - ecn Show ECN configuration - environment Show environmentals (voltages, fans, temps) - feature Show feature status - interfaces Show details of the network interfaces - ip Show IP (IPv4) commands - ipv6 Show IPv6 commands - kubernetes Show kubernetes commands - line Show all /dev/ttyUSB lines and their info - lldp Show LLDP information - logging Show system log - mac Show MAC (FDB) entries - mirror_session Show existing everflow sessions - mmu Show mmu configuration - muxcable Show muxcable information - nat Show details of the nat - ndp Show IPv6 Neighbour table - ntp Show NTP information - pfc Show details of the priority-flow-control... - platform Show platform-specific hardware info - priority-group Show details of the PGs - processes Show process information - queue Show details of the queues - reboot-cause Show cause of most recent reboot - route-map Show route-map - runningconfiguration Show current running configuration... - services Show all daemon services - startupconfiguration Show startup configuration information - subinterfaces Show details of the sub port interfaces - system-memory Show memory information - tacacs Show TACACS+ configuration - techsupport Gather information for troubleshooting - uptime Show system uptime - users Show users - version Show version information - vlan Show VLAN information - vrf Show vrf config - warm_restart Show warm restart configuration and state - watermark Show details of watermark - ``` - -The same syntax applies to all subgroups of `show` which themselves contain subcommands, and subcommands which accept options/arguments. - -- Example: - ``` - admin@sonic:~$ show interfaces -? - - Show details of the network interfaces - - Options: - -?, -h, --help Show this message and exit. - - Commands: - counters Show interface counters - description Show interface status, protocol and... - naming_mode Show interface naming_mode status - neighbor Show neighbor related information - portchannel Show PortChannel information - status Show Interface status information - tpid Show Interface tpid information - transceiver Show SFP Transceiver information - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#getting-help) - -## Basic Show Commands - -Subsections: - 1. [Show Versions](#Show-Versions) - 2. [Show System Status](#Show-System-Status) - 3. [Show Hardware Platform](#Show-Hardware-Platform) - -### Show Versions - -**show version** - -This command displays software component versions of the currently running SONiC image. This includes the SONiC image version as well as Docker image versions. -This command displays relevant information as the SONiC and Linux kernel version being utilized, as well as the ID of the commit used to build the SONiC image. The second section of the output displays the various docker images and their associated IDs. - -- Usage: - ``` - show version - ``` - -- Example: - ``` - admin@sonic:~$ show version - SONiC Software Version: SONiC.HEAD.32-21ea29a - Distribution: Debian 9.8 - Kernel: 4.9.0-8-amd64 - Build commit: 21ea29a - Build date: Fri Mar 22 01:55:48 UTC 2019 - Built by: johnar@jenkins-worker-4 - - Platform: x86_64-mlnx_msn2700-r0 - HwSKU: Mellanox-SN2700 - ASIC: mellanox - ASIC Count: 1 - Serial Number: MT1822K07815 - Model Number: MSN2700-CS2FO - Hardware Rev: A1 - Uptime: 14:40:15 up 3 min, 1 user, load average: 1.26, 1.45, 0.66 - Date: Fri 22 Mar 2019 14:40:15 - - Docker images: - REPOSITORY TAG IMAGE ID SIZE - docker-syncd-brcm HEAD.32-21ea29a 434240daff6e 362MB - docker-syncd-brcm latest 434240daff6e 362MB - docker-orchagent-brcm HEAD.32-21ea29a e4f9c4631025 287MB - docker-orchagent-brcm latest e4f9c4631025 287MB - docker-nat HEAD.32-21ea29a 46075edc1c69 305MB - docker-nat latest 46075edc1c69 305MB - docker-lldp-sv2 HEAD.32-21ea29a 9681bbfea3ac 275MB - docker-lldp-sv2 latest 9681bbfea3ac 275MB - docker-dhcp-relay HEAD.32-21ea29a 2db34c7bc6f4 257MB - docker-dhcp-relay latest 2db34c7bc6f4 257MB - docker-database HEAD.32-21ea29a badc6fc84cdb 256MB - docker-database latest badc6fc84cdb 256MB - docker-snmp-sv2 HEAD.32-21ea29a e2776e2a30b7 295MB - docker-snmp-sv2 latest e2776e2a30b7 295MB - docker-teamd HEAD.32-21ea29a caf957cd2ad1 275MB - docker-teamd latest caf957cd2ad1 275MB - docker-router-advertiser HEAD.32-21ea29a b1a62023958c 255MB - docker-router-advertiser latest b1a62023958c 255MB - docker-platform-monitor HEAD.32-21ea29a 40b40a4b2164 287MB - docker-platform-monitor latest 40b40a4b2164 287MB - docker-fpm-quagga HEAD.32-21ea29a 546036fe6838 282MB - docker-fpm-quagga latest 546036fe6838 282MB - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) - - -### Show System Status -This sub-section explains some set of sub-commands that are used to display the status of various parameters pertaining to the physical state of the network node. - -**show clock** - -This command displays the current date and time configured on the system - -- Usage: - ``` - show clock - ``` - -- Example: - ``` - admin@sonic:~$ show clock - Mon Mar 25 20:25:16 UTC 2019 - ``` - -**show boot** - -This command displays the current OS image, the image to be loaded on next reboot, and lists all the available images installed on the device - -- Usage: - ``` - show boot - ``` - -- Example: - ``` - admin@sonic:~$ show boot - Current: SONiC-OS-20181130.31 - Next: SONiC-OS-20181130.31 - Available: - SONiC-OS-20181130.31 - ``` - -**show environment** - -This command displays the platform environmentals, such as voltages, temperatures and fan speeds - -- Usage: - ``` - show environment - ``` - -- Example: - ``` - admin@sonic:~$ show environment - coretemp-isa-0000 - Adapter: ISA adapter - Core 0: +28.0 C (high = +98.0 C, crit = +98.0 C) - Core 1: +28.0 C (high = +98.0 C, crit = +98.0 C) - Core 2: +28.0 C (high = +98.0 C, crit = +98.0 C) - Core 3: +28.0 C (high = +98.0 C, crit = +98.0 C) - SMF_Z9100_ON-isa-0000 - Adapter: ISA adapter - CPU XP3R3V_EARLY: +3.22 V - <... few more things ...> - - Onboard Temperature Sensors: - CPU: 30 C - BCM56960 (PSU side): 35 C - <... few more things ...> - - Onboard Voltage Sensors: - CPU XP3R3V_EARLY 3.22 V - <... few more things ...> - - Fan Trays: - Fan Tray 1: - Fan1 Speed: 6192 RPM - Fan2 Speed: 6362 RPM - Fan1 State: Normal - Fan2 State: Normal - Air Flow: F2B - <... few more things ...> - - PSUs: - PSU 1: - Input: AC - <... few more things ...> - ``` -NOTE: The show output has got lot of information; only the sample output is given in the above example. -Though the displayed output slightly differs from one platform to another platform, the overall content will be similar to the example mentioned above. - -**show reboot-cause** - -This command displays the cause of the previous reboot - -- Usage: - ``` - show reboot-cause - ``` - -- Example: - ``` - admin@sonic:~$ show reboot-cause - User issued reboot command [User: admin, Time: Mon Mar 25 01:02:03 UTC 2019] - ``` - -**show reboot-cause history** - -This command displays the history of the previous reboots up to 10 entry - -- Usage: - ``` - show reboot-cause history - ``` - -- Example: - ``` - admin@sonic:~$ show reboot-cause history - Name Cause Time User Comment - ------------------- ----------- ---------------------------- ------ --------- - 2020_10_09_02_33_06 reboot Fri Oct 9 02:29:44 UTC 2020 admin - 2020_10_09_01_56_59 reboot Fri Oct 9 01:53:49 UTC 2020 admin - 2020_10_09_02_00_53 fast-reboot Fri Oct 9 01:58:04 UTC 2020 admin - 2020_10_09_04_53_58 warm-reboot Fri Oct 9 04:51:47 UTC 2020 admin - ``` - -**show uptime** - -This command displays the current system uptime - -- Usage: - ``` - show uptime - ``` - -- Example: - ``` - admin@sonic:~$ show uptime - up 2 days, 21 hours, 30 minutes - ``` - -**show logging** - -This command displays all the currently stored log messages. -All the latest processes and corresponding transactions are stored in the "syslog" file. -This file is saved in the path `/var/log` and can be viewed by giving the command ` sudo cat syslog` as this requires root login. - -- Usage: - ``` - show logging [( [-l|--lines ]) | (-f|--follow)] - ``` - -- Example: - ``` - admin@sonic:~$ show logging - ``` - -It can be useful to pipe the output from `show logging` to the command `more` in order to examine one screenful of log messages at a time - -- Example: - ``` - admin@sonic:~$ show logging | more - ``` - -Optionally, you can specify a process name in order to display only log messages mentioning that process - -- Example: - ``` - admin@sonic:~$ show logging sensord - ``` - -Optionally, you can specify a number of lines to display using the `-l` or `--lines` option. Only the most recent N lines will be displayed. Also note that this option can be combined with a process name. - -- Examples: - ``` - admin@sonic:~$ show logging --lines 50 - ``` - ``` - admin@sonic:~$ show logging sensord --lines 50 - ``` - -Optionally, you can follow the log live as entries are written to it by specifying the `-f` or `--follow` flag - -- Example: - ``` - admin@sonic:~$ show logging --follow - ``` - -**show users** - -This command displays a list of users currently logged in to the device - -- Usage: - ``` - show users - ``` - -- Examples: - ``` - admin@sonic:~$ show users - admin pts/9 Mar 25 20:31 (100.127.20.23) - - admin@sonic:~$ show users - admin ttyS1 2019-03-25 20:31 - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) - -### Show Hardware Platform - -The information displayed in this set of commands partially overlaps with the one generated by “show envinronment” instruction. In this case though, the information is presented in a more succinct fashion. In the future these two CLI stanzas may end up getting combined. - -**show platform summary** - -This command displays a summary of the device's hardware platform - -- Usage: - ``` - show platform summary - ``` - -- Example: - ``` - admin@sonic:~$ show platform summary - Platform: x86_64-mlnx_msn2700-r0 - HwSKU: Mellanox-SN2700 - ASIC: mellanox - ASIC Count: 1 - Serial Number: MT1822K07815 - Model Number: MSN2700-CS2FO - Hardware Rev: A1 - ``` - -**show platform syseeprom** - -This command displays information stored on the system EEPROM. -Note that the output of this command is not the same for all vendor's platforms. -Couple of example outputs are given below. - -- Usage: - ``` - show platform syseeprom - ``` - -- Example: - ``` - admin@sonic:~$ show platform syseeprom - lsTLV Name Len Value - -------------------- --- ----- - PPID 20 XX-XXXXXX-00000-000-0000 - DPN Rev 3 XXX - Service Tag 7 XXXXXXX - Part Number 10 XXXXXX - Part Number Rev 3 XXX - Mfg Test Results 2 FF - Card ID 2 0x0000 - Module ID 2 0 - Base MAC Address 12 FE:EC:BA:AB:CD:EF - (checksum valid) - ``` - - ``` - admin@sonic:~$ show platform syseeprom - TlvInfo Header: - Id String: TlvInfo - Version: 1 - Total Length: 527 - TLV Name Code Len Value - ---- --- ----- - Product Name 0x21 64 MSN2700 - Part Number 0x22 20 MSN2700-CS2FO - Serial Number 0x23 24 MT1822K07815 - Base MAC Address 0x24 6 50:6B:4B:8F:CE:40 - Manufacture Date 0x25 19 05/28/2018 23:56:02 - Device Version 0x26 1 16 - MAC Addresses 0x2A 2 128 - Manufacturer 0x2B 8 Mellanox - Vendor Extension 0xFD 36 - Vendor Extension 0xFD 164 - Vendor Extension 0xFD 36 - Vendor Extension 0xFD 36 - Vendor Extension 0xFD 36 - Platform Name 0x28 18 x86_64-mlnx_x86-r0 - ONIE Version 0x29 21 2018.08-5.2.0006-9600 - CRC-32 0xFE 4 0x11C017E1 - - (checksum valid) - ``` - -**show platform ssdhealth** - -This command displays health parameters of the device's SSD - -- Usage: - ``` - show platform ssdhealth [--vendor] - ``` - -- Example: - ``` - admin@sonic:~$ show platform ssdhealth - Device Model : M.2 (S42) 3IE3 - Health : 99.665% - Temperature : 30C - ``` - -**show platform psustatus** - -This command displays the status of the device's power supply units - -- Usage: - ``` - show platform psustatus - ``` - -- Example: - ``` - admin@sonic:~$ show platform psustatus - PSU Model Serial HW Rev Voltage (V) Current (A) Power (W) Status LED - ----- ------------- ------------ -------- ------------- ------------- ----------- -------- ----- - PSU 1 MTEF-PSF-AC-A MT1621X15246 A3 11.97 4.56 54.56 OK green - ``` - -**show platform fan** - -This command displays the status of the device's fans - -- Usage: - ``` - show platform fan - ``` - -- Example: - ``` - admin@sonic:~$ show platform fan - FAN Speed Direction Presence Status Timestamp - ----------- -------- ----------- ---------- -------- ----------------- - fan1 34% intake Present OK 20200302 06:58:56 - fan2 43% intake Present OK 20200302 06:58:56 - fan3 38% intake Present OK 20200302 06:58:56 - fan4 49% intake Present OK 20200302 06:58:57 - fan5 38% exhaust Present OK 20200302 06:58:57 - fan6 48% exhaust Present OK 20200302 06:58:57 - fan7 39% exhaust Present OK 20200302 06:58:57 - fan8 48% exhaust Present OK 20200302 06:58:57 - ``` - -**show platform temperature** - -This command displays the status of the device's thermal sensors - -- Usage: - ``` - show platform temperature - ``` - -- Example: - ``` - admin@sonic:~$ show platform temperature - NAME Temperature High Th Low Th Crit High Th Crit Low Th Warning Timestamp - ---------------------- ------------- --------- -------- -------------- ------------- --------- ----------------- - Ambient ASIC Temp 37.0 100.0 N/A 120.0 N/A False 20200302 06:58:57 - Ambient Fan Side Temp 28.5 100.0 N/A 120.0 N/A False 20200302 06:58:57 - Ambient Port Side Temp 31.0 100.0 N/A 120.0 N/A False 20200302 06:58:57 - CPU Core 0 Temp 36.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 - CPU Core 1 Temp 38.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 - CPU Pack Temp 38.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 - PSU-1 Temp 28.0 100.0 N/A 120.0 N/A False 20200302 06:59:58 - PSU-2 Temp 28.0 100.0 N/A 120.0 N/A False 20200302 06:59:58 - xSFP module 1 Temp 31.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 2 Temp 35.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 3 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 4 Temp 33.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 5 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 6 Temp 36.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 7 Temp 33.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 8 Temp 33.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 9 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 10 Temp 38.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 11 Temp 38.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 12 Temp 39.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 13 Temp 35.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 14 Temp 37.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 15 Temp 36.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 16 Temp 36.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 17 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 18 Temp 34.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 19 Temp 30.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 20 Temp 31.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 21 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 22 Temp 34.4 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 23 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 24 Temp 35.6 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 25 Temp 38.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 - xSFP module 26 Temp 32.2 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 27 Temp 39.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 28 Temp 30.1 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 29 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 30 Temp 35.3 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 31 Temp 31.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 - xSFP module 32 Temp 39.5 70.0 N/A 90.0 N/A False 20200302 06:59:58 - ``` - -#### Transceivers -Displays diagnostic monitoring information of the transceivers - -**show interfaces transceiver** - -This command displays information for all the interfaces for the transceiver requested or a specific interface if the optional "interface_name" is specified. - -- Usage: - ``` - show interfaces transceiver (eeprom [-d|--dom] | lpmode | presence | error-status [-hw|--fetch-from-hardware]) [] - ``` - -- Example (Decode and display information stored on the EEPROM of SFP transceiver connected to Ethernet0): - ``` - admin@sonic:~$ show interfaces transceiver eeprom --dom Ethernet0 - Ethernet0: SFP detected - Connector : No separable connector - Encoding : Unspecified - Extended Identifier : Unknown - Extended RateSelect Compliance : QSFP+ Rate Select Version 1 - Identifier : QSFP+ - Length Cable Assembly(m) : 1 - Specification compliance : - 10/40G Ethernet Compliance Code : 40GBASE-CR4 - Fibre Channel Speed : 1200 Mbytes/Sec - Fibre Channel link length/Transmitter Technology : Electrical inter-enclosure (EL) - Fibre Channel transmission media : Twin Axial Pair (TW) - Vendor Date Code(YYYY-MM-DD Lot) : 2015-10-31 - Vendor Name : XXXXX - Vendor OUI : XX-XX-XX - Vendor PN : 1111111111 - Vendor Rev : - Vendor SN : 111111111 - ChannelMonitorValues: - RX1Power: -1.1936dBm - RX2Power: -1.1793dBm - RX3Power: -0.9388dBm - RX4Power: -1.0729dBm - TX1Bias: 4.0140mA - TX2Bias: 4.0140mA - TX3Bias: 4.0140mA - TX4Bias: 4.0140mA - ModuleMonitorValues : - Temperature : 1.1111C - Vcc : 0.0000Volts - ``` - -- Example (Display status of low-power mode of SFP transceiver connected to Ethernet100): - ``` - admin@sonic:~$ show interfaces transceiver lpmode Ethernet100 - Port Low-power Mode - ----------- ---------------- - Ethernet100 On - ``` - - -- Example (Display presence of SFP transceiver connected to Ethernet100): - ``` - admin@sonic:~$ show interfaces transceiver presence Ethernet100 - Port Presence - ----------- ---------- - Ethernet100 Present - ``` - -- Example (Display error status of SFP transceiver connected to Ethernet100): - ``` - admin@sonic:~$ show interfaces transceiver error-status Ethernet100 - Port Error Status - ----------- -------------- - Ethernet100 OK - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) - -## AAA & TACACS+ -This section captures the various show commands & configuration commands that are applicable for the AAA (Authentication, Authorization, and Accounting) module. -Admins can configure the type of authentication (local or remote tacacs based) required for the users and also the authentication failthrough and fallback options. -Following show command displays the current running configuration related to the AAA. - -### AAA - -#### AAA show commands - -This command is used to view the Authentication, Authorization & Accounting settings that are configured in the network node. - -**show aaa** - -This command displays the AAA settings currently present in the network node - -- Usage: - ``` - show aaa - ``` - -- Example: - ``` - admin@sonic:~$ show aaa - AAA authentication login local (default) - AAA authentication failthrough True (default) - AAA authentication fallback True (default) - ``` - -#### AAA config commands - -This sub-section explains all the possible CLI based configuration options for the AAA module. The list of commands/sub-commands possible for aaa is given below. - - Command: aaa authentication - sub-commands: - - aaa authentication failthrough - - aaa authentication fallback - - aaa authentication login - -**aaa authentication failthrough** - -This command is used to either enable or disable the failthrough option. -This command is useful when user has configured more than one tacacs+ server and when user has enabled tacacs+ authentication. -When authentication request to the first server fails, this configuration allows to continue the request to the next server. -When this configuration is enabled, authentication process continues through all servers configured. -When this is disabled and if the authentication request fails on first server, authentication process will stop and the login will be disallowed. - - -- Usage: - ``` - config aaa authentication failthrough (enable | disable | default) - ``` - - - Parameters: - - enable: This allows the AAA module to process with local authentication if remote authentication fails. - - disable: This disallows the AAA module to proceed further if remote authentication fails. - - default: This re-configures the default value, which is "enable". - - -- Example: - ``` - admin@sonic:~$ sudo config aaa authentication failthrough enable - ``` -**aaa authentication fallback** - -The command is not used at the moment. -When the tacacs+ authentication fails, it falls back to local authentication by default. - -- Usage: - ``` - config aaa authentication fallback (enable | disable | default) - ``` - -- Example: - ``` - admin@sonic:~$ sudo config aaa authentication fallback enable - ``` - -**aaa authentication login** - -This command is used to either configure whether AAA should use local database or remote tacacs+ database for user authentication. -By default, AAA uses local database for authentication. New users can be added/deleted using the linux commands (Note that the configuration done using linux commands are not preserved during reboot). -Admin can enable remote tacacs+ server based authentication by selecting the AUTH_PROTOCOL as tacacs+ in this command. -Admins need to configure the tacacs+ server accordingly and ensure that the connectivity to tacacas+ server is available via the management interface. -Once if the admins choose the remote authentication based on tacacs+ server, all user logins will be authenticated by the tacacs+ server. -If the authentication fails, AAA will check the "failthrough" configuration and authenticates the user based on local database if failthrough is enabled. - -- Usage: - ``` - config aaa authentication (tacacs+ | local | default) - ``` - - - Parameters: - - tacacs+: Enables remote authentication based on tacacs+ - - local: Disables remote authentication and uses local authentication - - default: Reset back to default value, which is only "local" authentication - - -- Example: - ``` - admin@sonic:~$ sudo config aaa authentication login tacacs+ - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#aaa--tacacs) - -### TACACS+ - -#### TACACS+ show commands - -**show tacacs** - -This command displays the global configuration fields and the list of all tacacs servers and their correponding configurations. - -- Usage: - ``` - show tacacs - ``` - -- Example: - ``` - admin@sonic:~$ show tacacs - TACPLUS global auth_type pap (default) - TACPLUS global timeout 99 - TACPLUS global passkey (default) - - TACPLUS_SERVER address 10.11.12.14 - priority 9 - tcp_port 50 - auth_type mschap - timeout 10 - passkey testing789 - - TACPLUS_SERVER address 10.0.0.9 - priority 1 - tcp_port 49 - ``` - -#### TACACS+ config commands - -This sub-section explains the command "config tacacs" and its sub-commands that are used to configure the following tacacs+ parameters. -Some of the parameters like authtype, passkey and timeout can be either configured at per server level or at global level (global value will be applied if there no server level configuration) - -1) Add/Delete the tacacs+ server details. -2) authtype - global configuration that is applied to all servers if there is no server specific configuration. -3) default - reset the authtype or passkey or timeout to the default values. -4) passkey - global configuration that is applied to all servers if there is no server specific configuration. -5) timeout - global configuration that is applied to all servers if there is no server specific configuration. - -**config tacacs add** - -This command is used to add a TACACS+ server to the tacacs server list. -Note that more than one tacacs+ (maximum of seven) can be added in the device. -When user tries to login, tacacs client shall contact the servers one by one. -When any server times out, device will try the next server one by one based on the priority value configured for that server. -When this command is executed, the configured tacacs+ server addresses are updated in /etc/pam.d/common-auth-sonic configuration file which is being used by tacacs service. - -- Usage: - ``` - config tacacs add [-t|--timeout ] [-k|--key ] [-a|--type ] [-o|--port ] [-p|--pri ] [-m|--use-mgmt-vrf] - ``` - - - Parameters: - - ip_address: TACACS+ server IP address. - - timeout: Transmission timeout interval in seconds, range 1 to 60, default 5 - - key: Shared secret - - type: Authentication type, "chap" or "pap" or "mschap" or "login", default is "pap". - - port: TCP port range is 1 to 65535, default 49 - - pri: Priority, priority range 1 to 64, default 1. - - use-mgmt-vrf: This means that the server is part of Management vrf, default is "no vrf" - - -- Example: - ``` - admin@sonic:~$ sudo config tacacs add 10.11.12.13 -t 10 -k testing789 -a mschap -o 50 -p 9 - ``` - - - Example Server Configuration in /etc/pam.d/common-auth-sonic configuration file: - ``` - auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.14:50 secret=testing789 login=mschap timeout=10 try_first_pass - auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.24:50 secret=testing789 login=mschap timeout=987654321098765433211 - 0987 try_first_pass - auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.0.0.9:49 secret= login=mschap timeout=5 try_first_pass - auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.0.0.8:49 secret= login=mschap timeout=5 try_first_pass - auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.13:50 secret=testing789 login=mschap timeout=10 try_first_pass - auth [success=1 default=ignore] pam_unix.so nullok try_first_pass - ``` - - *NOTE: In the above example, the servers are stored (sorted) based on the priority value configured for the server.* - -**config tacacs delete** - -This command is used to delete the tacacs+ servers configured. - -- Usage: - ``` - config tacacs delete - ``` - -- Example: - ``` - admin@sonic:~$ sudo config tacacs delete 10.11.12.13 - ``` - -**config tacacs authtype** - -This command is used to modify the global value for the TACACS+ authtype. -When user has not configured server specific authtype, this global value shall be used for that server. - -- Usage: - ``` - config tacacs authtype (chap | pap | mschap | login) - ``` - -- Example: - ``` - admin@sonic:~$ sudo config tacacs authtype mschap - ``` - -**config tacacs default** - -This command is used to reset the global value for authtype or passkey or timeout to default value. -Default for authtype is "pap", default for passkey is EMPTY_STRING and default for timeout is 5 seconds. - -- Usage: - ``` - config tacacs default (authtype | passkey | timeout) - ``` - -- Example (This will reset the global authtype back to the default value "pap"): - ``` - admin@sonic:~$ sudo config tacacs default authtype - ``` - -**config tacacs passkey** - -This command is used to modify the global value for the TACACS+ passkey. -When user has not configured server specific passkey, this global value shall be used for that server. - -- Usage: - ``` - config tacacs passkey - ``` - -- Example: - ``` - admin@sonic:~$ sudo config tacacs passkey testing123 - ``` - -**config tacacs timeout** - -This command is used to modify the global value for the TACACS+ timeout. -When user has not configured server specific timeout, this global value shall be used for that server. - - -- Usage: - ``` - config tacacs [default] timeout [] - ``` - - - Options: - - Valid values for timeout is 1 to 60 seconds. - - When the optional keyword "default" is specified, timeout_value_in_seconds parameter wont be used; default value of 5 is used. - - Configuration using the keyword "default" is introduced in 201904 release. - -- Example: To configure non-default timeout value - ``` - admin@sonic:~$ sudo config tacacs timeout 60 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#aaa--tacacs) - - - -## ACL - -This section explains the various show commands and configuration commands available for users. - -### ACL show commands - -**show acl table** - -This command displays either all the ACL tables that are configured or only the specified "TABLE_NAME". -Output from the command displays the table name, type of the table, the list of interface(s) to which the table is bound and the description about the table. - -- Usage: - ``` - show acl table [] - ``` - -- Example: - ``` - admin@sonic:~$ show acl table - Name Type Binding Description Stage - -------- --------- --------------- ---------------- ------- - EVERFLOW MIRROR Ethernet16 EVERFLOW ingress - Ethernet96 - Ethernet108 - Ethernet112 - PortChannel0001 - PortChannel0002 - SNMP_ACL CTRLPLANE SNMP SNMP_ACL ingress - DT_ACL_T1 L3 Ethernet0 DATA_ACL_TABLE_1 egress - Ethernet4 - Ethernet112 - Ethernet116 - SSH_ONLY CTRLPLANE SSH SSH_ONLY ingress - ``` - -**show acl rule** - -This command displays all the ACL rules present in all the ACL tables or only the rules present in specified table "TABLE_NAME" or only the rule matching the RULE_ID option. -Output from the command gives the following information about the rules -1) Table name - ACL table name to which the rule belongs to. -2) Rule name - ACL rule name -3) Priority - Priority for this rule. -4) Action - Action to be performed if the packet matches with this ACL rule. - -It can be: -- "DROP"/"FORWARD"("ACCEPT" for control plane ACL) -- "REDIRECT: redirect-object" for redirect rule, where "redirect-object" is either: - - physical interface name, e.g. "Ethernet10" - - port channel name, e.g. "PortChannel0002" - - next-hop IP address, e.g. "10.0.0.1" - - next-hop group set of IP addresses with comma seperator, e.g. "10.0.0.1,10.0.0.3" -- "MIRROR INGRESS|EGRESS: session-name" for mirror rules, where "session-name" refers to mirror session - -Users can choose to have a default permit rule or default deny rule. In case of default "deny all" rule, add the permitted rules on top of the deny rule. In case of the default "permit all" rule, users can add the deny rules on top of it. If users have not confgured any rule, SONiC allows all traffic (which is "permit all"). - -5) Match - The fields from the packet header that need to be matched against the same present in the incoming traffic. - -- Usage: - ``` - show acl rule [] [] - ``` - -- Example: - ``` - admin@sonic:~$ show acl rule - Table Rule Priority Action Match - -------- ------------ ---------- ------------------------- ---------------------------- - SNMP_ACL RULE_1 9999 ACCEPT IP_PROTOCOL: 17 - SRC_IP: 1.1.1.1/32 - SSH_ONLY RULE_2 9998 ACCEPT IP_PROTOCOL: 6 - SRC_IP: 1.1.1.1/32 - EVERFLOW RULE_3 9997 MIRROR INGRESS: everflow0 SRC_IP: 20.0.0.2/32 - EVERFLOW RULE_4 9996 MIRROR EGRESS : everflow1 L4_SRC_PORT: 4621 - DATAACL RULE_5 9995 REDIRECT: Ethernet8 IP_PROTOCOL: 126 - DATAACL RULE_6 9994 FORWARD L4_SRC_PORT: 179 - DATAACL RULE_7 9993 FORWARD L4_DST_PORT: 179 - SNMP_ACL DEFAULT_RULE 1 DROP ETHER_TYPE: 2048 - SSH_ONLY DEFAULT_RULE 1 DROP ETHER_TYPE: 2048 - ``` - - -### ACL config commands -This sub-section explains the list of configuration options available for ACL module. -Note that there is no direct command to add or delete or modify the ACL table and ACL rule. -Existing ACL tables and ACL rules can be updated by specifying the ACL rules in json file formats and configure those files using this CLI command. - -**config acl update full** - -This command is to update the rules in all the tables or in one specific table in full. If a table_name is provided, the operation will be restricted in the specified table. All existing rules in the specified table or all tables will be removed. New rules loaded from file will be installed. If the table_name is specified, only rules within that table will be removed and new rules in that table will be installed. If the table_name is not specified, all rules from all tables will be removed and only the rules present in the input file will be added. - -The command does not modify anything in the list of acl tables. It modifies only the rules present in those pre-existing tables. - -In order to create acl tables, either follow the config_db.json method or minigraph method to populate the list of ACL tables. - -After creating tables, either the config_db.json method or the minigraph method or the CLI method (explained here) can be used to populate the rules in those ACL tables. - -This command updates only the ACL rules and it does not disturb the ACL tables; i.e. the output of "show acl table" is not alterted by using this command; only the output of "show acl rule" will be changed after this command. - -When "--session_name" optional argument is specified, command sets the session_name for the ACL table with this mirror session name. It fails if the specified mirror session name does not exist. - -When "--mirror_stage" optional argument is specified, command sets the mirror action to ingress/egress based on this parameter. By default command sets ingress mirror action in case argument is not specified. - -When the optional argument "max_priority" is specified, each rule’s priority is calculated by subtracting its “sequence_id” value from the “max_priority”. If this value is not passed, the default “max_priority” 10000 is used. - -- Usage: - ``` - config acl update full [--table_name ] [--session_name ] [--mirror_stage (ingress | egress)] [--max_priority ] - ``` - - - Parameters: - - table_name: Specifiy the name of the ACL table to load. Example: config acl update full "--table_name DT_ACL_T1 /etc/sonic/acl_table_1.json" - - session_name: Specifiy the name of the ACL session to load. Example: config acl update full "--session_name mirror_ses1 /etc/sonic/acl_table_1.json" - - priority_value: Specify the maximum priority to use when loading ACL rules. Example: config acl update full "--max-priority 100 /etc/sonic/acl_table_1.json" - - *NOTE 1: All these optional parameters should be inside double quotes. If none of the options are provided, double quotes are not required for specifying filename alone.* - *NOTE 2: Any number of optional parameters can be configured in the same command.* - -- Examples: - ``` - admin@sonic:~$ sudo config acl update full /etc/sonic/acl_full_snmp_1_2_ssh_4.json - admin@sonic:~$ sudo config acl update full "--table_name SNMP-ACL /etc/sonic/acl_full_snmp_1_2_ssh_4.json" - admin@sonic:~$ sudo config acl update full "--session_name everflow0 /etc/sonic/acl_full_snmp_1_2_ssh_4.json" - ``` - - This command will remove all rules from all the ACL tables and insert all the rules present in this input file. - Refer the example file [acl_full_snmp_1_2_ssh_4.json](#) that adds two rules for SNMP (Rule1 and Rule2) and one rule for SSH (Rule4) - Refer an example for input file format [here](https://github.com/Azure/sonic-mgmt/blob/master/ansible/roles/test/files/helpers/config_service_acls.sh) - Refer another example [here](https://github.com/Azure/sonic-mgmt/blob/master/ansible/roles/test/tasks/acl/acltb_test_rules_part_1.json) - -**config acl update incremental** - -This command is used to perform incremental update of ACL rule table. This command gets existing rules from Config DB and compares with rules specified in input file and performs corresponding modifications. - -With respect to DATA ACLs, the command does not assume that new dataplane ACLs can be inserted in betweeen by shifting existing ACLs in all ASICs. Therefore, this command performs a full update on dataplane ACLs. -With respect to control plane ACLs, this command performs an incremental update. -If we assume that "file1.json" is the already loaded ACL rules file and if "file2.json" is the input file that is passed as parameter for this command, the following requirements are valid for the input file. -1) First copy the file1.json to file2.json. -2) Remove the unwanted ACL rules from file2.json -3) Add the newly required ACL rules into file2.json. -4) Modify the existing ACL rules (that require changes) in file2.json. - -NOTE: If any ACL rule that is already available in file1.json is required even after this command execution, such rules should remain unalterted in file2.json. Don't remove them. -Note that "incremental" is working like "full". - -When "--session_name" optional argument is specified, command sets the session_name for the ACL table with this mirror session name. It fails if the specified mirror session name does not exist. - -When "--mirror_stage" optional argument is specified, command sets the mirror action to ingress/egress based on this parameter. By default command sets ingress mirror action in case argument is not specified. - -When the optional argument "max_priority" is specified, each rule’s priority is calculated by subtracting its “sequence_id” value from the “max_priority”. If this value is not passed, the default “max_priority” 10000 is used. - -- Usage: - ``` - config acl update incremental [--session_name ] [--mirror_stage (ingress | egress)] [--max_priority ] - ``` - - - Parameters: - - table_name: Specifiy the name of the ACL table to load. Example: config acl update full "--table_name DT_ACL_T1 /etc/sonic/acl_table_1.json" - - session_name: Specifiy the name of the ACL session to load. Example: config acl update full "--session_name mirror_ses1 /etc/sonic/acl_table_1.json" - - priority_value: Specify the maximum priority to use when loading ACL rules. Example: config acl update full "--max-priority 100 /etc/sonic/acl_table_1.json" - - *NOTE 1: All these optional parameters should be inside double quotes. If none of the options are provided, double quotes are not required for specifying filename alone.* - *NOTE 2: Any number of optional parameters can be configured in the same command.* - -- Examples: - ``` - admin@sonic:~$ sudo config acl update incremental /etc/sonic/acl_incremental_snmp_1_3_ssh_4.json - ``` - ``` - admin@sonic:~$ sudo config acl update incremental "--session_name everflow0 /etc/sonic/acl_incremental_snmp_1_3_ssh_4.json" - ``` - - Refer the example file [acl_incremental_snmp_1_3_ssh_4.json](#) that adds two rules for SNMP (Rule1 and Rule3) and one rule for SSH (Rule4) - When this "incremental" command is executed after "full" command, it has removed SNMP Rule2 and added SNMP Rule3 in the example. - File "acl_full_snmp_1_2_ssh_4.json" has got SNMP Rule1, SNMP Rule2 and SSH Rule4. - File "acl_incremental_snmp_1_3_ssh_4.json" has got SNMP Rule1, SNMP Rule3 and SSH Rule4. - This file is created by copying the file "acl_full_snmp_1_2_ssh_4.json" to "acl_incremental_snmp_1_3_ssh_4.json" and then removing SNMP Rule2 and adding SNMP Rule3. - -Go Back To [Beginning of the document](#) or [Beginning of this section](#acl) - -**config acl add table** - -This command is used to create new ACL tables. - -- Usage: - ``` - config acl add table [OPTIONS] [-d ] [-p ] [-s (ingress | egress)] - ``` - -- Parameters: - - table_name: The name of the ACL table to create. - - table_type: The type of ACL table to create (e.g. "L3", "L3V6", "MIRROR") - - description: A description of the table for the user. (default is the table_name) - - ports: A comma-separated list of ports/interfaces to add to the table. The behavior is as follows: - - Physical ports will be bound as physical ports - - Portchannels will be bound as portchannels - passing a portchannel member is invalid - - VLANs will be expanded into their members (e.g. "Vlan1000" will become "Ethernet0,Ethernet2,Ethernet4...") - - stage: The stage this ACL table will be applied to, either ingress or egress. (default is ingress) - -- Examples: - ``` - admin@sonic:~$ sudo config acl add table EXAMPLE L3 -p Ethernet0,Ethernet4 -s ingress - ``` - ``` - admin@sonic:~$ sudo config acl add table EXAMPLE_2 L3V6 -p Vlan1000,PortChannel0001,Ethernet128 -s egress - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#acl) - - -## ARP & NDP - -### ARP show commands - -**show arp** - -This command displays the ARP entries in the device with following options. -1) Display the entire table. -2) Display the ARP entries learnt on a specific interface. -3) Display the ARP of a specific ip-address. - -- Usage: - ``` - show arp [-if ] [] - ``` - -- Details: - - show arp: Displays all entries - - show arp -if : Displays the ARP specific to the specified interface. - - show arp : Displays the ARP specific to the specicied ip-address. - - -- Example: - ``` - admin@sonic:~$ show arp - Address MacAddress Iface Vlan - ------------- ----------------- ------- ------ - 192.168.1.183 88:5a:92:fb:bf:41 Ethernet44 - - 192.168.1.175 88:5a:92:fc:95:81 Ethernet28 - - 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - - 192.168.1.179 88:5a:92:de:a8:bc Ethernet36 - - 192.168.1.118 00:1c:73:3c:de:43 Ethernet64 - - 192.168.1.11 00:1c:73:3c:e1:38 Ethernet88 - - 192.168.1.161 24:e9:b3:71:3a:01 Ethernet0 - - 192.168.1.189 24:e9:b3:9d:57:41 Ethernet56 - - 192.168.1.187 74:26:ac:8b:8f:c1 Ethernet52 - - 192.168.1.165 88:5a:92:de:a0:7c Ethernet8 - - - Total number of entries 10 - ``` - -Optionally, you can specify the interface in order to display the ARPs learnt on that particular interface - -- Example: - ``` - admin@sonic:~$ show arp -if Ethernet40 - Address MacAddress Iface Vlan - ------------- ----------------- ---------- ------ - 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - - Total number of entries 1 - ``` - -Optionally, you can specify an IP address in order to display only that particular entry - -- Example: - ``` - admin@sonic:~$ show arp 192.168.1.181 - Address MacAddress Iface Vlan - ------------- ----------------- ---------- ------ - 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - - Total number of entries 1 - ``` - -### NDP show commands - -**show ndp** - -This command displays either all the IPv6 neighbor mac addresses, or for a particular IPv6 neighbor, or for all IPv6 neighbors reachable via a specific interface. - -- Usage: - ``` - show ndp [-if|--iface ] - ``` - -- Example (show all IPv6 neighbors): - ``` - admin@sonic:~$ show ndp - Address MacAddress Iface Vlan Status - ------------------------ ----------------- ------- ------ --------- - fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE - fe80::20c:29ff:feb8:cff0 00:0c:29:b8:cf:f0 eth0 - REACHABLE - fe80::20c:29ff:fef9:324 00:0c:29:f9:03:24 eth0 - REACHABLE - Total number of entries 3 - ``` - -- Example (show specific IPv6 neighbor): - ``` - admin@sonic:~$ show ndp fe80::20c:29ff:feb8:b11e - Address MacAddress Iface Vlan Status - ------------------------ ----------------- ------- ------ --------- - fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE - Total number of entries 1 - ``` - -- Example (show IPv6 neighbors learned on a specific interface): - ``` - admin@sonic:~$ show ndp -if eth0 - Address MacAddress Iface Vlan Status - ------------------------ ----------------- ------- ------ --------- - fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE - fe80::20c:29ff:feb8:cff0 00:0c:29:b8:cf:f0 eth0 - REACHABLE - fe80::20c:29ff:fef9:324 00:0c:29:f9:03:24 eth0 - REACHABLE - Total number of entries 3 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#arp--ndp) - -## BFD - -### BFD show commands - -**show bfd summary** - -This command displays the state and key parameters of all BFD sessions. - -- Usage: - ``` - show bfd summary - ``` -- Example: - ``` - >> show bfd summary - Total number of BFD sessions: 3 - Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop - ----------- ----------- ------- ------- ------------ ------------ ------------- ------------- ------------ ---------- - 10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true - 10.0.2.1 Ethernet12 default UP async_active 10.0.0.1 200 600 3 false - 2000::10:1 default default UP async_active 2000::1 100 700 3 false - ``` - -**show bfd peer** - -This command displays the state and key parameters of all BFD sessions that match an IP address. - -- Usage: - ``` - show bgp peer - ``` -- Example: - ``` - >> show bfd peer 10.0.1.1 - Total number of BFD sessions for peer IP 10.0.1.1: 1 - Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop - ----------- ----------- ------- ------- ------------ ------------ ------------- ------------- ------------ ---------- - 10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true - ``` - -## BGP - -This section explains all the BGP show commands and BGP configuation commands in both "Quagga" and "FRR" routing software that are supported in SONiC. -In 201811 and older verisons "Quagga" was enabled by default. In current version "FRR" is enabled by default. -Most of the FRR show commands start with "show bgp". Similar commands in Quagga starts with "show ip bgp". All sub-options supported in all these show commands are common for FRR and Quagga. -Detailed show commands examples for Quagga are provided at the end of this document.This section captures only the commands supported by FRR. - -### BGP show commands - - -**show bgp summary (Versions >= 201904 using default FRR routing stack)** - -**show ip bgp summary (Versions <= 201811 using Quagga routing stack)** - -This command displays the summary of all IPv4 & IPv6 bgp neighbors that are configured and the corresponding states. - -- Usage: - - *Versions >= 201904 using default FRR routing stack* - ``` - show bgp summary - ``` - *Versions <= 201811 using Quagga routing stack* - ``` - show ip bgp summary - ``` - -- Example: - ``` - admin@sonic:~$ show ip bgp summary - - IPv4 Unicast Summary: - BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 - BGP table version 6465 - RIB entries 12807, using 2001 KiB of memory - Peers 4, using 83 KiB of memory - Peer groups 2, using 128 bytes of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName - 10.0.0.57 4 64600 3995 4001 0 0 0 00:39:32 6400 Lab-T1-01 - 10.0.0.59 4 64600 3995 3998 0 0 0 00:39:32 6400 Lab-T1-02 - 10.0.0.61 4 64600 3995 4001 0 0 0 00:39:32 6400 Lab-T1-03 - 10.0.0.63 4 64600 3995 3998 0 0 0 00:39:32 6400 NotAvailable - - Total number of neighbors 4 - ``` - -- Example: - ``` - admin@sonic:~$ show bgp summary - - IPv4 Unicast Summary: - BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 - BGP table version 6465 - RIB entries 12807, using 2001 KiB of memory - Peers 4, using 83 KiB of memory - Peer groups 2, using 128 bytes of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd - 10.0.0.57 4 64600 3995 4001 0 0 0 00:39:32 6400 - 10.0.0.59 4 64600 3995 3998 0 0 0 00:39:32 6400 - 10.0.0.61 4 64600 3995 4001 0 0 0 00:39:32 6400 - 10.0.0.63 4 64600 3995 3998 0 0 0 00:39:32 6400 - - Total number of neighbors 4 - - IPv6 Unicast Summary: - BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 - BGP table version 12803 - RIB entries 12805, using 2001 KiB of memory - Peers 4, using 83 KiB of memory - Peer groups 2, using 128 bytes of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd - fc00::72 4 64600 3995 5208 0 0 0 00:39:30 6400 - fc00::76 4 64600 3994 5208 0 0 0 00:39:30 6400 - fc00::7a 4 64600 3993 5208 0 0 0 00:39:30 6400 - fc00::7e 4 64600 3993 5208 0 0 0 00:39:30 6400 - - Total number of neighbors 4 - ``` - Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp summary" for Quagga. - - - -**show bgp neighbors (Versions >= 201904 using default FRR routing stack)** - -**show ip bgp neighbors (Versions <= 201811 using Quagga routing stack)** - -This command displays all the details of IPv4 & IPv6 BGP neighbors when no optional argument is specified. - -When the optional argument IPv4_address is specified, it displays the detailed neighbor information about that specific IPv4 neighbor. - -Command has got additional optional arguments to display only the advertised routes, or the received routes, or all routes. - -In order to get details for an IPv6 neigbor, use "show bgp ipv6 neighbor " command. - - -- Usage: - - *Versions >= 201904 using default FRR routing stack* - ``` - show bgp neighbors [ [advertised-routes | received-routes | routes]] - ``` - *Versions <= 201811 using Quagga routing stack* - ``` - show ip bgp neighbors [ [advertised-routes | received-routes | routes]] - ``` - -- Example: - ``` - admin@sonic:~$ show bgp neighbors - BGP neighbor is 10.0.0.57, remote AS 64600, local AS 65100, external link - Description: ARISTA01T1 - BGP version 4, remote router ID 100.1.0.29, local router ID 10.1.0.32 - BGP state = Established, up for 00:42:15 - Last read 00:00:00, Last write 00:00:03 - Hold time is 10, keepalive interval is 3 seconds - Configured hold time is 10, keepalive interval is 3 seconds - Neighbor capabilities: - 4 Byte AS: advertised and received - AddPath: - IPv4 Unicast: RX advertised IPv4 Unicast and received - Route refresh: advertised and received(new) - Address Family IPv4 Unicast: advertised and received - Hostname Capability: advertised (name: sonic-z9264f-9251,domain name: n/a) not received - Graceful Restart Capabilty: advertised and received - Remote Restart timer is 300 seconds - Address families by peer: - none - Graceful restart information: - End-of-RIB send: IPv4 Unicast - End-of-RIB received: IPv4 Unicast - Message statistics: - Inq depth is 0 - Outq depth is 0 - Sent Rcvd - Opens: 2 1 - Notifications: 2 0 - Updates: 3206 3202 - Keepalives: 845 847 - Route Refresh: 0 0 - Capability: 0 0 - Total: 4055 4050 - Minimum time between advertisement runs is 0 seconds - - For address family: IPv4 Unicast - Update group 1, subgroup 1 - Packet Queue length 0 - Inbound soft reconfiguration allowed - Community attribute sent to this neighbor(all) - 6400 accepted prefixes - - Connections established 1; dropped 0 - Last reset 00:42:37, due to NOTIFICATION sent (Cease/Connection collision resolution) - Local host: 10.0.0.56, Local port: 179 - Foreign host: 10.0.0.57, Foreign port: 46419 - Nexthop: 10.0.0.56 - Nexthop global: fc00::71 - Nexthop local: fe80::2204:fff:fe36:9449 - BGP connection: shared network - BGP Connect Retry Timer in Seconds: 120 - Read thread: on Write thread: on - ``` - -Optionally, you can specify an IP address in order to display only that particular neighbor. In this mode, you can optionally specify whether you want to display all routes advertised to the specified neighbor, all routes received from the specified neighbor or all routes (received and accepted) from the specified neighbor. - -- Example: - ``` - admin@sonic:~$ show bgp neighbors 10.0.0.57 - - admin@sonic:~$ show bgp neighbors 10.0.0.57 advertised-routes - - admin@sonic:~$ show bgp neighbors 10.0.0.57 received-routes - - admin@sonic:~$ show bgp neighbors 10.0.0.57 routes - ``` - - Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp neighbors" for Quagga. - - -**show ip bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] - -This command displays all the details of IPv4 Border Gateway Protocol (BGP) prefixes. - -- Usage: - - - ``` - show ip bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] - ``` - -- Example: - - NOTE: The "longer-prefixes" option is only available when a network prefix with a "/" notation is used. - - ``` - admin@sonic:~$ show ip bgp network - - admin@sonic:~$ show ip bgp network 10.1.0.32 bestpath - - admin@sonic:~$ show ip bgp network 10.1.0.32 multipath - - admin@sonic:~$ show ip bgp network 10.1.0.32 json - - admin@sonic:~$ show ip bgp network 10.1.0.32/32 bestpath - - admin@sonic:~$ show ip bgp network 10.1.0.32/32 multipath - - admin@sonic:~$ show ip bgp network 10.1.0.32/32 json - - admin@sonic:~$ show ip bgp network 10.1.0.32/32 longer-prefixes - ``` - -**show bgp ipv6 summary (Versions >= 201904 using default FRR routing stack)** - -**show ipv6 bgp summary (Versions <= 201811 using Quagga routing stack)** - -This command displays the summary of all IPv6 bgp neighbors that are configured and the corresponding states. - -- Usage: - - *Versions >= 201904 using default FRR routing stack* - ``` - show bgp ipv6 summary - ``` - *Versions <= 201811 using Quagga routing stack* - ``` - show ipv6 bgp summary - ``` - -- Example: - ``` - admin@sonic:~$ show bgp ipv6 summary - BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 - BGP table version 12803 - RIB entries 12805, using 2001 KiB of memory - Peers 4, using 83 KiB of memory - Peer groups 2, using 128 bytes of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName - fc00::72 4 64600 3995 5208 0 0 0 00:39:30 6400 Lab-T1-01 - fc00::76 4 64600 3994 5208 0 0 0 00:39:30 6400 Lab-T1-02 - fc00::7a 4 64600 3993 5208 0 0 0 00:39:30 6400 Lab-T1-03 - fc00::7e 4 64600 3993 5208 0 0 0 00:39:30 6400 Lab-T1-04 - - Total number of neighbors 4 - ``` - Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ipv6 bgp summary" for Quagga. - - - -**show bgp ipv6 neighbors (Versions >= 201904 using default FRR routing stack)** - -**show ipv6 bgp neighbors (Versions <= 201811 using Quagga routing stack)** - -This command displays all the details of one particular IPv6 Border Gateway Protocol (BGP) neighbor. Option is also available to display only the advertised routes, or the received routes, or all routes. - - -- Usage: - - *Versions >= 201904 using default FRR routing stack* - ``` - show bgp ipv6 neighbors [ [(advertised-routes | received-routes | routes)]] - ``` - *Versions <= 201811 using Quagga routing stack* - ``` - show ipv6 bgp neighbors [ [(advertised-routes | received-routes | routes)]] - ``` - -- Example: - ``` - admin@sonic:~$ show bgp ipv6 neighbors fc00::72 advertised-routes - - admin@sonic:~$ show bgp ipv6 neighbors fc00::72 received-routes - - admin@sonic:~$ show bgp ipv6 neighbors fc00::72 routes - ``` - Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp summary" for Quagga. - - -**show ipv6 bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] - -This command displays all the details of IPv6 Border Gateway Protocol (BGP) prefixes. - -- Usage: - - - ``` - show ipv6 bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] - ``` - -- Example: - - NOTE: The "longer-prefixes" option is only available when a network prefix with a "/" notation is used. - - ``` - admin@sonic:~$ show ipv6 bgp network - - admin@sonic:~$ show ipv6 bgp network fc00::72 bestpath - - admin@sonic:~$ show ipv6 bgp network fc00::72 multipath - - admin@sonic:~$ show ipv6 bgp network fc00::72 json - - admin@sonic:~$ show ipv6 bgp network fc00::72/64 bestpath - - admin@sonic:~$ show ipv6 bgp network fc00::72/64 multipath - - admin@sonic:~$ show ipv6 bgp network fc00::72/64 json - - admin@sonic:~$ show ipv6 bgp network fc00::72/64 longer-prefixes - ``` - - - - -**show route-map** - -This command displays the routing policy that takes precedence over the other route processes that are configured. - -- Usage: - ``` - show route-map - ``` - -- Example: - ``` - admin@sonic:~$ show route-map - ZEBRA: - route-map RM_SET_SRC, permit, sequence 10 - Match clauses: - Set clauses: - src 10.12.0.102 - Call clause: - Action: - Exit routemap - ZEBRA: - route-map RM_SET_SRC6, permit, sequence 10 - Match clauses: - Set clauses: - src fc00:1::102 - Call clause: - Action: - Exit routemap - BGP: - route-map FROM_BGP_SPEAKER_V4, permit, sequence 10 - Match clauses: - Set clauses: - Call clause: - Action: - Exit routemap - BGP: - route-map TO_BGP_SPEAKER_V4, deny, sequence 10 - Match clauses: - Set clauses: - Call clause: - Action: - Exit routemap - BGP: - route-map ISOLATE, permit, sequence 10 - Match clauses: - Set clauses: - as-path prepend 65000 - Call clause: - Action: - Exit routemap - ``` - - -### BGP config commands - -This sub-section explains the list of configuration options available for BGP module for both IPv4 and IPv6 BGP neighbors. - -**config bgp shutdown all** - -This command is used to shutdown all the BGP IPv4 & IPv6 sessions. -When the session is shutdown using this command, BGP state in "show ip bgp summary" is displayed as "Idle (Admin)" - -- Usage: - ``` - config bgp shutdown all - ``` - -- Example: - ``` - admin@sonic:~$ sudo config bgp shutdown all - ``` - -**config bgp shutdown neighbor** - -This command is to shut down a BGP session with a neighbor by that neighbor's IP address or hostname - -- Usage: - ``` - sudo config bgp shutdown neighbor ( | ) - ``` - -- Examples: - ``` - admin@sonic:~$ sudo config bgp shutdown neighbor 192.168.1.124 - ``` - ``` - admin@sonic:~$ sudo config bgp shutdown neighbor SONIC02SPINE - ``` - - -**config bgp startup all** - -This command is used to start up all the IPv4 & IPv6 BGP neighbors - -- Usage: - ``` - config bgp startup all - ``` - -- Example: - ``` - admin@sonic:~$ sudo config bgp startup all - ``` - - -**config bgp startup neighbor** - -This command is used to start up the particular IPv4 or IPv6 BGP neighbor using either the IP address or hostname. - -- Usage: - ``` - config bgp startup neighbor ( | ) - ``` - -- Examples: - ``` - admin@sonic:~$ sudo config bgp startup neighbor 192.168.1.124 - ``` - ``` - admin@sonic:~$ sudo config bgp startup neighbor SONIC02SPINE - ``` - - -**config bgp remove neighbor** - -This command is used to remove particular IPv4 or IPv6 BGP neighbor configuration using either the IP address or hostname. - -- Usage: - ``` - config bgp remove neighbor - ``` - -- Examples: - ``` - admin@sonic:~$ sudo config bgp remove neighbor 192.168.1.124 - ``` - ``` - admin@sonic:~$ sudo config bgp remove neighbor 2603:10b0:b0f:346::4a - ``` - ``` - admin@sonic:~$ sudo config bgp remove neighbor SONIC02SPINE - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#bgp) - -## Console - -This section explains all Console show commands and configuration options that are supported in SONiC. - -All commands are used only when SONiC is used as console switch. - -All commands under this section are not applicable when SONiC used as regular switch. - -### Console show commands - -**show line** - -This command displays serial port or a virtual network connection status. - -- Usage: - ``` - show line (-b|--breif) - ``` - -- Example: - ``` - admin@sonic:~$ show line - Line Baud Flow Control PID Start Time Device - ------ ------ -------------- ----- ------------ -------- - 1 9600 Enabled - - switch1 - 2 - Disabled - - - 3 - Disabled - - - 4 - Disabled - - - 5 - Disabled - - - ``` - -Optionally, you can display configured console ports only by specifying the `-b` or `--breif` flag. - -- Example: - ``` - admin@sonic:~$ show line -b - Line Baud Flow Control PID Start Time Device - ------ ------ -------------- ----- ------------ -------- - 1 9600 Enabled - - switch1 - ``` - -## Console config commands - -This sub-section explains the list of configuration options available for console management module. - -**config console enable** - -This command is used to enable SONiC console switch feature. - -- Usage: - ``` - config console enable - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console enable - ``` - -**config console disable** - -This command is used to disable SONiC console switch feature. - -- Usage: - ``` - config console disable - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console disable - ``` - -**config console add** - -This command is used to add a console port setting. - -- Usage: - ``` - config console add [--baud|-b ] [--flowcontrol|-f] [--devicename|-d ] - ``` - -- Example: - ``` - admin@sonic:~$ config console add 1 --baud 9600 --devicename switch1 - ``` - -**config console del** - -This command is used to remove a console port setting. - -- Usage: - ``` - config console del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console del 1 - ``` - -**config console remote_device** - -This command is used to update the remote device name for a console port. - -- Usage: - ``` - config console remote_device - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console remote_device 1 switch1 - ``` - -**config console baud** - -This command is used to update the baud rate for a console port. - -- Usage: - ``` - config console baud - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console baud 1 9600 - ``` - -**config console flow_control** - -This command is used to enable or disable flow control feature for a console port. - -- Usage: - ``` - config console flow_control {enable|disable} - ``` - -- Example: - ``` - admin@sonic:~$ sudo config console flow_control enable 1 - ``` - -### Console connect commands - -**connect line** - -This command allows user to connect to a remote device via console line with an interactive cli. - -- Usage: - ``` - connect line (-d|--devicename) - ``` - -By default, the target is `port_name`. - -- Example: - ``` - admin@sonic:~$ connect line 1 - Successful connection to line 1 - Press ^A ^X to disconnect - ``` - -Optionally, you can connect with a remote device name by specifying the `-d` or `--devicename` flag. - -- Example: - ``` - admin@sonic:~$ connect line --devicename switch1 - Successful connection to line 1 - Press ^A ^X to disconnect - ``` - -**connect device** - -This command allows user to connect to a remote device via console line with an interactive cli. - -- Usage: - ``` - connect device - ``` - -The command is same with `connect line --devicename ` - -- Example: - ``` - admin@sonic:~$ connect line 1 - Successful connection to line 1 - Press ^A ^X to disconnect - ``` - -### Console clear commands - -**sonic-clear line** - -This command allows user to connect to a remote device via console line with an interactive cli. - -- Usage: - ``` - sonc-clear line (-d|--devicename) - ``` - -By default, the target is `port_name`. - -- Example: - ``` - admin@sonic:~$ sonic-clear line 1 - ``` - -Optionally, you can clear with a remote device name by specifying the `-d` or `--devicename` flag. - -- Example: - ``` - admin@sonic:~$ sonic-clear --devicename switch1 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#console) - - -## DHCP Relay - -### DHCP Relay config commands - -This sub-section of commands is used to add or remove the DHCP Relay Destination IP address(es) for a VLAN interface. - -**config vlan dhcp_relay add** - -This command is used to add a DHCP Relay Destination IP address or multiple IP addresses to a VLAN. Note that more than one DHCP Relay Destination IP address can be added on a VLAN interface. - -- Usage: - ``` - config vlan dhcp_relay add - ``` - -- Example: - ``` - admin@sonic:~$ sudo config vlan dhcp_relay add 1000 7.7.7.7 - Added DHCP relay destination address ['7.7.7.7'] to Vlan1000 - Restarting DHCP relay service... - ``` - ``` - admin@sonic:~$ sudo config vlan dhcp_relay add 1000 7.7.7.7 1.1.1.1 - Added DHCP relay destination address ['7.7.7.7', '1.1.1.1'] to Vlan1000 - Restarting DHCP relay service... - ``` - -**config vlan dhcp_relay delete** - -This command is used to delete a configured DHCP Relay Destination IP address or multiple IP addresses from a VLAN interface. - -- Usage: - ``` - config vlan dhcp_relay del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config vlan dhcp_relay del 1000 7.7.7.7 - Removed DHCP relay destination address 7.7.7.7 from Vlan1000 - Restarting DHCP relay service... - ``` - ``` - admin@sonic:~$ sudo config vlan dhcp_relay del 1000 7.7.7.7 1.1.1.1 - Removed DHCP relay destination address ('7.7.7.7', '1.1.1.1') from Vlan1000 - Restarting DHCP relay service... - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#dhcp-relay) - - -## Drop Counters - -This section explains all the Configurable Drop Counters show commands and configuration options that are supported in SONiC. - -### Drop Counters show commands - -**show dropcounters capabilities** - -This command is used to show the drop counter capabilities that are available on this device. It displays the total number of drop counters that can be configured on this device as well as the drop reasons that can be configured for the counters. - -- Usage: - ``` - show dropcounters capabilities - ``` - -- Examples: - ``` - admin@sonic:~$ show dropcounters capabilities - Counter Type Total - -------------------- ------- - PORT_INGRESS_DROPS 3 - SWITCH_EGRESS_DROPS 2 - - PORT_INGRESS_DROPS: - L2_ANY - SMAC_MULTICAST - SMAC_EQUALS_DMAC - INGRESS_VLAN_FILTER - EXCEEDS_L2_MTU - SIP_CLASS_E - SIP_LINK_LOCAL - DIP_LINK_LOCAL - UNRESOLVED_NEXT_HOP - DECAP_ERROR - - SWITCH_EGRESS_DROPS: - L2_ANY - L3_ANY - A_CUSTOM_REASON - ``` - -**show dropcounters configuration** - -This command is used to show the current running configuration of the drop counters on this device. - -- Usage: - ``` - show dropcounters configuration [-g ] - ``` - -- Examples: - ``` - admin@sonic:~$ show dropcounters configuration - Counter Alias Group Type Reasons Description - -------- -------- ----- ------------------ ------------------- -------------- - DEBUG_0 RX_LEGIT LEGIT PORT_INGRESS_DROPS SMAC_EQUALS_DMAC Legitimate port-level RX pipeline drops - INGRESS_VLAN_FILTER - DEBUG_1 TX_LEGIT None SWITCH_EGRESS_DROPS EGRESS_VLAN_FILTER Legitimate switch-level TX pipeline drops - - admin@sonic:~$ show dropcounters configuration -g LEGIT - Counter Alias Group Type Reasons Description - -------- -------- ----- ------------------ ------------------- -------------- - DEBUG_0 RX_LEGIT LEGIT PORT_INGRESS_DROPS SMAC_EQUALS_DMAC Legitimate port-level RX pipeline drops - INGRESS_VLAN_FILTER - ``` - -**show dropcounters counts** - -This command is used to show the current statistics for the configured drop counters. Standard drop counters are displayed as well for convenience. - -Because clear (see below) is handled on a per-user basis different users may see different drop counts. - -- Usage: - ``` - show dropcounters counts [-g ] [-t ] - ``` - -- Example: - ``` - admin@sonic:~$ show dropcounters counts - IFACE STATE RX_ERR RX_DROPS TX_ERR TX_DROPS RX_LEGIT - --------- ------- -------- ---------- -------- ---------- --------- - Ethernet0 U 10 100 0 0 20 - Ethernet4 U 0 1000 0 0 100 - Ethernet8 U 100 10 0 0 0 - - DEVICE TX_LEGIT - ------ -------- - sonic 1000 - - admin@sonic:~$ show dropcounters counts -g LEGIT - IFACE STATE RX_ERR RX_DROPS TX_ERR TX_DROPS RX_LEGIT - --------- ------- -------- ---------- -------- ---------- --------- - Ethernet0 U 10 100 0 0 20 - Ethernet4 U 0 1000 0 0 100 - Ethernet8 U 100 10 0 0 0 - - admin@sonic:~$ show dropcounters counts -t SWITCH_EGRESS_DROPS - DEVICE TX_LEGIT - ------ -------- - sonic 1000 - ``` - -### Drop Counters config commands - -**config dropcounters install** - -This command is used to initialize a new drop counter. The user must specify a name, type, and initial list of drop reasons. - -This command will fail if the given name is already in use, if the type of counter is not supported, or if any of the specified drop reasons are not supported. It will also fail if all avaialble counters are already in use on the device. - -- Usage: - ``` - config dropcounters install [-d ] [-g ] [-a ] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config dropcounters install DEBUG_2 PORT_INGRESS_DROPS [EXCEEDS_L2_MTU,DECAP_ERROR] -d "More port ingress drops" -g BAD -a BAD_DROPS - ``` - -**config dropcounters add_reasons** - -This command is used to add drop reasons to an already initialized counter. - -This command will fail if any of the specified drop reasons are not supported. - -- Usage: - ``` - config dropcounters add_reasons - ``` - -- Example: - ``` - admin@sonic:~$ sudo config dropcounters add_reasons DEBUG_2 [SIP_CLASS_E] - ``` - -**config dropcounters remove_reasons** - -This command is used to remove drop reasons from an already initialized counter. - -- Usage: - ``` - config dropcounters remove_reasons - ``` - -- Example: - ``` - admin@sonic:~$ sudo config dropcounters remove_reasons DEBUG_2 [SIP_CLASS_E] - ``` - -**config dropcounters delete** - -This command is used to delete a drop counter. - -- Usage: - ``` - config dropcounters delete - ``` - -- Example: - ``` - admin@sonic:~$ sudo config dropcounters delete DEBUG_2 - ``` - -### Drop Counters clear commands - -**sonic-clear dropcounters** - -This comnmand is used to clear drop counters. This is done on a per-user basis. - -- Usage: - ``` - sonic-clear dropcounters - ``` - -- Example: - ``` - admin@sonic:~$ sonic-clear dropcounters - Cleared drop counters - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](##drop-counters) - -## Dynamic Buffer Management - -This section explains all the show and configuration commands regarding the dynamic buffer management. - -Dynamic buffer management is responsible for calculating buffer size according to the ports' configured speed and administrative state. In order to enable dynamic buffer management feature, the ports' speed must be configured. For this please refer [Interface naming mode config commands](#interface-naming-mode-config-commands) - -### Configuration commands - -**configure shared headroom pool** - -This command is used to configure the shared headroom pool. The shared headroom pool can be enabled in the following ways: - -- Configure the over subscribe ratio. In this case, the size of shared headroom pool is calculated as the accumulative xoff of all of the lossless PG divided by the over subscribe ratio. -- Configure the size. - -In case both of the above parameters have been configured, the `size` will take effect. To disable shared headroom pool, configure both parameters to zero. - -- Usage: - - ``` - config buffer shared-headroom-pool over-subscribe-ratio - config buffer shared-headroom-pool size - ``` - - The range of over-subscribe-ratio is from 1 to number of ports inclusive. - -- Example: - - ``` - admin@sonic:~$ sudo config shared-headroom-pool over-subscribe-ratio 2 - admin@sonic:~$ sudo config shared-headroom-pool size 1024000 - ``` - -**configure a lossless buffer profile** - -This command is used to configure a lossless buffer profile. - -- Usage: - - ``` - config buffer profile add --xon --xoff [-size ] [-dynamic_th ] [-pool ] - config buffer profile set --xon --xoff [-size ] [-dynamic_th ] [-pool ] - config buffer profile remove - ``` - - All the parameters are devided to two groups, one for headroom and one for dynamic_th. For any command at lease one group of parameters should be provided. - For headroom parameters: - - - `xon` is madantory. - - If shared headroom pool is disabled: - - At lease one of `xoff` and `size` should be provided and the other will be optional and conducted via the formula `xon + xoff = size`. - - `xon` + `xoff` <= `size`; For Mellanox platform xon + xoff == size - - If shared headroom pool is enabled: - - `xoff` should be provided. - - `size` = `xoff` if it is not provided. - - If only headroom parameters are provided, the `dynamic_th` will be taken from `CONFIG_DB.DEFAULT_LOSSLESS_BUFFER_PARAMETER.default_dynamic_th`. - - If only dynamic_th parameter is provided, the `headroom_type` will be set as `dynamic` and `xon`, `xoff` and `size` won't be set. This is only used for non default dynamic_th. In this case, the profile won't be deployed to ASIC directly. It can be configured to a lossless PG and then a dynamic profile will be generated based on the port's speed, cable length, and MTU and deployed to the ASIC. - - The subcommand `add` is designed for adding a new buffer profile to the system. - - The subcommand `set` is designed for modifying an existing buffer profile in the system. - For a profile with dynamically calculated headroom information, only `dynamic_th` can be modified. - - The subcommand `remove` is designed for removing an existing buffer profile from the system. When removing a profile, it shouldn't be referenced by any entry in `CONFIG_DB.BUFFER_PG`. - -- Example: - - ``` - admin@sonic:~$ sudo config buffer profile add profile1 --xon 18432 --xoff 18432 - admin@sonic:~$ sudo config buffer profile remove profile1 - ``` - -**config interface cable_length** - -This command is used to configure the length of the cable connected to a port. The cable_length is in unit of meters and must be suffixed with "m". - -- Usage: - - ``` - config interface cable_length - ``` - -- Example: - - ``` - admin@sonic:~$ sudo config interface cable_length Ethernet0 40m - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) - -**config interface buffer priority-group lossless** - -This command is used to configure the priority groups on which lossless traffic runs. - -- Usage: - - ``` - config interface buffer priority-group lossless add [profile] - config interface buffer priority-group lossless set [profile] - config interface buffer priority-group lossless remove [] - ``` - - The can be in one of the following two forms: - - - For a range of priorities, the lower bound and upper bound connected by a dash, like `3-4` - - For a single priority, the number, like `6` - - The `pg-map` represents the map of priorities for lossless traffic. It should be a string and in form of a bit map like `3-4`. The `-` connects the lower bound and upper bound of a range of priorities. - - The subcommand `add` is designed for adding a new lossless PG on top of current PGs. The new PG range must be disjoint with all existing PGs. - - For example, currently the PG range 3-4 exist on port Ethernet4, to add PG range 4-5 will fail because it isn't disjoint with 3-4. To add PG range 5-6 will succeed. After that both range 3-4 and 5-6 will work as lossless PG. - - The `override-profile` parameter is optional. When provided, it represents the predefined buffer profile for headroom override. - - The subcommand `set` is designed for modifying an existing PG from dynamic calculation to headroom override or vice versa. The `pg-map` must be an existing PG. - - The subcommand `remove` is designed for removing an existing PG. The option `pg-map` must be an existing PG. All lossless PGs will be removed in case no `pg-map` provided. - -- Example: - - To configure lossless_pg on a port: - - ``` - admin@sonic:~$ sudo config interface buffer priority-group lossless add Ethernet0 3-4 - ``` - - To change the profile used for lossless_pg on a port: - - ``` - admin@sonic:~$ sudo config interface buffer priority-group lossless set Ethernet0 3-4 new-profile - ``` - - To remove one lossless priority from a port: - - ``` - admin@sonic:~$ sudo config interface buffer priority-group lossless remove Ethernet0 6 - ``` - - To remove all lossless priorities from a port: - - ``` - admin@sonic:~$ sudo config interface buffer priority-group lossless remove Ethernet0 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) - -**config interface buffer queue** - -This command is used to configure the buffer profiles for queues. - -- Usage: - - ``` - config interface buffer queue add - config interface buffer queue set - config interface buffer queue remove - ``` - - The represents the map of queues. It can be in one of the following two forms: - - - For a range of priorities, the lower bound and upper bound connected by a dash, like `3-4` - - For a single priority, the number, like `6` - - The subcommand `add` is designed for adding a buffer profile for a group of queues. The new queue range must be disjoint with all queues with buffer profile configured. - - For example, currently the buffer profile configured on queue 3-4 on port Ethernet4, to configure buffer profile on queue 4-5 will fail because it isn't disjoint with 3-4. To configure it on range 5-6 will succeed. - - The `profile` parameter represents a predefined egress buffer profile to be configured on the queues. - - The subcommand `set` is designed for modifying an existing group of queues. - - The subcommand `remove` is designed for removing buffer profile on an existing group of queues. - -- Example: - - To configure buffer profiles for queues on a port: - - ``` - admin@sonic:~$ sudo config interface buffer queue add Ethernet0 3-4 egress_lossless_profile - ``` - - To change the profile used for queues on a port: - - ``` - admin@sonic:~$ sudo config interface buffer queue set Ethernet0 3-4 new-profile - ``` - - To remove a group of queues from a port: - - ``` - admin@sonic:~$ sudo config interface buffer queue remove Ethernet0 3-4 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) - -### Show commands - -**show buffer information** - -This command is used to display the status of buffer pools and profiles currently deployed to the ASIC. - -- Usage: - - ``` - show buffer information - ``` - -- Example: - - ``` - admin@sonic:~$ show buffer information - Pool: ingress_lossless_pool - ---- -------- - type ingress - mode dynamic - size 17170432 - ---- -------- - - Pool: egress_lossless_pool - ---- -------- - type egress - mode dynamic - size 34340822 - ---- -------- - - Pool: ingress_lossy_pool - ---- -------- - type ingress - mode dynamic - size 17170432 - ---- -------- - - Pool: egress_lossy_pool - ---- -------- - type egress - mode dynamic - size 17170432 - ---- -------- - - Profile: pg_lossless_100000_5m_profile - ---------- ----------------------------------- - xon 18432 - dynamic_th 0 - xoff 18432 - pool [BUFFER_POOL:ingress_lossless_pool] - size 36864 - ---------- ----------------------------------- - - Profile: q_lossy_profile - ---------- ------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:egress_lossy_pool] - size 0 - ---------- ------------------------------- - - Profile: egress_lossy_profile - ---------- ------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:egress_lossy_pool] - size 4096 - ---------- ------------------------------- - - Profile: egress_lossless_profile - ---------- ---------------------------------- - dynamic_th 7 - pool [BUFFER_POOL:egress_lossless_pool] - size 0 - ---------- ---------------------------------- - - Profile: ingress_lossless_profile - ---------- ----------------------------------- - dynamic_th 0 - pool [BUFFER_POOL:ingress_lossless_pool] - size 0 - ---------- ----------------------------------- - - Profile: pg_lossless_100000_79m_profile - ---------- ----------------------------------- - xon 18432 - dynamic_th 0 - xoff 60416 - pool [BUFFER_POOL:ingress_lossless_pool] - size 78848 - ---------- ----------------------------------- - - Profile: pg_lossless_100000_40m_profile - ---------- ----------------------------------- - xon 18432 - dynamic_th 0 - xoff 38912 - pool [BUFFER_POOL:ingress_lossless_pool] - size 57344 - ---------- ----------------------------------- - - Profile: ingress_lossy_profile - ---------- -------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:ingress_lossy_pool] - size 0 - ---------- -------------------------------- - ``` - -**show buffer configuration** - -This command is used to display the status of buffer pools and profiles currently configured. - -- Usage: - - ``` - show buffer configuration - ``` - -- Example: - - ``` - admin@sonic:~$ show buffer configuration - Lossless traffic pattern: - -------------------- - - default_dynamic_th 0 - over_subscribe_ratio 0 - -------------------- - - - Pool: ingress_lossless_pool - ---- -------- - type ingress - mode dynamic - ---- -------- - - Pool: egress_lossless_pool - ---- -------- - type egress - mode dynamic - size 34340822 - ---- -------- - - Pool: ingress_lossy_pool - ---- -------- - type ingress - mode dynamic - ---- -------- - - Pool: egress_lossy_pool - ---- -------- - type egress - mode dynamic - ---- -------- - - Profile: q_lossy_profile - ---------- ------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:egress_lossy_pool] - size 0 - ---------- ------------------------------- - - Profile: egress_lossy_profile - ---------- ------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:egress_lossy_pool] - size 4096 - ---------- ------------------------------- - - Profile: egress_lossless_profile - ---------- ---------------------------------- - dynamic_th 7 - pool [BUFFER_POOL:egress_lossless_pool] - size 0 - ---------- ---------------------------------- - - Profile: ingress_lossless_profile - ---------- ----------------------------------- - dynamic_th 0 - pool [BUFFER_POOL:ingress_lossless_pool] - size 0 - ---------- ----------------------------------- - - Profile: ingress_lossy_profile - ---------- -------------------------------- - dynamic_th 3 - pool [BUFFER_POOL:ingress_lossy_pool] - size 0 - ---------- -------------------------------- - ``` - -## ECN - -This section explains all the Explicit Congestion Notification (ECN) show commands and ECN configuation options that are supported in SONiC. - -### ECN show commands -This sub-section contains the show commands that are supported in ECN. - -**show ecn** - -This command displays all the WRED profiles that are configured in the device. - -- Usage: - ``` - show ecn - ``` - -- Example: - ``` - admin@sonic:~$ show ecn - Profile: **AZURE_LOSSLESS** - ----------------------- ------- - red_max_threshold 2097152 - red_drop_probability 5 - yellow_max_threshold 2097152 - ecn ecn_all - green_min_threshold 1048576 - red_min_threshold 1048576 - wred_yellow_enable true - yellow_min_threshold 1048576 - green_max_threshold 2097152 - green_drop_probability 5 - wred_green_enable true - yellow_drop_probability 5 - wred_red_enable true - ----------------------- ------- - - Profile: **wredprofileabcd** - ----------------- --- - red_max_threshold 100 - ----------------- --- - ``` - -### ECN config commands - -This sub-section contains the configuration commands that can configure the WRED profiles. - -**config ecn** - -This command configures the possible fields in a particular WRED profile that is specified using "-profile " argument. -The list of the WRED profile fields that are configurable is listed in the below "Usage". - -- Usage: - ``` - config ecn -profile [-rmax ] [-rmin ] [-ymax ] [-ymin ] [-gmax ] [-gmin ] [-v|--verbose] - ``` - - - Parameters: - - profile_name Profile name - - red_threshold_max Set red max threshold - - red_threshold_min Set red min threshold - - yellow_threshold_max Set yellow max threshold - - yellow_threshold_min Set yellow min threshold - - green_threshold_max Set green max threshold - - green_threshold_min Set green min threshold - -- Example (Configures the "red max threshold" for the WRED profile name "wredprofileabcd". It will create the WRED profile if it does not exist.): - ``` - admin@sonic:~$ sudo config ecn -profile wredprofileabcd -rmax 100 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#ecn) - -## Feature - -SONiC includes a capability in which Feature state can be enabled/disabled -which will make corresponding feature docker container to start/stop. - -Also SONiC provide capability in which Feature docker container can be automatically shut -down and restarted if one of critical processes running in the container exits -unexpectedly. Restarting the entire feature container ensures that configuration is -reloaded and all processes in the feature container get restarted, thus increasing the -likelihood of entering a healthy state. - -### Feature show commands - -**show feature config** - -Shows the config of given feature or all if no feature is given. The "fallback" is shown only if configured. The fallback defaults to "true" when not configured. - -- Usage: - ``` - show feature config [] - ``` - -- Example: - ``` - admin@sonic:~$ show feature config - Feature State AutoRestart Owner fallback - -------------- -------- ------------- ------- ---------- - bgp enabled enabled local - database enabled disabled local - dhcp_relay enabled enabled kube - lldp enabled enabled kube true - mgmt-framework enabled enabled local - nat disabled enabled local - pmon enabled enabled kube - radv enabled enabled kube - sflow disabled enabled local - snmp enabled enabled kube - swss enabled enabled local - syncd enabled enabled local - teamd enabled enabled local - telemetry enabled enabled kube - ``` - -**show feature status** - -Shows the status of given feature or all if no feature is given. The "fallback" defaults to "true" when not configured. -The subset of features are configurable for remote management and only those report additional data. - -- Usage: - ``` - show feature status [] - ``` - -- Example: - ``` - admin@sonic:~$ show feature status - Feature State AutoRestart SystemState UpdateTime ContainerId ContainerVersion SetOwner CurrentOwner RemoteState - -------------- -------- ------------- ------------- ------------------- ------------- ------------------ ---------- -------------- ------------- - bgp enabled enabled up local local none - database enabled disabled local - dhcp_relay enabled enabled up 2020-11-15 18:21:09 249e70102f55 20201230.100 kube local - lldp enabled enabled up 2020-11-15 18:21:09 779c2d55ee12 20201230.100 kube local - mgmt-framework enabled enabled up local local none - nat disabled enabled local - pmon enabled enabled up 2020-11-15 18:20:27 a2b9ffa8aba3 20201230.100 kube local - radv enabled enabled up 2020-11-15 18:21:05 d8ff27dcfe46 20201230.100 kube local - sflow disabled enabled local - snmp enabled enabled up 2020-11-15 18:25:51 8b7d5529e306 20201230.111 kube kube running - swss enabled enabled up local local none - syncd enabled enabled up local local none - teamd enabled enabled up local local none - telemetry enabled enabled down 2020-11-15 18:24:59 20201230.100 kube none - ``` - -**config feature owner** - -Configures the owner for a feature as "local" or "kube". The "local" implies starting the feature container from local image. The "kube" implies that kubernetes server is made eligible to deploy the feature. The deployment of a feature by kubernetes is conditional based on many factors like, whether the kube server is configured or not, connected-to-kube-server or not and if that master has manifest for this feature for this switch or not and more. At some point in future, the deployment *could* happen and till that point the feature can run from local image, called "fallback". The fallback is allowed by default and it could be toggled to "not allowed". When fallback is not allowed, the feature would run only upon deployment by kubernetes master. - -- Usage: - ``` - config feature owner [] [local/kube] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config feature owner snmp kube - ``` - -**config feature fallback** - -Features configured for "kube" deployment could be allowed to fallback to using local image, until the point of successful kube deployment. The fallback is allowed by default. - -- Usage: - ``` - config feature fallback [] [on/off] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config feature fallback snmp on - ``` - -**show feature autorestart** - -This command will display the status of auto-restart for feature container. - -- Usage: - ``` - show feature autorestart [] - admin@sonic:~$ show feature autorestart - Feature AutoRestart - ---------- -------------- - bgp enabled - database always_enabled - dhcp_relay enabled - lldp enabled - pmon enabled - radv enabled - snmp enabled - swss enabled - syncd enabled - teamd enabled - telemetry enabled - ``` - -Optionally, you can specify a feature name in order to display -status for that feature - -### Feature config commands - -**config feature state ** - -This command will configure the state for a specific feature. - -- Usage: - ``` - config feature state (enabled | disabled) - admin@sonic:~$ sudo config feature state bgp disabled - ``` - -**config feature autorestart ** - -This command will configure the status of auto-restart for a specific feature container. - -- Usage: - ``` - config feature autorestart (enabled | disabled) - admin@sonic:~$ sudo config feature autorestart bgp disabled - ``` -NOTE: If the existing state or auto-restart value for a feature is "always_enabled" then config -commands are don't care and will not update state/auto-restart value. - -Go Back To [Beginning of the document](#) or [Beginning of this section](#feature) - -## Flow Counters - -This section explains all the Flow Counters show commands, clear commands and config commands that are supported in SONiC. Flow counters are usually used for debugging, troubleshooting and performance enhancement processes. Flow counters supports case like: - - - Host interface traps (number of received traps per Trap ID) - - Routes matching the configured prefix pattern (number of hits and number of bytes) - -### Flow Counters show commands - -**show flowcnt-trap stats** - -This command is used to show the current statistics for the registered host interface traps. - -Because clear (see below) is handled on a per-user basis different users may see different counts. - -- Usage: - ``` - show flowcnt-trap stats - ``` - -- Example: - ``` - admin@sonic:~$ show flowcnt-trap stats - Trap Name Packets Bytes PPS - --------- --------- ------- ------- - dhcp 100 2,000 50.25/s - - For multi-ASIC: - admin@sonic:~$ show flowcnt-trap stats - ASIC ID Trap Name Packets Bytes PPS - ------- ----------- --------- ------- ------- - asic0 dhcp 100 2,000 50.25/s - asic1 dhcp 200 3,000 45.25/s - ``` - -**show flowcnt-route stats** - -This command is used to show the current statistics for route flow patterns. - -Because clear (see below) is handled on a per-user basis different users may see different counts. - -- Usage: - ``` - show flowcnt-route stats - show flowcnt-route stats pattern [--vrf ] - show flowcnt-route stats route [--vrf ] - ``` - -- Example: - ``` - admin@sonic:~$ show flowcnt-route stats - Route pattern VRF Matched routes Packets Bytes - -------------------------------------------------------------------------------------- - 3.3.0.0/16 default 3.3.1.0/24 100 4543 - 3.3.2.3/32 3443 929229 - 3.3.0.0/16 0 0 - 2000::/64 default 2000::1/128 100 4543 - ``` - -The "pattern" subcommand is used to display the route flow counter statistics by route pattern. - -- Example: - ``` - admin@sonic:~$ show flowcnt-route stats pattern 3.3.0.0/16 - Route pattern VRF Matched routes Packets Bytes - -------------------------------------------------------------------------------------- - 3.3.0.0/16 default 3.3.1.0/24 100 4543 - 3.3.2.3/32 3443 929229 - 3.3.0.0/16 0 0 - ``` - -The "route" subcommand is used to display the route flow counter statistics by route prefix. - ``` - admin@sonic:~$ show flowcnt-route stats route 3.3.3.2/32 --vrf Vrf_1 - Route VRF Route Pattern Packets Bytes - ----------------------------------------------------------------------------------------- - 3.3.3.2/32 Vrf_1 3.3.0.0/16 100 4543 - ``` - -### Flow Counters clear commands - -**sonic-clear flowcnt-trap** - -This command is used to clear the current statistics for the registered host interface traps. This is done on a per-user basis. - -- Usage: - ``` - sonic-clear flowcnt-trap - ``` - -- Example: - ``` - admin@sonic:~$ sonic-clear flowcnt-trap - Trap Flow Counters were successfully cleared - ``` - -**sonic-clear flowcnt-route** - -This command is used to clear the current statistics for the route flow counter. This is done on a per-user basis. - -- Usage: - ``` - sonic-clear flowcnt-route - sonic-clear flowcnt-route pattern [--vrf ] - sonic-clear flowcnt-route route [--vrf ] - ``` - -- Example: - ``` - admin@sonic:~$ sonic-clear flowcnt-route - Route Flow Counters were successfully cleared - ``` - -The "pattern" subcommand is used to clear the route flow counter statistics by route pattern. - -- Example: - ``` - admin@sonic:~$ sonic-clear flowcnt-route pattern 3.3.0.0/16 --vrf Vrf_1 - Flow Counters of all routes matching the configured route pattern were successfully cleared - ``` - -The "route" subcommand is used to clear the route flow counter statistics by route prefix. - -- Example: - ``` - admin@sonic:~$ sonic-clear flowcnt-route route 3.3.3.2/32 --vrf Vrf_1 - Flow Counters of the specified route were successfully cleared - ``` - -### Flow Counters config commands - -**config flowcnt-route pattern add** - -This command is used to add or update the route pattern which is used by route flow counter to match route entries. - -- Usage: - ``` - config flowcnt-route pattern add [--vrf ] [--max ] - ``` - -- Example: - ``` - admin@sonic:~$ config flowcnt-route pattern add 2.2.0.0/16 --vrf Vrf_1 --max 50 - ``` - -**config flowcnt-route pattern remove** - -This command is used to remove the route pattern which is used by route flow counter to match route entries. - -- Usage: - ``` - config flowcnt-route pattern remove [--vrf ] - ``` - -- Example: - ``` - admin@sonic:~$ config flowcnt-route pattern remove 2.2.0.0/16 --vrf Vrf_1 - ``` - - -Go Back To [Beginning of the document](#) or [Beginning of this section](#flow-counters) -## Gearbox - -This section explains all the Gearbox PHY show commands that are supported in SONiC. - -### Gearbox show commands -This sub-section contains the show commands that are supported for gearbox phy. - -**show gearbox interfaces status** - -This command displays information about the gearbox phy interface lanes, speeds and status. Data is displayed for both MAC side and line side of the gearbox phy - -- Usage: - ``` - show gearbox interfaces status - ``` - -- Example: - -``` -home/admin# show gearbox interfaces status - PHY Id Interface MAC Lanes MAC Lane Speed PHY Lanes PHY Lane Speed Line Lanes Line Lane Speed Oper Admin --------- ----------- ----------- ---------------- ----------- ---------------- ------------ ----------------- ------ ------- - 1 Ethernet0 25,26,27,28 10G 200,201 20G 206 40G up up - 1 Ethernet4 29,30,31,32 10G 202,203 20G 207 40G up up - 1 Ethernet8 33,34,35,36 10G 204,205 20G 208 40G up up - - ``` - -**show gearbox phys status** - -This command displays basic information about the gearbox phys configured on the switch. - -- Usage: - ``` - show gearbox phys status - ``` - -- Example: - -``` -/home/admin# show gearbox phys status - PHY Id Name Firmware --------- ------- ---------- - 1 sesto-1 v0.1 - - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#gearbox) - - -## Update Device Hostname Configuration Commands - -This sub-section of commands is used to change device hostname without traffic being impacted. - -**config hostname** - -This command is used to change device hostname without traffic being impacted. - -- Usage: - ``` - config hostname - ``` - -- Example: - ``` - admin@sonic:~$ sudo config hostname CSW06 - Please note loaded setting will be lost after system reboot. To preserve setting, run `config save`. - ``` - -## Interfaces - -### Interface Show Commands - -This sub-section lists all the possible show commands for the interfaces available in the device. Following example gives the list of possible shows on interfaces. -Subsequent pages explain each of these commands in detail. - -- Example: - ``` - admin@sonic:~$ show interfaces -? - - Show details of the network interfaces - - Options: - -?, -h, --help Show this message and exit. - - Commands: - autoneg Show interface autoneg information - breakout Show Breakout Mode information by interfaces - counters Show interface counters - description Show interface status, protocol and... - mpls Show Interface MPLS status - naming_mode Show interface naming_mode status - neighbor Show neighbor related information - portchannel Show PortChannel information - status Show Interface status information - tpid Show Interface tpid information - transceiver Show SFP Transceiver information - ``` - -**show interfaces autoneg** - -This show command displays the port auto negotiation status for all interfaces i.e. interface name, auto negotiation mode, speed, advertised speeds, interface type, advertised interface types, operational status, admin status. For a single interface, provide the interface name with the sub-command. - -- Usage: - ``` - show interfaces autoneg status - show interfaces autoneg status - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces autoneg status - Interface Auto-Neg Mode Speed Adv Speeds Type Adv Types Oper Admin - ----------- --------------- ------- ------------ ------ ----------- ------ ------- - Ethernet0 enabled 25G 10G,25G CR CR,CR4 up up - Ethernet4 disabled 100G all CR4 all up up - - admin@sonic:~$ show interfaces autoneg status Ethernet8 - Interface Auto-Neg Mode Speed Adv Speeds Type Adv Types Oper Admin - ----------- --------------- ------- ------------ ------ ----------- ------ ------- - Ethernet8 disabled 100G N/A CR4 N/A up up - ``` - -**show interfaces breakout (Versions >= 202006)** - -This show command displays the port capability for all interfaces i.e. index, lanes, default_brkout_mode, breakout_modes(i.e. available breakout modes) and brkout_mode (i.e. current breakout mode). To display current breakout mode, "current-mode" subcommand can be used.For a single interface, provide the interface name with the sub-command. - -- Usage: - ``` - show interfaces breakout - show interfaces breakout current-mode - show interfaces breakout current-mode - ``` - -- Example: - ``` - admin@lnos-x1-a-fab01:~$ show interfaces breakout - { - "Ethernet0": { - "index": "1,1,1,1", - "default_brkout_mode": "1x100G[40G]", - "child ports": "Ethernet0", - "child port speed": "100G", - "breakout_modes": "1x100G[40G],2x50G,4x25G[10G]", - "Current Breakout Mode": "1x100G[40G]", - "lanes": "65,66,67,68", - "alias_at_lanes": "Eth1/1, Eth1/2, Eth1/3, Eth1/4" - },... continue - } - ``` -The "current-mode" subcommand is used to display current breakout mode for all interfaces. - ``` - admin@lnos-x1-a-fab01:~$ show interfaces breakout current-mode - +-------------+-------------------------+ - | Interface | Current Breakout Mode | - +=============+=========================+ - | Ethernet0 | 4x25G[10G] | - +-------------+-------------------------+ - | Ethernet4 | 4x25G[10G] | - +-------------+-------------------------+ - | Ethernet8 | 4x25G[10G] | - +-------------+-------------------------+ - | Ethernet12 | 4x25G[10G] | - +-------------+-------------------------+ - - admin@lnos-x1-a-fab01:~$ show interfaces breakout current-mode Ethernet0 - +-------------+-------------------------+ - | Interface | Current Breakout Mode | - +=============+=========================+ - | Ethernet0 | 4x25G[10G] | - +-------------+-------------------------+ - ``` - -**show interfaces counters** - -This show command displays packet counters for all interfaces since the last time the counters were cleared. To display l3 counters "rif" subcommand can be used. There is no facility to display counters for one specific l2 interface. For l3 interfaces a single interface output mode is present. Optional argument "-a" provides two additional columns - RX-PPS and TX_PPS. -Optional argument "-p" specify a period (in seconds) with which to gather counters over. - -- Usage: - ``` - show interfaces counters [-a|--printall] [-p|--period ] - show interfaces counters errors - show interfaces counters rates - show interfaces counters rif [-p|--period ] [-i ] - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces counters - IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR - ----------- ------- --------------- ----------- --------- -------- -------- -------- --------------- ----------- --------- -------- -------- -------- - Ethernet0 U 471,729,839,997 653.87 MB/s 12.77% 0 18,682 0 409,682,385,925 556.84 MB/s 10.88% 0 0 0 - Ethernet4 U 453,838,006,636 632.97 MB/s 12.36% 0 1,636 0 388,299,875,056 529.34 MB/s 10.34% 0 0 0 - Ethernet8 U 549,034,764,539 761.15 MB/s 14.87% 0 18,274 0 457,603,227,659 615.20 MB/s 12.02% 0 0 0 - Ethernet12 U 458,052,204,029 636.84 MB/s 12.44% 0 17,614 0 388,341,776,615 527.37 MB/s 10.30% 0 0 0 - Ethernet16 U 16,679,692,972 13.83 MB/s 0.27% 0 17,605 0 18,206,586,265 17.51 MB/s 0.34% 0 0 0 - Ethernet20 U 47,983,339,172 35.89 MB/s 0.70% 0 2,174 0 58,986,354,359 51.83 MB/s 1.01% 0 0 0 - Ethernet24 U 33,543,533,441 36.59 MB/s 0.71% 0 1,613 0 43,066,076,370 49.92 MB/s 0.97% 0 0 0 - - admin@sonic:~$ show interfaces counters -i Ethernet4,Ethernet12-16 - IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR - ----------- ------- --------------- ----------- --------- -------- -------- -------- --------------- ----------- --------- -------- -------- -------- - Ethernet4 U 453,838,006,636 632.97 MB/s 12.36% 0 1,636 0 388,299,875,056 529.34 MB/s 10.34% 0 0 0 - Ethernet12 U 458,052,204,029 636.84 MB/s 12.44% 0 17,614 0 388,341,776,615 527.37 MB/s 10.30% 0 0 0 - Ethernet16 U 16,679,692,972 13.83 MB/s 0.27% 0 17,605 0 18,206,586,265 17.51 MB/s 0.34% 0 0 0 - ``` - -The "errors" subcommand is used to display the interface errors. - -- Example: - ``` - admin@str-s6000-acs-11:~$ show interface counters errors - IFACE STATE RX_ERR RX_DRP RX_OVR TX_ERR TX_DRP TX_OVR - ----------- ------- -------- -------- -------- -------- -------- -------- - Ethernet0 U 0 4 0 0 0 0 - Ethernet4 U 0 0 0 0 0 0 - Ethernet8 U 0 1 0 0 0 0 - Ethernet12 U 0 0 0 0 0 0 - ``` - -The "rates" subcommand is used to disply only the interface rates. - -- Example: - ``` - admin@str-s6000-acs-11:/usr/bin$ show int counters rates - IFACE STATE RX_OK RX_BPS RX_PPS RX_UTIL TX_OK TX_BPS TX_PPS TX_UTIL - ----------- ------- ------- -------- -------- --------- ------- -------- -------- --------- - Ethernet0 U 467510 N/A N/A N/A 466488 N/A N/A N/A - Ethernet4 U 469679 N/A N/A N/A 469245 N/A N/A N/A - Ethernet8 U 466660 N/A N/A N/A 465982 N/A N/A N/A - Ethernet12 U 466579 N/A N/A N/A 466318 N/A N/A N/A - ``` - - -The "rif" subcommand is used to display l3 interface counters. Layer 3 interfaces include router interfaces, portchannels and vlan interfaces. - -- Example: - -``` - admin@sonic:~$ show interfaces counters rif - IFACE RX_OK RX_BPS RX_PPS RX_ERR TX_OK TX_BPS TX_PPS TX_ERR ---------------- ------- ---------- -------- -------- ------- -------- -------- -------- -PortChannel0001 62,668 107.81 B/s 1.34/s 3 6 0.02 B/s 0.00/s 0 -PortChannel0002 62,645 107.77 B/s 1.34/s 3 2 0.01 B/s 0.00/s 0 -PortChannel0003 62,481 107.56 B/s 1.34/s 3 3 0.01 B/s 0.00/s 0 -PortChannel0004 62,732 107.88 B/s 1.34/s 2 3 0.01 B/s 0.00/s 0 - Vlan1000 0 0.00 B/s 0.00/s 0 0 0.00 B/s 0.00/s 0 -``` - - -Optionally, you can specify a layer 3 interface name to display the counters in single interface mode. - -- Example: - -``` - admin@sonic:~$ show interfaces counters rif PortChannel0001 - PortChannel0001 - --------------- - - RX: - 3269 packets - 778494 bytesq - 3 error packets - 292 error bytes - TX: - 0 packets - 0 bytes - 0 error packets - 0 error bytes -``` - - -Optionally, you can specify a period (in seconds) with which to gather counters over. Note that this function will take `` seconds to execute. - -- Example: - -``` - admin@sonic:~$ show interfaces counters -p 5 - IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR - ----------- ------- ------- ----------- --------- -------- -------- -------- ------- ----------- --------- -------- -------- -------- - Ethernet0 U 515 59.14 KB/s 0.00% 0 0 0 1,305 127.60 KB/s 0.00% 0 0 0 - Ethernet4 U 305 26.54 KB/s 0.00% 0 0 0 279 39.12 KB/s 0.00% 0 0 0 - Ethernet8 U 437 42.96 KB/s 0.00% 0 0 0 182 18.37 KB/s 0.00% 0 0 0 - Ethernet12 U 284 40.79 KB/s 0.00% 0 0 0 160 13.03 KB/s 0.00% 0 0 0 - Ethernet16 U 377 32.64 KB/s 0.00% 0 0 0 214 18.01 KB/s 0.00% 0 0 0 - Ethernet20 U 284 36.81 KB/s 0.00% 0 0 0 138 8758.25 B/s 0.00% 0 0 0 - Ethernet24 U 173 16.09 KB/s 0.00% 0 0 0 169 11.39 KB/s 0.00% 0 0 0 -``` - -- NOTE: Interface counters can be cleared by the user with the following command: - - ``` - admin@sonic:~$ sonic-clear counters - ``` - -- NOTE: Layer 3 interface counters can be cleared by the user with the following command: - - ``` - admin@sonic:~$ sonic-clear rifcounters - ``` - -**show interfaces description** - -This command displays the key fields of the interfaces such as Operational Status, Administrative Status, Alias and Description. - -- Usage: - ``` - show interfaces description [] - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces description - Interface Oper Admin Alias Description - ----------- ------ ------- --------------- -------------------- - Ethernet0 down up hundredGigE1/1 T0-1:hundredGigE1/30 - Ethernet4 down up hundredGigE1/2 T0-2:hundredGigE1/30 - Ethernet8 down down hundredGigE1/3 hundredGigE1/3 - Ethernet12 down down hundredGigE1/4 hundredGigE1/4 - ``` - -- Example (to only display the description for interface Ethernet4): - - ``` - admin@sonic:~$ show interfaces description Ethernet4 - Interface Oper Admin Alias Description - ----------- ------ ------- -------------- -------------------- - Ethernet4 down up hundredGigE1/2 T0-2:hundredGigE1/30 - ``` - -**show interfaces mpls** - -This command is used to display the configured MPLS state for the list of configured interfaces. - -- Usage: - ``` - show interfaces mpls [] - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces mpls - Interface MPLS State - ----------- ------------ - Ethernet0 disable - Ethernet4 enable - Ethernet8 enable - Ethernet12 disable - Ethernet16 disable - Ethernet20 disable - ``` - -- Example (to only display the MPLS state for interface Ethernet4): - ``` - admin@sonic:~$ show interfaces mpls Ethernet4 - Interface MPLS State - ----------- ------------ - Ethernet4 enable - ``` - -**show interfaces loopback-action** - -This command displays the configured loopback action - -- Usage: - ``` - show ip interfaces loopback-action - ``` - -- Example: - ``` - root@sonic:~# show ip interfaces loopback-action - Interface Action - ------------ ---------- - Ethernet232 drop - Vlan100 forward - ``` - - -**show interfaces tpid** - -This command displays the key fields of the interfaces such as Operational Status, Administrative Status, Alias and TPID. - -- Usage: - ``` - show interfaces tpid [] - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces tpid - Interface Alias Oper Admin TPID - --------------- --------------- ------ ------- ------ - Ethernet0 fortyGigE1/1/1 up up 0x8100 - Ethernet1 fortyGigE1/1/2 up up 0x8100 - Ethernet2 fortyGigE1/1/3 down down 0x8100 - Ethernet3 fortyGigE1/1/4 down down 0x8100 - Ethernet4 fortyGigE1/1/5 up up 0x8100 - Ethernet5 fortyGigE1/1/6 up up 0x8100 - Ethernet6 fortyGigE1/1/7 up up 0x9200 - Ethernet7 fortyGigE1/1/8 up up 0x88A8 - Ethernet8 fortyGigE1/1/9 up up 0x8100 - ... - Ethernet63 fortyGigE1/4/16 down down 0x8100 - PortChannel0001 N/A up up 0x8100 - PortChannel0002 N/A up up 0x8100 - PortChannel0003 N/A up up 0x8100 - PortChannel0004 N/A up up 0x8100 - admin@sonic:~$ - ``` - -- Example (to only display the TPID for interface Ethernet6): - - ``` - admin@sonic:~$ show interfaces tpid Ethernet6 - Interface Alias Oper Admin TPID - ----------- -------------- ------ ------- ------ - Ethernet6 fortyGigE1/1/7 up up 0x9200 - admin@sonic:~$ - ``` - -**show interfaces naming_mode** - -Refer sub-section [Interface-Naming-Mode](#Interface-Naming-Mode) - - -**show interfaces neighbor** - -This command is used to display the list of expected neighbors for all interfaces (or for a particular interface) that is configured. - -- Usage: - ``` - show interfaces neighbor expected [] - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces neighbor expected - LocalPort Neighbor NeighborPort NeighborLoopback NeighborMgmt NeighborType - ----------- ---------- -------------- ------------------ -------------- -------------- - Ethernet112 ARISTA01T1 Ethernet1 None 10.16.205.100 ToRRouter - Ethernet116 ARISTA02T1 Ethernet1 None 10.16.205.101 SpineRouter - Ethernet120 ARISTA03T1 Ethernet1 None 10.16.205.102 LeafRouter - Ethernet124 ARISTA04T1 Ethernet1 None 10.16.205.103 LeafRouter - ``` - -**show interfaces portchannel** - -This command displays information regarding port-channel interfaces - -- Usage: - ``` - show interfaces portchannel - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces portchannel - Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available, S - selected, D - deselected - No. Team Dev Protocol Ports - ----- ------------- ----------- --------------------------- - 24 PortChannel24 LACP(A)(Up) Ethernet28(S) Ethernet24(S) - 48 PortChannel48 LACP(A)(Up) Ethernet52(S) Ethernet48(S) - 40 PortChannel40 LACP(A)(Up) Ethernet44(S) Ethernet40(S) - 0 PortChannel0 LACP(A)(Up) Ethernet0(S) Ethernet4(S) - 8 PortChannel8 LACP(A)(Up) Ethernet8(S) Ethernet12(S) - ``` - -**show interface status** - -This command displays some more fields such as Lanes, Speed, MTU, Type, Asymmetric PFC status and also the operational and administrative status of the interfaces - -- Usage: - ``` - show interfaces status [] - ``` - -- Example (show interface status of all interfaces): - ``` - admin@sonic:~$ show interfaces status - Interface Lanes Speed MTU Alias Oper Admin Type Asym PFC - ----------- --------------- ------- ----- --------------- ------ ------- ------ ---------- - Ethernet0 49,50,51,52 100G 9100 hundredGigE1/1 down up N/A off - Ethernet4 53,54,55,56 100G 9100 hundredGigE1/2 down up N/A off - Ethernet8 57,58,59,60 100G 9100 hundredGigE1/3 down down N/A off - - ``` - -- Example (to only display the status for interface Ethernet0): - ``` - admin@sonic:~$ show interface status Ethernet0 - Interface Lanes Speed MTU Alias Oper Admin - ----------- -------- ------- ----- -------------- ------ ------- - Ethernet0 101,102 40G 9100 fortyGigE1/1/1 up up - ``` - -- Example (to only display the status for range of interfaces): - ``` - admin@sonic:~$ show interfaces status Ethernet8,Ethernet168-180 - Interface Lanes Speed MTU Alias Oper Admin Type Asym PFC - ----------- ----------------- ------- ----- --------------- ------ ------- ------ ---------- - Ethernet8 49,50,51,52 100G 9100 hundredGigE3 down down N/A N/A - Ethernet168 9,10,11,12 100G 9100 hundredGigE43 down down N/A N/A - Ethernet172 13,14,15,16 100G 9100 hundredGigE44 down down N/A N/A - Ethernet176 109,110,111,112 100G 9100 hundredGigE45 down down N/A N/A - Ethernet180 105,106,107,108 100G 9100 hundredGigE46 down down N/A N/A - ``` - -**show interfaces transceiver** - -This command is already explained [here](#Transceivers) - -### Interface Config Commands -This sub-section explains the following list of configuration on the interfaces. -1) ip - To add or remove IP address for the interface -2) pfc - to set the PFC configuration for the interface -3) shutdown - to administratively shut down the interface -4) speed - to set the interface speed -5) startup - to bring up the administratively shutdown interface -6) breakout - to set interface breakout mode -7) autoneg - to set interface auto negotiation mode -8) advertised-speeds - to set interface advertised speeds -9) advertised-types - to set interface advertised types -10) type - to set interface type -11) mpls - To add or remove MPLS operation for the interface -12) loopback-action - to set action for packet that ingress and gets routed on the same IP interface - -From 201904 release onwards, the “config interface” command syntax is changed and the format is as follows: - -- config interface interface_subcommand -i.e Interface name comes after the subcommand -- Ex: config interface startup Ethernet63 - -The syntax for all such interface_subcommands are given below under each command - -NOTE: In older versions of SONiC until 201811 release, the command syntax was `config interface interface_subcommand` - - -**config interface ip add [default_gw] (Versions >= 201904)** - -**config interface ip add (Versions <= 201811)** - -This command is used for adding the IP address for an interface. -IP address for either physical interface or for portchannel or for VLAN interface or for Loopback interface can be configured using this command. -While configuring the IP address for the management interface "eth0", users can provide the default gateway IP address as an optional parameter from release 201911. - - -- Usage: - - *Versions >= 201904* - ``` - config interface ip add - ``` - *Versions <= 201811* - ``` - config interface ip add - ``` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface ip add Ethernet63 10.11.12.13/24 - admin@sonic:~$ sudo config interface ip add eth0 20.11.12.13/24 20.11.12.254 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface Ethernet63 ip add 10.11.12.13/24 - ``` - -VLAN interface names take the form of `vlan`. E.g., VLAN 100 will be named `vlan100` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface ip add Vlan100 10.11.12.13/24 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface vlan100 ip add 10.11.12.13/24 - ``` - - -**config interface ip remove (Versions >= 201904)** - -**config interface ip remove (Versions <= 201811)** - -- Usage: - - *Versions >= 201904* - ``` - config interface ip remove - ``` - *Versions <= 201811* - ``` - config interface ip remove - ``` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface ip remove Ethernet63 10.11.12.13/24 - admin@sonic:~$ sudo config interface ip remove eth0 20.11.12.13/24 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface Ethernet63 ip remove 10.11.12.13/24 - ``` - -VLAN interface names take the form of `vlan`. E.g., VLAN 100 will be named `vlan100` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface ip remove vlan100 10.11.12.13/24 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface vlan100 ip remove 10.11.12.13/24 - ``` - -**config interface pfc priority (on | off)** - -This command is used to set PFC on a given priority of a given interface to either "on" or "off". Once it is successfully configured, it will show current losses priorities on the given interface. Otherwise, it will show error information - -- Example: - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface pfc priority Ethernet0 3 off - - Interface Lossless priorities - ----------- --------------------- - Ethernet0 4 - - admin@sonic:~$ sudo config interface pfc priority Ethernet0 8 off - Usage: pfc config priority [OPTIONS] STATUS INTERFACE PRIORITY - - Error: Invalid value for "priority": invalid choice: 8. (choose from 0, 1, 2, 3, 4, 5, 6, 7) - - admin@sonic:~$ sudo config interface pfc priority Ethernet101 3 off - Cannot find interface Ethernet101 - - admin@sonic:~$ sudo config interface pfc priority Ethernet0 3 on - - Interface Lossless priorities - ----------- --------------------- - Ethernet0 3,4 - ``` - -**config interface pfc asymmetric (Versions >= 201904)** - -**config interface pfc asymmetric (Versions <= 201811)** - -This command is used for setting the asymmetric PFC for an interface to either "on" or "off". Once if it is configured, use "show interfaces status" to check the same. - -- Usage: - - *Versions >= 201904* - ``` - config interface pfc asymmetric on/off (for 201904+ version) - ``` - *Versions <= 201811* - ``` - config interface pfc asymmetric on/off (for 201811- version) - ``` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface pfc asymmetric Ethernet60 on - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface Ethernet60 pfc asymmetric on - ``` - -**config interface shutdown (Versions >= 201904)** - -**config interface shutdown (Versions <= 201811)** - -This command is used to administratively shut down either the Physical interface or port channel interface. Once if it is configured, use "show interfaces status" to check the same. - -- Usage: - - *Versions >= 201904* - ``` - config interface shutdown (for 201904+ version) - ``` - *Versions <= 201811* - ``` - config interface shutdown (for 201811- version) - ``` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface shutdown Ethernet63 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface Ethernet63 shutdown - ``` - - shutdown multiple interfaces - ``` - admin@sonic:~$ sudo config interface shutdown Ethernet8,Ethernet16-20,Ethernet32 - ``` - -**config interface startup (Versions >= 201904)** - -**config interface startup (Versions <= 201811)** - -This command is used for administratively bringing up the Physical interface or port channel interface.Once if it is configured, use "show interfaces status" to check the same. - -- Usage: - - *Versions >= 201904* - ``` - config interface startup (for 201904+ version) - ``` - *Versions <= 201811* - ``` - config interface startup (for 201811- version) - ``` - -- Example: - - *Versions >= 201904* - ``` - admin@sonic:~$ sudo config interface startup Ethernet63 - ``` - *Versions <= 201811* - ``` - admin@sonic:~$ sudo config interface Ethernet63 startup - ``` - - startup multiple interfaces - ``` - admin@sonic:~$ sudo config interface startup Ethernet8,Ethernet16-20,Ethernet32 - ``` - -**config interface speed (Versions >= 202006)** - -Dynamic breakout feature is supported in SONiC from 202006 version. -User can configure any speed specified under "breakout_modes" keys for the parent interface in the platform-specific port configuration file (i.e. platform.json). - -For example for a breakout mode of 2x50G[25G,10G] the default speed is 50G but the interface also supports 25G and 10G. - -Refer [DPB HLD DOC](https://github.com/Azure/SONiC/blob/master/doc/dynamic-port-breakout/sonic-dynamic-port-breakout-HLD.md#cli-design) to know more about this command. - -**config interface speed (Versions >= 201904)** - -**config interface speed (Versions <= 201811)** - -This command is used to configure the speed for the Physical interface. Use the value 40000 for setting it to 40G and 100000 for 100G. Users need to know the device to configure it properly. - -- Usage: - - *Versions >= 201904* - ``` - config interface speed - ``` - *Versions <= 201811* - ``` - config interface speed - ``` - -- Example (Versions >= 201904): - ``` - admin@sonic:~$ sudo config interface speed Ethernet63 40000 - ``` - -- Example (Versions <= 201811): - ``` - admin@sonic:~$ sudo config interface Ethernet63 speed 40000 - - ``` - -**config interface transceiver lpmode** - -This command is used to enable or disable low-power mode for an SFP transceiver - -- Usage: - - ``` - config interface transceiver lpmode (enable | disable) - ``` - -- Examples: - - ``` - user@sonic~$ sudo config interface transceiver lpmode Ethernet0 enable - Enabling low-power mode for port Ethernet0... OK - - user@sonic~$ sudo config interface transceiver lpmode Ethernet0 disable - Disabling low-power mode for port Ethernet0... OK - ``` - -**config interface transceiver reset** - -This command is used to reset an SFP transceiver - -- Usage: - - ``` - config interface transceiver reset - ``` - -- Examples: - - ``` - user@sonic~$ sudo config interface transceiver reset Ethernet0 - Resetting port Ethernet0... OK - ``` - -**config interface mtu (Versions >= 201904)** - -This command is used to configure the mtu for the Physical interface. Use the value 1500 for setting max transfer unit size to 1500 bytes. - -- Usage: - - *Versions >= 201904* - ``` - config interface mtu - ``` - -- Example (Versions >= 201904): - ``` - admin@sonic:~$ sudo config interface mtu Ethernet64 1500 - ``` - -**config interface tpid (Versions >= 202106)** - -This command is used to configure the TPID for the Physical/PortChannel interface. default is 0x8100. Other allowed values if supported by HW SKU (0x9100, 0x9200, 0x88A8). - -- Usage: - - *Versions >= 202106* - ``` - config interface tpid - ``` - -- Example (Versions >= 202106): - ``` - admin@sonic:~$ sudo config interface tpid Ethernet64 0x9200 - ``` - -**config interface breakout (Versions >= 202006)** - -This command is used to set active breakout mode available for user-specified interface based on the platform-specific port configuration file(i.e. platform.json) -and the current mode set for the interface. - -Based on the platform.json and the current mode set in interface, this command acts on setting breakout mode for the interface. - -Double tab i.e. to see the available breakout option customized for each interface provided by the user. - -- Usage: - ``` - sudo config interface breakout --help - Usage: config interface breakout [OPTIONS] MODE - - Set interface breakout mode - - Options: - -f, --force-remove-dependencies - Clear all depenedecies internally first. - -l, --load-predefined-config load predefied user configuration (alias, - lanes, speed etc) first. - -y, --yes - -v, --verbose Enable verbose output - -?, -h, --help Show this message and exit. - ``` -- Example : - ``` - admin@sonic:~$ sudo config interface breakout Ethernet0 - - 1x100G[40G] 2x50G 4x25G[10G] - ``` - - This command also provides "--force-remove-dependencies/-f" option to CLI, which will automatically determine and remove the configuration dependencies using Yang models. - - ``` - admin@sonic:~$ sudo config interface breakout Ethernet0 4x25G[10G] -f -l -v -y - ``` - -For details please refer [DPB HLD DOC](https://github.com/Azure/SONiC/blob/master/doc/dynamic-port-breakout/sonic-dynamic-port-breakout-HLD.md#cli-design) to know more about this command. - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface autoneg (Versions >= 202106)** - -This command is used to set port auto negotiation mode. - -- Usage: - ``` - sudo config interface autoneg --help - Usage: config interface autoneg [OPTIONS] - - Set interface auto negotiation mode - - Options: - -v, --verbose Enable verbose output - -h, -?, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface autoneg Ethernet0 enabled - - admin@sonic:~$ sudo config interface autoneg Ethernet0 disabled - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface advertised-speeds (Versions >= 202106)** - -This command is used to set port advertised speed. - -- Usage: - ``` - sudo config interface advertised-speeds --help - Usage: config interface advertised-speeds [OPTIONS] - - Set interface advertised speeds - - Options: - -v, --verbose Enable verbose output - -h, -?, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface advertised-speeds Ethernet0 all - - admin@sonic:~$ sudo config interface advertised-speeds Ethernet0 50000,100000 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface advertised-types (Versions >= 202106)** - -This command is used to set port advertised interface types. - -- Usage: - ``` - sudo config interface advertised-types --help - Usage: config interface advertised-types [OPTIONS] - - Set interface advertised types - - Options: - -v, --verbose Enable verbose output - -h, -?, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface advertised-types Ethernet0 all - - admin@sonic:~$ sudo config interface advertised-types Ethernet0 CR,CR4 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface type (Versions >= 202106)** - -This command is used to set port interface type. - -- Usage: - ``` - sudo config interface type --help - Usage: config interface type [OPTIONS] - - Set interface type - - Options: - -v, --verbose Enable verbose output - -h, -?, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface type Ethernet0 CR4 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface cable_length (Versions >= 202006)** - -This command is used to configure the length of the cable connected to a port. The cable_length is in unit of meters and must be suffixed with "m". - -For details please refer [dynamic buffer management](#dynamic-buffer-management) - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface lossless_pg (Versions >= 202006)** - -This command is used to configure the priority groups on which lossless traffic runs. - -For details please refer [dynamic buffer management](#dynamic-buffer-management) - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface headroom_override (Versions >= 202006)** - -This command is used to configure a static buffer profile on a port's lossless priorities. There shouldn't be any `lossless_pg` configured on the port when configuring `headroom_override`. The port's headroom won't be updated after `headroom_override` has been configured on the port. - -For details please refer [dynamic buffer management](#dynamic-buffer-management) - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -**config interface mpls add (Versions >= 202106)** - -This command is used for adding MPLS operation on the interface. -MPLS operation for either physical, portchannel, or VLAN interface can be configured using this command. - - -- Usage: - ``` - sudo config interface mpls add --help - Usage: config interface mpls add [OPTIONS] - - Add MPLS operation on the interface - - Options: - -?, -h, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface mpls add Ethernet4 - ``` - -**config interface mpls remove (Versions >= 202106)** - -This command is used for removing MPLS operation on the interface. -MPLS operation for either physical, portchannel, or VLAN interface can be configured using this command. - -- Usage: - ``` - sudo config interface mpls remove --help - Usage: config interface mpls remove [OPTIONS] - - Remove MPLS operation from the interface - - Options: - -?, -h, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface mpls remove Ethernet4 - ``` - -**config interface ip loopback-action (Versions >= 202205)** - -This command is used for setting the action being taken on packets that ingress and get routed on the same IP interface. -Loopback action can be set on IP interface from type physical, portchannel, VLAN interface and VLAN subinterface. -Loopback action can be drop or forward. - -- Usage: - ``` - config interface ip loopback-action --help - Usage: config interface ip loopback-action [OPTIONS] - - Set IP interface loopback action - - Options: - -?, -h, --help Show this message and exit. - ``` - -- Example: - ``` - admin@sonic:~$ config interface ip loopback-action Ethernet0 drop - admin@sonic:~$ config interface ip loopback-action Ethernet0 forward - - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) - -## Interface Naming Mode - -### Interface naming mode show commands -This command displays the current interface naming mode. Interface naming mode originally set to 'default'. Interfaces are referenced by default SONiC interface names. -Users can change the naming_mode using "config interface_naming_mode" command. - -**show interfaces naming_mode** - -This command displays the current interface naming mode - -- Usage: - ``` - show interfaces naming_mode - ``` - -- Examples: - ``` - admin@sonic:~$ show interfaces naming_mode - default - ``` - - - "default" naming mode will display all SONiC interface names in 'show' commands and accept SONiC interface names as parameters in 'config commands - - ``` - admin@sonic:~$ show interfaces naming_mode - alias - ``` - - - "alias" naming mode will display all hardware vendor interface aliases in 'show' commands and accept hardware vendor interface aliases as parameters in 'config commands - - -### Interface naming mode config commands - -**config interface_naming_ mode** - -This command is used to change the interface naming mode. -Users can select between default mode (SONiC interface names) or alias mode (Hardware vendor names). -The user must log out and log back in for changes to take effect. Note that the newly-applied interface mode will affect all interface-related show/config commands. - - -*NOTE: Some platforms do not support alias mapping. In such cases, this command is not applicable. Such platforms always use the same SONiC interface names.* - -- Usage: - ``` - config interface_naming_mode (default | alias) - ``` - - - Interface naming mode is originally set to 'default'. Interfaces are referenced by default SONiC interface names: - -- Example: - ``` - admin@sonic:~$ show interfaces naming_mode - default - - admin@sonic:~$ show interface status Ethernet0 - Interface Lanes Speed MTU Alias Oper Admin - ----------- -------- ------- ----- -------------- ------ ------- - Ethernet0 101,102 40G 9100 fortyGigE1/1/1 up up - - admin@sonic:~$ sudo config interface_naming_mode alias - Please logout and log back in for changes take effect. - ``` - - - After user logs out and logs back in again, interfaces will then referenced by hardware vendor aliases: - - ``` - admin@sonic:~$ show interfaces naming_mode - alias - - admin@sonic:~$ sudo config interface fortyGigE1/1/1 shutdown - admin@sonic:~$ show interface status fortyGigE1/1/1 - Interface Lanes Speed MTU Alias Oper Admin - ----------- -------- ------- ----- -------------- ------ ------- - Ethernet0 101,102 40G 9100 fortyGigE1/1/1 down down - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interface-naming-mode) - -## Interface Vrf binding - -### Interface vrf bind & unbind config commands - -**config interface vrf bind** - -This command is used to bind a interface to a vrf. -By default, all L3 interfaces will be in default vrf. Above vrf bind command will let users bind interface to a vrf. - -- Usage: - ``` - config interface vrf bind - ``` - -**config interface vrf unbind** - -This command is used to ubind a interface from a vrf. -This will move the interface to default vrf. - -- Usage: - ``` - config interface vrf unbind - ``` - - ### Interface vrf binding show commands - - To display interface vrf binding information, user can use show vrf command. Please refer sub-section [Vrf-show-command](#vrf-show-commands). - -Go Back To [Beginning of the document](#) or [Beginning of this section](#interface-vrf-binding) - -## IP / IPv6 - -### IP show commands - -This sub-section explains the various IP protocol specific show commands that are used to display the following. -1) routes -2) bgp details - Explained in the [bgp section](#show-bgp) -3) IP interfaces -4) prefix-list -5) protocol - -#### show ip route - -This command displays either all the route entries from the routing table or a specific route. - -- Usage: - ``` - show ip route [] [] - ``` - -- Example: - ``` - admin@sonic:~$ show ip route - Codes: K - kernel route, C - connected, S - static, R - RIP, - O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel, - > - selected route, * - FIB route - S>* 0.0.0.0/0 [200/0] via 10.11.162.254, eth0 - C>* 1.1.0.0/16 is directly connected, Vlan100 - C>* 10.1.1.0/31 is directly connected, Ethernet112 - C>* 10.1.1.2/31 is directly connected, Ethernet116 - C>* 10.11.162.0/24 is directly connected, eth0 - C>* 127.0.0.0/8 is directly connected, lo - C>* 240.127.1.0/24 is directly connected, docker0 - ``` - - - Optionally, you can specify an IP address in order to display only routes to that particular IP address - -- Example: - ``` - admin@sonic:~$ show ip route 10.1.1.0 - Routing entry for 10.1.1.0/31 - Known via "connected", distance 0, metric 0, best - * directly connected, Ethernet112 - ``` - - - Vrf-name can also be specified to get IPv4 routes programmed in the vrf. - - - Example: - ``` - admin@sonic:~$ show ip route vrf Vrf-red - Codes: K - kernel route, C - connected, S - static, R - RIP, - O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, - T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, - F - PBR, f - OpenFabric, - > - selected route, * - FIB route - VRF Vrf-red: - C>* 11.1.1.1/32 is directly connected, Loopback11, 21:50:47 - C>* 100.1.1.0/24 is directly connected, Vlan100, 03w1d06h - - admin@sonic:~$ show ip route vrf Vrf-red 11.1.1.1/32 - Routing entry for 11.1.1.1/32 - Known via "connected", distance 0, metric 0, vrf Vrf-red, best - Last update 21:57:53 ago - * directly connected, Loopback11 - ``` - -#### show ip interfaces - -This command displays the details about all the Layer3 IP interfaces in the device for which IP address has been assigned. -The type of interfaces include the following. -1) Front panel physical ports. -2) PortChannel. -3) VLAN interface. -4) Loopback interfaces -5) docker interface and -6) management interface - -- Usage: - ``` - show ip interfaces - ``` - -- Example: - ``` - admin@sonic:~$ show ip interfaces - Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP Flags - ------------- ------------ ------------------ -------------- ------------- ------------- ------- - Loopback0 1.0.0.1/32 up/up N/A N/A - Loopback11 Vrf-red 11.1.1.1/32 up/up N/A N/A - Loopback100 Vrf-blue 100.0.0.1/32 up/up N/A N/A - PortChannel01 10.0.0.56/31 up/down DEVICE1 10.0.0.57 - PortChannel02 10.0.0.58/31 up/down DEVICE2 10.0.0.59 - PortChannel03 10.0.0.60/31 up/down DEVICE3 10.0.0.61 - PortChannel04 10.0.0.62/31 up/down DEVICE4 10.0.0.63 - Vlan100 Vrf-red 1001.1.1/24 up/up N/A N/A - Vlan1000 192.168.0.1/27 up/up N/A N/A - docker0 240.127.1.1/24 up/down N/A N/A - eth0 10.3.147.252/23 up/up N/A N/A - lo 127.0.0.1/8 up/up N/A N/A - ``` - -#### show ip protocol - -This command displays the route-map that is configured for the routing protocol. -Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about this command. - -- Usage: - ``` - show ip protocol - ``` - -- Example: - ``` - admin@sonic:~$ show ip protocol - Protocol : route-map - ------------------------ - system : none - kernel : none - connected : none - static : none - rip : none - ripng : none - ospf : none - ospf6 : none - isis : none - bgp : RM_SET_SRC - pim : none - hsls : none - olsr : none - babel : none - any : none - ``` - -### IPv6 show commands - -This sub-section explains the various IPv6 protocol specific show commands that are used to display the following. -1) routes -2) IPv6 bgp details - Explained in the [bgp section](#show-bgp) -3) IP interfaces -4) protocol - -**show ipv6 route** - -This command displays either all the IPv6 route entries from the routing table or a specific IPv6 route. - -- Usage: - ``` - show ipv6 route [] [] - ``` - -- Example: - ``` - admin@sonic:~$ show ipv6 route - Codes: K - kernel route, C - connected, S - static, R - RIPng, - O - OSPFv6, I - IS-IS, B - BGP, A - Babel, - > - selected route, * - FIB route - - C>* ::1/128 is directly connected, lo - C>* 2018:2001::/126 is directly connected, Ethernet112 - C>* 2018:2002::/126 is directly connected, Ethernet116 - C>* fc00:1::32/128 is directly connected, lo - C>* fc00:1::102/128 is directly connected, lo - C>* fc00:2::102/128 is directly connected, eth0 - C * fe80::/64 is directly connected, Vlan100 - C * fe80::/64 is directly connected, Ethernet112 - C * fe80::/64 is directly connected, Ethernet116 - C * fe80::/64 is directly connected, Bridge - C * fe80::/64 is directly connected, PortChannel0011 - C>* fe80::/64 is directly connected, eth0 - ``` - - Optionally, you can specify an IPv6 address in order to display only routes to that particular IPv6 address - - -- Example: - ``` - admin@sonic:~$ show ipv6 route fc00:1::32 - Routing entry for fc00:1::32/128 - Known via "connected", distance 0, metric 0, best - * directly connected, lo - ``` - - Vrf-name can also be specified to get IPv6 routes programmed in the vrf. - - - Example: - ``` - admin@sonic:~$ show ipv6 route vrf Vrf-red - Codes: K - kernel route, C - connected, S - static, R - RIP, - O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, - T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, - F - PBR, f - OpenFabric, - > - selected route, * - FIB route - VRF Vrf-red: - C>* 1100::1/128 is directly connected, Loopback11, 21:50:47 - C>* 100::/112 is directly connected, Vlan100, 03w1d06h - C>* fe80::/64 is directly connected, Loopback11, 21:50:47 - C>* fe80::/64 is directly connected, Vlan100, 03w1d06h - - admin@sonic:~$ show ipv6 route vrf Vrf-red 1100::1/128 - Routing entry for 1100::1/128 - Known via "connected", distance 0, metric 0, vrf Vrf-red, best - Last update 21:57:53 ago - * directly connected, Loopback11 - ``` - -**show ipv6 interfaces** - -This command displays the details about all the Layer3 IPv6 interfaces in the device for which IPv6 address has been assigned. -The type of interfaces include the following. -1) Front panel physical ports. -2) PortChannel. -3) VLAN interface. -4) Loopback interfaces -5) management interface - -- Usage: - ``` - show ipv6 interfaces - ``` - -- Example: - ``` - admin@sonic:~$ show ipv6 interfaces - Interface Master IPv6 address/mask Admin/Oper BGP Neighbor Neighbor IP - ----------- -------- ---------------------------------------- ------------ -------------- ------------- - Bridge fe80::7c45:1dff:fe08:cdd%Bridge/64 up/up N/A N/A - Loopback11 Vrf-red 1100::1/128 up/up - PortChannel01 fc00::71/126 up/down DEVICE1 fc00::72 - PortChannel02 fc00::75/126 up/down DEVICE2 fc00::76 - PortChannel03 fc00::79/126 up/down DEVICE3 fc00::7a - PortChannel04 fc00::7d/126 up/down DEVICE4 fc00::7e - Vlan100 Vrf-red 100::1/112 up/up N/A N/A - fe80::eef4:bbff:fefe:880a%Vlan100/64 - eth0 fe80::eef4:bbff:fefe:880a%eth0/64 up/up N/A N/A - lo fc00:1::32/128 up/up N/A N/A - ``` - -**show ipv6 protocol** - -This command displays the route-map that is configured for the IPv6 routing protocol. -Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about this command. - - -- Usage: - ``` - show ipv6 protocol - ``` - -- Example: - ``` - admin@sonic:~$ show ipv6 protocol - Protocol : route-map - ------------------------ - system : none - kernel : none - connected : none - static : none - rip : none - ripng : none - ospf : none - ospf6 : none - isis : none - bgp : RM_SET_SRC6 - pim : none - hsls : none - olsr : none - babel : none - any : none - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#ip--ipv6) - -## IPv6 Link Local - -### IPv6 Link Local config commands - -This section explains all the commands that are supported in SONiC to configure IPv6 Link-local. - -**config interface ipv6 enable use-link-local-only ** - -This command enables user to enable an interface to forward L3 traffic with out configuring an address. This command creates the routing interface based on the auto generated IPv6 link-local address. This command can be used even if an address is configured on the interface. - -- Usage: - ``` - config interface ipv6 enable use-link-local-only - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only Vlan206 - admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only PortChannel007 - admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only Ethernet52 - ``` - -**config interface ipv6 disable use-link-local-only ** - -This command enables user to disable use-link-local-only configuration on an interface. - -- Usage: - ``` - config interface ipv6 disable use-link-local-only - ``` - -- Example: - ``` - admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only Vlan206 - admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only PortChannel007 - admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only Ethernet52 - ``` - -**config ipv6 enable link-local** - -This command enables user to enable use-link-local-only command on all the interfaces globally. - -- Usage: - ``` - sudo config ipv6 enable link-local - ``` - -- Example: - ``` - admin@sonic:~$ sudo config ipv6 enable link-local - ``` - -**config ipv6 disable link-local** - -This command enables user to disable use-link-local-only command on all the interfaces globally. - -- Usage: - ``` - sudo config ipv6 disable link-local - ``` - -- Example: - ``` - admin@sonic:~$ sudo config ipv6 disable link-local - ``` - -### IPv6 Link Local show commands - -**show ipv6 link-local-mode** - -This command displays the link local mode of all the interfaces. - -- Usage: - ``` - show ipv6 link-local-mode - ``` - -- Example: - ``` - root@sonic:/home/admin# show ipv6 link-local-mode - +------------------+----------+ - | Interface Name | Mode | - +==================+==========+ - | Ethernet16 | Disabled | - +------------------+----------+ - | Ethernet18 | Enabled | - +------------------+----------+ - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#ipv6-link-local) - -## Kubernetes - -### Kubernetes show commands - -**show kubernetes server config** - -This command displays the kubernetes server configuration, if any, else would report as not configured. - -- Usage: - ``` - show kubernetes server config - ``` - -- Example: - ``` - admin@sonic:~$ show kubernetes server config - ip port insecure disable - ----------- ------ ---------- --------- - 10.3.157.24 6443 True False - ``` - -**show kubernetes server status** - -This command displays the kubernetes server status. - -- Usage: - ``` - show kubernetes server status - ``` - -- Example: - ``` - admin@sonic:~$ show kubernetes server status - ip port connected update-time - ----------- ------ ----------- ------------------- - 10.3.157.24 6443 true 2020-11-15 18:25:05 - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#Kubernetes) - -## Linux Kernel Dump - -This section demonstrates the show commands and configuration commands of Linux kernel dump mechanism in SONiC. - -### Linux Kernel Dump show commands - -**show kdump config** - -This command shows the configuration of Linux kernel dump. - -- Usage: - ``` - show kdump config - ``` - -- Example: - ``` - admin@sonic:$ show kdump config - Kdump administrative mode: Disabled - Kdump operational mode: Unready - Kdump memory researvation: 0M-2G:256M,2G-4G:320M,4G-8G:384M,8G-:448M - Maximum number of Kdump files: 3 - ``` - -**show kdump files** - -This command shows the Linux kernel core dump files and dmesg files which are -generated by kernel dump tool. - -- Usage: - ``` - show kdump files - ``` - -- Example: - ``` - admin@sonic:~$ show kdump files - Kernel core dump files Kernel dmesg files - ------------------------------------------ ------------------------------------------ - /var/crash/202106242344/kdump.202106242344 /var/crash/202106242344/dmesg.202106242344 - /var/crash/202106242337/kdump.202106242337 /var/crash/202106242337/dmesg.202106242337 - ``` - -**show kdump logging ** - -By default, this command will show the last 10 lines of latest dmesg file. -This command can also accept a specific file name and number of lines as arguments. - -- Usage: - ``` - show kdump logging - ``` - -- Example: - ``` - admin@sonic:~$ show kdump logging - [ 157.642053] RSP: 002b:00007fff1beee708 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 - [ 157.732635] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc3887d4504 - [ 157.818015] RDX: 0000000000000002 RSI: 000055d388eceb40 RDI: 0000000000000001 - [ 157.903401] RBP: 000055d388eceb40 R08: 000000000000000a R09: 00007fc3888255f0 - [ 157.988784] R10: 000000000000000a R11: 0000000000000246 R12: 00007fc3888a6760 - [ 158.074166] R13: 0000000000000002 R14: 00007fc3888a1760 R15: 0000000000000002 - [ 158.159553] Modules linked in: nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_compat(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) i2c_mlxcpld(E) leds_mlxreg(E) mlxreg_io(E) mlxreg_hotplug(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) mlx_platform(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) intel_uncore(E) - [ 159.016731] intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) pcc_cpufreq(E) video(E) button(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) lm75(E) drm(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) tps53679(E) fuse(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) gpio_ich(E) ahci(E) - [ 159.864532] libahci(E) mlxsw_core(E) devlink(E) ehci_pci(E) ehci_hcd(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) usbcore(E) usb_common(E) lpc_ich(E) mfd_core(E) e1000e(E) fan(E) thermal(E) - [ 160.075846] CR2: 0000000000000000 - ``` -You can specify a file name in order to show its -last 10 lines. - -- Example: - ``` - admin@sonic:~$ show kdump logging dmesg.202106242337 - [ 654.120195] RSP: 002b:00007ffe697690f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 - [ 654.210778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcfca27b504 - [ 654.296157] RDX: 0000000000000002 RSI: 000055a6e4d1b3f0 RDI: 0000000000000001 - [ 654.381543] RBP: 000055a6e4d1b3f0 R08: 000000000000000a R09: 00007fcfca2cc5f0 - [ 654.466925] R10: 000000000000000a R11: 0000000000000246 R12: 00007fcfca34d760 - [ 654.552310] R13: 0000000000000002 R14: 00007fcfca348760 R15: 0000000000000002 - [ 654.637694] Modules linked in: binfmt_misc(E) nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_compat(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) mlxreg_hotplug(E) mlxreg_io(E) i2c_mlxcpld(E) leds_mlxreg(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) kvm(E) mlx_platform(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) - [ 655.493833] intel_uncore(E) intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) video(E) button(E) pcc_cpufreq(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) drm(E) lm75(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) fuse(E) tps53679(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) - [ 656.337476] gpio_ich(E) ahci(E) mlxsw_core(E) libahci(E) devlink(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) lpc_ich(E) mfd_core(E) ehci_pci(E) ehci_hcd(E) usbcore(E) e1000e(E) usb_common(E) fan(E) thermal(E) - [ 656.569590] CR2: 0000000000000000 - ``` -You can also specify a file name and number of lines in order to show the -last number of lines. - -- Example: - ``` - admin@sonic:~$ show kdump logging dmesg.202106242337 -l 20 - [ 653.525427] __handle_sysrq.cold.9+0x45/0xf2 - [ 653.576487] write_sysrq_trigger+0x2b/0x30 - [ 653.625472] proc_reg_write+0x39/0x60 - [ 653.669252] vfs_write+0xa5/0x1a0 - [ 653.708881] ksys_write+0x57/0xd0 - [ 653.748501] do_syscall_64+0x53/0x110 - [ 653.792287] entry_SYSCALL_64_after_hwframe+0x44/0xa9 - [ 653.852707] RIP: 0033:0x7fcfca27b504 - [ 653.895452] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 f9 61 0d 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 49 89 d4 55 48 89 f5 53 - [ 654.120195] RSP: 002b:00007ffe697690f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 - [ 654.210778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcfca27b504 - [ 654.296157] RDX: 0000000000000002 RSI: 000055a6e4d1b3f0 RDI: 0000000000000001 - [ 654.381543] RBP: 000055a6e4d1b3f0 R08: 000000000000000a R09: 00007fcfca2cc5f0 - [ 654.466925] R10: 000000000000000a R11: 0000000000000246 R12: 00007fcfca34d760 - [ 654.552310] R13: 0000000000000002 R14: 00007fcfca348760 R15: 0000000000000002 - [ 654.637694] Modules linked in: binfmt_misc(E) nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_compat(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) mlxreg_hotplug(E) mlxreg_io(E) i2c_mlxcpld(E) leds_mlxreg(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) kvm(E) mlx_platform(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) - [ 655.493833] intel_uncore(E) intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) video(E) button(E) pcc_cpufreq(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) drm(E) lm75(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) fuse(E) tps53679(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) - [ 656.337476] gpio_ich(E) ahci(E) mlxsw_core(E) libahci(E) devlink(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) lpc_ich(E) mfd_core(E) ehci_pci(E) ehci_hcd(E) usbcore(E) e1000e(E) usb_common(E) fan(E) thermal(E) - [ 656.569590] CR2: 0000000000000000 - ``` -### Linux Kernel Dump config command - -**config kdump** - -Administrative state of kdump is stored in ConfigDB. - -The variable USE_KDUMP in the file /etc/default/kdump-tools is set to 0 to disable kdump, and set to 1 to enable kdump. - -Since this command might require changing the kernel parameters to specify the amount of memory reserved for the capture kernel (the kernel parameters which are exported through /proc/cmdline), a reboot is necessary. The command displays a message showing that kdump functionality will be either enabled or disabled following the next reboot. - -- Usage: -``` - admin@sonic:~$ config kdump - -Commands: - disable Disable the KDUMP mechanism - enable Enable the KDUMP mechanism - memory Configure the memory for KDUMP mechanism - num_dumps Configure the maximum dump files of KDUMP mechanism - -``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#kdump) - -## LLDP - -### LLDP show commands - -**show lldp table** - -This command displays the brief summary of all LLDP neighbors. - -- Usage: - ``` - show lldp table - ``` - -- Example: - ``` - admin@sonic:~$ show lldp table - Capability codes: (R) Router, (B) Bridge, (O) Other - LocalPort RemoteDevice RemotePortID Capability RemotePortDescr - ----------- ----------------- ------------------- ------------ -------------------- - Ethernet112 T1-1 hundredGigE1/2 BR T0-2:hundredGigE1/29 - Ethernet116 T1-2 hundredGigE1/2 BR T0-2:hundredGigE1/30 - eth0 swtor-b2lab2-1610 GigabitEthernet 0/2 OBR - -------------------------------------------------- - Total entries displayed: 3 - ``` - -**show lldp neighbors** - -This command displays more details about all LLDP neighbors or only the neighbors connected to a specific interface. - -- Usage: - ``` - show lldp neighbors - ``` - -- Example1: To display all neighbors in all interfaces - ``` - admin@sonic:~$ show lldp neighbors - ------------------------------------------------------------------------------- - LLDP neighbors: - ------------------------------------------------------------------------------- - Interface: eth0, via: LLDP, RID: 1, Time: 0 day, 12:21:21 - Chassis: - ChassisID: mac 00:01:e8:81:e3:45 - SysName: swtor-b2lab2-1610 - SysDescr: Dell Force10 Networks Real Time Operating System Software. Dell Force10 Operating System Version: 1.0. Dell Force10 Application Software Version: 8.3.3.10d. Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved.Build Time: Tue Sep 22 11:21:54 PDT 2015 - TTL: 20 - Capability: Repeater, on - Capability: Bridge, on - Capability: Router, on - Port: - PortID: ifname GigabitEthernet 0/2 - VLAN: 162, pvid: yes - ------------------------------------------------------------------------------- - Interface: Ethernet116, via: LLDP, RID: 3, Time: 0 day, 12:20:49 - Chassis: - ChassisID: mac 4c:76:25:e7:f0:c0 - SysName: T1-2 - SysDescr: Debian GNU/Linux 8 (jessie) Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2015-12-19) x86_64 - TTL: 120 - MgmtIP: 10.11.162.40 - Capability: Bridge, on - Capability: Router, on - Capability: Wlan, off - Capability: Station, off - Port: - PortID: local hundredGigE1/2 - PortDescr: T0-2:hundredGigE1/30 - ------------------------------------------------------------------------------- - ``` - -Optionally, you can specify an interface name in order to display only that particular interface - -- Example2: - ``` - admin@sonic:~$ show lldp neighbors Ethernet112 - show lldp neighbors Ethernet112 - ------------------------------------------------------------------------------- - LLDP neighbors: - ------------------------------------------------------------------------------- - Interface: Ethernet112, via: LLDP, RID: 2, Time: 0 day, 19:24:17 - Chassis: - ChassisID: mac 4c:76:25:e5:e6:c0 - SysName: T1-1 - SysDescr: Debian GNU/Linux 8 (jessie) Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2015-12-19) x86_64 - TTL: 120 - MgmtIP: 10.11.162.41 - Capability: Bridge, on - Capability: Router, on - Capability: Wlan, off - Capability: Station, off - Port: - PortID: local hundredGigE1/2 - PortDescr: T0-2:hundredGigE1/29 - ------------------------------------------------------------------------------- - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#lldp) - - -## Loading, Reloading And Saving Configuration - -This section explains the commands that are used to load the configuration from either the ConfigDB or from the minigraph. - -### Loading configuration from JSON file - -**config load** - -This command is used to load the configuration from a JSON file like the file which SONiC saves its configuration to, `/etc/sonic/config_db.json` -This command loads the configuration from the input file (if user specifies this optional filename, it will use that input file. Otherwise, it will use the default `/etc/sonic/config_db.json` file as the input file) into CONFIG_DB. -The configuration present in the input file is applied on top of the already running configuration. -This command does not flush the config DB before loading the new configuration (i.e., If the configuration present in the input file is same as the current running configuration, nothing happens) -If the config present in the input file is not present in running configuration, it will be added. -If the config present in the input file differs (when key matches) from that of the running configuration, it will be modified as per the new values for those keys. - -When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. -If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. - -- Usage: - ``` - config load [-y|--yes] [] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config load - Load config from the file /etc/sonic/config_db.json? [y/N]: y - Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db - ``` - -### Loading configuration from minigraph (XML) file - -**config load_minigraph** - -This command is used to load the configuration from /etc/sonic/minigraph.xml. -When users do not want to use configuration from config_db.json, they can copy the minigraph.xml configuration file to the device and load it using this command. -This command restarts various services running in the device and it takes some time to complete the command. - -NOTE: If the user had logged in using SSH, users might get disconnected and some configuration failures might happen which might be hard to recover. Users need to reconnect their SSH sessions after configuring the management IP address. It is recommended to execute this command from console port -NOTE: Management interface IP address and default route (or specific route) may require reconfiguration in case if those parameters are not part of the minigraph.xml. - -When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. -If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. - -When user specifies the optional argument "-n" or "--no-service-restart", this command loads the configuration without restarting dependent services -running on the device. One use case for this option is during boot time when config-setup service loads minigraph configuration and there is no services -running on the device. - -When user specifies the optional argument "-t" or "--traffic-shift-away", this command executes TSA command at the end to ensure the device remains in maintenance after loading minigraph. - -- Usage: - ``` - config load_minigraph [-y|--yes] [-n|--no-service-restart] [-t|--traffic-shift-away] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config load_minigraph - Reload config from minigraph? [y/N]: y - Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db - ``` - -### Reloading Configuration - -**config reload** - -This command is used to clear current configuration and import new configurationn from the input file or from /etc/sonic/config_db.json. -This command shall stop all services before clearing the configuration and it then restarts those services. - -This command restarts various services running in the device and it takes some time to complete the command. -NOTE: If the user had logged in using SSH, users **might get disconnected** depending upon the new management IP address. Users need to reconnect their SSH sessions. -In general, it is recommended to execute this command from console port after disconnecting all SSH sessions to the device. -When users to do “config reload” the newly loaded config may have management IP address, or it may not have management IP address. -If mgmtIP is there in the newly loaded config file, that mgmtIP might be same as previously configured value or it might be different. -This difference in mgmtIP address values results in following possible behaviours. - -Case1: Previously configured mgmtIP is same as newly loaded mgmtIP. The SSH session may not be affected at all, but it’s possible that there will be a brief interruption in the SSH session. But, assuming the client’s timeout value isn’t on the order of a couple of seconds, the session would most likely just resume again as soon as the interface is reconfigured and up with the same IP. -Case2: Previously configured mgmtIP is different from newly loaded mgmtIP. Users will lose their SSH connections. -Case3: Newly loaded config does not have any mgmtIP. Users will lose their SSH connections. - -NOTE: Management interface IP address and default route (or specific route) may require reconfiguration in case if those parameters are not part of the minigraph.xml. - -When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. -If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. - -When user specifies the optional argument "-n" or "--no-service-restart", this command clear and loads the configuration without restarting dependent services -running on the device. One use case for this option is during boot time when config-setup service loads existing old configuration and there is no services -running on the device. - -When user specifies the optional argument "-f" or "--force", this command ignores the system sanity checks. By default a list of sanity checks are performed and if one of the checks fail, the command will not execute. The sanity checks include ensuring the system status is not starting, all the essential services are up and swss is in ready state. - -- Usage: - ``` - config reload [-y|--yes] [-l|--load-sysinfo] [] [-n|--no-service-restart] [-f|--force] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config reload - Clear current config and reload config from the file /etc/sonic/config_db.json? [y/N]: y - Running command: systemctl stop dhcp_relay - Running command: systemctl stop swss - Running command: systemctl stop snmp - Warning: Stopping snmp.service, but it can still be activated by: - snmp.timer - Running command: systemctl stop lldp - Running command: systemctl stop pmon - Running command: systemctl stop bgp - Running command: systemctl stop teamd - Running command: /usr/local/bin/sonic-cfggen -H -k Force10-Z9100-C32 --write-to-db - Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db - Running command: systemctl restart hostname-config - Running command: systemctl restart interfaces-config - Timeout, server 10.11.162.42 not responding. - ``` - When some sanity checks fail below error messages can be seen - ``` - admin@sonic:~$ sudo config reload -y - System is not up. Retry later or use -f to avoid system checks - ``` - ``` - admin@sonic:~$ sudo config reload -y - Relevant services are not up. Retry later or use -f to avoid system checks - ``` - ``` - admin@sonic:~$ sudo config reload -y - SwSS container is not ready. Retry later or use -f to avoid system checks - ``` - - -### Loading Management Configuration - -**config load_mgmt_config** - -This command is used to reconfigure hostname and mgmt interface based on device description file. -This command either uses the optional file specified as arguement or looks for the file "/etc/sonic/device_desc.xml". -If the file does not exist or if the file does not have valid fields for "hostname" and "ManagementAddress" (or "ManagementAddressV6"), it fails. - -When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. -If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. - -- Usage: - ``` - config load_mgmt_config [-y|--yes] [] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config load_mgmt_config - Reload config from minigraph? [y/N]: y - Running command: /usr/local/bin/sonic-cfggen -M /etc/sonic/device_desc.xml --write-to-db - ``` - - -### Saving Configuration to a File for Persistence - -**config save** - -This command is to save the config DB configuration into the user-specified filename or into the default /etc/sonic/config_db.json. This saves the configuration into the disk which is available even after reboots. -Saved file can be transferred to remote machines for debugging. If users wants to load the configuration from this new file at any point of time, they can use "config load" command and provide this newly generated file as input. If users wants this newly generated file to be used during reboot, they need to copy this file to /etc/sonic/config_db.json. - -- Usage: - ``` - config save [-y|--yes] [] - ``` - -- Example (Save configuration to /etc/sonic/config_db.json): - ``` - admin@sonic:~$ sudo config save -y - ``` - -- Example (Save configuration to a specified file): - ``` - admin@sonic:~$ sudo config save -y /etc/sonic/config2.json - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#loading-reloading-and-saving-configuration) - -## Loopback Interfaces - -### Loopback show commands - -Please check [show ip interfaces](#show-ip-interfaces) - -### Loopback config commands - -This sub-section explains how to create and delete loopback interfaces. - -**config interface loopback** - -This command is used to add or delete loopback interfaces. -It is recommended to use loopback names in the format "Loopbackxxx", where "xxx" is number of 1 to 3 digits. Ex: "Loopback11". - -- Usage: - ``` - config loopback (add | del) - ``` - -- Example (Create the loopback with name "Loopback11"): - ``` - admin@sonic:~$ sudo config loopback add Loopback11 - ``` - -## VRF Configuration - -### VRF show commands - -**show vrf** - -This command displays all vrfs configured on the system along with interface binding to the vrf. -If vrf-name is also provided as part of the command, if the vrf is created it will display all interfaces binding to the vrf, if vrf is not created nothing will be displayed. - -- Usage: - ``` - show vrf [] - ``` - -- Example: - ```` - admin@sonic:~$ show vrf - VRF Interfaces - ------- ------------ - default Vlan20 - Vrf-red Vlan100 - Loopback11 - Eth0.100 - Vrf-blue Loopback100 - Loopback102 - Ethernet0.10 - PortChannel101 - ```` - -### VRF config commands - -**config vrf add ** - -This command creates vrf in SONiC system with provided vrf-name. - -- Usage: - ``` -config vrf add -``` -Note: vrf-name should always start with keyword "Vrf" - -**config vrf del ** - -This command deletes vrf with name vrf-name. - -- Usage: - ``` -config vrf del -``` - -## Management VRF - -### Management VRF Show commands - -**show mgmt-vrf** - -This command displays whether the management VRF is enabled or disabled. It also displays the details about the the links (eth0, mgmt, lo-m) that are related to management VRF. - -- Usage: - ``` - show mgmt-vrf - ``` - -- Example: - ``` - admin@sonic:~$ show mgmt-vrf - - ManagementVRF : Enabled - - Management VRF interfaces in Linux: - 348: mgmt: mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000 - link/ether f2:2a:d9:bc:e8:f0 brd ff:ff:ff:ff:ff:ff - 2: eth0: mtu 1500 qdisc mq master mgmt state UP mode DEFAULT group default qlen 1000 - link/ether 4c:76:25:f4:f9:f3 brd ff:ff:ff:ff:ff:ff - 350: lo-m: mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000 - link/ether b2:4c:c6:f3:e9:92 brd ff:ff:ff:ff:ff:ff - - NOTE: The management interface "eth0" shows the "master" as "mgmt" since it is part of management VRF. - ``` - -**show mgmt-vrf routes** - -This command displays the routes that are present in the routing table 5000 that is meant for management VRF. - -- Usage: - ``` - show mgmt-vrf routes - ``` - -- Example: - ``` - admin@sonic:~$ show mgmt-vrf routes - - Routes in Management VRF Routing Table: - default via 10.16.210.254 dev eth0 metric 201 - broadcast 10.16.210.0 dev eth0 proto kernel scope link src 10.16.210.75 - 10.16.210.0/24 dev eth0 proto kernel scope link src 10.16.210.75 - local 10.16.210.75 dev eth0 proto kernel scope host src 10.16.210.75 - broadcast 10.16.210.255 dev eth0 proto kernel scope link src 10.16.210.75 - broadcast 127.0.0.0 dev lo-m proto kernel scope link src 127.0.0.1 - 127.0.0.0/8 dev lo-m proto kernel scope link src 127.0.0.1 - local 127.0.0.1 dev lo-m proto kernel scope host src 127.0.0.1 - broadcast 127.255.255.255 dev lo-m proto kernel scope link src 127.0.0.1 - ``` - -**show management_interface address** - -This command displays the IP address(es) configured for the management interface "eth0" and the management network default gateway. - -- Usage: - ``` - show management_interface address - ``` - -- Example: - ``` - admin@sonic:~$ show management_interface address - Management IP address = 10.16.210.75/24 - Management NetWork Default Gateway = 10.16.210.254 - Management IP address = FC00:2::32/64 - Management Network Default Gateway = fc00:2::1 - ``` - -**show snmpagentaddress** - -This command displays the configured SNMP agent IP addresses. - -- Usage: - ``` - show snmpagentaddress - ``` - -- Example: - ``` - admin@sonic:~$ show snmpagentaddress - ListenIP ListenPort ListenVrf - ---------- ------------ ----------- - 1.2.3.4 787 mgmt - ``` - -**show snmptrap** - -This command displays the configured SNMP Trap server IP addresses. - -- Usage: - ``` - show snmptrap - ``` - -- Example: - ``` - admin@sonic:~$ show snmptrap - Version TrapReceiverIP Port VRF Community - --------- ---------------- ------ ----- ----------- - 2 31.31.31.31 456 mgmt public - ``` - -### Management VRF Config commands - -**config vrf add mgmt** - -This command enables the management VRF in the system. This command restarts the "interfaces-config" service which in turn regenerates the /etc/network/interfaces file and restarts the "networking" service. This creates a new interface and l3mdev CGROUP with the name as "mgmt" and enslaves the management interface "eth0" into this master interface "mgmt". Note that the VRFName "mgmt" (or "management") is reserved for management VRF. i.e. Data VRFs should not use these reserved VRF names. - -- Usage: - ``` - config vrf add mgmt - ``` - -- Example: - ``` - admin@sonic:~$ sudo config vrf add mgmt - ``` - -**config vrf del mgmt** - -This command disables the management VRF in the system. This command restarts the "interfaces-config" service which in turn regenerates the /etc/network/interfaces file and restarts the "networking" service. This deletes the interface "mgmt" and deletes the l3mdev CGROUP named "mgmt" and puts back the management interface "eth0" into the default VRF. Note that the VRFName "mgmt" (or "management") is reserved for management VRF. i.e. Data VRFs should not use these reserved VRF names. - -- Usage: - ``` - config vrf del mgmt - ``` - -- Example: - ``` - admin@sonic:~$ sudo config vrf del mgmt - ``` - -**config snmpagentaddress add** - -This command adds the SNMP agent IP address on which the SNMP agent is expected to listen. When SNMP agent is expected to work as part of management VRF, users should specify the optional vrf_name parameter as "mgmt". This configuration goes into snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. - -- Usage: - ``` - config snmpagentaddress add [-p ] [-v ] agentip - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmpagentaddress add -v mgmt -p 123 21.22.13.14 - - Note: For this example, configuration goes into /etc/snmp/snmpd.conf inside snmp docker as follows. When "-v" parameter is not used, the additional "%" in the following line will not be present. - - agentAddress 21.22.13.14:123%mgmt - ``` - -**config snmpagentaddress del** - -This command deletes the SNMP agent IP address on which the SNMP agent is expected to listen. When users had added the agent IP as part of "mgmt" VRF, users should specify the optional vrf_name parameter as "mgmt" while deleting as well. This configuration is removed from snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. - -- Usage: - ``` - config snmpagentaddress del [-p ] [-v ] agentip - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmpagentaddress del -v mgmt -p 123 21.22.13.14 - - ``` - -**config snmptrap modify** - -This command modifies the SNMP trap server IP address to which the SNMP agent is expected to send the traps. Users can configure one server IP addrss for each SNMP version to send the traps. When SNMP agent is expected to send traps as part of management VRF, users should specify the optional vrf_name parameter as "mgmt". This configuration goes into snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. - -- Usage: - ``` - config snmptrap modify [-p ] [-v ] [-c ] trapserverip - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmptrap modify 2 -p 456 -v mgmt 21.21.21.21 - - For this example, configuration goes into /etc/snmp/snmpd.conf inside snmp docker as follows. When "-v" parameter is not used, the additional "%" in the following line will not be present. In case of SNMPv1, "trapsink" will be updated, in case of v2, "trap2sink" will be updated and in case of v3, "informsink" will be updated. - - trap2sink 31.31.31.31:456%mgmt public - - ``` - -**config snmptrap del** - -This command deletes the SNMP Trap server IP address to which SNMP agent is expected to send TRAPs. When users had added the trap server IP as part of "mgmt" VRF, users should specify the optional vrf_name parameter as "mgmt" while deleting as well. This configuration is removed from snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. - -- Usage: - ``` - config snmptrap del [-p ] [-v ] [-c ] trapserverip - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmptrap del -v mgmt -p 123 21.22.13.14 - - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#management-vrf) - -## Muxcable - -### Muxcable Show commands - -**show muxcable status** - -This command displays all the status of either all the ports which are connected to muxcable or any individual port selected by the user. The resultant table or json output will show the current status of muxcable on the port (auto/active) and also the health of the muxcable. - -- Usage: - ``` - show muxcable status [OPTIONS] [PORT] - ``` - -While displaying the muxcable status, users can configure the following fields - -- PORT optional - Port name should be a valid port -- --json optional - -- option to display the result in json format. By default output will be in tabular format. - -With no optional argument, all the ports muxcable status will be displayed in tabular form, or user can pass --json option to display in json format - -- Example: - ``` - admin@sonic:~$ show muxcable status - PORT STATUS HEALTH - ---------- -------- -------- - Ethernet32 active HEALTHY - Ethernet0 auto HEALTHY - ``` - ``` - admin@sonic:~$ show muxcable status --json - ``` - ```json - { - "MUX_CABLE": { - "Ethernet32": { - "STATUS": "active", - "HEALTH": "HEALTHY" - }, - "Ethernet0": { - "STATUS": "auto", - "HEALTH": "HEALTHY" - } - } - } - - ``` - ``` - admin@sonic:~$ show muxcable status Ethernet0 - PORT STATUS HEALTH - --------- -------- -------- - Ethernet0 auto HEALTHY - ``` - ``` - admin@sonic:~$ show muxcable status Ethernet0 --json - ``` - ```json - { - "MUX_CABLE": { - "Ethernet0": { - "STATUS": "auto", - "HEALTH": "HEALTHY" - } - } - } - ``` - -**show muxcable config** - -This command displays all the configurations of either all the ports which are connected to muxcable or any individual port selected by the user. The resultant table or json output will show the current configurations of muxcable on the port(active/standby) and also the ipv4 and ipv6 address of the port as well as peer TOR ip address with the hostname. - -- Usage: - ``` - show muxcable config [OPTIONS] [PORT] - ``` - -With no optional argument, all the ports muxcable configuration will be displayed in tabular form -While displaying the muxcable configuration, users can configure the following fields - -- PORT optional - Port name should be a valid port -- --json optional - option to display the result in json format. By default output will be in tabular format. - -- Example: - ``` - admin@sonic:~$ show muxcable config - SWITCH_NAME PEER_TOR - ------------- ---------- - sonic 10.1.1.1 - port state ipv4 ipv6 - --------- ------- -------- -------- - Ethernet0 active 10.1.1.1 fc00::75 - ``` - ``` - admin@sonic:~$ show muxcable config --json - ``` - ```json - { - "MUX_CABLE": { - "PEER_TOR": "10.1.1.1", - "PORTS": { - "Ethernet0": { - "STATE": "active", - "SERVER": { - "IPv4": "10.1.1.1", - "IPv6": "fc00::75" - } - } - } - } - } - ``` - ``` - admin@sonic:~$ show muxcable config Ethernet0 - SWITCH_NAME PEER_TOR - ------------- ---------- - sonic 10.1.1.1 - port state ipv4 ipv6 - --------- ------- -------- -------- - Ethernet0 active 10.1.1.1 fc00::75 - ``` - ``` - admin@sonic:~$ show muxcable config Ethernet0 --json - ``` - ```json - { - "MUX_CABLE": { - "PORTS": { - "Ethernet0": { - "STATE": "active", - "SERVER": { - "IPv4": "10.1.1.1", - "IPv6": "fc00::75" - } - } - } - } - } - ``` - -**show muxcable ber-info** - -This command displays the ber(Bit error rate) of the port user provides on the target user provides. The target provided as an integer corresponds to actual target as. -0 -> local -1 -> tor 1 -2 -> tor 2 -3 -> nic - -- Usage: - ``` - Usage: show muxcable ber-info [OPTIONS] PORT TARGET - ``` - - -- PORT required - Port number should be a valid port -- TARGET required - the actual target to get the ber info of. - -- Example: - ``` - admin@sonic:~$ show muxcable ber-info 1 1 - Lane1 Lane2 - ------- ------- - 0 0 - ``` - -**show muxcable ber-info** - -This command displays the eye info in mv(milli volts) of the port user provides on the target user provides. The target provided as an integer corresponds to actual target as. -0 -> local -1 -> tor 1 -2 -> tor 2 -3 -> nic - -- Usage: - ``` - Usage: show muxcable eye-info [OPTIONS] PORT TARGET - ``` - -- PORT required - Port number should be a valid port -- TARGET required - the actual target to get the eye info of. - -- Example: - ``` - admin@sonic:~$ show muxcable ber-info 1 1 - Lane1 Lane2 - ------- ------- - 632 622 - ``` - -### Muxcable Config commands - - -**config muxcable mode** - -This command is used for setting the configuration of a muxcable Port/all ports to be active or auto. The user has to enter a port number or else all to make the muxcable config operation on all the ports. Depending on the status of the muxcable port state the resultant output could be OK or INPROGRESS . OK would imply no change on the state, INPROGRESS would mean the toggle is happening in the background. - -- Usage: - ``` - config muxcable mode [OPTIONS] - ``` - -While configuring the muxcable, users needs to configure the following fields for the operation - -- operation_state, permitted operation to be configured which can only be auto or active -- PORT optional - Port name should be a valid port -- --json optional - option to display the result in json format. By default output will be in tabular format. - - -- Example: - ``` - admin@sonic:~$ sudo config muxcable mode active Ethernet0 - port state - --------- ------- - Ethernet0 OK - ``` - ``` - admin@sonic:~$ sudo config muxcable mode --json active Ethernet0 - ``` - ```json - { - "Ethernet0": "OK" - } - ``` - ``` - admin@sonic:~$ sudo config muxcable mode active all - port state - ---------- ---------- - Ethernet0 OK - Ethernet32 INPROGRESS - ``` - ``` - admin@sonic:~$ sudo config muxcable mode active all --json - ``` - ```json - { - "Ethernet32": "INPROGRESS", - "Ethernet0": "OK" - } - ``` -**config muxcable prbs enable/disable** - -This command is used for setting the configuration and enable/diable of prbs on a port user provides. While enabling in addition to port the user also needs to provides the target, prbs mode and lane map on which the user intends to run prbs on. The target reflects where the enable/dsiable will happen. - -- Usage: - ``` - config muxcable prbs enable [OPTIONS] PORT TARGET MODE_VALUE LANE_MAP - config muxcable prbs disable [OPTIONS] PORT TARGET - ``` - -While configuring the muxcable, users needs to configure the following fields for the operation - -- PORT required - Port number should be a valid port -- TARGET required - the actual target to run the prbs on - 0 -> local side, - 1 -> TOR 1 - 2 -> TOR 2 - 3 -> NIC -- MODE_VALUE required - the mode/type for configuring the PRBS mode. - 0x00 = PRBS 9, 0x01 = PRBS 15, 0x02 = PRBS 23, 0x03 = PRBS 31 -- LANE_MAP required - an integer representing the lane_map to be run PRBS on - 0bit for lane 0, 1bit for lane1 and so on. - for example 3 -> 0b'0011 , means running on lane0 and lane1 -- Example: - ``` - admin@sonic:~$ sudo config muxcable prbs enable 1 1 3 3 - PRBS config sucessful - admin@sonic:~$ sudo config muxcable prbs disable 1 0 - PRBS disable sucessful - ``` - -**config muxcable loopback enable/disable** - -This command is used for setting the configuration and enable/disable of loopback on a port user provides. While enabling in addition to port the user also needs to provides the target and lane map on which the user intends to run loopback on. The target reflects where the enable/dsiable will happen. - -- Usage: - ``` - config muxcable loopback enable [OPTIONS] PORT TARGET LANE_MAP - config muxcable loopback disable [OPTIONS] PORT TARGET - ``` - -While configuring the muxcable, users needs to configure the following fields for the operation - -- PORT required - Port number should be a valid port -- TARGET required - the actual target to run the loopback on - 0 -> local side, - 1 -> TOR 1 - 2 -> TOR 2 - 3 -> NIC -- LANE_MAP required - an integer representing the lane_map to be run loopback on - 0bit for lane 0, 1bit for lane1 and so on. - for example 3 -> 0b'0011 , means running on lane0 and lane1 - -- Example: - ``` - admin@sonic:~$ sudo config muxcable loopback enable 1 1 3 - loopback config sucessful - admin@sonic:~$ sudo config muxcable loopback disable 1 0 - loopback disable sucessfull - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#muxcable) - -## Mirroring - -### Mirroring Show commands - -**show mirror_session** - -This command displays all the mirror sessions that are configured. - -- Usage: - ``` - show mirror_session - ``` - -- Example: - ``` - admin@sonic:~$ show mirror_session - ERSPAN Sessions - Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction - ------ -------- -------- -------- ----- ------ ----- ------- --------- -------------- ---------- ----------- - everflow0 active 10.1.0.32 10.0.0.7 - - SPAN Sessions - Name Status DST Port SRC Port Direction - ------ -------- ---------- ------------- ----------- - port0 active Ethernet0 PortChannel10 rx - ``` - -### Mirroring Config commands - -**config mirror_session** - -This command is used to add or remove mirroring sessions. Mirror session is identified by "session_name". -This command supports configuring both SPAN/ERSPAN sessions. -In SPAN user can configure mirroring of list of source ports/LAG to destination port in ingress/egress/both directions. -In ERSPAN user can configure mirroring of list of source ports/LAG to a destination IP. -Both SPAN/ERSPAN support ACL based mirroring and can be used in ACL configurations. - -While adding a new ERSPAN session, users need to configure the following fields that are used while forwarding the mirrored packets. - -1) source IP address, -2) destination IP address, -3) DSCP (QoS) value with which mirrored packets are forwarded -4) TTL value -5) optional - GRE Type in case if user wants to send the packet via GRE tunnel. GRE type could be anything; it could also be left as empty; by default, it is 0x8949 for Mellanox; and 0x88be for the rest of the chips. -6) optional - Queue in which packets shall be sent out of the device. Valid values 0 to 7 for most of the devices. Users need to know their device and the number of queues supported in that device. -7) optional - Policer which will be used to control the rate at which frames are mirrored. -8) optional - List of source ports which can have both Ethernet and LAG ports. -9) optional - Direction - Mirror session direction when configured along with Source port. (Supported rx/tx/both. default direction is both) - -- Usage: - ``` - config mirror_session erspan add [gre_type] [queue] [policer ] [source-port-list] [direction] - ``` - - The following command is also supported to be backward compatible. - This command will be deprecated in future releases. - ``` - config mirror_session add [gre_type] [queue] - ``` - -- Example: - ``` - root@T1-2:~# config mirror_session add mrr_legacy 1.2.3.4 20.21.22.23 8 100 0x6558 0 - root@T1-2:~# show mirror_session - Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction - --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- - mrr_legacy inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 - - - root@T1-2:~# config mirror_session erspan add mrr_abcd 1.2.3.4 20.21.22.23 8 100 0x6558 0 - root@T1-2:~# show mirror_session - Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction - --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- - mrr_abcd inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 - root@T1-2:~# - - root@T1-2:~# config mirror_session erspan add mrr_port 1.2.3.4 20.21.22.23 8 100 0x6558 0 Ethernet0 - root@T1-2:~# show mirror_session - Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction - --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- - mrr_port inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 Ethernet0 both - root@T1-2:~# - ``` - -While adding a new SPAN session, users need to configure the following fields that are used while forwarding the mirrored packets. -1) destination port, -2) optional - List of source ports- List of source ports which can have both Ethernet and LAG ports. -3) optional - Direction - Mirror session direction when configured along with Source port. (Supported rx/tx/both. default direction is both) -4) optional - Queue in which packets shall be sent out of the device. Valid values 0 to 7 for most of the devices. Users need to know their device and the number of queues supported in that device. -5) optional - Policer which will be used to control the rate at which frames are mirrored. - -- Usage: - ``` - config mirror_session span add [source-port-list] [direction] [queue] [policer ] - ``` - -- Example: - ``` - root@T1-2:~# config mirror_session span add port0 Ethernet0 Ethernet4,PortChannel001,Ethernet8 - root@T1-2:~# show mirror_session - Name Status DST Port SRC Port Direction - ------ -------- ---------- --------------------------------- ----------- - port0 active Ethernet0 Ethernet4,PortChannel10,Ethernet8 both - root@T1-2:~# - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#mirroring) - -## NAT - -### NAT Show commands - -**show nat config** - -This command displays the NAT configuration. - -- Usage: - ``` - show nat config [static | pool | bindings | globalvalues | zones] - ``` - -With no optional arguments, the whole NAT configuration is displayed. - -- Example: - ``` - admin@sonic:~$ show nat config static - - Nat Type IP Protocol Global IP Global L4 Port Local IP Local L4 Port Twice-Nat Id - -------- ----------- ------------ -------------- ------------- ------------- ------------ - dnat all 65.55.45.5 --- 10.0.0.1 --- --- - dnat all 65.55.45.6 --- 10.0.0.2 --- --- - dnat tcp 65.55.45.7 2000 20.0.0.1 4500 1 - snat tcp 20.0.0.2 4000 65.55.45.8 1030 1 - - admin@sonic:~$ show nat config pool - - Pool Name Global IP Range Global L4 Port Range - ------------ ------------------------- -------------------- - Pool1 65.55.45.5 1024-65535 - Pool2 65.55.45.6-65.55.45.8 --- - Pool3 65.55.45.10-65.55.45.15 500-1000 - - admin@sonic:~$ show nat config bindings - - Binding Name Pool Name Access-List Nat Type Twice-Nat Id - ------------ ------------ ------------ -------- ------------ - Bind1 Pool1 --- snat --- - Bind2 Pool2 1 snat 1 - Bind3 Pool3 2 snat -- - - admin@sonic:~$ show nat config globalvalues - - Admin Mode : enabled - Global Timeout : 600 secs - TCP Timeout : 86400 secs - UDP Timeout : 300 secs - - admin@sonic:~$ show nat config zones - - Port Zone - ---- ---- - Ethernet2 0 - Vlan100 1 - ``` - -**show nat statistics** - -This command displays the NAT translation statistics for each entry. - -- Usage: - ``` - show nat statistics - ``` - -- Example: - ``` - admin@sonic:~$ show nat statistics - - Protocol Source Destination Packets Bytes - -------- --------- -------------- ------------- ------------- - all 10.0.0.1 --- 802 1009280 - all 10.0.0.2 --- 23 5590 - tcp 20.0.0.1:4500 --- 110 12460 - udp 20.0.0.1:4000 --- 1156 789028 - tcp 20.0.0.1:6000 --- 30 34800 - tcp 20.0.0.1:5000 65.55.42.1:2000 128 110204 - tcp 20.0.0.1:5500 65.55.42.1:2000 8 3806 - ``` - -**show nat translations** - -This command displays the NAT translation entries. - -- Usage: - ``` - show nat translations [count] - ``` -Giving the optional count argument displays only the details about the number of translation entries. -- Example: - ``` - admin@sonic:~$ show nat translations - - Static NAT Entries ................. 4 - Static NAPT Entries ................. 2 - Dynamic NAT Entries ................. 0 - Dynamic NAPT Entries ................. 4 - Static Twice NAT Entries ................. 0 - Static Twice NAPT Entries ................. 4 - Dynamic Twice NAT Entries ................ 0 - Dynamic Twice NAPT Entries ................ 0 - Total SNAT/SNAPT Entries ................ 9 - Total DNAT/DNAPT Entries ................ 9 - Total Entries ................ 14 - - Protocol Source Destination Translated Source Translated Destination - -------- --------- -------------- ----------------- ---------------------- - all 10.0.0.1 --- 65.55.42.2 --- - all --- 65.55.42.2 --- 10.0.0.1 - all 10.0.0.2 --- 65.55.42.3 --- - all --- 65.55.42.3 --- 10.0.0.2 - tcp 20.0.0.1:4500 --- 65.55.42.1:2000 --- - tcp --- 65.55.42.1:2000 --- 20.0.0.1:4500 - udp 20.0.0.1:4000 --- 65.55.42.1:1030 --- - udp --- 65.55.42.1:1030 --- 20.0.0.1:4000 - tcp 20.0.0.1:6000 --- 65.55.42.1:1024 --- - tcp --- 65.55.42.1:1024 --- 20.0.0.1:6000 - tcp 20.0.0.1:5000 65.55.42.1:2000 65.55.42.1:1025 20.0.0.1:4500 - tcp 20.0.0.1:4500 65.55.42.1:1025 65.55.42.1:2000 20.0.0.1:5000 - tcp 20.0.0.1:5500 65.55.42.1:2000 65.55.42.1:1026 20.0.0.1:4500 - tcp 20.0.0.1:4500 65.55.42.1:1026 65.55.42.1:2000 20.0.0.1:5500 - - admin@sonic:~$ show nat translations count - - Static NAT Entries ................. 4 - Static NAPT Entries ................. 2 - Dynamic NAT Entries ................. 0 - Dynamic NAPT Entries ................. 4 - Static Twice NAT Entries ................. 0 - Static Twice NAPT Entries ................. 4 - Dynamic Twice NAT Entries ................ 0 - Dynamic Twice NAPT Entries ................ 0 - Total SNAT/SNAPT Entries ................ 9 - Total DNAT/DNAPT Entries ................ 9 - Total Entries ................ 14 - ``` - -### NAT Config commands - -**config nat add static** - -This command is used to add a static NAT or NAPT entry. -When configuring the Static NAT entry, user has to specify the following fields with 'basic' keyword. - -1. Global IP address, -2. Local IP address, -3. NAT type (snat / dnat) to be applied on the Global IP address. Default value is dnat. This is optinoal argument. -4. Twice NAT Id. This is optional argument used in case of twice nat configuration. - -When configuring the Static NAPT entry, user has to specify the following fields. - -1. IP protocol type (tcp / udp) -2. Global IP address + Port -3. Local IP address + Port -4. NAT type (snat / dnat) to be applied on the Global IP address + Port. Default value is dnat. This is optional argument. -5. Twicw NAT Id. This is optional argument used in case of twice nat configuration. - -- Usage: - ``` - config nat add static {{basic (global-ip) (local-ip)} | {{tcp | udp} (global-ip) (global-port) (local-ip) (local-port)}} [-nat_type {snat | dnat}] [-twice_nat_id (value)] - ``` - -To delete a static NAT or NAPT entry, use the command below. Giving the all argument deletes all the configured static NAT and NAPT entries. -``` -config nat remove static {{basic (global-ip) (local-ip)} | {{tcp | udp} (global-ip) (global-port) (local-ip) (local-port)} | all} -``` -- Example: - ``` - admin@sonic:~$ sudo config nat add static basic 65.55.45.1 12.12.12.14 -nat_type dnat - admin@sonic:~$ sudo config nat add static tcp 65.55.45.2 100 12.12.12.15 200 -nat_type dnat - - admin@sonic:~$ show nat translations - - Static NAT Entries ................. 2 - Static NAPT Entries ................. 2 - Dynamic NAT Entries ................. 0 - Dynamic NAPT Entries ................. 0 - Static Twice NAT Entries ................. 0 - Static Twice NAPT Entries ................. 0 - Dynamic Twice NAT Entries ................ 0 - Dynamic Twice NAPT Entries ................ 0 - Total SNAT/SNAPT Entries ................ 2 - Total DNAT/DNAPT Entries ................ 2 - Total Entries ................ 4 - - Protocol Source Destination Translated Source Translated Destination - -------- --------- -------------- ----------------- ---------------------- - all 12.12.12.14 --- 65.55.42.1 --- - all --- 65.55.42.1 --- 12.12.12.14 - tcp 12.12.12.15:200 --- 65.55.42.2:100 --- - tcp --- 65.55.42.2:100 --- 12.12.12.15:200 - ``` - -**config nat add pool** - -This command is used to create a NAT pool used for dynamic Source NAT or NAPT translations. -Pool can be configured in one of the following combinations. - -1. Global IP address range (or) -2. Global IP address + L4 port range (or) -3. Global IP address range + L4 port range. - -- Usage: - ``` - config nat add pool (pool-name) (global-ip-range) (global-port-range) - ``` -To delete a NAT pool, use the command. Pool cannot be removed if it is referenced by a NAT binding. Giving the pools argument removes all the configured pools. -``` -config nat remove {pool (pool-name) | pools} -``` -- Example: - ``` - admin@sonic:~$ sudo config nat add pool pool1 65.55.45.2-65.55.45.10 - admin@sonic:~$ sudo config nat add pool pool2 65.55.45.3 100-1024 - - admin@sonic:~$ show nat config pool - - Pool Name Global IP Range Global Port Range - ----------- ---------------------- ------------------- - pool1 65.55.45.2-65.55.45.10 --- - pool2 65.55.45.3 100-1024 - ``` - -**config nat add binding** - -This command is used to create a NAT binding between a pool and an ACL. The following fields are needed for configuring the binding. - - 1. ACL is an optional argument. If ACL argument is not given, the NAT binding is applicable to match all traffic. - 2. NAT type is an optional argument. Only DNAT type is supoprted for binding. - 3. Twice NAT Id is an optional argument. This Id is used to form a twice nat grouping with the static NAT/NAPT entry configured with the same Id. - -- Usage: - ``` - config nat add binding (binding-name) [(pool-name)] [(acl-name)] [-nat_type {snat | dnat}] [-twice_nat_id (value)] - ``` -To delete a NAT binding, use the command below. Giving the bindings argument removes all the configured bindings. -``` -config nat remove {binding (binding-name) | bindings} -``` -- Example: - ``` - admin@sonic:~$ sudo config nat add binding bind1 pool1 acl1 - admin@sonic:~$ sudo config nat add binding bind2 pool2 - - admin@sonic:~$ show nat config bindings - - Binding Name Pool Name Access-List Nat Type Twice-NAT Id - -------------- ----------- ------------- ---------- -------------- - bind1 pool1 acl1 snat --- - bind2 pool2 snat --- - ``` - -**config nat add interface** - -This command is used to configure NAT zone on an L3 interface. Default value of NAT zone on an L3 interface is 0. Valid range of zone values is 0-3. - -- Usage: - ``` - config nat add interface (interface-name) -nat_zone (value) - ``` -To reset the NAT zone on an interface, use the command below. Giving the interfaces argument resets the NAT zone on all the L3 interfaces to 0. -``` -config nat remove {interface (interface-name) | interfaces} -``` -- Example: - ``` - admin@sonic:~$ sudo config nat add interface Ethernet28 -nat_zone 1 - - admin@sonic:~$ show nat config zones - - Port Zone - ---------- ------ - Ethernet0 0 - Ethernet28 1 - Ethernet22 0 - Vlan2091 0 - ``` - -**config nat set** - -This command is used to set the NAT timeout values. Different timeout values can be configured for the NAT entry timeout, NAPT TCP entry timeout, NAPT UDP entry timeout. -Range for Global NAT entry timeout is 300 sec to 432000 sec, default value is 600 sec. -Range for TCP NAT/NAPT entry timeout is 300 sec to 432000 sec, default value is 86400 sec. -Range for UDP NAT/NAPT entry timeout is 120 sec to 600 sec, default value is 300 sec. - -- Usage: - ``` - config nat set {tcp-timeout (value) | timeout (value) | udp-timeout (value)} - ``` -To reset the timeout values to the default values, use the command -``` -config nat reset {tcp-timeout | timeout | udp-timeout} -``` -- Example: - ``` - admin@sonic:~$ sudo config nat add set tcp-timeout 3600 - - admin@sonic:~$ show nat config globalvalues - - Admin Mode : enabled - Global Timeout : 600 secs - TCP Timeout : 600 secs - UDP Timeout : 300 secs - ``` - -**config nat feature** - -This command is used to enable or disable the NAT feature. - -- Usage: - ``` - config nat feature {enable | disable} - ``` - -- Example: - ``` - admin@sonic:~$ sudo config nat feature enable - admin@sonic:~$ sudo config nat feature disable - ``` - -### NAT Clear commands - -**sonic-clear nat translations** - -This command is used to clear the dynamic NAT and NAPT translation entries. - -- Usage: - ``` - sonic-clear nat translations - ``` - -**sonic-clear nat statistics** - -This command is used to clear the statistics of all the NAT and NAPT entries. - -- Usage: - ``` - sonic-clear nat statistics - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#nat) - - -## NTP - -### NTP show commands - -**show ntp** - -This command displays a list of NTP peers known to the server as well as a summary of their state. - -- Usage: - ``` - show ntp - ``` - -- Example: - ``` - admin@sonic:~$ show ntp - synchronised to NTP server (204.2.134.164) at stratum 3 - time correct to within 326797 ms - polling server every 1024 s - - remote refid st t when poll reach delay offset jitter - ============================================================================== - 23.92.29.245 .XFAC. 16 u - 1024 0 0.000 0.000 0.000 - *204.2.134.164 46.233.231.73 2 u 916 1024 377 3.079 0.394 0.128 - ``` - - -### NTP Config Commands - -This sub-section of commands is used to add or remove the configured NTP servers. - -**config ntp add** - -This command is used to add a NTP server IP address to the NTP server list. Note that more that one NTP server IP address can be added in the device. - -- Usage: - ``` - config ntp add - ``` - -- Example: - ``` - admin@sonic:~$ sudo config ntp add 9.9.9.9 - NTP server 9.9.9.9 added to configuration - Restarting ntp-config service... - ``` - -**config ntp delete** - -This command is used to delete a configured NTP server IP address. - -- Usage: - ``` - config ntp del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config ntp del 9.9.9.9 - NTP server 9.9.9.9 removed from configuration - Restarting ntp-config service... - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#NTP) - -# PFC Watchdog Commands -Detailed description of the PFC Watchdog could be fount on the [this wiki page](https://github.com/Azure/SONiC/wiki/PFC-Watchdog) - -**config pfcwd start \** - -This command starts PFC Watchdog - -- Usage: - ``` - config pfcwd start --action drop all 400 --restoration-time 400 - config pfcwd start --action forward Ethernet0 Ethernet8 400 - ``` - -**config pfcwd stop** - -This command stops PFC Watchdog - -- Usage: - ``` - config pfcwd stop - ``` - -**config pfcwd interval \** - -This command sets PFC Watchdog counter polling interval (in ms) - -- Usage: - ``` - config pfcwd interval 200 - ``` - -**config pfcwd counter_poll \** - -This command enables or disables PFCWD related counters polling - -- Usage: - ``` - config pfcwd counter_poll disable - ``` - -**config pfcwd big_red_switch \** - -This command enables or disables PFCWD's "BIG RED SWITCH"(BRS). After enabling BRS PFC Watchdog will be activated on all ports/queues it is configured for no matter whether the storm was detected or not - -- Usage: - ``` - config pfcwd big_red_switch enable - ``` - -**config pfcwd start_default** - -This command starts PFC Watchdog with the default settings. - -- Usage: - ``` - config pfcwd start_default - ``` - -Default values are the following: - - - detection time - 200ms - - restoration time - 200ms - - polling interval - 200ms - - action - 'drop' - -Additionally if number of ports in the system exceeds 32, all times will be multiplied by roughly /32. - - -**show pfcwd config** - -This command shows current PFC Watchdog configuration - -- Usage: - ``` - show pfcwd config - ``` - -**show pfcwd stats** - -This command shows current PFC Watchdog statistics (storms detected, packets dropped, etc) - -- Usage: - ``` - show pfcwd stats - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#pfc-watchdog-commands) - -## Platform Component Firmware - -### Platform Component Firmware show commands - -**show platform firmware status** - -This command displays platform components firmware status information. - -- Usage: -```bash -show platform firmware status -``` - -- Example: -```bash -admin@sonic:~$ sudo show platform firmware status -Chassis Module Component Version Description ---------- -------- ----------- ----------------------- ---------------------------------------- -MSN3800 N/A ONIE 2020.11-5.2.0022-9600 ONIE - Open Network Install Environment - SSD 0202-000 SSD - Solid-State Drive - BIOS 0ACLH004_02.02.008_9600 BIOS - Basic Input/Output System - CPLD1 CPLD000120_REV0900 CPLD - Complex Programmable Logic Device - CPLD2 CPLD000165_REV0500 CPLD - Complex Programmable Logic Device - CPLD3 CPLD000166_REV0300 CPLD - Complex Programmable Logic Device - CPLD4 CPLD000167_REV0100 CPLD - Complex Programmable Logic Device -``` - -**show platform firmware updates** - -This command displays platform components firmware updates information. - -- Usage: -```bash -show platform firmware updates [-i|--image] -``` - -- Options: - - _-i|--image_: show updates using current/next SONiC image - - Valid values: - - current - - next - - Default: - - current - -- Example: -```bash -admin@sonic:~$ sudo show platform firmware updates -Chassis Module Component Firmware Version (Current/Available) Status ---------- -------- ----------- ------------------------------------------ ------------------------------------------------- ------------------ -MSN3800 N/A ONIE /usr/local/lib/firmware/mellanox/onie.bin 2020.11-5.2.0022-9600 / 2020.11-5.2.0024-9600 update is required - SSD /usr/local/lib/firmware/mellanox/ssd.bin 0202-000 / 0204-000 update is required - BIOS /usr/local/lib/firmware/mellanox/bios.bin 0ACLH004_02.02.008_9600 / 0ACLH004_02.02.010_9600 update is required - CPLD1 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000120_REV0900 / CPLD000120_REV0900 up-to-date - CPLD2 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000165_REV0500 / CPLD000165_REV0500 up-to-date - CPLD3 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000166_REV0300 / CPLD000166_REV0300 up-to-date - CPLD4 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000167_REV0100 / CPLD000167_REV0100 up-to-date -``` - -- Note: - - current/next values for _-i|--image_ are taken from `sonic-installer list` - ```bash - admin@sonic:~$ sudo sonic-installer list - Current: SONiC-OS-202012.0-fb89c28c9 - Next: SONiC-OS-201911.0-2bec3004e - Available: - SONiC-OS-202012.0-fb89c28c9 - SONiC-OS-201911.0-2bec3004e - ``` - -**show platform firmware version** - -This command displays platform components firmware utility version. - -- Usage: -```bash -show platform firmware version -``` - -- Example: -```bash -admin@sonic:~$ show platform firmware version -fwutil version 2.0.0.0 -``` - -### Platform Component Firmware config commands - -**config platform firmware install** - -This command is used to install a platform component firmware. -Both modular and non modular chassis platforms are supported. - -- Usage: -```bash -config platform firmware install chassis component fw [-y|--yes] -config platform firmware install module component fw [-y|--yes] -``` - -- Options: - - _-y|--yes_: automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively - -- Example: -```bash -admin@sonic:~$ sudo config platform firmware install chassis component BIOS fw /usr/local/lib/firmware/mellanox/sn3800/chassis1/bios.bin -Warning: Immediate cold reboot is required to complete BIOS firmware update. -New firmware will be installed, continue? [y/N]: y -Installing firmware: - /usr/local/lib/firmware/mellanox/sn3800/chassis1/bios.bin - -admin@sonic:~$ sudo config platform firmware install module Module1 component BIOS fw https://www.mellanox.com/fw/sn3800/module1/bios.bin -Warning: Immediate cold reboot is required to complete BIOS firmware update. -New firmware will be installed, continue? [y/N]: y -Downloading firmware: - [##################################################] 100% -Installing firmware: - /tmp/bios.bin -``` - -- Note: - - can be absolute path or URL - -**config platform firmware update** - -This command is used to update a platform component firmware from current/next SONiC image. -Both modular and non modular chassis platforms are supported. - -FW update requires `platform_components.json` to be created and placed at: -sonic-buildimage/device///platform_components.json - -Example: -1. Non modular chassis platform -```json -{ - "chassis": { - "Chassis1": { - "component": { - "BIOS": { - "firmware": "/usr/local/lib/firmware///chassis1/bios.bin", - "version": "" - }, - "CPLD": { - "firmware": "/usr/local/lib/firmware///chassis1/cpld.bin", - "version": "" - }, - "FPGA": { - "firmware": "/usr/local/lib/firmware///chassis1/fpga.bin", - "version": "" - } - } - } - } -} -``` - -2. Modular chassis platform -```json -{ - "chassis": { - "Chassis1": { - "component": { - "BIOS": { - "firmware": "/usr/local/lib/firmware///chassis1/bios.bin", - "version": "" - }, - "CPLD": { - "firmware": "/usr/local/lib/firmware///chassis1/cpld.bin", - "version": "" - }, - "FPGA": { - "firmware": "/usr/local/lib/firmware///chassis1/fpga.bin", - "version": "" - } - } - } - }, - "module": { - "Module1": { - "component": { - "CPLD": { - "firmware": "/usr/local/lib/firmware///module1/cpld.bin", - "version": "" - }, - "FPGA": { - "firmware": "/usr/local/lib/firmware///module1/fpga.bin", - "version": "" - } - } - } - } -} -``` - -- Usage: -```bash -config platform firmware update chassis component fw [-y|--yes] [-f|--force] [-i|--image] -config platform firmware update module component fw [-y|--yes] [-f|--force] [-i|--image] -``` - -- Options: - - _-y|--yes_: automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively - - _-f|--force_: update FW regardless the current version - - _-i|--image_: update FW using current/next SONiC image - - Valid values: - - current - - next - - Default: - - current - -- Example: -```bash -admin@sonic:~$ sudo config platform firmware update chassis component BIOS fw -Warning: Immediate cold reboot is required to complete BIOS firmware update. -New firmware will be installed, continue? [y/N]: y -Updating firmware: - /usr/local/lib/firmware/mellanox/x86_64-mlnx_msn3800-r0/chassis1/bios.bin - -admin@sonic:~$ sudo config platform firmware update module Module1 component BIOS fw -Warning: Immediate cold reboot is required to complete BIOS firmware update. -New firmware will be installed, continue? [y/N]: y -Updating firmware: - /usr/local/lib/firmware/mellanox/x86_64-mlnx_msn3800-r0/module1/bios.bin -``` - -- Note: - - FW update will be disabled if component definition is not provided (e.g., 'BIOS': { }) - - FW version will be read from image if `version` field is not provided - - current/next values for _-i|--image_ are taken from `sonic-installer list` - ```bash - admin@sonic:~$ sudo sonic-installer list - Current: SONiC-OS-202012.0-fb89c28c9 - Next: SONiC-OS-201911.0-2bec3004e - Available: - SONiC-OS-202012.0-fb89c28c9 - SONiC-OS-201911.0-2bec3004e - ``` - -### Platform Component Firmware vendor specific behaviour - -#### Mellanox - -**CPLD update** - -On Mellanox platforms CPLD update can be done either for single or for all components at once. -The second approach is preferred. In this case an aggregated `vme` binary is used and -CPLD component can be specified arbitrary. - -- Example: -```bash -root@sonic:/home/admin# show platform firmware -Chassis Module Component Version Description ----------------------- -------- ----------- ----------------------- ---------------------------------------- -x86_64-mlnx_msn3800-r0 N/A BIOS 0ACLH004_02.02.007_9600 BIOS - Basic Input/Output System - CPLD1 CPLD000000_REV0400 CPLD - Complex Programmable Logic Device - CPLD2 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device - CPLD3 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device - CPLD4 CPLD000000_REV0100 CPLD - Complex Programmable Logic Device - -root@sonic:/home/admin# BURN_VME="$(pwd)/FUI000091_Burn_SN3800_CPLD000120_REV0600_CPLD000165_REV0400_CPLD000166_REV0300_CPLD000167_REV0100.vme" -root@sonic:/home/admin# REFRESH_VME="$(pwd)/FUI000091_Refresh_SN3800_CPLD000120_REV0600_CPLD000165_REV0400_CPLD000166_REV0300_CPLD000167_REV0100.vme" - -root@sonic:/home/admin# config platform firmware install chassis component CPLD1 fw -y ${BURN_VME} -root@sonic:/home/admin# config platform firmware install chassis component CPLD1 fw -y ${REFRESH_VME} - -root@sonic:/home/admin# show platform firmware -Chassis Module Component Version Description ----------------------- -------- ----------- ----------------------- ---------------------------------------- -x86_64-mlnx_msn3800-r0 N/A BIOS 0ACLH004_02.02.007_9600 BIOS - Basic Input/Output System - CPLD1 CPLD000000_REV0600 CPLD - Complex Programmable Logic Device - CPLD2 CPLD000000_REV0400 CPLD - Complex Programmable Logic Device - CPLD3 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device - CPLD4 CPLD000000_REV0100 CPLD - Complex Programmable Logic Device -``` - -Note: the update will have the same effect if any of CPLD1/CPLD2/CPLD3/CPLD4 will be used - -Go Back To [Beginning of the document](#) or [Beginning of this section](#platform-component-firmware) - - -## Platform Specific Commands - -### Mellanox Platform Specific Commands - -There are few commands that are platform specific. Mellanox has used this feature and implemented Mellanox specific commands as follows. - -**show platform mlnx sniffer** - -This command shows the SDK sniffer status - -- Usage: - ``` - show platform mlnx sniffer - ``` - -- Example: - ``` - admin@sonic:~$ show platform mlnx sniffer - sdk sniffer is disabled - ``` - -**show platform mlnx sniffer** - -Another show command available on ‘show platform mlnx’ which is the issu status. -This means if ISSU is enabled on this SKU or not. A warm boot command can be executed only when ISSU is enabled on the SKU. - -- Usage: - ``` - show platform mlnx issu - ``` - -- Example: - ``` - admin@sonic:~$ show platform mlnx issu - ISSU is enabled - ``` - -In the case ISSU is disabled and warm-boot is called, the user will get a notification message explaining that the command cannot be invoked. - -- Example: - ``` - admin@sonic:~$ sudo warm-reboot - ISSU is not enabled on this HWSKU - Warm reboot is not supported - ``` - -**config platform mlnx** - -This command is valid only on mellanox devices. The sub-commands for "config platform" gets populated only on mellanox platforms. -There are no other subcommands on non-Mellanox devices and hence this command appears empty and useless in other platforms. -The platform mellanox command currently includes a single sub command which is the SDK sniffer. -The SDK sniffer is a troubleshooting tool which records the RPC calls from the Mellanox SDK user API library to the sx_sdk task into a .pcap file. -This .pcap file can be replayed afterward to get the exact same configuration state on SDK and FW to reproduce and investigate issues. - -A new folder will be created to store the sniffer files: "/var/log/mellanox/sniffer/". The result file will be stored in a .pcap file, which includes a time stamp of the starting time in the file name, for example, "sx_sdk_sniffer_20180224081306.pcap" -In order to have a complete .pcap file with all the RPC calls, the user should disable the SDK sniffer. Swss service will be restarted and no capturing is taken place from that moment. -It is recommended to review the .pcap file while sniffing is disabled. -Once SDK sniffer is enabled/disabled, the user is requested to approve that swss service will be restarted. -For example: To change SDK sniffer status, swss service will be restarted, continue? [y/N]: -In order to avoid that confirmation the -y / --yes option should be used. - -- Usage: - ``` - config platform mlnx sniffer sdk [-y|--yes] - ``` - -- Example: - ``` - admin@sonic:~$ config platform mlnx sniffer sdk - To change SDK sniffer status, swss service will be restarted, continue? [y/N]: y - NOTE: In order to avoid that confirmation the -y / --yes option should be used. - ``` - -### Barefoot Platform Specific Commands - -**show platform barefoot profile** - -This command displays active P4 profile and lists available ones. - -- Usage: - ``` - show platform barefoot profile - ``` - -- Example: - ``` - admin@sonic:~$ show platform barefoot profile - Current profile: x1 - Available profile(s): - x1 - x2 - ``` - -**config platform barefoot profile** - -This command sets P4 profile. - -- Usage: - ``` - config platform barefoot profile [-y|--yes] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config platform barefoot profile x1 - Swss service will be restarted, continue? [y/N]: y - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#platform-specific-commands) - - -## PortChannels - -### PortChannel Show commands - -**show interfaces portchannel** - -This command displays all the port channels that are configured in the device and its current status. - -- Usage: - ``` - show interfaces portchannel - ``` - -- Example: - ``` - admin@sonic:~$ show interfaces portchannel - Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available, S - selected, D - deselected - No. Team Dev Protocol Ports - ----- ------------- ----------- --------------------------- - 24 PortChannel24 LACP(A)(Up) Ethernet28(S) Ethernet24(S) - 48 PortChannel48 LACP(A)(Up) Ethernet52(S) Ethernet48(S) - 40 PortChannel40 LACP(A)(Up) Ethernet44(S) Ethernet40(S) - 0 PortChannel0 LACP(A)(Up) Ethernet0(S) Ethernet4(S) - 8 PortChannel8 LACP(A)(Up) Ethernet8(S) Ethernet12(S) - ``` - - -### PortChannel Config commands - -This sub-section explains how to configure the portchannel and its member ports. - -**config portchannel** - -This command is used to add or delete the portchannel. -It is recommended to use portchannel names in the format "PortChannelxxxx", where "xxxx" is number of 1 to 4 digits. Ex: "PortChannel0002". - -NOTE: If users specify any other name like "pc99", command will succeed, but such names are not supported. Such names are not printed properly in the "show interface portchannel" command. It is recommended not to use such names. - -When any port is already member of any other portchannel and if user tries to add the same port in some other portchannel (without deleting it from the current portchannel), the command fails internally. But, it does not print any error message. In such cases, remove the member from current portchannel and then add it to new portchannel. - -Command takes two optional arguements given below. -1) min-links - minimum number of links required to bring up the portchannel -2) fallback - true/false. LACP fallback feature can be enabled / disabled. When it is set to true, only one member port will be selected as active per portchannel during fallback mode. Refer https://github.com/Azure/SONiC/blob/master/doc/lag/LACP%20Fallback%20Feature%20for%20SONiC_v0.5.md for more details about fallback feature. -3) fast-rate - true/false, default is false (slow). Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode. slow - request partner to transmit LACPDUs every 30 seconds, fast - request partner to transmit LACPDUs every 1 second. In slow mode 60-90 seconds needed to detect linkdown, in fast mode only 2-3 seconds. - -A port channel can be deleted only if it does not have any members or the members are already deleted. When a user tries to delete a port channel and the port channel still has one or more members that exist, the deletion of port channel is blocked. - -- Usage: - ``` - config portchannel (add | del) [--min-links ] [--fallback (true | false) [--fast-rate (true | false)] - ``` - -- Example (Create the portchannel with name "PortChannel0011"): - ``` - admin@sonic:~$ sudo config portchannel add PortChannel0011 - ``` - -**config portchannel member** - -This command adds or deletes a member port to/from the already created portchannel. - -- Usage: - ``` - config portchannel member (add | del) - ``` - -- Example (Add interface Ethernet4 as member of the portchannel "PortChannel0011"): - ``` - admin@sonic:~$ sudo config portchannel member add PortChannel0011 Ethernet4 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#portchannels) - -## NVGRE - -This section explains the various show commands and configuration commands available for users. - -### NVGRE show commands - -This subsection explains how to display the NVGRE configuration. - -**show nvgre-tunnel** - -This command displays the NVGRE tunnel configuration. - -- Usage: -```bash -show nvgre-tunnel -``` - -- Example: -```bash -admin@sonic:~$ show nvgre-tunnel -TUNNEL NAME SRC IP -------------- -------- -tunnel_1 10.0.0.1 -``` - -**show nvgre-tunnel-map** - -This command displays the NVGRE tunnel map configuration. - -- Usage: -```bash -show nvgre-tunnel-map -``` - -- Example: -```bash -admin@sonic:~$ show nvgre-tunnel-map -TUNNEL NAME TUNNEL MAP NAME VLAN ID VSID -------------- ----------------- --------- ------ -tunnel_1 Vlan1000 1000 5000 -tunnel_1 Vlan2000 2000 6000 -``` - -### NVGRE config commands - -This subsection explains how to configure the NVGRE. - -**config nvgre-tunnel** - -This command is used to manage the NVGRE tunnel objects. -It supports add/delete operations. - -- Usage: -```bash -config nvgre-tunnel add --src-ip -config nvgre-tunnel delete -``` - -- Parameters: - - _tunnel-name_: the name of the NVGRE tunnel - - _src-ip_: source ip address - -- Examples: -```bash -config nvgre-tunnel add 'tunnel_1' --src-ip '10.0.0.1' -config nvgre-tunnel delete 'tunnel_1' -``` - -**config nvgre-tunnel-map** - -This command is used to manage the NVGRE tunnel map objects. -It supports add/delete operations. - -- Usage: -```bash -config nvgre-tunnel-map add --vlan-id --vsid -config nvgre-tunnel-map delete -``` - -- Parameters: - - _tunnel-name_: the name of the NVGRE tunnel - - _tunnel-map-name_: the name of the NVGRE tunnel map - - _vlan-id_: VLAN identifier - - _vsid_: Virtual Subnet Identifier - -- Examples: -```bash -config nvgre-tunnel-map add 'tunnel_1' 'Vlan2000' --vlan-id '2000' --vsid '6000' -config nvgre-tunnel-map delete 'tunnel_1' 'Vlan2000' -``` - -## PBH - -This section explains the various show commands and configuration commands available for users. - -### PBH show commands - -This subsection explains how to display PBH configuration and statistics. - -**show pbh table** - -This command displays PBH table configuration. - -- Usage: -```bash -show pbh table -``` - -- Example: -```bash -admin@sonic:~$ show pbh table -NAME INTERFACE DESCRIPTION ---------- --------------- --------------- -pbh_table Ethernet0 NVGRE and VxLAN - Ethernet4 - PortChannel0001 - PortChannel0002 -``` - -**show pbh rule** - -This command displays PBH rule configuration. - -- Usage: -```bash -show pbh rule -``` - -- Example: -```bash -admin@sonic:~$ show pbh rule -TABLE RULE PRIORITY MATCH HASH ACTION COUNTER ---------- ------ ---------- ------------------------------------ ------------- ------------- --------- -pbh_table nvgre 2 ether_type: 0x0800 inner_v6_hash SET_ECMP_HASH DISABLED - ip_protocol: 0x2f - gre_key: 0x2500/0xffffff00 - inner_ether_type: 0x86dd -pbh_table vxlan 1 ether_type: 0x0800 inner_v4_hash SET_LAG_HASH ENABLED - ip_protocol: 0x11 - l4_dst_port: 0x12b5 - inner_ether_type: 0x0800 -``` - -**show pbh hash** - -This command displays PBH hash configuration. - -- Usage: -```bash -show pbh hash -``` - -- Example: -```bash -admin@sonic:~$ show pbh hash -NAME HASH FIELD -------------- ----------------- -inner_v4_hash inner_ip_proto - inner_l4_dst_port - inner_l4_src_port - inner_dst_ipv4 - inner_src_ipv4 -inner_v6_hash inner_ip_proto - inner_l4_dst_port - inner_l4_src_port - inner_dst_ipv6 - inner_src_ipv6 -``` - -**show pbh hash-field** - -This command displays PBH hash field configuration. - -- Usage: -```bash -show pbh hash-field -``` - -- Example: -```bash -admin@sonic:~$ show pbh hash-field -NAME FIELD MASK SEQUENCE SYMMETRIC ------------------ ----------------- --------- ---------- ----------- -inner_ip_proto INNER_IP_PROTOCOL N/A 1 No -inner_l4_dst_port INNER_L4_DST_PORT N/A 2 Yes -inner_l4_src_port INNER_L4_SRC_PORT N/A 2 Yes -inner_dst_ipv4 INNER_DST_IPV4 255.0.0.0 3 Yes -inner_src_ipv4 INNER_SRC_IPV4 0.0.0.255 3 Yes -inner_dst_ipv6 INNER_DST_IPV6 ffff:: 4 Yes -inner_src_ipv6 INNER_SRC_IPV6 ::ffff 4 Yes -``` - -- Note: - - _SYMMETRIC_ is an artificial column and is only used to indicate fields symmetry - -**show pbh statistics** - -This command displays PBH statistics. - -- Usage: -```bash -show pbh statistics -``` - -- Example: -```bash -admin@sonic:~$ show pbh statistics -TABLE RULE RX PACKETS COUNT RX BYTES COUNT ---------- ------ ------------------ ---------------- -pbh_table nvgre 0 0 -pbh_table vxlan 0 0 -``` - -- Note: - - _RX PACKETS COUNT_ and _RX BYTES COUNT_ can be cleared by user: - ```bash - admin@sonic:~$ sonic-clear pbh statistics - ``` - -### PBH config commands - -This subsection explains how to configure PBH. - -**config pbh table** - -This command is used to manage PBH table objects. -It supports add/update/remove operations. - -- Usage: -```bash -config pbh table add --interface-list --description -config pbh table update [ --interface-list ] [ --description ] -config pbh table delete -``` - -- Parameters: - - _table_name_: the name of the PBH table - - _interface_list_: interfaces to which PBH table is applied - - _description_: the description of the PBH table - -- Examples: -```bash -config pbh table add 'pbh_table' \ ---interface-list 'Ethernet0,Ethernet4,PortChannel0001,PortChannel0002' \ ---description 'NVGRE and VxLAN' -config pbh table update 'pbh_table' \ ---interface-list 'Ethernet0' -config pbh table delete 'pbh_table' -``` - -**config pbh rule** - -This command is used to manage PBH rule objects. -It supports add/update/remove operations. - -- Usage: -```bash -config pbh rule add --priority \ -[ --gre-key ] [ --ether-type ] [ --ip-protocol ] \ -[ --ipv6-next-header ] [ --l4-dst-port ] [ --inner-ether-type ] \ ---hash [ --packet-action ] [ --flow-counter ] -config pbh rule update [ --priority ] \ -[ --gre-key ] [ --ether-type ] [ --ip-protocol ] \ -[ --ipv6-next-header ] [ --l4-dst-port ] [ --inner-ether-type ] \ -[ --hash ] [ --packet-action ] [ --flow-counter ] -config pbh rule delete -``` - -- Parameters: - - _table_name_: the name of the PBH table - - _rule_name_: the name of the PBH rule - - _priority_: the priority of the PBH rule - - _gre_key_: packet match for the PBH rule: GRE key (value/mask) - - _ether_type_: packet match for the PBH rule: EtherType (IANA Ethertypes) - - _ip_protocol_: packet match for the PBH rule: IP protocol (IANA Protocol Numbers) - - _ipv6_next_header_: packet match for the PBH rule: IPv6 Next header (IANA Protocol Numbers) - - _l4_dst_port_: packet match for the PBH rule: L4 destination port - - _inner_ether_type_: packet match for the PBH rule: inner EtherType (IANA Ethertypes) - - _hash_: _hash_ object to apply with the PBH rule - - _packet_action_: packet action for the PBH rule - - Valid values: - - SET_ECMP_HASH - - SET_LAG_HASH - - Default: - - SET_ECMP_HASH - - - _flow_counter_: packet/byte counter for the PBH rule - - Valid values: - - DISABLED - - ENABLED - - Default: - - DISABLED - -- Examples: -```bash -config pbh rule add 'pbh_table' 'nvgre' \ ---priority '2' \ ---ether-type '0x0800' \ ---ip-protocol '0x2f' \ ---gre-key '0x2500/0xffffff00' \ ---inner-ether-type '0x86dd' \ ---hash 'inner_v6_hash' \ ---packet-action 'SET_ECMP_HASH' \ ---flow-counter 'DISABLED' -config pbh rule update 'pbh_table' 'nvgre' \ ---flow-counter 'ENABLED' -config pbh rule delete 'pbh_table' 'nvgre' -``` - -**config pbh hash** - -This command is used to manage PBH hash objects. -It supports add/update/remove operations. - -- Usage: -```bash -config pbh hash add --hash-field-list -config pbh hash update [ --hash-field-list ] -config pbh hash delete -``` - -- Parameters: - - _hash_name_: the name of the PBH hash - - _hash_field_list_: list of _hash-field_ objects to apply with the PBH hash - -- Examples: -```bash -config pbh hash add 'inner_v6_hash' \ ---hash-field-list 'inner_ip_proto,inner_l4_dst_port,inner_l4_src_port,inner_dst_ipv6,inner_src_ipv6' -config pbh hash update 'inner_v6_hash' \ ---hash-field-list 'inner_ip_proto' -config pbh hash delete 'inner_v6_hash' -``` - -**config pbh hash-field** - -This command is used to manage PBH hash field objects. -It supports add/update/remove operations. - -- Usage: -```bash -config pbh hash-field add \ ---hash-field [ --ip-mask ] --sequence-id -config pbh hash-field update \ -[ --hash-field ] [ --ip-mask ] [ --sequence-id ] -config pbh hash-field delete -``` - -- Parameters: - - _hash_field_name_: the name of the PBH hash field - - _hash_field_: native hash field for the PBH hash field - - Valid values: - - INNER_IP_PROTOCOL - - INNER_L4_DST_PORT - - INNER_L4_SRC_PORT - - INNER_DST_IPV4 - - INNER_SRC_IPV4 - - INNER_DST_IPV6 - - INNER_SRC_IPV6 - - - _ip_mask_: IPv4/IPv6 address mask for the PBH hash field - - Valid only: _hash_field_ is: - - INNER_DST_IPV4 - - INNER_SRC_IPV4 - - INNER_DST_IPV6 - - INNER_SRC_IPV6 - - - _sequence_id_: the order in which fields are hashed - -- Examples: -```bash -config pbh hash-field add 'inner_dst_ipv6' \ ---hash-field 'INNER_DST_IPV6' \ ---ip-mask 'ffff::' \ ---sequence-id '4' -config pbh hash-field update 'inner_dst_ipv6' \ ---ip-mask 'ffff:ffff::' -config pbh hash-field delete 'inner_dst_ipv6' -``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#pbh) - -## QoS - -### QoS Show commands - -#### PFC - -**show pfc counters** - -This command displays the details of Rx & Tx priority-flow-control (pfc) for all ports. This command can be used to clear the counters using -c option. - -- Usage: - ``` - show pfc counters - ``` - -- Example: - ``` - admin@sonic:~$ show pfc counters - Port Rx PFC0 PFC1 PFC2 PFC3 PFC4 PFC5 PFC6 PFC7 - ----------- ------ ------ ------ ------ ------ ------ ------ ------ - Ethernet0 0 0 0 0 0 0 0 0 - Ethernet4 0 0 0 0 0 0 0 0 - Ethernet8 0 0 0 0 0 0 0 0 - Ethernet12 0 0 0 0 0 0 0 0 - - Port Tx PFC0 PFC1 PFC2 PFC3 PFC4 PFC5 PFC6 PFC7 - ----------- ------ ------ ------ ------ ------ ------ ------ ------ - Ethernet0 0 0 0 0 0 0 0 0 - Ethernet4 0 0 0 0 0 0 0 0 - Ethernet8 0 0 0 0 0 0 0 0 - Ethernet12 0 0 0 0 0 0 0 0 - - ... - ``` - - -- NOTE: PFC counters can be cleared by the user with the following command: - ``` - admin@sonic:~$ sonic-clear pfccounters - ``` - -**show pfc asymmetric** - -This command displays the status of asymmetric PFC for all interfaces or a given interface. - -- Usage: - ``` - show pfc asymmetric [] - ``` - -- Example: - ``` - admin@sonic:~$ show pfc asymmetric - - Interface Asymmetric - ----------- ------------ - Ethernet0 off - Ethernet2 off - Ethernet4 off - Ethernet6 off - Ethernet8 off - Ethernet10 off - Ethernet12 off - Ethernet14 off - - admin@sonic:~$ show pfc asymmetric Ethernet0 - - Interface Asymmetric - ----------- ------------ - Ethernet0 off - ``` - -**show pfc priority** - -This command displays the lossless priorities for all interfaces or a given interface. - -- Usage: - ``` - show pfc priority [] - ``` - -- Example: - ``` - admin@sonic:~$ show pfc priority - - Interface Lossless priorities - ----------- --------------------- - Ethernet0 3,4 - Ethernet2 3,4 - Ethernet8 3,4 - Ethernet10 3,4 - Ethernet16 3,4 - - admin@sonic:~$ show pfc priority Ethernet0 - - Interface Lossless priorities - ----------- --------------------- - Ethernet0 3,4 - ``` - -#### Queue And Priority-Group - -This sub-section explains the following queue parameters that can be displayed using "show queue" command. -1) queue counters -2) queue watermark -3) priority-group watermark -4) queue persistent-watermark - - -**show queue counters** - -This command displays packet and byte counters for all queues of all ports or one specific-port given as arguement. -This command can be used to clear the counters for all queues of all ports. Note that port specific clear is not supported. - -- Usage: - ``` - show queue counters [] - ``` - -- Example: - ``` - admin@sonic:~$ show queue counters - Port TxQ Counter/pkts Counter/bytes Drop/pkts Drop/bytes - --------- ----- -------------- --------------- ----------- ------------ - Ethernet0 UC0 0 0 0 0 - Ethernet0 UC1 0 0 0 0 - Ethernet0 UC2 0 0 0 0 - Ethernet0 UC3 0 0 0 0 - Ethernet0 UC4 0 0 0 0 - Ethernet0 UC5 0 0 0 0 - Ethernet0 UC6 0 0 0 0 - Ethernet0 UC7 0 0 0 0 - Ethernet0 UC8 0 0 0 0 - Ethernet0 UC9 0 0 0 0 - Ethernet0 MC0 0 0 0 0 - Ethernet0 MC1 0 0 0 0 - Ethernet0 MC2 0 0 0 0 - Ethernet0 MC3 0 0 0 0 - Ethernet0 MC4 0 0 0 0 - Ethernet0 MC5 0 0 0 0 - Ethernet0 MC6 0 0 0 0 - Ethernet0 MC7 0 0 0 0 - Ethernet0 MC8 0 0 0 0 - Ethernet0 MC9 0 0 0 0 - - Port TxQ Counter/pkts Counter/bytes Drop/pkts Drop/bytes - --------- ----- -------------- --------------- ----------- ------------ - Ethernet4 UC0 0 0 0 0 - Ethernet4 UC1 0 0 0 0 - Ethernet4 UC2 0 0 0 0 - Ethernet4 UC3 0 0 0 0 - Ethernet4 UC4 0 0 0 0 - Ethernet4 UC5 0 0 0 0 - Ethernet4 UC6 0 0 0 0 - Ethernet4 UC7 0 0 0 0 - Ethernet4 UC8 0 0 0 0 - Ethernet4 UC9 0 0 0 0 - Ethernet4 MC0 0 0 0 0 - Ethernet4 MC1 0 0 0 0 - Ethernet4 MC2 0 0 0 0 - Ethernet4 MC3 0 0 0 0 - Ethernet4 MC4 0 0 0 0 - Ethernet4 MC5 0 0 0 0 - Ethernet4 MC6 0 0 0 0 - Ethernet4 MC7 0 0 0 0 - Ethernet4 MC8 0 0 0 0 - Ethernet4 MC9 0 0 0 0 - - ... - ``` - -Optionally, you can specify an interface name in order to display only that particular interface - -- Example: - ``` - admin@sonic:~$ show queue counters Ethernet72 - ``` - -- NOTE: Queue counters can be cleared by the user with the following command: - ``` - admin@sonic:~$ sonic-clear queuecounters - ``` - -**show queue watermark** - -This command displays the user watermark for the queues (Egress shared pool occupancy per queue) for either the unicast queues or multicast queues for all ports - -- Usage: - ``` - show queue watermark (multicast | unicast) - ``` - -- Example: - ``` - admin@sonic:~$ show queue watermark unicast - Egress shared pool occupancy per unicast queue: - Port UC0 UC1 UC2 UC3 UC4 UC5 UC6 UC7 - ----------- ----- ----- ----- ----- ----- ----- ----- ----- - Ethernet0 0 0 0 0 0 0 0 0 - Ethernet4 0 0 0 0 0 0 0 0 - Ethernet8 0 0 0 0 0 0 0 0 - Ethernet12 0 0 0 0 0 0 0 0 - - admin@sonic:~$ show queue watermark multicast (Egress shared pool occupancy per multicast queue) - ``` - -**show priority-group** - -This command displays: -1) The user watermark or persistent-watermark for the Ingress "headroom" or "shared pool occupancy" per priority-group for all ports. -2) Dropped packets per priority-group for all ports - -- Usage: - ``` - show priority-group (watermark | persistent-watermark) (headroom | shared) - show priority-group drop counters - ``` - -- Example: - ``` - admin@sonic:~$ show priority-group watermark shared - Ingress shared pool occupancy per PG: - Port PG0 PG1 PG2 PG3 PG4 PG5 PG6 PG7 - ----------- ----- ----- ----- ----- ----- ----- ----- ----- - Ethernet0 0 0 0 0 0 0 0 0 - Ethernet4 0 0 0 0 0 0 0 0 - Ethernet8 0 0 0 0 0 0 0 0 - Ethernet12 0 0 0 0 0 0 0 0 - ``` - -- Example (Ingress headroom per PG): - ``` - admin@sonic:~$ show priority-group watermark headroom - ``` - -- Example (Ingress shared pool occupancy per PG): - ``` - admin@sonic:~$ show priority-group persistent-watermark shared - ``` - -- Example (Ingress headroom per PG): - ``` - admin@sonic:~$ show priority-group persistent-watermark headroom - ``` - -- Example (Ingress dropped packets per PG): - ``` - admin@sonic:~$ show priority-group drop counters - Ingress PG dropped packets: - Port PG0 PG1 PG2 PG3 PG4 PG5 PG6 PG7 - ----------- ----- ----- ----- ----- ----- ----- ----- ----- - Ethernet0 0 0 0 0 0 0 0 0 - Ethernet4 0 0 0 0 0 0 0 0 - Ethernet8 0 0 0 0 0 0 0 0 - Ethernet12 0 0 0 0 0 0 0 0 - ``` - -In addition to user watermark("show queue|priority-group watermark ..."), a persistent watermark is available. -It hold values independently of user watermark. This way user can use "user watermark" for debugging, clear it, etc, but the "persistent watermark" will not be affected. - -**show queue persistent-watermark** - -This command displays the user persistet-watermark for the queues (Egress shared pool occupancy per queue) for either the unicast queues or multicast queues for all ports - -- Usage: - ``` - show queue persistent-watermark (unicast | multicast) - ``` - -- Example: - ``` - admin@sonic:~$ show queue persistent-watermark unicast - Egress shared pool occupancy per unicast queue: - Port UC0 UC1 UC2 UC3 UC4 UC5 UC6 UC7 - ----------- ----- ----- ----- ----- ----- ----- ----- ----- - Ethernet0 N/A N/A N/A N/A N/A N/A N/A N/A - Ethernet4 N/A N/A N/A N/A N/A N/A N/A N/A - Ethernet8 N/A N/A N/A N/A N/A N/A N/A N/A - Ethernet12 N/A N/A N/A N/A N/A N/A N/A N/A - ``` - -- Example (Egress shared pool occupancy per multicast queue): - ``` - admin@sonic:~$ show queue persistent-watermark multicast - ``` - -- NOTE: "user watermark", "persistent watermark" and "ingress dropped packets" can be cleared by user: - - ``` - admin@sonic:~$ sonic-clear queue persistent-watermark unicast - - admin@sonic:~$ sonic-clear queue persistent-watermark multicast - - admin@sonic:~$ sonic-clear priority-group persistent-watermark shared - - admin@sonic:~$ sonic-clear priority-group persistent-watermark headroom - - admin@sonic:~$ sonic-clear priority-group drop counters - ``` - -#### Buffer Pool - -This sub-section explains the following buffer pool parameters that can be displayed using "show buffer_pool" command. -1) buffer pool watermark -2) buffer pool persistent-watermark - -**show buffer_pool watermark** - -This command displays the user watermark for all the buffer pools - -- Usage: - ``` - show buffer_pool watermark - ``` - -- Example: - ``` - admin@sonic:~$ show buffer_pool watermark - Shared pool maximum occupancy: - Pool Bytes - --------------------- ------- - ingress_lossless_pool 0 - lossy_pool 2464 - ``` - - -**show buffer_pool persistent-watermark** - -This command displays the user persistent-watermark for all the buffer pools - -- Usage: - ``` - show buffer_pool persistent-watermark - ``` - -- Example: - ``` - admin@sonic:~$ show buffer_pool persistent-watermark - Shared pool maximum occupancy: - Pool Bytes - --------------------- ------- - ingress_lossless_pool 0 - lossy_pool 2464 - ``` - - - -### QoS config commands - -**config qos clear** - -This command is used to clear all the QoS configuration from all the following QOS Tables in ConfigDB. - -1) TC_TO_PRIORITY_GROUP_MAP, -2) MAP_PFC_PRIORITY_TO_QUEUE, -3) TC_TO_QUEUE_MAP, -4) DSCP_TO_TC_MAP, -5) MPLS_TC_TO_TC_MAP, -6) SCHEDULER, -7) PFC_PRIORITY_TO_PRIORITY_GROUP_MAP, -8) PORT_QOS_MAP, -9) WRED_PROFILE, -10) QUEUE, -11) CABLE_LENGTH, -12) BUFFER_POOL, -13) BUFFER_PROFILE, -14) BUFFER_PG, -15) BUFFER_QUEUE - -- Usage: - ``` - config qos clear - ``` - -- Example: - ``` - admin@sonic:~$ sudo config qos clear - ``` - -**config qos reload** - -This command is used to reload the QoS configuration. -QoS configuration has got two sets of configurations. -1) Generic QOS Configuration - This gives complete list of all possible QOS configuration. Its given in the file /usr/share/sonic/templates/qos_config.j2 in the device. - Reference: https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/qos_config.j2 - Users have flexibility to have platform specific qos configuration by placing the qos_config.j2 file at /usr/share/sonic/device///. - If users want to modify any of this loaded QOS configuration, they can modify this file in the device and then issue the "config qos reload" command. - -2) Platform specific buffer configuration. Every platform has got platform specific and topology specific (T0 or T1 or T2) buffer configuration at /usr/share/sonic/device///buffers_defaults_tx.j2 - In addition to platform specific configuration file, a generic configuration file is also present at /usr/share/sonic/templates/buffers_config.j2. - Reference: https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/buffers_config.j2 - Users can either modify the platform specific configuration file, or the generic configuration file and then issue this "config qos reload" command. - -These configuration files are already loaded in the device as part of the reboot process. In case if users wants to modify any of these configurations, they need to modify the appropriate QOS tables and fields in these files and then use this reload command. -This command uses those modified buffers.json.j2 file & qos.json.j2 file and reloads the new QOS configuration. -If users have not made any changes in these configuration files, this command need not be executed. - -Some of the example QOS configurations that users can modify are given below. -1) TC_TO_PRIORITY_GROUP_MAP -2) MAP_PFC_PRIORITY_TO_QUEUE -3) TC_TO_QUEUE_MAP -4) DSCP_TO_TC_MAP -5) MPLS_TC_TO_TC_MAP -6) SCHEDULER -7) PFC_PRIORITY_TO_PRIORITY_GROUP_MAP -8) PORT_QOS_MAP -9) WRED_PROFILE -10) CABLE_LENGTH -11) BUFFER_QUEUE - -- Usage: - ``` - config qos reload - ``` - -- Example: - ``` - admin@sonic:~$ sudo config qos reload - Running command: /usr/local/bin/sonic-cfggen -d -t /usr/share/sonic/device/x86_64-dell_z9100_c2538-r0/Force10-Z9100-C32/buffers.json.j2 >/tmp/buffers.json - Running command: /usr/local/bin/sonic-cfggen -d -t /usr/share/sonic/device/x86_64-dell_z9100_c2538-r0/Force10-Z9100-C32/qos.json.j2 -y /etc/sonic/sonic_version.yml >/tmp/qos.json - Running command: /usr/local/bin/sonic-cfggen -j /tmp/buffers.json --write-to-db - Running command: /usr/local/bin/sonic-cfggen -j /tmp/qos.json --write-to-db - - In this example, it uses the buffers.json.j2 file and qos.json.j2 file from platform specific folders. - When there are no changes in the platform specific configutation files, they internally use the file "/usr/share/sonic/templates/buffers_config.j2" and "/usr/share/sonic/templates/qos_config.j2" to generate the configuration. - ``` - -**config qos reload --ports port_list** - -This command is used to reload the default QoS configuration on a group of ports. -Typically, the default QoS configuration is in the following tables. -1) PORT_QOS_MAP -2) QUEUE -3) BUFFER_PG -4) BUFFER_QUEUE -5) BUFFER_PORT_INGRESS_PROFILE_LIST -6) BUFFER_PORT_EGRESS_PROFILE_LIST -7) CABLE_LENGTH - -If there was QoS configuration in the above tables for the ports: - - - if `--force` option is provied, the existing QoS configuration will be replaced by the default QoS configuration, - - otherwise, the command will exit with nothing updated. - -- Usage: - ``` - config qos reload --ports [,port] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config qos reload --ports Ethernet0,Ethernet4 - - In this example, it updates the QoS configuration on port Ethernet0 and Ethernet4 to default. - If there was QoS configuration on the ports, the command will clear the existing QoS configuration on the port and reload to default. - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#qos) - -## Radius - -### show radius commands - -This command displays the global radius configuration that includes the auth_type, retransmit, timeout and passkey. - -- Usage: - ``` - show radius - ``` -- Example: - - ``` - admin@sonic:~$ show radius - RADIUS global auth_type pap (default) - RADIUS global retransmit 3 (default) - RADIUS global timeout 5 (default) - RADIUS global passkey (default) - - ``` - -### Radius config commands - -This command is to config the radius server for various parameter listed. - - - Usage: - ``` - config radius - ``` -- Example: - ``` - admin@sonic:~$ config radius - - add Specify a RADIUS server - authtype Specify RADIUS server global auth_type [chap | pap | mschapv2] - default set its default configuration - delete Delete a RADIUS server - nasip Specify RADIUS server global NAS-IP|IPV6-Address - passkey Specify RADIUS server global passkey - retransmit Specify RADIUS server global retry attempts <0 - 10> - sourceip Specify RADIUS server global source ip - statistics Specify RADIUS server global statistics [enable | disable |... - timeout Specify RADIUS server global timeout <1 - 60> - - ``` -## sFlow - -### sFlow Show commands - -**show sflow** - -This command displays the global sFlow configuration that includes the admin state, collectors, the Agent ID and counter polling interval. - -- Usage: - ``` - show sflow - ``` - -- Example: - ``` - admin@sonic:~# show sflow - sFlow Global Information: - sFlow Admin State: up - sFlow Polling Interval: default - sFlow AgentID: lo - - 2 Collectors configured: - Name: collector_A IP addr: 10.11.46.2 UDP port: 6343 - Name: collector_lo IP addr: 127.0.0.1 UDP port: 6343 - ``` - - -**show sflow interface** - -This command displays the per-interface sflow admin status and the sampling rate. - -- Usage: - ``` - show sflow interface - ``` - -- Example: - ``` - admin@sonic:~# show sflow interface - - sFlow interface configurations - +-------------+---------------+-----------------+ - | Interface | Admin State | Sampling Rate | - +=============+===============+=================+ - | Ethernet0 | up | 4000 | - +-------------+---------------+-----------------+ - | Ethernet1 | up | 4000 | - +-------------+---------------+-----------------+ - ... - +-------------+---------------+-----------------+ - | Ethernet61 | up | 4000 | - +-------------+---------------+-----------------+ - | Ethernet62 | up | 4000 | - +-------------+---------------+-----------------+ - | Ethernet63 | up | 4000 | - +-------------+---------------+-----------------+ - - ``` - -### sFlow Config commands - -**config sflow collector add** - -This command is used to add a sFlow collector. Note that a maximum of 2 collectors is allowed. - -- Usage: - ``` - config sflow collector add [port ] - ``` - - - Parameters: - - collector-name: unique name of the sFlow collector - - ipv4-address : IP address of the collector in dotted decimal format for IPv4 - - ipv6-address : x: x: x: x::x format for IPv6 address of the collector (where :: notation specifies successive hexadecimal fields of zeros) - - port (OPTIONAL): specifies the UDP port of the collector (the range is from 0 to 65535. The default is 6343.) - -- Example: - ``` - admin@sonic:~# sudo config sflow collector add collector_A 10.11.46.2 - ``` - -**config sflow collector del** - -This command is used to delete a sFlow collector with the given name. - -- Usage: - ``` - config sflow collector del - ``` - - - Parameters: - - collector-name: unique name of the sFlow collector - -- Example: - ``` - admin@sonic:~# sudo config sflow collector del collector_A - ``` - -**config sflow agent-id** - -This command is used to add/delete the sFlow agent-id. This setting is global (applicable to both collectors) and optional. Only a single agent-id is allowed. If agent-id is not specified (with this CLI), an appropriate IP that belongs to the switch is used as the agent-id based on some simple heuristics. - -- Usage: - ``` - config sflow agent-id - ``` - - - Parameters: - - interface-name: specify the interface name whose ipv4 or ipv6 address will be used as the agent-id in sFlow datagrams. - -- Example: - ``` - admin@sonic:~# sudo config sflow agent-id add lo - ``` - -**config sflow** - -Globally, sFlow is disabled by default. When sFlow is enabled globally, the sflow deamon is started and sampling will start on all interfaces which have sFlow enabled at the interface level (see “config sflow interface…”). When sflow is disabled globally, sampling is stopped on all relevant interfaces and sflow daemon is stopped. - -- Usage: - ``` - config sflow - ``` -- Example: - ``` - admin@sonic:~# sudo config sflow enable - ``` -**config sflow interface** - -Enable/disable sflow at an interface level. By default, sflow is enabled on all interfaces at the interface level. Use this command to explicitly disable sFlow for a specific interface. An interface is sampled if sflow is enabled globally as well as at the interface level. Note that this configuration deals only with sFlow flow samples and not counter samples. - -- Usage: - ``` - config sflow interface - ``` - - - Parameters: - - interface-name: specify the interface for which sFlow flow samples have to be enabled/disabled. The “all” keyword is used as a convenience to enable/disable sflow at the interface level for all the interfaces. - -- Example: - ``` - admin@sonic:~# sudo config sflow interface disable Ethernet40 - ``` - -**config sflow interface sample-rate** - -Configure the sample-rate for a specific interface. - -The default sample rate for any interface is (ifSpeed / 1e6) where ifSpeed is in bits/sec. So, the default sample rate based on interface speed is: - - 1-in-1000 for a 1G link - 1-in-10,000 for a 10G link - 1-in-40,000 for a 40G link - 1-in-50,000 for a 50G link - 1-in-100,000 for a 100G link - -It is recommended not to change the defaults. This CLI is to be used only in case of exceptions (e.g., to set the sample-rate to the nearest power-of-2 if there are hardware restrictions in using the defaults) - -- Usage: - ``` - config sflow interface sample-rate - ``` - - - Parameters: - - interface-name: specify the interface for which the sampling rate value is to be set - - value: value is the average number of packets skipped before the sample is taken. "The sampling rate specifies random sampling probability as the ratio of packets observed to samples generated. For example a sampling rate of 256 specifies that, on average, 1 sample will be generated for every 256 packets observed." Valid range 256:8388608. - -- Example: - ``` - admin@sonic:~# sudo config sflow interface sample-rate Ethernet32 1000 - ``` -**config sflow polling-interval** - -This command is used to set the counter polling interval. Default is 20 seconds. - -- Usage: - ``` - config sflow polling-interval - ``` - - - Parameters: - - value: 0-300 seconds. Set polling-interval to 0 to disable counter polling - -- Example: - ``` - admin@sonic:~# sudo config sflow polling-interval 30 - ``` - - -Go Back To [Beginning of the document](#) or [Beginning of this section](#sflow) - -## SNMP - -### SNMP Show commands - -**show runningconfiguration snmp** - -This command displays the global SNMP configuration that includes the location, contact, community, and user settings. - -- Usage: - ``` - show runningconfiguration snmp - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp - Location - ------------ - Emerald City - - - SNMP_CONTACT SNMP_CONTACT_EMAIL - -------------- -------------------- - joe joe@contoso.com - - - Community String Community Type - ------------------ ---------------- - Jack RW - - - User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password - ------ ----------------- ------ ----------- --------------- ----------------- --------------------- - Travis RO Priv SHA TravisAuthPass AES TravisEncryptPass - ``` - -**show runningconfiguration snmp location** - -This command displays the SNMP location setting. - -- Usage: - ``` - show runningconfiguration snmp location - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp location - Location - ------------ - Emerald City - ``` - -- Usage: - ``` - show runningconfiguration snmp location --json - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp location --json - {'Location': 'Emerald City'} - ``` - -**show runningconfiguration snmp contact** - -This command displays the SNMP contact setting. - -- Usage: - ``` - show runningconfiguration snmp contact - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp contact - Contact Contact Email - --------- --------------- - joe joe@contoso.com - ``` - -- Usage: - ``` - show runningconfiguration snmp contact --json - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp contact --json - {'joe': 'joe@contoso.com'} - ``` - -**show runningconfiguration snmp community** - -This command display the SNMP community settings. - -- Usage: - ``` - show runningconfiguration snmp community - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp community - Community String Community Type - ------------------ ---------------- - Jack RW - ``` - -- Usage: - ``` - show runningconfiguration snmp community --json - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp community --json - {'Jack': {'TYPE': 'RW'}} - ``` - -**show runningconfiguration snmp user** - -This command display the SNMP user settings. - -- Usage: - ``` - show runningconfiguration snmp user - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp user - User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password - ------ ----------------- ------ ----------- --------------- ----------------- --------------------- - Travis RO Priv SHA TravisAuthPass AES TravisEncryptPass - ``` - -- Usage: - ``` - show runningconfiguration snmp user --json - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp user --json - {'Travis': {'SNMP_USER_TYPE': 'Priv', 'SNMP_USER_PERMISSION': 'RO', 'SNMP_USER_AUTH_TYPE': 'SHA', 'SNMP_USER_AUTH_PASSWORD': 'TravisAuthPass', 'SNMP_USER_ENCRYPTION_TYPE': 'AES', 'SNMP_USER_ENCRYPTION_PASSWORD': 'TravisEncryptPass'}} - ``` - - -### SNMP Config commands - -This sub-section explains how to configure SNMP. - -**config snmp location add/del/modify** - -This command is used to add, delete, or modify the SNMP location. - -- Usage: - ``` - config snmp location (add | del | modify) - ``` - -- Example (Add new SNMP location "Emerald City" if it does not already exist): - ``` - admin@sonic:~$ sudo config snmp location add Emerald City - SNMP Location Emerald City has been added to configuration - Restarting SNMP service... - ``` - -- Example (Delete SNMP location "Emerald City" if it already exists): - ``` - admin@sonic:~$ sudo config snmp location del Emerald City - SNMP Location Emerald City removed from configuration - Restarting SNMP service... - ``` - -- Example (Modify SNMP location "Emerald City" to "Redmond"): - ``` - admin@sonic:~$ sudo config snmp location modify Redmond - SNMP location Redmond modified in configuration - Restarting SNMP service... - ``` - -**config snmp contact add/del/modify** - -This command is used to add, delete, or modify the SNMP contact. - -- Usage: - ``` - config snmp contact add - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp contact add joe joe@contoso.com - Contact name joe and contact email joe@contoso.com have been added to configuration - Restarting SNMP service... - ``` - -- Usage: - ``` - config snmp contact del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp contact del joe - SNMP contact joe removed from configuration - Restarting SNMP service... - ``` - -- Usage: - ``` - config snmp contact modify - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp contact modify test test@contoso.com - SNMP contact test and contact email test@contoso.com updated - Restarting SNMP service... - ``` - -**config snmp community add/del/replace** - -This command is used to add, delete, or replace the SNMP community. - -- Usage: - ``` - config snmp community add (RO | RW) - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp community add testcomm ro - SNMP community testcomm added to configuration - Restarting SNMP service... - ``` - -- Usage: - ``` - config snmp community del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp community del testcomm - SNMP community testcomm removed from configuration - Restarting SNMP service... - ``` - -- Usage: - ``` - config snmp community replace - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp community replace testcomm newtestcomm - SNMP community newtestcomm added to configuration - SNMP community newtestcomm replace community testcomm - Restarting SNMP service... - ``` - -**config snmp user add/del** - -This command is used to add or delete the SNMP user for SNMPv3. - -- Usage: - ``` - config snmp user add (noAuthNoPriv | AuthNoPriv | Priv) (RO | RW) [[(MD5 | SHA | MMAC-SHA-2) ] [(DES |AES) ]] - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp user add testuser1 noauthnopriv ro - SNMP user testuser1 added to configuration - Restarting SNMP service... - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp user add testuser2 authnopriv ro sha testuser2_auth_pass - SNMP user testuser2 added to configuration - Restarting SNMP service... - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp user add testuser3 priv rw md5 testuser3_auth_pass aes testuser3_encrypt_pass - SNMP user testuser3 added to configuration - Restarting SNMP service... - ``` - -- Usage: - ``` - config snmp user del - ``` - -- Example: - ``` - admin@sonic:~$ sudo config snmp user del testuser1 - SNMP user testuser1 removed from configuration - Restarting SNMP service... - ``` - -## Startup & Running Configuration - -### Startup Configuration - -**show startupconfiguration bgp** - -This command is used to display the startup configuration for the BGP module. - -- Usage: - ``` - show startupconfiguration bgp - ``` - -- Example: - ``` - admin@sonic:~$ show startupconfiguration bgp - Routing-Stack is: quagga - ! - ! =========== Managed by sonic-cfggen DO NOT edit manually! ==================== - ! generated by templates/quagga/bgpd.conf.j2 with config DB data - ! file: bgpd.conf - ! - ! - hostname T1-2 - password zebra - log syslog informational - log facility local4 - ! enable password ! - ! - ! bgp multiple-instance - ! - route-map FROM_BGP_SPEAKER_V4 permit 10 - ! - route-map TO_BGP_SPEAKER_V4 deny 10 - ! - router bgp 65000 - bgp log-neighbor-changes - bgp bestpath as-path multipath-relax - no bgp default ipv4-unicast - bgp graceful-restart restart-time 180 - - - ``` - -### Running Configuration -This sub-section explains the show commands for displaying the running configuration for the following modules. -1) bgp -2) interfaces -3) ntp -4) snmp -5) all -6) acl -7) ports -8) syslog - -**show runningconfiguration all** - -This command displays the entire running configuration. - -- Usage: - ``` - show runningconfiguration all - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration all - ``` - -**show runningconfiguration bgp** - -This command displays the running configuration of the BGP module. - -- Usage: - ``` - show runningconfiguration bgp - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration bgp - ``` - -**show runningconfiguration interfaces** - -This command displays the running configuration for the "interfaces". - -- Usage: - ``` - show runningconfiguration interfaces - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration interfaces - ``` - -**show runningconfiguration ntp** - -This command displays the running configuration of the ntp module. - -- Usage: - ``` - show runningconfiguration ntp - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration ntp - NTP Servers - ------------- - 1.1.1.1 - 2.2.2.2 - ``` - -**show runningconfiguration syslog** - -This command displays the running configuration of the syslog module. - -- Usage: - ``` - show runningconfiguration syslog - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration syslog - Syslog Servers - ---------------- - 4.4.4.4 - 5.5.5.5 - ``` - - -**show runningconfiguration snmp** - -This command displays the running configuration of the snmp module. - -- Usage: - ``` - show runningconfiguration snmp - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration snmp - ``` - -**show runningconfiguration acl** - - This command displays the running configuration of the acls - -- Usage: - ``` - show runningconfiguration acl - ``` - -- Example: - ``` - admin@sonic:~$ show runningconfiguration acl - ``` - - **show runningconfiguration ports** - - This command displays the running configuration of the ports - -- Usage: - ``` - show runningconfiguration ports [] - ``` - -- Examples: - ``` - admin@sonic:~$ show runningconfiguration ports - ``` - - ``` - admin@sonic:~$ show runningconfiguration ports Ethernet0 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#Startup--Running-Configuration) - - -## Static routing - -### Static routing Config Commands - -This sub-section explains of commands is used to add or remove the static route. - -**config route add** - -This command is used to add a static route. Note that prefix /nexthop vrf`s and interface name are optional. - -- Usage: - - ``` - config route add prefix [vrf ] nexthop [vrf ] dev - ``` - -- Example: - - ``` - admin@sonic:~$ config route add prefix 2.2.3.4/32 nexthop 30.0.0.9 - admin@sonic:~$ config route add prefix 4.0.0.0/24 nexthop dev Ethernet32.10 - ``` - -It also supports ECMP, and adding a new nexthop to the existing prefix will complement it and not overwrite them. - -- Example: - - ``` - admin@sonic:~$ sudo config route add prefix 2.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.9 - admin@sonic:~$ sudo config route add prefix 2.2.3.4/32 nexthop vrf Vrf-BLUE 30.0.0.10 - ``` - -**config route del** - -This command is used to remove a static route. Note that prefix /nexthop vrf`s and interface name are optional. - -- Usage: - - ``` - config route del prefix [vrf ] nexthop [vrf ] dev - ``` - -- Example: - - ``` - admin@sonic:~$ sudo config route del prefix 2.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.9 - admin@sonic:~$ sudo config route del prefix 2.2.3.4/32 nexthop vrf Vrf-BLUE 30.0.0.10 - ``` - -This sub-section explains of command is used to show current routes. - -**show ip route** - -- Usage: - - ``` - show ip route - ``` - -- Example: - - ``` - admin@sonic:~$ show ip route - Codes: K - kernel route, C - connected, S - static, R - RIP, - O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, - T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, - F - PBR, f - OpenFabric, - > - selected route, * - FIB route, q - queued, r - rejected, b - backup - - S>* 0.0.0.0/0 [200/0] via 192.168.111.3, eth0, weight 1, 3d03h58m - S> 1.2.3.4/32 [1/0] via 30.0.0.7, weight 1, 00:00:06 - C>* 10.0.0.18/31 is directly connected, Ethernet36, 3d03h57m - C>* 10.0.0.20/31 is directly connected, Ethernet40, 3d03h57m - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#static-routing) - -## Subinterfaces - -### Subinterfaces Show Commands - -**show subinterfaces status** - -This command displays all the subinterfaces that are configured on the device and its current status. - -- Usage: -``` -show subinterfaces status -``` - -- Example: -``` -admin@sonic:~$ show subinterfaces status -Sub port interface Speed MTU Vlan Admin Type ------------------- ------- ----- ------ ------- ------------------- - Eth64.10 100G 9100 100 up dot1q-encapsulation - Ethernet0.100 100G 9100 100 up dot1q-encapsulation -``` - -### Subinterfaces Config Commands - -This sub-section explains how to configure subinterfaces. - -**config subinterface** - -- Usage: -``` -config subinterface (add | del) [vlan <1-4094>] -``` - -- Example (Create the subinterfces with name "Ethernet0.100"): -``` -admin@sonic:~$ sudo config subinterface add Ethernet0.100 -``` - -- Example (Create the subinterfces with name "Eth64.100"): -``` -admin@sonic:~$ sudo config subinterface add Eth64.100 100 -``` - -- Example (Delete the subinterfces with name "Ethernet0.100"): -``` -admin@sonic:~$ sudo config subinterface del Ethernet0.100 -``` - -- Example (Delete the subinterfces with name "Eth64.100"): -``` -admin@sonic:~$ sudo config subinterface del Eth64.100 100 -``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#static-routing) - -## Syslog - -### Syslog Show Commands - -This subsection explains how to display configured syslog servers. - -**show syslog** - -This command displays configured syslog servers. - -- Usage: - ``` - show syslog - ``` - -- Example: - ``` - admin@sonic:~$ show syslog - SERVER IP SOURCE IP PORT VRF - ----------- ----------- ------ ------- - 2.2.2.2 1.1.1.1 514 default - ``` - -### Syslog Config Commands - -This subsection explains how to configure syslog servers. - -**config syslog add** - -This command is used to add a syslog server to the syslog server list. -Note that more that one syslog server can be added in the device. - -- Usage: - ``` - config syslog add - ``` - -- Parameters: - - _server_address_: syslog server IP address - - _source_: syslog source IP address - - _port_: syslog server UDP port - - _vrf_: syslog VRF device - -- Example: - ``` - admin@sonic:~$ sudo config syslog add 2.2.2.2 --source 1.1.1.1 --port 514 --vrf default - Running command: systemctl reset-failed rsyslog-config - Running command: systemctl restart rsyslog-config - ``` - -**config syslog del** - -This command is used to delete the configured syslog server. - -- Usage: - ``` - config syslog del - ``` - -- Parameters: - - _server_address_: syslog server IP address - -- Example: - ``` - admin@sonic:~$ sudo config syslog del 2.2.2.2 - Running command: systemctl reset-failed rsyslog-config - Running command: systemctl restart rsyslog-config - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#syslog) - -## System State - -### Processes - -This command is used to determine the CPU utilization. It also lists the active processes along with their corresponding process ID and other relevant parameters. - -This sub-section explains the various "processes" specific data that includes the following. -1) cpu Show processes CPU info -2) memory Show processes memory info -3) summary Show processes info - -“show processes” commands provide a wrapper over linux’s “top” command. “show process cpu” sorts the processes being displayed by cpu-utilization, whereas “show process memory” does it attending to processes’ memory-utilization. - -**show processes cpu** - -This command displays the current CPU usage by process. This command uses linux's "top -bn 1 -o %CPU" command to display the output. - -- Usage: - ``` - show processes cpu - ``` - -*TIP: Users can pipe the output to "head" to display only the "n" number of lines (e.g., `show processes cpu | head -n 10`)* - -- Example: - ``` - admin@sonic:~$ show processes cpu - top - 23:50:08 up 1:18, 1 user, load average: 0.25, 0.29, 0.25 - Tasks: 161 total, 1 running, 160 sleeping, 0 stopped, 0 zombie - %Cpu(s): 3.8 us, 1.0 sy, 0.0 ni, 95.1 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st - KiB Mem: 8181216 total, 1161060 used, 7020156 free, 105656 buffers - KiB Swap: 0 total, 0 used, 0 free. 557560 cached Mem - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 2047 root 20 0 683772 109288 39652 S 23.8 1.3 7:44.79 syncd - 1351 root 20 0 43360 5616 2844 S 11.9 0.1 1:41.56 redis-server - 10093 root 20 0 21944 2476 2088 R 5.9 0.0 0:00.03 top - 1 root 20 0 28992 5508 3236 S 0.0 0.1 0:06.42 systemd - 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd - 3 root 20 0 0 0 0 S 0.0 0.0 0:00.56 ksoftirqd/0 - 5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H - ... - ``` - -*TIP: Advanced users can view individual processes using variations of the `ps` command (e.g., `ps -ax | grep `)* - -**show processes memory** - -This command displays the current memory usage by processes. This command uses linux's "top -bn 1 -o %MEM" command to display the output. - -- Usage: - ``` - show processes memory - ``` - -*NOTE that pipe option can be used using " | head -n" to display only the "n" number of lines* - -- Example: - ``` - admin@sonic:~$ show processes memory - top - 23:41:24 up 7 days, 39 min, 2 users, load average: 1.21, 1.19, 1.18 - Tasks: 191 total, 2 running, 189 sleeping, 0 stopped, 0 zombie - %Cpu(s): 2.8 us, 20.7 sy, 0.0 ni, 76.3 id, 0.0 wa, 0.0 hi, 0.2 si, 0.0 st - KiB Mem : 8162264 total, 5720412 free, 945516 used, 1496336 buff/cache - KiB Swap: 0 total, 0 free, 0 used. 6855632 avail Mem - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 18051 root 20 0 851540 274784 8344 S 0.0 3.4 0:02.77 syncd - 17760 root 20 0 1293428 259212 58732 S 5.9 3.2 96:46.22 syncd - 508 root 20 0 725364 76244 38220 S 0.0 0.9 4:54.49 dockerd - 30853 root 20 0 96348 56824 7880 S 0.0 0.7 0:00.98 show - 17266 root 20 0 509876 49772 30640 S 0.0 0.6 0:06.36 docker - 24891 admin 20 0 515864 49560 30644 S 0.0 0.6 0:05.54 docker - 17643 admin 20 0 575668 49428 30628 S 0.0 0.6 0:06.29 docker - 23885 admin 20 0 369552 49344 30840 S 0.0 0.6 0:05.57 docker - 18055 root 20 0 509076 49260 30296 S 0.0 0.6 0:06.36 docker - 17268 root 20 0 371120 49052 30372 S 0.0 0.6 0:06.45 docker - 1227 root 20 0 443284 48640 30100 S 0.0 0.6 0:41.91 docker - 23785 admin 20 0 443796 48552 30128 S 0.0 0.6 0:05.58 docker - 17820 admin 20 0 435088 48144 29480 S 0.0 0.6 0:06.33 docker - 506 root 20 0 1151040 43140 23964 S 0.0 0.5 8:51.08 containerd - 18437 root 20 0 84852 26388 7380 S 0.0 0.3 65:59.76 python3.6 - ``` - - -**show processes summary** - -This command displays the current summary information about all the processes - -- Usage: - ``` - show processes summary - ``` - -- Example: - ``` - admin@sonic:~$ show processes summary - PID PPID CMD %MEM %CPU - 1 0 /sbin/init 0.0 0.0 - 2 0 [kthreadd] 0.0 0.0 - 3 2 [ksoftirqd/0] 0.0 0.0 - 5 2 [kworker/0:0H] 0.0 0.0 - ... - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#System-State) - -### Services & Memory - -These commands are used to know the services that are running and the memory that is utilized currently. - - -**show services** - -This command displays the state of all the SONiC processes running inside a docker container. This helps to identify the status of SONiC’s critical processes. - -- Usage: - ``` - show services - ``` - -- Example: - ``` - admin@sonic:~$ show services - dhcp_relay docker - --------------------------- - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 05:26 ? 00:00:12 /usr/bin/python /usr/bin/supervi - root 24 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n - - nat docker - --------------------------- - USER PID PPID C STIME TTY TIME CMD - root 1 0 0 05:26 ? 00:00:12 /usr/bin/python /usr/bin/supervisord - root 18 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n - root 23 1 0 05:26 ? 00:00:01 /usr/bin/natmgrd - root 34 1 0 05:26 ? 00:00:00 /usr/bin/natsyncd - - snmp docker - --------------------------- - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 05:26 ? 00:00:16 /usr/bin/python /usr/bin/supervi - root 24 1 0 05:26 ? 00:00:02 /usr/sbin/rsyslogd -n - Debian-+ 29 1 0 05:26 ? 00:00:04 /usr/sbin/snmpd -f -LS4d -u Debi - root 31 1 1 05:26 ? 00:15:10 python3.6 -m sonic_ax_impl - - syncd docker - --------------------------- - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 05:26 ? 00:00:13 /usr/bin/python /usr/bin/supervi - root 12 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n - root 17 1 0 05:26 ? 00:00:00 /usr/bin/dsserve /usr/bin/syncd - root 27 17 22 05:26 ? 04:09:30 /usr/bin/syncd --diag -p /usr/sh - root 51 27 0 05:26 ? 00:00:01 /usr/bin/syncd --diag -p /usr/sh - - swss docker - --------------------------- - UID PID PPID C STIME TTY TIME CMD - root 1 0 0 05:26 ? 00:00:29 /usr/bin/python /usr/bin/supervi - root 25 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n - root 30 1 0 05:26 ? 00:00:13 /usr/bin/orchagent -d /var/log/s - root 42 1 1 05:26 ? 00:12:40 /usr/bin/portsyncd -p /usr/share - root 45 1 0 05:26 ? 00:00:00 /usr/bin/intfsyncd - root 48 1 0 05:26 ? 00:00:03 /usr/bin/neighsyncd - root 59 1 0 05:26 ? 00:00:01 /usr/bin/vlanmgrd - root 92 1 0 05:26 ? 00:00:01 /usr/bin/intfmgrd - root 3606 1 0 23:36 ? 00:00:00 bash -c /usr/bin/arp_update; sle - root 3621 3606 0 23:36 ? 00:00:00 sleep 300 - - ... - ``` - -**show system-memory** - -This command displays the system-wide memory utilization information – just a wrapper over linux native “free” command - -- Usage: - ``` - show system-memory - ``` - -- Example: - ``` - admin@sonic:~$ show system-memory - Command: free -m -h - total used free shared buffers cached - Mem: 3.9G 2.0G 1.8G 33M 324M 791M - -/+ buffers/cache: 951M 2.9G - Swap: 0B 0B 0B - ``` - -**show mmu** - -This command displays virtual address to the physical address translation status of the Memory Management Unit (MMU). - -- Usage: - ``` - show mmu - ``` - -- Example: - ``` - admin@sonic:~$ show mmu - Pool: ingress_lossless_pool - ---- -------- - xoff 4194112 - type ingress - mode dynamic - size 10875072 - ---- -------- - - Pool: egress_lossless_pool - ---- -------- - type egress - mode static - size 15982720 - ---- -------- - - Pool: egress_lossy_pool - ---- ------- - type egress - mode dynamic - size 9243812 - ---- ------- - - Profile: egress_lossy_profile - ---------- ------------------------------- - dynamic_th 3 - pool [BUFFER_POOL|egress_lossy_pool] - size 1518 - ---------- ------------------------------- - - Profile: pg_lossless_100000_300m_profile - ---------- ----------------------------------- - xon_offset 2288 - dynamic_th -3 - xon 2288 - xoff 268736 - pool [BUFFER_POOL|ingress_lossless_pool] - size 1248 - ---------- ----------------------------------- - - Profile: egress_lossless_profile - --------- ---------------------------------- - static_th 3995680 - pool [BUFFER_POOL|egress_lossless_pool] - size 1518 - --------- ---------------------------------- - - Profile: pg_lossless_100000_40m_profile - ---------- ----------------------------------- - xon_offset 2288 - dynamic_th -3 - xon 2288 - xoff 177632 - pool [BUFFER_POOL|ingress_lossless_pool] - size 1248 - ---------- ----------------------------------- - - Profile: ingress_lossy_profile - ---------- ----------------------------------- - dynamic_th 3 - pool [BUFFER_POOL|ingress_lossless_pool] - size 0 - ---------- ----------------------------------- - - Profile: pg_lossless_40000_40m_profile - ---------- ----------------------------------- - xon_offset 2288 - dynamic_th -3 - xon 2288 - xoff 71552 - pool [BUFFER_POOL|ingress_lossless_pool] - size 1248 - ---------- ----------------------------------- - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#System-State) - -Go Back To [Beginning of the document](#) or [Beginning of this section](#System-Health) - -### System-Health - -These commands are used to monitor the system current running services and hardware state. - -**show system-health summary** - -This command displays the current status of 'Services' and 'Hardware' under monitoring. -If any of the elements under each of these two sections is 'Not OK' a proper message will appear under the relevant section. - -- Usage: - ``` - show system-health summary - ``` - -- Example: - ``` - admin@sonic:~$ show system-health summary - System status summary - - System status LED red - Services: - Status: Not OK - Not Running: 'telemetry', 'sflowmgrd' - Hardware: - Status: OK - ``` - ``` - admin@sonic:~$ show system-health summary - System status summary - - System status LED green - Services: - Status: OK - Hardware: - Status: OK - ``` - -**show system-health monitor-list** - -This command displays a list of all current 'Services' and 'Hardware' being monitored, their status and type. - -- Usage: - ``` - show system-health monitor-list - ``` - -- Example: - ``` - admin@sonic:~$ show system-health monitor-list - System services and devices monitor list - - Name Status Type - -------------- -------- ---------- - telemetry Not OK Process - orchagent Not OK Process - neighsyncd OK Process - vrfmgrd OK Process - dialout_client OK Process - zebra OK Process - rsyslog OK Process - snmpd OK Process - redis_server OK Process - intfmgrd OK Process - vxlanmgrd OK Process - lldpd_monitor OK Process - portsyncd OK Process - var-log OK Filesystem - lldpmgrd OK Process - syncd OK Process - sonic OK System - buffermgrd OK Process - portmgrd OK Process - staticd OK Process - bgpd OK Process - lldp_syncd OK Process - bgpcfgd OK Process - snmp_subagent OK Process - root-overlay OK Filesystem - fpmsyncd OK Process - sflowmgrd OK Process - vlanmgrd OK Process - nbrmgrd OK Process - PSU 2 OK PSU - psu_1_fan_1 OK Fan - psu_2_fan_1 OK Fan - fan11 OK Fan - fan10 OK Fan - fan12 OK Fan - ASIC OK ASIC - fan1 OK Fan - PSU 1 OK PSU - fan3 OK Fan - fan2 OK Fan - fan5 OK Fan - fan4 OK Fan - fan7 OK Fan - fan6 OK Fan - fan9 OK Fan - fan8 OK Fan - ``` - -**show system-health detail** - -This command displays the current status of 'Services' and 'Hardware' under monitoring. -If any of the elements under each of these two sections is 'Not OK' a proper message will appear under the relevant section. -In addition, displays a list of all current 'Services' and 'Hardware' being monitored and a list of ignored elements. - -- Usage: - ``` - show system-health detail - ``` - -- Example: - ``` - admin@sonic:~$ show system-health detail - System status summary - - System status LED red - Services: - Status: Not OK - Not Running: 'telemetry', 'orchagent' - Hardware: - Status: OK - - System services and devices monitor list - - Name Status Type - -------------- -------- ---------- - telemetry Not OK Process - orchagent Not OK Process - neighsyncd OK Process - vrfmgrd OK Process - dialout_client OK Process - zebra OK Process - rsyslog OK Process - snmpd OK Process - redis_server OK Process - intfmgrd OK Process - vxlanmgrd OK Process - lldpd_monitor OK Process - portsyncd OK Process - var-log OK Filesystem - lldpmgrd OK Process - syncd OK Process - sonic OK System - buffermgrd OK Process - portmgrd OK Process - staticd OK Process - bgpd OK Process - lldp_syncd OK Process - bgpcfgd OK Process - snmp_subagent OK Process - root-overlay OK Filesystem - fpmsyncd OK Process - sflowmgrd OK Process - vlanmgrd OK Process - nbrmgrd OK Process - PSU 2 OK PSU - psu_1_fan_1 OK Fan - psu_2_fan_1 OK Fan - fan11 OK Fan - fan10 OK Fan - fan12 OK Fan - ASIC OK ASIC - fan1 OK Fan - PSU 1 OK PSU - fan3 OK Fan - fan2 OK Fan - fan5 OK Fan - fan4 OK Fan - fan7 OK Fan - fan6 OK Fan - fan9 OK Fan - fan8 OK Fan - - System services and devices ignore list - - Name Status Type - ----------- -------- ------ - psu.voltage Ignored Device - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#System-Health) - -## VLAN & FDB - -### VLAN - -#### VLAN show commands - -**show vlan brief** - -This command displays brief information about all the vlans configured in the device. It displays the vlan ID, IP address (if configured for the vlan), list of vlan member ports, whether the port is tagged or in untagged mode, the DHCP Helper Address, and the proxy ARP status - -- Usage: - ``` - show vlan brief - ``` - -- Example: - ``` - admin@sonic:~$ show vlan brief - - +-----------+--------------+-----------+----------------+-----------------------+-------------+ - | VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | Proxy ARP | - +===========+==============+===========+================+=======================+=============+ - | 100 | 1.1.2.2/16 | Ethernet0 | tagged | 192.0.0.1 | disabled | - | | | Ethernet4 | tagged | 192.0.0.2 | | - | | | | | 192.0.0.3 | | - +-----------+--------------+-----------+----------------+-----------------------+-------------+ - ``` - -**show vlan config** - -This command displays all the vlan configuration. - -- Usage: - ``` - show vlan config - ``` - -- Example: - ``` - admin@sonic:~$ show vlan config - Name VID Member Mode - ------- ----- --------- ------ - Vlan100 100 Ethernet0 tagged - Vlan100 100 Ethernet4 tagged - ``` - - -#### VLAN Config commands - -This sub-section explains how to configure the vlan and its member ports. - -**config vlan add/del** - -This command is used to add or delete the vlan. - -- Usage: - ``` - config vlan (add | del) - ``` - -- Example (Create the VLAN "Vlan100" if it does not already exist): - ``` - admin@sonic:~$ sudo config vlan add 100 - ``` - -**config vlan member add/del** - -This command is to add or delete a member port into the already created vlan. - -- Usage: - ``` - config vlan member add/del [-u|--untagged] - ``` - -*NOTE: Adding the -u or --untagged flag will set the member in "untagged" mode* - - -- Example: - ``` - admin@sonic:~$ sudo config vlan member add 100 Ethernet0 - This command will add Ethernet0 as member of the vlan 100 - - admin@sonic:~$ sudo config vlan member add 100 Ethernet4 - This command will add Ethernet4 as member of the vlan 100. - ``` - -**config proxy_arp enabled/disabled** - -This command is used to enable or disable proxy ARP for a VLAN interface - -- Usage: - ``` - config vlan proxy_arp enabled/disabled - ``` - -- Example: - ``` - admin@sonic:~$ sudo config vlan proxy_arp 1000 enabled - This command will enable proxy ARP for the interface 'Vlan1000' - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#vlan--FDB) - -### FDB - -#### FDB show commands - -**show mac** - -This command displays the MAC (FDB) entries either in full or partial as given below. -1) show mac - displays the full table -2) show mac -v - displays the MACs learnt on the particular VLAN ID. -3) show mac -p - displays the MACs learnt on the particular port. -4) show mac -a - display the MACs that match a specific mac-address -5) show mac -t - display the MACs that match a specific type (static/dynamic) -6) show mac -c - display the count of MAC addresses - -To show the default MAC address aging time on the switch. - -- Usage: - ``` - show mac [-v ] [-p ] [-a ] [-t ] [-c] - ``` - -- Example: - ``` - admin@sonic:~$ show mac - No. Vlan MacAddress Port Type - ----- ------ ----------------- ----------- ------- - 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic - 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic - 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic - 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic - 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic - 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic - 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic - 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic - 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic - 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic - 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic - 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic - 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic - 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic - 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic - 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic - 17 1000 50:96:23:AD:F1:65 Ethernet192 Static - 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static - Total number of entries 18 - ``` - -Optionally, you can specify a VLAN ID or interface name or type or mac-address in order to display only that particular entries - -- Examples: - ``` - admin@sonic:~$ show mac -v 1000 - No. Vlan MacAddress Port Type - ----- ------ ----------------- ----------- ------- - 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic - 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic - 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic - 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic - 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic - 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic - 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic - 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic - 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic - 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic - 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic - 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic - 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic - 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic - 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic - 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic - 17 1000 50:96:23:AD:F1:65 Ethernet192 Static - 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static - Total number of entries 18 - ``` - ``` - admin@sonic:~$ show mac -p Ethernet192 - No. Vlan MacAddress Port Type - ----- ------ ----------------- ----------- ------- - 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic - 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic - 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic - 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic - 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic - 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic - 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic - 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic - 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic - 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic - 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic - 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic - 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic - 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic - 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic - 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic - 17 1000 50:96:23:AD:F1:65 Ethernet192 Static - 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static - Total number of entries 18 - ``` - ``` - admin@sonic:~$ show mac -a E2:8C:56:85:4A:CD - No. Vlan MacAddress Port Type - ----- ------ ----------------- ----------- ------- - 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic - Total number of entries 1 - ``` - ``` - admin@sonic:~$ show mac -t Static - No. Vlan MacAddress Port Type - ----- ------ ----------------- ----------- ------- - 2 1000 50:96:23:AD:F1:65 Ethernet192 Static - 2 1000 C6:C9:5E:AE:24:42 Ethernet192 Static - Total number of entries 2 - ``` - ``` - admin@sonic:~$ show mac -c - Total number of entries 18 - ``` - -**show mac aging-time** - -This command displays the default mac aging time on the switch - - ``` - admin@sonic:~$ show mac aging-time - Aging time for switch is 600 seconds - ``` - -**sonic-clear fdb all** - -Clear the FDB table - -- Usage: - ``` - sonic-clear fdb all - ``` -- Example: - ``` - admin@sonic:~$ sonic-clear fdb all - FDB entries are cleared. - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#vlan--FDB) - -## VxLAN & Vnet - -### VxLAN - -#### VxLAN show commands - -**show vxlan tunnel** - -This command displays brief information about all the vxlans configured in the device. It displays the vxlan tunnel name, source IP address, destination IP address (if configured), tunnel map name and mapping. - -- Usage: - - ``` - show vxlan tunnel - ``` - -- Example: - - ``` - admin@sonic:~$ show vxlan tunnel - vxlan tunnel name source ip destination ip tunnel map name tunnel map mapping(vni -> vlan) - ------------------- ----------- ---------------- ----------------- --------------------------------- - tunnel1 10.10.10.10 - tunnel2 10.10.10.10 20.10.10.10 tmap1 1234 -> 100 - tunnel3 10.10.10.10 30.10.10.10 tmap2 1235 -> 200 - ``` - -**show vxlan name ** - -This command displays configuration. - -- Usage: - - ``` - show vxlan name - ``` - -- Example: - - ``` - admin@sonic:~$ show vxlan name tunnel3 - vxlan tunnel name source ip destination ip tunnel map name tunnel map mapping(vni -> vlan) - ------------------- ----------- ---------------- ----------------- --------------------------------- - tunnel3 10.10.10.10 30.10.10.10 tmap2 1235 -> 200 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#vxlan--vnet) - -### Vnet - -#### Vnet show commands - -**show vnet brief** - -This command displays brief information about all the vnets configured in the device. It displays the vnet name, vxlan tunnel name, vni and peer list (if configured). - -- Usage: - - ``` - show vnet brief - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet brief - vnet name vxlan tunnel vni peer list - ----------- -------------- ----- ------------------ - Vnet_2000 tunnel1 2000 - Vnet_3000 tunnel1 3000 Vnet_2000,Vnet4000 - ``` - -**show vnet name ** - -This command displays brief information about configured in the device. - -- Usage: - - ``` - show vnet name - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet name Vnet_3000 - vnet name vxlan tunnel vni peer list - ----------- -------------- ----- ------------------ - Vnet_3000 tunnel1 3000 Vnet_2000,Vnet4000 - ``` - -**show vnet interfaces** - -This command displays vnet interfaces information about all the vnets configured in the device. - -- Usage: - - ``` - show vnet interfaces - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet interfaces - vnet name interfaces - ----------- ------------ - Vnet_2000 Ethernet1 - Vnet_3000 Vlan2000 - ``` - -**show vnet neighbors** - -This command displays vnet neighbor information about all the vnets configured in the device. It displays the vnet name, neighbor IP address, neighbor mac address (if configured) and interface. - -- Usage: - - ``` - show vnet neighbors - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet neighbors - Vnet_2000 neighbor mac_address interfaces - ----------- ----------- ------------- ------------ - 11.11.11.11 Ethernet1 - 11.11.11.12 Ethernet1 - - Vnet_3000 neighbor mac_address interfaces - ----------- ----------- ----------------- ------------ - 20.20.20.20 aa:bb:cc:dd:ee:ff Vlan2000 - ``` - -**show vnet routes all** - -This command displays all routes information about all the vnets configured in the device. - -- Usage: - - ``` - show vnet routes all - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet routes all - vnet name prefix nexthop interface - ----------- -------------- --------- ----------- - Vnet_2000 100.100.3.0/24 Ethernet52 - Vnet_3000 100.100.4.0/24 Vlan2000 - - vnet name prefix endpoint mac address vni - ----------- -------------- ---------- ----------------- ----- - Vnet_2000 100.100.1.1/32 10.10.10.1 - Vnet_3000 100.100.2.1/32 10.10.10.2 00:00:00:00:03:04 - ``` - -**show vnet routes tunnel** - -This command displays tunnel routes information about all the vnets configured in the device. - -- Usage: - - ``` - show vnet routes tunnel - ``` - -- Example: - - ``` - admin@sonic:~$ show vnet routes tunnel - vnet name prefix endpoint mac address vni - ----------- -------------- ---------- ----------------- ----- - Vnet_2000 100.100.1.1/32 10.10.10.1 - Vnet_3000 100.100.2.1/32 10.10.10.2 00:00:00:00:03:04 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#vxlan--vnet) - -## Warm Reboot - -warm-reboot command initiates a warm reboot of the device. - -warm-reboot command doesn't require setting warm restart configuration. The -command will setup everything needed to perform warm reboot. - -This command requires root privilege. - -- Usage: - ``` - warm-reboot [-h|-?|-v|-f|-r|-k|-x|-c |-s|-D] - ``` - -- Parameters: - ``` - -h,-? : get this help - -v : turn on verbose mode - -f : force execution - -r : reboot with /sbin/reboot - -k : reboot with /sbin/kexec -e [default] - -x : execute script with -x flag - -c : specify control plane assistant IP list - -s : strict mode: do not proceed without: - - control plane assistant IP list. - -D : detached mode - closing terminal will not cause stopping reboot - ``` - -- Example: - ``` - admin@sonic:~$ sudo warm-reboot -v - Tue Oct 22 23:20:53 UTC 2019 Pausing orchagent ... - Tue Oct 22 23:20:53 UTC 2019 Stopping radv ... - Tue Oct 22 23:20:54 UTC 2019 Stopping bgp ... - Tue Oct 22 23:20:54 UTC 2019 Stopped bgp ... - Tue Oct 22 23:20:57 UTC 2019 Initialize pre-shutdown ... - Tue Oct 22 23:20:58 UTC 2019 Requesting pre-shutdown ... - Tue Oct 22 23:20:58 UTC 2019 Waiting for pre-shutdown ... - Tue Oct 22 23:20:59 UTC 2019 Pre-shutdown succeeded ... - Tue Oct 22 23:20:59 UTC 2019 Backing up database ... - Tue Oct 22 23:21:00 UTC 2019 Stopping teamd ... - Tue Oct 22 23:21:00 UTC 2019 Stopped teamd ... - Tue Oct 22 23:21:00 UTC 2019 Stopping syncd ... - Tue Oct 22 23:21:11 UTC 2019 Stopped syncd ... - Tue Oct 22 23:21:11 UTC 2019 Stopping all remaining containers ... - Tue Oct 22 23:21:13 UTC 2019 Stopped all remaining containers ... - Tue Oct 22 23:21:15 UTC 2019 Rebooting with /sbin/kexec -e to SONiC-OS-20191021.01 ... - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#Warm-Reboot) - -## Warm Restart - -Besides device level warm reboot, SONiC also provides docker based warm restart. This feature is currently supported by following dockers: BGP, teamD, and SWSS. A user can manage to restart a particular docker, with no interruption on packet forwarding and no effect on other services. This helps to reduce operational costs as well as development efforts. For example, to fix a bug in BGP routing stack, only the BGP docker image needs to be built, tested and upgraded. - -To achieve uninterrupted packet forwarding during the restarting stage and database reconciliation at the post restarting stage, warm restart enabled dockers with adjacency state machine facilitate standardized protocols. For example, a BGP restarting switch must have BGP "Graceful Restart" enabled, and its BGP neighbors must be "Graceful Restart Helper Capable", as specified in [IETF RFC4724](https://tools.ietf.org/html/rfc4724). - -Before warm restart BGP docker, the following BGP commands should be enabled: - ``` - bgp graceful-restart - bgp graceful-restart preserve-fw-state - ``` -In current SONiC release, the above two commands are enabled by default. - -It should be aware that during a warm restart, certain BGP fast convergence feature and black hole avoidance feature should either be disabled or be set to a lower preference to avoid conflicts with BGP graceful restart. - -For example, BGP BFD could be disabled via: - - ``` - no neighbor bfd - ``` - -otherwise, the fast failure detection would cause packet drop during warm reboot. - -Another commonly deployed blackhole avoidance feature: dynamic route priority adjustment, could be disabled via: - - ``` - no bgp max-med on-peerup - ``` - -to avoid large routes churn during BGP restart. - - -### Warm Restart show commands - -**show warm_restart config** - -This command displays all the configuration related to warm_restart. - -- Usage: - ``` - show warm_restart config - ``` - -- Example: - ``` - admin@sonic:~$ show warm_restart config - name enable timer_name timer_duration - ------ -------- ---------------- ---------------- - bgp true bgp_timer 100 - teamd false teamsyncd_timer 300 - swss false neighsyncd_timer 200 - system true NULL NULL - ``` - -**show warm_restart state** - -This command displays the warm_restart state. - -- Usage: - ``` - show warm_restart state - ``` - -- Example: - ``` - admin@sonic:~$ show warm_restart state - name restore_count state - ---------- --------------- ---------- - orchagent 0 - vlanmgrd 0 - bgp 1 reconciled - portsyncd 0 - teammgrd 1 - neighsyncd 0 - teamsyncd 1 - syncd 0 - natsyncd 0 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#warm-restart) - -### Warm Restart Config commands - -This sub-section explains the various configuration related to warm restart feature. Following parameters can be configured using this command. -1) bgp_timer -2) disable -3) enable -4) neighsyncd_timer -5) teamsyncd_timer -Each of these sub-commands are explained in the following section. - -Users can use an optional parameter "-s" to use the unix domain socket for communicating with the RedisDB which will be faster when compared to using the default network sockets. -All these commands have the following option. - -Options: - -s, --redis-unix-socket-path TEXT - unix socket path for redis connection - - -**config warm_restart bgp_timer** - -This command is used to set the bgp_timer value for warm_restart of BGP service. -bgp_timer holds the time interval utilized by fpmsyncd during warm-restart episodes. -During this interval fpmsyncd will recover all the routing state previously pushed to AppDB, as well as all the new state coming from zebra/bgpd. -Upon expiration of this timer, fpmsyncd will execute the reconciliation logic to eliminate all the stale entries from AppDB. -This timer should match the BGP-GR restart-timer configured within the elected routing-stack. -Supported range: 1-3600. - -- Usage: - ``` - config warm_restart [-s|--redis-unix-socket-path ] bgp_timer - ``` - - - Parameters: - - seconds: Range from 1 to 3600 - -- Example: - ``` - admin@sonic:~$ sudo config warm_restart bgp_timer 1000 - ``` - -**config warm_restart enable/disable** - -This command is used to enable or disable the warm_restart for a particular service that supports warm reboot. -Following four services support warm reboot. When user restarts the particular service using "systemctl restart ", this configured value will be checked for whether it is enabled or disabled. -If this configuration is enabled for that service, it will perform warm reboot for that service. Otherwise, it will do cold restart of the service. - -- Usage: - ``` - config warm_restart [-s|--redis-unix-socket-path ] enable [] - ``` - - - Parameters: - - module_name: Can be either system or swss or bgp or teamd. If "module_name" argument is not specified, it will enable "system" module. - -- Example (Set warm_restart as "enable" for the "system" service): - ``` - admin@sonic:~$ sudo config warm_restart enable - ``` - -- Example (Set warm_restart as "enable" for the "swss" service. When user does "systemctl restart swss", it will perform warm reboot instead of cold reboot) - ``` - admin@sonic:~$ sudo config warm_restart enable swss - ``` - -- Example (Set warm_restart as "enable" for the "teamd" service. When user does "systemctl restart teamd", it will perform warm reboot instead of cold reboot) - ``` - admin@sonic:~$ sudo config warm_restart enable teamd - ``` - - -**config warm_restart neighsyncd_timer** - -This command is used to set the neighsyncd_timer value for warm_restart of "swss" service. -neighsyncd_timer is the timer used for "swss" (neighsyncd) service during the warm restart. -Timer is started after the neighborTable is restored to internal data structures. -neighborsyncd then starts to read all Linux kernel entries and mark the entries in the data structures accordingly. -Once the timer is expired, reconciliation is done and the delta is pushed to appDB -Valid value is 1-9999. 0 is invalid. - -- Usage: - ``` - config warm_restart [-s|--redis-unix-socket-path ] neighsyncd_timer - ``` - - - Parameters: - - seconds: Range from 1 to 9999 - -- Example: - ``` - admin@sonic:~$ sudo config warm_restart neighsyncd_timer 2000 - ``` - - -**config warm_restart bgp_timer** - -This command is used to set the bgp_timer value for warm_restart of "bgp" service. -bgp_timer is the timer used for "bgp" service during the warm restart. -Timer is started after the BGP table is restored to internal data structures. -BGP services then start to read all Linux kernel entries and mark the entries in the data structures accordingly. -Once the timer is expired, reconciliation is done and the delta is pushed to appDB -Valid value is 1-9999. 0 is invalid. - -- Usage: - ``` - config warm_restart [-s|--redis-unix-socket-path ] bgp_timer - ``` - - - Parameters: - - seconds: Range from 1 to 9999 - -- Example: - ``` - admin@sonic:~$ sudo config warm_restart bgp_timer 2000 - ``` - -**config warm_restart teamsyncd_timer** - -This command is used to set the teamsyncd_timer value for warm_restart of teamd service. -teamsyncd_timer holds the time interval utilized by teamsyncd during warm-restart episodes. -The timer is started when teamsyncd starts. During the timer interval, teamsyncd will preserve all LAG interface changes, but it will not apply them. -The changes will only be applied when the timer expires. -When the changes are applied, the stale LAG entries will be removed, the new LAG entries will be created. -Supported range: 1-9999. 0 is invalid - -- Usage: - ``` - config warm_restart teamsyncd_timer - ``` - - - Parameters: - - seconds: Range from 1 to 9999 - -- Example: - ``` - admin@sonic:~$ sudo config warm_restart teamsyncd_timer 3000 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#warm-restart) - - -## Watermark - -### Watermark Show commands - -**show watermark telemetry interval** - -This command displays the configured interval for the telemetry. - -- Usage: - ``` - show watermark telemetry interval - ``` - -- Example: - ``` - admin@sonic:~$ show watermark telemetry interval - - Telemetry interval 120 second(s) - ``` - -### Watermark Config commands - -**config watermark telemetry interval** - -This command is used to configure the interval for telemetry. -The default interval is 120 seconds. -There is no regulation on the valid range of values; it leverages linux timer. - -- Usage: - ``` - config watermark telemetry interval - ``` - -- Example: - ``` - admin@sonic:~$ sudo config watermark telemetry interval 999 - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#watermark) - - - -## Software Installation and Management - -SONiC images can be installed in one of two methods: -1. From within a running SONiC image using the `sonic-installer` utility -2. From the vendor's bootloader (E.g., ONIE, Aboot, etc.) - -SONiC packages are available as prebuilt Docker images and meant to be installed with the *sonic-package-manager* utility. - -### SONiC Package Manager - -The *sonic-package-manager* is a command line tool to manage (e.g. install, upgrade or uninstall) SONiC Packages. - -**sonic-package-manager list** - -This command lists all available SONiC packages, their desription, installed version and installation status. -SONiC package status can be *Installed*, *Not installed* or *Built-In*. "Built-In" status means that a feature is built-in to SONiC image and can't be upgraded or uninstalled. - -- Usage: - ``` - sonic-package-manager list - ``` - -- Example: - ``` - admin@sonic:~$ sonic-package-manager list - Name Repository Description Version Status - -------------- --------------------------- ---------------------------- --------- -------------- - cpu-report azure/cpu-report CPU report package N/A Not Installed - database docker-database SONiC database package 1.0.0 Built-In - dhcp-relay azure/docker-dhcp-relay SONiC dhcp-relay package 1.0.0 Installed - fpm-frr docker-fpm-frr SONiC fpm-frr package 1.0.0 Built-In - lldp docker-lldp SONiC lldp package 1.0.0 Built-In - macsec docker-macsec SONiC macsec package 1.0.0 Built-In - mgmt-framework docker-sonic-mgmt-framework SONiC mgmt-framework package 1.0.0 Built-In - nat docker-nat SONiC nat package 1.0.0 Built-In - pmon docker-platform-monitor SONiC pmon package 1.0.0 Built-In - radv docker-router-advertiser SONiC radv package 1.0.0 Built-In - sflow docker-sflow SONiC sflow package 1.0.0 Built-In - snmp docker-snmp SONiC snmp package 1.0.0 Built-In - swss docker-orchagent SONiC swss package 1.0.0 Built-In - syncd docker-syncd-mlnx SONiC syncd package 1.0.0 Built-In - teamd docker-teamd SONiC teamd package 1.0.0 Built-In - telemetry docker-sonic-telemetry SONiC telemetry package 1.0.0 Built-In - ``` - -**sonic-package-manager repository add** - -This command will add a new repository as source for SONiC packages to the database. *NOTE*: requires elevated (root) privileges to run - -- Usage: - ``` - Usage: sonic-package-manager repository add [OPTIONS] NAME REPOSITORY - - Add a new repository to database. - - NOTE: This command requires elevated (root) privileges to run. - - Options: - --default-reference TEXT Default installation reference. Can be a tag or - sha256 digest in repository. - --description TEXT Optional package entry description. - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sudo sonic-package-manager repository add \ - cpu-report azure/sonic-cpu-report --default-reference 1.0.0 - ``` - -**sonic-package-manager repository remove** - -This command will remove a repository as source for SONiC packages from the database . The package has to be *Not Installed* in order to be removed from package database. *NOTE*: requires elevated (root) privileges to run - -- Usage: - ``` - Usage: sonic-package-manager repository remove [OPTIONS] NAME - - Remove repository from database. - - NOTE: This command requires elevated (root) privileges to run. - - Options: - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sudo sonic-package-manager repository remove cpu-report - ``` - -**sonic-package-manager install** - -This command pulls and installs a package on SONiC host. *NOTE*: this command requires elevated (root) privileges to run - -- Usage: - ``` - Usage: sonic-package-manager install [OPTIONS] [PACKAGE_EXPR] - - Install/Upgrade package using [PACKAGE_EXPR] in format - "[=|@]". - - The repository to pull the package from is resolved by lookup in - package database, thus the package has to be added via "sonic- - package-manager repository add" command. - - In case when [PACKAGE_EXPR] is a package name "" this command - will install or upgrade to a version referenced by "default- - reference" in package database. - - NOTE: This command requires elevated (root) privileges to run. - - Options: - --enable Set the default state of the feature to enabled - and enable feature right after installation. NOTE: - user needs to execute "config save -y" to make - this setting persistent. - --set-owner [local|kube] Default owner configuration setting for a feature. - --from-repository TEXT Fetch package directly from image registry - repository. NOTE: This argument is mutually - exclusive with arguments: [package_expr, - from_tarball]. - --from-tarball FILE Fetch package from saved image tarball. NOTE: This - argument is mutually exclusive with arguments: - [package_expr, from_repository]. - -f, --force Force operation by ignoring package dependency - tree and package manifest validation failures. - -y, --yes Automatically answer yes on prompts. - -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. - Default is INFO. - --skip-host-plugins Do not install host OS plugins provided by the - package (CLI, etc). NOTE: In case when package - host OS plugins are set as mandatory in package - manifest this option will fail the installation. - --allow-downgrade Allow package downgrade. By default an attempt to - downgrade the package will result in a failure - since downgrade might not be supported by the - package, thus requires explicit request from the - user. - --help Show this message and exit.. - ``` -- Example: - ``` - admin@sonic:~$ sudo sonic-package-manager install dhcp-relay=1.0.2 - ``` - ``` - admin@sonic:~$ sudo sonic-package-manager install dhcp-relay@latest - ``` - ``` - admin@sonic:~$ sudo sonic-package-manager install dhcp-relay@sha256:9780f6d83e45878749497a6297ed9906c19ee0cc48cc88dc63827564bb8768fd - ``` - ``` - admin@sonic:~$ sudo sonic-package-manager install --from-repository azure/sonic-cpu-report:latest - ``` - ``` - admin@sonic:~$ sudo sonic-package-manager install --from-tarball sonic-docker-image.gz - ``` - -**sonic-package-manager uninstall** - -This command uninstalls package from SONiC host. User needs to stop the feature prior to uninstalling it. -*NOTE*: this command requires elevated (root) privileges to run. - -- Usage: - ``` - Usage: sonic-package-manager uninstall [OPTIONS] NAME - - Uninstall package. - - NOTE: This command requires elevated (root) privileges to run. - - Options: - -f, --force Force operation by ignoring package dependency tree and - package manifest validation failures. - -y, --yes Automatically answer yes on prompts. - -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. Default - is INFO. - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sudo sonic-package-manager uninstall dhcp-relay - ``` - -**sonic-package-manager reset** - -This comamnd resets the package by reinstalling it to its default version. *NOTE*: this command requires elevated (root) privileges to run. - -- Usage: - ``` - Usage: sonic-package-manager reset [OPTIONS] NAME - - Reset package to the default version. - - NOTE: This command requires elevated (root) privileges to run. - - Options: - -f, --force Force operation by ignoring package dependency tree and - package manifest validation failures. - -y, --yes Automatically answer yes on prompts. - -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. Default - is INFO. - --skip-host-plugins Do not install host OS plugins provided by the package - (CLI, etc). NOTE: In case when package host OS plugins - are set as mandatory in package manifest this option - will fail the installation. - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sudo sonic-package-manager reset dhcp-relay - ``` - -**sonic-package-manager show package versions** - -This command will retrieve a list of all available versions for the given package from the configured upstream repository - -- Usage: - ``` - Usage: sonic-package-manager show package versions [OPTIONS] NAME - - Show available versions. - - Options: - --all Show all available tags in repository. - --plain Plain output. - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sonic-package-manager show package versions dhcp-relay - • 1.0.0 - • 1.0.2 - • 2.0.0 - ``` - ``` - admin@sonic:~$ sonic-package-manager show package versions dhcp-relay --plain - 1.0.0 - 1.0.2 - 2.0.0 - ``` - ``` - admin@sonic:~$ sonic-package-manager show package versions dhcp-relay --all - • 1.0.0 - • 1.0.2 - • 2.0.0 - • latest - ``` - -**sonic-package-manager show package changelog** - -This command fetches the changelog from the package manifest and displays it. *NOTE*: package changelog can be retrieved from registry or read from image tarball without installing it. - -- Usage: - ``` - Usage: sonic-package-manager show package changelog [OPTIONS] [PACKAGE_EXPR] - - Show package changelog. - - Options: - --from-repository TEXT Fetch package directly from image registry - repository NOTE: This argument is mutually exclusive - with arguments: [from_tarball, package_expr]. - --from-tarball FILE Fetch package from saved image tarball NOTE: This - argument is mutually exclusive with arguments: - [package_expr, from_repository]. - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sonic-package-manager show package changelog dhcp-relay - 1.0.0: - - • Initial release - - Author (author@email.com) Mon, 25 May 2020 12:25:00 +0300 - ``` - -**sonic-package-manager show package manifest** - -This command fetches the package manifest and displays it. *NOTE*: package manifest can be retrieved from registry or read from image tarball without installing it. - -- Usage: - ``` - Usage: sonic-package-manager show package manifest [OPTIONS] [PACKAGE_EXPR] - - Show package manifest. - - Options: - --from-repository TEXT Fetch package directly from image registry - repository NOTE: This argument is mutually exclusive - with arguments: [package_expr, from_tarball]. - --from-tarball FILE Fetch package from saved image tarball NOTE: This - argument is mutually exclusive with arguments: - [from_repository, package_expr]. - -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG - --help Show this message and exit. - ``` -- Example: - ``` - admin@sonic:~$ sonic-package-manager show package manifest dhcp-relay=2.0.0 - { - "version": "1.0.0", - "package": { - "version": "2.0.0", - "depends": [ - "database>=1.0.0,<2.0.0" - ] - }, - "service": { - "name": "dhcp_relay" - } - } - ``` - -### SONiC Installer -This is a command line tool available as part of the SONiC software; If the device is already running the SONiC software, this tool can be used to install an alternate image in the partition. -This tool has facility to install an alternate image, list the available images and to set the next reboot image. -This command requires elevated (root) privileges to run. - -**sonic-installer list** - -This command displays information about currently installed images. It displays a list of installed images, currently running image and image set to be loaded in next reboot. - -- Usage: - ``` - sonic-installer list - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer list - Current: SONiC-OS-HEAD.XXXX - Next: SONiC-OS-HEAD.XXXX - Available: - SONiC-OS-HEAD.XXXX - SONiC-OS-HEAD.YYYY - ``` - -TIP: This output can be obtained without evelated privileges by running the `show boot` command. See [here](#show-system-status) for details. - -**sonic-installer install** - -This command is used to install a new image on the alternate image partition. This command takes a path to an installable SONiC image or URL and installs the image. - -- Usage: - ``` - sonic-installer install - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer install https://sonic-jenkins.westus.cloudapp.azure.com/job/xxxx/job/buildimage-xxxx-all/xxx/artifact/target/sonic-xxxx.bin - New image will be installed, continue? [y/N]: y - Downloading image... - ...100%, 480 MB, 3357 KB/s, 146 seconds passed - Command: /tmp/sonic_image - Verifying image checksum ... OK. - Preparing image archive ... OK. - ONIE Installer: platform: XXXX - onie_platform: - Installing SONiC in SONiC - Installing SONiC to /host/image-xxxx - Directory /host/image-xxxx/ already exists. Cleaning up... - Archive: fs.zip - creating: /host/image-xxxx/boot/ - inflating: /host/image-xxxx/boot/vmlinuz-3.16.0-4-amd64 - inflating: /host/image-xxxx/boot/config-3.16.0-4-amd64 - inflating: /host/image-xxxx/boot/System.map-3.16.0-4-amd64 - inflating: /host/image-xxxx/boot/initrd.img-3.16.0-4-amd64 - creating: /host/image-xxxx/platform/ - extracting: /host/image-xxxx/platform/firsttime - inflating: /host/image-xxxx/fs.squashfs - inflating: /host/image-xxxx/dockerfs.tar.gz - Log file system already exists. Size: 4096MB - Installed SONiC base image SONiC-OS successfully - - Command: cp /etc/sonic/minigraph.xml /host/ - - Command: grub-set-default --boot-directory=/host 0 - - Done - ``` - -Installing a new image using the sonic-installer will keep using the packages installed on the currently running SONiC image and automatically migrate those. In order to perform clean SONiC installation use the *--skip-package-migration* option: - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer install https://sonic-jenkins.westus.cloudapp.azure.com/job/xxxx/job/buildimage-xxxx-all/xxx/artifact/target/sonic-xxxx.bin --skip-package-migration - ``` - -**sonic-installer set_default** - -This command is be used to change the image which can be loaded by default in all the subsequent reboots. - -- Usage: - ``` - sonic-installer set_default - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer set_default SONiC-OS-HEAD.XXXX - ``` - -**sonic-installer set_next_boot** - -This command is used to change the image that can be loaded in the *next* reboot only. Note that it will fallback to current image in all other subsequent reboots after the next reboot. - -- Usage: - ``` - sonic-installer set_next_boot - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer set_next_boot SONiC-OS-HEAD.XXXX - ``` - -**sonic-installer remove** - -This command is used to remove the unused SONiC image from the disk. Note that it's *not* allowed to remove currently running image. - -- Usage: - ``` - sonic-installer remove [-y|--yes] - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer remove SONiC-OS-HEAD.YYYY - Image will be removed, continue? [y/N]: y - Updating GRUB... - Done - Removing image root filesystem... - Done - Command: grub-set-default --boot-directory=/host 0 - - Image removed - ``` - -**sonic-installer cleanup** - -This command removes all unused images from the device, leaving only the currently active image and the image which will be booted into next (if different) installed. If there are no images which can be removed, the command will output `No image(s) to remove` - -- Usage: - ``` - sonic-installer cleanup [-y|--yes] - ``` - -- Example: - ``` - admin@sonic:~$ sudo sonic-installer cleanup - Remove images which are not current and next, continue? [y/N]: y - No image(s) to remove - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#software-installation-and-management) - - - -## Troubleshooting Commands - -For troubleshooting and debugging purposes, this command gathers pertinent information about the state of the device; information is as diverse as syslog entries, database state, routing-stack state, etc., It then compresses it into an archive file. This archive file can be sent to the SONiC development team for examination. -Resulting archive file is saved as `/var/dump/_YYYYMMDD_HHMMSS.tar.gz` - -- Usage: - ``` - show techsupport - ``` - -- Example: - ``` - admin@sonic:~$ show techsupport [--since=] - ``` - -If the SONiC system was running for quite some time `show techsupport` will produce a large dump file. To reduce the amount of syslog and core files gathered during system dump use `--since` option: - -- Examples: - ``` - admin@sonic:~$ show techsupport --since=yesterday # Will collect syslog and core files for the last 24 hours - ``` - ``` - admin@sonic:~$ show techsupport --since='hour ago' # Will collect syslog and core files for the last one hour - ``` - -### Debug Dumps - -In SONiC, there usually exists a set of tables related/relevant to a particular module. All of these might have to be looked at to confirm whether any configuration update is properly applied and propagated. This utility comes in handy because it prints a unified view of the redis-state for a given module - -- Usage: - ``` - Usage: dump state [OPTIONS] MODULE IDENTIFIER - Dump the redis-state of the identifier for the module specified - - Options: - -s, --show Display Modules Available - -d, --db TEXT Only dump from these Databases - -t, --table Print in tabular format [default: False] - -k, --key-map Only fetch the keys matched, don't extract field-value dumps [default: False] - -v, --verbose Prints any intermediate output to stdout useful for dev & troubleshooting [default: False] - -n, --namespace TEXT Dump the redis-state for this namespace. [default: DEFAULT_NAMESPACE] - --help Show this message and exit. - ``` - - -- Examples: - ``` - root@sonic# dump state --show - Module Identifier - -------- ------------ - port port_name - copp trap_id - ``` - - ``` - admin@sonic:~$ dump state copp arp_req --key-map --db ASIC_DB - { - "arp_req": { - "ASIC_DB": { - "keys": [ - "ASIC_STATE:SAI_OBJECT_TYPE_HOSTIF_TRAP:oid:0x22000000000c5b", - "ASIC_STATE:SAI_OBJECT_TYPE_HOSTIF_TRAP_GROUP:oid:0x11000000000c59", - "ASIC_STATE:SAI_OBJECT_TYPE_POLICER:oid:0x12000000000c5a", - "ASIC_STATE:SAI_OBJECT_TYPE_QUEUE:oid:0x15000000000626" - ], - "tables_not_found": [], - "vidtorid": { - "oid:0x22000000000c5b": "oid:0x200000000022", - "oid:0x11000000000c59": "oid:0x300000011", - "oid:0x12000000000c5a": "oid:0x200000012", - "oid:0x15000000000626": "oid:0x12e0000040015" - } - } - } - } - ``` - -### Event Driven Techsupport Invocation - -This feature/capability makes the techsupport invocation event-driven based on core dump generation. This feature is only applicable for the processes running in the containers. More detailed explanation can be found in the HLD https://github.com/Azure/SONiC/blob/master/doc/auto_techsupport_and_coredump_mgmt.md - -#### config auto-techsupport global commands - -**config auto-techsupport global state** - -- Usage: - ``` - config auto-techsupport global state - ``` - -- Example: - ``` - config auto-techsupport global state enabled - ``` - -**config auto-techsupport global rate-limit-interval ** - -- Usage: - ``` - config auto-techsupport global rate-limit-interval - ``` - - Parameters: - - rate-limit-interval: Minimum time in seconds to wait after the last techsupport creation time before invoking a new one. - -- Example: - ``` - config auto-techsupport global rate-limit-interval 200 - ``` - -**config auto-techsupport global max-techsupport-limit ** - -- Usage: - ``` - config auto-techsupport global max-techsupport-limit - ``` - - Parameters: - - max-techsupport-limit: A percentage value should be specified. This signifies maximum size to which /var/dump/ directory can be grown until. - -- Example: - ``` - config auto-techsupport global max-techsupport-limit 10.15 - ``` - -**config auto-techsupport global max-core-limit ** - -- Usage: - ``` - config auto-techsupport global max-core-limit - ``` - - Parameters: - - max-core-limit: A percentage value should be specified. This signifies maximum size to which /var/core/ directory can be grown until. - -- Example: - ``` - config auto-techsupport global max-core-limit 10.15 - ``` - -**config auto-techsupport global since** - -- Usage: - ``` - config auto-techsupport global since - ``` - - Parameters: - - since: This limits the auto-invoked techsupport to only collect the logs & core-dumps generated since the time provided. Any valid date string of the formats specified here can be used. (https://www.gnu.org/software/coreutils/manual/html_node/Date-input-formats.html). If this value is not explicitly configured or a non-valid string is provided, a default value of "2 days ago" is used. - -- Example: - ``` - config auto-techsupport global since - ``` - - -#### config auto-techsupport-feature commands - -**config auto-techsupport-feature add** - -- Usage: - ``` - config auto-techsupport-feature add --state --rate-limit-interval - ``` - - Parameters: - - state: enable/disable the capability for the specific feature/container. - - rate-limit-interval: Rate limit interval for the corresponding feature. Configure 0 to explicitly disable. For the techsupport to be generated by auto-techsupport, both the global and feature specific rate-limit-interval has to be passed - -- Example: - ``` - config auto-techsupport-feature add bgp --state enabled --rate-limit-interval 200 - ``` - - -**config auto-techsupport-feature delete** - -- Usage: - ``` - config auto-techsupport-feature delete - ``` - -- Example: - ``` - config auto-techsupport-feature delete swss - ``` - -**config auto-techsupport-feature update** - -- Usage: - ``` - config auto-techsupport-feature update --state - config auto-techsupport-feature update --rate-limit-interval - ``` - -- Example: - ``` - config auto-techsupport-feature update snmp --state enabled - config auto-techsupport-feature update swss --rate-limit-interval 200 - ``` - -#### Show CLI: - -**show auto-techsupport global** - -- Usage: - ``` - show auto-techsupport global - ``` - -- Example: - ``` - admin@sonic:~$ show auto-techsupport global - STATE RATE LIMIT INTERVAL (sec) MAX TECHSUPPORT LIMIT (%) MAX CORE LIMIT (%) SINCE - ------- --------------------------- -------------------------- ------------------ ---------- - enabled 180 10.0 5.0 2 days ago - ``` - -**show auto-techsupport-feature** - -- Usage: - ``` - show auto-techsupport-feature - ``` - -- Example: - ``` - admin@sonic:~$ show auto-techsupport-feature - FEATURE NAME STATE RATE LIMIT INTERVAL (sec) - -------------- -------- -------------------------- - bgp enabled 600 - database enabled 600 - dhcp_relay enabled 600 - lldp enabled 600 - swss disabled 800 - ``` - -**show auto-techsupport history** - -- Usage: - ``` - show auto-techsupport history - ``` - -- Example: - ``` - admin@sonic:~$ show auto-techsupport history - TECHSUPPORT DUMP TRIGGERED BY CORE DUMP - ---------------------------------------- -------------- ----------------------------- - sonic_dump_r-lionfish-16_20210901_221402 bgp bgpcfgd.1630534439.55.core.gz - sonic_dump_r-lionfish-16_20210901_203725 snmp python3.1630528642.23.core.gz - sonic_dump_r-lionfish-16_20210901_222408 teamd python3.1630535045.34.core.gz - ``` - -Go Back To [Beginning of the document](#) or [Beginning of this section](#troubleshooting-commands) - -## Routing Stack - -SONiC software is agnostic of the routing software that is being used in the device. For example, users can use either Quagga or FRR routing stack as per their requirement. -A separate shell (vtysh) is provided to configure such routing stacks. -Once if users go to "vtysh", they can use the routing stack specific commands as given in the following example. - -- Example (Quagga Routing Stack): - ``` - admin@sonic:~$ vtysh - - Hello, this is Quagga (version 0.99.24.1). - Copyright 1996-2005 Kunihiro Ishiguro, et al. - - sonic# show route-map (This command displays the route-map that is configured for the routing protocol.) - ZEBRA: - route-map RM_SET_SRC, permit, sequence 10 - Match clauses: - Set clauses: - src 10.12.0.102 - Call clause: - Action: - Exit routemap - ``` - -Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about about the routing stack configuration. - - -Go Back To [Beginning of the document](#) or [Beginning of this section](#routing-stack) - - -## Quagga BGP Show Commands - -**show ip bgp summary** - -This command displays the summary of all IPv4 bgp neighbors that are configured and the corresponding states. - -- Usage: - ``` - show ip bgp summary - ``` - -- Example: - ``` - admin@sonic:~$ show ip bgp summary - BGP router identifier 1.2.3.4, local AS number 65061 - RIB entries 6124, using 670 KiB of memory - Peers 2, using 143 KiB of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd - 192.168.1.161 4 65501 88698 102781 0 0 0 08w5d14h 2 - 192.168.1.163 4 65502 88698 102780 0 0 0 08w5d14h 2 - - Total number of neighbors 2 - ``` - -**show ip bgp neighbors** - -This command displays all the details of IPv4 & IPv6 BGP neighbors when no optional argument is specified. - -When the optional argument IPv4_address is specified, it displays the detailed neighbor information about that specific IPv4 neighbor. - -Command has got additional optional arguments to display only the advertised routes, or the received routes, or all routes. - -In order to get details for an IPv6 neigbor, use "show ipv6 bgp neighbor " command. - -- Usage: - ``` - show ip bgp neighbors [ [advertised-routes | received-routes | routes]] - ``` - -- Example: - ``` - admin@sonic:~$ show ip bgp neighbors - BGP neighbor is 192.168.1.161, remote AS 65501, local AS 65061, external link - Description: ARISTA01T0 - BGP version 4, remote router ID 1.2.3.4 - BGP state = Established, up for 08w5d14h - Last read 00:00:46, hold time is 180, keepalive interval is 60 seconds - Neighbor capabilities: - 4 Byte AS: advertised and received - Dynamic: received - Route refresh: advertised and received(old & new) - Address family IPv4 Unicast: advertised and received - Graceful Restart Capabilty: advertised and received - Remote Restart timer is 120 seconds - Address families by peer: - IPv4 Unicast(not preserved) - Graceful restart informations: - End-of-RIB send: IPv4 Unicast - End-of-RIB received: IPv4 Unicast - Message statistics: - Inq depth is 0 - Outq depth is 0 - Sent Rcvd - Opens: 1 1 - Notifications: 0 0 - Updates: 14066 3 - Keepalives: 88718 88698 - Route Refresh: 0 0 - Capability: 0 0 - Total: 102785 88702 - Minimum time between advertisement runs is 30 seconds - - For address family: IPv4 Unicast - Community attribute sent to this neighbor(both) - 2 accepted prefixes - - Connections established 1; dropped 0 - Last reset never - Local host: 192.168.1.160, Local port: 32961 - Foreign host: 192.168.1.161, Foreign port: 179 - Nexthop: 192.168.1.160 - Nexthop global: fe80::f60f:1bff:fe89:bc00 - Nexthop local: :: - BGP connection: non shared network - Read thread: on Write thread: off - ``` - -Optionally, you can specify an IP address in order to display only that particular neighbor. In this mode, you can optionally specify whether you want to display all routes advertised to the specified neighbor, all routes received from the specified neighbor or all routes (received and accepted) from the specified neighbor. - - -- Examples: - ``` - admin@sonic:~$ show ip bgp neighbors 192.168.1.161 - - admin@sonic:~$ show ip bgp neighbors 192.168.1.161 advertised-routes - - admin@sonic:~$ show ip bgp neighbors 192.168.1.161 received-routes - - admin@sonic:~$ show ip bgp neighbors 192.168.1.161 routes - ``` - -**show ipv6 bgp summary** - -This command displays the summary of all IPv4 bgp neighbors that are configured and the corresponding states. - -- Usage: - ``` - show ipv6 bgp summary - ``` - -- Example: - ``` - admin@sonic:~$ show ipv6 bgp summary - BGP router identifier 10.1.0.32, local AS number 65100 - RIB entries 12809, using 1401 KiB of memory - Peers 8, using 36 KiB of memory - - Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd - fc00::72 4 64600 12588 12591 0 0 0 06:51:17 6402 - fc00::76 4 64600 12587 6190 0 0 0 06:51:28 6402 - fc00::7a 4 64600 12587 9391 0 0 0 06:51:23 6402 - fc00::7e 4 64600 12589 12592 0 0 0 06:51:25 6402 - - Total number of neighbors 4 - ``` - -**show ipv6 bgp neighbors** - -This command displays all the details of one particular IPv6 Border Gateway Protocol (BGP) neighbor. Option is also available to display only the advertised routes, or the received routes, or all routes. - -- Usage: - ``` - show ipv6 bgp neighbors (advertised-routes | received-routes | routes) - ``` - -- Examples: - ``` - admin@sonic:~$ show ipv6 bgp neighbors fc00::72 advertised-routes - - admin@sonic:~$ show ipv6 bgp neighbors fc00::72 received-routes - - admin@sonic:~$ show ipv6 bgp neighbors fc00::72 routes - ``` - -**show route-map** - -This command displays the routing policy that takes precedence over the other route processes that are configured. - -- Usage: - ``` - show route-map - ``` - -- Example: - ``` - admin@sonic:~$ show route-map - ZEBRA: - route-map RM_SET_SRC, permit, sequence 10 - Match clauses: - Set clauses: - src 10.12.0.102 - Call clause: - Action: - Exit routemap - ZEBRA: - route-map RM_SET_SRC6, permit, sequence 10 - Match clauses: - Set clauses: - src fc00:1::102 - Call clause: - Action: - Exit routemap - BGP: - route-map FROM_BGP_SPEAKER_V4, permit, sequence 10 - Match clauses: - Set clauses: - Call clause: - Action: - Exit routemap - BGP: - route-map TO_BGP_SPEAKER_V4, deny, sequence 10 - Match clauses: - Set clauses: - Call clause: - Action: - Exit routemap - BGP: - route-map ISOLATE, permit, sequence 10 - Match clauses: - Set clauses: - as-path prepend 65000 - Call clause: - Action: - Exit routemap - ``` -Go Back To [Beginning of the document](#) or [Beginning of this section](#quagga-bgp-show-commands) - -# ZTP Configuration And Show Commands - -This section explains all the Zero Touch Provisioning commands that are supported in SONiC. - -## ZTP show commands - - -This command displays the current ZTP configuration of the switch. It also displays detailed information about current state of a ZTP session. It displays information related to all configuration sections as defined in the switch provisioning information discovered in a particular ZTP session. - -- Usage: - show ztp status - - show ztp status --verbose - -- Example: - -``` -root@B1-SP1-7712:/home/admin# show ztp status -ZTP Admin Mode : True -ZTP Service : Inactive -ZTP Status : SUCCESS -ZTP Source : dhcp-opt67 (eth0) -Runtime : 05m 31s -Timestamp : 2019-09-11 19:12:24 UTC - -ZTP Service is not running - -01-configdb-json: SUCCESS -02-connectivity-check: SUCCESS -``` -Use the verbose option to display more detailed information. - -``` -root@B1-SP1-7712:/home/admin# show ztp status --verbose -Command: ztp status --verbose -======================================== -ZTP -======================================== -ZTP Admin Mode : True -ZTP Service : Inactive -ZTP Status : SUCCESS -ZTP Source : dhcp-opt67 (eth0) -Runtime : 05m 31s -Timestamp : 2019-09-11 19:12:16 UTC -ZTP JSON Version : 1.0 - -ZTP Service is not running - ----------------------------------------- -01-configdb-json ----------------------------------------- -Status : SUCCESS -Runtime : 02m 48s -Timestamp : 2019-09-11 19:11:55 UTC -Exit Code : 0 -Ignore Result : False - ----------------------------------------- -02-connectivity-check ----------------------------------------- -Status : SUCCESS -Runtime : 04s -Timestamp : 2019-09-11 19:12:16 UTC -Exit Code : 0 -Ignore Result : False -``` - -- Description - - - **ZTP Admin Mode** - Displays if the ZTP feature is administratively enabled or disabled. Possible values are True or False. This value is configurable using "config ztp enabled" and "config ztp disable" commands. - - **ZTP Service** - Displays the ZTP service status. The following are possible values this field can display: - - *Active Discovery*: ZTP service is operational and is performing DHCP discovery to learn switch provisioning information - - *Processing*: ZTP service has discovered switch provisioning information and is processing it - - **ZTP Status** - Displays the current state and result of ZTP session. The following are possible values this field can display: - - *IN-PROGRESS*: ZTP session is currently in progress. ZTP service is processing switch provisioning information. - - *SUCCESS*: ZTP service has successfully processed the switch provisioning information. - - *FAILED*: ZTP service has failed to process the switch provisioning information. - - *Not Started*: ZTP service has not started processing the discovered switch provisioning information. - - **ZTP Source** - Displays the DHCP option and then interface name from which switch provisioning information has been discovered. - - **Runtime** - Displays the time taken for ZTP process to complete from start to finish. For individual configuration sections it indicates the time taken to process the associated configuration section. - - **Timestamp** - Displays the date/time stamp when the status field has last changed. - - **ZTP JSON Version** - Version of ZTP JSON file used for describing switch provisioning information. - - **Status** - Displays the current state and result of a configuration section. The following are possible values this field can display: - - *IN-PROGRESS*: Corresponding configuration section is currently being processed. - - *SUCCESS*: Corresponding configuration section was processed successfully. - - *FAILED*: Corresponding configuration section failed to execute successfully. - - *Not Started*: ZTP service has not started processing the corresponding configuration section. - - *DISABLED*: Corresponding configuration section has been marked as disabled and will not be processed. - - **Exit Code** - Displays the program exit code of the configuration section executed. Non-zero exit code indicates that the configuration section has failed to execute successfully. - - **Ignore Result** - If this value is True, the result of the corresponding configuration section is ignored and not used to evaluate the overall ZTP result. - - **Activity String** - In addition to above information an activity string is displayed indicating the current action being performed by the ZTP service and how much time it has been performing the mentioned activity. Below is an example. - - (04m 12s) Discovering provisioning data - -## ZTP configuration commands - -This sub-section explains the list of the configuration options available for ZTP. - - - -**config ztp enable** - -Use this command to enable ZTP administrative mode - -- Example: - -``` -root@sonic:/home/admin# config ztp enable -Running command: ztp enable -``` - - - -**config ztp disable** - -Use this command to disable ZTP administrative mode. This command can also be used to abort a current ZTP session and load the factory default switch configuration. - -- Usage: - config ztp disable - - config ztp disable -y - -- Example: - -``` -root@sonic:/home/admin# config ztp disable -Active ZTP session will be stopped and disabled, continue? [y/N]: y -Running command: ztp disable -y -``` - - -**config ztp run** - -Use this command to manually restart a new ZTP session. This command deletes the existing */etc/sonic/config_db.json* file and stats ZTP service. It also erases the previous ZTP session data. ZTP configuration is loaded on to the switch and ZTP discovery is performed. - -- Usage: - config ztp run - - config ztp run -y - -- Example: - -``` -root@sonic:/home/admin# config ztp run -ZTP will be restarted. You may lose switch data and connectivity, continue? [y/N]: y -Running command: ztp run -y -``` - -Go Back To [Beginning of the document](#SONiC-COMMAND-LINE-INTERFACE-GUIDE) or [Beginning of this section](#ztp-configuration-and-show-commands) - -# MACsec Commands - -This sub-section explains the list of the configuration options available for MACsec. MACsec feature is as a plugin to SONiC, So please install MACsec package before using MACsec commands. - -## MACsec config command - -- Add MACsec profile -``` -admin@sonic:~$ sudo config macsec profile add --help -Usage: config macsec profile add [OPTIONS] - - Add MACsec profile - -Options: - --priority For Key server election. In 0-255 range with - 0 being the highest priority. [default: - 255] - --cipher_suite The cipher suite for MACsec. [default: GCM- - AES-128] - --primary_cak Primary Connectivity Association Key. - [required] - --primary_ckn Primary CAK Name. [required] - --policy MACsec policy. INTEGRITY_ONLY: All traffic, - except EAPOL, will be converted to MACsec - packets without encryption. SECURITY: All - traffic, except EAPOL, will be encrypted by - SecY. [default: security] - --enable_replay_protect / --disable_replay_protect - Whether enable replay protect. [default: - False] - --replay_window - Replay window size that is the number of - packets that could be out of order. This - field works only if ENABLE_REPLAY_PROTECT is - true. [default: 0] - --send_sci / --no_send_sci Send SCI in SecTAG field of MACsec header. - [default: True] - --rekey_period The period of proactively refresh (Unit - second). [default: 0] - -?, -h, --help Show this message and exit. -``` - -- Delete MACsec profile -``` -admin@sonic:~$ sudo config macsec profile del --help -Usage: config macsec profile del [OPTIONS] - - Delete MACsec profile - -Options: - -?, -h, --help Show this message and exit. -``` - -- Enable MACsec on the port -``` -admin@sonic:~$ sudo config macsec port add --help -Usage: config macsec port add [OPTIONS] - - Add MACsec port - -Options: - -?, -h, --help Show this message and exit. -``` - - -- Disable MACsec on the port -``` -admin@sonic:~$ sudo config macsec port del --help -Usage: config macsec port del [OPTIONS] - - Delete MACsec port - -Options: - -?, -h, --help Show this message and exit. - -``` - - -## MACsec show command - -- Show MACsec - -``` -admin@vlab-02:~$ show macsec --help -Usage: show macsec [OPTIONS] [INTERFACE_NAME] - -Options: - -d, --display [all] Show internal interfaces [default: all] - -n, --namespace [] Namespace name or all - -h, -?, --help Show this message and exit. - -``` - -``` -admin@vlab-02:~$ show macsec -MACsec port(Ethernet0) ---------------------- ----------- -cipher_suite GCM-AES-256 -enable true -enable_encrypt true -enable_protect true -enable_replay_protect false -replay_window 0 -send_sci true ---------------------- ----------- - MACsec Egress SC (5254008f4f1c0001) - ----------- - - encoding_an 2 - ----------- - - MACsec Egress SA (1) - ------------------------------------- ---------------------------------------------------------------- - auth_key 849B69D363E2B0AA154BEBBD7C1D9487 - next_pn 1 - sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 179 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 - ------------------------------------- ---------------------------------------------------------------- - MACsec Egress SA (2) - ------------------------------------- ---------------------------------------------------------------- - auth_key 5A8B8912139551D3678B43DD0F10FFA5 - next_pn 1 - sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6 - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 87185 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 - ------------------------------------- ---------------------------------------------------------------- - MACsec Ingress SC (525400edac5b0001) - MACsec Ingress SA (1) - --------------------------------------- ---------------------------------------------------------------- - active true - auth_key 849B69D363E2B0AA154BEBBD7C1D9487 - lowest_acceptable_pn 1 - sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 103 - SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - --------------------------------------- ---------------------------------------------------------------- - MACsec Ingress SA (2) - --------------------------------------- ---------------------------------------------------------------- - active true - auth_key 5A8B8912139551D3678B43DD0F10FFA5 - lowest_acceptable_pn 1 - sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6 - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 91824 - SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - --------------------------------------- ---------------------------------------------------------------- -MACsec port(Ethernet1) ---------------------- ----------- -cipher_suite GCM-AES-256 -enable true -enable_encrypt true -enable_protect true -enable_replay_protect false -replay_window 0 -send_sci true ---------------------- ----------- - MACsec Egress SC (5254008f4f1c0001) - ----------- - - encoding_an 1 - ----------- - - MACsec Egress SA (1) - ------------------------------------- ---------------------------------------------------------------- - auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF - next_pn 1 - sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 4809 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 - ------------------------------------- ---------------------------------------------------------------- - MACsec Ingress SC (525400edac5b0001) - MACsec Ingress SA (1) - --------------------------------------- ---------------------------------------------------------------- - active true - auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF - lowest_acceptable_pn 1 - sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B - salt 000000000000000000000000 - ssci 0 - SAI_MACSEC_SA_ATTR_CURRENT_XPN 5033 - SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 - SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 - SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 - SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 - SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 - SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 - --------------------------------------- ---------------------------------------------------------------- -``` - -## MACsec clear command - -Clear MACsec counters which is to reset all MACsec counters to ZERO. - -``` -admin@sonic:~$ sonic-clear macsec --help -Usage: sonic-clear macsec [OPTIONS] - - Clear MACsec counts. This clear command will generated a cache for next - show commands which will base on this cache as the zero baseline to show - the increment of counters. - -Options: - --clean-cache BOOLEAN If the option of clean cache is true, next show - commands will show the raw counters which based on - the service booted instead of the last clear command. - -h, -?, --help Show this message and exit. -``` - - - +# SONiC Command Line Interface Guide + +## Table of Contents + +* [Document History](#document-history) +* [Introduction](#introduction) +* [Basic Tasks](#basic-tasks) + * [SSH Login](#ssh-login) + * [Show Management Interface](#show-management-interface) + * [Configuring Management Interface](#configuring-management-interface) +* [Getting Help](#getting-help) + * [Help for Config Commands](#help-for-config-commands) + * [Help for Show Commands](#help-for-show-commands) +* [Basic Show Commands](#basic-show-commands) + * [Show Versions](#show-versions) + * [Show System Status](#show-system-status) + * [Show Hardware Platform](#show-hardware-platform) + * [Transceivers](#transceivers) +* [AAA & TACACS+](#aaa--tacacs) + * [AAA](#aaa) + * [AAA show commands](#aaa-show-commands) + * [AAA config commands](#aaa-config-commands) + * [TACACS+](#tacacs) + * [TACACS+ show commands](#tacacs-show-commands) + * [TACACS+ config commands](#tacacs-config-commands) +* [ACL](#acl) + * [ACL show commands](#acl-show-commands) + * [ACL config commands](#acl-config-commands) +* [ARP & NDP](#arp--ndp) + * [ARP show commands](#arp-show-commands) + * [NDP show commands](#ndp-show-commands) +* [BFD](#bfd) + * [BFD show commands](#bfd-show-commands) +* [BGP](#bgp) + * [BGP show commands](#bgp-show-commands) + * [BGP config commands](#bgp-config-commands) +* [Console](#console) + * [Console show commands](#console-show-commands) + * [Console config commands](#console-config-commands) + * [Console connect commands](#console-connect-commands) + * [Console clear commands](#console-clear-commands) +* [DHCP Relay](#dhcp-relay) + * [DHCP Relay config commands](#dhcp-relay-config-commands) +* [Drop Counters](#drop-counters) + * [Drop Counter show commands](#drop-counters-show-commands) + * [Drop Counter config commands](#drop-counters-config-commands) + * [Drop Counter clear commands](#drop-counters-clear-commands) +* [Dynamic Buffer Management](#dynamic-buffer-management) + * [Configuration commands](#configuration-commands) + * [Show commands](#show-commands) +* [ECN](#ecn) + * [ECN show commands](#ecn-show-commands) + * [ECN config commands](#ecn-config-commands) +* [Feature](#feature) + * [Feature show commands](#feature-show-commands) + * [Feature config commands](#feature-config-commands) +* [Flow Counters](#flow-counters) + * [Flow Counters show commands](#flow-counters-show-commands) + * [Flow Counters clear commands](#flow-counters-clear-commands) + * [Flow Counters config commands](#flow-counters-config-commands) +* [Gearbox](#gearbox) + * [Gearbox show commands](#gearbox-show-commands) +* [Interfaces](#interfaces) + * [Interface Show Commands](#interface-show-commands) + * [Interface Config Commands](#interface-config-commands) +* [Interface Naming Mode](#interface-naming-mode) + * [Interface naming mode show commands](#interface-naming-mode-show-commands) + * [Interface naming mode config commands](#interface-naming-mode-config-commands) + * [Interface Vrf binding](#interface-vrf-binding) + * [Interface vrf bind & unbind config commands](#interface-vrf-bind-&-unbind-config-commands) + * [Interface vrf binding show commands](#interface-vrf-binding-show-commands) +* [IP / IPv6](#ip--ipv6) + * [IP show commands](#ip-show-commands) + * [IPv6 show commands](#ipv6-show-commands) +* [IPv6 Link Local](#ipv6-link-local) + * [IPv6 Link Local config commands](#ipv6-link-local-config-commands) + * [IPv6 Link Local show commands](#ipv6-link-local-show-commands) +* [Kubernetes](#Kubernetes) + * [Kubernetes show commands](#Kubernetes-show-commands) + * [Kubernetes config commands](#Kubernetes-config-commands) +* [Linux Kernel Dump](#kdump) + * [Linux Kernel Dump show commands](#Linux-Kernel-Dump-show-commands) + * [Linux Kernel Dump config commands](#Linux-Kernel-Dump-config-command) +* [LLDP](#lldp) + * [LLDP show commands](#lldp-show-commands) +* [Loading, Reloading And Saving Configuration](#loading-reloading-and-saving-configuration) + * [Loading configuration from JSON file](#loading-configuration-from-json-file) + * [Loading configuration from minigraph (XML) file](#loading-configuration-from-minigraph-xml-file) + * [Reloading Configuration](#reloading-configuration) + * [Loading Management Configuration](#loading-management-configuration) + * [Saving Configuration to a File for Persistence](saving-configuration-to-a-file-for-persistence) + * [Loopback Interfaces](#loopback-interfaces) + * [Loopback show commands](#loopback-show-commands) + * [Loopback config commands](#loopback-config-commands) +* [VRF Configuration](#vrf-configuration) + * [VRF show commands](#vrf-show-commands) + * [VRF config commands](#vrf-config-commands) +* [Management VRF](#Management-VRF) + * [Management VRF Show commands](#management-vrf-show-commands) + * [Management VRF Config commands](#management-vrf-config-commands) +* [Mirroring](#mirroring) + * [Mirroring Show commands](#mirroring-show-commands) + * [Mirroring Config commands](#mirroring-config-commands) +* [Muxcable](#muxcable) + * [Muxcable Show commands](#muxcable-show-commands) + * [Muxcable Config commands](#muxcable-config-commands) +* [NAT](#nat) + * [NAT Show commands](#nat-show-commands) + * [NAT Config commands](#nat-config-commands) + * [NAT Clear commands](#nat-clear-commands) +* [NTP](#ntp) + * [NTP show commands](#ntp-show-commands) + * [NTP config commands](#ntp-config-commands) +* [NVGRE](#nvgre) + * [NVGRE show commands](#nvgre-show-commands) + * [NVGRE config commands](#nvgre-config-commands) +* [PBH](#pbh) + * [PBH show commands](#pbh-show-commands) + * [PBH config commands](#pbh-config-commands) +* [PFC Watchdog Commands](#pfc-watchdog-commands) +* [Platform Component Firmware](#platform-component-firmware) + * [Platform Component Firmware show commands](#platform-component-firmware-show-commands) + * [Platform Component Firmware config commands](#platform-component-firmware-config-commands) + * [Platform Component Firmware vendor specific behaviour](#platform-component-firmware-vendor-specific-behaviour) +* [Platform Specific Commands](#platform-specific-commands) + * [Mellanox Platform Specific Commands](#mellanox-platform-specific-commands) + * [Barefoot Platform Specific Commands](#barefoot-platform-specific-commands) +* [PortChannels](#portchannels) + * [PortChannel Show commands](#portchannel-show-commands) + * [PortChannel Config commands](#portchannel-config-commands) +* [QoS](#qos) + * [QoS Show commands](#qos-show-commands) + * [PFC](#pfc) + * [Queue And Priority-Group](#queue-and-priority-group) + * [Buffer Pool](#buffer-pool) + * [QoS config commands](#qos-config-commands) +* [Radius](#radius) + * [radius show commands](#show-radius-commands) + * [radius config commands](#Radius-config-commands) +* [sFlow](#sflow) + * [sFlow Show commands](#sflow-show-commands) + * [sFlow Config commands](#sflow-config-commands) +* [SNMP](#snmp) + * [SNMP Show commands](#snmp-show-commands) + * [SNMP Config commands](#snmp-config-commands) +* [Startup & Running Configuration](#startup--running-configuration) + * [Startup Configuration](#startup-configuration) + * [Running Configuration](#running-configuration) +* [Static routing](#static-routing) +* [Subinterfaces](#subinterfaces) + * [Subinterfaces Show Commands](#subinterfaces-show-commands) + * [Subinterfaces Config Commands](#subinterfaces-config-commands) +* [Syslog](#syslog) + * [Syslog show commands](#syslog-show-commands) + * [Syslog config commands](#syslog-config-commands) +* [System State](#system-state) + * [Processes](#processes) + * [Services & Memory](#services--memory) +* [System-Health](#System-Health) +* [VLAN & FDB](#vlan--fdb) + * [VLAN](#vlan) + * [VLAN show commands](#vlan-show-commands) + * [VLAN Config commands](#vlan-config-commands) + * [FDB](#fdb) + * [FDB show commands](#fdb-show-commands) +* [VxLAN & Vnet](#vxlan--vnet) + * [VxLAN](#vxlan) + * [VxLAN show commands](#vxlan-show-commands) + * [Vnet](#vnet) + * [Vnet show commands](#vnet-show-commands) +* [Warm Reboot](#warm-reboot) +* [Warm Restart](#warm-restart) + * [Warm Restart show commands](#warm-restart-show-commands) + * [Warm Restart Config commands](#warm-restart-config-commands) +* [Watermark](#watermark) + * [Watermark Show commands](#watermark-show-commands) + * [Watermark Config commands](#watermark-config-commands) +* [Software Installation and Management](#software-installation-and-management) + * [SONiC Package Manager](#sonic-package-manager) + * [SONiC Installer](#sonic-installer) +* [Troubleshooting Commands](#troubleshooting-commands) + * [Debug Dumps](#debug-dumps) + * [Event Driven Techsupport Invocation](#event-driven-techsupport-invocation) +* [Routing Stack](#routing-stack) +* [Quagga BGP Show Commands](#Quagga-BGP-Show-Commands) +* [ZTP Configuration And Show Commands](#ztp-configuration-and-show-commands) + * [ ZTP show commands](#ztp-show-commands) + * [ZTP configuration commands](#ztp-configuration-commands) +* [MACsec Commands](#macsec-commands) + * [MACsec config command](#macsec-config-command) + * [MACsec show command](#macsec-show-command) + * [MACsec clear command](#macsec-clear-command) + + +## Document History + +| Version | Modification Date | Details | +| --- | --- | --- | +| v6 | May-06-2021 | Add SNMP show and config commands | +| v5 | Nov-05-2020 | Add document for console commands | +| v4 | Oct-17-2019 | Unify usage statements and other formatting; Replace tabs with spaces; Modify heading sizes; Fix spelling, grammar and other errors; Fix organization of new commands | +| v3 | Jun-26-2019 | Update based on 201904 (build#19) release, "config interface" command changes related to interfacename order, FRR/Quagga show command changes, platform specific changes, ACL show changes and few formatting changes | +| v2 | Apr-22-2019 | CLI Guide for SONiC 201811 version (build#32) with complete "config" command set | +| v1 | Mar-23-2019 | Initial version of CLI Guide with minimal command set | + +## Introduction +SONiC is an open source network operating system based on Linux that runs on switches from multiple vendors and ASICs. SONiC offers a full-suite of network functionality, like BGP and RDMA, that has been production-hardened in the data centers of some of the largest cloud-service providers. It offers teams the flexibility to create the network solutions they need while leveraging the collective strength of a large ecosystem and community. + +SONiC software shall be loaded in these [supported devices](https://github.com/Azure/SONiC/wiki/Supported-Devices-and-Platforms) and this CLI guide shall be used to configure the devices as well as to display the configuration, state and status. + +Follow the [Quick Start Guide](https://github.com/Azure/SONiC/wiki/Quick-Start) to boot the device in ONIE mode, install the SONiC software using the steps specified in the document and login to the device using the default username and password. + +After logging into the device, SONiC software can be configured in following three methods. + 1. Command Line Interface (CLI) + 2. [config_db.json](https://github.com/Azure/SONiC/wiki/Configuration) + 3. [minigraph.xml](https://github.com/Azure/SONiC/wiki/Configuration-with-Minigraph-(~Sep-2017)) + +This document explains the first method and gives the complete list of commands that are supported in SONiC 201904 version (build#19). +All the configuration commands need root privileges to execute them. Note that show commands can be executed by all users without the root privileges. +Root privileges can be obtained either by using "sudo" keyword in front of all config commands, or by going to root prompt using "sudo -i". +Note that all commands are case sensitive. + +- Example: + ``` + admin@sonic:~$ sudo config aaa authentication login tacacs+ + + OR + + admin@sonic:~$ sudo -i + root@sonic:~# config aaa authentication login tacacs+ + ``` + +Note that the command list given in this document is just a subset of all possible configurations in SONiC. +Please follow config_db.json based configuration for the complete list of configuration options. + +**Scope of this Document** + +It is assumed that all configuration commands start with the keyword “config” as prefix. +Any other scripts/utilities/commands that need user configuration control are wrapped as sub-commands under the “config” command. +The direct scripts/utilities/commands (examples given below) that are not wrapped under the "config" command are not in the scope of this document. + 1. acl_loader – This script is already wrapped inside “config acl” command; i.e. any ACL configuration that user is allowed to do is already part of “config acl” command; users are not expected to use the acl_loader script directly and hence this document need not explain the “acl_loader” script. + 2. crm – this command is not explained in this document. + 3. sonic-clear, sfputil, etc., This document does not explain these scripts also. + +## Basic Tasks + +This section covers the basic configurations related to the following: + 1. [SSH login](#SSH-Login) + 2. [Configuring the Management Interface](#Configuring-Management-Interface) + +### SSH Login + +All SONiC devices support both the serial console based login and the SSH based login by default. +The default credential (if not modified at image build time) for login is `admin/YourPaSsWoRd`. +In case of SSH login, users can login to the management interface (eth0) IP address after configuring the same using serial console. +Refer the following section for configuring the IP address for management interface. + +- Example: + ``` + At Console: + Debian GNU/Linux 9 sonic ttyS1 + + sonic login: admin + Password: YourPaSsWoRd + + SSH from any remote server to sonic can be done by connecting to SONiC IP + user@debug:~$ ssh admin@sonic_ip_address(or SONIC DNS Name) + admin@sonic's password: + ``` + +By default, login takes the user to the default prompt from which all the show commands can be executed. + +Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-tasks) + +### Show Management Interface + +Please check [show ip interfaces](#show-ip-interfaces) + +### Configuring Management Interface + +The management interface (eth0) in SONiC is configured (by default) to use DHCP client to get the IP address from the DHCP server. Connect the management interface to the same network in which your DHCP server is connected and get the IP address from DHCP server. +The IP address received from DHCP server can be verified using the `/sbin/ifconfig eth0` Linux command. + +SONiC provides a CLI to configure the static IP for the management interface. There are few ways by which a static IP address can be configured for the management interface. + 1. Use the `config interface ip add eth0` command. + - Example: + ``` + admin@sonic:~$ sudo config interface ip add eth0 20.11.12.13/24 20.11.12.254 + ``` + 2. Use config_db.json and configure the MGMT_INTERFACE key with the appropriate values. Refer [here](https://github.com/Azure/SONiC/wiki/Configuration#Management-Interface) + 3. Use minigraph.xml and configure "ManagementIPInterfaces" tag inside "DpgDesc" tag as given at the [page](https://github.com/Azure/SONiC/wiki/Configuration-with-Minigraph-(~Sep-2017)) + +Once the IP address is configured, the same can be verified using either `show management_interface address` command or the `/sbin/ifconfig eth0` linux command. +Users can SSH login to this management interface IP address from their management network. + +- Example: + ``` + admin@sonic:~$ /sbin/ifconfig eth0 + eth0: flags=4163 mtu 1500 + inet 10.11.11.13 netmask 255.255.255.0 broadcast 10.11.12.255 + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-tasks) + +## Getting Help + +Subsections: + 1. [Help for Config Commands](#Config-Help) + 2. [Help for Show Commands](#Show-Help) + 3. [Show Versions](#Show-Versions) + 4. [Show System Status](#Show-System-Status) + 5. [Show Hardware Platform](#Show-Hardware-Platform) + +### Help for Config Commands + +All commands have in-built help that aids the user in understanding the command as well as the possible sub-commands and options. +"--help" can be used at any level of the command; i.e. it can be used at the command level, or sub-command level or at argument level. The in-built help will display the available possibilities corresponding to that particular command/sub-command. + +**config --help** + +This command lists all the possible configuration commands at the top level. + +- Usage: + ``` + config --help + ``` + +- Example: + ``` + admin@sonic:~$ config --help + Usage: config [OPTIONS] COMMAND [ARGS] + SONiC command line - 'config' command + + Options: + --help Show this message and exit. + + Commands: + aaa AAA command line + acl ACL-related configuration tasks + bgp BGP-related configuration tasks + ecn ECN-related configuration tasks + feature Modify configuration of features + hostname Change device hostname without impacting traffic + interface Interface-related configuration tasks + interface_naming_mode Modify interface naming mode for interacting... + kubernetes Kubernetes server related configuration + load Import a previous saved config DB dump file. + load_mgmt_config Reconfigure hostname and mgmt interface based... + load_minigraph Reconfigure based on minigraph. + loopback Loopback-related configuration tasks. + mirror_session + nat NAT-related configuration tasks + platform Platform-related configuration tasks + portchannel + qos + reload Clear current configuration and import a... + route route-related configuration tasks + save Export current config DB to a file on disk. + tacacs TACACS+ server configuration + vlan VLAN-related configuration tasks + vrf VRF-related configuration tasks + warm_restart warm_restart-related configuration tasks + watermark Configure watermark + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#getting-help) + +### Help For Show Commands + +**show help** + +This command displays the full list of show commands available in the software; the output of each of those show commands can be used to analyze, debug or troubleshoot the network node. + +- Usage: + ``` + show (-?|-h|--help) + ``` + +- Example: + ``` + admin@sonic:~$ show -? + Usage: show [OPTIONS] COMMAND [ARGS]... + SONiC command line - 'show' command + + Options: + -?, -h, --help Show this message and exit. + + Commands: + aaa Show AAA configuration + acl Show ACL related information + arp Show IP ARP table + buffer_pool Show details of the Buffer-pools + clock Show date and time + ecn Show ECN configuration + environment Show environmentals (voltages, fans, temps) + feature Show feature status + interfaces Show details of the network interfaces + ip Show IP (IPv4) commands + ipv6 Show IPv6 commands + kubernetes Show kubernetes commands + line Show all /dev/ttyUSB lines and their info + lldp Show LLDP information + logging Show system log + mac Show MAC (FDB) entries + mirror_session Show existing everflow sessions + mmu Show mmu configuration + muxcable Show muxcable information + nat Show details of the nat + ndp Show IPv6 Neighbour table + ntp Show NTP information + pfc Show details of the priority-flow-control... + platform Show platform-specific hardware info + priority-group Show details of the PGs + processes Show process information + queue Show details of the queues + reboot-cause Show cause of most recent reboot + route-map Show route-map + runningconfiguration Show current running configuration... + services Show all daemon services + startupconfiguration Show startup configuration information + subinterfaces Show details of the sub port interfaces + system-memory Show memory information + tacacs Show TACACS+ configuration + techsupport Gather information for troubleshooting + uptime Show system uptime + users Show users + version Show version information + vlan Show VLAN information + vrf Show vrf config + warm_restart Show warm restart configuration and state + watermark Show details of watermark + ``` + +The same syntax applies to all subgroups of `show` which themselves contain subcommands, and subcommands which accept options/arguments. + +- Example: + ``` + admin@sonic:~$ show interfaces -? + + Show details of the network interfaces + + Options: + -?, -h, --help Show this message and exit. + + Commands: + counters Show interface counters + description Show interface status, protocol and... + naming_mode Show interface naming_mode status + neighbor Show neighbor related information + portchannel Show PortChannel information + status Show Interface status information + tpid Show Interface tpid information + transceiver Show SFP Transceiver information + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#getting-help) + +## Basic Show Commands + +Subsections: + 1. [Show Versions](#Show-Versions) + 2. [Show System Status](#Show-System-Status) + 3. [Show Hardware Platform](#Show-Hardware-Platform) + +### Show Versions + +**show version** + +This command displays software component versions of the currently running SONiC image. This includes the SONiC image version as well as Docker image versions. +This command displays relevant information as the SONiC and Linux kernel version being utilized, as well as the ID of the commit used to build the SONiC image. The second section of the output displays the various docker images and their associated IDs. + +- Usage: + ``` + show version + ``` + +- Example: + ``` + admin@sonic:~$ show version + SONiC Software Version: SONiC.HEAD.32-21ea29a + Distribution: Debian 9.8 + Kernel: 4.9.0-8-amd64 + Build commit: 21ea29a + Build date: Fri Mar 22 01:55:48 UTC 2019 + Built by: johnar@jenkins-worker-4 + + Platform: x86_64-mlnx_msn2700-r0 + HwSKU: Mellanox-SN2700 + ASIC: mellanox + ASIC Count: 1 + Serial Number: MT1822K07815 + Model Number: MSN2700-CS2FO + Hardware Rev: A1 + Uptime: 14:40:15 up 3 min, 1 user, load average: 1.26, 1.45, 0.66 + Date: Fri 22 Mar 2019 14:40:15 + + Docker images: + REPOSITORY TAG IMAGE ID SIZE + docker-syncd-brcm HEAD.32-21ea29a 434240daff6e 362MB + docker-syncd-brcm latest 434240daff6e 362MB + docker-orchagent-brcm HEAD.32-21ea29a e4f9c4631025 287MB + docker-orchagent-brcm latest e4f9c4631025 287MB + docker-nat HEAD.32-21ea29a 46075edc1c69 305MB + docker-nat latest 46075edc1c69 305MB + docker-lldp-sv2 HEAD.32-21ea29a 9681bbfea3ac 275MB + docker-lldp-sv2 latest 9681bbfea3ac 275MB + docker-dhcp-relay HEAD.32-21ea29a 2db34c7bc6f4 257MB + docker-dhcp-relay latest 2db34c7bc6f4 257MB + docker-database HEAD.32-21ea29a badc6fc84cdb 256MB + docker-database latest badc6fc84cdb 256MB + docker-snmp-sv2 HEAD.32-21ea29a e2776e2a30b7 295MB + docker-snmp-sv2 latest e2776e2a30b7 295MB + docker-teamd HEAD.32-21ea29a caf957cd2ad1 275MB + docker-teamd latest caf957cd2ad1 275MB + docker-router-advertiser HEAD.32-21ea29a b1a62023958c 255MB + docker-router-advertiser latest b1a62023958c 255MB + docker-platform-monitor HEAD.32-21ea29a 40b40a4b2164 287MB + docker-platform-monitor latest 40b40a4b2164 287MB + docker-fpm-quagga HEAD.32-21ea29a 546036fe6838 282MB + docker-fpm-quagga latest 546036fe6838 282MB + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) + + +### Show System Status +This sub-section explains some set of sub-commands that are used to display the status of various parameters pertaining to the physical state of the network node. + +**show clock** + +This command displays the current date and time configured on the system + +- Usage: + ``` + show clock + ``` + +- Example: + ``` + admin@sonic:~$ show clock + Mon Mar 25 20:25:16 UTC 2019 + ``` + +**show boot** + +This command displays the current OS image, the image to be loaded on next reboot, and lists all the available images installed on the device + +- Usage: + ``` + show boot + ``` + +- Example: + ``` + admin@sonic:~$ show boot + Current: SONiC-OS-20181130.31 + Next: SONiC-OS-20181130.31 + Available: + SONiC-OS-20181130.31 + ``` + +**show environment** + +This command displays the platform environmentals, such as voltages, temperatures and fan speeds + +- Usage: + ``` + show environment + ``` + +- Example: + ``` + admin@sonic:~$ show environment + coretemp-isa-0000 + Adapter: ISA adapter + Core 0: +28.0 C (high = +98.0 C, crit = +98.0 C) + Core 1: +28.0 C (high = +98.0 C, crit = +98.0 C) + Core 2: +28.0 C (high = +98.0 C, crit = +98.0 C) + Core 3: +28.0 C (high = +98.0 C, crit = +98.0 C) + SMF_Z9100_ON-isa-0000 + Adapter: ISA adapter + CPU XP3R3V_EARLY: +3.22 V + <... few more things ...> + + Onboard Temperature Sensors: + CPU: 30 C + BCM56960 (PSU side): 35 C + <... few more things ...> + + Onboard Voltage Sensors: + CPU XP3R3V_EARLY 3.22 V + <... few more things ...> + + Fan Trays: + Fan Tray 1: + Fan1 Speed: 6192 RPM + Fan2 Speed: 6362 RPM + Fan1 State: Normal + Fan2 State: Normal + Air Flow: F2B + <... few more things ...> + + PSUs: + PSU 1: + Input: AC + <... few more things ...> + ``` +NOTE: The show output has got lot of information; only the sample output is given in the above example. +Though the displayed output slightly differs from one platform to another platform, the overall content will be similar to the example mentioned above. + +**show reboot-cause** + +This command displays the cause of the previous reboot + +- Usage: + ``` + show reboot-cause + ``` + +- Example: + ``` + admin@sonic:~$ show reboot-cause + User issued reboot command [User: admin, Time: Mon Mar 25 01:02:03 UTC 2019] + ``` + +**show reboot-cause history** + +This command displays the history of the previous reboots up to 10 entry + +- Usage: + ``` + show reboot-cause history + ``` + +- Example: + ``` + admin@sonic:~$ show reboot-cause history + Name Cause Time User Comment + ------------------- ----------- ---------------------------- ------ --------- + 2020_10_09_02_33_06 reboot Fri Oct 9 02:29:44 UTC 2020 admin + 2020_10_09_01_56_59 reboot Fri Oct 9 01:53:49 UTC 2020 admin + 2020_10_09_02_00_53 fast-reboot Fri Oct 9 01:58:04 UTC 2020 admin + 2020_10_09_04_53_58 warm-reboot Fri Oct 9 04:51:47 UTC 2020 admin + ``` + +**show uptime** + +This command displays the current system uptime + +- Usage: + ``` + show uptime + ``` + +- Example: + ``` + admin@sonic:~$ show uptime + up 2 days, 21 hours, 30 minutes + ``` + +**show logging** + +This command displays all the currently stored log messages. +All the latest processes and corresponding transactions are stored in the "syslog" file. +This file is saved in the path `/var/log` and can be viewed by giving the command ` sudo cat syslog` as this requires root login. + +- Usage: + ``` + show logging [( [-l|--lines ]) | (-f|--follow)] + ``` + +- Example: + ``` + admin@sonic:~$ show logging + ``` + +It can be useful to pipe the output from `show logging` to the command `more` in order to examine one screenful of log messages at a time + +- Example: + ``` + admin@sonic:~$ show logging | more + ``` + +Optionally, you can specify a process name in order to display only log messages mentioning that process + +- Example: + ``` + admin@sonic:~$ show logging sensord + ``` + +Optionally, you can specify a number of lines to display using the `-l` or `--lines` option. Only the most recent N lines will be displayed. Also note that this option can be combined with a process name. + +- Examples: + ``` + admin@sonic:~$ show logging --lines 50 + ``` + ``` + admin@sonic:~$ show logging sensord --lines 50 + ``` + +Optionally, you can follow the log live as entries are written to it by specifying the `-f` or `--follow` flag + +- Example: + ``` + admin@sonic:~$ show logging --follow + ``` + +**show users** + +This command displays a list of users currently logged in to the device + +- Usage: + ``` + show users + ``` + +- Examples: + ``` + admin@sonic:~$ show users + admin pts/9 Mar 25 20:31 (100.127.20.23) + + admin@sonic:~$ show users + admin ttyS1 2019-03-25 20:31 + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) + +### Show Hardware Platform + +The information displayed in this set of commands partially overlaps with the one generated by “show envinronment” instruction. In this case though, the information is presented in a more succinct fashion. In the future these two CLI stanzas may end up getting combined. + +**show platform summary** + +This command displays a summary of the device's hardware platform + +- Usage: + ``` + show platform summary + ``` + +- Example: + ``` + admin@sonic:~$ show platform summary + Platform: x86_64-mlnx_msn2700-r0 + HwSKU: Mellanox-SN2700 + ASIC: mellanox + ASIC Count: 1 + Serial Number: MT1822K07815 + Model Number: MSN2700-CS2FO + Hardware Rev: A1 + ``` + +**show platform syseeprom** + +This command displays information stored on the system EEPROM. +Note that the output of this command is not the same for all vendor's platforms. +Couple of example outputs are given below. + +- Usage: + ``` + show platform syseeprom + ``` + +- Example: + ``` + admin@sonic:~$ show platform syseeprom + lsTLV Name Len Value + -------------------- --- ----- + PPID 20 XX-XXXXXX-00000-000-0000 + DPN Rev 3 XXX + Service Tag 7 XXXXXXX + Part Number 10 XXXXXX + Part Number Rev 3 XXX + Mfg Test Results 2 FF + Card ID 2 0x0000 + Module ID 2 0 + Base MAC Address 12 FE:EC:BA:AB:CD:EF + (checksum valid) + ``` + + ``` + admin@sonic:~$ show platform syseeprom + TlvInfo Header: + Id String: TlvInfo + Version: 1 + Total Length: 527 + TLV Name Code Len Value + ---- --- ----- + Product Name 0x21 64 MSN2700 + Part Number 0x22 20 MSN2700-CS2FO + Serial Number 0x23 24 MT1822K07815 + Base MAC Address 0x24 6 50:6B:4B:8F:CE:40 + Manufacture Date 0x25 19 05/28/2018 23:56:02 + Device Version 0x26 1 16 + MAC Addresses 0x2A 2 128 + Manufacturer 0x2B 8 Mellanox + Vendor Extension 0xFD 36 + Vendor Extension 0xFD 164 + Vendor Extension 0xFD 36 + Vendor Extension 0xFD 36 + Vendor Extension 0xFD 36 + Platform Name 0x28 18 x86_64-mlnx_x86-r0 + ONIE Version 0x29 21 2018.08-5.2.0006-9600 + CRC-32 0xFE 4 0x11C017E1 + + (checksum valid) + ``` + +**show platform ssdhealth** + +This command displays health parameters of the device's SSD + +- Usage: + ``` + show platform ssdhealth [--vendor] + ``` + +- Example: + ``` + admin@sonic:~$ show platform ssdhealth + Device Model : M.2 (S42) 3IE3 + Health : 99.665% + Temperature : 30C + ``` + +**show platform psustatus** + +This command displays the status of the device's power supply units + +- Usage: + ``` + show platform psustatus + ``` + +- Example: + ``` + admin@sonic:~$ show platform psustatus + PSU Model Serial HW Rev Voltage (V) Current (A) Power (W) Status LED + ----- ------------- ------------ -------- ------------- ------------- ----------- -------- ----- + PSU 1 MTEF-PSF-AC-A MT1621X15246 A3 11.97 4.56 54.56 OK green + ``` + +**show platform fan** + +This command displays the status of the device's fans + +- Usage: + ``` + show platform fan + ``` + +- Example: + ``` + admin@sonic:~$ show platform fan + FAN Speed Direction Presence Status Timestamp + ----------- -------- ----------- ---------- -------- ----------------- + fan1 34% intake Present OK 20200302 06:58:56 + fan2 43% intake Present OK 20200302 06:58:56 + fan3 38% intake Present OK 20200302 06:58:56 + fan4 49% intake Present OK 20200302 06:58:57 + fan5 38% exhaust Present OK 20200302 06:58:57 + fan6 48% exhaust Present OK 20200302 06:58:57 + fan7 39% exhaust Present OK 20200302 06:58:57 + fan8 48% exhaust Present OK 20200302 06:58:57 + ``` + +**show platform temperature** + +This command displays the status of the device's thermal sensors + +- Usage: + ``` + show platform temperature + ``` + +- Example: + ``` + admin@sonic:~$ show platform temperature + NAME Temperature High Th Low Th Crit High Th Crit Low Th Warning Timestamp + ---------------------- ------------- --------- -------- -------------- ------------- --------- ----------------- + Ambient ASIC Temp 37.0 100.0 N/A 120.0 N/A False 20200302 06:58:57 + Ambient Fan Side Temp 28.5 100.0 N/A 120.0 N/A False 20200302 06:58:57 + Ambient Port Side Temp 31.0 100.0 N/A 120.0 N/A False 20200302 06:58:57 + CPU Core 0 Temp 36.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 + CPU Core 1 Temp 38.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 + CPU Pack Temp 38.0 87.0 N/A 105.0 N/A False 20200302 06:59:57 + PSU-1 Temp 28.0 100.0 N/A 120.0 N/A False 20200302 06:59:58 + PSU-2 Temp 28.0 100.0 N/A 120.0 N/A False 20200302 06:59:58 + xSFP module 1 Temp 31.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 2 Temp 35.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 3 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 4 Temp 33.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 5 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 6 Temp 36.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 7 Temp 33.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 8 Temp 33.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 9 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 10 Temp 38.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 11 Temp 38.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 12 Temp 39.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 13 Temp 35.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 14 Temp 37.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 15 Temp 36.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 16 Temp 36.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 17 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 18 Temp 34.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 19 Temp 30.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 20 Temp 31.5 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 21 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 22 Temp 34.4 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 23 Temp 34.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 24 Temp 35.6 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 25 Temp 38.0 70.0 N/A 90.0 N/A False 20200302 06:59:57 + xSFP module 26 Temp 32.2 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 27 Temp 39.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 28 Temp 30.1 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 29 Temp 32.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 30 Temp 35.3 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 31 Temp 31.0 70.0 N/A 90.0 N/A False 20200302 06:59:58 + xSFP module 32 Temp 39.5 70.0 N/A 90.0 N/A False 20200302 06:59:58 + ``` + +#### Transceivers +Displays diagnostic monitoring information of the transceivers + +**show interfaces transceiver** + +This command displays information for all the interfaces for the transceiver requested or a specific interface if the optional "interface_name" is specified. + +- Usage: + ``` + show interfaces transceiver (eeprom [-d|--dom] | lpmode | presence | error-status [-hw|--fetch-from-hardware]) [] + ``` + +- Example (Decode and display information stored on the EEPROM of SFP transceiver connected to Ethernet0): + ``` + admin@sonic:~$ show interfaces transceiver eeprom --dom Ethernet0 + Ethernet0: SFP detected + Connector : No separable connector + Encoding : Unspecified + Extended Identifier : Unknown + Extended RateSelect Compliance : QSFP+ Rate Select Version 1 + Identifier : QSFP+ + Length Cable Assembly(m) : 1 + Specification compliance : + 10/40G Ethernet Compliance Code : 40GBASE-CR4 + Fibre Channel Speed : 1200 Mbytes/Sec + Fibre Channel link length/Transmitter Technology : Electrical inter-enclosure (EL) + Fibre Channel transmission media : Twin Axial Pair (TW) + Vendor Date Code(YYYY-MM-DD Lot) : 2015-10-31 + Vendor Name : XXXXX + Vendor OUI : XX-XX-XX + Vendor PN : 1111111111 + Vendor Rev : + Vendor SN : 111111111 + ChannelMonitorValues: + RX1Power: -1.1936dBm + RX2Power: -1.1793dBm + RX3Power: -0.9388dBm + RX4Power: -1.0729dBm + TX1Bias: 4.0140mA + TX2Bias: 4.0140mA + TX3Bias: 4.0140mA + TX4Bias: 4.0140mA + ModuleMonitorValues : + Temperature : 1.1111C + Vcc : 0.0000Volts + ``` + +- Example (Display status of low-power mode of SFP transceiver connected to Ethernet100): + ``` + admin@sonic:~$ show interfaces transceiver lpmode Ethernet100 + Port Low-power Mode + ----------- ---------------- + Ethernet100 On + ``` + + +- Example (Display presence of SFP transceiver connected to Ethernet100): + ``` + admin@sonic:~$ show interfaces transceiver presence Ethernet100 + Port Presence + ----------- ---------- + Ethernet100 Present + ``` + +- Example (Display error status of SFP transceiver connected to Ethernet100): + ``` + admin@sonic:~$ show interfaces transceiver error-status Ethernet100 + Port Error Status + ----------- -------------- + Ethernet100 OK + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#basic-show-commands) + +## AAA & TACACS+ +This section captures the various show commands & configuration commands that are applicable for the AAA (Authentication, Authorization, and Accounting) module. +Admins can configure the type of authentication (local or remote tacacs based) required for the users and also the authentication failthrough and fallback options. +Following show command displays the current running configuration related to the AAA. + +### AAA + +#### AAA show commands + +This command is used to view the Authentication, Authorization & Accounting settings that are configured in the network node. + +**show aaa** + +This command displays the AAA settings currently present in the network node + +- Usage: + ``` + show aaa + ``` + +- Example: + ``` + admin@sonic:~$ show aaa + AAA authentication login local (default) + AAA authentication failthrough True (default) + AAA authentication fallback True (default) + ``` + +#### AAA config commands + +This sub-section explains all the possible CLI based configuration options for the AAA module. The list of commands/sub-commands possible for aaa is given below. + + Command: aaa authentication + sub-commands: + - aaa authentication failthrough + - aaa authentication fallback + - aaa authentication login + +**aaa authentication failthrough** + +This command is used to either enable or disable the failthrough option. +This command is useful when user has configured more than one tacacs+ server and when user has enabled tacacs+ authentication. +When authentication request to the first server fails, this configuration allows to continue the request to the next server. +When this configuration is enabled, authentication process continues through all servers configured. +When this is disabled and if the authentication request fails on first server, authentication process will stop and the login will be disallowed. + + +- Usage: + ``` + config aaa authentication failthrough (enable | disable | default) + ``` + + - Parameters: + - enable: This allows the AAA module to process with local authentication if remote authentication fails. + - disable: This disallows the AAA module to proceed further if remote authentication fails. + - default: This re-configures the default value, which is "enable". + + +- Example: + ``` + admin@sonic:~$ sudo config aaa authentication failthrough enable + ``` +**aaa authentication fallback** + +The command is not used at the moment. +When the tacacs+ authentication fails, it falls back to local authentication by default. + +- Usage: + ``` + config aaa authentication fallback (enable | disable | default) + ``` + +- Example: + ``` + admin@sonic:~$ sudo config aaa authentication fallback enable + ``` + +**aaa authentication login** + +This command is used to either configure whether AAA should use local database or remote tacacs+ database for user authentication. +By default, AAA uses local database for authentication. New users can be added/deleted using the linux commands (Note that the configuration done using linux commands are not preserved during reboot). +Admin can enable remote tacacs+ server based authentication by selecting the AUTH_PROTOCOL as tacacs+ in this command. +Admins need to configure the tacacs+ server accordingly and ensure that the connectivity to tacacas+ server is available via the management interface. +Once if the admins choose the remote authentication based on tacacs+ server, all user logins will be authenticated by the tacacs+ server. +If the authentication fails, AAA will check the "failthrough" configuration and authenticates the user based on local database if failthrough is enabled. + +- Usage: + ``` + config aaa authentication (tacacs+ | local | default) + ``` + + - Parameters: + - tacacs+: Enables remote authentication based on tacacs+ + - local: Disables remote authentication and uses local authentication + - default: Reset back to default value, which is only "local" authentication + + +- Example: + ``` + admin@sonic:~$ sudo config aaa authentication login tacacs+ + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#aaa--tacacs) + +### TACACS+ + +#### TACACS+ show commands + +**show tacacs** + +This command displays the global configuration fields and the list of all tacacs servers and their correponding configurations. + +- Usage: + ``` + show tacacs + ``` + +- Example: + ``` + admin@sonic:~$ show tacacs + TACPLUS global auth_type pap (default) + TACPLUS global timeout 99 + TACPLUS global passkey (default) + + TACPLUS_SERVER address 10.11.12.14 + priority 9 + tcp_port 50 + auth_type mschap + timeout 10 + passkey testing789 + + TACPLUS_SERVER address 10.0.0.9 + priority 1 + tcp_port 49 + ``` + +#### TACACS+ config commands + +This sub-section explains the command "config tacacs" and its sub-commands that are used to configure the following tacacs+ parameters. +Some of the parameters like authtype, passkey and timeout can be either configured at per server level or at global level (global value will be applied if there no server level configuration) + +1) Add/Delete the tacacs+ server details. +2) authtype - global configuration that is applied to all servers if there is no server specific configuration. +3) default - reset the authtype or passkey or timeout to the default values. +4) passkey - global configuration that is applied to all servers if there is no server specific configuration. +5) timeout - global configuration that is applied to all servers if there is no server specific configuration. + +**config tacacs add** + +This command is used to add a TACACS+ server to the tacacs server list. +Note that more than one tacacs+ (maximum of seven) can be added in the device. +When user tries to login, tacacs client shall contact the servers one by one. +When any server times out, device will try the next server one by one based on the priority value configured for that server. +When this command is executed, the configured tacacs+ server addresses are updated in /etc/pam.d/common-auth-sonic configuration file which is being used by tacacs service. + +- Usage: + ``` + config tacacs add [-t|--timeout ] [-k|--key ] [-a|--type ] [-o|--port ] [-p|--pri ] [-m|--use-mgmt-vrf] + ``` + + - Parameters: + - ip_address: TACACS+ server IP address. + - timeout: Transmission timeout interval in seconds, range 1 to 60, default 5 + - key: Shared secret + - type: Authentication type, "chap" or "pap" or "mschap" or "login", default is "pap". + - port: TCP port range is 1 to 65535, default 49 + - pri: Priority, priority range 1 to 64, default 1. + - use-mgmt-vrf: This means that the server is part of Management vrf, default is "no vrf" + + +- Example: + ``` + admin@sonic:~$ sudo config tacacs add 10.11.12.13 -t 10 -k testing789 -a mschap -o 50 -p 9 + ``` + + - Example Server Configuration in /etc/pam.d/common-auth-sonic configuration file: + ``` + auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.14:50 secret=testing789 login=mschap timeout=10 try_first_pass + auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.24:50 secret=testing789 login=mschap timeout=987654321098765433211 + 0987 try_first_pass + auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.0.0.9:49 secret= login=mschap timeout=5 try_first_pass + auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.0.0.8:49 secret= login=mschap timeout=5 try_first_pass + auth [success=done new_authtok_reqd=done default=ignore] pam_tacplus.so server=10.11.12.13:50 secret=testing789 login=mschap timeout=10 try_first_pass + auth [success=1 default=ignore] pam_unix.so nullok try_first_pass + ``` + + *NOTE: In the above example, the servers are stored (sorted) based on the priority value configured for the server.* + +**config tacacs delete** + +This command is used to delete the tacacs+ servers configured. + +- Usage: + ``` + config tacacs delete + ``` + +- Example: + ``` + admin@sonic:~$ sudo config tacacs delete 10.11.12.13 + ``` + +**config tacacs authtype** + +This command is used to modify the global value for the TACACS+ authtype. +When user has not configured server specific authtype, this global value shall be used for that server. + +- Usage: + ``` + config tacacs authtype (chap | pap | mschap | login) + ``` + +- Example: + ``` + admin@sonic:~$ sudo config tacacs authtype mschap + ``` + +**config tacacs default** + +This command is used to reset the global value for authtype or passkey or timeout to default value. +Default for authtype is "pap", default for passkey is EMPTY_STRING and default for timeout is 5 seconds. + +- Usage: + ``` + config tacacs default (authtype | passkey | timeout) + ``` + +- Example (This will reset the global authtype back to the default value "pap"): + ``` + admin@sonic:~$ sudo config tacacs default authtype + ``` + +**config tacacs passkey** + +This command is used to modify the global value for the TACACS+ passkey. +When user has not configured server specific passkey, this global value shall be used for that server. + +- Usage: + ``` + config tacacs passkey + ``` + +- Example: + ``` + admin@sonic:~$ sudo config tacacs passkey testing123 + ``` + +**config tacacs timeout** + +This command is used to modify the global value for the TACACS+ timeout. +When user has not configured server specific timeout, this global value shall be used for that server. + + +- Usage: + ``` + config tacacs [default] timeout [] + ``` + + - Options: + - Valid values for timeout is 1 to 60 seconds. + - When the optional keyword "default" is specified, timeout_value_in_seconds parameter wont be used; default value of 5 is used. + - Configuration using the keyword "default" is introduced in 201904 release. + +- Example: To configure non-default timeout value + ``` + admin@sonic:~$ sudo config tacacs timeout 60 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#aaa--tacacs) + + + +## ACL + +This section explains the various show commands and configuration commands available for users. + +### ACL show commands + +**show acl table** + +This command displays either all the ACL tables that are configured or only the specified "TABLE_NAME". +Output from the command displays the table name, type of the table, the list of interface(s) to which the table is bound and the description about the table. + +- Usage: + ``` + show acl table [] + ``` + +- Example: + ``` + admin@sonic:~$ show acl table + Name Type Binding Description Stage + -------- --------- --------------- ---------------- ------- + EVERFLOW MIRROR Ethernet16 EVERFLOW ingress + Ethernet96 + Ethernet108 + Ethernet112 + PortChannel0001 + PortChannel0002 + SNMP_ACL CTRLPLANE SNMP SNMP_ACL ingress + DT_ACL_T1 L3 Ethernet0 DATA_ACL_TABLE_1 egress + Ethernet4 + Ethernet112 + Ethernet116 + SSH_ONLY CTRLPLANE SSH SSH_ONLY ingress + ``` + +**show acl rule** + +This command displays all the ACL rules present in all the ACL tables or only the rules present in specified table "TABLE_NAME" or only the rule matching the RULE_ID option. +Output from the command gives the following information about the rules +1) Table name - ACL table name to which the rule belongs to. +2) Rule name - ACL rule name +3) Priority - Priority for this rule. +4) Action - Action to be performed if the packet matches with this ACL rule. + +It can be: +- "DROP"/"FORWARD"("ACCEPT" for control plane ACL) +- "REDIRECT: redirect-object" for redirect rule, where "redirect-object" is either: + - physical interface name, e.g. "Ethernet10" + - port channel name, e.g. "PortChannel0002" + - next-hop IP address, e.g. "10.0.0.1" + - next-hop group set of IP addresses with comma seperator, e.g. "10.0.0.1,10.0.0.3" +- "MIRROR INGRESS|EGRESS: session-name" for mirror rules, where "session-name" refers to mirror session + +Users can choose to have a default permit rule or default deny rule. In case of default "deny all" rule, add the permitted rules on top of the deny rule. In case of the default "permit all" rule, users can add the deny rules on top of it. If users have not confgured any rule, SONiC allows all traffic (which is "permit all"). + +5) Match - The fields from the packet header that need to be matched against the same present in the incoming traffic. + +- Usage: + ``` + show acl rule [] [] + ``` + +- Example: + ``` + admin@sonic:~$ show acl rule + Table Rule Priority Action Match + -------- ------------ ---------- ------------------------- ---------------------------- + SNMP_ACL RULE_1 9999 ACCEPT IP_PROTOCOL: 17 + SRC_IP: 1.1.1.1/32 + SSH_ONLY RULE_2 9998 ACCEPT IP_PROTOCOL: 6 + SRC_IP: 1.1.1.1/32 + EVERFLOW RULE_3 9997 MIRROR INGRESS: everflow0 SRC_IP: 20.0.0.2/32 + EVERFLOW RULE_4 9996 MIRROR EGRESS : everflow1 L4_SRC_PORT: 4621 + DATAACL RULE_5 9995 REDIRECT: Ethernet8 IP_PROTOCOL: 126 + DATAACL RULE_6 9994 FORWARD L4_SRC_PORT: 179 + DATAACL RULE_7 9993 FORWARD L4_DST_PORT: 179 + SNMP_ACL DEFAULT_RULE 1 DROP ETHER_TYPE: 2048 + SSH_ONLY DEFAULT_RULE 1 DROP ETHER_TYPE: 2048 + ``` + + +### ACL config commands +This sub-section explains the list of configuration options available for ACL module. +Note that there is no direct command to add or delete or modify the ACL table and ACL rule. +Existing ACL tables and ACL rules can be updated by specifying the ACL rules in json file formats and configure those files using this CLI command. + +**config acl update full** + +This command is to update the rules in all the tables or in one specific table in full. If a table_name is provided, the operation will be restricted in the specified table. All existing rules in the specified table or all tables will be removed. New rules loaded from file will be installed. If the table_name is specified, only rules within that table will be removed and new rules in that table will be installed. If the table_name is not specified, all rules from all tables will be removed and only the rules present in the input file will be added. + +The command does not modify anything in the list of acl tables. It modifies only the rules present in those pre-existing tables. + +In order to create acl tables, either follow the config_db.json method or minigraph method to populate the list of ACL tables. + +After creating tables, either the config_db.json method or the minigraph method or the CLI method (explained here) can be used to populate the rules in those ACL tables. + +This command updates only the ACL rules and it does not disturb the ACL tables; i.e. the output of "show acl table" is not alterted by using this command; only the output of "show acl rule" will be changed after this command. + +When "--session_name" optional argument is specified, command sets the session_name for the ACL table with this mirror session name. It fails if the specified mirror session name does not exist. + +When "--mirror_stage" optional argument is specified, command sets the mirror action to ingress/egress based on this parameter. By default command sets ingress mirror action in case argument is not specified. + +When the optional argument "max_priority" is specified, each rule’s priority is calculated by subtracting its “sequence_id” value from the “max_priority”. If this value is not passed, the default “max_priority” 10000 is used. + +- Usage: + ``` + config acl update full [--table_name ] [--session_name ] [--mirror_stage (ingress | egress)] [--max_priority ] + ``` + + - Parameters: + - table_name: Specifiy the name of the ACL table to load. Example: config acl update full "--table_name DT_ACL_T1 /etc/sonic/acl_table_1.json" + - session_name: Specifiy the name of the ACL session to load. Example: config acl update full "--session_name mirror_ses1 /etc/sonic/acl_table_1.json" + - priority_value: Specify the maximum priority to use when loading ACL rules. Example: config acl update full "--max-priority 100 /etc/sonic/acl_table_1.json" + + *NOTE 1: All these optional parameters should be inside double quotes. If none of the options are provided, double quotes are not required for specifying filename alone.* + *NOTE 2: Any number of optional parameters can be configured in the same command.* + +- Examples: + ``` + admin@sonic:~$ sudo config acl update full /etc/sonic/acl_full_snmp_1_2_ssh_4.json + admin@sonic:~$ sudo config acl update full "--table_name SNMP-ACL /etc/sonic/acl_full_snmp_1_2_ssh_4.json" + admin@sonic:~$ sudo config acl update full "--session_name everflow0 /etc/sonic/acl_full_snmp_1_2_ssh_4.json" + ``` + + This command will remove all rules from all the ACL tables and insert all the rules present in this input file. + Refer the example file [acl_full_snmp_1_2_ssh_4.json](#) that adds two rules for SNMP (Rule1 and Rule2) and one rule for SSH (Rule4) + Refer an example for input file format [here](https://github.com/Azure/sonic-mgmt/blob/master/ansible/roles/test/files/helpers/config_service_acls.sh) + Refer another example [here](https://github.com/Azure/sonic-mgmt/blob/master/ansible/roles/test/tasks/acl/acltb_test_rules_part_1.json) + +**config acl update incremental** + +This command is used to perform incremental update of ACL rule table. This command gets existing rules from Config DB and compares with rules specified in input file and performs corresponding modifications. + +With respect to DATA ACLs, the command does not assume that new dataplane ACLs can be inserted in betweeen by shifting existing ACLs in all ASICs. Therefore, this command performs a full update on dataplane ACLs. +With respect to control plane ACLs, this command performs an incremental update. +If we assume that "file1.json" is the already loaded ACL rules file and if "file2.json" is the input file that is passed as parameter for this command, the following requirements are valid for the input file. +1) First copy the file1.json to file2.json. +2) Remove the unwanted ACL rules from file2.json +3) Add the newly required ACL rules into file2.json. +4) Modify the existing ACL rules (that require changes) in file2.json. + +NOTE: If any ACL rule that is already available in file1.json is required even after this command execution, such rules should remain unalterted in file2.json. Don't remove them. +Note that "incremental" is working like "full". + +When "--session_name" optional argument is specified, command sets the session_name for the ACL table with this mirror session name. It fails if the specified mirror session name does not exist. + +When "--mirror_stage" optional argument is specified, command sets the mirror action to ingress/egress based on this parameter. By default command sets ingress mirror action in case argument is not specified. + +When the optional argument "max_priority" is specified, each rule’s priority is calculated by subtracting its “sequence_id” value from the “max_priority”. If this value is not passed, the default “max_priority” 10000 is used. + +- Usage: + ``` + config acl update incremental [--session_name ] [--mirror_stage (ingress | egress)] [--max_priority ] + ``` + + - Parameters: + - table_name: Specifiy the name of the ACL table to load. Example: config acl update full "--table_name DT_ACL_T1 /etc/sonic/acl_table_1.json" + - session_name: Specifiy the name of the ACL session to load. Example: config acl update full "--session_name mirror_ses1 /etc/sonic/acl_table_1.json" + - priority_value: Specify the maximum priority to use when loading ACL rules. Example: config acl update full "--max-priority 100 /etc/sonic/acl_table_1.json" + + *NOTE 1: All these optional parameters should be inside double quotes. If none of the options are provided, double quotes are not required for specifying filename alone.* + *NOTE 2: Any number of optional parameters can be configured in the same command.* + +- Examples: + ``` + admin@sonic:~$ sudo config acl update incremental /etc/sonic/acl_incremental_snmp_1_3_ssh_4.json + ``` + ``` + admin@sonic:~$ sudo config acl update incremental "--session_name everflow0 /etc/sonic/acl_incremental_snmp_1_3_ssh_4.json" + ``` + + Refer the example file [acl_incremental_snmp_1_3_ssh_4.json](#) that adds two rules for SNMP (Rule1 and Rule3) and one rule for SSH (Rule4) + When this "incremental" command is executed after "full" command, it has removed SNMP Rule2 and added SNMP Rule3 in the example. + File "acl_full_snmp_1_2_ssh_4.json" has got SNMP Rule1, SNMP Rule2 and SSH Rule4. + File "acl_incremental_snmp_1_3_ssh_4.json" has got SNMP Rule1, SNMP Rule3 and SSH Rule4. + This file is created by copying the file "acl_full_snmp_1_2_ssh_4.json" to "acl_incremental_snmp_1_3_ssh_4.json" and then removing SNMP Rule2 and adding SNMP Rule3. + +Go Back To [Beginning of the document](#) or [Beginning of this section](#acl) + +**config acl add table** + +This command is used to create new ACL tables. + +- Usage: + ``` + config acl add table [OPTIONS] [-d ] [-p ] [-s (ingress | egress)] + ``` + +- Parameters: + - table_name: The name of the ACL table to create. + - table_type: The type of ACL table to create (e.g. "L3", "L3V6", "MIRROR") + - description: A description of the table for the user. (default is the table_name) + - ports: A comma-separated list of ports/interfaces to add to the table. The behavior is as follows: + - Physical ports will be bound as physical ports + - Portchannels will be bound as portchannels - passing a portchannel member is invalid + - VLANs will be expanded into their members (e.g. "Vlan1000" will become "Ethernet0,Ethernet2,Ethernet4...") + - stage: The stage this ACL table will be applied to, either ingress or egress. (default is ingress) + +- Examples: + ``` + admin@sonic:~$ sudo config acl add table EXAMPLE L3 -p Ethernet0,Ethernet4 -s ingress + ``` + ``` + admin@sonic:~$ sudo config acl add table EXAMPLE_2 L3V6 -p Vlan1000,PortChannel0001,Ethernet128 -s egress + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#acl) + + +## ARP & NDP + +### ARP show commands + +**show arp** + +This command displays the ARP entries in the device with following options. +1) Display the entire table. +2) Display the ARP entries learnt on a specific interface. +3) Display the ARP of a specific ip-address. + +- Usage: + ``` + show arp [-if ] [] + ``` + +- Details: + - show arp: Displays all entries + - show arp -if : Displays the ARP specific to the specified interface. + - show arp : Displays the ARP specific to the specicied ip-address. + + +- Example: + ``` + admin@sonic:~$ show arp + Address MacAddress Iface Vlan + ------------- ----------------- ------- ------ + 192.168.1.183 88:5a:92:fb:bf:41 Ethernet44 - + 192.168.1.175 88:5a:92:fc:95:81 Ethernet28 - + 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - + 192.168.1.179 88:5a:92:de:a8:bc Ethernet36 - + 192.168.1.118 00:1c:73:3c:de:43 Ethernet64 - + 192.168.1.11 00:1c:73:3c:e1:38 Ethernet88 - + 192.168.1.161 24:e9:b3:71:3a:01 Ethernet0 - + 192.168.1.189 24:e9:b3:9d:57:41 Ethernet56 - + 192.168.1.187 74:26:ac:8b:8f:c1 Ethernet52 - + 192.168.1.165 88:5a:92:de:a0:7c Ethernet8 - + + Total number of entries 10 + ``` + +Optionally, you can specify the interface in order to display the ARPs learnt on that particular interface + +- Example: + ``` + admin@sonic:~$ show arp -if Ethernet40 + Address MacAddress Iface Vlan + ------------- ----------------- ---------- ------ + 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - + Total number of entries 1 + ``` + +Optionally, you can specify an IP address in order to display only that particular entry + +- Example: + ``` + admin@sonic:~$ show arp 192.168.1.181 + Address MacAddress Iface Vlan + ------------- ----------------- ---------- ------ + 192.168.1.181 e4:c7:22:c1:07:7c Ethernet40 - + Total number of entries 1 + ``` + +### NDP show commands + +**show ndp** + +This command displays either all the IPv6 neighbor mac addresses, or for a particular IPv6 neighbor, or for all IPv6 neighbors reachable via a specific interface. + +- Usage: + ``` + show ndp [-if|--iface ] + ``` + +- Example (show all IPv6 neighbors): + ``` + admin@sonic:~$ show ndp + Address MacAddress Iface Vlan Status + ------------------------ ----------------- ------- ------ --------- + fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE + fe80::20c:29ff:feb8:cff0 00:0c:29:b8:cf:f0 eth0 - REACHABLE + fe80::20c:29ff:fef9:324 00:0c:29:f9:03:24 eth0 - REACHABLE + Total number of entries 3 + ``` + +- Example (show specific IPv6 neighbor): + ``` + admin@sonic:~$ show ndp fe80::20c:29ff:feb8:b11e + Address MacAddress Iface Vlan Status + ------------------------ ----------------- ------- ------ --------- + fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE + Total number of entries 1 + ``` + +- Example (show IPv6 neighbors learned on a specific interface): + ``` + admin@sonic:~$ show ndp -if eth0 + Address MacAddress Iface Vlan Status + ------------------------ ----------------- ------- ------ --------- + fe80::20c:29ff:feb8:b11e 00:0c:29:b8:b1:1e eth0 - REACHABLE + fe80::20c:29ff:feb8:cff0 00:0c:29:b8:cf:f0 eth0 - REACHABLE + fe80::20c:29ff:fef9:324 00:0c:29:f9:03:24 eth0 - REACHABLE + Total number of entries 3 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#arp--ndp) + +## BFD + +### BFD show commands + +**show bfd summary** + +This command displays the state and key parameters of all BFD sessions. + +- Usage: + ``` + show bfd summary + ``` +- Example: + ``` + >> show bfd summary + Total number of BFD sessions: 3 + Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop + ----------- ----------- ------- ------- ------------ ------------ ------------- ------------- ------------ ---------- + 10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true + 10.0.2.1 Ethernet12 default UP async_active 10.0.0.1 200 600 3 false + 2000::10:1 default default UP async_active 2000::1 100 700 3 false + ``` + +**show bfd peer** + +This command displays the state and key parameters of all BFD sessions that match an IP address. + +- Usage: + ``` + show bgp peer + ``` +- Example: + ``` + >> show bfd peer 10.0.1.1 + Total number of BFD sessions for peer IP 10.0.1.1: 1 + Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop + ----------- ----------- ------- ------- ------------ ------------ ------------- ------------- ------------ ---------- + 10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true + ``` + +## BGP + +This section explains all the BGP show commands and BGP configuation commands in both "Quagga" and "FRR" routing software that are supported in SONiC. +In 201811 and older verisons "Quagga" was enabled by default. In current version "FRR" is enabled by default. +Most of the FRR show commands start with "show bgp". Similar commands in Quagga starts with "show ip bgp". All sub-options supported in all these show commands are common for FRR and Quagga. +Detailed show commands examples for Quagga are provided at the end of this document.This section captures only the commands supported by FRR. + +### BGP show commands + + +**show bgp summary (Versions >= 201904 using default FRR routing stack)** + +**show ip bgp summary (Versions <= 201811 using Quagga routing stack)** + +This command displays the summary of all IPv4 & IPv6 bgp neighbors that are configured and the corresponding states. + +- Usage: + + *Versions >= 201904 using default FRR routing stack* + ``` + show bgp summary + ``` + *Versions <= 201811 using Quagga routing stack* + ``` + show ip bgp summary + ``` + +- Example: + ``` + admin@sonic:~$ show ip bgp summary + + IPv4 Unicast Summary: + BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 + BGP table version 6465 + RIB entries 12807, using 2001 KiB of memory + Peers 4, using 83 KiB of memory + Peer groups 2, using 128 bytes of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName + 10.0.0.57 4 64600 3995 4001 0 0 0 00:39:32 6400 Lab-T1-01 + 10.0.0.59 4 64600 3995 3998 0 0 0 00:39:32 6400 Lab-T1-02 + 10.0.0.61 4 64600 3995 4001 0 0 0 00:39:32 6400 Lab-T1-03 + 10.0.0.63 4 64600 3995 3998 0 0 0 00:39:32 6400 NotAvailable + + Total number of neighbors 4 + ``` + +- Example: + ``` + admin@sonic:~$ show bgp summary + + IPv4 Unicast Summary: + BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 + BGP table version 6465 + RIB entries 12807, using 2001 KiB of memory + Peers 4, using 83 KiB of memory + Peer groups 2, using 128 bytes of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd + 10.0.0.57 4 64600 3995 4001 0 0 0 00:39:32 6400 + 10.0.0.59 4 64600 3995 3998 0 0 0 00:39:32 6400 + 10.0.0.61 4 64600 3995 4001 0 0 0 00:39:32 6400 + 10.0.0.63 4 64600 3995 3998 0 0 0 00:39:32 6400 + + Total number of neighbors 4 + + IPv6 Unicast Summary: + BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 + BGP table version 12803 + RIB entries 12805, using 2001 KiB of memory + Peers 4, using 83 KiB of memory + Peer groups 2, using 128 bytes of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd + fc00::72 4 64600 3995 5208 0 0 0 00:39:30 6400 + fc00::76 4 64600 3994 5208 0 0 0 00:39:30 6400 + fc00::7a 4 64600 3993 5208 0 0 0 00:39:30 6400 + fc00::7e 4 64600 3993 5208 0 0 0 00:39:30 6400 + + Total number of neighbors 4 + ``` + Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp summary" for Quagga. + + + +**show bgp neighbors (Versions >= 201904 using default FRR routing stack)** + +**show ip bgp neighbors (Versions <= 201811 using Quagga routing stack)** + +This command displays all the details of IPv4 & IPv6 BGP neighbors when no optional argument is specified. + +When the optional argument IPv4_address is specified, it displays the detailed neighbor information about that specific IPv4 neighbor. + +Command has got additional optional arguments to display only the advertised routes, or the received routes, or all routes. + +In order to get details for an IPv6 neigbor, use "show bgp ipv6 neighbor " command. + + +- Usage: + + *Versions >= 201904 using default FRR routing stack* + ``` + show bgp neighbors [ [advertised-routes | received-routes | routes]] + ``` + *Versions <= 201811 using Quagga routing stack* + ``` + show ip bgp neighbors [ [advertised-routes | received-routes | routes]] + ``` + +- Example: + ``` + admin@sonic:~$ show bgp neighbors + BGP neighbor is 10.0.0.57, remote AS 64600, local AS 65100, external link + Description: ARISTA01T1 + BGP version 4, remote router ID 100.1.0.29, local router ID 10.1.0.32 + BGP state = Established, up for 00:42:15 + Last read 00:00:00, Last write 00:00:03 + Hold time is 10, keepalive interval is 3 seconds + Configured hold time is 10, keepalive interval is 3 seconds + Neighbor capabilities: + 4 Byte AS: advertised and received + AddPath: + IPv4 Unicast: RX advertised IPv4 Unicast and received + Route refresh: advertised and received(new) + Address Family IPv4 Unicast: advertised and received + Hostname Capability: advertised (name: sonic-z9264f-9251,domain name: n/a) not received + Graceful Restart Capabilty: advertised and received + Remote Restart timer is 300 seconds + Address families by peer: + none + Graceful restart information: + End-of-RIB send: IPv4 Unicast + End-of-RIB received: IPv4 Unicast + Message statistics: + Inq depth is 0 + Outq depth is 0 + Sent Rcvd + Opens: 2 1 + Notifications: 2 0 + Updates: 3206 3202 + Keepalives: 845 847 + Route Refresh: 0 0 + Capability: 0 0 + Total: 4055 4050 + Minimum time between advertisement runs is 0 seconds + + For address family: IPv4 Unicast + Update group 1, subgroup 1 + Packet Queue length 0 + Inbound soft reconfiguration allowed + Community attribute sent to this neighbor(all) + 6400 accepted prefixes + + Connections established 1; dropped 0 + Last reset 00:42:37, due to NOTIFICATION sent (Cease/Connection collision resolution) + Local host: 10.0.0.56, Local port: 179 + Foreign host: 10.0.0.57, Foreign port: 46419 + Nexthop: 10.0.0.56 + Nexthop global: fc00::71 + Nexthop local: fe80::2204:fff:fe36:9449 + BGP connection: shared network + BGP Connect Retry Timer in Seconds: 120 + Read thread: on Write thread: on + ``` + +Optionally, you can specify an IP address in order to display only that particular neighbor. In this mode, you can optionally specify whether you want to display all routes advertised to the specified neighbor, all routes received from the specified neighbor or all routes (received and accepted) from the specified neighbor. + +- Example: + ``` + admin@sonic:~$ show bgp neighbors 10.0.0.57 + + admin@sonic:~$ show bgp neighbors 10.0.0.57 advertised-routes + + admin@sonic:~$ show bgp neighbors 10.0.0.57 received-routes + + admin@sonic:~$ show bgp neighbors 10.0.0.57 routes + ``` + + Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp neighbors" for Quagga. + + +**show ip bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] + +This command displays all the details of IPv4 Border Gateway Protocol (BGP) prefixes. + +- Usage: + + + ``` + show ip bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] + ``` + +- Example: + + NOTE: The "longer-prefixes" option is only available when a network prefix with a "/" notation is used. + + ``` + admin@sonic:~$ show ip bgp network + + admin@sonic:~$ show ip bgp network 10.1.0.32 bestpath + + admin@sonic:~$ show ip bgp network 10.1.0.32 multipath + + admin@sonic:~$ show ip bgp network 10.1.0.32 json + + admin@sonic:~$ show ip bgp network 10.1.0.32/32 bestpath + + admin@sonic:~$ show ip bgp network 10.1.0.32/32 multipath + + admin@sonic:~$ show ip bgp network 10.1.0.32/32 json + + admin@sonic:~$ show ip bgp network 10.1.0.32/32 longer-prefixes + ``` + +**show bgp ipv6 summary (Versions >= 201904 using default FRR routing stack)** + +**show ipv6 bgp summary (Versions <= 201811 using Quagga routing stack)** + +This command displays the summary of all IPv6 bgp neighbors that are configured and the corresponding states. + +- Usage: + + *Versions >= 201904 using default FRR routing stack* + ``` + show bgp ipv6 summary + ``` + *Versions <= 201811 using Quagga routing stack* + ``` + show ipv6 bgp summary + ``` + +- Example: + ``` + admin@sonic:~$ show bgp ipv6 summary + BGP router identifier 10.1.0.32, local AS number 65100 vrf-id 0 + BGP table version 12803 + RIB entries 12805, using 2001 KiB of memory + Peers 4, using 83 KiB of memory + Peer groups 2, using 128 bytes of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd NeighborName + fc00::72 4 64600 3995 5208 0 0 0 00:39:30 6400 Lab-T1-01 + fc00::76 4 64600 3994 5208 0 0 0 00:39:30 6400 Lab-T1-02 + fc00::7a 4 64600 3993 5208 0 0 0 00:39:30 6400 Lab-T1-03 + fc00::7e 4 64600 3993 5208 0 0 0 00:39:30 6400 Lab-T1-04 + + Total number of neighbors 4 + ``` + Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ipv6 bgp summary" for Quagga. + + + +**show bgp ipv6 neighbors (Versions >= 201904 using default FRR routing stack)** + +**show ipv6 bgp neighbors (Versions <= 201811 using Quagga routing stack)** + +This command displays all the details of one particular IPv6 Border Gateway Protocol (BGP) neighbor. Option is also available to display only the advertised routes, or the received routes, or all routes. + + +- Usage: + + *Versions >= 201904 using default FRR routing stack* + ``` + show bgp ipv6 neighbors [ [(advertised-routes | received-routes | routes)]] + ``` + *Versions <= 201811 using Quagga routing stack* + ``` + show ipv6 bgp neighbors [ [(advertised-routes | received-routes | routes)]] + ``` + +- Example: + ``` + admin@sonic:~$ show bgp ipv6 neighbors fc00::72 advertised-routes + + admin@sonic:~$ show bgp ipv6 neighbors fc00::72 received-routes + + admin@sonic:~$ show bgp ipv6 neighbors fc00::72 routes + ``` + Click [here](#Quagga-BGP-Show-Commands) to see the example for "show ip bgp summary" for Quagga. + + +**show ipv6 bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] + +This command displays all the details of IPv6 Border Gateway Protocol (BGP) prefixes. + +- Usage: + + + ``` + show ipv6 bgp network [[|] [(bestpath | multipath | longer-prefixes | json)]] + ``` + +- Example: + + NOTE: The "longer-prefixes" option is only available when a network prefix with a "/" notation is used. + + ``` + admin@sonic:~$ show ipv6 bgp network + + admin@sonic:~$ show ipv6 bgp network fc00::72 bestpath + + admin@sonic:~$ show ipv6 bgp network fc00::72 multipath + + admin@sonic:~$ show ipv6 bgp network fc00::72 json + + admin@sonic:~$ show ipv6 bgp network fc00::72/64 bestpath + + admin@sonic:~$ show ipv6 bgp network fc00::72/64 multipath + + admin@sonic:~$ show ipv6 bgp network fc00::72/64 json + + admin@sonic:~$ show ipv6 bgp network fc00::72/64 longer-prefixes + ``` + + + + +**show route-map** + +This command displays the routing policy that takes precedence over the other route processes that are configured. + +- Usage: + ``` + show route-map + ``` + +- Example: + ``` + admin@sonic:~$ show route-map + ZEBRA: + route-map RM_SET_SRC, permit, sequence 10 + Match clauses: + Set clauses: + src 10.12.0.102 + Call clause: + Action: + Exit routemap + ZEBRA: + route-map RM_SET_SRC6, permit, sequence 10 + Match clauses: + Set clauses: + src fc00:1::102 + Call clause: + Action: + Exit routemap + BGP: + route-map FROM_BGP_SPEAKER_V4, permit, sequence 10 + Match clauses: + Set clauses: + Call clause: + Action: + Exit routemap + BGP: + route-map TO_BGP_SPEAKER_V4, deny, sequence 10 + Match clauses: + Set clauses: + Call clause: + Action: + Exit routemap + BGP: + route-map ISOLATE, permit, sequence 10 + Match clauses: + Set clauses: + as-path prepend 65000 + Call clause: + Action: + Exit routemap + ``` + + +### BGP config commands + +This sub-section explains the list of configuration options available for BGP module for both IPv4 and IPv6 BGP neighbors. + +**config bgp shutdown all** + +This command is used to shutdown all the BGP IPv4 & IPv6 sessions. +When the session is shutdown using this command, BGP state in "show ip bgp summary" is displayed as "Idle (Admin)" + +- Usage: + ``` + config bgp shutdown all + ``` + +- Example: + ``` + admin@sonic:~$ sudo config bgp shutdown all + ``` + +**config bgp shutdown neighbor** + +This command is to shut down a BGP session with a neighbor by that neighbor's IP address or hostname + +- Usage: + ``` + sudo config bgp shutdown neighbor ( | ) + ``` + +- Examples: + ``` + admin@sonic:~$ sudo config bgp shutdown neighbor 192.168.1.124 + ``` + ``` + admin@sonic:~$ sudo config bgp shutdown neighbor SONIC02SPINE + ``` + + +**config bgp startup all** + +This command is used to start up all the IPv4 & IPv6 BGP neighbors + +- Usage: + ``` + config bgp startup all + ``` + +- Example: + ``` + admin@sonic:~$ sudo config bgp startup all + ``` + + +**config bgp startup neighbor** + +This command is used to start up the particular IPv4 or IPv6 BGP neighbor using either the IP address or hostname. + +- Usage: + ``` + config bgp startup neighbor ( | ) + ``` + +- Examples: + ``` + admin@sonic:~$ sudo config bgp startup neighbor 192.168.1.124 + ``` + ``` + admin@sonic:~$ sudo config bgp startup neighbor SONIC02SPINE + ``` + + +**config bgp remove neighbor** + +This command is used to remove particular IPv4 or IPv6 BGP neighbor configuration using either the IP address or hostname. + +- Usage: + ``` + config bgp remove neighbor + ``` + +- Examples: + ``` + admin@sonic:~$ sudo config bgp remove neighbor 192.168.1.124 + ``` + ``` + admin@sonic:~$ sudo config bgp remove neighbor 2603:10b0:b0f:346::4a + ``` + ``` + admin@sonic:~$ sudo config bgp remove neighbor SONIC02SPINE + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#bgp) + +## Console + +This section explains all Console show commands and configuration options that are supported in SONiC. + +All commands are used only when SONiC is used as console switch. + +All commands under this section are not applicable when SONiC used as regular switch. + +### Console show commands + +**show line** + +This command displays serial port or a virtual network connection status. + +- Usage: + ``` + show line (-b|--breif) + ``` + +- Example: + ``` + admin@sonic:~$ show line + Line Baud Flow Control PID Start Time Device + ------ ------ -------------- ----- ------------ -------- + 1 9600 Enabled - - switch1 + 2 - Disabled - - + 3 - Disabled - - + 4 - Disabled - - + 5 - Disabled - - + ``` + +Optionally, you can display configured console ports only by specifying the `-b` or `--breif` flag. + +- Example: + ``` + admin@sonic:~$ show line -b + Line Baud Flow Control PID Start Time Device + ------ ------ -------------- ----- ------------ -------- + 1 9600 Enabled - - switch1 + ``` + +## Console config commands + +This sub-section explains the list of configuration options available for console management module. + +**config console enable** + +This command is used to enable SONiC console switch feature. + +- Usage: + ``` + config console enable + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console enable + ``` + +**config console disable** + +This command is used to disable SONiC console switch feature. + +- Usage: + ``` + config console disable + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console disable + ``` + +**config console add** + +This command is used to add a console port setting. + +- Usage: + ``` + config console add [--baud|-b ] [--flowcontrol|-f] [--devicename|-d ] + ``` + +- Example: + ``` + admin@sonic:~$ config console add 1 --baud 9600 --devicename switch1 + ``` + +**config console del** + +This command is used to remove a console port setting. + +- Usage: + ``` + config console del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console del 1 + ``` + +**config console remote_device** + +This command is used to update the remote device name for a console port. + +- Usage: + ``` + config console remote_device + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console remote_device 1 switch1 + ``` + +**config console baud** + +This command is used to update the baud rate for a console port. + +- Usage: + ``` + config console baud + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console baud 1 9600 + ``` + +**config console flow_control** + +This command is used to enable or disable flow control feature for a console port. + +- Usage: + ``` + config console flow_control {enable|disable} + ``` + +- Example: + ``` + admin@sonic:~$ sudo config console flow_control enable 1 + ``` + +### Console connect commands + +**connect line** + +This command allows user to connect to a remote device via console line with an interactive cli. + +- Usage: + ``` + connect line (-d|--devicename) + ``` + +By default, the target is `port_name`. + +- Example: + ``` + admin@sonic:~$ connect line 1 + Successful connection to line 1 + Press ^A ^X to disconnect + ``` + +Optionally, you can connect with a remote device name by specifying the `-d` or `--devicename` flag. + +- Example: + ``` + admin@sonic:~$ connect line --devicename switch1 + Successful connection to line 1 + Press ^A ^X to disconnect + ``` + +**connect device** + +This command allows user to connect to a remote device via console line with an interactive cli. + +- Usage: + ``` + connect device + ``` + +The command is same with `connect line --devicename ` + +- Example: + ``` + admin@sonic:~$ connect line 1 + Successful connection to line 1 + Press ^A ^X to disconnect + ``` + +### Console clear commands + +**sonic-clear line** + +This command allows user to connect to a remote device via console line with an interactive cli. + +- Usage: + ``` + sonc-clear line (-d|--devicename) + ``` + +By default, the target is `port_name`. + +- Example: + ``` + admin@sonic:~$ sonic-clear line 1 + ``` + +Optionally, you can clear with a remote device name by specifying the `-d` or `--devicename` flag. + +- Example: + ``` + admin@sonic:~$ sonic-clear --devicename switch1 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#console) + + +## DHCP Relay + +### DHCP Relay config commands + +This sub-section of commands is used to add or remove the DHCP Relay Destination IP address(es) for a VLAN interface. + +**config vlan dhcp_relay add** + +This command is used to add a DHCP Relay Destination IP address or multiple IP addresses to a VLAN. Note that more than one DHCP Relay Destination IP address can be added on a VLAN interface. + +- Usage: + ``` + config vlan dhcp_relay add + ``` + +- Example: + ``` + admin@sonic:~$ sudo config vlan dhcp_relay add 1000 7.7.7.7 + Added DHCP relay destination address ['7.7.7.7'] to Vlan1000 + Restarting DHCP relay service... + ``` + ``` + admin@sonic:~$ sudo config vlan dhcp_relay add 1000 7.7.7.7 1.1.1.1 + Added DHCP relay destination address ['7.7.7.7', '1.1.1.1'] to Vlan1000 + Restarting DHCP relay service... + ``` + +**config vlan dhcp_relay delete** + +This command is used to delete a configured DHCP Relay Destination IP address or multiple IP addresses from a VLAN interface. + +- Usage: + ``` + config vlan dhcp_relay del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config vlan dhcp_relay del 1000 7.7.7.7 + Removed DHCP relay destination address 7.7.7.7 from Vlan1000 + Restarting DHCP relay service... + ``` + ``` + admin@sonic:~$ sudo config vlan dhcp_relay del 1000 7.7.7.7 1.1.1.1 + Removed DHCP relay destination address ('7.7.7.7', '1.1.1.1') from Vlan1000 + Restarting DHCP relay service... + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#dhcp-relay) + + +## Drop Counters + +This section explains all the Configurable Drop Counters show commands and configuration options that are supported in SONiC. + +### Drop Counters show commands + +**show dropcounters capabilities** + +This command is used to show the drop counter capabilities that are available on this device. It displays the total number of drop counters that can be configured on this device as well as the drop reasons that can be configured for the counters. + +- Usage: + ``` + show dropcounters capabilities + ``` + +- Examples: + ``` + admin@sonic:~$ show dropcounters capabilities + Counter Type Total + -------------------- ------- + PORT_INGRESS_DROPS 3 + SWITCH_EGRESS_DROPS 2 + + PORT_INGRESS_DROPS: + L2_ANY + SMAC_MULTICAST + SMAC_EQUALS_DMAC + INGRESS_VLAN_FILTER + EXCEEDS_L2_MTU + SIP_CLASS_E + SIP_LINK_LOCAL + DIP_LINK_LOCAL + UNRESOLVED_NEXT_HOP + DECAP_ERROR + + SWITCH_EGRESS_DROPS: + L2_ANY + L3_ANY + A_CUSTOM_REASON + ``` + +**show dropcounters configuration** + +This command is used to show the current running configuration of the drop counters on this device. + +- Usage: + ``` + show dropcounters configuration [-g ] + ``` + +- Examples: + ``` + admin@sonic:~$ show dropcounters configuration + Counter Alias Group Type Reasons Description + -------- -------- ----- ------------------ ------------------- -------------- + DEBUG_0 RX_LEGIT LEGIT PORT_INGRESS_DROPS SMAC_EQUALS_DMAC Legitimate port-level RX pipeline drops + INGRESS_VLAN_FILTER + DEBUG_1 TX_LEGIT None SWITCH_EGRESS_DROPS EGRESS_VLAN_FILTER Legitimate switch-level TX pipeline drops + + admin@sonic:~$ show dropcounters configuration -g LEGIT + Counter Alias Group Type Reasons Description + -------- -------- ----- ------------------ ------------------- -------------- + DEBUG_0 RX_LEGIT LEGIT PORT_INGRESS_DROPS SMAC_EQUALS_DMAC Legitimate port-level RX pipeline drops + INGRESS_VLAN_FILTER + ``` + +**show dropcounters counts** + +This command is used to show the current statistics for the configured drop counters. Standard drop counters are displayed as well for convenience. + +Because clear (see below) is handled on a per-user basis different users may see different drop counts. + +- Usage: + ``` + show dropcounters counts [-g ] [-t ] + ``` + +- Example: + ``` + admin@sonic:~$ show dropcounters counts + IFACE STATE RX_ERR RX_DROPS TX_ERR TX_DROPS RX_LEGIT + --------- ------- -------- ---------- -------- ---------- --------- + Ethernet0 U 10 100 0 0 20 + Ethernet4 U 0 1000 0 0 100 + Ethernet8 U 100 10 0 0 0 + + DEVICE TX_LEGIT + ------ -------- + sonic 1000 + + admin@sonic:~$ show dropcounters counts -g LEGIT + IFACE STATE RX_ERR RX_DROPS TX_ERR TX_DROPS RX_LEGIT + --------- ------- -------- ---------- -------- ---------- --------- + Ethernet0 U 10 100 0 0 20 + Ethernet4 U 0 1000 0 0 100 + Ethernet8 U 100 10 0 0 0 + + admin@sonic:~$ show dropcounters counts -t SWITCH_EGRESS_DROPS + DEVICE TX_LEGIT + ------ -------- + sonic 1000 + ``` + +### Drop Counters config commands + +**config dropcounters install** + +This command is used to initialize a new drop counter. The user must specify a name, type, and initial list of drop reasons. + +This command will fail if the given name is already in use, if the type of counter is not supported, or if any of the specified drop reasons are not supported. It will also fail if all avaialble counters are already in use on the device. + +- Usage: + ``` + config dropcounters install [-d ] [-g ] [-a ] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config dropcounters install DEBUG_2 PORT_INGRESS_DROPS [EXCEEDS_L2_MTU,DECAP_ERROR] -d "More port ingress drops" -g BAD -a BAD_DROPS + ``` + +**config dropcounters add_reasons** + +This command is used to add drop reasons to an already initialized counter. + +This command will fail if any of the specified drop reasons are not supported. + +- Usage: + ``` + config dropcounters add_reasons + ``` + +- Example: + ``` + admin@sonic:~$ sudo config dropcounters add_reasons DEBUG_2 [SIP_CLASS_E] + ``` + +**config dropcounters remove_reasons** + +This command is used to remove drop reasons from an already initialized counter. + +- Usage: + ``` + config dropcounters remove_reasons + ``` + +- Example: + ``` + admin@sonic:~$ sudo config dropcounters remove_reasons DEBUG_2 [SIP_CLASS_E] + ``` + +**config dropcounters delete** + +This command is used to delete a drop counter. + +- Usage: + ``` + config dropcounters delete + ``` + +- Example: + ``` + admin@sonic:~$ sudo config dropcounters delete DEBUG_2 + ``` + +### Drop Counters clear commands + +**sonic-clear dropcounters** + +This comnmand is used to clear drop counters. This is done on a per-user basis. + +- Usage: + ``` + sonic-clear dropcounters + ``` + +- Example: + ``` + admin@sonic:~$ sonic-clear dropcounters + Cleared drop counters + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](##drop-counters) + +## Dynamic Buffer Management + +This section explains all the show and configuration commands regarding the dynamic buffer management. + +Dynamic buffer management is responsible for calculating buffer size according to the ports' configured speed and administrative state. In order to enable dynamic buffer management feature, the ports' speed must be configured. For this please refer [Interface naming mode config commands](#interface-naming-mode-config-commands) + +### Configuration commands + +**configure shared headroom pool** + +This command is used to configure the shared headroom pool. The shared headroom pool can be enabled in the following ways: + +- Configure the over subscribe ratio. In this case, the size of shared headroom pool is calculated as the accumulative xoff of all of the lossless PG divided by the over subscribe ratio. +- Configure the size. + +In case both of the above parameters have been configured, the `size` will take effect. To disable shared headroom pool, configure both parameters to zero. + +- Usage: + + ``` + config buffer shared-headroom-pool over-subscribe-ratio + config buffer shared-headroom-pool size + ``` + + The range of over-subscribe-ratio is from 1 to number of ports inclusive. + +- Example: + + ``` + admin@sonic:~$ sudo config shared-headroom-pool over-subscribe-ratio 2 + admin@sonic:~$ sudo config shared-headroom-pool size 1024000 + ``` + +**configure a lossless buffer profile** + +This command is used to configure a lossless buffer profile. + +- Usage: + + ``` + config buffer profile add --xon --xoff [-size ] [-dynamic_th ] [-pool ] + config buffer profile set --xon --xoff [-size ] [-dynamic_th ] [-pool ] + config buffer profile remove + ``` + + All the parameters are devided to two groups, one for headroom and one for dynamic_th. For any command at lease one group of parameters should be provided. + For headroom parameters: + + - `xon` is madantory. + - If shared headroom pool is disabled: + - At lease one of `xoff` and `size` should be provided and the other will be optional and conducted via the formula `xon + xoff = size`. + - `xon` + `xoff` <= `size`; For Mellanox platform xon + xoff == size + - If shared headroom pool is enabled: + - `xoff` should be provided. + - `size` = `xoff` if it is not provided. + + If only headroom parameters are provided, the `dynamic_th` will be taken from `CONFIG_DB.DEFAULT_LOSSLESS_BUFFER_PARAMETER.default_dynamic_th`. + + If only dynamic_th parameter is provided, the `headroom_type` will be set as `dynamic` and `xon`, `xoff` and `size` won't be set. This is only used for non default dynamic_th. In this case, the profile won't be deployed to ASIC directly. It can be configured to a lossless PG and then a dynamic profile will be generated based on the port's speed, cable length, and MTU and deployed to the ASIC. + + The subcommand `add` is designed for adding a new buffer profile to the system. + + The subcommand `set` is designed for modifying an existing buffer profile in the system. + For a profile with dynamically calculated headroom information, only `dynamic_th` can be modified. + + The subcommand `remove` is designed for removing an existing buffer profile from the system. When removing a profile, it shouldn't be referenced by any entry in `CONFIG_DB.BUFFER_PG`. + +- Example: + + ``` + admin@sonic:~$ sudo config buffer profile add profile1 --xon 18432 --xoff 18432 + admin@sonic:~$ sudo config buffer profile remove profile1 + ``` + +**config interface cable_length** + +This command is used to configure the length of the cable connected to a port. The cable_length is in unit of meters and must be suffixed with "m". + +- Usage: + + ``` + config interface cable_length + ``` + +- Example: + + ``` + admin@sonic:~$ sudo config interface cable_length Ethernet0 40m + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) + +**config interface buffer priority-group lossless** + +This command is used to configure the priority groups on which lossless traffic runs. + +- Usage: + + ``` + config interface buffer priority-group lossless add [profile] + config interface buffer priority-group lossless set [profile] + config interface buffer priority-group lossless remove [] + ``` + + The can be in one of the following two forms: + + - For a range of priorities, the lower bound and upper bound connected by a dash, like `3-4` + - For a single priority, the number, like `6` + + The `pg-map` represents the map of priorities for lossless traffic. It should be a string and in form of a bit map like `3-4`. The `-` connects the lower bound and upper bound of a range of priorities. + + The subcommand `add` is designed for adding a new lossless PG on top of current PGs. The new PG range must be disjoint with all existing PGs. + + For example, currently the PG range 3-4 exist on port Ethernet4, to add PG range 4-5 will fail because it isn't disjoint with 3-4. To add PG range 5-6 will succeed. After that both range 3-4 and 5-6 will work as lossless PG. + + The `override-profile` parameter is optional. When provided, it represents the predefined buffer profile for headroom override. + + The subcommand `set` is designed for modifying an existing PG from dynamic calculation to headroom override or vice versa. The `pg-map` must be an existing PG. + + The subcommand `remove` is designed for removing an existing PG. The option `pg-map` must be an existing PG. All lossless PGs will be removed in case no `pg-map` provided. + +- Example: + + To configure lossless_pg on a port: + + ``` + admin@sonic:~$ sudo config interface buffer priority-group lossless add Ethernet0 3-4 + ``` + + To change the profile used for lossless_pg on a port: + + ``` + admin@sonic:~$ sudo config interface buffer priority-group lossless set Ethernet0 3-4 new-profile + ``` + + To remove one lossless priority from a port: + + ``` + admin@sonic:~$ sudo config interface buffer priority-group lossless remove Ethernet0 6 + ``` + + To remove all lossless priorities from a port: + + ``` + admin@sonic:~$ sudo config interface buffer priority-group lossless remove Ethernet0 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) + +**config interface buffer queue** + +This command is used to configure the buffer profiles for queues. + +- Usage: + + ``` + config interface buffer queue add + config interface buffer queue set + config interface buffer queue remove + ``` + + The represents the map of queues. It can be in one of the following two forms: + + - For a range of priorities, the lower bound and upper bound connected by a dash, like `3-4` + - For a single priority, the number, like `6` + + The subcommand `add` is designed for adding a buffer profile for a group of queues. The new queue range must be disjoint with all queues with buffer profile configured. + + For example, currently the buffer profile configured on queue 3-4 on port Ethernet4, to configure buffer profile on queue 4-5 will fail because it isn't disjoint with 3-4. To configure it on range 5-6 will succeed. + + The `profile` parameter represents a predefined egress buffer profile to be configured on the queues. + + The subcommand `set` is designed for modifying an existing group of queues. + + The subcommand `remove` is designed for removing buffer profile on an existing group of queues. + +- Example: + + To configure buffer profiles for queues on a port: + + ``` + admin@sonic:~$ sudo config interface buffer queue add Ethernet0 3-4 egress_lossless_profile + ``` + + To change the profile used for queues on a port: + + ``` + admin@sonic:~$ sudo config interface buffer queue set Ethernet0 3-4 new-profile + ``` + + To remove a group of queues from a port: + + ``` + admin@sonic:~$ sudo config interface buffer queue remove Ethernet0 3-4 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#dynamic-buffer-management) + +### Show commands + +**show buffer information** + +This command is used to display the status of buffer pools and profiles currently deployed to the ASIC. + +- Usage: + + ``` + show buffer information + ``` + +- Example: + + ``` + admin@sonic:~$ show buffer information + Pool: ingress_lossless_pool + ---- -------- + type ingress + mode dynamic + size 17170432 + ---- -------- + + Pool: egress_lossless_pool + ---- -------- + type egress + mode dynamic + size 34340822 + ---- -------- + + Pool: ingress_lossy_pool + ---- -------- + type ingress + mode dynamic + size 17170432 + ---- -------- + + Pool: egress_lossy_pool + ---- -------- + type egress + mode dynamic + size 17170432 + ---- -------- + + Profile: pg_lossless_100000_5m_profile + ---------- ----------------------------------- + xon 18432 + dynamic_th 0 + xoff 18432 + pool [BUFFER_POOL:ingress_lossless_pool] + size 36864 + ---------- ----------------------------------- + + Profile: q_lossy_profile + ---------- ------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:egress_lossy_pool] + size 0 + ---------- ------------------------------- + + Profile: egress_lossy_profile + ---------- ------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:egress_lossy_pool] + size 4096 + ---------- ------------------------------- + + Profile: egress_lossless_profile + ---------- ---------------------------------- + dynamic_th 7 + pool [BUFFER_POOL:egress_lossless_pool] + size 0 + ---------- ---------------------------------- + + Profile: ingress_lossless_profile + ---------- ----------------------------------- + dynamic_th 0 + pool [BUFFER_POOL:ingress_lossless_pool] + size 0 + ---------- ----------------------------------- + + Profile: pg_lossless_100000_79m_profile + ---------- ----------------------------------- + xon 18432 + dynamic_th 0 + xoff 60416 + pool [BUFFER_POOL:ingress_lossless_pool] + size 78848 + ---------- ----------------------------------- + + Profile: pg_lossless_100000_40m_profile + ---------- ----------------------------------- + xon 18432 + dynamic_th 0 + xoff 38912 + pool [BUFFER_POOL:ingress_lossless_pool] + size 57344 + ---------- ----------------------------------- + + Profile: ingress_lossy_profile + ---------- -------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:ingress_lossy_pool] + size 0 + ---------- -------------------------------- + ``` + +**show buffer configuration** + +This command is used to display the status of buffer pools and profiles currently configured. + +- Usage: + + ``` + show buffer configuration + ``` + +- Example: + + ``` + admin@sonic:~$ show buffer configuration + Lossless traffic pattern: + -------------------- - + default_dynamic_th 0 + over_subscribe_ratio 0 + -------------------- - + + Pool: ingress_lossless_pool + ---- -------- + type ingress + mode dynamic + ---- -------- + + Pool: egress_lossless_pool + ---- -------- + type egress + mode dynamic + size 34340822 + ---- -------- + + Pool: ingress_lossy_pool + ---- -------- + type ingress + mode dynamic + ---- -------- + + Pool: egress_lossy_pool + ---- -------- + type egress + mode dynamic + ---- -------- + + Profile: q_lossy_profile + ---------- ------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:egress_lossy_pool] + size 0 + ---------- ------------------------------- + + Profile: egress_lossy_profile + ---------- ------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:egress_lossy_pool] + size 4096 + ---------- ------------------------------- + + Profile: egress_lossless_profile + ---------- ---------------------------------- + dynamic_th 7 + pool [BUFFER_POOL:egress_lossless_pool] + size 0 + ---------- ---------------------------------- + + Profile: ingress_lossless_profile + ---------- ----------------------------------- + dynamic_th 0 + pool [BUFFER_POOL:ingress_lossless_pool] + size 0 + ---------- ----------------------------------- + + Profile: ingress_lossy_profile + ---------- -------------------------------- + dynamic_th 3 + pool [BUFFER_POOL:ingress_lossy_pool] + size 0 + ---------- -------------------------------- + ``` + +## ECN + +This section explains all the Explicit Congestion Notification (ECN) show commands and ECN configuation options that are supported in SONiC. + +### ECN show commands +This sub-section contains the show commands that are supported in ECN. + +**show ecn** + +This command displays all the WRED profiles that are configured in the device. + +- Usage: + ``` + show ecn + ``` + +- Example: + ``` + admin@sonic:~$ show ecn + Profile: **AZURE_LOSSLESS** + ----------------------- ------- + red_max_threshold 2097152 + red_drop_probability 5 + yellow_max_threshold 2097152 + ecn ecn_all + green_min_threshold 1048576 + red_min_threshold 1048576 + wred_yellow_enable true + yellow_min_threshold 1048576 + green_max_threshold 2097152 + green_drop_probability 5 + wred_green_enable true + yellow_drop_probability 5 + wred_red_enable true + ----------------------- ------- + + Profile: **wredprofileabcd** + ----------------- --- + red_max_threshold 100 + ----------------- --- + ``` + +### ECN config commands + +This sub-section contains the configuration commands that can configure the WRED profiles. + +**config ecn** + +This command configures the possible fields in a particular WRED profile that is specified using "-profile " argument. +The list of the WRED profile fields that are configurable is listed in the below "Usage". + +- Usage: + ``` + config ecn -profile [-rmax ] [-rmin ] [-ymax ] [-ymin ] [-gmax ] [-gmin ] [-v|--verbose] + ``` + + - Parameters: + - profile_name Profile name + - red_threshold_max Set red max threshold + - red_threshold_min Set red min threshold + - yellow_threshold_max Set yellow max threshold + - yellow_threshold_min Set yellow min threshold + - green_threshold_max Set green max threshold + - green_threshold_min Set green min threshold + +- Example (Configures the "red max threshold" for the WRED profile name "wredprofileabcd". It will create the WRED profile if it does not exist.): + ``` + admin@sonic:~$ sudo config ecn -profile wredprofileabcd -rmax 100 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#ecn) + +## Feature + +SONiC includes a capability in which Feature state can be enabled/disabled +which will make corresponding feature docker container to start/stop. + +Also SONiC provide capability in which Feature docker container can be automatically shut +down and restarted if one of critical processes running in the container exits +unexpectedly. Restarting the entire feature container ensures that configuration is +reloaded and all processes in the feature container get restarted, thus increasing the +likelihood of entering a healthy state. + +### Feature show commands + +**show feature config** + +Shows the config of given feature or all if no feature is given. The "fallback" is shown only if configured. The fallback defaults to "true" when not configured. + +- Usage: + ``` + show feature config [] + ``` + +- Example: + ``` + admin@sonic:~$ show feature config + Feature State AutoRestart Owner fallback + -------------- -------- ------------- ------- ---------- + bgp enabled enabled local + database enabled disabled local + dhcp_relay enabled enabled kube + lldp enabled enabled kube true + mgmt-framework enabled enabled local + nat disabled enabled local + pmon enabled enabled kube + radv enabled enabled kube + sflow disabled enabled local + snmp enabled enabled kube + swss enabled enabled local + syncd enabled enabled local + teamd enabled enabled local + telemetry enabled enabled kube + ``` + +**show feature status** + +Shows the status of given feature or all if no feature is given. The "fallback" defaults to "true" when not configured. +The subset of features are configurable for remote management and only those report additional data. + +- Usage: + ``` + show feature status [] + ``` + +- Example: + ``` + admin@sonic:~$ show feature status + Feature State AutoRestart SystemState UpdateTime ContainerId ContainerVersion SetOwner CurrentOwner RemoteState + -------------- -------- ------------- ------------- ------------------- ------------- ------------------ ---------- -------------- ------------- + bgp enabled enabled up local local none + database enabled disabled local + dhcp_relay enabled enabled up 2020-11-15 18:21:09 249e70102f55 20201230.100 kube local + lldp enabled enabled up 2020-11-15 18:21:09 779c2d55ee12 20201230.100 kube local + mgmt-framework enabled enabled up local local none + nat disabled enabled local + pmon enabled enabled up 2020-11-15 18:20:27 a2b9ffa8aba3 20201230.100 kube local + radv enabled enabled up 2020-11-15 18:21:05 d8ff27dcfe46 20201230.100 kube local + sflow disabled enabled local + snmp enabled enabled up 2020-11-15 18:25:51 8b7d5529e306 20201230.111 kube kube running + swss enabled enabled up local local none + syncd enabled enabled up local local none + teamd enabled enabled up local local none + telemetry enabled enabled down 2020-11-15 18:24:59 20201230.100 kube none + ``` + +**config feature owner** + +Configures the owner for a feature as "local" or "kube". The "local" implies starting the feature container from local image. The "kube" implies that kubernetes server is made eligible to deploy the feature. The deployment of a feature by kubernetes is conditional based on many factors like, whether the kube server is configured or not, connected-to-kube-server or not and if that master has manifest for this feature for this switch or not and more. At some point in future, the deployment *could* happen and till that point the feature can run from local image, called "fallback". The fallback is allowed by default and it could be toggled to "not allowed". When fallback is not allowed, the feature would run only upon deployment by kubernetes master. + +- Usage: + ``` + config feature owner [] [local/kube] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config feature owner snmp kube + ``` + +**config feature fallback** + +Features configured for "kube" deployment could be allowed to fallback to using local image, until the point of successful kube deployment. The fallback is allowed by default. + +- Usage: + ``` + config feature fallback [] [on/off] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config feature fallback snmp on + ``` + +**show feature autorestart** + +This command will display the status of auto-restart for feature container. + +- Usage: + ``` + show feature autorestart [] + admin@sonic:~$ show feature autorestart + Feature AutoRestart + ---------- -------------- + bgp enabled + database always_enabled + dhcp_relay enabled + lldp enabled + pmon enabled + radv enabled + snmp enabled + swss enabled + syncd enabled + teamd enabled + telemetry enabled + ``` + +Optionally, you can specify a feature name in order to display +status for that feature + +### Feature config commands + +**config feature state ** + +This command will configure the state for a specific feature. + +- Usage: + ``` + config feature state (enabled | disabled) + admin@sonic:~$ sudo config feature state bgp disabled + ``` + +**config feature autorestart ** + +This command will configure the status of auto-restart for a specific feature container. + +- Usage: + ``` + config feature autorestart (enabled | disabled) + admin@sonic:~$ sudo config feature autorestart bgp disabled + ``` +NOTE: If the existing state or auto-restart value for a feature is "always_enabled" then config +commands are don't care and will not update state/auto-restart value. + +Go Back To [Beginning of the document](#) or [Beginning of this section](#feature) + +## Flow Counters + +This section explains all the Flow Counters show commands, clear commands and config commands that are supported in SONiC. Flow counters are usually used for debugging, troubleshooting and performance enhancement processes. Flow counters supports case like: + + - Host interface traps (number of received traps per Trap ID) + - Routes matching the configured prefix pattern (number of hits and number of bytes) + +### Flow Counters show commands + +**show flowcnt-trap stats** + +This command is used to show the current statistics for the registered host interface traps. + +Because clear (see below) is handled on a per-user basis different users may see different counts. + +- Usage: + ``` + show flowcnt-trap stats + ``` + +- Example: + ``` + admin@sonic:~$ show flowcnt-trap stats + Trap Name Packets Bytes PPS + --------- --------- ------- ------- + dhcp 100 2,000 50.25/s + + For multi-ASIC: + admin@sonic:~$ show flowcnt-trap stats + ASIC ID Trap Name Packets Bytes PPS + ------- ----------- --------- ------- ------- + asic0 dhcp 100 2,000 50.25/s + asic1 dhcp 200 3,000 45.25/s + ``` + +**show flowcnt-route stats** + +This command is used to show the current statistics for route flow patterns. + +Because clear (see below) is handled on a per-user basis different users may see different counts. + +- Usage: + ``` + show flowcnt-route stats + show flowcnt-route stats pattern [--vrf ] + show flowcnt-route stats route [--vrf ] + ``` + +- Example: + ``` + admin@sonic:~$ show flowcnt-route stats + Route pattern VRF Matched routes Packets Bytes + -------------------------------------------------------------------------------------- + 3.3.0.0/16 default 3.3.1.0/24 100 4543 + 3.3.2.3/32 3443 929229 + 3.3.0.0/16 0 0 + 2000::/64 default 2000::1/128 100 4543 + ``` + +The "pattern" subcommand is used to display the route flow counter statistics by route pattern. + +- Example: + ``` + admin@sonic:~$ show flowcnt-route stats pattern 3.3.0.0/16 + Route pattern VRF Matched routes Packets Bytes + -------------------------------------------------------------------------------------- + 3.3.0.0/16 default 3.3.1.0/24 100 4543 + 3.3.2.3/32 3443 929229 + 3.3.0.0/16 0 0 + ``` + +The "route" subcommand is used to display the route flow counter statistics by route prefix. + ``` + admin@sonic:~$ show flowcnt-route stats route 3.3.3.2/32 --vrf Vrf_1 + Route VRF Route Pattern Packets Bytes + ----------------------------------------------------------------------------------------- + 3.3.3.2/32 Vrf_1 3.3.0.0/16 100 4543 + ``` + +### Flow Counters clear commands + +**sonic-clear flowcnt-trap** + +This command is used to clear the current statistics for the registered host interface traps. This is done on a per-user basis. + +- Usage: + ``` + sonic-clear flowcnt-trap + ``` + +- Example: + ``` + admin@sonic:~$ sonic-clear flowcnt-trap + Trap Flow Counters were successfully cleared + ``` + +**sonic-clear flowcnt-route** + +This command is used to clear the current statistics for the route flow counter. This is done on a per-user basis. + +- Usage: + ``` + sonic-clear flowcnt-route + sonic-clear flowcnt-route pattern [--vrf ] + sonic-clear flowcnt-route route [--vrf ] + ``` + +- Example: + ``` + admin@sonic:~$ sonic-clear flowcnt-route + Route Flow Counters were successfully cleared + ``` + +The "pattern" subcommand is used to clear the route flow counter statistics by route pattern. + +- Example: + ``` + admin@sonic:~$ sonic-clear flowcnt-route pattern 3.3.0.0/16 --vrf Vrf_1 + Flow Counters of all routes matching the configured route pattern were successfully cleared + ``` + +The "route" subcommand is used to clear the route flow counter statistics by route prefix. + +- Example: + ``` + admin@sonic:~$ sonic-clear flowcnt-route route 3.3.3.2/32 --vrf Vrf_1 + Flow Counters of the specified route were successfully cleared + ``` + +### Flow Counters config commands + +**config flowcnt-route pattern add** + +This command is used to add or update the route pattern which is used by route flow counter to match route entries. + +- Usage: + ``` + config flowcnt-route pattern add [--vrf ] [--max ] + ``` + +- Example: + ``` + admin@sonic:~$ config flowcnt-route pattern add 2.2.0.0/16 --vrf Vrf_1 --max 50 + ``` + +**config flowcnt-route pattern remove** + +This command is used to remove the route pattern which is used by route flow counter to match route entries. + +- Usage: + ``` + config flowcnt-route pattern remove [--vrf ] + ``` + +- Example: + ``` + admin@sonic:~$ config flowcnt-route pattern remove 2.2.0.0/16 --vrf Vrf_1 + ``` + + +Go Back To [Beginning of the document](#) or [Beginning of this section](#flow-counters) +## Gearbox + +This section explains all the Gearbox PHY show commands that are supported in SONiC. + +### Gearbox show commands +This sub-section contains the show commands that are supported for gearbox phy. + +**show gearbox interfaces status** + +This command displays information about the gearbox phy interface lanes, speeds and status. Data is displayed for both MAC side and line side of the gearbox phy + +- Usage: + ``` + show gearbox interfaces status + ``` + +- Example: + +``` +home/admin# show gearbox interfaces status + PHY Id Interface MAC Lanes MAC Lane Speed PHY Lanes PHY Lane Speed Line Lanes Line Lane Speed Oper Admin +-------- ----------- ----------- ---------------- ----------- ---------------- ------------ ----------------- ------ ------- + 1 Ethernet0 25,26,27,28 10G 200,201 20G 206 40G up up + 1 Ethernet4 29,30,31,32 10G 202,203 20G 207 40G up up + 1 Ethernet8 33,34,35,36 10G 204,205 20G 208 40G up up + + ``` + +**show gearbox phys status** + +This command displays basic information about the gearbox phys configured on the switch. + +- Usage: + ``` + show gearbox phys status + ``` + +- Example: + +``` +/home/admin# show gearbox phys status + PHY Id Name Firmware +-------- ------- ---------- + 1 sesto-1 v0.1 + + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#gearbox) + + +## Update Device Hostname Configuration Commands + +This sub-section of commands is used to change device hostname without traffic being impacted. + +**config hostname** + +This command is used to change device hostname without traffic being impacted. + +- Usage: + ``` + config hostname + ``` + +- Example: + ``` + admin@sonic:~$ sudo config hostname CSW06 + Please note loaded setting will be lost after system reboot. To preserve setting, run `config save`. + ``` + +## Interfaces + +### Interface Show Commands + +This sub-section lists all the possible show commands for the interfaces available in the device. Following example gives the list of possible shows on interfaces. +Subsequent pages explain each of these commands in detail. + +- Example: + ``` + admin@sonic:~$ show interfaces -? + + Show details of the network interfaces + + Options: + -?, -h, --help Show this message and exit. + + Commands: + autoneg Show interface autoneg information + breakout Show Breakout Mode information by interfaces + counters Show interface counters + description Show interface status, protocol and... + mpls Show Interface MPLS status + naming_mode Show interface naming_mode status + neighbor Show neighbor related information + portchannel Show PortChannel information + status Show Interface status information + tpid Show Interface tpid information + transceiver Show SFP Transceiver information + ``` + +**show interfaces autoneg** + +This show command displays the port auto negotiation status for all interfaces i.e. interface name, auto negotiation mode, speed, advertised speeds, interface type, advertised interface types, operational status, admin status. For a single interface, provide the interface name with the sub-command. + +- Usage: + ``` + show interfaces autoneg status + show interfaces autoneg status + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces autoneg status + Interface Auto-Neg Mode Speed Adv Speeds Type Adv Types Oper Admin + ----------- --------------- ------- ------------ ------ ----------- ------ ------- + Ethernet0 enabled 25G 10G,25G CR CR,CR4 up up + Ethernet4 disabled 100G all CR4 all up up + + admin@sonic:~$ show interfaces autoneg status Ethernet8 + Interface Auto-Neg Mode Speed Adv Speeds Type Adv Types Oper Admin + ----------- --------------- ------- ------------ ------ ----------- ------ ------- + Ethernet8 disabled 100G N/A CR4 N/A up up + ``` + +**show interfaces breakout (Versions >= 202006)** + +This show command displays the port capability for all interfaces i.e. index, lanes, default_brkout_mode, breakout_modes(i.e. available breakout modes) and brkout_mode (i.e. current breakout mode). To display current breakout mode, "current-mode" subcommand can be used.For a single interface, provide the interface name with the sub-command. + +- Usage: + ``` + show interfaces breakout + show interfaces breakout current-mode + show interfaces breakout current-mode + ``` + +- Example: + ``` + admin@lnos-x1-a-fab01:~$ show interfaces breakout + { + "Ethernet0": { + "index": "1,1,1,1", + "default_brkout_mode": "1x100G[40G]", + "child ports": "Ethernet0", + "child port speed": "100G", + "breakout_modes": "1x100G[40G],2x50G,4x25G[10G]", + "Current Breakout Mode": "1x100G[40G]", + "lanes": "65,66,67,68", + "alias_at_lanes": "Eth1/1, Eth1/2, Eth1/3, Eth1/4" + },... continue + } + ``` +The "current-mode" subcommand is used to display current breakout mode for all interfaces. + ``` + admin@lnos-x1-a-fab01:~$ show interfaces breakout current-mode + +-------------+-------------------------+ + | Interface | Current Breakout Mode | + +=============+=========================+ + | Ethernet0 | 4x25G[10G] | + +-------------+-------------------------+ + | Ethernet4 | 4x25G[10G] | + +-------------+-------------------------+ + | Ethernet8 | 4x25G[10G] | + +-------------+-------------------------+ + | Ethernet12 | 4x25G[10G] | + +-------------+-------------------------+ + + admin@lnos-x1-a-fab01:~$ show interfaces breakout current-mode Ethernet0 + +-------------+-------------------------+ + | Interface | Current Breakout Mode | + +=============+=========================+ + | Ethernet0 | 4x25G[10G] | + +-------------+-------------------------+ + ``` + +**show interfaces counters** + +This show command displays packet counters for all interfaces since the last time the counters were cleared. To display l3 counters "rif" subcommand can be used. There is no facility to display counters for one specific l2 interface. For l3 interfaces a single interface output mode is present. Optional argument "-a" provides two additional columns - RX-PPS and TX_PPS. +Optional argument "-p" specify a period (in seconds) with which to gather counters over. + +- Usage: + ``` + show interfaces counters [-a|--printall] [-p|--period ] + show interfaces counters errors + show interfaces counters rates + show interfaces counters rif [-p|--period ] [-i ] + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces counters + IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR + ----------- ------- --------------- ----------- --------- -------- -------- -------- --------------- ----------- --------- -------- -------- -------- + Ethernet0 U 471,729,839,997 653.87 MB/s 12.77% 0 18,682 0 409,682,385,925 556.84 MB/s 10.88% 0 0 0 + Ethernet4 U 453,838,006,636 632.97 MB/s 12.36% 0 1,636 0 388,299,875,056 529.34 MB/s 10.34% 0 0 0 + Ethernet8 U 549,034,764,539 761.15 MB/s 14.87% 0 18,274 0 457,603,227,659 615.20 MB/s 12.02% 0 0 0 + Ethernet12 U 458,052,204,029 636.84 MB/s 12.44% 0 17,614 0 388,341,776,615 527.37 MB/s 10.30% 0 0 0 + Ethernet16 U 16,679,692,972 13.83 MB/s 0.27% 0 17,605 0 18,206,586,265 17.51 MB/s 0.34% 0 0 0 + Ethernet20 U 47,983,339,172 35.89 MB/s 0.70% 0 2,174 0 58,986,354,359 51.83 MB/s 1.01% 0 0 0 + Ethernet24 U 33,543,533,441 36.59 MB/s 0.71% 0 1,613 0 43,066,076,370 49.92 MB/s 0.97% 0 0 0 + + admin@sonic:~$ show interfaces counters -i Ethernet4,Ethernet12-16 + IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR + ----------- ------- --------------- ----------- --------- -------- -------- -------- --------------- ----------- --------- -------- -------- -------- + Ethernet4 U 453,838,006,636 632.97 MB/s 12.36% 0 1,636 0 388,299,875,056 529.34 MB/s 10.34% 0 0 0 + Ethernet12 U 458,052,204,029 636.84 MB/s 12.44% 0 17,614 0 388,341,776,615 527.37 MB/s 10.30% 0 0 0 + Ethernet16 U 16,679,692,972 13.83 MB/s 0.27% 0 17,605 0 18,206,586,265 17.51 MB/s 0.34% 0 0 0 + ``` + +The "errors" subcommand is used to display the interface errors. + +- Example: + ``` + admin@str-s6000-acs-11:~$ show interface counters errors + IFACE STATE RX_ERR RX_DRP RX_OVR TX_ERR TX_DRP TX_OVR + ----------- ------- -------- -------- -------- -------- -------- -------- + Ethernet0 U 0 4 0 0 0 0 + Ethernet4 U 0 0 0 0 0 0 + Ethernet8 U 0 1 0 0 0 0 + Ethernet12 U 0 0 0 0 0 0 + ``` + +The "rates" subcommand is used to disply only the interface rates. + +- Example: + ``` + admin@str-s6000-acs-11:/usr/bin$ show int counters rates + IFACE STATE RX_OK RX_BPS RX_PPS RX_UTIL TX_OK TX_BPS TX_PPS TX_UTIL + ----------- ------- ------- -------- -------- --------- ------- -------- -------- --------- + Ethernet0 U 467510 N/A N/A N/A 466488 N/A N/A N/A + Ethernet4 U 469679 N/A N/A N/A 469245 N/A N/A N/A + Ethernet8 U 466660 N/A N/A N/A 465982 N/A N/A N/A + Ethernet12 U 466579 N/A N/A N/A 466318 N/A N/A N/A + ``` + + +The "rif" subcommand is used to display l3 interface counters. Layer 3 interfaces include router interfaces, portchannels and vlan interfaces. + +- Example: + +``` + admin@sonic:~$ show interfaces counters rif + IFACE RX_OK RX_BPS RX_PPS RX_ERR TX_OK TX_BPS TX_PPS TX_ERR +--------------- ------- ---------- -------- -------- ------- -------- -------- -------- +PortChannel0001 62,668 107.81 B/s 1.34/s 3 6 0.02 B/s 0.00/s 0 +PortChannel0002 62,645 107.77 B/s 1.34/s 3 2 0.01 B/s 0.00/s 0 +PortChannel0003 62,481 107.56 B/s 1.34/s 3 3 0.01 B/s 0.00/s 0 +PortChannel0004 62,732 107.88 B/s 1.34/s 2 3 0.01 B/s 0.00/s 0 + Vlan1000 0 0.00 B/s 0.00/s 0 0 0.00 B/s 0.00/s 0 +``` + + +Optionally, you can specify a layer 3 interface name to display the counters in single interface mode. + +- Example: + +``` + admin@sonic:~$ show interfaces counters rif PortChannel0001 + PortChannel0001 + --------------- + + RX: + 3269 packets + 778494 bytesq + 3 error packets + 292 error bytes + TX: + 0 packets + 0 bytes + 0 error packets + 0 error bytes +``` + + +Optionally, you can specify a period (in seconds) with which to gather counters over. Note that this function will take `` seconds to execute. + +- Example: + +``` + admin@sonic:~$ show interfaces counters -p 5 + IFACE STATE RX_OK RX_BPS RX_UTIL RX_ERR RX_DRP RX_OVR TX_OK TX_BPS TX_UTIL TX_ERR TX_DRP TX_OVR + ----------- ------- ------- ----------- --------- -------- -------- -------- ------- ----------- --------- -------- -------- -------- + Ethernet0 U 515 59.14 KB/s 0.00% 0 0 0 1,305 127.60 KB/s 0.00% 0 0 0 + Ethernet4 U 305 26.54 KB/s 0.00% 0 0 0 279 39.12 KB/s 0.00% 0 0 0 + Ethernet8 U 437 42.96 KB/s 0.00% 0 0 0 182 18.37 KB/s 0.00% 0 0 0 + Ethernet12 U 284 40.79 KB/s 0.00% 0 0 0 160 13.03 KB/s 0.00% 0 0 0 + Ethernet16 U 377 32.64 KB/s 0.00% 0 0 0 214 18.01 KB/s 0.00% 0 0 0 + Ethernet20 U 284 36.81 KB/s 0.00% 0 0 0 138 8758.25 B/s 0.00% 0 0 0 + Ethernet24 U 173 16.09 KB/s 0.00% 0 0 0 169 11.39 KB/s 0.00% 0 0 0 +``` + +- NOTE: Interface counters can be cleared by the user with the following command: + + ``` + admin@sonic:~$ sonic-clear counters + ``` + +- NOTE: Layer 3 interface counters can be cleared by the user with the following command: + + ``` + admin@sonic:~$ sonic-clear rifcounters + ``` + +**show interfaces description** + +This command displays the key fields of the interfaces such as Operational Status, Administrative Status, Alias and Description. + +- Usage: + ``` + show interfaces description [] + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces description + Interface Oper Admin Alias Description + ----------- ------ ------- --------------- -------------------- + Ethernet0 down up hundredGigE1/1 T0-1:hundredGigE1/30 + Ethernet4 down up hundredGigE1/2 T0-2:hundredGigE1/30 + Ethernet8 down down hundredGigE1/3 hundredGigE1/3 + Ethernet12 down down hundredGigE1/4 hundredGigE1/4 + ``` + +- Example (to only display the description for interface Ethernet4): + + ``` + admin@sonic:~$ show interfaces description Ethernet4 + Interface Oper Admin Alias Description + ----------- ------ ------- -------------- -------------------- + Ethernet4 down up hundredGigE1/2 T0-2:hundredGigE1/30 + ``` + +**show interfaces mpls** + +This command is used to display the configured MPLS state for the list of configured interfaces. + +- Usage: + ``` + show interfaces mpls [] + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces mpls + Interface MPLS State + ----------- ------------ + Ethernet0 disable + Ethernet4 enable + Ethernet8 enable + Ethernet12 disable + Ethernet16 disable + Ethernet20 disable + ``` + +- Example (to only display the MPLS state for interface Ethernet4): + ``` + admin@sonic:~$ show interfaces mpls Ethernet4 + Interface MPLS State + ----------- ------------ + Ethernet4 enable + ``` + +**show interfaces loopback-action** + +This command displays the configured loopback action + +- Usage: + ``` + show ip interfaces loopback-action + ``` + +- Example: + ``` + root@sonic:~# show ip interfaces loopback-action + Interface Action + ------------ ---------- + Ethernet232 drop + Vlan100 forward + ``` + + +**show interfaces tpid** + +This command displays the key fields of the interfaces such as Operational Status, Administrative Status, Alias and TPID. + +- Usage: + ``` + show interfaces tpid [] + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces tpid + Interface Alias Oper Admin TPID + --------------- --------------- ------ ------- ------ + Ethernet0 fortyGigE1/1/1 up up 0x8100 + Ethernet1 fortyGigE1/1/2 up up 0x8100 + Ethernet2 fortyGigE1/1/3 down down 0x8100 + Ethernet3 fortyGigE1/1/4 down down 0x8100 + Ethernet4 fortyGigE1/1/5 up up 0x8100 + Ethernet5 fortyGigE1/1/6 up up 0x8100 + Ethernet6 fortyGigE1/1/7 up up 0x9200 + Ethernet7 fortyGigE1/1/8 up up 0x88A8 + Ethernet8 fortyGigE1/1/9 up up 0x8100 + ... + Ethernet63 fortyGigE1/4/16 down down 0x8100 + PortChannel0001 N/A up up 0x8100 + PortChannel0002 N/A up up 0x8100 + PortChannel0003 N/A up up 0x8100 + PortChannel0004 N/A up up 0x8100 + admin@sonic:~$ + ``` + +- Example (to only display the TPID for interface Ethernet6): + + ``` + admin@sonic:~$ show interfaces tpid Ethernet6 + Interface Alias Oper Admin TPID + ----------- -------------- ------ ------- ------ + Ethernet6 fortyGigE1/1/7 up up 0x9200 + admin@sonic:~$ + ``` + +**show interfaces naming_mode** + +Refer sub-section [Interface-Naming-Mode](#Interface-Naming-Mode) + + +**show interfaces neighbor** + +This command is used to display the list of expected neighbors for all interfaces (or for a particular interface) that is configured. + +- Usage: + ``` + show interfaces neighbor expected [] + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces neighbor expected + LocalPort Neighbor NeighborPort NeighborLoopback NeighborMgmt NeighborType + ----------- ---------- -------------- ------------------ -------------- -------------- + Ethernet112 ARISTA01T1 Ethernet1 None 10.16.205.100 ToRRouter + Ethernet116 ARISTA02T1 Ethernet1 None 10.16.205.101 SpineRouter + Ethernet120 ARISTA03T1 Ethernet1 None 10.16.205.102 LeafRouter + Ethernet124 ARISTA04T1 Ethernet1 None 10.16.205.103 LeafRouter + ``` + +**show interfaces portchannel** + +This command displays information regarding port-channel interfaces + +- Usage: + ``` + show interfaces portchannel + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces portchannel + Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available, S - selected, D - deselected + No. Team Dev Protocol Ports + ----- ------------- ----------- --------------------------- + 24 PortChannel24 LACP(A)(Up) Ethernet28(S) Ethernet24(S) + 48 PortChannel48 LACP(A)(Up) Ethernet52(S) Ethernet48(S) + 40 PortChannel40 LACP(A)(Up) Ethernet44(S) Ethernet40(S) + 0 PortChannel0 LACP(A)(Up) Ethernet0(S) Ethernet4(S) + 8 PortChannel8 LACP(A)(Up) Ethernet8(S) Ethernet12(S) + ``` + +**show interface status** + +This command displays some more fields such as Lanes, Speed, MTU, Type, Asymmetric PFC status and also the operational and administrative status of the interfaces + +- Usage: + ``` + show interfaces status [] + ``` + +- Example (show interface status of all interfaces): + ``` + admin@sonic:~$ show interfaces status + Interface Lanes Speed MTU Alias Oper Admin Type Asym PFC + ----------- --------------- ------- ----- --------------- ------ ------- ------ ---------- + Ethernet0 49,50,51,52 100G 9100 hundredGigE1/1 down up N/A off + Ethernet4 53,54,55,56 100G 9100 hundredGigE1/2 down up N/A off + Ethernet8 57,58,59,60 100G 9100 hundredGigE1/3 down down N/A off + + ``` + +- Example (to only display the status for interface Ethernet0): + ``` + admin@sonic:~$ show interface status Ethernet0 + Interface Lanes Speed MTU Alias Oper Admin + ----------- -------- ------- ----- -------------- ------ ------- + Ethernet0 101,102 40G 9100 fortyGigE1/1/1 up up + ``` + +- Example (to only display the status for range of interfaces): + ``` + admin@sonic:~$ show interfaces status Ethernet8,Ethernet168-180 + Interface Lanes Speed MTU Alias Oper Admin Type Asym PFC + ----------- ----------------- ------- ----- --------------- ------ ------- ------ ---------- + Ethernet8 49,50,51,52 100G 9100 hundredGigE3 down down N/A N/A + Ethernet168 9,10,11,12 100G 9100 hundredGigE43 down down N/A N/A + Ethernet172 13,14,15,16 100G 9100 hundredGigE44 down down N/A N/A + Ethernet176 109,110,111,112 100G 9100 hundredGigE45 down down N/A N/A + Ethernet180 105,106,107,108 100G 9100 hundredGigE46 down down N/A N/A + ``` + +**show interfaces transceiver** + +This command is already explained [here](#Transceivers) + +### Interface Config Commands +This sub-section explains the following list of configuration on the interfaces. +1) ip - To add or remove IP address for the interface +2) pfc - to set the PFC configuration for the interface +3) shutdown - to administratively shut down the interface +4) speed - to set the interface speed +5) startup - to bring up the administratively shutdown interface +6) breakout - to set interface breakout mode +7) autoneg - to set interface auto negotiation mode +8) advertised-speeds - to set interface advertised speeds +9) advertised-types - to set interface advertised types +10) type - to set interface type +11) mpls - To add or remove MPLS operation for the interface +12) loopback-action - to set action for packet that ingress and gets routed on the same IP interface + +From 201904 release onwards, the “config interface” command syntax is changed and the format is as follows: + +- config interface interface_subcommand +i.e Interface name comes after the subcommand +- Ex: config interface startup Ethernet63 + +The syntax for all such interface_subcommands are given below under each command + +NOTE: In older versions of SONiC until 201811 release, the command syntax was `config interface interface_subcommand` + + +**config interface ip add [default_gw] (Versions >= 201904)** + +**config interface ip add (Versions <= 201811)** + +This command is used for adding the IP address for an interface. +IP address for either physical interface or for portchannel or for VLAN interface or for Loopback interface can be configured using this command. +While configuring the IP address for the management interface "eth0", users can provide the default gateway IP address as an optional parameter from release 201911. + + +- Usage: + + *Versions >= 201904* + ``` + config interface ip add + ``` + *Versions <= 201811* + ``` + config interface ip add + ``` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface ip add Ethernet63 10.11.12.13/24 + admin@sonic:~$ sudo config interface ip add eth0 20.11.12.13/24 20.11.12.254 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface Ethernet63 ip add 10.11.12.13/24 + ``` + +VLAN interface names take the form of `vlan`. E.g., VLAN 100 will be named `vlan100` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface ip add Vlan100 10.11.12.13/24 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface vlan100 ip add 10.11.12.13/24 + ``` + + +**config interface ip remove (Versions >= 201904)** + +**config interface ip remove (Versions <= 201811)** + +- Usage: + + *Versions >= 201904* + ``` + config interface ip remove + ``` + *Versions <= 201811* + ``` + config interface ip remove + ``` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface ip remove Ethernet63 10.11.12.13/24 + admin@sonic:~$ sudo config interface ip remove eth0 20.11.12.13/24 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface Ethernet63 ip remove 10.11.12.13/24 + ``` + +VLAN interface names take the form of `vlan`. E.g., VLAN 100 will be named `vlan100` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface ip remove vlan100 10.11.12.13/24 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface vlan100 ip remove 10.11.12.13/24 + ``` + +**config interface pfc priority (on | off)** + +This command is used to set PFC on a given priority of a given interface to either "on" or "off". Once it is successfully configured, it will show current losses priorities on the given interface. Otherwise, it will show error information + +- Example: + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface pfc priority Ethernet0 3 off + + Interface Lossless priorities + ----------- --------------------- + Ethernet0 4 + + admin@sonic:~$ sudo config interface pfc priority Ethernet0 8 off + Usage: pfc config priority [OPTIONS] STATUS INTERFACE PRIORITY + + Error: Invalid value for "priority": invalid choice: 8. (choose from 0, 1, 2, 3, 4, 5, 6, 7) + + admin@sonic:~$ sudo config interface pfc priority Ethernet101 3 off + Cannot find interface Ethernet101 + + admin@sonic:~$ sudo config interface pfc priority Ethernet0 3 on + + Interface Lossless priorities + ----------- --------------------- + Ethernet0 3,4 + ``` + +**config interface pfc asymmetric (Versions >= 201904)** + +**config interface pfc asymmetric (Versions <= 201811)** + +This command is used for setting the asymmetric PFC for an interface to either "on" or "off". Once if it is configured, use "show interfaces status" to check the same. + +- Usage: + + *Versions >= 201904* + ``` + config interface pfc asymmetric on/off (for 201904+ version) + ``` + *Versions <= 201811* + ``` + config interface pfc asymmetric on/off (for 201811- version) + ``` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface pfc asymmetric Ethernet60 on + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface Ethernet60 pfc asymmetric on + ``` + +**config interface shutdown (Versions >= 201904)** + +**config interface shutdown (Versions <= 201811)** + +This command is used to administratively shut down either the Physical interface or port channel interface. Once if it is configured, use "show interfaces status" to check the same. + +- Usage: + + *Versions >= 201904* + ``` + config interface shutdown (for 201904+ version) + ``` + *Versions <= 201811* + ``` + config interface shutdown (for 201811- version) + ``` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface shutdown Ethernet63 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface Ethernet63 shutdown + ``` + + shutdown multiple interfaces + ``` + admin@sonic:~$ sudo config interface shutdown Ethernet8,Ethernet16-20,Ethernet32 + ``` + +**config interface startup (Versions >= 201904)** + +**config interface startup (Versions <= 201811)** + +This command is used for administratively bringing up the Physical interface or port channel interface.Once if it is configured, use "show interfaces status" to check the same. + +- Usage: + + *Versions >= 201904* + ``` + config interface startup (for 201904+ version) + ``` + *Versions <= 201811* + ``` + config interface startup (for 201811- version) + ``` + +- Example: + + *Versions >= 201904* + ``` + admin@sonic:~$ sudo config interface startup Ethernet63 + ``` + *Versions <= 201811* + ``` + admin@sonic:~$ sudo config interface Ethernet63 startup + ``` + + startup multiple interfaces + ``` + admin@sonic:~$ sudo config interface startup Ethernet8,Ethernet16-20,Ethernet32 + ``` + +**config interface speed (Versions >= 202006)** + +Dynamic breakout feature is supported in SONiC from 202006 version. +User can configure any speed specified under "breakout_modes" keys for the parent interface in the platform-specific port configuration file (i.e. platform.json). + +For example for a breakout mode of 2x50G[25G,10G] the default speed is 50G but the interface also supports 25G and 10G. + +Refer [DPB HLD DOC](https://github.com/Azure/SONiC/blob/master/doc/dynamic-port-breakout/sonic-dynamic-port-breakout-HLD.md#cli-design) to know more about this command. + +**config interface speed (Versions >= 201904)** + +**config interface speed (Versions <= 201811)** + +This command is used to configure the speed for the Physical interface. Use the value 40000 for setting it to 40G and 100000 for 100G. Users need to know the device to configure it properly. + +- Usage: + + *Versions >= 201904* + ``` + config interface speed + ``` + *Versions <= 201811* + ``` + config interface speed + ``` + +- Example (Versions >= 201904): + ``` + admin@sonic:~$ sudo config interface speed Ethernet63 40000 + ``` + +- Example (Versions <= 201811): + ``` + admin@sonic:~$ sudo config interface Ethernet63 speed 40000 + + ``` + +**config interface transceiver lpmode** + +This command is used to enable or disable low-power mode for an SFP transceiver + +- Usage: + + ``` + config interface transceiver lpmode (enable | disable) + ``` + +- Examples: + + ``` + user@sonic~$ sudo config interface transceiver lpmode Ethernet0 enable + Enabling low-power mode for port Ethernet0... OK + + user@sonic~$ sudo config interface transceiver lpmode Ethernet0 disable + Disabling low-power mode for port Ethernet0... OK + ``` + +**config interface transceiver reset** + +This command is used to reset an SFP transceiver + +- Usage: + + ``` + config interface transceiver reset + ``` + +- Examples: + + ``` + user@sonic~$ sudo config interface transceiver reset Ethernet0 + Resetting port Ethernet0... OK + ``` + +**config interface mtu (Versions >= 201904)** + +This command is used to configure the mtu for the Physical interface. Use the value 1500 for setting max transfer unit size to 1500 bytes. + +- Usage: + + *Versions >= 201904* + ``` + config interface mtu + ``` + +- Example (Versions >= 201904): + ``` + admin@sonic:~$ sudo config interface mtu Ethernet64 1500 + ``` + +**config interface tpid (Versions >= 202106)** + +This command is used to configure the TPID for the Physical/PortChannel interface. default is 0x8100. Other allowed values if supported by HW SKU (0x9100, 0x9200, 0x88A8). + +- Usage: + + *Versions >= 202106* + ``` + config interface tpid + ``` + +- Example (Versions >= 202106): + ``` + admin@sonic:~$ sudo config interface tpid Ethernet64 0x9200 + ``` + +**config interface breakout (Versions >= 202006)** + +This command is used to set active breakout mode available for user-specified interface based on the platform-specific port configuration file(i.e. platform.json) +and the current mode set for the interface. + +Based on the platform.json and the current mode set in interface, this command acts on setting breakout mode for the interface. + +Double tab i.e. to see the available breakout option customized for each interface provided by the user. + +- Usage: + ``` + sudo config interface breakout --help + Usage: config interface breakout [OPTIONS] MODE + + Set interface breakout mode + + Options: + -f, --force-remove-dependencies + Clear all depenedecies internally first. + -l, --load-predefined-config load predefied user configuration (alias, + lanes, speed etc) first. + -y, --yes + -v, --verbose Enable verbose output + -?, -h, --help Show this message and exit. + ``` +- Example : + ``` + admin@sonic:~$ sudo config interface breakout Ethernet0 + + 1x100G[40G] 2x50G 4x25G[10G] + ``` + + This command also provides "--force-remove-dependencies/-f" option to CLI, which will automatically determine and remove the configuration dependencies using Yang models. + + ``` + admin@sonic:~$ sudo config interface breakout Ethernet0 4x25G[10G] -f -l -v -y + ``` + +For details please refer [DPB HLD DOC](https://github.com/Azure/SONiC/blob/master/doc/dynamic-port-breakout/sonic-dynamic-port-breakout-HLD.md#cli-design) to know more about this command. + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface autoneg (Versions >= 202106)** + +This command is used to set port auto negotiation mode. + +- Usage: + ``` + sudo config interface autoneg --help + Usage: config interface autoneg [OPTIONS] + + Set interface auto negotiation mode + + Options: + -v, --verbose Enable verbose output + -h, -?, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface autoneg Ethernet0 enabled + + admin@sonic:~$ sudo config interface autoneg Ethernet0 disabled + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface advertised-speeds (Versions >= 202106)** + +This command is used to set port advertised speed. + +- Usage: + ``` + sudo config interface advertised-speeds --help + Usage: config interface advertised-speeds [OPTIONS] + + Set interface advertised speeds + + Options: + -v, --verbose Enable verbose output + -h, -?, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface advertised-speeds Ethernet0 all + + admin@sonic:~$ sudo config interface advertised-speeds Ethernet0 50000,100000 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface advertised-types (Versions >= 202106)** + +This command is used to set port advertised interface types. + +- Usage: + ``` + sudo config interface advertised-types --help + Usage: config interface advertised-types [OPTIONS] + + Set interface advertised types + + Options: + -v, --verbose Enable verbose output + -h, -?, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface advertised-types Ethernet0 all + + admin@sonic:~$ sudo config interface advertised-types Ethernet0 CR,CR4 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface type (Versions >= 202106)** + +This command is used to set port interface type. + +- Usage: + ``` + sudo config interface type --help + Usage: config interface type [OPTIONS] + + Set interface type + + Options: + -v, --verbose Enable verbose output + -h, -?, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface type Ethernet0 CR4 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface cable_length (Versions >= 202006)** + +This command is used to configure the length of the cable connected to a port. The cable_length is in unit of meters and must be suffixed with "m". + +For details please refer [dynamic buffer management](#dynamic-buffer-management) + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface lossless_pg (Versions >= 202006)** + +This command is used to configure the priority groups on which lossless traffic runs. + +For details please refer [dynamic buffer management](#dynamic-buffer-management) + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface headroom_override (Versions >= 202006)** + +This command is used to configure a static buffer profile on a port's lossless priorities. There shouldn't be any `lossless_pg` configured on the port when configuring `headroom_override`. The port's headroom won't be updated after `headroom_override` has been configured on the port. + +For details please refer [dynamic buffer management](#dynamic-buffer-management) + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +**config interface mpls add (Versions >= 202106)** + +This command is used for adding MPLS operation on the interface. +MPLS operation for either physical, portchannel, or VLAN interface can be configured using this command. + + +- Usage: + ``` + sudo config interface mpls add --help + Usage: config interface mpls add [OPTIONS] + + Add MPLS operation on the interface + + Options: + -?, -h, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface mpls add Ethernet4 + ``` + +**config interface mpls remove (Versions >= 202106)** + +This command is used for removing MPLS operation on the interface. +MPLS operation for either physical, portchannel, or VLAN interface can be configured using this command. + +- Usage: + ``` + sudo config interface mpls remove --help + Usage: config interface mpls remove [OPTIONS] + + Remove MPLS operation from the interface + + Options: + -?, -h, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface mpls remove Ethernet4 + ``` + +**config interface ip loopback-action (Versions >= 202205)** + +This command is used for setting the action being taken on packets that ingress and get routed on the same IP interface. +Loopback action can be set on IP interface from type physical, portchannel, VLAN interface and VLAN subinterface. +Loopback action can be drop or forward. + +- Usage: + ``` + config interface ip loopback-action --help + Usage: config interface ip loopback-action [OPTIONS] + + Set IP interface loopback action + + Options: + -?, -h, --help Show this message and exit. + ``` + +- Example: + ``` + admin@sonic:~$ config interface ip loopback-action Ethernet0 drop + admin@sonic:~$ config interface ip loopback-action Ethernet0 forward + + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#interfaces) + +## Interface Naming Mode + +### Interface naming mode show commands +This command displays the current interface naming mode. Interface naming mode originally set to 'default'. Interfaces are referenced by default SONiC interface names. +Users can change the naming_mode using "config interface_naming_mode" command. + +**show interfaces naming_mode** + +This command displays the current interface naming mode + +- Usage: + ``` + show interfaces naming_mode + ``` + +- Examples: + ``` + admin@sonic:~$ show interfaces naming_mode + default + ``` + + - "default" naming mode will display all SONiC interface names in 'show' commands and accept SONiC interface names as parameters in 'config commands + + ``` + admin@sonic:~$ show interfaces naming_mode + alias + ``` + + - "alias" naming mode will display all hardware vendor interface aliases in 'show' commands and accept hardware vendor interface aliases as parameters in 'config commands + + +### Interface naming mode config commands + +**config interface_naming_ mode** + +This command is used to change the interface naming mode. +Users can select between default mode (SONiC interface names) or alias mode (Hardware vendor names). +The user must log out and log back in for changes to take effect. Note that the newly-applied interface mode will affect all interface-related show/config commands. + + +*NOTE: Some platforms do not support alias mapping. In such cases, this command is not applicable. Such platforms always use the same SONiC interface names.* + +- Usage: + ``` + config interface_naming_mode (default | alias) + ``` + + - Interface naming mode is originally set to 'default'. Interfaces are referenced by default SONiC interface names: + +- Example: + ``` + admin@sonic:~$ show interfaces naming_mode + default + + admin@sonic:~$ show interface status Ethernet0 + Interface Lanes Speed MTU Alias Oper Admin + ----------- -------- ------- ----- -------------- ------ ------- + Ethernet0 101,102 40G 9100 fortyGigE1/1/1 up up + + admin@sonic:~$ sudo config interface_naming_mode alias + Please logout and log back in for changes take effect. + ``` + + - After user logs out and logs back in again, interfaces will then referenced by hardware vendor aliases: + + ``` + admin@sonic:~$ show interfaces naming_mode + alias + + admin@sonic:~$ sudo config interface fortyGigE1/1/1 shutdown + admin@sonic:~$ show interface status fortyGigE1/1/1 + Interface Lanes Speed MTU Alias Oper Admin + ----------- -------- ------- ----- -------------- ------ ------- + Ethernet0 101,102 40G 9100 fortyGigE1/1/1 down down + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interface-naming-mode) + +## Interface Vrf binding + +### Interface vrf bind & unbind config commands + +**config interface vrf bind** + +This command is used to bind a interface to a vrf. +By default, all L3 interfaces will be in default vrf. Above vrf bind command will let users bind interface to a vrf. + +- Usage: + ``` + config interface vrf bind + ``` + +**config interface vrf unbind** + +This command is used to ubind a interface from a vrf. +This will move the interface to default vrf. + +- Usage: + ``` + config interface vrf unbind + ``` + + ### Interface vrf binding show commands + + To display interface vrf binding information, user can use show vrf command. Please refer sub-section [Vrf-show-command](#vrf-show-commands). + +Go Back To [Beginning of the document](#) or [Beginning of this section](#interface-vrf-binding) + +## IP / IPv6 + +### IP show commands + +This sub-section explains the various IP protocol specific show commands that are used to display the following. +1) routes +2) bgp details - Explained in the [bgp section](#show-bgp) +3) IP interfaces +4) prefix-list +5) protocol + +#### show ip route + +This command displays either all the route entries from the routing table or a specific route. + +- Usage: + ``` + show ip route [] [] + ``` + +- Example: + ``` + admin@sonic:~$ show ip route + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel, + > - selected route, * - FIB route + S>* 0.0.0.0/0 [200/0] via 10.11.162.254, eth0 + C>* 1.1.0.0/16 is directly connected, Vlan100 + C>* 10.1.1.0/31 is directly connected, Ethernet112 + C>* 10.1.1.2/31 is directly connected, Ethernet116 + C>* 10.11.162.0/24 is directly connected, eth0 + C>* 127.0.0.0/8 is directly connected, lo + C>* 240.127.1.0/24 is directly connected, docker0 + ``` + + - Optionally, you can specify an IP address in order to display only routes to that particular IP address + +- Example: + ``` + admin@sonic:~$ show ip route 10.1.1.0 + Routing entry for 10.1.1.0/31 + Known via "connected", distance 0, metric 0, best + * directly connected, Ethernet112 + ``` + + - Vrf-name can also be specified to get IPv4 routes programmed in the vrf. + + - Example: + ``` + admin@sonic:~$ show ip route vrf Vrf-red + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, + F - PBR, f - OpenFabric, + > - selected route, * - FIB route + VRF Vrf-red: + C>* 11.1.1.1/32 is directly connected, Loopback11, 21:50:47 + C>* 100.1.1.0/24 is directly connected, Vlan100, 03w1d06h + + admin@sonic:~$ show ip route vrf Vrf-red 11.1.1.1/32 + Routing entry for 11.1.1.1/32 + Known via "connected", distance 0, metric 0, vrf Vrf-red, best + Last update 21:57:53 ago + * directly connected, Loopback11 + ``` + +#### show ip interfaces + +This command displays the details about all the Layer3 IP interfaces in the device for which IP address has been assigned. +The type of interfaces include the following. +1) Front panel physical ports. +2) PortChannel. +3) VLAN interface. +4) Loopback interfaces +5) docker interface and +6) management interface + +- Usage: + ``` + show ip interfaces + ``` + +- Example: + ``` + admin@sonic:~$ show ip interfaces + Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP Flags + ------------- ------------ ------------------ -------------- ------------- ------------- ------- + Loopback0 1.0.0.1/32 up/up N/A N/A + Loopback11 Vrf-red 11.1.1.1/32 up/up N/A N/A + Loopback100 Vrf-blue 100.0.0.1/32 up/up N/A N/A + PortChannel01 10.0.0.56/31 up/down DEVICE1 10.0.0.57 + PortChannel02 10.0.0.58/31 up/down DEVICE2 10.0.0.59 + PortChannel03 10.0.0.60/31 up/down DEVICE3 10.0.0.61 + PortChannel04 10.0.0.62/31 up/down DEVICE4 10.0.0.63 + Vlan100 Vrf-red 1001.1.1/24 up/up N/A N/A + Vlan1000 192.168.0.1/27 up/up N/A N/A + docker0 240.127.1.1/24 up/down N/A N/A + eth0 10.3.147.252/23 up/up N/A N/A + lo 127.0.0.1/8 up/up N/A N/A + ``` + +#### show ip protocol + +This command displays the route-map that is configured for the routing protocol. +Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about this command. + +- Usage: + ``` + show ip protocol + ``` + +- Example: + ``` + admin@sonic:~$ show ip protocol + Protocol : route-map + ------------------------ + system : none + kernel : none + connected : none + static : none + rip : none + ripng : none + ospf : none + ospf6 : none + isis : none + bgp : RM_SET_SRC + pim : none + hsls : none + olsr : none + babel : none + any : none + ``` + +### IPv6 show commands + +This sub-section explains the various IPv6 protocol specific show commands that are used to display the following. +1) routes +2) IPv6 bgp details - Explained in the [bgp section](#show-bgp) +3) IP interfaces +4) protocol + +**show ipv6 route** + +This command displays either all the IPv6 route entries from the routing table or a specific IPv6 route. + +- Usage: + ``` + show ipv6 route [] [] + ``` + +- Example: + ``` + admin@sonic:~$ show ipv6 route + Codes: K - kernel route, C - connected, S - static, R - RIPng, + O - OSPFv6, I - IS-IS, B - BGP, A - Babel, + > - selected route, * - FIB route + + C>* ::1/128 is directly connected, lo + C>* 2018:2001::/126 is directly connected, Ethernet112 + C>* 2018:2002::/126 is directly connected, Ethernet116 + C>* fc00:1::32/128 is directly connected, lo + C>* fc00:1::102/128 is directly connected, lo + C>* fc00:2::102/128 is directly connected, eth0 + C * fe80::/64 is directly connected, Vlan100 + C * fe80::/64 is directly connected, Ethernet112 + C * fe80::/64 is directly connected, Ethernet116 + C * fe80::/64 is directly connected, Bridge + C * fe80::/64 is directly connected, PortChannel0011 + C>* fe80::/64 is directly connected, eth0 + ``` + - Optionally, you can specify an IPv6 address in order to display only routes to that particular IPv6 address + + +- Example: + ``` + admin@sonic:~$ show ipv6 route fc00:1::32 + Routing entry for fc00:1::32/128 + Known via "connected", distance 0, metric 0, best + * directly connected, lo + ``` + + Vrf-name can also be specified to get IPv6 routes programmed in the vrf. + + - Example: + ``` + admin@sonic:~$ show ipv6 route vrf Vrf-red + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, + F - PBR, f - OpenFabric, + > - selected route, * - FIB route + VRF Vrf-red: + C>* 1100::1/128 is directly connected, Loopback11, 21:50:47 + C>* 100::/112 is directly connected, Vlan100, 03w1d06h + C>* fe80::/64 is directly connected, Loopback11, 21:50:47 + C>* fe80::/64 is directly connected, Vlan100, 03w1d06h + + admin@sonic:~$ show ipv6 route vrf Vrf-red 1100::1/128 + Routing entry for 1100::1/128 + Known via "connected", distance 0, metric 0, vrf Vrf-red, best + Last update 21:57:53 ago + * directly connected, Loopback11 + ``` + +**show ipv6 interfaces** + +This command displays the details about all the Layer3 IPv6 interfaces in the device for which IPv6 address has been assigned. +The type of interfaces include the following. +1) Front panel physical ports. +2) PortChannel. +3) VLAN interface. +4) Loopback interfaces +5) management interface + +- Usage: + ``` + show ipv6 interfaces + ``` + +- Example: + ``` + admin@sonic:~$ show ipv6 interfaces + Interface Master IPv6 address/mask Admin/Oper BGP Neighbor Neighbor IP + ----------- -------- ---------------------------------------- ------------ -------------- ------------- + Bridge fe80::7c45:1dff:fe08:cdd%Bridge/64 up/up N/A N/A + Loopback11 Vrf-red 1100::1/128 up/up + PortChannel01 fc00::71/126 up/down DEVICE1 fc00::72 + PortChannel02 fc00::75/126 up/down DEVICE2 fc00::76 + PortChannel03 fc00::79/126 up/down DEVICE3 fc00::7a + PortChannel04 fc00::7d/126 up/down DEVICE4 fc00::7e + Vlan100 Vrf-red 100::1/112 up/up N/A N/A + fe80::eef4:bbff:fefe:880a%Vlan100/64 + eth0 fe80::eef4:bbff:fefe:880a%eth0/64 up/up N/A N/A + lo fc00:1::32/128 up/up N/A N/A + ``` + +**show ipv6 protocol** + +This command displays the route-map that is configured for the IPv6 routing protocol. +Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about this command. + + +- Usage: + ``` + show ipv6 protocol + ``` + +- Example: + ``` + admin@sonic:~$ show ipv6 protocol + Protocol : route-map + ------------------------ + system : none + kernel : none + connected : none + static : none + rip : none + ripng : none + ospf : none + ospf6 : none + isis : none + bgp : RM_SET_SRC6 + pim : none + hsls : none + olsr : none + babel : none + any : none + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#ip--ipv6) + +## IPv6 Link Local + +### IPv6 Link Local config commands + +This section explains all the commands that are supported in SONiC to configure IPv6 Link-local. + +**config interface ipv6 enable use-link-local-only ** + +This command enables user to enable an interface to forward L3 traffic with out configuring an address. This command creates the routing interface based on the auto generated IPv6 link-local address. This command can be used even if an address is configured on the interface. + +- Usage: + ``` + config interface ipv6 enable use-link-local-only + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only Vlan206 + admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only PortChannel007 + admin@sonic:~$ sudo config interface ipv6 enable use-link-local-only Ethernet52 + ``` + +**config interface ipv6 disable use-link-local-only ** + +This command enables user to disable use-link-local-only configuration on an interface. + +- Usage: + ``` + config interface ipv6 disable use-link-local-only + ``` + +- Example: + ``` + admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only Vlan206 + admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only PortChannel007 + admin@sonic:~$ sudo config interface ipv6 disable use-link-local-only Ethernet52 + ``` + +**config ipv6 enable link-local** + +This command enables user to enable use-link-local-only command on all the interfaces globally. + +- Usage: + ``` + sudo config ipv6 enable link-local + ``` + +- Example: + ``` + admin@sonic:~$ sudo config ipv6 enable link-local + ``` + +**config ipv6 disable link-local** + +This command enables user to disable use-link-local-only command on all the interfaces globally. + +- Usage: + ``` + sudo config ipv6 disable link-local + ``` + +- Example: + ``` + admin@sonic:~$ sudo config ipv6 disable link-local + ``` + +### IPv6 Link Local show commands + +**show ipv6 link-local-mode** + +This command displays the link local mode of all the interfaces. + +- Usage: + ``` + show ipv6 link-local-mode + ``` + +- Example: + ``` + root@sonic:/home/admin# show ipv6 link-local-mode + +------------------+----------+ + | Interface Name | Mode | + +==================+==========+ + | Ethernet16 | Disabled | + +------------------+----------+ + | Ethernet18 | Enabled | + +------------------+----------+ + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#ipv6-link-local) + +## Kubernetes + +### Kubernetes show commands + +**show kubernetes server config** + +This command displays the kubernetes server configuration, if any, else would report as not configured. + +- Usage: + ``` + show kubernetes server config + ``` + +- Example: + ``` + admin@sonic:~$ show kubernetes server config + ip port insecure disable + ----------- ------ ---------- --------- + 10.3.157.24 6443 True False + ``` + +**show kubernetes server status** + +This command displays the kubernetes server status. + +- Usage: + ``` + show kubernetes server status + ``` + +- Example: + ``` + admin@sonic:~$ show kubernetes server status + ip port connected update-time + ----------- ------ ----------- ------------------- + 10.3.157.24 6443 true 2020-11-15 18:25:05 + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#Kubernetes) + +## Linux Kernel Dump + +This section demonstrates the show commands and configuration commands of Linux kernel dump mechanism in SONiC. + +### Linux Kernel Dump show commands + +**show kdump config** + +This command shows the configuration of Linux kernel dump. + +- Usage: + ``` + show kdump config + ``` + +- Example: + ``` + admin@sonic:$ show kdump config + Kdump administrative mode: Disabled + Kdump operational mode: Unready + Kdump memory researvation: 0M-2G:256M,2G-4G:320M,4G-8G:384M,8G-:448M + Maximum number of Kdump files: 3 + ``` + +**show kdump files** + +This command shows the Linux kernel core dump files and dmesg files which are +generated by kernel dump tool. + +- Usage: + ``` + show kdump files + ``` + +- Example: + ``` + admin@sonic:~$ show kdump files + Kernel core dump files Kernel dmesg files + ------------------------------------------ ------------------------------------------ + /var/crash/202106242344/kdump.202106242344 /var/crash/202106242344/dmesg.202106242344 + /var/crash/202106242337/kdump.202106242337 /var/crash/202106242337/dmesg.202106242337 + ``` + +**show kdump logging ** + +By default, this command will show the last 10 lines of latest dmesg file. +This command can also accept a specific file name and number of lines as arguments. + +- Usage: + ``` + show kdump logging + ``` + +- Example: + ``` + admin@sonic:~$ show kdump logging + [ 157.642053] RSP: 002b:00007fff1beee708 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 + [ 157.732635] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc3887d4504 + [ 157.818015] RDX: 0000000000000002 RSI: 000055d388eceb40 RDI: 0000000000000001 + [ 157.903401] RBP: 000055d388eceb40 R08: 000000000000000a R09: 00007fc3888255f0 + [ 157.988784] R10: 000000000000000a R11: 0000000000000246 R12: 00007fc3888a6760 + [ 158.074166] R13: 0000000000000002 R14: 00007fc3888a1760 R15: 0000000000000002 + [ 158.159553] Modules linked in: nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_compat(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) i2c_mlxcpld(E) leds_mlxreg(E) mlxreg_io(E) mlxreg_hotplug(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) mlx_platform(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) intel_uncore(E) + [ 159.016731] intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) pcc_cpufreq(E) video(E) button(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) lm75(E) drm(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) tps53679(E) fuse(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) gpio_ich(E) ahci(E) + [ 159.864532] libahci(E) mlxsw_core(E) devlink(E) ehci_pci(E) ehci_hcd(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) usbcore(E) usb_common(E) lpc_ich(E) mfd_core(E) e1000e(E) fan(E) thermal(E) + [ 160.075846] CR2: 0000000000000000 + ``` +You can specify a file name in order to show its +last 10 lines. + +- Example: + ``` + admin@sonic:~$ show kdump logging dmesg.202106242337 + [ 654.120195] RSP: 002b:00007ffe697690f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 + [ 654.210778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcfca27b504 + [ 654.296157] RDX: 0000000000000002 RSI: 000055a6e4d1b3f0 RDI: 0000000000000001 + [ 654.381543] RBP: 000055a6e4d1b3f0 R08: 000000000000000a R09: 00007fcfca2cc5f0 + [ 654.466925] R10: 000000000000000a R11: 0000000000000246 R12: 00007fcfca34d760 + [ 654.552310] R13: 0000000000000002 R14: 00007fcfca348760 R15: 0000000000000002 + [ 654.637694] Modules linked in: binfmt_misc(E) nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_compat(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) mlxreg_hotplug(E) mlxreg_io(E) i2c_mlxcpld(E) leds_mlxreg(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) kvm(E) mlx_platform(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) + [ 655.493833] intel_uncore(E) intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) video(E) button(E) pcc_cpufreq(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) drm(E) lm75(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) fuse(E) tps53679(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) + [ 656.337476] gpio_ich(E) ahci(E) mlxsw_core(E) libahci(E) devlink(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) lpc_ich(E) mfd_core(E) ehci_pci(E) ehci_hcd(E) usbcore(E) e1000e(E) usb_common(E) fan(E) thermal(E) + [ 656.569590] CR2: 0000000000000000 + ``` +You can also specify a file name and number of lines in order to show the +last number of lines. + +- Example: + ``` + admin@sonic:~$ show kdump logging dmesg.202106242337 -l 20 + [ 653.525427] __handle_sysrq.cold.9+0x45/0xf2 + [ 653.576487] write_sysrq_trigger+0x2b/0x30 + [ 653.625472] proc_reg_write+0x39/0x60 + [ 653.669252] vfs_write+0xa5/0x1a0 + [ 653.708881] ksys_write+0x57/0xd0 + [ 653.748501] do_syscall_64+0x53/0x110 + [ 653.792287] entry_SYSCALL_64_after_hwframe+0x44/0xa9 + [ 653.852707] RIP: 0033:0x7fcfca27b504 + [ 653.895452] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 f9 61 0d 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 49 89 d4 55 48 89 f5 53 + [ 654.120195] RSP: 002b:00007ffe697690f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 + [ 654.210778] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcfca27b504 + [ 654.296157] RDX: 0000000000000002 RSI: 000055a6e4d1b3f0 RDI: 0000000000000001 + [ 654.381543] RBP: 000055a6e4d1b3f0 R08: 000000000000000a R09: 00007fcfca2cc5f0 + [ 654.466925] R10: 000000000000000a R11: 0000000000000246 R12: 00007fcfca34d760 + [ 654.552310] R13: 0000000000000002 R14: 00007fcfca348760 R15: 0000000000000002 + [ 654.637694] Modules linked in: binfmt_misc(E) nft_chain_route_ipv6(E) nft_chain_route_ipv4(E) xt_TCPMSS(E) dummy(E) team_mode_loadbalance(E) team(E) sx_bfd(OE) sx_netdev(OE) psample(E) sx_core(OE) 8021q(E) garp(E) mrp(E) mst_pciconf(OE) mst_pci(OE) xt_hl(E) xt_tcpudp(E) ip6_tables(E) nft_chain_nat_ipv4(E) nf_nat_ipv4(E) nft_compat(E) nft_counter(E) xt_conntrack(E) nf_nat(E) jc42(E) nf_conntrack_netlink(E) nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) libcrc32c(E) xfrm_user(E) xfrm_algo(E) mlxsw_minimal(E) mlxsw_i2c(E) i2c_mux_reg(E) i2c_mux(E) mlxreg_hotplug(E) mlxreg_io(E) i2c_mlxcpld(E) leds_mlxreg(E) mei_wdt(E) evdev(E) intel_rapl(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) kvm_intel(E) kvm(E) mlx_platform(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) intel_cstate(E) + [ 655.493833] intel_uncore(E) intel_rapl_perf(E) pcspkr(E) sg(E) iTCO_wdt(E) iTCO_vendor_support(E) mei_me(E) mei(E) bonding(E) video(E) button(E) pcc_cpufreq(E) ebt_vlan(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ebtable_nat(E) ebtable_filter(E) ebtables(E) nf_tables(E) nfnetlink(E) xdpe12284(E) at24(E) ledtrig_timer(E) tmp102(E) drm(E) lm75(E) coretemp(E) max1363(E) industrialio_triggered_buffer(E) kfifo_buf(E) industrialio(E) fuse(E) tps53679(E) pmbus(E) pmbus_core(E) i2c_dev(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) loop(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) fscrypto(E) ecb(E) crypto_simd(E) cryptd(E) glue_helper(E) aes_x86_64(E) nvme(E) nvme_core(E) nls_utf8(E) nls_cp437(E) nls_ascii(E) vfat(E) fat(E) overlay(E) squashfs(E) zstd_decompress(E) xxhash(E) sd_mod(E) + [ 656.337476] gpio_ich(E) ahci(E) mlxsw_core(E) libahci(E) devlink(E) crc32c_intel(E) libata(E) i2c_i801(E) scsi_mod(E) lpc_ich(E) mfd_core(E) ehci_pci(E) ehci_hcd(E) usbcore(E) e1000e(E) usb_common(E) fan(E) thermal(E) + [ 656.569590] CR2: 0000000000000000 + ``` +### Linux Kernel Dump config command + +**config kdump** + +Administrative state of kdump is stored in ConfigDB. + +The variable USE_KDUMP in the file /etc/default/kdump-tools is set to 0 to disable kdump, and set to 1 to enable kdump. + +Since this command might require changing the kernel parameters to specify the amount of memory reserved for the capture kernel (the kernel parameters which are exported through /proc/cmdline), a reboot is necessary. The command displays a message showing that kdump functionality will be either enabled or disabled following the next reboot. + +- Usage: +``` + admin@sonic:~$ config kdump + +Commands: + disable Disable the KDUMP mechanism + enable Enable the KDUMP mechanism + memory Configure the memory for KDUMP mechanism + num_dumps Configure the maximum dump files of KDUMP mechanism + +``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#kdump) + +## LLDP + +### LLDP show commands + +**show lldp table** + +This command displays the brief summary of all LLDP neighbors. + +- Usage: + ``` + show lldp table + ``` + +- Example: + ``` + admin@sonic:~$ show lldp table + Capability codes: (R) Router, (B) Bridge, (O) Other + LocalPort RemoteDevice RemotePortID Capability RemotePortDescr + ----------- ----------------- ------------------- ------------ -------------------- + Ethernet112 T1-1 hundredGigE1/2 BR T0-2:hundredGigE1/29 + Ethernet116 T1-2 hundredGigE1/2 BR T0-2:hundredGigE1/30 + eth0 swtor-b2lab2-1610 GigabitEthernet 0/2 OBR + -------------------------------------------------- + Total entries displayed: 3 + ``` + +**show lldp neighbors** + +This command displays more details about all LLDP neighbors or only the neighbors connected to a specific interface. + +- Usage: + ``` + show lldp neighbors + ``` + +- Example1: To display all neighbors in all interfaces + ``` + admin@sonic:~$ show lldp neighbors + ------------------------------------------------------------------------------- + LLDP neighbors: + ------------------------------------------------------------------------------- + Interface: eth0, via: LLDP, RID: 1, Time: 0 day, 12:21:21 + Chassis: + ChassisID: mac 00:01:e8:81:e3:45 + SysName: swtor-b2lab2-1610 + SysDescr: Dell Force10 Networks Real Time Operating System Software. Dell Force10 Operating System Version: 1.0. Dell Force10 Application Software Version: 8.3.3.10d. Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved.Build Time: Tue Sep 22 11:21:54 PDT 2015 + TTL: 20 + Capability: Repeater, on + Capability: Bridge, on + Capability: Router, on + Port: + PortID: ifname GigabitEthernet 0/2 + VLAN: 162, pvid: yes + ------------------------------------------------------------------------------- + Interface: Ethernet116, via: LLDP, RID: 3, Time: 0 day, 12:20:49 + Chassis: + ChassisID: mac 4c:76:25:e7:f0:c0 + SysName: T1-2 + SysDescr: Debian GNU/Linux 8 (jessie) Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2015-12-19) x86_64 + TTL: 120 + MgmtIP: 10.11.162.40 + Capability: Bridge, on + Capability: Router, on + Capability: Wlan, off + Capability: Station, off + Port: + PortID: local hundredGigE1/2 + PortDescr: T0-2:hundredGigE1/30 + ------------------------------------------------------------------------------- + ``` + +Optionally, you can specify an interface name in order to display only that particular interface + +- Example2: + ``` + admin@sonic:~$ show lldp neighbors Ethernet112 + show lldp neighbors Ethernet112 + ------------------------------------------------------------------------------- + LLDP neighbors: + ------------------------------------------------------------------------------- + Interface: Ethernet112, via: LLDP, RID: 2, Time: 0 day, 19:24:17 + Chassis: + ChassisID: mac 4c:76:25:e5:e6:c0 + SysName: T1-1 + SysDescr: Debian GNU/Linux 8 (jessie) Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2015-12-19) x86_64 + TTL: 120 + MgmtIP: 10.11.162.41 + Capability: Bridge, on + Capability: Router, on + Capability: Wlan, off + Capability: Station, off + Port: + PortID: local hundredGigE1/2 + PortDescr: T0-2:hundredGigE1/29 + ------------------------------------------------------------------------------- + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#lldp) + + +## Loading, Reloading And Saving Configuration + +This section explains the commands that are used to load the configuration from either the ConfigDB or from the minigraph. + +### Loading configuration from JSON file + +**config load** + +This command is used to load the configuration from a JSON file like the file which SONiC saves its configuration to, `/etc/sonic/config_db.json` +This command loads the configuration from the input file (if user specifies this optional filename, it will use that input file. Otherwise, it will use the default `/etc/sonic/config_db.json` file as the input file) into CONFIG_DB. +The configuration present in the input file is applied on top of the already running configuration. +This command does not flush the config DB before loading the new configuration (i.e., If the configuration present in the input file is same as the current running configuration, nothing happens) +If the config present in the input file is not present in running configuration, it will be added. +If the config present in the input file differs (when key matches) from that of the running configuration, it will be modified as per the new values for those keys. + +When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. +If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. + +- Usage: + ``` + config load [-y|--yes] [] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config load + Load config from the file /etc/sonic/config_db.json? [y/N]: y + Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db + ``` + +### Loading configuration from minigraph (XML) file + +**config load_minigraph** + +This command is used to load the configuration from /etc/sonic/minigraph.xml. +When users do not want to use configuration from config_db.json, they can copy the minigraph.xml configuration file to the device and load it using this command. +This command restarts various services running in the device and it takes some time to complete the command. + +NOTE: If the user had logged in using SSH, users might get disconnected and some configuration failures might happen which might be hard to recover. Users need to reconnect their SSH sessions after configuring the management IP address. It is recommended to execute this command from console port +NOTE: Management interface IP address and default route (or specific route) may require reconfiguration in case if those parameters are not part of the minigraph.xml. + +When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. +If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. + +When user specifies the optional argument "-n" or "--no-service-restart", this command loads the configuration without restarting dependent services +running on the device. One use case for this option is during boot time when config-setup service loads minigraph configuration and there is no services +running on the device. + +When user specifies the optional argument "-t" or "--traffic-shift-away", this command executes TSA command at the end to ensure the device remains in maintenance after loading minigraph. + +- Usage: + ``` + config load_minigraph [-y|--yes] [-n|--no-service-restart] [-t|--traffic-shift-away] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config load_minigraph + Reload config from minigraph? [y/N]: y + Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db + ``` + +### Reloading Configuration + +**config reload** + +This command is used to clear current configuration and import new configurationn from the input file or from /etc/sonic/config_db.json. +This command shall stop all services before clearing the configuration and it then restarts those services. + +This command restarts various services running in the device and it takes some time to complete the command. +NOTE: If the user had logged in using SSH, users **might get disconnected** depending upon the new management IP address. Users need to reconnect their SSH sessions. +In general, it is recommended to execute this command from console port after disconnecting all SSH sessions to the device. +When users to do “config reload” the newly loaded config may have management IP address, or it may not have management IP address. +If mgmtIP is there in the newly loaded config file, that mgmtIP might be same as previously configured value or it might be different. +This difference in mgmtIP address values results in following possible behaviours. + +Case1: Previously configured mgmtIP is same as newly loaded mgmtIP. The SSH session may not be affected at all, but it’s possible that there will be a brief interruption in the SSH session. But, assuming the client’s timeout value isn’t on the order of a couple of seconds, the session would most likely just resume again as soon as the interface is reconfigured and up with the same IP. +Case2: Previously configured mgmtIP is different from newly loaded mgmtIP. Users will lose their SSH connections. +Case3: Newly loaded config does not have any mgmtIP. Users will lose their SSH connections. + +NOTE: Management interface IP address and default route (or specific route) may require reconfiguration in case if those parameters are not part of the minigraph.xml. + +When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. +If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. + +When user specifies the optional argument "-n" or "--no-service-restart", this command clear and loads the configuration without restarting dependent services +running on the device. One use case for this option is during boot time when config-setup service loads existing old configuration and there is no services +running on the device. + +When user specifies the optional argument "-f" or "--force", this command ignores the system sanity checks. By default a list of sanity checks are performed and if one of the checks fail, the command will not execute. The sanity checks include ensuring the system status is not starting, all the essential services are up and swss is in ready state. + +- Usage: + ``` + config reload [-y|--yes] [-l|--load-sysinfo] [] [-n|--no-service-restart] [-f|--force] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config reload + Clear current config and reload config from the file /etc/sonic/config_db.json? [y/N]: y + Running command: systemctl stop dhcp_relay + Running command: systemctl stop swss + Running command: systemctl stop snmp + Warning: Stopping snmp.service, but it can still be activated by: + snmp.timer + Running command: systemctl stop lldp + Running command: systemctl stop pmon + Running command: systemctl stop bgp + Running command: systemctl stop teamd + Running command: /usr/local/bin/sonic-cfggen -H -k Force10-Z9100-C32 --write-to-db + Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/config_db.json --write-to-db + Running command: systemctl restart hostname-config + Running command: systemctl restart interfaces-config + Timeout, server 10.11.162.42 not responding. + ``` + When some sanity checks fail below error messages can be seen + ``` + admin@sonic:~$ sudo config reload -y + System is not up. Retry later or use -f to avoid system checks + ``` + ``` + admin@sonic:~$ sudo config reload -y + Relevant services are not up. Retry later or use -f to avoid system checks + ``` + ``` + admin@sonic:~$ sudo config reload -y + SwSS container is not ready. Retry later or use -f to avoid system checks + ``` + + +### Loading Management Configuration + +**config load_mgmt_config** + +This command is used to reconfigure hostname and mgmt interface based on device description file. +This command either uses the optional file specified as arguement or looks for the file "/etc/sonic/device_desc.xml". +If the file does not exist or if the file does not have valid fields for "hostname" and "ManagementAddress" (or "ManagementAddressV6"), it fails. + +When user specifies the optional argument "-y" or "--yes", this command forces the loading without prompting the user for confirmation. +If the argument is not specified, it prompts the user to confirm whether user really wants to load this configuration file. + +- Usage: + ``` + config load_mgmt_config [-y|--yes] [] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config load_mgmt_config + Reload config from minigraph? [y/N]: y + Running command: /usr/local/bin/sonic-cfggen -M /etc/sonic/device_desc.xml --write-to-db + ``` + + +### Saving Configuration to a File for Persistence + +**config save** + +This command is to save the config DB configuration into the user-specified filename or into the default /etc/sonic/config_db.json. This saves the configuration into the disk which is available even after reboots. +Saved file can be transferred to remote machines for debugging. If users wants to load the configuration from this new file at any point of time, they can use "config load" command and provide this newly generated file as input. If users wants this newly generated file to be used during reboot, they need to copy this file to /etc/sonic/config_db.json. + +- Usage: + ``` + config save [-y|--yes] [] + ``` + +- Example (Save configuration to /etc/sonic/config_db.json): + ``` + admin@sonic:~$ sudo config save -y + ``` + +- Example (Save configuration to a specified file): + ``` + admin@sonic:~$ sudo config save -y /etc/sonic/config2.json + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#loading-reloading-and-saving-configuration) + +## Loopback Interfaces + +### Loopback show commands + +Please check [show ip interfaces](#show-ip-interfaces) + +### Loopback config commands + +This sub-section explains how to create and delete loopback interfaces. + +**config interface loopback** + +This command is used to add or delete loopback interfaces. +It is recommended to use loopback names in the format "Loopbackxxx", where "xxx" is number of 1 to 3 digits. Ex: "Loopback11". + +- Usage: + ``` + config loopback (add | del) + ``` + +- Example (Create the loopback with name "Loopback11"): + ``` + admin@sonic:~$ sudo config loopback add Loopback11 + ``` + +## VRF Configuration + +### VRF show commands + +**show vrf** + +This command displays all vrfs configured on the system along with interface binding to the vrf. +If vrf-name is also provided as part of the command, if the vrf is created it will display all interfaces binding to the vrf, if vrf is not created nothing will be displayed. + +- Usage: + ``` + show vrf [] + ``` + +- Example: + ```` + admin@sonic:~$ show vrf + VRF Interfaces + ------- ------------ + default Vlan20 + Vrf-red Vlan100 + Loopback11 + Eth0.100 + Vrf-blue Loopback100 + Loopback102 + Ethernet0.10 + PortChannel101 + ```` + +### VRF config commands + +**config vrf add ** + +This command creates vrf in SONiC system with provided vrf-name. + +- Usage: + ``` +config vrf add +``` +Note: vrf-name should always start with keyword "Vrf" + +**config vrf del ** + +This command deletes vrf with name vrf-name. + +- Usage: + ``` +config vrf del +``` + +## Management VRF + +### Management VRF Show commands + +**show mgmt-vrf** + +This command displays whether the management VRF is enabled or disabled. It also displays the details about the the links (eth0, mgmt, lo-m) that are related to management VRF. + +- Usage: + ``` + show mgmt-vrf + ``` + +- Example: + ``` + admin@sonic:~$ show mgmt-vrf + + ManagementVRF : Enabled + + Management VRF interfaces in Linux: + 348: mgmt: mtu 65536 qdisc noqueue state UP mode DEFAULT group default qlen 1000 + link/ether f2:2a:d9:bc:e8:f0 brd ff:ff:ff:ff:ff:ff + 2: eth0: mtu 1500 qdisc mq master mgmt state UP mode DEFAULT group default qlen 1000 + link/ether 4c:76:25:f4:f9:f3 brd ff:ff:ff:ff:ff:ff + 350: lo-m: mtu 1500 qdisc noqueue master mgmt state UNKNOWN mode DEFAULT group default qlen 1000 + link/ether b2:4c:c6:f3:e9:92 brd ff:ff:ff:ff:ff:ff + + NOTE: The management interface "eth0" shows the "master" as "mgmt" since it is part of management VRF. + ``` + +**show mgmt-vrf routes** + +This command displays the routes that are present in the routing table 5000 that is meant for management VRF. + +- Usage: + ``` + show mgmt-vrf routes + ``` + +- Example: + ``` + admin@sonic:~$ show mgmt-vrf routes + + Routes in Management VRF Routing Table: + default via 10.16.210.254 dev eth0 metric 201 + broadcast 10.16.210.0 dev eth0 proto kernel scope link src 10.16.210.75 + 10.16.210.0/24 dev eth0 proto kernel scope link src 10.16.210.75 + local 10.16.210.75 dev eth0 proto kernel scope host src 10.16.210.75 + broadcast 10.16.210.255 dev eth0 proto kernel scope link src 10.16.210.75 + broadcast 127.0.0.0 dev lo-m proto kernel scope link src 127.0.0.1 + 127.0.0.0/8 dev lo-m proto kernel scope link src 127.0.0.1 + local 127.0.0.1 dev lo-m proto kernel scope host src 127.0.0.1 + broadcast 127.255.255.255 dev lo-m proto kernel scope link src 127.0.0.1 + ``` + +**show management_interface address** + +This command displays the IP address(es) configured for the management interface "eth0" and the management network default gateway. + +- Usage: + ``` + show management_interface address + ``` + +- Example: + ``` + admin@sonic:~$ show management_interface address + Management IP address = 10.16.210.75/24 + Management NetWork Default Gateway = 10.16.210.254 + Management IP address = FC00:2::32/64 + Management Network Default Gateway = fc00:2::1 + ``` + +**show snmpagentaddress** + +This command displays the configured SNMP agent IP addresses. + +- Usage: + ``` + show snmpagentaddress + ``` + +- Example: + ``` + admin@sonic:~$ show snmpagentaddress + ListenIP ListenPort ListenVrf + ---------- ------------ ----------- + 1.2.3.4 787 mgmt + ``` + +**show snmptrap** + +This command displays the configured SNMP Trap server IP addresses. + +- Usage: + ``` + show snmptrap + ``` + +- Example: + ``` + admin@sonic:~$ show snmptrap + Version TrapReceiverIP Port VRF Community + --------- ---------------- ------ ----- ----------- + 2 31.31.31.31 456 mgmt public + ``` + +### Management VRF Config commands + +**config vrf add mgmt** + +This command enables the management VRF in the system. This command restarts the "interfaces-config" service which in turn regenerates the /etc/network/interfaces file and restarts the "networking" service. This creates a new interface and l3mdev CGROUP with the name as "mgmt" and enslaves the management interface "eth0" into this master interface "mgmt". Note that the VRFName "mgmt" (or "management") is reserved for management VRF. i.e. Data VRFs should not use these reserved VRF names. + +- Usage: + ``` + config vrf add mgmt + ``` + +- Example: + ``` + admin@sonic:~$ sudo config vrf add mgmt + ``` + +**config vrf del mgmt** + +This command disables the management VRF in the system. This command restarts the "interfaces-config" service which in turn regenerates the /etc/network/interfaces file and restarts the "networking" service. This deletes the interface "mgmt" and deletes the l3mdev CGROUP named "mgmt" and puts back the management interface "eth0" into the default VRF. Note that the VRFName "mgmt" (or "management") is reserved for management VRF. i.e. Data VRFs should not use these reserved VRF names. + +- Usage: + ``` + config vrf del mgmt + ``` + +- Example: + ``` + admin@sonic:~$ sudo config vrf del mgmt + ``` + +**config snmpagentaddress add** + +This command adds the SNMP agent IP address on which the SNMP agent is expected to listen. When SNMP agent is expected to work as part of management VRF, users should specify the optional vrf_name parameter as "mgmt". This configuration goes into snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. + +- Usage: + ``` + config snmpagentaddress add [-p ] [-v ] agentip + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmpagentaddress add -v mgmt -p 123 21.22.13.14 + + Note: For this example, configuration goes into /etc/snmp/snmpd.conf inside snmp docker as follows. When "-v" parameter is not used, the additional "%" in the following line will not be present. + + agentAddress 21.22.13.14:123%mgmt + ``` + +**config snmpagentaddress del** + +This command deletes the SNMP agent IP address on which the SNMP agent is expected to listen. When users had added the agent IP as part of "mgmt" VRF, users should specify the optional vrf_name parameter as "mgmt" while deleting as well. This configuration is removed from snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. + +- Usage: + ``` + config snmpagentaddress del [-p ] [-v ] agentip + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmpagentaddress del -v mgmt -p 123 21.22.13.14 + + ``` + +**config snmptrap modify** + +This command modifies the SNMP trap server IP address to which the SNMP agent is expected to send the traps. Users can configure one server IP addrss for each SNMP version to send the traps. When SNMP agent is expected to send traps as part of management VRF, users should specify the optional vrf_name parameter as "mgmt". This configuration goes into snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. + +- Usage: + ``` + config snmptrap modify [-p ] [-v ] [-c ] trapserverip + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmptrap modify 2 -p 456 -v mgmt 21.21.21.21 + + For this example, configuration goes into /etc/snmp/snmpd.conf inside snmp docker as follows. When "-v" parameter is not used, the additional "%" in the following line will not be present. In case of SNMPv1, "trapsink" will be updated, in case of v2, "trap2sink" will be updated and in case of v3, "informsink" will be updated. + + trap2sink 31.31.31.31:456%mgmt public + + ``` + +**config snmptrap del** + +This command deletes the SNMP Trap server IP address to which SNMP agent is expected to send TRAPs. When users had added the trap server IP as part of "mgmt" VRF, users should specify the optional vrf_name parameter as "mgmt" while deleting as well. This configuration is removed from snmpd.conf that is used by SNMP agent. SNMP service is restarted to make this configuration effective in SNMP agent. + +- Usage: + ``` + config snmptrap del [-p ] [-v ] [-c ] trapserverip + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmptrap del -v mgmt -p 123 21.22.13.14 + + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#management-vrf) + +## Muxcable + +### Muxcable Show commands + +**show muxcable status** + +This command displays all the status of either all the ports which are connected to muxcable or any individual port selected by the user. The resultant table or json output will show the current status of muxcable on the port (auto/active) and also the health of the muxcable. + +- Usage: + ``` + show muxcable status [OPTIONS] [PORT] + ``` + +While displaying the muxcable status, users can configure the following fields + +- PORT optional - Port name should be a valid port +- --json optional - -- option to display the result in json format. By default output will be in tabular format. + +With no optional argument, all the ports muxcable status will be displayed in tabular form, or user can pass --json option to display in json format + +- Example: + ``` + admin@sonic:~$ show muxcable status + PORT STATUS HEALTH + ---------- -------- -------- + Ethernet32 active HEALTHY + Ethernet0 auto HEALTHY + ``` + ``` + admin@sonic:~$ show muxcable status --json + ``` + ```json + { + "MUX_CABLE": { + "Ethernet32": { + "STATUS": "active", + "HEALTH": "HEALTHY" + }, + "Ethernet0": { + "STATUS": "auto", + "HEALTH": "HEALTHY" + } + } + } + + ``` + ``` + admin@sonic:~$ show muxcable status Ethernet0 + PORT STATUS HEALTH + --------- -------- -------- + Ethernet0 auto HEALTHY + ``` + ``` + admin@sonic:~$ show muxcable status Ethernet0 --json + ``` + ```json + { + "MUX_CABLE": { + "Ethernet0": { + "STATUS": "auto", + "HEALTH": "HEALTHY" + } + } + } + ``` + +**show muxcable config** + +This command displays all the configurations of either all the ports which are connected to muxcable or any individual port selected by the user. The resultant table or json output will show the current configurations of muxcable on the port(active/standby) and also the ipv4 and ipv6 address of the port as well as peer TOR ip address with the hostname. + +- Usage: + ``` + show muxcable config [OPTIONS] [PORT] + ``` + +With no optional argument, all the ports muxcable configuration will be displayed in tabular form +While displaying the muxcable configuration, users can configure the following fields + +- PORT optional - Port name should be a valid port +- --json optional - option to display the result in json format. By default output will be in tabular format. + +- Example: + ``` + admin@sonic:~$ show muxcable config + SWITCH_NAME PEER_TOR + ------------- ---------- + sonic 10.1.1.1 + port state ipv4 ipv6 + --------- ------- -------- -------- + Ethernet0 active 10.1.1.1 fc00::75 + ``` + ``` + admin@sonic:~$ show muxcable config --json + ``` + ```json + { + "MUX_CABLE": { + "PEER_TOR": "10.1.1.1", + "PORTS": { + "Ethernet0": { + "STATE": "active", + "SERVER": { + "IPv4": "10.1.1.1", + "IPv6": "fc00::75" + } + } + } + } + } + ``` + ``` + admin@sonic:~$ show muxcable config Ethernet0 + SWITCH_NAME PEER_TOR + ------------- ---------- + sonic 10.1.1.1 + port state ipv4 ipv6 + --------- ------- -------- -------- + Ethernet0 active 10.1.1.1 fc00::75 + ``` + ``` + admin@sonic:~$ show muxcable config Ethernet0 --json + ``` + ```json + { + "MUX_CABLE": { + "PORTS": { + "Ethernet0": { + "STATE": "active", + "SERVER": { + "IPv4": "10.1.1.1", + "IPv6": "fc00::75" + } + } + } + } + } + ``` + +**show muxcable ber-info** + +This command displays the ber(Bit error rate) of the port user provides on the target user provides. The target provided as an integer corresponds to actual target as. +0 -> local +1 -> tor 1 +2 -> tor 2 +3 -> nic + +- Usage: + ``` + Usage: show muxcable ber-info [OPTIONS] PORT TARGET + ``` + + +- PORT required - Port number should be a valid port +- TARGET required - the actual target to get the ber info of. + +- Example: + ``` + admin@sonic:~$ show muxcable ber-info 1 1 + Lane1 Lane2 + ------- ------- + 0 0 + ``` + +**show muxcable ber-info** + +This command displays the eye info in mv(milli volts) of the port user provides on the target user provides. The target provided as an integer corresponds to actual target as. +0 -> local +1 -> tor 1 +2 -> tor 2 +3 -> nic + +- Usage: + ``` + Usage: show muxcable eye-info [OPTIONS] PORT TARGET + ``` + +- PORT required - Port number should be a valid port +- TARGET required - the actual target to get the eye info of. + +- Example: + ``` + admin@sonic:~$ show muxcable ber-info 1 1 + Lane1 Lane2 + ------- ------- + 632 622 + ``` + +### Muxcable Config commands + + +**config muxcable mode** + +This command is used for setting the configuration of a muxcable Port/all ports to be active or auto. The user has to enter a port number or else all to make the muxcable config operation on all the ports. Depending on the status of the muxcable port state the resultant output could be OK or INPROGRESS . OK would imply no change on the state, INPROGRESS would mean the toggle is happening in the background. + +- Usage: + ``` + config muxcable mode [OPTIONS] + ``` + +While configuring the muxcable, users needs to configure the following fields for the operation + +- operation_state, permitted operation to be configured which can only be auto or active +- PORT optional - Port name should be a valid port +- --json optional - option to display the result in json format. By default output will be in tabular format. + + +- Example: + ``` + admin@sonic:~$ sudo config muxcable mode active Ethernet0 + port state + --------- ------- + Ethernet0 OK + ``` + ``` + admin@sonic:~$ sudo config muxcable mode --json active Ethernet0 + ``` + ```json + { + "Ethernet0": "OK" + } + ``` + ``` + admin@sonic:~$ sudo config muxcable mode active all + port state + ---------- ---------- + Ethernet0 OK + Ethernet32 INPROGRESS + ``` + ``` + admin@sonic:~$ sudo config muxcable mode active all --json + ``` + ```json + { + "Ethernet32": "INPROGRESS", + "Ethernet0": "OK" + } + ``` +**config muxcable prbs enable/disable** + +This command is used for setting the configuration and enable/diable of prbs on a port user provides. While enabling in addition to port the user also needs to provides the target, prbs mode and lane map on which the user intends to run prbs on. The target reflects where the enable/dsiable will happen. + +- Usage: + ``` + config muxcable prbs enable [OPTIONS] PORT TARGET MODE_VALUE LANE_MAP + config muxcable prbs disable [OPTIONS] PORT TARGET + ``` + +While configuring the muxcable, users needs to configure the following fields for the operation + +- PORT required - Port number should be a valid port +- TARGET required - the actual target to run the prbs on + 0 -> local side, + 1 -> TOR 1 + 2 -> TOR 2 + 3 -> NIC +- MODE_VALUE required - the mode/type for configuring the PRBS mode. + 0x00 = PRBS 9, 0x01 = PRBS 15, 0x02 = PRBS 23, 0x03 = PRBS 31 +- LANE_MAP required - an integer representing the lane_map to be run PRBS on + 0bit for lane 0, 1bit for lane1 and so on. + for example 3 -> 0b'0011 , means running on lane0 and lane1 +- Example: + ``` + admin@sonic:~$ sudo config muxcable prbs enable 1 1 3 3 + PRBS config sucessful + admin@sonic:~$ sudo config muxcable prbs disable 1 0 + PRBS disable sucessful + ``` + +**config muxcable loopback enable/disable** + +This command is used for setting the configuration and enable/disable of loopback on a port user provides. While enabling in addition to port the user also needs to provides the target and lane map on which the user intends to run loopback on. The target reflects where the enable/dsiable will happen. + +- Usage: + ``` + config muxcable loopback enable [OPTIONS] PORT TARGET LANE_MAP + config muxcable loopback disable [OPTIONS] PORT TARGET + ``` + +While configuring the muxcable, users needs to configure the following fields for the operation + +- PORT required - Port number should be a valid port +- TARGET required - the actual target to run the loopback on + 0 -> local side, + 1 -> TOR 1 + 2 -> TOR 2 + 3 -> NIC +- LANE_MAP required - an integer representing the lane_map to be run loopback on + 0bit for lane 0, 1bit for lane1 and so on. + for example 3 -> 0b'0011 , means running on lane0 and lane1 + +- Example: + ``` + admin@sonic:~$ sudo config muxcable loopback enable 1 1 3 + loopback config sucessful + admin@sonic:~$ sudo config muxcable loopback disable 1 0 + loopback disable sucessfull + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#muxcable) + +## Mirroring + +### Mirroring Show commands + +**show mirror_session** + +This command displays all the mirror sessions that are configured. + +- Usage: + ``` + show mirror_session + ``` + +- Example: + ``` + admin@sonic:~$ show mirror_session + ERSPAN Sessions + Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction + ------ -------- -------- -------- ----- ------ ----- ------- --------- -------------- ---------- ----------- + everflow0 active 10.1.0.32 10.0.0.7 + + SPAN Sessions + Name Status DST Port SRC Port Direction + ------ -------- ---------- ------------- ----------- + port0 active Ethernet0 PortChannel10 rx + ``` + +### Mirroring Config commands + +**config mirror_session** + +This command is used to add or remove mirroring sessions. Mirror session is identified by "session_name". +This command supports configuring both SPAN/ERSPAN sessions. +In SPAN user can configure mirroring of list of source ports/LAG to destination port in ingress/egress/both directions. +In ERSPAN user can configure mirroring of list of source ports/LAG to a destination IP. +Both SPAN/ERSPAN support ACL based mirroring and can be used in ACL configurations. + +While adding a new ERSPAN session, users need to configure the following fields that are used while forwarding the mirrored packets. + +1) source IP address, +2) destination IP address, +3) DSCP (QoS) value with which mirrored packets are forwarded +4) TTL value +5) optional - GRE Type in case if user wants to send the packet via GRE tunnel. GRE type could be anything; it could also be left as empty; by default, it is 0x8949 for Mellanox; and 0x88be for the rest of the chips. +6) optional - Queue in which packets shall be sent out of the device. Valid values 0 to 7 for most of the devices. Users need to know their device and the number of queues supported in that device. +7) optional - Policer which will be used to control the rate at which frames are mirrored. +8) optional - List of source ports which can have both Ethernet and LAG ports. +9) optional - Direction - Mirror session direction when configured along with Source port. (Supported rx/tx/both. default direction is both) + +- Usage: + ``` + config mirror_session erspan add [gre_type] [queue] [policer ] [source-port-list] [direction] + ``` + + The following command is also supported to be backward compatible. + This command will be deprecated in future releases. + ``` + config mirror_session add [gre_type] [queue] + ``` + +- Example: + ``` + root@T1-2:~# config mirror_session add mrr_legacy 1.2.3.4 20.21.22.23 8 100 0x6558 0 + root@T1-2:~# show mirror_session + Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction + --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- + mrr_legacy inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 + + + root@T1-2:~# config mirror_session erspan add mrr_abcd 1.2.3.4 20.21.22.23 8 100 0x6558 0 + root@T1-2:~# show mirror_session + Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction + --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- + mrr_abcd inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 + root@T1-2:~# + + root@T1-2:~# config mirror_session erspan add mrr_port 1.2.3.4 20.21.22.23 8 100 0x6558 0 Ethernet0 + root@T1-2:~# show mirror_session + Name Status SRC IP DST IP GRE DSCP TTL Queue Policer Monitor Port SRC Port Direction + --------- -------- -------- ----------- ------ ------ ----- ------- --------- -------------- ---------- ----------- + mrr_port inactive 1.2.3.4 20.21.22.23 0x6558 8 100 0 Ethernet0 both + root@T1-2:~# + ``` + +While adding a new SPAN session, users need to configure the following fields that are used while forwarding the mirrored packets. +1) destination port, +2) optional - List of source ports- List of source ports which can have both Ethernet and LAG ports. +3) optional - Direction - Mirror session direction when configured along with Source port. (Supported rx/tx/both. default direction is both) +4) optional - Queue in which packets shall be sent out of the device. Valid values 0 to 7 for most of the devices. Users need to know their device and the number of queues supported in that device. +5) optional - Policer which will be used to control the rate at which frames are mirrored. + +- Usage: + ``` + config mirror_session span add [source-port-list] [direction] [queue] [policer ] + ``` + +- Example: + ``` + root@T1-2:~# config mirror_session span add port0 Ethernet0 Ethernet4,PortChannel001,Ethernet8 + root@T1-2:~# show mirror_session + Name Status DST Port SRC Port Direction + ------ -------- ---------- --------------------------------- ----------- + port0 active Ethernet0 Ethernet4,PortChannel10,Ethernet8 both + root@T1-2:~# + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#mirroring) + +## NAT + +### NAT Show commands + +**show nat config** + +This command displays the NAT configuration. + +- Usage: + ``` + show nat config [static | pool | bindings | globalvalues | zones] + ``` + +With no optional arguments, the whole NAT configuration is displayed. + +- Example: + ``` + admin@sonic:~$ show nat config static + + Nat Type IP Protocol Global IP Global L4 Port Local IP Local L4 Port Twice-Nat Id + -------- ----------- ------------ -------------- ------------- ------------- ------------ + dnat all 65.55.45.5 --- 10.0.0.1 --- --- + dnat all 65.55.45.6 --- 10.0.0.2 --- --- + dnat tcp 65.55.45.7 2000 20.0.0.1 4500 1 + snat tcp 20.0.0.2 4000 65.55.45.8 1030 1 + + admin@sonic:~$ show nat config pool + + Pool Name Global IP Range Global L4 Port Range + ------------ ------------------------- -------------------- + Pool1 65.55.45.5 1024-65535 + Pool2 65.55.45.6-65.55.45.8 --- + Pool3 65.55.45.10-65.55.45.15 500-1000 + + admin@sonic:~$ show nat config bindings + + Binding Name Pool Name Access-List Nat Type Twice-Nat Id + ------------ ------------ ------------ -------- ------------ + Bind1 Pool1 --- snat --- + Bind2 Pool2 1 snat 1 + Bind3 Pool3 2 snat -- + + admin@sonic:~$ show nat config globalvalues + + Admin Mode : enabled + Global Timeout : 600 secs + TCP Timeout : 86400 secs + UDP Timeout : 300 secs + + admin@sonic:~$ show nat config zones + + Port Zone + ---- ---- + Ethernet2 0 + Vlan100 1 + ``` + +**show nat statistics** + +This command displays the NAT translation statistics for each entry. + +- Usage: + ``` + show nat statistics + ``` + +- Example: + ``` + admin@sonic:~$ show nat statistics + + Protocol Source Destination Packets Bytes + -------- --------- -------------- ------------- ------------- + all 10.0.0.1 --- 802 1009280 + all 10.0.0.2 --- 23 5590 + tcp 20.0.0.1:4500 --- 110 12460 + udp 20.0.0.1:4000 --- 1156 789028 + tcp 20.0.0.1:6000 --- 30 34800 + tcp 20.0.0.1:5000 65.55.42.1:2000 128 110204 + tcp 20.0.0.1:5500 65.55.42.1:2000 8 3806 + ``` + +**show nat translations** + +This command displays the NAT translation entries. + +- Usage: + ``` + show nat translations [count] + ``` +Giving the optional count argument displays only the details about the number of translation entries. +- Example: + ``` + admin@sonic:~$ show nat translations + + Static NAT Entries ................. 4 + Static NAPT Entries ................. 2 + Dynamic NAT Entries ................. 0 + Dynamic NAPT Entries ................. 4 + Static Twice NAT Entries ................. 0 + Static Twice NAPT Entries ................. 4 + Dynamic Twice NAT Entries ................ 0 + Dynamic Twice NAPT Entries ................ 0 + Total SNAT/SNAPT Entries ................ 9 + Total DNAT/DNAPT Entries ................ 9 + Total Entries ................ 14 + + Protocol Source Destination Translated Source Translated Destination + -------- --------- -------------- ----------------- ---------------------- + all 10.0.0.1 --- 65.55.42.2 --- + all --- 65.55.42.2 --- 10.0.0.1 + all 10.0.0.2 --- 65.55.42.3 --- + all --- 65.55.42.3 --- 10.0.0.2 + tcp 20.0.0.1:4500 --- 65.55.42.1:2000 --- + tcp --- 65.55.42.1:2000 --- 20.0.0.1:4500 + udp 20.0.0.1:4000 --- 65.55.42.1:1030 --- + udp --- 65.55.42.1:1030 --- 20.0.0.1:4000 + tcp 20.0.0.1:6000 --- 65.55.42.1:1024 --- + tcp --- 65.55.42.1:1024 --- 20.0.0.1:6000 + tcp 20.0.0.1:5000 65.55.42.1:2000 65.55.42.1:1025 20.0.0.1:4500 + tcp 20.0.0.1:4500 65.55.42.1:1025 65.55.42.1:2000 20.0.0.1:5000 + tcp 20.0.0.1:5500 65.55.42.1:2000 65.55.42.1:1026 20.0.0.1:4500 + tcp 20.0.0.1:4500 65.55.42.1:1026 65.55.42.1:2000 20.0.0.1:5500 + + admin@sonic:~$ show nat translations count + + Static NAT Entries ................. 4 + Static NAPT Entries ................. 2 + Dynamic NAT Entries ................. 0 + Dynamic NAPT Entries ................. 4 + Static Twice NAT Entries ................. 0 + Static Twice NAPT Entries ................. 4 + Dynamic Twice NAT Entries ................ 0 + Dynamic Twice NAPT Entries ................ 0 + Total SNAT/SNAPT Entries ................ 9 + Total DNAT/DNAPT Entries ................ 9 + Total Entries ................ 14 + ``` + +### NAT Config commands + +**config nat add static** + +This command is used to add a static NAT or NAPT entry. +When configuring the Static NAT entry, user has to specify the following fields with 'basic' keyword. + +1. Global IP address, +2. Local IP address, +3. NAT type (snat / dnat) to be applied on the Global IP address. Default value is dnat. This is optinoal argument. +4. Twice NAT Id. This is optional argument used in case of twice nat configuration. + +When configuring the Static NAPT entry, user has to specify the following fields. + +1. IP protocol type (tcp / udp) +2. Global IP address + Port +3. Local IP address + Port +4. NAT type (snat / dnat) to be applied on the Global IP address + Port. Default value is dnat. This is optional argument. +5. Twicw NAT Id. This is optional argument used in case of twice nat configuration. + +- Usage: + ``` + config nat add static {{basic (global-ip) (local-ip)} | {{tcp | udp} (global-ip) (global-port) (local-ip) (local-port)}} [-nat_type {snat | dnat}] [-twice_nat_id (value)] + ``` + +To delete a static NAT or NAPT entry, use the command below. Giving the all argument deletes all the configured static NAT and NAPT entries. +``` +config nat remove static {{basic (global-ip) (local-ip)} | {{tcp | udp} (global-ip) (global-port) (local-ip) (local-port)} | all} +``` +- Example: + ``` + admin@sonic:~$ sudo config nat add static basic 65.55.45.1 12.12.12.14 -nat_type dnat + admin@sonic:~$ sudo config nat add static tcp 65.55.45.2 100 12.12.12.15 200 -nat_type dnat + + admin@sonic:~$ show nat translations + + Static NAT Entries ................. 2 + Static NAPT Entries ................. 2 + Dynamic NAT Entries ................. 0 + Dynamic NAPT Entries ................. 0 + Static Twice NAT Entries ................. 0 + Static Twice NAPT Entries ................. 0 + Dynamic Twice NAT Entries ................ 0 + Dynamic Twice NAPT Entries ................ 0 + Total SNAT/SNAPT Entries ................ 2 + Total DNAT/DNAPT Entries ................ 2 + Total Entries ................ 4 + + Protocol Source Destination Translated Source Translated Destination + -------- --------- -------------- ----------------- ---------------------- + all 12.12.12.14 --- 65.55.42.1 --- + all --- 65.55.42.1 --- 12.12.12.14 + tcp 12.12.12.15:200 --- 65.55.42.2:100 --- + tcp --- 65.55.42.2:100 --- 12.12.12.15:200 + ``` + +**config nat add pool** + +This command is used to create a NAT pool used for dynamic Source NAT or NAPT translations. +Pool can be configured in one of the following combinations. + +1. Global IP address range (or) +2. Global IP address + L4 port range (or) +3. Global IP address range + L4 port range. + +- Usage: + ``` + config nat add pool (pool-name) (global-ip-range) (global-port-range) + ``` +To delete a NAT pool, use the command. Pool cannot be removed if it is referenced by a NAT binding. Giving the pools argument removes all the configured pools. +``` +config nat remove {pool (pool-name) | pools} +``` +- Example: + ``` + admin@sonic:~$ sudo config nat add pool pool1 65.55.45.2-65.55.45.10 + admin@sonic:~$ sudo config nat add pool pool2 65.55.45.3 100-1024 + + admin@sonic:~$ show nat config pool + + Pool Name Global IP Range Global Port Range + ----------- ---------------------- ------------------- + pool1 65.55.45.2-65.55.45.10 --- + pool2 65.55.45.3 100-1024 + ``` + +**config nat add binding** + +This command is used to create a NAT binding between a pool and an ACL. The following fields are needed for configuring the binding. + + 1. ACL is an optional argument. If ACL argument is not given, the NAT binding is applicable to match all traffic. + 2. NAT type is an optional argument. Only DNAT type is supoprted for binding. + 3. Twice NAT Id is an optional argument. This Id is used to form a twice nat grouping with the static NAT/NAPT entry configured with the same Id. + +- Usage: + ``` + config nat add binding (binding-name) [(pool-name)] [(acl-name)] [-nat_type {snat | dnat}] [-twice_nat_id (value)] + ``` +To delete a NAT binding, use the command below. Giving the bindings argument removes all the configured bindings. +``` +config nat remove {binding (binding-name) | bindings} +``` +- Example: + ``` + admin@sonic:~$ sudo config nat add binding bind1 pool1 acl1 + admin@sonic:~$ sudo config nat add binding bind2 pool2 + + admin@sonic:~$ show nat config bindings + + Binding Name Pool Name Access-List Nat Type Twice-NAT Id + -------------- ----------- ------------- ---------- -------------- + bind1 pool1 acl1 snat --- + bind2 pool2 snat --- + ``` + +**config nat add interface** + +This command is used to configure NAT zone on an L3 interface. Default value of NAT zone on an L3 interface is 0. Valid range of zone values is 0-3. + +- Usage: + ``` + config nat add interface (interface-name) -nat_zone (value) + ``` +To reset the NAT zone on an interface, use the command below. Giving the interfaces argument resets the NAT zone on all the L3 interfaces to 0. +``` +config nat remove {interface (interface-name) | interfaces} +``` +- Example: + ``` + admin@sonic:~$ sudo config nat add interface Ethernet28 -nat_zone 1 + + admin@sonic:~$ show nat config zones + + Port Zone + ---------- ------ + Ethernet0 0 + Ethernet28 1 + Ethernet22 0 + Vlan2091 0 + ``` + +**config nat set** + +This command is used to set the NAT timeout values. Different timeout values can be configured for the NAT entry timeout, NAPT TCP entry timeout, NAPT UDP entry timeout. +Range for Global NAT entry timeout is 300 sec to 432000 sec, default value is 600 sec. +Range for TCP NAT/NAPT entry timeout is 300 sec to 432000 sec, default value is 86400 sec. +Range for UDP NAT/NAPT entry timeout is 120 sec to 600 sec, default value is 300 sec. + +- Usage: + ``` + config nat set {tcp-timeout (value) | timeout (value) | udp-timeout (value)} + ``` +To reset the timeout values to the default values, use the command +``` +config nat reset {tcp-timeout | timeout | udp-timeout} +``` +- Example: + ``` + admin@sonic:~$ sudo config nat add set tcp-timeout 3600 + + admin@sonic:~$ show nat config globalvalues + + Admin Mode : enabled + Global Timeout : 600 secs + TCP Timeout : 600 secs + UDP Timeout : 300 secs + ``` + +**config nat feature** + +This command is used to enable or disable the NAT feature. + +- Usage: + ``` + config nat feature {enable | disable} + ``` + +- Example: + ``` + admin@sonic:~$ sudo config nat feature enable + admin@sonic:~$ sudo config nat feature disable + ``` + +### NAT Clear commands + +**sonic-clear nat translations** + +This command is used to clear the dynamic NAT and NAPT translation entries. + +- Usage: + ``` + sonic-clear nat translations + ``` + +**sonic-clear nat statistics** + +This command is used to clear the statistics of all the NAT and NAPT entries. + +- Usage: + ``` + sonic-clear nat statistics + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#nat) + + +## NTP + +### NTP show commands + +**show ntp** + +This command displays a list of NTP peers known to the server as well as a summary of their state. + +- Usage: + ``` + show ntp + ``` + +- Example: + ``` + admin@sonic:~$ show ntp + synchronised to NTP server (204.2.134.164) at stratum 3 + time correct to within 326797 ms + polling server every 1024 s + + remote refid st t when poll reach delay offset jitter + ============================================================================== + 23.92.29.245 .XFAC. 16 u - 1024 0 0.000 0.000 0.000 + *204.2.134.164 46.233.231.73 2 u 916 1024 377 3.079 0.394 0.128 + ``` + + +### NTP Config Commands + +This sub-section of commands is used to add or remove the configured NTP servers. + +**config ntp add** + +This command is used to add a NTP server IP address to the NTP server list. Note that more that one NTP server IP address can be added in the device. + +- Usage: + ``` + config ntp add + ``` + +- Example: + ``` + admin@sonic:~$ sudo config ntp add 9.9.9.9 + NTP server 9.9.9.9 added to configuration + Restarting ntp-config service... + ``` + +**config ntp delete** + +This command is used to delete a configured NTP server IP address. + +- Usage: + ``` + config ntp del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config ntp del 9.9.9.9 + NTP server 9.9.9.9 removed from configuration + Restarting ntp-config service... + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#NTP) + +# PFC Watchdog Commands +Detailed description of the PFC Watchdog could be fount on the [this wiki page](https://github.com/Azure/SONiC/wiki/PFC-Watchdog) + +**config pfcwd start \** + +This command starts PFC Watchdog + +- Usage: + ``` + config pfcwd start --action drop all 400 --restoration-time 400 + config pfcwd start --action forward Ethernet0 Ethernet8 400 + ``` + +**config pfcwd stop** + +This command stops PFC Watchdog + +- Usage: + ``` + config pfcwd stop + ``` + +**config pfcwd interval \** + +This command sets PFC Watchdog counter polling interval (in ms) + +- Usage: + ``` + config pfcwd interval 200 + ``` + +**config pfcwd counter_poll \** + +This command enables or disables PFCWD related counters polling + +- Usage: + ``` + config pfcwd counter_poll disable + ``` + +**config pfcwd big_red_switch \** + +This command enables or disables PFCWD's "BIG RED SWITCH"(BRS). After enabling BRS PFC Watchdog will be activated on all ports/queues it is configured for no matter whether the storm was detected or not + +- Usage: + ``` + config pfcwd big_red_switch enable + ``` + +**config pfcwd start_default** + +This command starts PFC Watchdog with the default settings. + +- Usage: + ``` + config pfcwd start_default + ``` + +Default values are the following: + + - detection time - 200ms + - restoration time - 200ms + - polling interval - 200ms + - action - 'drop' + +Additionally if number of ports in the system exceeds 32, all times will be multiplied by roughly /32. + + +**show pfcwd config** + +This command shows current PFC Watchdog configuration + +- Usage: + ``` + show pfcwd config + ``` + +**show pfcwd stats** + +This command shows current PFC Watchdog statistics (storms detected, packets dropped, etc) + +- Usage: + ``` + show pfcwd stats + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#pfc-watchdog-commands) + +## Platform Component Firmware + +### Platform Component Firmware show commands + +**show platform firmware status** + +This command displays platform components firmware status information. + +- Usage: +```bash +show platform firmware status +``` + +- Example: +```bash +admin@sonic:~$ sudo show platform firmware status +Chassis Module Component Version Description +--------- -------- ----------- ----------------------- ---------------------------------------- +MSN3800 N/A ONIE 2020.11-5.2.0022-9600 ONIE - Open Network Install Environment + SSD 0202-000 SSD - Solid-State Drive + BIOS 0ACLH004_02.02.008_9600 BIOS - Basic Input/Output System + CPLD1 CPLD000120_REV0900 CPLD - Complex Programmable Logic Device + CPLD2 CPLD000165_REV0500 CPLD - Complex Programmable Logic Device + CPLD3 CPLD000166_REV0300 CPLD - Complex Programmable Logic Device + CPLD4 CPLD000167_REV0100 CPLD - Complex Programmable Logic Device +``` + +**show platform firmware updates** + +This command displays platform components firmware updates information. + +- Usage: +```bash +show platform firmware updates [-i|--image] +``` + +- Options: + - _-i|--image_: show updates using current/next SONiC image + + Valid values: + - current + - next + + Default: + - current + +- Example: +```bash +admin@sonic:~$ sudo show platform firmware updates +Chassis Module Component Firmware Version (Current/Available) Status +--------- -------- ----------- ------------------------------------------ ------------------------------------------------- ------------------ +MSN3800 N/A ONIE /usr/local/lib/firmware/mellanox/onie.bin 2020.11-5.2.0022-9600 / 2020.11-5.2.0024-9600 update is required + SSD /usr/local/lib/firmware/mellanox/ssd.bin 0202-000 / 0204-000 update is required + BIOS /usr/local/lib/firmware/mellanox/bios.bin 0ACLH004_02.02.008_9600 / 0ACLH004_02.02.010_9600 update is required + CPLD1 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000120_REV0900 / CPLD000120_REV0900 up-to-date + CPLD2 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000165_REV0500 / CPLD000165_REV0500 up-to-date + CPLD3 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000166_REV0300 / CPLD000166_REV0300 up-to-date + CPLD4 /usr/local/lib/firmware/mellanox/cpld.mpfa CPLD000167_REV0100 / CPLD000167_REV0100 up-to-date +``` + +- Note: + - current/next values for _-i|--image_ are taken from `sonic-installer list` + ```bash + admin@sonic:~$ sudo sonic-installer list + Current: SONiC-OS-202012.0-fb89c28c9 + Next: SONiC-OS-201911.0-2bec3004e + Available: + SONiC-OS-202012.0-fb89c28c9 + SONiC-OS-201911.0-2bec3004e + ``` + +**show platform firmware version** + +This command displays platform components firmware utility version. + +- Usage: +```bash +show platform firmware version +``` + +- Example: +```bash +admin@sonic:~$ show platform firmware version +fwutil version 2.0.0.0 +``` + +### Platform Component Firmware config commands + +**config platform firmware install** + +This command is used to install a platform component firmware. +Both modular and non modular chassis platforms are supported. + +- Usage: +```bash +config platform firmware install chassis component fw [-y|--yes] +config platform firmware install module component fw [-y|--yes] +``` + +- Options: + - _-y|--yes_: automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively + +- Example: +```bash +admin@sonic:~$ sudo config platform firmware install chassis component BIOS fw /usr/local/lib/firmware/mellanox/sn3800/chassis1/bios.bin +Warning: Immediate cold reboot is required to complete BIOS firmware update. +New firmware will be installed, continue? [y/N]: y +Installing firmware: + /usr/local/lib/firmware/mellanox/sn3800/chassis1/bios.bin + +admin@sonic:~$ sudo config platform firmware install module Module1 component BIOS fw https://www.mellanox.com/fw/sn3800/module1/bios.bin +Warning: Immediate cold reboot is required to complete BIOS firmware update. +New firmware will be installed, continue? [y/N]: y +Downloading firmware: + [##################################################] 100% +Installing firmware: + /tmp/bios.bin +``` + +- Note: + - can be absolute path or URL + +**config platform firmware update** + +This command is used to update a platform component firmware from current/next SONiC image. +Both modular and non modular chassis platforms are supported. + +FW update requires `platform_components.json` to be created and placed at: +sonic-buildimage/device///platform_components.json + +Example: +1. Non modular chassis platform +```json +{ + "chassis": { + "Chassis1": { + "component": { + "BIOS": { + "firmware": "/usr/local/lib/firmware///chassis1/bios.bin", + "version": "" + }, + "CPLD": { + "firmware": "/usr/local/lib/firmware///chassis1/cpld.bin", + "version": "" + }, + "FPGA": { + "firmware": "/usr/local/lib/firmware///chassis1/fpga.bin", + "version": "" + } + } + } + } +} +``` + +2. Modular chassis platform +```json +{ + "chassis": { + "Chassis1": { + "component": { + "BIOS": { + "firmware": "/usr/local/lib/firmware///chassis1/bios.bin", + "version": "" + }, + "CPLD": { + "firmware": "/usr/local/lib/firmware///chassis1/cpld.bin", + "version": "" + }, + "FPGA": { + "firmware": "/usr/local/lib/firmware///chassis1/fpga.bin", + "version": "" + } + } + } + }, + "module": { + "Module1": { + "component": { + "CPLD": { + "firmware": "/usr/local/lib/firmware///module1/cpld.bin", + "version": "" + }, + "FPGA": { + "firmware": "/usr/local/lib/firmware///module1/fpga.bin", + "version": "" + } + } + } + } +} +``` + +- Usage: +```bash +config platform firmware update chassis component fw [-y|--yes] [-f|--force] [-i|--image] +config platform firmware update module component fw [-y|--yes] [-f|--force] [-i|--image] +``` + +- Options: + - _-y|--yes_: automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively + - _-f|--force_: update FW regardless the current version + - _-i|--image_: update FW using current/next SONiC image + + Valid values: + - current + - next + + Default: + - current + +- Example: +```bash +admin@sonic:~$ sudo config platform firmware update chassis component BIOS fw +Warning: Immediate cold reboot is required to complete BIOS firmware update. +New firmware will be installed, continue? [y/N]: y +Updating firmware: + /usr/local/lib/firmware/mellanox/x86_64-mlnx_msn3800-r0/chassis1/bios.bin + +admin@sonic:~$ sudo config platform firmware update module Module1 component BIOS fw +Warning: Immediate cold reboot is required to complete BIOS firmware update. +New firmware will be installed, continue? [y/N]: y +Updating firmware: + /usr/local/lib/firmware/mellanox/x86_64-mlnx_msn3800-r0/module1/bios.bin +``` + +- Note: + - FW update will be disabled if component definition is not provided (e.g., 'BIOS': { }) + - FW version will be read from image if `version` field is not provided + - current/next values for _-i|--image_ are taken from `sonic-installer list` + ```bash + admin@sonic:~$ sudo sonic-installer list + Current: SONiC-OS-202012.0-fb89c28c9 + Next: SONiC-OS-201911.0-2bec3004e + Available: + SONiC-OS-202012.0-fb89c28c9 + SONiC-OS-201911.0-2bec3004e + ``` + +### Platform Component Firmware vendor specific behaviour + +#### Mellanox + +**CPLD update** + +On Mellanox platforms CPLD update can be done either for single or for all components at once. +The second approach is preferred. In this case an aggregated `vme` binary is used and +CPLD component can be specified arbitrary. + +- Example: +```bash +root@sonic:/home/admin# show platform firmware +Chassis Module Component Version Description +---------------------- -------- ----------- ----------------------- ---------------------------------------- +x86_64-mlnx_msn3800-r0 N/A BIOS 0ACLH004_02.02.007_9600 BIOS - Basic Input/Output System + CPLD1 CPLD000000_REV0400 CPLD - Complex Programmable Logic Device + CPLD2 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device + CPLD3 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device + CPLD4 CPLD000000_REV0100 CPLD - Complex Programmable Logic Device + +root@sonic:/home/admin# BURN_VME="$(pwd)/FUI000091_Burn_SN3800_CPLD000120_REV0600_CPLD000165_REV0400_CPLD000166_REV0300_CPLD000167_REV0100.vme" +root@sonic:/home/admin# REFRESH_VME="$(pwd)/FUI000091_Refresh_SN3800_CPLD000120_REV0600_CPLD000165_REV0400_CPLD000166_REV0300_CPLD000167_REV0100.vme" + +root@sonic:/home/admin# config platform firmware install chassis component CPLD1 fw -y ${BURN_VME} +root@sonic:/home/admin# config platform firmware install chassis component CPLD1 fw -y ${REFRESH_VME} + +root@sonic:/home/admin# show platform firmware +Chassis Module Component Version Description +---------------------- -------- ----------- ----------------------- ---------------------------------------- +x86_64-mlnx_msn3800-r0 N/A BIOS 0ACLH004_02.02.007_9600 BIOS - Basic Input/Output System + CPLD1 CPLD000000_REV0600 CPLD - Complex Programmable Logic Device + CPLD2 CPLD000000_REV0400 CPLD - Complex Programmable Logic Device + CPLD3 CPLD000000_REV0300 CPLD - Complex Programmable Logic Device + CPLD4 CPLD000000_REV0100 CPLD - Complex Programmable Logic Device +``` + +Note: the update will have the same effect if any of CPLD1/CPLD2/CPLD3/CPLD4 will be used + +Go Back To [Beginning of the document](#) or [Beginning of this section](#platform-component-firmware) + + +## Platform Specific Commands + +### Mellanox Platform Specific Commands + +There are few commands that are platform specific. Mellanox has used this feature and implemented Mellanox specific commands as follows. + +**show platform mlnx sniffer** + +This command shows the SDK sniffer status + +- Usage: + ``` + show platform mlnx sniffer + ``` + +- Example: + ``` + admin@sonic:~$ show platform mlnx sniffer + sdk sniffer is disabled + ``` + +**show platform mlnx sniffer** + +Another show command available on ‘show platform mlnx’ which is the issu status. +This means if ISSU is enabled on this SKU or not. A warm boot command can be executed only when ISSU is enabled on the SKU. + +- Usage: + ``` + show platform mlnx issu + ``` + +- Example: + ``` + admin@sonic:~$ show platform mlnx issu + ISSU is enabled + ``` + +In the case ISSU is disabled and warm-boot is called, the user will get a notification message explaining that the command cannot be invoked. + +- Example: + ``` + admin@sonic:~$ sudo warm-reboot + ISSU is not enabled on this HWSKU + Warm reboot is not supported + ``` + +**config platform mlnx** + +This command is valid only on mellanox devices. The sub-commands for "config platform" gets populated only on mellanox platforms. +There are no other subcommands on non-Mellanox devices and hence this command appears empty and useless in other platforms. +The platform mellanox command currently includes a single sub command which is the SDK sniffer. +The SDK sniffer is a troubleshooting tool which records the RPC calls from the Mellanox SDK user API library to the sx_sdk task into a .pcap file. +This .pcap file can be replayed afterward to get the exact same configuration state on SDK and FW to reproduce and investigate issues. + +A new folder will be created to store the sniffer files: "/var/log/mellanox/sniffer/". The result file will be stored in a .pcap file, which includes a time stamp of the starting time in the file name, for example, "sx_sdk_sniffer_20180224081306.pcap" +In order to have a complete .pcap file with all the RPC calls, the user should disable the SDK sniffer. Swss service will be restarted and no capturing is taken place from that moment. +It is recommended to review the .pcap file while sniffing is disabled. +Once SDK sniffer is enabled/disabled, the user is requested to approve that swss service will be restarted. +For example: To change SDK sniffer status, swss service will be restarted, continue? [y/N]: +In order to avoid that confirmation the -y / --yes option should be used. + +- Usage: + ``` + config platform mlnx sniffer sdk [-y|--yes] + ``` + +- Example: + ``` + admin@sonic:~$ config platform mlnx sniffer sdk + To change SDK sniffer status, swss service will be restarted, continue? [y/N]: y + NOTE: In order to avoid that confirmation the -y / --yes option should be used. + ``` + +### Barefoot Platform Specific Commands + +**show platform barefoot profile** + +This command displays active P4 profile and lists available ones. + +- Usage: + ``` + show platform barefoot profile + ``` + +- Example: + ``` + admin@sonic:~$ show platform barefoot profile + Current profile: x1 + Available profile(s): + x1 + x2 + ``` + +**config platform barefoot profile** + +This command sets P4 profile. + +- Usage: + ``` + config platform barefoot profile [-y|--yes] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config platform barefoot profile x1 + Swss service will be restarted, continue? [y/N]: y + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#platform-specific-commands) + + +## PortChannels + +### PortChannel Show commands + +**show interfaces portchannel** + +This command displays all the port channels that are configured in the device and its current status. + +- Usage: + ``` + show interfaces portchannel + ``` + +- Example: + ``` + admin@sonic:~$ show interfaces portchannel + Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available, S - selected, D - deselected + No. Team Dev Protocol Ports + ----- ------------- ----------- --------------------------- + 24 PortChannel24 LACP(A)(Up) Ethernet28(S) Ethernet24(S) + 48 PortChannel48 LACP(A)(Up) Ethernet52(S) Ethernet48(S) + 40 PortChannel40 LACP(A)(Up) Ethernet44(S) Ethernet40(S) + 0 PortChannel0 LACP(A)(Up) Ethernet0(S) Ethernet4(S) + 8 PortChannel8 LACP(A)(Up) Ethernet8(S) Ethernet12(S) + ``` + + +### PortChannel Config commands + +This sub-section explains how to configure the portchannel and its member ports. + +**config portchannel** + +This command is used to add or delete the portchannel. +It is recommended to use portchannel names in the format "PortChannelxxxx", where "xxxx" is number of 1 to 4 digits. Ex: "PortChannel0002". + +NOTE: If users specify any other name like "pc99", command will succeed, but such names are not supported. Such names are not printed properly in the "show interface portchannel" command. It is recommended not to use such names. + +When any port is already member of any other portchannel and if user tries to add the same port in some other portchannel (without deleting it from the current portchannel), the command fails internally. But, it does not print any error message. In such cases, remove the member from current portchannel and then add it to new portchannel. + +Command takes two optional arguements given below. +1) min-links - minimum number of links required to bring up the portchannel +2) fallback - true/false. LACP fallback feature can be enabled / disabled. When it is set to true, only one member port will be selected as active per portchannel during fallback mode. Refer https://github.com/Azure/SONiC/blob/master/doc/lag/LACP%20Fallback%20Feature%20for%20SONiC_v0.5.md for more details about fallback feature. +3) fast-rate - true/false, default is false (slow). Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode. slow - request partner to transmit LACPDUs every 30 seconds, fast - request partner to transmit LACPDUs every 1 second. In slow mode 60-90 seconds needed to detect linkdown, in fast mode only 2-3 seconds. + +A port channel can be deleted only if it does not have any members or the members are already deleted. When a user tries to delete a port channel and the port channel still has one or more members that exist, the deletion of port channel is blocked. + +- Usage: + ``` + config portchannel (add | del) [--min-links ] [--fallback (true | false) [--fast-rate (true | false)] + ``` + +- Example (Create the portchannel with name "PortChannel0011"): + ``` + admin@sonic:~$ sudo config portchannel add PortChannel0011 + ``` + +**config portchannel member** + +This command adds or deletes a member port to/from the already created portchannel. + +- Usage: + ``` + config portchannel member (add | del) + ``` + +- Example (Add interface Ethernet4 as member of the portchannel "PortChannel0011"): + ``` + admin@sonic:~$ sudo config portchannel member add PortChannel0011 Ethernet4 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#portchannels) + +## NVGRE + +This section explains the various show commands and configuration commands available for users. + +### NVGRE show commands + +This subsection explains how to display the NVGRE configuration. + +**show nvgre-tunnel** + +This command displays the NVGRE tunnel configuration. + +- Usage: +```bash +show nvgre-tunnel +``` + +- Example: +```bash +admin@sonic:~$ show nvgre-tunnel +TUNNEL NAME SRC IP +------------- -------- +tunnel_1 10.0.0.1 +``` + +**show nvgre-tunnel-map** + +This command displays the NVGRE tunnel map configuration. + +- Usage: +```bash +show nvgre-tunnel-map +``` + +- Example: +```bash +admin@sonic:~$ show nvgre-tunnel-map +TUNNEL NAME TUNNEL MAP NAME VLAN ID VSID +------------- ----------------- --------- ------ +tunnel_1 Vlan1000 1000 5000 +tunnel_1 Vlan2000 2000 6000 +``` + +### NVGRE config commands + +This subsection explains how to configure the NVGRE. + +**config nvgre-tunnel** + +This command is used to manage the NVGRE tunnel objects. +It supports add/delete operations. + +- Usage: +```bash +config nvgre-tunnel add --src-ip +config nvgre-tunnel delete +``` + +- Parameters: + - _tunnel-name_: the name of the NVGRE tunnel + - _src-ip_: source ip address + +- Examples: +```bash +config nvgre-tunnel add 'tunnel_1' --src-ip '10.0.0.1' +config nvgre-tunnel delete 'tunnel_1' +``` + +**config nvgre-tunnel-map** + +This command is used to manage the NVGRE tunnel map objects. +It supports add/delete operations. + +- Usage: +```bash +config nvgre-tunnel-map add --vlan-id --vsid +config nvgre-tunnel-map delete +``` + +- Parameters: + - _tunnel-name_: the name of the NVGRE tunnel + - _tunnel-map-name_: the name of the NVGRE tunnel map + - _vlan-id_: VLAN identifier + - _vsid_: Virtual Subnet Identifier + +- Examples: +```bash +config nvgre-tunnel-map add 'tunnel_1' 'Vlan2000' --vlan-id '2000' --vsid '6000' +config nvgre-tunnel-map delete 'tunnel_1' 'Vlan2000' +``` + +## PBH + +This section explains the various show commands and configuration commands available for users. + +### PBH show commands + +This subsection explains how to display PBH configuration and statistics. + +**show pbh table** + +This command displays PBH table configuration. + +- Usage: +```bash +show pbh table +``` + +- Example: +```bash +admin@sonic:~$ show pbh table +NAME INTERFACE DESCRIPTION +--------- --------------- --------------- +pbh_table Ethernet0 NVGRE and VxLAN + Ethernet4 + PortChannel0001 + PortChannel0002 +``` + +**show pbh rule** + +This command displays PBH rule configuration. + +- Usage: +```bash +show pbh rule +``` + +- Example: +```bash +admin@sonic:~$ show pbh rule +TABLE RULE PRIORITY MATCH HASH ACTION COUNTER +--------- ------ ---------- ------------------------------------ ------------- ------------- --------- +pbh_table nvgre 2 ether_type: 0x0800 inner_v6_hash SET_ECMP_HASH DISABLED + ip_protocol: 0x2f + gre_key: 0x2500/0xffffff00 + inner_ether_type: 0x86dd +pbh_table vxlan 1 ether_type: 0x0800 inner_v4_hash SET_LAG_HASH ENABLED + ip_protocol: 0x11 + l4_dst_port: 0x12b5 + inner_ether_type: 0x0800 +``` + +**show pbh hash** + +This command displays PBH hash configuration. + +- Usage: +```bash +show pbh hash +``` + +- Example: +```bash +admin@sonic:~$ show pbh hash +NAME HASH FIELD +------------- ----------------- +inner_v4_hash inner_ip_proto + inner_l4_dst_port + inner_l4_src_port + inner_dst_ipv4 + inner_src_ipv4 +inner_v6_hash inner_ip_proto + inner_l4_dst_port + inner_l4_src_port + inner_dst_ipv6 + inner_src_ipv6 +``` + +**show pbh hash-field** + +This command displays PBH hash field configuration. + +- Usage: +```bash +show pbh hash-field +``` + +- Example: +```bash +admin@sonic:~$ show pbh hash-field +NAME FIELD MASK SEQUENCE SYMMETRIC +----------------- ----------------- --------- ---------- ----------- +inner_ip_proto INNER_IP_PROTOCOL N/A 1 No +inner_l4_dst_port INNER_L4_DST_PORT N/A 2 Yes +inner_l4_src_port INNER_L4_SRC_PORT N/A 2 Yes +inner_dst_ipv4 INNER_DST_IPV4 255.0.0.0 3 Yes +inner_src_ipv4 INNER_SRC_IPV4 0.0.0.255 3 Yes +inner_dst_ipv6 INNER_DST_IPV6 ffff:: 4 Yes +inner_src_ipv6 INNER_SRC_IPV6 ::ffff 4 Yes +``` + +- Note: + - _SYMMETRIC_ is an artificial column and is only used to indicate fields symmetry + +**show pbh statistics** + +This command displays PBH statistics. + +- Usage: +```bash +show pbh statistics +``` + +- Example: +```bash +admin@sonic:~$ show pbh statistics +TABLE RULE RX PACKETS COUNT RX BYTES COUNT +--------- ------ ------------------ ---------------- +pbh_table nvgre 0 0 +pbh_table vxlan 0 0 +``` + +- Note: + - _RX PACKETS COUNT_ and _RX BYTES COUNT_ can be cleared by user: + ```bash + admin@sonic:~$ sonic-clear pbh statistics + ``` + +### PBH config commands + +This subsection explains how to configure PBH. + +**config pbh table** + +This command is used to manage PBH table objects. +It supports add/update/remove operations. + +- Usage: +```bash +config pbh table add --interface-list --description +config pbh table update [ --interface-list ] [ --description ] +config pbh table delete +``` + +- Parameters: + - _table_name_: the name of the PBH table + - _interface_list_: interfaces to which PBH table is applied + - _description_: the description of the PBH table + +- Examples: +```bash +config pbh table add 'pbh_table' \ +--interface-list 'Ethernet0,Ethernet4,PortChannel0001,PortChannel0002' \ +--description 'NVGRE and VxLAN' +config pbh table update 'pbh_table' \ +--interface-list 'Ethernet0' +config pbh table delete 'pbh_table' +``` + +**config pbh rule** + +This command is used to manage PBH rule objects. +It supports add/update/remove operations. + +- Usage: +```bash +config pbh rule add --priority \ +[ --gre-key ] [ --ether-type ] [ --ip-protocol ] \ +[ --ipv6-next-header ] [ --l4-dst-port ] [ --inner-ether-type ] \ +--hash [ --packet-action ] [ --flow-counter ] +config pbh rule update [ --priority ] \ +[ --gre-key ] [ --ether-type ] [ --ip-protocol ] \ +[ --ipv6-next-header ] [ --l4-dst-port ] [ --inner-ether-type ] \ +[ --hash ] [ --packet-action ] [ --flow-counter ] +config pbh rule delete +``` + +- Parameters: + - _table_name_: the name of the PBH table + - _rule_name_: the name of the PBH rule + - _priority_: the priority of the PBH rule + - _gre_key_: packet match for the PBH rule: GRE key (value/mask) + - _ether_type_: packet match for the PBH rule: EtherType (IANA Ethertypes) + - _ip_protocol_: packet match for the PBH rule: IP protocol (IANA Protocol Numbers) + - _ipv6_next_header_: packet match for the PBH rule: IPv6 Next header (IANA Protocol Numbers) + - _l4_dst_port_: packet match for the PBH rule: L4 destination port + - _inner_ether_type_: packet match for the PBH rule: inner EtherType (IANA Ethertypes) + - _hash_: _hash_ object to apply with the PBH rule + - _packet_action_: packet action for the PBH rule + + Valid values: + - SET_ECMP_HASH + - SET_LAG_HASH + + Default: + - SET_ECMP_HASH + + - _flow_counter_: packet/byte counter for the PBH rule + + Valid values: + - DISABLED + - ENABLED + + Default: + - DISABLED + +- Examples: +```bash +config pbh rule add 'pbh_table' 'nvgre' \ +--priority '2' \ +--ether-type '0x0800' \ +--ip-protocol '0x2f' \ +--gre-key '0x2500/0xffffff00' \ +--inner-ether-type '0x86dd' \ +--hash 'inner_v6_hash' \ +--packet-action 'SET_ECMP_HASH' \ +--flow-counter 'DISABLED' +config pbh rule update 'pbh_table' 'nvgre' \ +--flow-counter 'ENABLED' +config pbh rule delete 'pbh_table' 'nvgre' +``` + +**config pbh hash** + +This command is used to manage PBH hash objects. +It supports add/update/remove operations. + +- Usage: +```bash +config pbh hash add --hash-field-list +config pbh hash update [ --hash-field-list ] +config pbh hash delete +``` + +- Parameters: + - _hash_name_: the name of the PBH hash + - _hash_field_list_: list of _hash-field_ objects to apply with the PBH hash + +- Examples: +```bash +config pbh hash add 'inner_v6_hash' \ +--hash-field-list 'inner_ip_proto,inner_l4_dst_port,inner_l4_src_port,inner_dst_ipv6,inner_src_ipv6' +config pbh hash update 'inner_v6_hash' \ +--hash-field-list 'inner_ip_proto' +config pbh hash delete 'inner_v6_hash' +``` + +**config pbh hash-field** + +This command is used to manage PBH hash field objects. +It supports add/update/remove operations. + +- Usage: +```bash +config pbh hash-field add \ +--hash-field [ --ip-mask ] --sequence-id +config pbh hash-field update \ +[ --hash-field ] [ --ip-mask ] [ --sequence-id ] +config pbh hash-field delete +``` + +- Parameters: + - _hash_field_name_: the name of the PBH hash field + - _hash_field_: native hash field for the PBH hash field + + Valid values: + - INNER_IP_PROTOCOL + - INNER_L4_DST_PORT + - INNER_L4_SRC_PORT + - INNER_DST_IPV4 + - INNER_SRC_IPV4 + - INNER_DST_IPV6 + - INNER_SRC_IPV6 + + - _ip_mask_: IPv4/IPv6 address mask for the PBH hash field + + Valid only: _hash_field_ is: + - INNER_DST_IPV4 + - INNER_SRC_IPV4 + - INNER_DST_IPV6 + - INNER_SRC_IPV6 + + - _sequence_id_: the order in which fields are hashed + +- Examples: +```bash +config pbh hash-field add 'inner_dst_ipv6' \ +--hash-field 'INNER_DST_IPV6' \ +--ip-mask 'ffff::' \ +--sequence-id '4' +config pbh hash-field update 'inner_dst_ipv6' \ +--ip-mask 'ffff:ffff::' +config pbh hash-field delete 'inner_dst_ipv6' +``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#pbh) + +## QoS + +### QoS Show commands + +#### PFC + +**show pfc counters** + +This command displays the details of Rx & Tx priority-flow-control (pfc) for all ports. This command can be used to clear the counters using -c option. + +- Usage: + ``` + show pfc counters + ``` + +- Example: + ``` + admin@sonic:~$ show pfc counters + Port Rx PFC0 PFC1 PFC2 PFC3 PFC4 PFC5 PFC6 PFC7 + ----------- ------ ------ ------ ------ ------ ------ ------ ------ + Ethernet0 0 0 0 0 0 0 0 0 + Ethernet4 0 0 0 0 0 0 0 0 + Ethernet8 0 0 0 0 0 0 0 0 + Ethernet12 0 0 0 0 0 0 0 0 + + Port Tx PFC0 PFC1 PFC2 PFC3 PFC4 PFC5 PFC6 PFC7 + ----------- ------ ------ ------ ------ ------ ------ ------ ------ + Ethernet0 0 0 0 0 0 0 0 0 + Ethernet4 0 0 0 0 0 0 0 0 + Ethernet8 0 0 0 0 0 0 0 0 + Ethernet12 0 0 0 0 0 0 0 0 + + ... + ``` + + +- NOTE: PFC counters can be cleared by the user with the following command: + ``` + admin@sonic:~$ sonic-clear pfccounters + ``` + +**show pfc asymmetric** + +This command displays the status of asymmetric PFC for all interfaces or a given interface. + +- Usage: + ``` + show pfc asymmetric [] + ``` + +- Example: + ``` + admin@sonic:~$ show pfc asymmetric + + Interface Asymmetric + ----------- ------------ + Ethernet0 off + Ethernet2 off + Ethernet4 off + Ethernet6 off + Ethernet8 off + Ethernet10 off + Ethernet12 off + Ethernet14 off + + admin@sonic:~$ show pfc asymmetric Ethernet0 + + Interface Asymmetric + ----------- ------------ + Ethernet0 off + ``` + +**show pfc priority** + +This command displays the lossless priorities for all interfaces or a given interface. + +- Usage: + ``` + show pfc priority [] + ``` + +- Example: + ``` + admin@sonic:~$ show pfc priority + + Interface Lossless priorities + ----------- --------------------- + Ethernet0 3,4 + Ethernet2 3,4 + Ethernet8 3,4 + Ethernet10 3,4 + Ethernet16 3,4 + + admin@sonic:~$ show pfc priority Ethernet0 + + Interface Lossless priorities + ----------- --------------------- + Ethernet0 3,4 + ``` + +#### Queue And Priority-Group + +This sub-section explains the following queue parameters that can be displayed using "show queue" command. +1) queue counters +2) queue watermark +3) priority-group watermark +4) queue persistent-watermark + + +**show queue counters** + +This command displays packet and byte counters for all queues of all ports or one specific-port given as arguement. +This command can be used to clear the counters for all queues of all ports. Note that port specific clear is not supported. + +- Usage: + ``` + show queue counters [] + ``` + +- Example: + ``` + admin@sonic:~$ show queue counters + Port TxQ Counter/pkts Counter/bytes Drop/pkts Drop/bytes + --------- ----- -------------- --------------- ----------- ------------ + Ethernet0 UC0 0 0 0 0 + Ethernet0 UC1 0 0 0 0 + Ethernet0 UC2 0 0 0 0 + Ethernet0 UC3 0 0 0 0 + Ethernet0 UC4 0 0 0 0 + Ethernet0 UC5 0 0 0 0 + Ethernet0 UC6 0 0 0 0 + Ethernet0 UC7 0 0 0 0 + Ethernet0 UC8 0 0 0 0 + Ethernet0 UC9 0 0 0 0 + Ethernet0 MC0 0 0 0 0 + Ethernet0 MC1 0 0 0 0 + Ethernet0 MC2 0 0 0 0 + Ethernet0 MC3 0 0 0 0 + Ethernet0 MC4 0 0 0 0 + Ethernet0 MC5 0 0 0 0 + Ethernet0 MC6 0 0 0 0 + Ethernet0 MC7 0 0 0 0 + Ethernet0 MC8 0 0 0 0 + Ethernet0 MC9 0 0 0 0 + + Port TxQ Counter/pkts Counter/bytes Drop/pkts Drop/bytes + --------- ----- -------------- --------------- ----------- ------------ + Ethernet4 UC0 0 0 0 0 + Ethernet4 UC1 0 0 0 0 + Ethernet4 UC2 0 0 0 0 + Ethernet4 UC3 0 0 0 0 + Ethernet4 UC4 0 0 0 0 + Ethernet4 UC5 0 0 0 0 + Ethernet4 UC6 0 0 0 0 + Ethernet4 UC7 0 0 0 0 + Ethernet4 UC8 0 0 0 0 + Ethernet4 UC9 0 0 0 0 + Ethernet4 MC0 0 0 0 0 + Ethernet4 MC1 0 0 0 0 + Ethernet4 MC2 0 0 0 0 + Ethernet4 MC3 0 0 0 0 + Ethernet4 MC4 0 0 0 0 + Ethernet4 MC5 0 0 0 0 + Ethernet4 MC6 0 0 0 0 + Ethernet4 MC7 0 0 0 0 + Ethernet4 MC8 0 0 0 0 + Ethernet4 MC9 0 0 0 0 + + ... + ``` + +Optionally, you can specify an interface name in order to display only that particular interface + +- Example: + ``` + admin@sonic:~$ show queue counters Ethernet72 + ``` + +- NOTE: Queue counters can be cleared by the user with the following command: + ``` + admin@sonic:~$ sonic-clear queuecounters + ``` + +**show queue watermark** + +This command displays the user watermark for the queues (Egress shared pool occupancy per queue) for either the unicast queues or multicast queues for all ports + +- Usage: + ``` + show queue watermark (multicast | unicast) + ``` + +- Example: + ``` + admin@sonic:~$ show queue watermark unicast + Egress shared pool occupancy per unicast queue: + Port UC0 UC1 UC2 UC3 UC4 UC5 UC6 UC7 + ----------- ----- ----- ----- ----- ----- ----- ----- ----- + Ethernet0 0 0 0 0 0 0 0 0 + Ethernet4 0 0 0 0 0 0 0 0 + Ethernet8 0 0 0 0 0 0 0 0 + Ethernet12 0 0 0 0 0 0 0 0 + + admin@sonic:~$ show queue watermark multicast (Egress shared pool occupancy per multicast queue) + ``` + +**show priority-group** + +This command displays: +1) The user watermark or persistent-watermark for the Ingress "headroom" or "shared pool occupancy" per priority-group for all ports. +2) Dropped packets per priority-group for all ports + +- Usage: + ``` + show priority-group (watermark | persistent-watermark) (headroom | shared) + show priority-group drop counters + ``` + +- Example: + ``` + admin@sonic:~$ show priority-group watermark shared + Ingress shared pool occupancy per PG: + Port PG0 PG1 PG2 PG3 PG4 PG5 PG6 PG7 + ----------- ----- ----- ----- ----- ----- ----- ----- ----- + Ethernet0 0 0 0 0 0 0 0 0 + Ethernet4 0 0 0 0 0 0 0 0 + Ethernet8 0 0 0 0 0 0 0 0 + Ethernet12 0 0 0 0 0 0 0 0 + ``` + +- Example (Ingress headroom per PG): + ``` + admin@sonic:~$ show priority-group watermark headroom + ``` + +- Example (Ingress shared pool occupancy per PG): + ``` + admin@sonic:~$ show priority-group persistent-watermark shared + ``` + +- Example (Ingress headroom per PG): + ``` + admin@sonic:~$ show priority-group persistent-watermark headroom + ``` + +- Example (Ingress dropped packets per PG): + ``` + admin@sonic:~$ show priority-group drop counters + Ingress PG dropped packets: + Port PG0 PG1 PG2 PG3 PG4 PG5 PG6 PG7 + ----------- ----- ----- ----- ----- ----- ----- ----- ----- + Ethernet0 0 0 0 0 0 0 0 0 + Ethernet4 0 0 0 0 0 0 0 0 + Ethernet8 0 0 0 0 0 0 0 0 + Ethernet12 0 0 0 0 0 0 0 0 + ``` + +In addition to user watermark("show queue|priority-group watermark ..."), a persistent watermark is available. +It hold values independently of user watermark. This way user can use "user watermark" for debugging, clear it, etc, but the "persistent watermark" will not be affected. + +**show queue persistent-watermark** + +This command displays the user persistet-watermark for the queues (Egress shared pool occupancy per queue) for either the unicast queues or multicast queues for all ports + +- Usage: + ``` + show queue persistent-watermark (unicast | multicast) + ``` + +- Example: + ``` + admin@sonic:~$ show queue persistent-watermark unicast + Egress shared pool occupancy per unicast queue: + Port UC0 UC1 UC2 UC3 UC4 UC5 UC6 UC7 + ----------- ----- ----- ----- ----- ----- ----- ----- ----- + Ethernet0 N/A N/A N/A N/A N/A N/A N/A N/A + Ethernet4 N/A N/A N/A N/A N/A N/A N/A N/A + Ethernet8 N/A N/A N/A N/A N/A N/A N/A N/A + Ethernet12 N/A N/A N/A N/A N/A N/A N/A N/A + ``` + +- Example (Egress shared pool occupancy per multicast queue): + ``` + admin@sonic:~$ show queue persistent-watermark multicast + ``` + +- NOTE: "user watermark", "persistent watermark" and "ingress dropped packets" can be cleared by user: + + ``` + admin@sonic:~$ sonic-clear queue persistent-watermark unicast + + admin@sonic:~$ sonic-clear queue persistent-watermark multicast + + admin@sonic:~$ sonic-clear priority-group persistent-watermark shared + + admin@sonic:~$ sonic-clear priority-group persistent-watermark headroom + + admin@sonic:~$ sonic-clear priority-group drop counters + ``` + +#### Buffer Pool + +This sub-section explains the following buffer pool parameters that can be displayed using "show buffer_pool" command. +1) buffer pool watermark +2) buffer pool persistent-watermark + +**show buffer_pool watermark** + +This command displays the user watermark for all the buffer pools + +- Usage: + ``` + show buffer_pool watermark + ``` + +- Example: + ``` + admin@sonic:~$ show buffer_pool watermark + Shared pool maximum occupancy: + Pool Bytes + --------------------- ------- + ingress_lossless_pool 0 + lossy_pool 2464 + ``` + + +**show buffer_pool persistent-watermark** + +This command displays the user persistent-watermark for all the buffer pools + +- Usage: + ``` + show buffer_pool persistent-watermark + ``` + +- Example: + ``` + admin@sonic:~$ show buffer_pool persistent-watermark + Shared pool maximum occupancy: + Pool Bytes + --------------------- ------- + ingress_lossless_pool 0 + lossy_pool 2464 + ``` + + + +### QoS config commands + +**config qos clear** + +This command is used to clear all the QoS configuration from all the following QOS Tables in ConfigDB. + +1) TC_TO_PRIORITY_GROUP_MAP, +2) MAP_PFC_PRIORITY_TO_QUEUE, +3) TC_TO_QUEUE_MAP, +4) DSCP_TO_TC_MAP, +5) MPLS_TC_TO_TC_MAP, +6) SCHEDULER, +7) PFC_PRIORITY_TO_PRIORITY_GROUP_MAP, +8) PORT_QOS_MAP, +9) WRED_PROFILE, +10) QUEUE, +11) CABLE_LENGTH, +12) BUFFER_POOL, +13) BUFFER_PROFILE, +14) BUFFER_PG, +15) BUFFER_QUEUE + +- Usage: + ``` + config qos clear + ``` + +- Example: + ``` + admin@sonic:~$ sudo config qos clear + ``` + +**config qos reload** + +This command is used to reload the QoS configuration. +QoS configuration has got two sets of configurations. +1) Generic QOS Configuration - This gives complete list of all possible QOS configuration. Its given in the file /usr/share/sonic/templates/qos_config.j2 in the device. + Reference: https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/qos_config.j2 + Users have flexibility to have platform specific qos configuration by placing the qos_config.j2 file at /usr/share/sonic/device///. + If users want to modify any of this loaded QOS configuration, they can modify this file in the device and then issue the "config qos reload" command. + +2) Platform specific buffer configuration. Every platform has got platform specific and topology specific (T0 or T1 or T2) buffer configuration at /usr/share/sonic/device///buffers_defaults_tx.j2 + In addition to platform specific configuration file, a generic configuration file is also present at /usr/share/sonic/templates/buffers_config.j2. + Reference: https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/buffers_config.j2 + Users can either modify the platform specific configuration file, or the generic configuration file and then issue this "config qos reload" command. + +These configuration files are already loaded in the device as part of the reboot process. In case if users wants to modify any of these configurations, they need to modify the appropriate QOS tables and fields in these files and then use this reload command. +This command uses those modified buffers.json.j2 file & qos.json.j2 file and reloads the new QOS configuration. +If users have not made any changes in these configuration files, this command need not be executed. + +Some of the example QOS configurations that users can modify are given below. +1) TC_TO_PRIORITY_GROUP_MAP +2) MAP_PFC_PRIORITY_TO_QUEUE +3) TC_TO_QUEUE_MAP +4) DSCP_TO_TC_MAP +5) MPLS_TC_TO_TC_MAP +6) SCHEDULER +7) PFC_PRIORITY_TO_PRIORITY_GROUP_MAP +8) PORT_QOS_MAP +9) WRED_PROFILE +10) CABLE_LENGTH +11) BUFFER_QUEUE + +- Usage: + ``` + config qos reload + ``` + +- Example: + ``` + admin@sonic:~$ sudo config qos reload + Running command: /usr/local/bin/sonic-cfggen -d -t /usr/share/sonic/device/x86_64-dell_z9100_c2538-r0/Force10-Z9100-C32/buffers.json.j2 >/tmp/buffers.json + Running command: /usr/local/bin/sonic-cfggen -d -t /usr/share/sonic/device/x86_64-dell_z9100_c2538-r0/Force10-Z9100-C32/qos.json.j2 -y /etc/sonic/sonic_version.yml >/tmp/qos.json + Running command: /usr/local/bin/sonic-cfggen -j /tmp/buffers.json --write-to-db + Running command: /usr/local/bin/sonic-cfggen -j /tmp/qos.json --write-to-db + + In this example, it uses the buffers.json.j2 file and qos.json.j2 file from platform specific folders. + When there are no changes in the platform specific configutation files, they internally use the file "/usr/share/sonic/templates/buffers_config.j2" and "/usr/share/sonic/templates/qos_config.j2" to generate the configuration. + ``` + +**config qos reload --ports port_list** + +This command is used to reload the default QoS configuration on a group of ports. +Typically, the default QoS configuration is in the following tables. +1) PORT_QOS_MAP +2) QUEUE +3) BUFFER_PG +4) BUFFER_QUEUE +5) BUFFER_PORT_INGRESS_PROFILE_LIST +6) BUFFER_PORT_EGRESS_PROFILE_LIST +7) CABLE_LENGTH + +If there was QoS configuration in the above tables for the ports: + + - if `--force` option is provied, the existing QoS configuration will be replaced by the default QoS configuration, + - otherwise, the command will exit with nothing updated. + +- Usage: + ``` + config qos reload --ports [,port] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config qos reload --ports Ethernet0,Ethernet4 + + In this example, it updates the QoS configuration on port Ethernet0 and Ethernet4 to default. + If there was QoS configuration on the ports, the command will clear the existing QoS configuration on the port and reload to default. + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#qos) + +## Radius + +### show radius commands + +This command displays the global radius configuration that includes the auth_type, retransmit, timeout and passkey. + +- Usage: + ``` + show radius + ``` +- Example: + + ``` + admin@sonic:~$ show radius + RADIUS global auth_type pap (default) + RADIUS global retransmit 3 (default) + RADIUS global timeout 5 (default) + RADIUS global passkey (default) + + ``` + +### Radius config commands + +This command is to config the radius server for various parameter listed. + + - Usage: + ``` + config radius + ``` +- Example: + ``` + admin@sonic:~$ config radius + + add Specify a RADIUS server + authtype Specify RADIUS server global auth_type [chap | pap | mschapv2] + default set its default configuration + delete Delete a RADIUS server + nasip Specify RADIUS server global NAS-IP|IPV6-Address + passkey Specify RADIUS server global passkey + retransmit Specify RADIUS server global retry attempts <0 - 10> + sourceip Specify RADIUS server global source ip + statistics Specify RADIUS server global statistics [enable | disable |... + timeout Specify RADIUS server global timeout <1 - 60> + + ``` +## sFlow + +### sFlow Show commands + +**show sflow** + +This command displays the global sFlow configuration that includes the admin state, collectors, the Agent ID and counter polling interval. + +- Usage: + ``` + show sflow + ``` + +- Example: + ``` + admin@sonic:~# show sflow + sFlow Global Information: + sFlow Admin State: up + sFlow Polling Interval: default + sFlow AgentID: lo + + 2 Collectors configured: + Name: collector_A IP addr: 10.11.46.2 UDP port: 6343 + Name: collector_lo IP addr: 127.0.0.1 UDP port: 6343 + ``` + + +**show sflow interface** + +This command displays the per-interface sflow admin status and the sampling rate. + +- Usage: + ``` + show sflow interface + ``` + +- Example: + ``` + admin@sonic:~# show sflow interface + + sFlow interface configurations + +-------------+---------------+-----------------+ + | Interface | Admin State | Sampling Rate | + +=============+===============+=================+ + | Ethernet0 | up | 4000 | + +-------------+---------------+-----------------+ + | Ethernet1 | up | 4000 | + +-------------+---------------+-----------------+ + ... + +-------------+---------------+-----------------+ + | Ethernet61 | up | 4000 | + +-------------+---------------+-----------------+ + | Ethernet62 | up | 4000 | + +-------------+---------------+-----------------+ + | Ethernet63 | up | 4000 | + +-------------+---------------+-----------------+ + + ``` + +### sFlow Config commands + +**config sflow collector add** + +This command is used to add a sFlow collector. Note that a maximum of 2 collectors is allowed. + +- Usage: + ``` + config sflow collector add [port ] + ``` + + - Parameters: + - collector-name: unique name of the sFlow collector + - ipv4-address : IP address of the collector in dotted decimal format for IPv4 + - ipv6-address : x: x: x: x::x format for IPv6 address of the collector (where :: notation specifies successive hexadecimal fields of zeros) + - port (OPTIONAL): specifies the UDP port of the collector (the range is from 0 to 65535. The default is 6343.) + +- Example: + ``` + admin@sonic:~# sudo config sflow collector add collector_A 10.11.46.2 + ``` + +**config sflow collector del** + +This command is used to delete a sFlow collector with the given name. + +- Usage: + ``` + config sflow collector del + ``` + + - Parameters: + - collector-name: unique name of the sFlow collector + +- Example: + ``` + admin@sonic:~# sudo config sflow collector del collector_A + ``` + +**config sflow agent-id** + +This command is used to add/delete the sFlow agent-id. This setting is global (applicable to both collectors) and optional. Only a single agent-id is allowed. If agent-id is not specified (with this CLI), an appropriate IP that belongs to the switch is used as the agent-id based on some simple heuristics. + +- Usage: + ``` + config sflow agent-id + ``` + + - Parameters: + - interface-name: specify the interface name whose ipv4 or ipv6 address will be used as the agent-id in sFlow datagrams. + +- Example: + ``` + admin@sonic:~# sudo config sflow agent-id add lo + ``` + +**config sflow** + +Globally, sFlow is disabled by default. When sFlow is enabled globally, the sflow deamon is started and sampling will start on all interfaces which have sFlow enabled at the interface level (see “config sflow interface…”). When sflow is disabled globally, sampling is stopped on all relevant interfaces and sflow daemon is stopped. + +- Usage: + ``` + config sflow + ``` +- Example: + ``` + admin@sonic:~# sudo config sflow enable + ``` +**config sflow interface** + +Enable/disable sflow at an interface level. By default, sflow is enabled on all interfaces at the interface level. Use this command to explicitly disable sFlow for a specific interface. An interface is sampled if sflow is enabled globally as well as at the interface level. Note that this configuration deals only with sFlow flow samples and not counter samples. + +- Usage: + ``` + config sflow interface + ``` + + - Parameters: + - interface-name: specify the interface for which sFlow flow samples have to be enabled/disabled. The “all” keyword is used as a convenience to enable/disable sflow at the interface level for all the interfaces. + +- Example: + ``` + admin@sonic:~# sudo config sflow interface disable Ethernet40 + ``` + +**config sflow interface sample-rate** + +Configure the sample-rate for a specific interface. + +The default sample rate for any interface is (ifSpeed / 1e6) where ifSpeed is in bits/sec. So, the default sample rate based on interface speed is: + + 1-in-1000 for a 1G link + 1-in-10,000 for a 10G link + 1-in-40,000 for a 40G link + 1-in-50,000 for a 50G link + 1-in-100,000 for a 100G link + +It is recommended not to change the defaults. This CLI is to be used only in case of exceptions (e.g., to set the sample-rate to the nearest power-of-2 if there are hardware restrictions in using the defaults) + +- Usage: + ``` + config sflow interface sample-rate + ``` + + - Parameters: + - interface-name: specify the interface for which the sampling rate value is to be set + - value: value is the average number of packets skipped before the sample is taken. "The sampling rate specifies random sampling probability as the ratio of packets observed to samples generated. For example a sampling rate of 256 specifies that, on average, 1 sample will be generated for every 256 packets observed." Valid range 256:8388608. + +- Example: + ``` + admin@sonic:~# sudo config sflow interface sample-rate Ethernet32 1000 + ``` +**config sflow polling-interval** + +This command is used to set the counter polling interval. Default is 20 seconds. + +- Usage: + ``` + config sflow polling-interval + ``` + + - Parameters: + - value: 0-300 seconds. Set polling-interval to 0 to disable counter polling + +- Example: + ``` + admin@sonic:~# sudo config sflow polling-interval 30 + ``` + + +Go Back To [Beginning of the document](#) or [Beginning of this section](#sflow) + +## SNMP + +### SNMP Show commands + +**show runningconfiguration snmp** + +This command displays the global SNMP configuration that includes the location, contact, community, and user settings. + +- Usage: + ``` + show runningconfiguration snmp + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp + Location + ------------ + Emerald City + + + SNMP_CONTACT SNMP_CONTACT_EMAIL + -------------- -------------------- + joe joe@contoso.com + + + Community String Community Type + ------------------ ---------------- + Jack RW + + + User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password + ------ ----------------- ------ ----------- --------------- ----------------- --------------------- + Travis RO Priv SHA TravisAuthPass AES TravisEncryptPass + ``` + +**show runningconfiguration snmp location** + +This command displays the SNMP location setting. + +- Usage: + ``` + show runningconfiguration snmp location + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp location + Location + ------------ + Emerald City + ``` + +- Usage: + ``` + show runningconfiguration snmp location --json + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp location --json + {'Location': 'Emerald City'} + ``` + +**show runningconfiguration snmp contact** + +This command displays the SNMP contact setting. + +- Usage: + ``` + show runningconfiguration snmp contact + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp contact + Contact Contact Email + --------- --------------- + joe joe@contoso.com + ``` + +- Usage: + ``` + show runningconfiguration snmp contact --json + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp contact --json + {'joe': 'joe@contoso.com'} + ``` + +**show runningconfiguration snmp community** + +This command display the SNMP community settings. + +- Usage: + ``` + show runningconfiguration snmp community + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp community + Community String Community Type + ------------------ ---------------- + Jack RW + ``` + +- Usage: + ``` + show runningconfiguration snmp community --json + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp community --json + {'Jack': {'TYPE': 'RW'}} + ``` + +**show runningconfiguration snmp user** + +This command display the SNMP user settings. + +- Usage: + ``` + show runningconfiguration snmp user + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp user + User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password + ------ ----------------- ------ ----------- --------------- ----------------- --------------------- + Travis RO Priv SHA TravisAuthPass AES TravisEncryptPass + ``` + +- Usage: + ``` + show runningconfiguration snmp user --json + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp user --json + {'Travis': {'SNMP_USER_TYPE': 'Priv', 'SNMP_USER_PERMISSION': 'RO', 'SNMP_USER_AUTH_TYPE': 'SHA', 'SNMP_USER_AUTH_PASSWORD': 'TravisAuthPass', 'SNMP_USER_ENCRYPTION_TYPE': 'AES', 'SNMP_USER_ENCRYPTION_PASSWORD': 'TravisEncryptPass'}} + ``` + + +### SNMP Config commands + +This sub-section explains how to configure SNMP. + +**config snmp location add/del/modify** + +This command is used to add, delete, or modify the SNMP location. + +- Usage: + ``` + config snmp location (add | del | modify) + ``` + +- Example (Add new SNMP location "Emerald City" if it does not already exist): + ``` + admin@sonic:~$ sudo config snmp location add Emerald City + SNMP Location Emerald City has been added to configuration + Restarting SNMP service... + ``` + +- Example (Delete SNMP location "Emerald City" if it already exists): + ``` + admin@sonic:~$ sudo config snmp location del Emerald City + SNMP Location Emerald City removed from configuration + Restarting SNMP service... + ``` + +- Example (Modify SNMP location "Emerald City" to "Redmond"): + ``` + admin@sonic:~$ sudo config snmp location modify Redmond + SNMP location Redmond modified in configuration + Restarting SNMP service... + ``` + +**config snmp contact add/del/modify** + +This command is used to add, delete, or modify the SNMP contact. + +- Usage: + ``` + config snmp contact add + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp contact add joe joe@contoso.com + Contact name joe and contact email joe@contoso.com have been added to configuration + Restarting SNMP service... + ``` + +- Usage: + ``` + config snmp contact del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp contact del joe + SNMP contact joe removed from configuration + Restarting SNMP service... + ``` + +- Usage: + ``` + config snmp contact modify + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp contact modify test test@contoso.com + SNMP contact test and contact email test@contoso.com updated + Restarting SNMP service... + ``` + +**config snmp community add/del/replace** + +This command is used to add, delete, or replace the SNMP community. + +- Usage: + ``` + config snmp community add (RO | RW) + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp community add testcomm ro + SNMP community testcomm added to configuration + Restarting SNMP service... + ``` + +- Usage: + ``` + config snmp community del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp community del testcomm + SNMP community testcomm removed from configuration + Restarting SNMP service... + ``` + +- Usage: + ``` + config snmp community replace + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp community replace testcomm newtestcomm + SNMP community newtestcomm added to configuration + SNMP community newtestcomm replace community testcomm + Restarting SNMP service... + ``` + +**config snmp user add/del** + +This command is used to add or delete the SNMP user for SNMPv3. + +- Usage: + ``` + config snmp user add (noAuthNoPriv | AuthNoPriv | Priv) (RO | RW) [[(MD5 | SHA | MMAC-SHA-2) ] [(DES |AES) ]] + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp user add testuser1 noauthnopriv ro + SNMP user testuser1 added to configuration + Restarting SNMP service... + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp user add testuser2 authnopriv ro sha testuser2_auth_pass + SNMP user testuser2 added to configuration + Restarting SNMP service... + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp user add testuser3 priv rw md5 testuser3_auth_pass aes testuser3_encrypt_pass + SNMP user testuser3 added to configuration + Restarting SNMP service... + ``` + +- Usage: + ``` + config snmp user del + ``` + +- Example: + ``` + admin@sonic:~$ sudo config snmp user del testuser1 + SNMP user testuser1 removed from configuration + Restarting SNMP service... + ``` + +## Startup & Running Configuration + +### Startup Configuration + +**show startupconfiguration bgp** + +This command is used to display the startup configuration for the BGP module. + +- Usage: + ``` + show startupconfiguration bgp + ``` + +- Example: + ``` + admin@sonic:~$ show startupconfiguration bgp + Routing-Stack is: quagga + ! + ! =========== Managed by sonic-cfggen DO NOT edit manually! ==================== + ! generated by templates/quagga/bgpd.conf.j2 with config DB data + ! file: bgpd.conf + ! + ! + hostname T1-2 + password zebra + log syslog informational + log facility local4 + ! enable password ! + ! + ! bgp multiple-instance + ! + route-map FROM_BGP_SPEAKER_V4 permit 10 + ! + route-map TO_BGP_SPEAKER_V4 deny 10 + ! + router bgp 65000 + bgp log-neighbor-changes + bgp bestpath as-path multipath-relax + no bgp default ipv4-unicast + bgp graceful-restart restart-time 180 + + + ``` + +### Running Configuration +This sub-section explains the show commands for displaying the running configuration for the following modules. +1) bgp +2) interfaces +3) ntp +4) snmp +5) all +6) acl +7) ports +8) syslog + +**show runningconfiguration all** + +This command displays the entire running configuration. + +- Usage: + ``` + show runningconfiguration all + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration all + ``` + +**show runningconfiguration bgp** + +This command displays the running configuration of the BGP module. + +- Usage: + ``` + show runningconfiguration bgp + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration bgp + ``` + +**show runningconfiguration interfaces** + +This command displays the running configuration for the "interfaces". + +- Usage: + ``` + show runningconfiguration interfaces + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration interfaces + ``` + +**show runningconfiguration ntp** + +This command displays the running configuration of the ntp module. + +- Usage: + ``` + show runningconfiguration ntp + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration ntp + NTP Servers + ------------- + 1.1.1.1 + 2.2.2.2 + ``` + +**show runningconfiguration syslog** + +This command displays the running configuration of the syslog module. + +- Usage: + ``` + show runningconfiguration syslog + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration syslog + Syslog Servers + ---------------- + 4.4.4.4 + 5.5.5.5 + ``` + + +**show runningconfiguration snmp** + +This command displays the running configuration of the snmp module. + +- Usage: + ``` + show runningconfiguration snmp + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration snmp + ``` + +**show runningconfiguration acl** + + This command displays the running configuration of the acls + +- Usage: + ``` + show runningconfiguration acl + ``` + +- Example: + ``` + admin@sonic:~$ show runningconfiguration acl + ``` + + **show runningconfiguration ports** + + This command displays the running configuration of the ports + +- Usage: + ``` + show runningconfiguration ports [] + ``` + +- Examples: + ``` + admin@sonic:~$ show runningconfiguration ports + ``` + + ``` + admin@sonic:~$ show runningconfiguration ports Ethernet0 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#Startup--Running-Configuration) + + +## Static routing + +### Static routing Config Commands + +This sub-section explains of commands is used to add or remove the static route. + +**config route add** + +This command is used to add a static route. Note that prefix /nexthop vrf`s and interface name are optional. + +- Usage: + + ``` + config route add prefix [vrf ] nexthop [vrf ] dev + ``` + +- Example: + + ``` + admin@sonic:~$ config route add prefix 2.2.3.4/32 nexthop 30.0.0.9 + admin@sonic:~$ config route add prefix 4.0.0.0/24 nexthop dev Ethernet32.10 + ``` + +It also supports ECMP, and adding a new nexthop to the existing prefix will complement it and not overwrite them. + +- Example: + + ``` + admin@sonic:~$ sudo config route add prefix 2.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.9 + admin@sonic:~$ sudo config route add prefix 2.2.3.4/32 nexthop vrf Vrf-BLUE 30.0.0.10 + ``` + +**config route del** + +This command is used to remove a static route. Note that prefix /nexthop vrf`s and interface name are optional. + +- Usage: + + ``` + config route del prefix [vrf ] nexthop [vrf ] dev + ``` + +- Example: + + ``` + admin@sonic:~$ sudo config route del prefix 2.2.3.4/32 nexthop vrf Vrf-RED 30.0.0.9 + admin@sonic:~$ sudo config route del prefix 2.2.3.4/32 nexthop vrf Vrf-BLUE 30.0.0.10 + ``` + +This sub-section explains of command is used to show current routes. + +**show ip route** + +- Usage: + + ``` + show ip route + ``` + +- Example: + + ``` + admin@sonic:~$ show ip route + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, + F - PBR, f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + + S>* 0.0.0.0/0 [200/0] via 192.168.111.3, eth0, weight 1, 3d03h58m + S> 1.2.3.4/32 [1/0] via 30.0.0.7, weight 1, 00:00:06 + C>* 10.0.0.18/31 is directly connected, Ethernet36, 3d03h57m + C>* 10.0.0.20/31 is directly connected, Ethernet40, 3d03h57m + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#static-routing) + +## Subinterfaces + +### Subinterfaces Show Commands + +**show subinterfaces status** + +This command displays all the subinterfaces that are configured on the device and its current status. + +- Usage: +``` +show subinterfaces status +``` + +- Example: +``` +admin@sonic:~$ show subinterfaces status +Sub port interface Speed MTU Vlan Admin Type +------------------ ------- ----- ------ ------- ------------------- + Eth64.10 100G 9100 100 up dot1q-encapsulation + Ethernet0.100 100G 9100 100 up dot1q-encapsulation +``` + +### Subinterfaces Config Commands + +This sub-section explains how to configure subinterfaces. + +**config subinterface** + +- Usage: +``` +config subinterface (add | del) [vlan <1-4094>] +``` + +- Example (Create the subinterfces with name "Ethernet0.100"): +``` +admin@sonic:~$ sudo config subinterface add Ethernet0.100 +``` + +- Example (Create the subinterfces with name "Eth64.100"): +``` +admin@sonic:~$ sudo config subinterface add Eth64.100 100 +``` + +- Example (Delete the subinterfces with name "Ethernet0.100"): +``` +admin@sonic:~$ sudo config subinterface del Ethernet0.100 +``` + +- Example (Delete the subinterfces with name "Eth64.100"): +``` +admin@sonic:~$ sudo config subinterface del Eth64.100 100 +``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#static-routing) + +## Syslog + +### Syslog Show Commands + +This subsection explains how to display configured syslog servers. + +**show syslog** + +This command displays configured syslog servers. + +- Usage: + ``` + show syslog + ``` + +- Example: + ``` + admin@sonic:~$ show syslog + SERVER IP SOURCE IP PORT VRF + ----------- ----------- ------ ------- + 2.2.2.2 1.1.1.1 514 default + ``` + +### Syslog Config Commands + +This subsection explains how to configure syslog servers. + +**config syslog add** + +This command is used to add a syslog server to the syslog server list. +Note that more that one syslog server can be added in the device. + +- Usage: + ``` + config syslog add + ``` + +- Parameters: + - _server_address_: syslog server IP address + - _source_: syslog source IP address + - _port_: syslog server UDP port + - _vrf_: syslog VRF device + +- Example: + ``` + admin@sonic:~$ sudo config syslog add 2.2.2.2 --source 1.1.1.1 --port 514 --vrf default + Running command: systemctl reset-failed rsyslog-config + Running command: systemctl restart rsyslog-config + ``` + +**config syslog del** + +This command is used to delete the configured syslog server. + +- Usage: + ``` + config syslog del + ``` + +- Parameters: + - _server_address_: syslog server IP address + +- Example: + ``` + admin@sonic:~$ sudo config syslog del 2.2.2.2 + Running command: systemctl reset-failed rsyslog-config + Running command: systemctl restart rsyslog-config + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#syslog) + +## System State + +### Processes + +This command is used to determine the CPU utilization. It also lists the active processes along with their corresponding process ID and other relevant parameters. + +This sub-section explains the various "processes" specific data that includes the following. +1) cpu Show processes CPU info +2) memory Show processes memory info +3) summary Show processes info + +“show processes” commands provide a wrapper over linux’s “top” command. “show process cpu” sorts the processes being displayed by cpu-utilization, whereas “show process memory” does it attending to processes’ memory-utilization. + +**show processes cpu** + +This command displays the current CPU usage by process. This command uses linux's "top -bn 1 -o %CPU" command to display the output. + +- Usage: + ``` + show processes cpu + ``` + +*TIP: Users can pipe the output to "head" to display only the "n" number of lines (e.g., `show processes cpu | head -n 10`)* + +- Example: + ``` + admin@sonic:~$ show processes cpu + top - 23:50:08 up 1:18, 1 user, load average: 0.25, 0.29, 0.25 + Tasks: 161 total, 1 running, 160 sleeping, 0 stopped, 0 zombie + %Cpu(s): 3.8 us, 1.0 sy, 0.0 ni, 95.1 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st + KiB Mem: 8181216 total, 1161060 used, 7020156 free, 105656 buffers + KiB Swap: 0 total, 0 used, 0 free. 557560 cached Mem + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 2047 root 20 0 683772 109288 39652 S 23.8 1.3 7:44.79 syncd + 1351 root 20 0 43360 5616 2844 S 11.9 0.1 1:41.56 redis-server + 10093 root 20 0 21944 2476 2088 R 5.9 0.0 0:00.03 top + 1 root 20 0 28992 5508 3236 S 0.0 0.1 0:06.42 systemd + 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd + 3 root 20 0 0 0 0 S 0.0 0.0 0:00.56 ksoftirqd/0 + 5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H + ... + ``` + +*TIP: Advanced users can view individual processes using variations of the `ps` command (e.g., `ps -ax | grep `)* + +**show processes memory** + +This command displays the current memory usage by processes. This command uses linux's "top -bn 1 -o %MEM" command to display the output. + +- Usage: + ``` + show processes memory + ``` + +*NOTE that pipe option can be used using " | head -n" to display only the "n" number of lines* + +- Example: + ``` + admin@sonic:~$ show processes memory + top - 23:41:24 up 7 days, 39 min, 2 users, load average: 1.21, 1.19, 1.18 + Tasks: 191 total, 2 running, 189 sleeping, 0 stopped, 0 zombie + %Cpu(s): 2.8 us, 20.7 sy, 0.0 ni, 76.3 id, 0.0 wa, 0.0 hi, 0.2 si, 0.0 st + KiB Mem : 8162264 total, 5720412 free, 945516 used, 1496336 buff/cache + KiB Swap: 0 total, 0 free, 0 used. 6855632 avail Mem + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 18051 root 20 0 851540 274784 8344 S 0.0 3.4 0:02.77 syncd + 17760 root 20 0 1293428 259212 58732 S 5.9 3.2 96:46.22 syncd + 508 root 20 0 725364 76244 38220 S 0.0 0.9 4:54.49 dockerd + 30853 root 20 0 96348 56824 7880 S 0.0 0.7 0:00.98 show + 17266 root 20 0 509876 49772 30640 S 0.0 0.6 0:06.36 docker + 24891 admin 20 0 515864 49560 30644 S 0.0 0.6 0:05.54 docker + 17643 admin 20 0 575668 49428 30628 S 0.0 0.6 0:06.29 docker + 23885 admin 20 0 369552 49344 30840 S 0.0 0.6 0:05.57 docker + 18055 root 20 0 509076 49260 30296 S 0.0 0.6 0:06.36 docker + 17268 root 20 0 371120 49052 30372 S 0.0 0.6 0:06.45 docker + 1227 root 20 0 443284 48640 30100 S 0.0 0.6 0:41.91 docker + 23785 admin 20 0 443796 48552 30128 S 0.0 0.6 0:05.58 docker + 17820 admin 20 0 435088 48144 29480 S 0.0 0.6 0:06.33 docker + 506 root 20 0 1151040 43140 23964 S 0.0 0.5 8:51.08 containerd + 18437 root 20 0 84852 26388 7380 S 0.0 0.3 65:59.76 python3.6 + ``` + + +**show processes summary** + +This command displays the current summary information about all the processes + +- Usage: + ``` + show processes summary + ``` + +- Example: + ``` + admin@sonic:~$ show processes summary + PID PPID CMD %MEM %CPU + 1 0 /sbin/init 0.0 0.0 + 2 0 [kthreadd] 0.0 0.0 + 3 2 [ksoftirqd/0] 0.0 0.0 + 5 2 [kworker/0:0H] 0.0 0.0 + ... + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#System-State) + +### Services & Memory + +These commands are used to know the services that are running and the memory that is utilized currently. + + +**show services** + +This command displays the state of all the SONiC processes running inside a docker container. This helps to identify the status of SONiC’s critical processes. + +- Usage: + ``` + show services + ``` + +- Example: + ``` + admin@sonic:~$ show services + dhcp_relay docker + --------------------------- + UID PID PPID C STIME TTY TIME CMD + root 1 0 0 05:26 ? 00:00:12 /usr/bin/python /usr/bin/supervi + root 24 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n + + nat docker + --------------------------- + USER PID PPID C STIME TTY TIME CMD + root 1 0 0 05:26 ? 00:00:12 /usr/bin/python /usr/bin/supervisord + root 18 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n + root 23 1 0 05:26 ? 00:00:01 /usr/bin/natmgrd + root 34 1 0 05:26 ? 00:00:00 /usr/bin/natsyncd + + snmp docker + --------------------------- + UID PID PPID C STIME TTY TIME CMD + root 1 0 0 05:26 ? 00:00:16 /usr/bin/python /usr/bin/supervi + root 24 1 0 05:26 ? 00:00:02 /usr/sbin/rsyslogd -n + Debian-+ 29 1 0 05:26 ? 00:00:04 /usr/sbin/snmpd -f -LS4d -u Debi + root 31 1 1 05:26 ? 00:15:10 python3.6 -m sonic_ax_impl + + syncd docker + --------------------------- + UID PID PPID C STIME TTY TIME CMD + root 1 0 0 05:26 ? 00:00:13 /usr/bin/python /usr/bin/supervi + root 12 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n + root 17 1 0 05:26 ? 00:00:00 /usr/bin/dsserve /usr/bin/syncd + root 27 17 22 05:26 ? 04:09:30 /usr/bin/syncd --diag -p /usr/sh + root 51 27 0 05:26 ? 00:00:01 /usr/bin/syncd --diag -p /usr/sh + + swss docker + --------------------------- + UID PID PPID C STIME TTY TIME CMD + root 1 0 0 05:26 ? 00:00:29 /usr/bin/python /usr/bin/supervi + root 25 1 0 05:26 ? 00:00:00 /usr/sbin/rsyslogd -n + root 30 1 0 05:26 ? 00:00:13 /usr/bin/orchagent -d /var/log/s + root 42 1 1 05:26 ? 00:12:40 /usr/bin/portsyncd -p /usr/share + root 45 1 0 05:26 ? 00:00:00 /usr/bin/intfsyncd + root 48 1 0 05:26 ? 00:00:03 /usr/bin/neighsyncd + root 59 1 0 05:26 ? 00:00:01 /usr/bin/vlanmgrd + root 92 1 0 05:26 ? 00:00:01 /usr/bin/intfmgrd + root 3606 1 0 23:36 ? 00:00:00 bash -c /usr/bin/arp_update; sle + root 3621 3606 0 23:36 ? 00:00:00 sleep 300 + + ... + ``` + +**show system-memory** + +This command displays the system-wide memory utilization information – just a wrapper over linux native “free” command + +- Usage: + ``` + show system-memory + ``` + +- Example: + ``` + admin@sonic:~$ show system-memory + Command: free -m -h + total used free shared buffers cached + Mem: 3.9G 2.0G 1.8G 33M 324M 791M + -/+ buffers/cache: 951M 2.9G + Swap: 0B 0B 0B + ``` + +**show mmu** + +This command displays virtual address to the physical address translation status of the Memory Management Unit (MMU). + +- Usage: + ``` + show mmu + ``` + +- Example: + ``` + admin@sonic:~$ show mmu + Pool: ingress_lossless_pool + ---- -------- + xoff 4194112 + type ingress + mode dynamic + size 10875072 + ---- -------- + + Pool: egress_lossless_pool + ---- -------- + type egress + mode static + size 15982720 + ---- -------- + + Pool: egress_lossy_pool + ---- ------- + type egress + mode dynamic + size 9243812 + ---- ------- + + Profile: egress_lossy_profile + ---------- ------------------------------- + dynamic_th 3 + pool [BUFFER_POOL|egress_lossy_pool] + size 1518 + ---------- ------------------------------- + + Profile: pg_lossless_100000_300m_profile + ---------- ----------------------------------- + xon_offset 2288 + dynamic_th -3 + xon 2288 + xoff 268736 + pool [BUFFER_POOL|ingress_lossless_pool] + size 1248 + ---------- ----------------------------------- + + Profile: egress_lossless_profile + --------- ---------------------------------- + static_th 3995680 + pool [BUFFER_POOL|egress_lossless_pool] + size 1518 + --------- ---------------------------------- + + Profile: pg_lossless_100000_40m_profile + ---------- ----------------------------------- + xon_offset 2288 + dynamic_th -3 + xon 2288 + xoff 177632 + pool [BUFFER_POOL|ingress_lossless_pool] + size 1248 + ---------- ----------------------------------- + + Profile: ingress_lossy_profile + ---------- ----------------------------------- + dynamic_th 3 + pool [BUFFER_POOL|ingress_lossless_pool] + size 0 + ---------- ----------------------------------- + + Profile: pg_lossless_40000_40m_profile + ---------- ----------------------------------- + xon_offset 2288 + dynamic_th -3 + xon 2288 + xoff 71552 + pool [BUFFER_POOL|ingress_lossless_pool] + size 1248 + ---------- ----------------------------------- + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#System-State) + +Go Back To [Beginning of the document](#) or [Beginning of this section](#System-Health) + +### System-Health + +These commands are used to monitor the system current running services and hardware state. + +**show system-health summary** + +This command displays the current status of 'Services' and 'Hardware' under monitoring. +If any of the elements under each of these two sections is 'Not OK' a proper message will appear under the relevant section. + +- Usage: + ``` + show system-health summary + ``` + +- Example: + ``` + admin@sonic:~$ show system-health summary + System status summary + + System status LED red + Services: + Status: Not OK + Not Running: 'telemetry', 'sflowmgrd' + Hardware: + Status: OK + ``` + ``` + admin@sonic:~$ show system-health summary + System status summary + + System status LED green + Services: + Status: OK + Hardware: + Status: OK + ``` + +**show system-health monitor-list** + +This command displays a list of all current 'Services' and 'Hardware' being monitored, their status and type. + +- Usage: + ``` + show system-health monitor-list + ``` + +- Example: + ``` + admin@sonic:~$ show system-health monitor-list + System services and devices monitor list + + Name Status Type + -------------- -------- ---------- + telemetry Not OK Process + orchagent Not OK Process + neighsyncd OK Process + vrfmgrd OK Process + dialout_client OK Process + zebra OK Process + rsyslog OK Process + snmpd OK Process + redis_server OK Process + intfmgrd OK Process + vxlanmgrd OK Process + lldpd_monitor OK Process + portsyncd OK Process + var-log OK Filesystem + lldpmgrd OK Process + syncd OK Process + sonic OK System + buffermgrd OK Process + portmgrd OK Process + staticd OK Process + bgpd OK Process + lldp_syncd OK Process + bgpcfgd OK Process + snmp_subagent OK Process + root-overlay OK Filesystem + fpmsyncd OK Process + sflowmgrd OK Process + vlanmgrd OK Process + nbrmgrd OK Process + PSU 2 OK PSU + psu_1_fan_1 OK Fan + psu_2_fan_1 OK Fan + fan11 OK Fan + fan10 OK Fan + fan12 OK Fan + ASIC OK ASIC + fan1 OK Fan + PSU 1 OK PSU + fan3 OK Fan + fan2 OK Fan + fan5 OK Fan + fan4 OK Fan + fan7 OK Fan + fan6 OK Fan + fan9 OK Fan + fan8 OK Fan + ``` + +**show system-health detail** + +This command displays the current status of 'Services' and 'Hardware' under monitoring. +If any of the elements under each of these two sections is 'Not OK' a proper message will appear under the relevant section. +In addition, displays a list of all current 'Services' and 'Hardware' being monitored and a list of ignored elements. + +- Usage: + ``` + show system-health detail + ``` + +- Example: + ``` + admin@sonic:~$ show system-health detail + System status summary + + System status LED red + Services: + Status: Not OK + Not Running: 'telemetry', 'orchagent' + Hardware: + Status: OK + + System services and devices monitor list + + Name Status Type + -------------- -------- ---------- + telemetry Not OK Process + orchagent Not OK Process + neighsyncd OK Process + vrfmgrd OK Process + dialout_client OK Process + zebra OK Process + rsyslog OK Process + snmpd OK Process + redis_server OK Process + intfmgrd OK Process + vxlanmgrd OK Process + lldpd_monitor OK Process + portsyncd OK Process + var-log OK Filesystem + lldpmgrd OK Process + syncd OK Process + sonic OK System + buffermgrd OK Process + portmgrd OK Process + staticd OK Process + bgpd OK Process + lldp_syncd OK Process + bgpcfgd OK Process + snmp_subagent OK Process + root-overlay OK Filesystem + fpmsyncd OK Process + sflowmgrd OK Process + vlanmgrd OK Process + nbrmgrd OK Process + PSU 2 OK PSU + psu_1_fan_1 OK Fan + psu_2_fan_1 OK Fan + fan11 OK Fan + fan10 OK Fan + fan12 OK Fan + ASIC OK ASIC + fan1 OK Fan + PSU 1 OK PSU + fan3 OK Fan + fan2 OK Fan + fan5 OK Fan + fan4 OK Fan + fan7 OK Fan + fan6 OK Fan + fan9 OK Fan + fan8 OK Fan + + System services and devices ignore list + + Name Status Type + ----------- -------- ------ + psu.voltage Ignored Device + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#System-Health) + +## VLAN & FDB + +### VLAN + +#### VLAN show commands + +**show vlan brief** + +This command displays brief information about all the vlans configured in the device. It displays the vlan ID, IP address (if configured for the vlan), list of vlan member ports, whether the port is tagged or in untagged mode, the DHCP Helper Address, and the proxy ARP status + +- Usage: + ``` + show vlan brief + ``` + +- Example: + ``` + admin@sonic:~$ show vlan brief + + +-----------+--------------+-----------+----------------+-----------------------+-------------+ + | VLAN ID | IP Address | Ports | Port Tagging | DHCP Helper Address | Proxy ARP | + +===========+==============+===========+================+=======================+=============+ + | 100 | 1.1.2.2/16 | Ethernet0 | tagged | 192.0.0.1 | disabled | + | | | Ethernet4 | tagged | 192.0.0.2 | | + | | | | | 192.0.0.3 | | + +-----------+--------------+-----------+----------------+-----------------------+-------------+ + ``` + +**show vlan config** + +This command displays all the vlan configuration. + +- Usage: + ``` + show vlan config + ``` + +- Example: + ``` + admin@sonic:~$ show vlan config + Name VID Member Mode + ------- ----- --------- ------ + Vlan100 100 Ethernet0 tagged + Vlan100 100 Ethernet4 tagged + ``` + + +#### VLAN Config commands + +This sub-section explains how to configure the vlan and its member ports. + +**config vlan add/del** + +This command is used to add or delete the vlan. + +- Usage: + ``` + config vlan (add | del) + ``` + +- Example (Create the VLAN "Vlan100" if it does not already exist): + ``` + admin@sonic:~$ sudo config vlan add 100 + ``` + +**config vlan member add/del** + +This command is to add or delete a member port into the already created vlan. + +- Usage: + ``` + config vlan member add/del [-u|--untagged] + ``` + +*NOTE: Adding the -u or --untagged flag will set the member in "untagged" mode* + + +- Example: + ``` + admin@sonic:~$ sudo config vlan member add 100 Ethernet0 + This command will add Ethernet0 as member of the vlan 100 + + admin@sonic:~$ sudo config vlan member add 100 Ethernet4 + This command will add Ethernet4 as member of the vlan 100. + ``` + +**config proxy_arp enabled/disabled** + +This command is used to enable or disable proxy ARP for a VLAN interface + +- Usage: + ``` + config vlan proxy_arp enabled/disabled + ``` + +- Example: + ``` + admin@sonic:~$ sudo config vlan proxy_arp 1000 enabled + This command will enable proxy ARP for the interface 'Vlan1000' + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#vlan--FDB) + +### FDB + +#### FDB show commands + +**show mac** + +This command displays the MAC (FDB) entries either in full or partial as given below. +1) show mac - displays the full table +2) show mac -v - displays the MACs learnt on the particular VLAN ID. +3) show mac -p - displays the MACs learnt on the particular port. +4) show mac -a - display the MACs that match a specific mac-address +5) show mac -t - display the MACs that match a specific type (static/dynamic) +6) show mac -c - display the count of MAC addresses + +To show the default MAC address aging time on the switch. + +- Usage: + ``` + show mac [-v ] [-p ] [-a ] [-t ] [-c] + ``` + +- Example: + ``` + admin@sonic:~$ show mac + No. Vlan MacAddress Port Type + ----- ------ ----------------- ----------- ------- + 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic + 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic + 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic + 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic + 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic + 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic + 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic + 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic + 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic + 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic + 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic + 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic + 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic + 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic + 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic + 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic + 17 1000 50:96:23:AD:F1:65 Ethernet192 Static + 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static + Total number of entries 18 + ``` + +Optionally, you can specify a VLAN ID or interface name or type or mac-address in order to display only that particular entries + +- Examples: + ``` + admin@sonic:~$ show mac -v 1000 + No. Vlan MacAddress Port Type + ----- ------ ----------------- ----------- ------- + 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic + 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic + 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic + 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic + 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic + 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic + 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic + 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic + 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic + 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic + 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic + 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic + 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic + 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic + 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic + 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic + 17 1000 50:96:23:AD:F1:65 Ethernet192 Static + 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static + Total number of entries 18 + ``` + ``` + admin@sonic:~$ show mac -p Ethernet192 + No. Vlan MacAddress Port Type + ----- ------ ----------------- ----------- ------- + 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic + 2 1000 A0:1B:5E:47:C9:76 Ethernet192 Dynamic + 3 1000 AA:54:EF:2C:EE:30 Ethernet192 Dynamic + 4 1000 A4:3F:F2:17:A3:FC Ethernet192 Dynamic + 5 1000 0C:FC:01:72:29:91 Ethernet192 Dynamic + 6 1000 48:6D:01:7E:C9:FD Ethernet192 Dynamic + 7 1000 1C:6B:7E:34:5F:A6 Ethernet192 Dynamic + 8 1000 EE:81:D9:7B:93:A9 Ethernet192 Dynamic + 9 1000 CC:F8:8D:BB:85:E2 Ethernet192 Dynamic + 10 1000 0A:52:B3:9C:FB:6C Ethernet192 Dynamic + 11 1000 C6:E2:72:02:D1:23 Ethernet192 Dynamic + 12 1000 8A:C9:5C:25:E9:28 Ethernet192 Dynamic + 13 1000 5E:CD:34:E4:94:18 Ethernet192 Dynamic + 14 1000 7E:49:1F:B5:91:B5 Ethernet192 Dynamic + 15 1000 AE:DD:67:F3:09:5A Ethernet192 Dynamic + 16 1000 DC:2F:D1:08:4B:DE Ethernet192 Dynamic + 17 1000 50:96:23:AD:F1:65 Ethernet192 Static + 18 1000 C6:C9:5E:AE:24:42 Ethernet192 Static + Total number of entries 18 + ``` + ``` + admin@sonic:~$ show mac -a E2:8C:56:85:4A:CD + No. Vlan MacAddress Port Type + ----- ------ ----------------- ----------- ------- + 1 1000 E2:8C:56:85:4A:CD Ethernet192 Dynamic + Total number of entries 1 + ``` + ``` + admin@sonic:~$ show mac -t Static + No. Vlan MacAddress Port Type + ----- ------ ----------------- ----------- ------- + 2 1000 50:96:23:AD:F1:65 Ethernet192 Static + 2 1000 C6:C9:5E:AE:24:42 Ethernet192 Static + Total number of entries 2 + ``` + ``` + admin@sonic:~$ show mac -c + Total number of entries 18 + ``` + +**show mac aging-time** + +This command displays the default mac aging time on the switch + + ``` + admin@sonic:~$ show mac aging-time + Aging time for switch is 600 seconds + ``` + +**sonic-clear fdb all** + +Clear the FDB table + +- Usage: + ``` + sonic-clear fdb all + ``` +- Example: + ``` + admin@sonic:~$ sonic-clear fdb all + FDB entries are cleared. + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#vlan--FDB) + +## VxLAN & Vnet + +### VxLAN + +#### VxLAN show commands + +**show vxlan tunnel** + +This command displays brief information about all the vxlans configured in the device. It displays the vxlan tunnel name, source IP address, destination IP address (if configured), tunnel map name and mapping. + +- Usage: + + ``` + show vxlan tunnel + ``` + +- Example: + + ``` + admin@sonic:~$ show vxlan tunnel + vxlan tunnel name source ip destination ip tunnel map name tunnel map mapping(vni -> vlan) + ------------------- ----------- ---------------- ----------------- --------------------------------- + tunnel1 10.10.10.10 + tunnel2 10.10.10.10 20.10.10.10 tmap1 1234 -> 100 + tunnel3 10.10.10.10 30.10.10.10 tmap2 1235 -> 200 + ``` + +**show vxlan name ** + +This command displays configuration. + +- Usage: + + ``` + show vxlan name + ``` + +- Example: + + ``` + admin@sonic:~$ show vxlan name tunnel3 + vxlan tunnel name source ip destination ip tunnel map name tunnel map mapping(vni -> vlan) + ------------------- ----------- ---------------- ----------------- --------------------------------- + tunnel3 10.10.10.10 30.10.10.10 tmap2 1235 -> 200 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#vxlan--vnet) + +### Vnet + +#### Vnet show commands + +**show vnet brief** + +This command displays brief information about all the vnets configured in the device. It displays the vnet name, vxlan tunnel name, vni and peer list (if configured). + +- Usage: + + ``` + show vnet brief + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet brief + vnet name vxlan tunnel vni peer list + ----------- -------------- ----- ------------------ + Vnet_2000 tunnel1 2000 + Vnet_3000 tunnel1 3000 Vnet_2000,Vnet4000 + ``` + +**show vnet name ** + +This command displays brief information about configured in the device. + +- Usage: + + ``` + show vnet name + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet name Vnet_3000 + vnet name vxlan tunnel vni peer list + ----------- -------------- ----- ------------------ + Vnet_3000 tunnel1 3000 Vnet_2000,Vnet4000 + ``` + +**show vnet interfaces** + +This command displays vnet interfaces information about all the vnets configured in the device. + +- Usage: + + ``` + show vnet interfaces + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet interfaces + vnet name interfaces + ----------- ------------ + Vnet_2000 Ethernet1 + Vnet_3000 Vlan2000 + ``` + +**show vnet neighbors** + +This command displays vnet neighbor information about all the vnets configured in the device. It displays the vnet name, neighbor IP address, neighbor mac address (if configured) and interface. + +- Usage: + + ``` + show vnet neighbors + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet neighbors + Vnet_2000 neighbor mac_address interfaces + ----------- ----------- ------------- ------------ + 11.11.11.11 Ethernet1 + 11.11.11.12 Ethernet1 + + Vnet_3000 neighbor mac_address interfaces + ----------- ----------- ----------------- ------------ + 20.20.20.20 aa:bb:cc:dd:ee:ff Vlan2000 + ``` + +**show vnet routes all** + +This command displays all routes information about all the vnets configured in the device. It also show the vnet routes which are configured but may or may not be active based on endpoint BFD status. + +- Usage: + + ``` + show vnet routes all + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet routes all + vnet name prefix nexthop interface + ----------- -------------- --------- ----------- + Vnet_2000 100.100.3.0/24 Ethernet52 + Vnet_3000 100.100.4.0/24 Vlan2000 + + vnet name prefix endpoint mac address vni status + ----------- -------------- ---------- ----------------- ----- ------- + Vnet_2000 100.100.1.1/32 10.10.10.1 active + Vnet_3000 100.100.2.1/32 10.10.10.2 00:00:00:00:03:04 inactive + Vnet_3000 100.100.2.3/32 10.10.10.6 00:00:00:00:03:04 + ``` + +**show vnet routes tunnel** + +This command displays tunnel routes information about all the vnets configured in the device. + +- Usage: + + ``` + show vnet routes tunnel + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet routes tunnel + vnet name prefix endpoint mac address vni + ----------- -------------- ---------- ----------------- ----- + Vnet_2000 100.100.1.1/32 10.10.10.1 + Vnet_3000 100.100.2.1/32 10.10.10.2 00:00:00:00:03:04 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#vxlan--vnet) + +## Warm Reboot + +warm-reboot command initiates a warm reboot of the device. + +warm-reboot command doesn't require setting warm restart configuration. The +command will setup everything needed to perform warm reboot. + +This command requires root privilege. + +- Usage: + ``` + warm-reboot [-h|-?|-v|-f|-r|-k|-x|-c |-s|-D] + ``` + +- Parameters: + ``` + -h,-? : get this help + -v : turn on verbose mode + -f : force execution + -r : reboot with /sbin/reboot + -k : reboot with /sbin/kexec -e [default] + -x : execute script with -x flag + -c : specify control plane assistant IP list + -s : strict mode: do not proceed without: + - control plane assistant IP list. + -D : detached mode - closing terminal will not cause stopping reboot + ``` + +- Example: + ``` + admin@sonic:~$ sudo warm-reboot -v + Tue Oct 22 23:20:53 UTC 2019 Pausing orchagent ... + Tue Oct 22 23:20:53 UTC 2019 Stopping radv ... + Tue Oct 22 23:20:54 UTC 2019 Stopping bgp ... + Tue Oct 22 23:20:54 UTC 2019 Stopped bgp ... + Tue Oct 22 23:20:57 UTC 2019 Initialize pre-shutdown ... + Tue Oct 22 23:20:58 UTC 2019 Requesting pre-shutdown ... + Tue Oct 22 23:20:58 UTC 2019 Waiting for pre-shutdown ... + Tue Oct 22 23:20:59 UTC 2019 Pre-shutdown succeeded ... + Tue Oct 22 23:20:59 UTC 2019 Backing up database ... + Tue Oct 22 23:21:00 UTC 2019 Stopping teamd ... + Tue Oct 22 23:21:00 UTC 2019 Stopped teamd ... + Tue Oct 22 23:21:00 UTC 2019 Stopping syncd ... + Tue Oct 22 23:21:11 UTC 2019 Stopped syncd ... + Tue Oct 22 23:21:11 UTC 2019 Stopping all remaining containers ... + Tue Oct 22 23:21:13 UTC 2019 Stopped all remaining containers ... + Tue Oct 22 23:21:15 UTC 2019 Rebooting with /sbin/kexec -e to SONiC-OS-20191021.01 ... + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#Warm-Reboot) + +## Warm Restart + +Besides device level warm reboot, SONiC also provides docker based warm restart. This feature is currently supported by following dockers: BGP, teamD, and SWSS. A user can manage to restart a particular docker, with no interruption on packet forwarding and no effect on other services. This helps to reduce operational costs as well as development efforts. For example, to fix a bug in BGP routing stack, only the BGP docker image needs to be built, tested and upgraded. + +To achieve uninterrupted packet forwarding during the restarting stage and database reconciliation at the post restarting stage, warm restart enabled dockers with adjacency state machine facilitate standardized protocols. For example, a BGP restarting switch must have BGP "Graceful Restart" enabled, and its BGP neighbors must be "Graceful Restart Helper Capable", as specified in [IETF RFC4724](https://tools.ietf.org/html/rfc4724). + +Before warm restart BGP docker, the following BGP commands should be enabled: + ``` + bgp graceful-restart + bgp graceful-restart preserve-fw-state + ``` +In current SONiC release, the above two commands are enabled by default. + +It should be aware that during a warm restart, certain BGP fast convergence feature and black hole avoidance feature should either be disabled or be set to a lower preference to avoid conflicts with BGP graceful restart. + +For example, BGP BFD could be disabled via: + + ``` + no neighbor bfd + ``` + +otherwise, the fast failure detection would cause packet drop during warm reboot. + +Another commonly deployed blackhole avoidance feature: dynamic route priority adjustment, could be disabled via: + + ``` + no bgp max-med on-peerup + ``` + +to avoid large routes churn during BGP restart. + + +### Warm Restart show commands + +**show warm_restart config** + +This command displays all the configuration related to warm_restart. + +- Usage: + ``` + show warm_restart config + ``` + +- Example: + ``` + admin@sonic:~$ show warm_restart config + name enable timer_name timer_duration + ------ -------- ---------------- ---------------- + bgp true bgp_timer 100 + teamd false teamsyncd_timer 300 + swss false neighsyncd_timer 200 + system true NULL NULL + ``` + +**show warm_restart state** + +This command displays the warm_restart state. + +- Usage: + ``` + show warm_restart state + ``` + +- Example: + ``` + admin@sonic:~$ show warm_restart state + name restore_count state + ---------- --------------- ---------- + orchagent 0 + vlanmgrd 0 + bgp 1 reconciled + portsyncd 0 + teammgrd 1 + neighsyncd 0 + teamsyncd 1 + syncd 0 + natsyncd 0 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#warm-restart) + +### Warm Restart Config commands + +This sub-section explains the various configuration related to warm restart feature. Following parameters can be configured using this command. +1) bgp_timer +2) disable +3) enable +4) neighsyncd_timer +5) teamsyncd_timer +Each of these sub-commands are explained in the following section. + +Users can use an optional parameter "-s" to use the unix domain socket for communicating with the RedisDB which will be faster when compared to using the default network sockets. +All these commands have the following option. + +Options: + -s, --redis-unix-socket-path TEXT + unix socket path for redis connection + + +**config warm_restart bgp_timer** + +This command is used to set the bgp_timer value for warm_restart of BGP service. +bgp_timer holds the time interval utilized by fpmsyncd during warm-restart episodes. +During this interval fpmsyncd will recover all the routing state previously pushed to AppDB, as well as all the new state coming from zebra/bgpd. +Upon expiration of this timer, fpmsyncd will execute the reconciliation logic to eliminate all the stale entries from AppDB. +This timer should match the BGP-GR restart-timer configured within the elected routing-stack. +Supported range: 1-3600. + +- Usage: + ``` + config warm_restart [-s|--redis-unix-socket-path ] bgp_timer + ``` + + - Parameters: + - seconds: Range from 1 to 3600 + +- Example: + ``` + admin@sonic:~$ sudo config warm_restart bgp_timer 1000 + ``` + +**config warm_restart enable/disable** + +This command is used to enable or disable the warm_restart for a particular service that supports warm reboot. +Following four services support warm reboot. When user restarts the particular service using "systemctl restart ", this configured value will be checked for whether it is enabled or disabled. +If this configuration is enabled for that service, it will perform warm reboot for that service. Otherwise, it will do cold restart of the service. + +- Usage: + ``` + config warm_restart [-s|--redis-unix-socket-path ] enable [] + ``` + + - Parameters: + - module_name: Can be either system or swss or bgp or teamd. If "module_name" argument is not specified, it will enable "system" module. + +- Example (Set warm_restart as "enable" for the "system" service): + ``` + admin@sonic:~$ sudo config warm_restart enable + ``` + +- Example (Set warm_restart as "enable" for the "swss" service. When user does "systemctl restart swss", it will perform warm reboot instead of cold reboot) + ``` + admin@sonic:~$ sudo config warm_restart enable swss + ``` + +- Example (Set warm_restart as "enable" for the "teamd" service. When user does "systemctl restart teamd", it will perform warm reboot instead of cold reboot) + ``` + admin@sonic:~$ sudo config warm_restart enable teamd + ``` + + +**config warm_restart neighsyncd_timer** + +This command is used to set the neighsyncd_timer value for warm_restart of "swss" service. +neighsyncd_timer is the timer used for "swss" (neighsyncd) service during the warm restart. +Timer is started after the neighborTable is restored to internal data structures. +neighborsyncd then starts to read all Linux kernel entries and mark the entries in the data structures accordingly. +Once the timer is expired, reconciliation is done and the delta is pushed to appDB +Valid value is 1-9999. 0 is invalid. + +- Usage: + ``` + config warm_restart [-s|--redis-unix-socket-path ] neighsyncd_timer + ``` + + - Parameters: + - seconds: Range from 1 to 9999 + +- Example: + ``` + admin@sonic:~$ sudo config warm_restart neighsyncd_timer 2000 + ``` + + +**config warm_restart bgp_timer** + +This command is used to set the bgp_timer value for warm_restart of "bgp" service. +bgp_timer is the timer used for "bgp" service during the warm restart. +Timer is started after the BGP table is restored to internal data structures. +BGP services then start to read all Linux kernel entries and mark the entries in the data structures accordingly. +Once the timer is expired, reconciliation is done and the delta is pushed to appDB +Valid value is 1-9999. 0 is invalid. + +- Usage: + ``` + config warm_restart [-s|--redis-unix-socket-path ] bgp_timer + ``` + + - Parameters: + - seconds: Range from 1 to 9999 + +- Example: + ``` + admin@sonic:~$ sudo config warm_restart bgp_timer 2000 + ``` + +**config warm_restart teamsyncd_timer** + +This command is used to set the teamsyncd_timer value for warm_restart of teamd service. +teamsyncd_timer holds the time interval utilized by teamsyncd during warm-restart episodes. +The timer is started when teamsyncd starts. During the timer interval, teamsyncd will preserve all LAG interface changes, but it will not apply them. +The changes will only be applied when the timer expires. +When the changes are applied, the stale LAG entries will be removed, the new LAG entries will be created. +Supported range: 1-9999. 0 is invalid + +- Usage: + ``` + config warm_restart teamsyncd_timer + ``` + + - Parameters: + - seconds: Range from 1 to 9999 + +- Example: + ``` + admin@sonic:~$ sudo config warm_restart teamsyncd_timer 3000 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#warm-restart) + + +## Watermark + +### Watermark Show commands + +**show watermark telemetry interval** + +This command displays the configured interval for the telemetry. + +- Usage: + ``` + show watermark telemetry interval + ``` + +- Example: + ``` + admin@sonic:~$ show watermark telemetry interval + + Telemetry interval 120 second(s) + ``` + +### Watermark Config commands + +**config watermark telemetry interval** + +This command is used to configure the interval for telemetry. +The default interval is 120 seconds. +There is no regulation on the valid range of values; it leverages linux timer. + +- Usage: + ``` + config watermark telemetry interval + ``` + +- Example: + ``` + admin@sonic:~$ sudo config watermark telemetry interval 999 + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#watermark) + + + +## Software Installation and Management + +SONiC images can be installed in one of two methods: +1. From within a running SONiC image using the `sonic-installer` utility +2. From the vendor's bootloader (E.g., ONIE, Aboot, etc.) + +SONiC packages are available as prebuilt Docker images and meant to be installed with the *sonic-package-manager* utility. + +### SONiC Package Manager + +The *sonic-package-manager* is a command line tool to manage (e.g. install, upgrade or uninstall) SONiC Packages. + +**sonic-package-manager list** + +This command lists all available SONiC packages, their desription, installed version and installation status. +SONiC package status can be *Installed*, *Not installed* or *Built-In*. "Built-In" status means that a feature is built-in to SONiC image and can't be upgraded or uninstalled. + +- Usage: + ``` + sonic-package-manager list + ``` + +- Example: + ``` + admin@sonic:~$ sonic-package-manager list + Name Repository Description Version Status + -------------- --------------------------- ---------------------------- --------- -------------- + cpu-report azure/cpu-report CPU report package N/A Not Installed + database docker-database SONiC database package 1.0.0 Built-In + dhcp-relay azure/docker-dhcp-relay SONiC dhcp-relay package 1.0.0 Installed + fpm-frr docker-fpm-frr SONiC fpm-frr package 1.0.0 Built-In + lldp docker-lldp SONiC lldp package 1.0.0 Built-In + macsec docker-macsec SONiC macsec package 1.0.0 Built-In + mgmt-framework docker-sonic-mgmt-framework SONiC mgmt-framework package 1.0.0 Built-In + nat docker-nat SONiC nat package 1.0.0 Built-In + pmon docker-platform-monitor SONiC pmon package 1.0.0 Built-In + radv docker-router-advertiser SONiC radv package 1.0.0 Built-In + sflow docker-sflow SONiC sflow package 1.0.0 Built-In + snmp docker-snmp SONiC snmp package 1.0.0 Built-In + swss docker-orchagent SONiC swss package 1.0.0 Built-In + syncd docker-syncd-mlnx SONiC syncd package 1.0.0 Built-In + teamd docker-teamd SONiC teamd package 1.0.0 Built-In + telemetry docker-sonic-telemetry SONiC telemetry package 1.0.0 Built-In + ``` + +**sonic-package-manager repository add** + +This command will add a new repository as source for SONiC packages to the database. *NOTE*: requires elevated (root) privileges to run + +- Usage: + ``` + Usage: sonic-package-manager repository add [OPTIONS] NAME REPOSITORY + + Add a new repository to database. + + NOTE: This command requires elevated (root) privileges to run. + + Options: + --default-reference TEXT Default installation reference. Can be a tag or + sha256 digest in repository. + --description TEXT Optional package entry description. + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sudo sonic-package-manager repository add \ + cpu-report azure/sonic-cpu-report --default-reference 1.0.0 + ``` + +**sonic-package-manager repository remove** + +This command will remove a repository as source for SONiC packages from the database . The package has to be *Not Installed* in order to be removed from package database. *NOTE*: requires elevated (root) privileges to run + +- Usage: + ``` + Usage: sonic-package-manager repository remove [OPTIONS] NAME + + Remove repository from database. + + NOTE: This command requires elevated (root) privileges to run. + + Options: + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sudo sonic-package-manager repository remove cpu-report + ``` + +**sonic-package-manager install** + +This command pulls and installs a package on SONiC host. *NOTE*: this command requires elevated (root) privileges to run + +- Usage: + ``` + Usage: sonic-package-manager install [OPTIONS] [PACKAGE_EXPR] + + Install/Upgrade package using [PACKAGE_EXPR] in format + "[=|@]". + + The repository to pull the package from is resolved by lookup in + package database, thus the package has to be added via "sonic- + package-manager repository add" command. + + In case when [PACKAGE_EXPR] is a package name "" this command + will install or upgrade to a version referenced by "default- + reference" in package database. + + NOTE: This command requires elevated (root) privileges to run. + + Options: + --enable Set the default state of the feature to enabled + and enable feature right after installation. NOTE: + user needs to execute "config save -y" to make + this setting persistent. + --set-owner [local|kube] Default owner configuration setting for a feature. + --from-repository TEXT Fetch package directly from image registry + repository. NOTE: This argument is mutually + exclusive with arguments: [package_expr, + from_tarball]. + --from-tarball FILE Fetch package from saved image tarball. NOTE: This + argument is mutually exclusive with arguments: + [package_expr, from_repository]. + -f, --force Force operation by ignoring package dependency + tree and package manifest validation failures. + -y, --yes Automatically answer yes on prompts. + -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. + Default is INFO. + --skip-host-plugins Do not install host OS plugins provided by the + package (CLI, etc). NOTE: In case when package + host OS plugins are set as mandatory in package + manifest this option will fail the installation. + --allow-downgrade Allow package downgrade. By default an attempt to + downgrade the package will result in a failure + since downgrade might not be supported by the + package, thus requires explicit request from the + user. + --help Show this message and exit.. + ``` +- Example: + ``` + admin@sonic:~$ sudo sonic-package-manager install dhcp-relay=1.0.2 + ``` + ``` + admin@sonic:~$ sudo sonic-package-manager install dhcp-relay@latest + ``` + ``` + admin@sonic:~$ sudo sonic-package-manager install dhcp-relay@sha256:9780f6d83e45878749497a6297ed9906c19ee0cc48cc88dc63827564bb8768fd + ``` + ``` + admin@sonic:~$ sudo sonic-package-manager install --from-repository azure/sonic-cpu-report:latest + ``` + ``` + admin@sonic:~$ sudo sonic-package-manager install --from-tarball sonic-docker-image.gz + ``` + +**sonic-package-manager uninstall** + +This command uninstalls package from SONiC host. User needs to stop the feature prior to uninstalling it. +*NOTE*: this command requires elevated (root) privileges to run. + +- Usage: + ``` + Usage: sonic-package-manager uninstall [OPTIONS] NAME + + Uninstall package. + + NOTE: This command requires elevated (root) privileges to run. + + Options: + -f, --force Force operation by ignoring package dependency tree and + package manifest validation failures. + -y, --yes Automatically answer yes on prompts. + -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. Default + is INFO. + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sudo sonic-package-manager uninstall dhcp-relay + ``` + +**sonic-package-manager reset** + +This comamnd resets the package by reinstalling it to its default version. *NOTE*: this command requires elevated (root) privileges to run. + +- Usage: + ``` + Usage: sonic-package-manager reset [OPTIONS] NAME + + Reset package to the default version. + + NOTE: This command requires elevated (root) privileges to run. + + Options: + -f, --force Force operation by ignoring package dependency tree and + package manifest validation failures. + -y, --yes Automatically answer yes on prompts. + -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG. Default + is INFO. + --skip-host-plugins Do not install host OS plugins provided by the package + (CLI, etc). NOTE: In case when package host OS plugins + are set as mandatory in package manifest this option + will fail the installation. + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sudo sonic-package-manager reset dhcp-relay + ``` + +**sonic-package-manager show package versions** + +This command will retrieve a list of all available versions for the given package from the configured upstream repository + +- Usage: + ``` + Usage: sonic-package-manager show package versions [OPTIONS] NAME + + Show available versions. + + Options: + --all Show all available tags in repository. + --plain Plain output. + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sonic-package-manager show package versions dhcp-relay + • 1.0.0 + • 1.0.2 + • 2.0.0 + ``` + ``` + admin@sonic:~$ sonic-package-manager show package versions dhcp-relay --plain + 1.0.0 + 1.0.2 + 2.0.0 + ``` + ``` + admin@sonic:~$ sonic-package-manager show package versions dhcp-relay --all + • 1.0.0 + • 1.0.2 + • 2.0.0 + • latest + ``` + +**sonic-package-manager show package changelog** + +This command fetches the changelog from the package manifest and displays it. *NOTE*: package changelog can be retrieved from registry or read from image tarball without installing it. + +- Usage: + ``` + Usage: sonic-package-manager show package changelog [OPTIONS] [PACKAGE_EXPR] + + Show package changelog. + + Options: + --from-repository TEXT Fetch package directly from image registry + repository NOTE: This argument is mutually exclusive + with arguments: [from_tarball, package_expr]. + --from-tarball FILE Fetch package from saved image tarball NOTE: This + argument is mutually exclusive with arguments: + [package_expr, from_repository]. + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sonic-package-manager show package changelog dhcp-relay + 1.0.0: + + • Initial release + + Author (author@email.com) Mon, 25 May 2020 12:25:00 +0300 + ``` + +**sonic-package-manager show package manifest** + +This command fetches the package manifest and displays it. *NOTE*: package manifest can be retrieved from registry or read from image tarball without installing it. + +- Usage: + ``` + Usage: sonic-package-manager show package manifest [OPTIONS] [PACKAGE_EXPR] + + Show package manifest. + + Options: + --from-repository TEXT Fetch package directly from image registry + repository NOTE: This argument is mutually exclusive + with arguments: [package_expr, from_tarball]. + --from-tarball FILE Fetch package from saved image tarball NOTE: This + argument is mutually exclusive with arguments: + [from_repository, package_expr]. + -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG + --help Show this message and exit. + ``` +- Example: + ``` + admin@sonic:~$ sonic-package-manager show package manifest dhcp-relay=2.0.0 + { + "version": "1.0.0", + "package": { + "version": "2.0.0", + "depends": [ + "database>=1.0.0,<2.0.0" + ] + }, + "service": { + "name": "dhcp_relay" + } + } + ``` + +### SONiC Installer +This is a command line tool available as part of the SONiC software; If the device is already running the SONiC software, this tool can be used to install an alternate image in the partition. +This tool has facility to install an alternate image, list the available images and to set the next reboot image. +This command requires elevated (root) privileges to run. + +**sonic-installer list** + +This command displays information about currently installed images. It displays a list of installed images, currently running image and image set to be loaded in next reboot. + +- Usage: + ``` + sonic-installer list + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer list + Current: SONiC-OS-HEAD.XXXX + Next: SONiC-OS-HEAD.XXXX + Available: + SONiC-OS-HEAD.XXXX + SONiC-OS-HEAD.YYYY + ``` + +TIP: This output can be obtained without evelated privileges by running the `show boot` command. See [here](#show-system-status) for details. + +**sonic-installer install** + +This command is used to install a new image on the alternate image partition. This command takes a path to an installable SONiC image or URL and installs the image. + +- Usage: + ``` + sonic-installer install + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer install https://sonic-jenkins.westus.cloudapp.azure.com/job/xxxx/job/buildimage-xxxx-all/xxx/artifact/target/sonic-xxxx.bin + New image will be installed, continue? [y/N]: y + Downloading image... + ...100%, 480 MB, 3357 KB/s, 146 seconds passed + Command: /tmp/sonic_image + Verifying image checksum ... OK. + Preparing image archive ... OK. + ONIE Installer: platform: XXXX + onie_platform: + Installing SONiC in SONiC + Installing SONiC to /host/image-xxxx + Directory /host/image-xxxx/ already exists. Cleaning up... + Archive: fs.zip + creating: /host/image-xxxx/boot/ + inflating: /host/image-xxxx/boot/vmlinuz-3.16.0-4-amd64 + inflating: /host/image-xxxx/boot/config-3.16.0-4-amd64 + inflating: /host/image-xxxx/boot/System.map-3.16.0-4-amd64 + inflating: /host/image-xxxx/boot/initrd.img-3.16.0-4-amd64 + creating: /host/image-xxxx/platform/ + extracting: /host/image-xxxx/platform/firsttime + inflating: /host/image-xxxx/fs.squashfs + inflating: /host/image-xxxx/dockerfs.tar.gz + Log file system already exists. Size: 4096MB + Installed SONiC base image SONiC-OS successfully + + Command: cp /etc/sonic/minigraph.xml /host/ + + Command: grub-set-default --boot-directory=/host 0 + + Done + ``` + +Installing a new image using the sonic-installer will keep using the packages installed on the currently running SONiC image and automatically migrate those. In order to perform clean SONiC installation use the *--skip-package-migration* option: + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer install https://sonic-jenkins.westus.cloudapp.azure.com/job/xxxx/job/buildimage-xxxx-all/xxx/artifact/target/sonic-xxxx.bin --skip-package-migration + ``` + +**sonic-installer set_default** + +This command is be used to change the image which can be loaded by default in all the subsequent reboots. + +- Usage: + ``` + sonic-installer set_default + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer set_default SONiC-OS-HEAD.XXXX + ``` + +**sonic-installer set_next_boot** + +This command is used to change the image that can be loaded in the *next* reboot only. Note that it will fallback to current image in all other subsequent reboots after the next reboot. + +- Usage: + ``` + sonic-installer set_next_boot + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer set_next_boot SONiC-OS-HEAD.XXXX + ``` + +**sonic-installer remove** + +This command is used to remove the unused SONiC image from the disk. Note that it's *not* allowed to remove currently running image. + +- Usage: + ``` + sonic-installer remove [-y|--yes] + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer remove SONiC-OS-HEAD.YYYY + Image will be removed, continue? [y/N]: y + Updating GRUB... + Done + Removing image root filesystem... + Done + Command: grub-set-default --boot-directory=/host 0 + + Image removed + ``` + +**sonic-installer cleanup** + +This command removes all unused images from the device, leaving only the currently active image and the image which will be booted into next (if different) installed. If there are no images which can be removed, the command will output `No image(s) to remove` + +- Usage: + ``` + sonic-installer cleanup [-y|--yes] + ``` + +- Example: + ``` + admin@sonic:~$ sudo sonic-installer cleanup + Remove images which are not current and next, continue? [y/N]: y + No image(s) to remove + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#software-installation-and-management) + + + +## Troubleshooting Commands + +For troubleshooting and debugging purposes, this command gathers pertinent information about the state of the device; information is as diverse as syslog entries, database state, routing-stack state, etc., It then compresses it into an archive file. This archive file can be sent to the SONiC development team for examination. +Resulting archive file is saved as `/var/dump/_YYYYMMDD_HHMMSS.tar.gz` + +- Usage: + ``` + show techsupport + ``` + +- Example: + ``` + admin@sonic:~$ show techsupport [--since=] + ``` + +If the SONiC system was running for quite some time `show techsupport` will produce a large dump file. To reduce the amount of syslog and core files gathered during system dump use `--since` option: + +- Examples: + ``` + admin@sonic:~$ show techsupport --since=yesterday # Will collect syslog and core files for the last 24 hours + ``` + ``` + admin@sonic:~$ show techsupport --since='hour ago' # Will collect syslog and core files for the last one hour + ``` + +### Debug Dumps + +In SONiC, there usually exists a set of tables related/relevant to a particular module. All of these might have to be looked at to confirm whether any configuration update is properly applied and propagated. This utility comes in handy because it prints a unified view of the redis-state for a given module + +- Usage: + ``` + Usage: dump state [OPTIONS] MODULE IDENTIFIER + Dump the redis-state of the identifier for the module specified + + Options: + -s, --show Display Modules Available + -d, --db TEXT Only dump from these Databases + -t, --table Print in tabular format [default: False] + -k, --key-map Only fetch the keys matched, don't extract field-value dumps [default: False] + -v, --verbose Prints any intermediate output to stdout useful for dev & troubleshooting [default: False] + -n, --namespace TEXT Dump the redis-state for this namespace. [default: DEFAULT_NAMESPACE] + --help Show this message and exit. + ``` + + +- Examples: + ``` + root@sonic# dump state --show + Module Identifier + -------- ------------ + port port_name + copp trap_id + ``` + + ``` + admin@sonic:~$ dump state copp arp_req --key-map --db ASIC_DB + { + "arp_req": { + "ASIC_DB": { + "keys": [ + "ASIC_STATE:SAI_OBJECT_TYPE_HOSTIF_TRAP:oid:0x22000000000c5b", + "ASIC_STATE:SAI_OBJECT_TYPE_HOSTIF_TRAP_GROUP:oid:0x11000000000c59", + "ASIC_STATE:SAI_OBJECT_TYPE_POLICER:oid:0x12000000000c5a", + "ASIC_STATE:SAI_OBJECT_TYPE_QUEUE:oid:0x15000000000626" + ], + "tables_not_found": [], + "vidtorid": { + "oid:0x22000000000c5b": "oid:0x200000000022", + "oid:0x11000000000c59": "oid:0x300000011", + "oid:0x12000000000c5a": "oid:0x200000012", + "oid:0x15000000000626": "oid:0x12e0000040015" + } + } + } + } + ``` + +### Event Driven Techsupport Invocation + +This feature/capability makes the techsupport invocation event-driven based on core dump generation. This feature is only applicable for the processes running in the containers. More detailed explanation can be found in the HLD https://github.com/Azure/SONiC/blob/master/doc/auto_techsupport_and_coredump_mgmt.md + +#### config auto-techsupport global commands + +**config auto-techsupport global state** + +- Usage: + ``` + config auto-techsupport global state + ``` + +- Example: + ``` + config auto-techsupport global state enabled + ``` + +**config auto-techsupport global rate-limit-interval ** + +- Usage: + ``` + config auto-techsupport global rate-limit-interval + ``` + - Parameters: + - rate-limit-interval: Minimum time in seconds to wait after the last techsupport creation time before invoking a new one. + +- Example: + ``` + config auto-techsupport global rate-limit-interval 200 + ``` + +**config auto-techsupport global max-techsupport-limit ** + +- Usage: + ``` + config auto-techsupport global max-techsupport-limit + ``` + - Parameters: + - max-techsupport-limit: A percentage value should be specified. This signifies maximum size to which /var/dump/ directory can be grown until. + +- Example: + ``` + config auto-techsupport global max-techsupport-limit 10.15 + ``` + +**config auto-techsupport global max-core-limit ** + +- Usage: + ``` + config auto-techsupport global max-core-limit + ``` + - Parameters: + - max-core-limit: A percentage value should be specified. This signifies maximum size to which /var/core/ directory can be grown until. + +- Example: + ``` + config auto-techsupport global max-core-limit 10.15 + ``` + +**config auto-techsupport global since** + +- Usage: + ``` + config auto-techsupport global since + ``` + - Parameters: + - since: This limits the auto-invoked techsupport to only collect the logs & core-dumps generated since the time provided. Any valid date string of the formats specified here can be used. (https://www.gnu.org/software/coreutils/manual/html_node/Date-input-formats.html). If this value is not explicitly configured or a non-valid string is provided, a default value of "2 days ago" is used. + +- Example: + ``` + config auto-techsupport global since + ``` + + +#### config auto-techsupport-feature commands + +**config auto-techsupport-feature add** + +- Usage: + ``` + config auto-techsupport-feature add --state --rate-limit-interval + ``` + - Parameters: + - state: enable/disable the capability for the specific feature/container. + - rate-limit-interval: Rate limit interval for the corresponding feature. Configure 0 to explicitly disable. For the techsupport to be generated by auto-techsupport, both the global and feature specific rate-limit-interval has to be passed + +- Example: + ``` + config auto-techsupport-feature add bgp --state enabled --rate-limit-interval 200 + ``` + + +**config auto-techsupport-feature delete** + +- Usage: + ``` + config auto-techsupport-feature delete + ``` + +- Example: + ``` + config auto-techsupport-feature delete swss + ``` + +**config auto-techsupport-feature update** + +- Usage: + ``` + config auto-techsupport-feature update --state + config auto-techsupport-feature update --rate-limit-interval + ``` + +- Example: + ``` + config auto-techsupport-feature update snmp --state enabled + config auto-techsupport-feature update swss --rate-limit-interval 200 + ``` + +#### Show CLI: + +**show auto-techsupport global** + +- Usage: + ``` + show auto-techsupport global + ``` + +- Example: + ``` + admin@sonic:~$ show auto-techsupport global + STATE RATE LIMIT INTERVAL (sec) MAX TECHSUPPORT LIMIT (%) MAX CORE LIMIT (%) SINCE + ------- --------------------------- -------------------------- ------------------ ---------- + enabled 180 10.0 5.0 2 days ago + ``` + +**show auto-techsupport-feature** + +- Usage: + ``` + show auto-techsupport-feature + ``` + +- Example: + ``` + admin@sonic:~$ show auto-techsupport-feature + FEATURE NAME STATE RATE LIMIT INTERVAL (sec) + -------------- -------- -------------------------- + bgp enabled 600 + database enabled 600 + dhcp_relay enabled 600 + lldp enabled 600 + swss disabled 800 + ``` + +**show auto-techsupport history** + +- Usage: + ``` + show auto-techsupport history + ``` + +- Example: + ``` + admin@sonic:~$ show auto-techsupport history + TECHSUPPORT DUMP TRIGGERED BY CORE DUMP + ---------------------------------------- -------------- ----------------------------- + sonic_dump_r-lionfish-16_20210901_221402 bgp bgpcfgd.1630534439.55.core.gz + sonic_dump_r-lionfish-16_20210901_203725 snmp python3.1630528642.23.core.gz + sonic_dump_r-lionfish-16_20210901_222408 teamd python3.1630535045.34.core.gz + ``` + +Go Back To [Beginning of the document](#) or [Beginning of this section](#troubleshooting-commands) + +## Routing Stack + +SONiC software is agnostic of the routing software that is being used in the device. For example, users can use either Quagga or FRR routing stack as per their requirement. +A separate shell (vtysh) is provided to configure such routing stacks. +Once if users go to "vtysh", they can use the routing stack specific commands as given in the following example. + +- Example (Quagga Routing Stack): + ``` + admin@sonic:~$ vtysh + + Hello, this is Quagga (version 0.99.24.1). + Copyright 1996-2005 Kunihiro Ishiguro, et al. + + sonic# show route-map (This command displays the route-map that is configured for the routing protocol.) + ZEBRA: + route-map RM_SET_SRC, permit, sequence 10 + Match clauses: + Set clauses: + src 10.12.0.102 + Call clause: + Action: + Exit routemap + ``` + +Refer the routing stack [Quagga Command Reference](https://www.quagga.net/docs/quagga.pdf) or [FRR Command Reference](https://buildmedia.readthedocs.org/media/pdf/frrouting/latest/frrouting.pdf) to know more about about the routing stack configuration. + + +Go Back To [Beginning of the document](#) or [Beginning of this section](#routing-stack) + + +## Quagga BGP Show Commands + +**show ip bgp summary** + +This command displays the summary of all IPv4 bgp neighbors that are configured and the corresponding states. + +- Usage: + ``` + show ip bgp summary + ``` + +- Example: + ``` + admin@sonic:~$ show ip bgp summary + BGP router identifier 1.2.3.4, local AS number 65061 + RIB entries 6124, using 670 KiB of memory + Peers 2, using 143 KiB of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd + 192.168.1.161 4 65501 88698 102781 0 0 0 08w5d14h 2 + 192.168.1.163 4 65502 88698 102780 0 0 0 08w5d14h 2 + + Total number of neighbors 2 + ``` + +**show ip bgp neighbors** + +This command displays all the details of IPv4 & IPv6 BGP neighbors when no optional argument is specified. + +When the optional argument IPv4_address is specified, it displays the detailed neighbor information about that specific IPv4 neighbor. + +Command has got additional optional arguments to display only the advertised routes, or the received routes, or all routes. + +In order to get details for an IPv6 neigbor, use "show ipv6 bgp neighbor " command. + +- Usage: + ``` + show ip bgp neighbors [ [advertised-routes | received-routes | routes]] + ``` + +- Example: + ``` + admin@sonic:~$ show ip bgp neighbors + BGP neighbor is 192.168.1.161, remote AS 65501, local AS 65061, external link + Description: ARISTA01T0 + BGP version 4, remote router ID 1.2.3.4 + BGP state = Established, up for 08w5d14h + Last read 00:00:46, hold time is 180, keepalive interval is 60 seconds + Neighbor capabilities: + 4 Byte AS: advertised and received + Dynamic: received + Route refresh: advertised and received(old & new) + Address family IPv4 Unicast: advertised and received + Graceful Restart Capabilty: advertised and received + Remote Restart timer is 120 seconds + Address families by peer: + IPv4 Unicast(not preserved) + Graceful restart informations: + End-of-RIB send: IPv4 Unicast + End-of-RIB received: IPv4 Unicast + Message statistics: + Inq depth is 0 + Outq depth is 0 + Sent Rcvd + Opens: 1 1 + Notifications: 0 0 + Updates: 14066 3 + Keepalives: 88718 88698 + Route Refresh: 0 0 + Capability: 0 0 + Total: 102785 88702 + Minimum time between advertisement runs is 30 seconds + + For address family: IPv4 Unicast + Community attribute sent to this neighbor(both) + 2 accepted prefixes + + Connections established 1; dropped 0 + Last reset never + Local host: 192.168.1.160, Local port: 32961 + Foreign host: 192.168.1.161, Foreign port: 179 + Nexthop: 192.168.1.160 + Nexthop global: fe80::f60f:1bff:fe89:bc00 + Nexthop local: :: + BGP connection: non shared network + Read thread: on Write thread: off + ``` + +Optionally, you can specify an IP address in order to display only that particular neighbor. In this mode, you can optionally specify whether you want to display all routes advertised to the specified neighbor, all routes received from the specified neighbor or all routes (received and accepted) from the specified neighbor. + + +- Examples: + ``` + admin@sonic:~$ show ip bgp neighbors 192.168.1.161 + + admin@sonic:~$ show ip bgp neighbors 192.168.1.161 advertised-routes + + admin@sonic:~$ show ip bgp neighbors 192.168.1.161 received-routes + + admin@sonic:~$ show ip bgp neighbors 192.168.1.161 routes + ``` + +**show ipv6 bgp summary** + +This command displays the summary of all IPv4 bgp neighbors that are configured and the corresponding states. + +- Usage: + ``` + show ipv6 bgp summary + ``` + +- Example: + ``` + admin@sonic:~$ show ipv6 bgp summary + BGP router identifier 10.1.0.32, local AS number 65100 + RIB entries 12809, using 1401 KiB of memory + Peers 8, using 36 KiB of memory + + Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd + fc00::72 4 64600 12588 12591 0 0 0 06:51:17 6402 + fc00::76 4 64600 12587 6190 0 0 0 06:51:28 6402 + fc00::7a 4 64600 12587 9391 0 0 0 06:51:23 6402 + fc00::7e 4 64600 12589 12592 0 0 0 06:51:25 6402 + + Total number of neighbors 4 + ``` + +**show ipv6 bgp neighbors** + +This command displays all the details of one particular IPv6 Border Gateway Protocol (BGP) neighbor. Option is also available to display only the advertised routes, or the received routes, or all routes. + +- Usage: + ``` + show ipv6 bgp neighbors (advertised-routes | received-routes | routes) + ``` + +- Examples: + ``` + admin@sonic:~$ show ipv6 bgp neighbors fc00::72 advertised-routes + + admin@sonic:~$ show ipv6 bgp neighbors fc00::72 received-routes + + admin@sonic:~$ show ipv6 bgp neighbors fc00::72 routes + ``` + +**show route-map** + +This command displays the routing policy that takes precedence over the other route processes that are configured. + +- Usage: + ``` + show route-map + ``` + +- Example: + ``` + admin@sonic:~$ show route-map + ZEBRA: + route-map RM_SET_SRC, permit, sequence 10 + Match clauses: + Set clauses: + src 10.12.0.102 + Call clause: + Action: + Exit routemap + ZEBRA: + route-map RM_SET_SRC6, permit, sequence 10 + Match clauses: + Set clauses: + src fc00:1::102 + Call clause: + Action: + Exit routemap + BGP: + route-map FROM_BGP_SPEAKER_V4, permit, sequence 10 + Match clauses: + Set clauses: + Call clause: + Action: + Exit routemap + BGP: + route-map TO_BGP_SPEAKER_V4, deny, sequence 10 + Match clauses: + Set clauses: + Call clause: + Action: + Exit routemap + BGP: + route-map ISOLATE, permit, sequence 10 + Match clauses: + Set clauses: + as-path prepend 65000 + Call clause: + Action: + Exit routemap + ``` +Go Back To [Beginning of the document](#) or [Beginning of this section](#quagga-bgp-show-commands) + +# ZTP Configuration And Show Commands + +This section explains all the Zero Touch Provisioning commands that are supported in SONiC. + +## ZTP show commands + + +This command displays the current ZTP configuration of the switch. It also displays detailed information about current state of a ZTP session. It displays information related to all configuration sections as defined in the switch provisioning information discovered in a particular ZTP session. + +- Usage: + show ztp status + + show ztp status --verbose + +- Example: + +``` +root@B1-SP1-7712:/home/admin# show ztp status +ZTP Admin Mode : True +ZTP Service : Inactive +ZTP Status : SUCCESS +ZTP Source : dhcp-opt67 (eth0) +Runtime : 05m 31s +Timestamp : 2019-09-11 19:12:24 UTC + +ZTP Service is not running + +01-configdb-json: SUCCESS +02-connectivity-check: SUCCESS +``` +Use the verbose option to display more detailed information. + +``` +root@B1-SP1-7712:/home/admin# show ztp status --verbose +Command: ztp status --verbose +======================================== +ZTP +======================================== +ZTP Admin Mode : True +ZTP Service : Inactive +ZTP Status : SUCCESS +ZTP Source : dhcp-opt67 (eth0) +Runtime : 05m 31s +Timestamp : 2019-09-11 19:12:16 UTC +ZTP JSON Version : 1.0 + +ZTP Service is not running + +---------------------------------------- +01-configdb-json +---------------------------------------- +Status : SUCCESS +Runtime : 02m 48s +Timestamp : 2019-09-11 19:11:55 UTC +Exit Code : 0 +Ignore Result : False + +---------------------------------------- +02-connectivity-check +---------------------------------------- +Status : SUCCESS +Runtime : 04s +Timestamp : 2019-09-11 19:12:16 UTC +Exit Code : 0 +Ignore Result : False +``` + +- Description + + - **ZTP Admin Mode** - Displays if the ZTP feature is administratively enabled or disabled. Possible values are True or False. This value is configurable using "config ztp enabled" and "config ztp disable" commands. + - **ZTP Service** - Displays the ZTP service status. The following are possible values this field can display: + - *Active Discovery*: ZTP service is operational and is performing DHCP discovery to learn switch provisioning information + - *Processing*: ZTP service has discovered switch provisioning information and is processing it + - **ZTP Status** - Displays the current state and result of ZTP session. The following are possible values this field can display: + - *IN-PROGRESS*: ZTP session is currently in progress. ZTP service is processing switch provisioning information. + - *SUCCESS*: ZTP service has successfully processed the switch provisioning information. + - *FAILED*: ZTP service has failed to process the switch provisioning information. + - *Not Started*: ZTP service has not started processing the discovered switch provisioning information. + - **ZTP Source** - Displays the DHCP option and then interface name from which switch provisioning information has been discovered. + - **Runtime** - Displays the time taken for ZTP process to complete from start to finish. For individual configuration sections it indicates the time taken to process the associated configuration section. + - **Timestamp** - Displays the date/time stamp when the status field has last changed. + - **ZTP JSON Version** - Version of ZTP JSON file used for describing switch provisioning information. + - **Status** - Displays the current state and result of a configuration section. The following are possible values this field can display: + - *IN-PROGRESS*: Corresponding configuration section is currently being processed. + - *SUCCESS*: Corresponding configuration section was processed successfully. + - *FAILED*: Corresponding configuration section failed to execute successfully. + - *Not Started*: ZTP service has not started processing the corresponding configuration section. + - *DISABLED*: Corresponding configuration section has been marked as disabled and will not be processed. + - **Exit Code** - Displays the program exit code of the configuration section executed. Non-zero exit code indicates that the configuration section has failed to execute successfully. + - **Ignore Result** - If this value is True, the result of the corresponding configuration section is ignored and not used to evaluate the overall ZTP result. + - **Activity String** - In addition to above information an activity string is displayed indicating the current action being performed by the ZTP service and how much time it has been performing the mentioned activity. Below is an example. + - (04m 12s) Discovering provisioning data + +## ZTP configuration commands + +This sub-section explains the list of the configuration options available for ZTP. + + + +**config ztp enable** + +Use this command to enable ZTP administrative mode + +- Example: + +``` +root@sonic:/home/admin# config ztp enable +Running command: ztp enable +``` + + + +**config ztp disable** + +Use this command to disable ZTP administrative mode. This command can also be used to abort a current ZTP session and load the factory default switch configuration. + +- Usage: + config ztp disable + + config ztp disable -y + +- Example: + +``` +root@sonic:/home/admin# config ztp disable +Active ZTP session will be stopped and disabled, continue? [y/N]: y +Running command: ztp disable -y +``` + + +**config ztp run** + +Use this command to manually restart a new ZTP session. This command deletes the existing */etc/sonic/config_db.json* file and stats ZTP service. It also erases the previous ZTP session data. ZTP configuration is loaded on to the switch and ZTP discovery is performed. + +- Usage: + config ztp run + + config ztp run -y + +- Example: + +``` +root@sonic:/home/admin# config ztp run +ZTP will be restarted. You may lose switch data and connectivity, continue? [y/N]: y +Running command: ztp run -y +``` + +Go Back To [Beginning of the document](#SONiC-COMMAND-LINE-INTERFACE-GUIDE) or [Beginning of this section](#ztp-configuration-and-show-commands) + +# MACsec Commands + +This sub-section explains the list of the configuration options available for MACsec. MACsec feature is as a plugin to SONiC, So please install MACsec package before using MACsec commands. + +## MACsec config command + +- Add MACsec profile +``` +admin@sonic:~$ sudo config macsec profile add --help +Usage: config macsec profile add [OPTIONS] + + Add MACsec profile + +Options: + --priority For Key server election. In 0-255 range with + 0 being the highest priority. [default: + 255] + --cipher_suite The cipher suite for MACsec. [default: GCM- + AES-128] + --primary_cak Primary Connectivity Association Key. + [required] + --primary_ckn Primary CAK Name. [required] + --policy MACsec policy. INTEGRITY_ONLY: All traffic, + except EAPOL, will be converted to MACsec + packets without encryption. SECURITY: All + traffic, except EAPOL, will be encrypted by + SecY. [default: security] + --enable_replay_protect / --disable_replay_protect + Whether enable replay protect. [default: + False] + --replay_window + Replay window size that is the number of + packets that could be out of order. This + field works only if ENABLE_REPLAY_PROTECT is + true. [default: 0] + --send_sci / --no_send_sci Send SCI in SecTAG field of MACsec header. + [default: True] + --rekey_period The period of proactively refresh (Unit + second). [default: 0] + -?, -h, --help Show this message and exit. +``` + +- Delete MACsec profile +``` +admin@sonic:~$ sudo config macsec profile del --help +Usage: config macsec profile del [OPTIONS] + + Delete MACsec profile + +Options: + -?, -h, --help Show this message and exit. +``` + +- Enable MACsec on the port +``` +admin@sonic:~$ sudo config macsec port add --help +Usage: config macsec port add [OPTIONS] + + Add MACsec port + +Options: + -?, -h, --help Show this message and exit. +``` + + +- Disable MACsec on the port +``` +admin@sonic:~$ sudo config macsec port del --help +Usage: config macsec port del [OPTIONS] + + Delete MACsec port + +Options: + -?, -h, --help Show this message and exit. + +``` + + +## MACsec show command + +- Show MACsec + +``` +admin@vlab-02:~$ show macsec --help +Usage: show macsec [OPTIONS] [INTERFACE_NAME] + +Options: + -d, --display [all] Show internal interfaces [default: all] + -n, --namespace [] Namespace name or all + -h, -?, --help Show this message and exit. + +``` + +``` +admin@vlab-02:~$ show macsec +MACsec port(Ethernet0) +--------------------- ----------- +cipher_suite GCM-AES-256 +enable true +enable_encrypt true +enable_protect true +enable_replay_protect false +replay_window 0 +send_sci true +--------------------- ----------- + MACsec Egress SC (5254008f4f1c0001) + ----------- - + encoding_an 2 + ----------- - + MACsec Egress SA (1) + ------------------------------------- ---------------------------------------------------------------- + auth_key 849B69D363E2B0AA154BEBBD7C1D9487 + next_pn 1 + sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 179 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 + ------------------------------------- ---------------------------------------------------------------- + MACsec Egress SA (2) + ------------------------------------- ---------------------------------------------------------------- + auth_key 5A8B8912139551D3678B43DD0F10FFA5 + next_pn 1 + sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6 + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 87185 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 + ------------------------------------- ---------------------------------------------------------------- + MACsec Ingress SC (525400edac5b0001) + MACsec Ingress SA (1) + --------------------------------------- ---------------------------------------------------------------- + active true + auth_key 849B69D363E2B0AA154BEBBD7C1D9487 + lowest_acceptable_pn 1 + sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 103 + SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + --------------------------------------- ---------------------------------------------------------------- + MACsec Ingress SA (2) + --------------------------------------- ---------------------------------------------------------------- + active true + auth_key 5A8B8912139551D3678B43DD0F10FFA5 + lowest_acceptable_pn 1 + sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6 + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 91824 + SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + --------------------------------------- ---------------------------------------------------------------- +MACsec port(Ethernet1) +--------------------- ----------- +cipher_suite GCM-AES-256 +enable true +enable_encrypt true +enable_protect true +enable_replay_protect false +replay_window 0 +send_sci true +--------------------- ----------- + MACsec Egress SC (5254008f4f1c0001) + ----------- - + encoding_an 1 + ----------- - + MACsec Egress SA (1) + ------------------------------------- ---------------------------------------------------------------- + auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF + next_pn 1 + sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 4809 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0 + ------------------------------------- ---------------------------------------------------------------- + MACsec Ingress SC (525400edac5b0001) + MACsec Ingress SA (1) + --------------------------------------- ---------------------------------------------------------------- + active true + auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF + lowest_acceptable_pn 1 + sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B + salt 000000000000000000000000 + ssci 0 + SAI_MACSEC_SA_ATTR_CURRENT_XPN 5033 + SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0 + SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0 + SAI_MACSEC_SA_STAT_IN_PKTS_OK 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0 + SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0 + SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0 + SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0 + --------------------------------------- ---------------------------------------------------------------- +``` + +## MACsec clear command + +Clear MACsec counters which is to reset all MACsec counters to ZERO. + +``` +admin@sonic:~$ sonic-clear macsec --help +Usage: sonic-clear macsec [OPTIONS] + + Clear MACsec counts. This clear command will generated a cache for next + show commands which will base on this cache as the zero baseline to show + the increment of counters. + +Options: + --clean-cache BOOLEAN If the option of clean cache is true, next show + commands will show the raw counters which based on + the service booted instead of the last clear command. + -h, -?, --help Show this message and exit. +``` diff --git a/show/vnet.py b/show/vnet.py index 21d46af7fa..4b5674cb62 100644 --- a/show/vnet.py +++ b/show/vnet.py @@ -207,7 +207,8 @@ def all(): """Show all vnet routes""" appl_db = SonicV2Connector() appl_db.connect(appl_db.APPL_DB) - + state_db = SonicV2Connector() + state_db.connect(state_db.STATE_DB) header = ['vnet name', 'prefix', 'nexthop', 'interface'] # Fetching data from appl_db for VNET ROUTES @@ -227,7 +228,7 @@ def all(): click.echo() - header = ['vnet name', 'prefix', 'endpoint', 'mac address', 'vni'] + header = ['vnet name', 'prefix', 'endpoint', 'mac address', 'vni', 'status'] # Fetching data from appl_db for VNET TUNNEL ROUTES vnet_rt_keys = appl_db.keys(appl_db.APPL_DB, "VNET_ROUTE_TUNNEL_TABLE:*") @@ -237,10 +238,14 @@ def all(): for k in vnet_rt_keys: r = [] r.extend(k.split(":", 2)[1:]) + state_db_key = '|'.join(k.split(":",2)) val = appl_db.get_all(appl_db.APPL_DB, k) + val_state = state_db.get_all(state_db.STATE_DB, state_db_key) r.append(val.get('endpoint')) r.append(val.get('mac_address')) r.append(val.get('vni')) + if val_state: + r.append(val_state.get('state')) table.append(r) click.echo(tabulate(table, header)) diff --git a/tests/mock_tables/appl_db.json b/tests/mock_tables/appl_db.json index ab4e31282f..e72cb47a73 100644 --- a/tests/mock_tables/appl_db.json +++ b/tests/mock_tables/appl_db.json @@ -313,5 +313,17 @@ }, "TUNNEL_ROUTE_TABLE:10.3.1.1": { "alias": "Vlan1000" + }, + "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.163.191.1/32": { + "endpoint":"100.251.7.1" + }, + "VNET_ROUTE_TUNNEL_TABLE:Vnet_v6_in_v6-0:fddd:a156:a251::a6:1/128": { + "endpoint": "fddd:a100:a251::a10:1,fddd:a101:a251::a10:1" + }, + "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.162.191.1/32": { + "endpoint":"100.251.7.1" + }, + "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.164.191.1/32": { + "endpoint":"100.251.7.1" } } diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index 3465687919..beecb681fc 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -878,5 +878,17 @@ }, "SYSTEM_READY|SYSTEM_STATE": { "Status":"DOWN" + }, + "VNET_ROUTE_TUNNEL_TABLE|test_v4_in_v4-0|160.162.191.1/32": { + "active_endpoints":"100.251.7.1", + "state":"active" + }, + "VNET_ROUTE_TUNNEL_TABLE|test_v4_in_v4-0|160.163.191.1/32": { + "active_endpoints":"100.251.7.1", + "state":"active" + }, + "VNET_ROUTE_TUNNEL_TABLE|Vnet_v6_in_v6-0|fddd:a156:a251::a6:1/128": { + "active_endpoints":"fddd:a100:a251::a10:1,fddd:a101:a251::a10:1", + "state":"active" } } diff --git a/tests/show_vnet_test.py b/tests/show_vnet_test.py new file mode 100644 index 0000000000..dcb7486178 --- /dev/null +++ b/tests/show_vnet_test.py @@ -0,0 +1,29 @@ +import os +from click.testing import CliRunner +from utilities_common.db import Db +import show.main as show + +class TestShowVnetRoutesAll(object): + @classmethod + def setup_class(cls): + print("SETUP") + os.environ["UTILITIES_UNIT_TESTING"] = "1" + + def test_show_vnet_routes_all_basic(self): + runner = CliRunner() + db = Db() + + result = runner.invoke(show.cli.commands['vnet'].commands['routes'].commands['all'], [], obj=db) + assert result.exit_code == 0 + expected_output = """\ +vnet name prefix nexthop interface +----------- -------- --------- ----------- + +vnet name prefix endpoint mac address vni status +--------------- ------------------------ ------------------------------------------- ------------- ----- -------- +Vnet_v6_in_v6-0 fddd:a156:a251::a6:1/128 fddd:a100:a251::a10:1,fddd:a101:a251::a10:1 active +test_v4_in_v4-0 160.162.191.1/32 100.251.7.1 active +test_v4_in_v4-0 160.163.191.1/32 100.251.7.1 active +test_v4_in_v4-0 160.164.191.1/32 100.251.7.1 +""" + assert result.output == expected_output From 637d834ce02393012620aa3f6fc66c4b4617200d Mon Sep 17 00:00:00 2001 From: siqbal1986 Date: Thu, 15 Sep 2022 16:40:46 -0700 Subject: [PATCH 12/38] Vnet_route_check Vxlan tunnel route update. (#2281) * Squashed commit of the following: commit 78e4fe771b5ac6ec99282e6797233a17e16bd1d7 Author: siqbal1486 Date: Wed Aug 10 12:17:56 2022 -0700 Fixes suggested in review. Signed-off-by: siqbal1486 commit 757a6b00c04e1300ba8b1ef719ddb29472842167 Author: Shahzad Iqbal (SHAHZADIQBAL) Date: Tue Aug 9 12:12:33 2022 -0700 added 2 tests and fixed a bug. commit fb4d13871f9dc5792abd8da0f199e4ea0300c370 Author: Shahzad Iqbal (SHAHZADIQBAL) Date: Mon Aug 1 18:59:55 2022 -0700 changed script to account for tunnel routes. commit c2db718e1a17c08d8d5bf8639c2efd23238ae54d Author: Shahzad Iqbal (SHAHZADIQBAL) Date: Sun Jul 31 15:09:12 2022 -0700 removed accidently added spaces. commit 2b5658ddbd9d03a8d922b89bd6efe4efbf256e41 Author: Shahzad Iqbal (SHAHZADIQBAL) Date: Sun Jul 31 14:52:49 2022 -0700 Modified Vnet_route_check to ignore the Vxlan tunnel routes which use default VRF. * changes suggested in review. Fixed a bug found while testing for IpV6. * Updated a testcse to cover IPV6. Fixed a bug causing build failures. --- scripts/vnet_route_check.py | 70 ++++++++++++++++++++++++++------- tests/vnet_route_check_test.py | 72 +++++++++++++++++++++++++++++++++- 2 files changed, 127 insertions(+), 15 deletions(-) diff --git a/scripts/vnet_route_check.py b/scripts/vnet_route_check.py index db50503cd9..886875f66f 100755 --- a/scripts/vnet_route_check.py +++ b/scripts/vnet_route_check.py @@ -47,7 +47,7 @@ RC_OK = 0 RC_ERR = -1 - +default_vrf_oid = "" report_level = syslog.LOG_ERR write_to_syslog = True @@ -211,7 +211,7 @@ def get_vnet_routes_from_app_db(): vnet_routes = {} for vnet_route_db_key in vnet_routes_db_keys: - vnet_route_list = vnet_route_db_key.split(':') + vnet_route_list = vnet_route_db_key.split(':',1) vnet_name = vnet_route_list[0] vnet_route = vnet_route_list[1] @@ -219,8 +219,22 @@ def get_vnet_routes_from_app_db(): vnet_routes[vnet_name] = {} vnet_routes[vnet_name]['routes'] = [] - intf = vnet_intfs[vnet_name][0] - vnet_routes[vnet_name]['vrf_oid'] = vnet_vrfs.get(intf, 'None') + if vnet_name not in vnet_intfs: + # this route has no vnet_intf and may be part of default VRF. + vnet_table = swsscommon.Table(db, 'VNET_TABLE') + scope_value = "" + # "Vnet_v4_in_v4-0": [("vxlan_tunnel", "tunnel_v4"), ("scope", "default"), ("vni", "10000"), ("peer_list", "")] + for key,value in vnet_table.get(vnet_name)[1]: + if key == "scope": + scope_value = value + break + if scope_value == 'default': + vnet_routes[vnet_name]['vrf_oid'] = default_vrf_oid + else: + assert "Non-default VRF route present without vnet interface." + else: + intf = vnet_intfs[vnet_name][0] + vnet_routes[vnet_name]['vrf_oid'] = vnet_vrfs.get(intf, 'None') vnet_routes[vnet_name]['routes'].append(vnet_route) @@ -237,10 +251,12 @@ def get_vnet_routes_from_asic_db(): vnet_vrfs = get_vrf_entries() vnet_vrfs_oids = [vnet_vrfs[k] for k in vnet_vrfs] + vnet_vrfs_oids.append(default_vrf_oid) vnet_intfs = get_vnet_intfs() vrf_oid_to_vnet_map = {} + vrf_oid_to_vnet_map[default_vrf_oid] = 'default_VRF' for vnet_name, vnet_rifs in vnet_intfs.items(): for vnet_rif, vrf_oid in vnet_vrfs.items(): @@ -276,7 +292,22 @@ def get_vnet_routes_from_asic_db(): return vnet_routes -def get_vnet_routes_diff(routes_1, routes_2): +def check_routes_with_default_vrf(vnet_name, vnet_attrs, routes_1, routes): + for vnet_route in vnet_attrs['routes']: + ispresent = False + for vnet_name_other, vnet_attrs_other in routes_1.items(): + if vnet_route in vnet_attrs_other['routes']: + ispresent = True + if not ispresent: + if vnet_name not in routes: + routes[vnet_name] = {} + routes[vnet_name]['routes'] = [] + routes[vnet_name]['routes'].append(vnet_route) + + return + + +def get_vnet_routes_diff(routes_1, routes_2, verify_default_vrf_routes = False): ''' Returns all routes present in routes_2 dictionary but missed in routes_1 Format: { : { 'routes': [ ] } } ''' @@ -284,15 +315,21 @@ def get_vnet_routes_diff(routes_1, routes_2): routes = {} for vnet_name, vnet_attrs in routes_2.items(): - if vnet_name not in routes_1: - routes[vnet_name] = routes + if vnet_attrs['vrf_oid'] == default_vrf_oid: + if verify_default_vrf_routes: + check_routes_with_default_vrf(vnet_name, vnet_attrs, routes_1, routes) + else: + continue else: - for vnet_route in vnet_attrs['routes']: - if vnet_route not in routes_1[vnet_name]['routes']: - if vnet_name not in routes: - routes[vnet_name] = {} - routes[vnet_name]['routes'] = [] - routes[vnet_name]['routes'].append(vnet_route) + if vnet_name not in routes_1: + routes[vnet_name] = vnet_attrs['routes'].copy() + else: + for vnet_route in vnet_attrs['routes']: + if vnet_route not in routes_1[vnet_name]['routes']: + if vnet_name not in routes: + routes[vnet_name] = {} + routes[vnet_name]['routes'] = [] + routes[vnet_name]['routes'].append(vnet_route) return routes @@ -326,11 +363,16 @@ def main(): # Don't run VNET routes consistancy logic if there is no VNET configuration if not check_vnet_cfg(): return rc + asic_db = swsscommon.DBConnector('ASIC_DB', 0) + virtual_router = swsscommon.Table(asic_db, 'ASIC_STATE:SAI_OBJECT_TYPE_VIRTUAL_ROUTER') + if virtual_router.getKeys() != []: + global default_vrf_oid + default_vrf_oid = virtual_router.getKeys()[0] app_db_vnet_routes = get_vnet_routes_from_app_db() asic_db_vnet_routes = get_vnet_routes_from_asic_db() - missed_in_asic_db_routes = get_vnet_routes_diff(asic_db_vnet_routes, app_db_vnet_routes) + missed_in_asic_db_routes = get_vnet_routes_diff(asic_db_vnet_routes, app_db_vnet_routes,True) missed_in_app_db_routes = get_vnet_routes_diff(app_db_vnet_routes, asic_db_vnet_routes) missed_in_sdk_routes = get_sdk_vnet_routes_diff(asic_db_vnet_routes) diff --git a/tests/vnet_route_check_test.py b/tests/vnet_route_check_test.py index c06ea10ea3..2596b28e20 100644 --- a/tests/vnet_route_check_test.py +++ b/tests/vnet_route_check_test.py @@ -27,7 +27,7 @@ VNET_ROUTE_TABLE = "VNET_ROUTE_TABLE" INTF_TABLE = "INTF_TABLE" ASIC_STATE = "ASIC_STATE" - +VNET_ROUTE_TUNNEL_TABLE = "VNET_ROUTE_TUNNEL_TABLE" RT_ENTRY_KEY_PREFIX = 'SAI_OBJECT_TYPE_ROUTE_ENTRY:{\"dest":\"' RT_ENTRY_KEY_SUFFIX = '\",\"switch_id\":\"oid:0x21000000000000\",\"vr\":\"oid:0x3000000000d4b\"}' @@ -223,6 +223,76 @@ } } } + }, + "4": { + DESCR: "All tunnel routes are configured in both APP and ASIC DB", + ARGS: "vnet_route_check", + PRE: { + APPL_DB: { + VXLAN_TUNNEL_TABLE: { + "tunnel_v4": { "src_ip": "10.1.0.32" }, + "tunnel_v6": { "src_ip": "3001:2000::1" } + }, + VNET_TABLE: { + "Vnet_v4_in_v4-0": [("vxlan_tunnel", "tunnel_v4"), ("scope", "default"), ("vni", "10000"), ("peer_list", "")], + "Vnet_v6_in_v6-0": [("vxlan_tunnel", "tunnel_v6"), ("scope", "default"), ("vni", "10002"), ("peer_list", "")] + + }, + VNET_ROUTE_TUNNEL_TABLE: { + "Vnet_v4_in_v4-0:150.62.191.1/32" : { "endpoint" : "100.251.7.1,100.251.7.2" }, + "Vnet_v6_in_v6-0:fd01:fc00::1/128" : { "endpoint" : "fc02:1000::1,fc02:1000::2" } + + } + }, + ASIC_DB: { + "ASIC_STATE:SAI_OBJECT_TYPE_VIRTUAL_ROUTER": { + "oid:0x3000000000d4b" : { "":"" } + }, + ASIC_STATE: { + RT_ENTRY_KEY_PREFIX + "150.62.191.1/32" + RT_ENTRY_KEY_SUFFIX: {}, + RT_ENTRY_KEY_PREFIX + "fd01:fc00::1/128" + RT_ENTRY_KEY_SUFFIX: {} + } + } + }, + RESULT: { + "results": {} + } + }, + "5": { + DESCR: "Tunnel route present in APP DB but mssing in ASIC DB", + ARGS: "vnet_route_check", + RET: -1, + PRE: { + APPL_DB: { + VXLAN_TUNNEL_TABLE: { + "tunnel_v4": { "src_ip": "10.1.0.32" } + }, + VNET_TABLE: { + "Vnet_v4_in_v4-0": [("vxlan_tunnel", "tunnel_v4"), ("scope", "default"), ("vni", "10000"), ("peer_list", "")] + }, + VNET_ROUTE_TUNNEL_TABLE: { + "Vnet_v4_in_v4-0:150.62.191.1/32" : { "endpoint" : "100.251.7.1,100.251.7.2" } + } + }, + ASIC_DB: { + "ASIC_STATE:SAI_OBJECT_TYPE_VIRTUAL_ROUTER": { + "oid:0x3000000000d4b" : { "":"" } + }, + ASIC_STATE: { + } + } + }, + RESULT: { + "results": { + "missed_in_asic_db_routes": { + "Vnet_v4_in_v4-0": { + "routes": [ + "150.62.191.1/32" + ] + } + } + } + } } } From a3c404c74dcd470e6a307d3b19cd5df0cda8aa6c Mon Sep 17 00:00:00 2001 From: Stephen Sun <5379172+stephenxs@users.noreply.github.com> Date: Mon, 19 Sep 2022 14:29:26 +0800 Subject: [PATCH 13/38] Fix typo in platform_sfputil_helper.is_rj45_port (#2374) Fix typo in platform_sfputil_helper.is_rj45_port. --- utilities_common/platform_sfputil_helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities_common/platform_sfputil_helper.py b/utilities_common/platform_sfputil_helper.py index 89ade3fc04..98d3454665 100644 --- a/utilities_common/platform_sfputil_helper.py +++ b/utilities_common/platform_sfputil_helper.py @@ -133,7 +133,7 @@ def is_rj45_port(port_name): port_type = None try: - physical_port = platform_sfputil.logical_port_name_to_physical_port_list(port_name) + physical_port = platform_sfputil.get_logical_to_physical(port_name) if physical_port: port_type = platform_chassis.get_port_or_cage_type(physical_port[0]) except Exception as e: From 09026edbb17acf4e55acb9ff040a0f8a196eb3ac Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com> Date: Mon, 19 Sep 2022 09:31:00 +0300 Subject: [PATCH 14/38] [warm-reboot] fix warm-reboot when /tmp/cache is missing (#2367) - What I did Fixed issue when cache wasn't generated and warm reboot command fails. Fixes sonic-net/sonic-buildimage#11914 - How I did it Added a check for cache existence - How to verify it Run warm-reboot Signed-off-by: Stepan Blyschak --- scripts/fast-reboot | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/fast-reboot b/scripts/fast-reboot index ac96726281..d7c291bc3e 100755 --- a/scripts/fast-reboot +++ b/scripts/fast-reboot @@ -466,10 +466,13 @@ function save_counters_folder() { debug "Saving counters folder before warmboot..." counters_folder="/host/counters" + counters_cache="/tmp/cache" if [[ ! -d $counters_folder ]]; then mkdir $counters_folder fi - cp -rf /tmp/cache $counters_folder + if [[ -d $counters_cache ]]; then + cp -rf $counters_cache $counters_folder + fi fi } From 7099fffa7c85e9be291730f9acdc54f85100e2c3 Mon Sep 17 00:00:00 2001 From: Aryeh Feigin <101218333+arfeigin@users.noreply.github.com> Date: Tue, 20 Sep 2022 03:15:02 +0300 Subject: [PATCH 15/38] [fastboot] fastboot enhancement: Use warm-boot infrastructure for fast-boot (#2286) This PR should be merged together with the sonic-sairedis PR (sonic-net/sonic-sairedis#1100) and sonic-buildimage PR (sonic-net/sonic-buildimage#11594). This is done to improve fast-reboot flow by: Using warm-reboot infrastructure. Clear all routes except of default routes for faster reconciliation time. --- scripts/fast-reboot | 94 +++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 55 deletions(-) diff --git a/scripts/fast-reboot b/scripts/fast-reboot index d7c291bc3e..9491c5a2df 100755 --- a/scripts/fast-reboot +++ b/scripts/fast-reboot @@ -41,8 +41,6 @@ EXIT_FILE_SYSTEM_FULL=3 EXIT_NEXT_IMAGE_NOT_EXISTS=4 EXIT_ORCHAGENT_SHUTDOWN=10 EXIT_SYNCD_SHUTDOWN=11 -EXIT_FAST_REBOOT_DUMP_FAILURE=12 -EXIT_FILTER_FDB_ENTRIES_FAILURE=13 EXIT_COUNTERPOLL_DELAY_FAILURE=14 EXIT_DB_INTEGRITY_FAILURE=15 EXIT_NO_CONTROL_PLANE_ASSISTANT=20 @@ -130,26 +128,16 @@ function parseOptions() done } -function common_clear() +function clear_boot() { + # common_clear debug "${REBOOT_TYPE} failure ($?) cleanup ..." /sbin/kexec -u || /bin/true teardown_control_plane_assistant -} - -function clear_fast_boot() -{ - common_clear - - sonic-db-cli STATE_DB DEL "FAST_REBOOT|system" &>/dev/null || /bin/true -} - -function clear_warm_boot() -{ - common_clear + #clear_warm_boot result=$(timeout 10s config warm_restart disable; res=$?; if [[ $res == 124 ]]; then echo timeout; else echo "code ($res)"; fi) || /bin/true debug "Cancel warm-reboot: ${result}" @@ -157,6 +145,11 @@ function clear_warm_boot() if [[ -f ${WARM_DIR}/${REDIS_FILE} ]]; then mv -f ${WARM_DIR}/${REDIS_FILE} ${WARM_DIR}/${REDIS_FILE}.${TIMESTAMP} || /bin/true fi + + #clear_fast_boot + if [[ "$REBOOT_TYPE" = "fast-reboot" ]]; then + sonic-db-cli STATE_DB DEL "FAST_REBOOT|system" &>/dev/null || /bin/true + fi } function init_warm_reboot_states() @@ -164,7 +157,7 @@ function init_warm_reboot_states() # If the current running instance was booted up with warm reboot. Then # the current DB contents will likely mark warm reboot is done. # Clear these states so that the next boot up image won't get confused. - if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" ]]; then + if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" || "$REBOOT_TYPE" = "fast-reboot" ]]; then sonic-db-cli STATE_DB eval " for _, key in ipairs(redis.call('keys', 'WARM_RESTART_TABLE|*')) do redis.call('hdel', key, 'state') @@ -271,7 +264,8 @@ function backup_database() and not string.match(k, 'FG_ROUTE_TABLE|') \ and not string.match(k, 'WARM_RESTART_ENABLE_TABLE|') \ and not string.match(k, 'VXLAN_TUNNEL_TABLE|') \ - and not string.match(k, 'BUFFER_MAX_PARAM_TABLE|') then + and not string.match(k, 'BUFFER_MAX_PARAM_TABLE|') \ + and not string.match(k, 'FAST_REBOOT|') then redis.call('del', k) end end @@ -381,7 +375,7 @@ function check_docker_exec() function check_db_integrity() { - if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" ]]; then + if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" || "$REBOOT_TYPE" = "fast-reboot" ]]; then CHECK_DB_INTEGRITY=0 /usr/local/bin/check_db_integrity.py || CHECK_DB_INTEGRITY=$? if [[ CHECK_DB_INTEGRITY -ne 0 ]]; then @@ -464,7 +458,6 @@ function unload_kernel() function save_counters_folder() { if [[ "$REBOOT_TYPE" = "warm-reboot" ]]; then debug "Saving counters folder before warmboot..." - counters_folder="/host/counters" counters_cache="/tmp/cache" if [[ ! -d $counters_folder ]]; then @@ -536,9 +529,11 @@ sonic_asic_type=$(sonic-cfggen -y /etc/sonic/sonic_version.yml -v asic_type) BOOT_TYPE_ARG="cold" case "$REBOOT_TYPE" in "fast-reboot") + check_warm_restart_in_progress BOOT_TYPE_ARG=$REBOOT_TYPE - trap clear_fast_boot EXIT HUP INT QUIT TERM KILL ABRT ALRM + trap clear_boot EXIT HUP INT QUIT TERM KILL ABRT ALRM sonic-db-cli STATE_DB SET "FAST_REBOOT|system" "1" "EX" "180" &>/dev/null + config warm_restart enable system ;; "warm-reboot") check_warm_restart_in_progress @@ -551,7 +546,7 @@ case "$REBOOT_TYPE" in else BOOT_TYPE_ARG="warm" fi - trap clear_warm_boot EXIT HUP INT QUIT TERM KILL ABRT ALRM + trap clear_boot EXIT HUP INT QUIT TERM KILL ABRT ALRM config warm_restart enable system ;; *) @@ -609,34 +604,11 @@ else load_kernel fi -if [[ "$REBOOT_TYPE" = "fast-reboot" ]]; then - # Dump the ARP and FDB tables to files also as default routes for both IPv4 and IPv6 - # into /host/fast-reboot - DUMP_DIR=/host/fast-reboot - mkdir -p $DUMP_DIR - FAST_REBOOT_DUMP_RC=0 - /usr/local/bin/fast-reboot-dump.py -t $DUMP_DIR || FAST_REBOOT_DUMP_RC=$? - if [[ FAST_REBOOT_DUMP_RC -ne 0 ]]; then - error "Failed to run fast-reboot-dump.py. Exit code: $FAST_REBOOT_DUMP_RC" - unload_kernel - exit "${EXIT_FAST_REBOOT_DUMP_FAILURE}" - fi - - FILTER_FDB_ENTRIES_RC=0 - # Filter FDB entries using MAC addresses from ARP table - /usr/local/bin/filter_fdb_entries -f $DUMP_DIR/fdb.json -a $DUMP_DIR/arp.json -c $CONFIG_DB_FILE || FILTER_FDB_ENTRIES_RC=$? - if [[ FILTER_FDB_ENTRIES_RC -ne 0 ]]; then - error "Failed to filter FDb entries. Exit code: $FILTER_FDB_ENTRIES_RC" - unload_kernel - exit "${EXIT_FILTER_FDB_ENTRIES_FAILURE}" - fi -fi - init_warm_reboot_states setup_control_plane_assistant -if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" ]]; then +if [[ "$REBOOT_TYPE" = "warm-reboot" || "$REBOOT_TYPE" = "fastfast-reboot" || "$REBOOT_TYPE" = "fast-reboot" ]]; then # Freeze orchagent for warm restart # Ask orchagent_restart_check to try freeze 5 times with interval of 2 seconds, # it is possible that the orchagent is in transient state and no opportunity to freeze @@ -668,6 +640,17 @@ fi # service will go down and we cannot recover from it. set +e +if [[ "$REBOOT_TYPE" = "fast-reboot" ]]; then + # Clear all routes except of default routes for faster reconciliation time. + sonic-db-cli APPL_DB eval " + for _, k in ipairs(redis.call('keys', '*')) do + if string.match(k, 'ROUTE_TABLE:') and not string.match(k, 'ROUTE_TABLE:0.0.0.0/0') and not string.match(k, 'ROUTE_TABLE:::/0') then \ + redis.call('del', k) + end + end + " 0 > /dev/null +fi + # disable trap-handlers which were set before trap '' EXIT HUP INT QUIT TERM KILL ABRT ALRM @@ -735,18 +718,19 @@ for service in ${SERVICES_TO_STOP}; do if [[ "x$sonic_asic_type" == x"mellanox" ]]; then check_issu_bank_file fi + fi - # Warm reboot: dump state to host disk - if [[ "$REBOOT_TYPE" = "fastfast-reboot" ]]; then - sonic-db-cli ASIC_DB FLUSHDB > /dev/null - sonic-db-cli COUNTERS_DB FLUSHDB > /dev/null - sonic-db-cli FLEX_COUNTER_DB FLUSHDB > /dev/null - fi - - # TODO: backup_database preserves FDB_TABLE - # need to cleanup as well for fastfast boot case - backup_database + if [[ "$REBOOT_TYPE" = "fastfast-reboot" || "$REBOOT_TYPE" = "fast-reboot" ]]; then + # Advanced reboot: dump state to host disk + sonic-db-cli ASIC_DB FLUSHDB > /dev/null + sonic-db-cli COUNTERS_DB FLUSHDB > /dev/null + sonic-db-cli FLEX_COUNTER_DB FLUSHDB > /dev/null fi + + # TODO: backup_database preserves FDB_TABLE + # need to cleanup as well for fastfast boot case + backup_database + fi done From 322aefc379a94e8fd87a51db829e7d46cfae59e3 Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Tue, 20 Sep 2022 13:00:45 +0800 Subject: [PATCH 16/38] [GCU]Remove GCU unique lane check for duplicate lanes platforms (#2343) What I did Remove unique lane check for specific platforms to unblock GCU nightly test. How I did it Add platform check for unique lane validator How to verify it Run unit test --- generic_config_updater/gu_common.py | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/generic_config_updater/gu_common.py b/generic_config_updater/gu_common.py index 1397396b75..0cfaa73943 100644 --- a/generic_config_updater/gu_common.py +++ b/generic_config_updater/gu_common.py @@ -155,13 +155,21 @@ def validate_lanes(self, config_db): port_to_lanes_map[port] = lanes # Validate lanes are unique - existing = {} - for port in port_to_lanes_map: - lanes = port_to_lanes_map[port] - for lane in lanes: - if lane in existing: - return False, f"'{lane}' lane is used multiple times in PORT: {set([port, existing[lane]])}" - existing[lane] = port + # TODO: Move this attribute (platform with duplicated lanes in ports) to YANG models + dup_lanes_platforms = [ + 'x86_64-arista_7050cx3_32s', + 'x86_64-dellemc_s5232f_c3538-r0', + ] + metadata = config_db.get("DEVICE_METADATA", {}) + platform = metadata.get("localhost", {}).get("platform", None) + if platform not in dup_lanes_platforms: + existing = {} + for port in port_to_lanes_map: + lanes = port_to_lanes_map[port] + for lane in lanes: + if lane in existing: + return False, f"'{lane}' lane is used multiple times in PORT: {set([port, existing[lane]])}" + existing[lane] = port return True, None def validate_bgp_peer_group(self, config_db): From 0a7557bd9162eae40f5d4c4f6fbab92dbad7204b Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Tue, 20 Sep 2022 13:40:02 +0800 Subject: [PATCH 17/38] [minigraph] add option to specify golden path in load_minigraph (#2350) What I did Add an option for load_minigraph to specify golden path How I did it Add an option for load_minigraph How to verify it Unit test --- config/main.py | 16 ++++++++++++---- tests/config_test.py | 25 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/config/main.py b/config/main.py index b6290e6a45..20739fc932 100644 --- a/config/main.py +++ b/config/main.py @@ -1720,8 +1720,9 @@ def load_mgmt_config(filename): expose_value=False, prompt='Reload config from minigraph?') @click.option('-n', '--no_service_restart', default=False, is_flag=True, help='Do not restart docker services') @click.option('-t', '--traffic_shift_away', default=False, is_flag=True, help='Keep device in maintenance with TSA') +@click.option('-p', '--golden_config_path', help='The path of golden config file') @clicommon.pass_db -def load_minigraph(db, no_service_restart, traffic_shift_away): +def load_minigraph(db, no_service_restart, traffic_shift_away, golden_config_path): """Reconfigure based on minigraph.""" log.log_info("'load_minigraph' executing...") @@ -1794,13 +1795,20 @@ def load_minigraph(db, no_service_restart, traffic_shift_away): # Keep device isolated with TSA if traffic_shift_away: clicommon.run_command("TSA", display_cmd=True) - if os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): + if golden_config_path or not golden_config_path and os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): log.log_warning("Golden configuration may override System Maintenance state. Please execute TSC to check the current System mode") click.secho("[WARNING] Golden configuration may override Traffic-shift-away state. Please execute TSC to check the current System mode") # Load golden_config_db.json - if os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): - override_config_by(DEFAULT_GOLDEN_CONFIG_DB_FILE) + if golden_config_path: + if not os.path.isfile(golden_config_path): + click.secho("Cannot find '{}'!".format(golden_config_path), + fg='magenta') + raise click.Abort() + override_config_by(golden_config_path) + else: + if os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): + override_config_by(DEFAULT_GOLDEN_CONFIG_DB_FILE) # We first run "systemctl reset-failed" to remove the "failed" # status from all services before we attempt to restart them diff --git a/tests/config_test.py b/tests/config_test.py index a9f4982548..1374181f8b 100644 --- a/tests/config_test.py +++ b/tests/config_test.py @@ -430,6 +430,31 @@ def is_file_side_effect(filename): assert result.exit_code == 0 assert expected_output in result.output + def test_load_minigraph_with_non_exist_golden_config_path(self, get_cmd_module): + def is_file_side_effect(filename): + return True if 'golden_config' in filename else False + with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command, \ + mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): + (config, show) = get_cmd_module + runner = CliRunner() + result = runner.invoke(config.config.commands["load_minigraph"], ["-p", "non_exist.json", "-y"]) + assert result.exit_code != 0 + assert "Cannot find 'non_exist.json'" in result.output + + def test_load_minigraph_with_golden_config_path(self, get_cmd_module): + def is_file_side_effect(filename): + return True if 'golden_config' in filename else False + with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command, \ + mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): + (config, show) = get_cmd_module + runner = CliRunner() + result = runner.invoke(config.config.commands["load_minigraph"], ["-p", "golden_config.json", "-y"]) + print(result.exit_code) + print(result.output) + traceback.print_tb(result.exc_info[2]) + assert result.exit_code == 0 + assert "config override-config-table golden_config.json" in result.output + def test_load_minigraph_with_traffic_shift_away(self, get_cmd_module): with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command: (config, show) = get_cmd_module From 28f6820c6989f2ce454b92b6079024053dff4403 Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Wed, 21 Sep 2022 18:47:30 -0700 Subject: [PATCH 18/38] [link-local]Modify RIF check to include link-local enabled interfaces (#2394) * Modify RIF check to include interfaces with link-local mode. The existing RIF check will only work if the key is tuple which is applicable only when interface has IP address. However if the interface has IPv6 only enable the key is of type string. So in common if the interface is either IPv6 enabled or ip configured it has both string and tuple keys as illustrated below. Hence modified the if check to check directly for interface name which will match the key of type string --- tests/ipv6_link_local_test.py | 12 +++++++++++- tests/mock_tables/config_db.json | 3 +++ utilities_common/cli.py | 4 ++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/ipv6_link_local_test.py b/tests/ipv6_link_local_test.py index a01bfa726d..50b691be6b 100644 --- a/tests/ipv6_link_local_test.py +++ b/tests/ipv6_link_local_test.py @@ -30,7 +30,7 @@ +------------------+----------+ | Ethernet36 | Disabled | +------------------+----------+ -| Ethernet40 | Disabled | +| Ethernet40 | Enabled | +------------------+----------+ | Ethernet44 | Disabled | +------------------+----------+ @@ -224,6 +224,16 @@ def test_config_enable_disable_ipv6_link_local_on_all_valid_interfaces(self): assert result.exit_code == 0 assert result.output == '' + def test_vlan_member_add_on_link_local_interface(self): + runner = CliRunner() + db = Db() + obj = {'config_db':db.cfgdb, 'namespace':db.db.namespace} + + result = runner.invoke(config.config.commands["vlan"].commands["member"].commands["add"], ["4000", "Ethernet40"], obj=obj) + print(result.output) + assert result.exit_code != 0 + assert 'Error: Ethernet40 is a router interface!' in result.output + @classmethod def teardown_class(cls): os.environ['UTILITIES_UNIT_TESTING'] = "0" diff --git a/tests/mock_tables/config_db.json b/tests/mock_tables/config_db.json index fcb16e8f2d..10024eb9f6 100644 --- a/tests/mock_tables/config_db.json +++ b/tests/mock_tables/config_db.json @@ -708,6 +708,9 @@ "INTERFACE|Ethernet0|14.14.0.1/24": { "NULL": "NULL" }, + "INTERFACE|Ethernet40": { + "ipv6_use_link_local_only": "enable" + }, "DEBUG_COUNTER|DEBUG_0": { "type": "PORT_INGRESS_DROPS" }, diff --git a/utilities_common/cli.py b/utilities_common/cli.py index 6aaedcb209..163ed9bed0 100644 --- a/utilities_common/cli.py +++ b/utilities_common/cli.py @@ -294,7 +294,7 @@ def is_port_router_interface(config_db, port): interface_table = config_db.get_table('INTERFACE') for intf in interface_table: - if port == intf[0]: + if port == intf: return True return False @@ -304,7 +304,7 @@ def is_pc_router_interface(config_db, pc): pc_interface_table = config_db.get_table('PORTCHANNEL_INTERFACE') for intf in pc_interface_table: - if pc == intf[0]: + if pc == intf: return True return False From 123504a85430156af086d10caab7783575d4791a Mon Sep 17 00:00:00 2001 From: isabelmsft <67024108+isabelmsft@users.noreply.github.com> Date: Fri, 23 Sep 2022 22:30:01 -0700 Subject: [PATCH 19/38] YANG validation for ConfigDB Updates: portchannel add/remove, loopback interface, VLAN YANG validation for ConfigDB Updates: portchannel add/remove, loopback interface, VLAN --- config/main.py | 126 ++++++++----- config/validated_config_db_connector.py | 63 +++++++ config/vlan.py | 187 ++++++++++++-------- generic_config_updater/generic_updater.py | 4 +- generic_config_updater/gu_common.py | 3 + tests/config_test.py | 88 +++++++++ tests/portchannel_test.py | 48 ++++- tests/validated_config_db_connector_test.py | 30 ++++ 8 files changed, 415 insertions(+), 134 deletions(-) create mode 100644 config/validated_config_db_connector.py create mode 100644 tests/validated_config_db_connector_test.py diff --git a/config/main.py b/config/main.py index 20739fc932..fb1fcbb1cb 100644 --- a/config/main.py +++ b/config/main.py @@ -14,6 +14,7 @@ import itertools import copy +from jsonpatch import JsonPatchConflict from collections import OrderedDict from generic_config_updater.generic_updater import GenericUpdater, ConfigFormat from minigraph import parse_device_desc_xml, minigraph_encoder @@ -31,6 +32,7 @@ import utilities_common.cli as clicommon from utilities_common.helper import get_port_pbh_binding, get_port_acl_binding from utilities_common.general import load_db_config, load_module_from_source +from .validated_config_db_connector import ValidatedConfigDBConnector import utilities_common.multi_asic as multi_asic_util from .utils import log @@ -104,6 +106,7 @@ TTL_RANGE = click.IntRange(min=0, max=255) QUEUE_RANGE = click.IntRange(min=0, max=255) GRE_TYPE_RANGE = click.IntRange(min=0, max=65535) +ADHOC_VALIDATION = True # Load sonic-cfggen from source since /usr/local/bin/sonic-cfggen does not have .py extension. sonic_cfggen = load_module_from_source('sonic_cfggen', '/usr/local/bin/sonic-cfggen') @@ -2040,51 +2043,64 @@ def portchannel(db, ctx, namespace): @click.pass_context def add_portchannel(ctx, portchannel_name, min_links, fallback, fast_rate): """Add port channel""" - if is_portchannel_name_valid(portchannel_name) != True: - ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" - .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) - - db = ctx.obj['db'] - - if is_portchannel_present_in_db(db, portchannel_name): - ctx.fail("{} already exists!".format(portchannel_name)) - + fvs = { 'admin_status': 'up', 'mtu': '9100', 'lacp_key': 'auto', 'fast_rate': fast_rate.lower(), } + if min_links != 0: fvs['min_links'] = str(min_links) if fallback != 'false': fvs['fallback'] = 'true' - db.set_entry('PORTCHANNEL', portchannel_name, fvs) - + + if ADHOC_VALIDATION: + db = ctx.obj['db'] + if is_portchannel_name_valid(portchannel_name) != True: + ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" + .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) + if is_portchannel_present_in_db(db, portchannel_name): + ctx.fail("{} already exists!".format(portchannel_name)) # TODO: MISSING CONSTRAINT IN YANG MODEL + else: + db = ValidatedConfigDBConnector(ctx.obj['db']) + + try: + db.set_entry('PORTCHANNEL', portchannel_name, fvs) + except ValueError: + ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'".format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) + @portchannel.command('del') @click.argument('portchannel_name', metavar='', required=True) @click.pass_context def remove_portchannel(ctx, portchannel_name): """Remove port channel""" - if is_portchannel_name_valid(portchannel_name) != True: - ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" - .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) - - db = ctx.obj['db'] - - # Dont proceed if the port channel does not exist - if is_portchannel_present_in_db(db, portchannel_name) is False: - ctx.fail("{} is not present.".format(portchannel_name)) - - # Dont let to remove port channel if vlan membership exists - for k,v in db.get_table('VLAN_MEMBER'): - if v == portchannel_name: - ctx.fail("{} has vlan {} configured, remove vlan membership to proceed".format(portchannel_name, str(k))) - - if len([(k, v) for k, v in db.get_table('PORTCHANNEL_MEMBER') if k == portchannel_name]) != 0: - click.echo("Error: Portchannel {} contains members. Remove members before deleting Portchannel!".format(portchannel_name)) + + if ADHOC_VALIDATION: + db = ctx.obj['db'] + if is_portchannel_name_valid(portchannel_name) != True: + ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" + .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) + + # Don't proceed if the port channel does not exist + if is_portchannel_present_in_db(db, portchannel_name) is False: + ctx.fail("{} is not present.".format(portchannel_name)) + + # Dont let to remove port channel if vlan membership exists + for k,v in db.get_table('VLAN_MEMBER'): # TODO: MISSING CONSTRAINT IN YANG MODEL + if v == portchannel_name: + ctx.fail("{} has vlan {} configured, remove vlan membership to proceed".format(portchannel_name, str(k))) + + if len([(k, v) for k, v in db.get_table('PORTCHANNEL_MEMBER') if k == portchannel_name]) != 0: # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("Error: Portchannel {} contains members. Remove members before deleting Portchannel!".format(portchannel_name)) else: + db = ValidatedConfigDBConnector(ctx.obj['db']) + + try: db.set_entry('PORTCHANNEL', portchannel_name, None) + except JsonPatchConflict: + ctx.fail("{} is not present.".format(portchannel_name)) @portchannel.group(cls=clicommon.AbbreviationGroup, name='member') @click.pass_context @@ -2113,8 +2129,8 @@ def add_portchannel_member(ctx, portchannel_name, port_name): # Dont proceed if the port channel does not exist if is_portchannel_present_in_db(db, portchannel_name) is False: ctx.fail("{} is not present.".format(portchannel_name)) - - # Dont allow a port to be member of port channel if it is configured with an IP address + + # Don't allow a port to be member of port channel if it is configured with an IP address for key,value in db.get_table('INTERFACE').items(): if type(key) == tuple: continue @@ -6157,36 +6173,48 @@ def loopback(ctx, redis_unix_socket_path): @click.argument('loopback_name', metavar='', required=True) @click.pass_context def add_loopback(ctx, loopback_name): - config_db = ctx.obj['db'] - if is_loopback_name_valid(loopback_name) is False: - ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' " - .format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) - - lo_intfs = [k for k, v in config_db.get_table('LOOPBACK_INTERFACE').items() if type(k) != tuple] - if loopback_name in lo_intfs: - ctx.fail("{} already exists".format(loopback_name)) - - config_db.set_entry('LOOPBACK_INTERFACE', loopback_name, {"NULL" : "NULL"}) + if ADHOC_VALIDATION: + config_db = ctx.obj['db'] + if is_loopback_name_valid(loopback_name) is False: + ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' " + .format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) + + lo_intfs = [k for k, v in config_db.get_table('LOOPBACK_INTERFACE').items() if type(k) != tuple] + if loopback_name in lo_intfs: + ctx.fail("{} already exists".format(loopback_name)) # TODO: MISSING CONSTRAINT IN YANG VALIDATION + else: + config_db = ValidatedConfigDBConnector(ctx.obj['db']) + + try: + config_db.set_entry('LOOPBACK_INTERFACE', loopback_name, {"NULL" : "NULL"}) + except ValueError: + ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' ".format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) @loopback.command('del') @click.argument('loopback_name', metavar='', required=True) @click.pass_context def del_loopback(ctx, loopback_name): config_db = ctx.obj['db'] - if is_loopback_name_valid(loopback_name) is False: - ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' " - .format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) - lo_config_db = config_db.get_table('LOOPBACK_INTERFACE') - lo_intfs = [k for k, v in lo_config_db.items() if type(k) != tuple] - if loopback_name not in lo_intfs: - ctx.fail("{} does not exists".format(loopback_name)) + + if ADHOC_VALIDATION: + if is_loopback_name_valid(loopback_name) is False: + ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' " + .format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) + lo_intfs = [k for k, v in lo_config_db.items() if type(k) != tuple] + if loopback_name not in lo_intfs: + ctx.fail("{} does not exist".format(loopback_name)) + else: + config_db = ValidatedConfigDBConnector(ctx.obj['db']) ips = [ k[1] for k in lo_config_db if type(k) == tuple and k[0] == loopback_name ] for ip in ips: config_db.set_entry('LOOPBACK_INTERFACE', (loopback_name, ip), None) - - config_db.set_entry('LOOPBACK_INTERFACE', loopback_name, None) + + try: + config_db.set_entry('LOOPBACK_INTERFACE', loopback_name, None) + except JsonPatchConflict: + ctx.fail("{} does not exist".format(loopback_name)) @config.group(cls=clicommon.AbbreviationGroup) diff --git a/config/validated_config_db_connector.py b/config/validated_config_db_connector.py new file mode 100644 index 0000000000..b94a2df4a5 --- /dev/null +++ b/config/validated_config_db_connector.py @@ -0,0 +1,63 @@ +import jsonpatch +from jsonpointer import JsonPointer + +from sonic_py_common import device_info +from generic_config_updater.generic_updater import GenericUpdater, ConfigFormat +from generic_config_updater.gu_common import EmptyTableError, genericUpdaterLogging + +def ValidatedConfigDBConnector(config_db_connector): + yang_enabled = device_info.is_yang_config_validation_enabled(config_db_connector) + if yang_enabled: + config_db_connector.set_entry = validated_set_entry + config_db_connector.delete_table = validated_delete_table + return config_db_connector + +def make_path_value_jsonpatch_compatible(table, key, value): + if type(key) == tuple: + path = JsonPointer.from_parts([table, '|'.join(key)]).path + else: + path = JsonPointer.from_parts([table, key]).path + if value == {"NULL" : "NULL"}: + value = {} + return path, value + +def create_gcu_patch(op, table, key=None, value=None): + if key: + path, value = make_path_value_jsonpatch_compatible(table, key, value) + else: + path = "/{}".format(table) + + gcu_json_input = [] + gcu_json = {"op": "{}".format(op), + "path": "{}".format(path)} + if op == "add": + gcu_json["value"] = value + + gcu_json_input.append(gcu_json) + gcu_patch = jsonpatch.JsonPatch(gcu_json_input) + return gcu_patch + +def validated_delete_table(table): + gcu_patch = create_gcu_patch("remove", table) + format = ConfigFormat.CONFIGDB.name + config_format = ConfigFormat[format.upper()] + try: + GenericUpdater().apply_patch(patch=gcu_patch, config_format=config_format, verbose=False, dry_run=False, ignore_non_yang_tables=False, ignore_paths=None) + except ValueError as e: + logger = genericUpdaterLogging.get_logger(title="Patch Applier", print_all_to_console=True) + logger.log_notice("Unable to remove entry, as doing so will result in invalid config. Error: {}".format(e)) + +def validated_set_entry(table, key, value): + if value is not None: + op = "add" + else: + op = "remove" + + gcu_patch = create_gcu_patch(op, table, key, value) + format = ConfigFormat.CONFIGDB.name + config_format = ConfigFormat[format.upper()] + + try: + GenericUpdater().apply_patch(patch=gcu_patch, config_format=config_format, verbose=False, dry_run=False, ignore_non_yang_tables=False, ignore_paths=None) + except EmptyTableError: + validated_delete_table(table) diff --git a/config/vlan.py b/config/vlan.py index 80b4ff4984..39aeefae7c 100644 --- a/config/vlan.py +++ b/config/vlan.py @@ -1,8 +1,12 @@ import click import utilities_common.cli as clicommon +from jsonpatch import JsonPatchConflict from time import sleep from .utils import log +from .validated_config_db_connector import ValidatedConfigDBConnector + +ADHOC_VALIDATION = True # # 'vlan' group ('config vlan ...') @@ -19,19 +23,25 @@ def add_vlan(db, vid): """Add VLAN""" ctx = click.get_current_context() - - if not clicommon.is_vlanid_in_range(vid): - ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) - vlan = 'Vlan{}'.format(vid) - if vid == 1: - ctx.fail("{} is default VLAN".format(vlan)) - - if clicommon.check_if_vlanid_exist(db.cfgdb, vlan): - ctx.fail("{} already exists".format(vlan)) + if ADHOC_VALIDATION: + config_db = db.cfgdb + if not clicommon.is_vlanid_in_range(vid): + ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) - db.cfgdb.set_entry('VLAN', vlan, {'vlanid': vid}) + if vid == 1: + ctx.fail("{} is default VLAN".format(vlan)) # TODO: MISSING CONSTRAINT IN YANG MODEL + + if clicommon.check_if_vlanid_exist(db.cfgdb, vlan): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} already exists".format(vlan)) + else: + config_db = ValidatedConfigDBConnector(db.cfgdb) + + try: + config_db.set_entry('VLAN', vlan, {'vlanid': str(vid)}) + except ValueError: + ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) @vlan.command('del') @click.argument('vid', metavar='', required=True, type=int) @@ -42,26 +52,33 @@ def del_vlan(db, vid): log.log_info("'vlan del {}' executing...".format(vid)) ctx = click.get_current_context() + vlan = 'Vlan{}'.format(vid) - if not clicommon.is_vlanid_in_range(vid): - ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) + if ADHOC_VALIDATION: + config_db = db.cfgdb + if not clicommon.is_vlanid_in_range(vid): + ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) - vlan = 'Vlan{}'.format(vid) - if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: - ctx.fail("{} does not exist".format(vlan)) + if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: + ctx.fail("{} does not exist".format(vlan)) - intf_table = db.cfgdb.get_table('VLAN_INTERFACE') - for intf_key in intf_table: - if ((type(intf_key) is str and intf_key == 'Vlan{}'.format(vid)) or - (type(intf_key) is tuple and intf_key[0] == 'Vlan{}'.format(vid))): - ctx.fail("{} can not be removed. First remove IP addresses assigned to this VLAN".format(vlan)) + intf_table = db.cfgdb.get_table('VLAN_INTERFACE') + for intf_key in intf_table: + if ((type(intf_key) is str and intf_key == 'Vlan{}'.format(vid)) or # TODO: MISSING CONSTRAINT IN YANG MODEL + (type(intf_key) is tuple and intf_key[0] == 'Vlan{}'.format(vid))): + ctx.fail("{} can not be removed. First remove IP addresses assigned to this VLAN".format(vlan)) - keys = [ (k, v) for k, v in db.cfgdb.get_table('VLAN_MEMBER') if k == 'Vlan{}'.format(vid) ] + keys = [ (k, v) for k, v in db.cfgdb.get_table('VLAN_MEMBER') if k == 'Vlan{}'.format(vid) ] - if keys: - ctx.fail("VLAN ID {} can not be removed. First remove all members assigned to this VLAN.".format(vid)) - - db.cfgdb.set_entry('VLAN', 'Vlan{}'.format(vid), None) + if keys: # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("VLAN ID {} can not be removed. First remove all members assigned to this VLAN.".format(vid)) + else: + config_db = ValidatedConfigDBConnector(db.cfgdb) + + try: + config_db.set_entry('VLAN', 'Vlan{}'.format(vid), None) + except JsonPatchConflict: + ctx.fail("{} does not exist".format(vlan)) def restart_ndppd(): verify_swss_running_cmd = "docker container inspect -f '{{.State.Status}}' swss" @@ -118,46 +135,54 @@ def add_vlan_member(db, vid, port, untagged): log.log_info("'vlan member add {} {}' executing...".format(vid, port)) - if not clicommon.is_vlanid_in_range(vid): - ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) - vlan = 'Vlan{}'.format(vid) - if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: - ctx.fail("{} does not exist".format(vlan)) - - if clicommon.get_interface_naming_mode() == "alias": - alias = port - iface_alias_converter = clicommon.InterfaceAliasConverter(db) - port = iface_alias_converter.alias_to_name(alias) - if port is None: - ctx.fail("cannot find port name for alias {}".format(alias)) - - if clicommon.is_port_mirror_dst_port(db.cfgdb, port): - ctx.fail("{} is configured as mirror destination port".format(port)) - - if clicommon.is_port_vlan_member(db.cfgdb, port, vlan): - ctx.fail("{} is already a member of {}".format(port, vlan)) - - if clicommon.is_valid_port(db.cfgdb, port): - is_port = True - elif clicommon.is_valid_portchannel(db.cfgdb, port): - is_port = False - else: - ctx.fail("{} does not exist".format(port)) - - if (is_port and clicommon.is_port_router_interface(db.cfgdb, port)) or \ - (not is_port and clicommon.is_pc_router_interface(db.cfgdb, port)): - ctx.fail("{} is a router interface!".format(port)) + + if ADHOC_VALIDATION: + config_db = db.cfgdb + if not clicommon.is_vlanid_in_range(vid): + ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) + + if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: + ctx.fail("{} does not exist".format(vlan)) + + if clicommon.get_interface_naming_mode() == "alias": # TODO: MISSING CONSTRAINT IN YANG MODEL + alias = port + iface_alias_converter = clicommon.InterfaceAliasConverter(db) + port = iface_alias_converter.alias_to_name(alias) + if port is None: + ctx.fail("cannot find port name for alias {}".format(alias)) + + if clicommon.is_port_mirror_dst_port(db.cfgdb, port): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is configured as mirror destination port".format(port)) + + if clicommon.is_port_vlan_member(db.cfgdb, port, vlan): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is already a member of {}".format(port, vlan)) + + if clicommon.is_valid_port(db.cfgdb, port): + is_port = True + elif clicommon.is_valid_portchannel(db.cfgdb, port): + is_port = False + else: + ctx.fail("{} does not exist".format(port)) + + if (is_port and clicommon.is_port_router_interface(db.cfgdb, port)) or \ + (not is_port and clicommon.is_pc_router_interface(db.cfgdb, port)): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is a router interface!".format(port)) - portchannel_member_table = db.cfgdb.get_table('PORTCHANNEL_MEMBER') + portchannel_member_table = db.cfgdb.get_table('PORTCHANNEL_MEMBER') - if (is_port and clicommon.interface_is_in_portchannel(portchannel_member_table, port)): - ctx.fail("{} is part of portchannel!".format(port)) + if (is_port and clicommon.interface_is_in_portchannel(portchannel_member_table, port)): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is part of portchannel!".format(port)) - if (clicommon.interface_is_untagged_member(db.cfgdb, port) and untagged): - ctx.fail("{} is already untagged member!".format(port)) + if (clicommon.interface_is_untagged_member(db.cfgdb, port) and untagged): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is already untagged member!".format(port)) + else: + config_db = ValidatedConfigDBConnector(db.cfgdb) - db.cfgdb.set_entry('VLAN_MEMBER', (vlan, port), {'tagging_mode': "untagged" if untagged else "tagged" }) + try: + config_db.set_entry('VLAN_MEMBER', (vlan, port), {'tagging_mode': "untagged" if untagged else "tagged" }) + except ValueError: + ctx.fail("{} invalid or does not exist, or {} invalid or does not exist".format(vlan, port)) @vlan_member.command('del') @click.argument('vid', metavar='', required=True, type=int) @@ -167,25 +192,31 @@ def del_vlan_member(db, vid, port): """Delete VLAN member""" ctx = click.get_current_context() - log.log_info("'vlan member del {} {}' executing...".format(vid, port)) - - if not clicommon.is_vlanid_in_range(vid): - ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) - vlan = 'Vlan{}'.format(vid) - if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: - ctx.fail("{} does not exist".format(vlan)) - - if clicommon.get_interface_naming_mode() == "alias": - alias = port - iface_alias_converter = clicommon.InterfaceAliasConverter(db) - port = iface_alias_converter.alias_to_name(alias) - if port is None: - ctx.fail("cannot find port name for alias {}".format(alias)) - - if not clicommon.is_port_vlan_member(db.cfgdb, port, vlan): - ctx.fail("{} is not a member of {}".format(port, vlan)) + + if ADHOC_VALIDATION: + config_db = db.cfgdb + if not clicommon.is_vlanid_in_range(vid): + ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) + + if clicommon.check_if_vlanid_exist(db.cfgdb, vlan) == False: + ctx.fail("{} does not exist".format(vlan)) + + if clicommon.get_interface_naming_mode() == "alias": # TODO: MISSING CONSTRAINT IN YANG MODEL + alias = port + iface_alias_converter = clicommon.InterfaceAliasConverter(db) + port = iface_alias_converter.alias_to_name(alias) + if port is None: + ctx.fail("cannot find port name for alias {}".format(alias)) + + if not clicommon.is_port_vlan_member(db.cfgdb, port, vlan): # TODO: MISSING CONSTRAINT IN YANG MODEL + ctx.fail("{} is not a member of {}".format(port, vlan)) + else: + config_db = ValidatedConfigDBConnector(db.cfgdb) - db.cfgdb.set_entry('VLAN_MEMBER', (vlan, port), None) + try: + config_db.set_entry('VLAN_MEMBER', (vlan, port), None) + except JsonPatchConflict: + ctx.fail("{} invalid or does not exist, or {} is not a member of {}".format(vlan, port, vlan)) diff --git a/generic_config_updater/generic_updater.py b/generic_config_updater/generic_updater.py index 56297039aa..be2ddb0091 100644 --- a/generic_config_updater/generic_updater.py +++ b/generic_config_updater/generic_updater.py @@ -1,7 +1,7 @@ import json import os from enum import Enum -from .gu_common import GenericConfigUpdaterError, ConfigWrapper, \ +from .gu_common import GenericConfigUpdaterError, EmptyTableError, ConfigWrapper, \ DryRunConfigWrapper, PatchWrapper, genericUpdaterLogging from .patch_sorter import StrictPatchSorter, NonStrictPatchSorter, ConfigSplitter, \ TablesWithoutYangConfigSplitter, IgnorePathsFromYangConfigSplitter @@ -54,7 +54,7 @@ def apply(self, patch): empty_tables = self.config_wrapper.get_empty_tables(target_config) if empty_tables: # if there are empty tables empty_tables_txt = ", ".join(empty_tables) - raise ValueError("Given patch is not valid because it will result in empty tables " \ + raise EmptyTableError("Given patch is not valid because it will result in empty tables " \ "which is not allowed in ConfigDb. " \ f"Table{'s' if len(empty_tables) != 1 else ''}: {empty_tables_txt}") diff --git a/generic_config_updater/gu_common.py b/generic_config_updater/gu_common.py index 0cfaa73943..22e8d820d8 100644 --- a/generic_config_updater/gu_common.py +++ b/generic_config_updater/gu_common.py @@ -16,6 +16,9 @@ class GenericConfigUpdaterError(Exception): pass +class EmptyTableError(ValueError): + pass + class JsonChange: """ A class that describes a partial change to a JSON object. diff --git a/tests/config_test.py b/tests/config_test.py index 1374181f8b..4ac30632fd 100644 --- a/tests/config_test.py +++ b/tests/config_test.py @@ -15,10 +15,12 @@ from sonic_py_common import device_info from utilities_common.db import Db from utilities_common.general import load_module_from_source +from mock import patch from generic_config_updater.generic_updater import ConfigFormat import config.main as config +import config.validated_config_db_connector as validated_config_db_connector # Add Test, module and script path. test_path = os.path.dirname(os.path.abspath(__file__)) @@ -1639,3 +1641,89 @@ def test_hostname_add(self, db_conn_patch, get_cmd_module): @classmethod def teardown_class(cls): print("TEARDOWN") + + +class TestConfigLoopback(object): + @classmethod + def setup_class(cls): + print("SETUP") + import config.main + importlib.reload(config.main) + + @patch("validated_config_db_connector.device_info.is_yang_config_validation_enabled", mock.Mock(return_value=True)) + @patch("config.validated_config_db_connector.validated_set_entry", mock.Mock(side_effect=ValueError)) + def test_add_loopback_with_invalid_name_yang_validation(self): + config.ADHOC_VALIDATION = False + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["add"], ["Loopbax1"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Error: Loopbax1 is invalid, name should have prefix 'Loopback' and suffix '<0-999>'" in result.output + + def test_add_loopback_with_invalid_name_adhoc_validation(self): + config.ADHOC_VALIDATION = True + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["add"], ["Loopbax1"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Error: Loopbax1 is invalid, name should have prefix 'Loopback' and suffix '<0-999>'" in result.output + + def test_del_nonexistent_loopback_adhoc_validation(self): + config.ADHOC_VALIDATION = True + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["del"], ["Loopback12"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Loopback12 does not exist" in result.output + + def test_del_nonexistent_loopback_adhoc_validation(self): + config.ADHOC_VALIDATION = True + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["del"], ["Loopbax1"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Loopbax1 is invalid, name should have prefix 'Loopback' and suffix '<0-999>'" in result.output + + @patch("config.validated_config_db_connector.validated_set_entry", mock.Mock(return_value=True)) + @patch("validated_config_db_connector.device_info.is_yang_config_validation_enabled", mock.Mock(return_value=True)) + def test_add_loopback_yang_validation(self): + config.ADHOC_VALIDATION = False + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["add"], ["Loopback12"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + + def test_add_loopback_adhoc_validation(self): + config.ADHOC_VALIDATION = True + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["loopback"].commands["add"], ["Loopback12"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + + @classmethod + def teardown_class(cls): + print("TEARDOWN") diff --git a/tests/portchannel_test.py b/tests/portchannel_test.py index bd30c73649..b35b93d552 100644 --- a/tests/portchannel_test.py +++ b/tests/portchannel_test.py @@ -1,12 +1,16 @@ import os import pytest import traceback +import mock from click.testing import CliRunner +from jsonpatch import JsonPatchConflict import config.main as config +import config.validated_config_db_connector as validated_config_db_connector import show.main as show from utilities_common.db import Db +from mock import patch class TestPortChannel(object): @classmethod @@ -14,7 +18,23 @@ def setup_class(cls): os.environ['UTILITIES_UNIT_TESTING'] = "1" print("SETUP") - def test_add_portchannel_with_invalid_name(self): + @patch("config.main.is_portchannel_present_in_db", mock.Mock(return_value=False)) + @patch("config.validated_config_db_connector.validated_set_entry", mock.Mock(side_effect=ValueError)) + @patch("validated_config_db_connector.device_info.is_yang_config_validation_enabled", mock.Mock(return_value=True)) + def test_add_portchannel_with_invalid_name_yang_validation(self): + config.ADHOC_VALIDATION = False + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + result = runner.invoke(config.config.commands["portchannel"].commands["add"], ["PortChan005"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Error: PortChan005 is invalid!, name should have prefix 'PortChannel' and suffix '<0-9999>'" in result.output + + def test_add_portchannel_with_invalid_name_adhoc_validation(self): + config.ADHOC_VALIDATION = True runner = CliRunner() db = Db() obj = {'db':db.cfgdb} @@ -26,7 +46,23 @@ def test_add_portchannel_with_invalid_name(self): assert result.exit_code != 0 assert "Error: PortChan005 is invalid!, name should have prefix 'PortChannel' and suffix '<0-9999>'" in result.output - def test_delete_portchannel_with_invalid_name(self): + @patch("config.validated_config_db_connector.validated_set_entry", mock.Mock(side_effect=JsonPatchConflict)) + @patch("validated_config_db_connector.device_info.is_yang_config_validation_enabled", mock.Mock(return_value=True)) + def test_delete_nonexistent_portchannel_yang_validation(self): + config.ADHOC_VALIDATION = False + runner = CliRunner() + db = Db() + obj = {'db':db.cfgdb} + + # delete a portchannel with invalid name + result = runner.invoke(config.config.commands["portchannel"].commands["del"], ["PortChan005"], obj=obj) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "PortChan005 is not present" in result.output + + def test_delete_portchannel_with_invalid_name_adhoc_validation(self): + config.ADHOC_VALIDATION = True runner = CliRunner() db = Db() obj = {'db':db.cfgdb} @@ -50,7 +86,8 @@ def test_add_existing_portchannel_again(self): assert result.exit_code != 0 assert "Error: PortChannel0001 already exists!" in result.output - def test_delete_non_existing_portchannel(self): + def test_delete_non_existing_portchannel_adhoc_validation(self): + config.ADHOC_VALIDATION = True runner = CliRunner() db = Db() obj = {'db':db.cfgdb} @@ -63,7 +100,8 @@ def test_delete_non_existing_portchannel(self): assert "Error: PortChannel0005 is not present." in result.output @pytest.mark.parametrize("fast_rate", ["False", "True", "false", "true"]) - def test_add_portchannel_with_fast_rate(self, fast_rate): + def test_add_portchannel_with_fast_rate_adhoc_validation(self, fast_rate): + config.ADHOC_VALIDATION = True runner = CliRunner() db = Db() obj = {'db':db.cfgdb} @@ -79,7 +117,7 @@ def test_add_portchannel_with_invalid_fast_rate(self, fast_rate): runner = CliRunner() db = Db() obj = {'db':db.cfgdb} - + # add a portchannel with invalid fats rate result = runner.invoke(config.config.commands["portchannel"].commands["add"], ["PortChannel0005", "--fast-rate", fast_rate], obj=obj) print(result.exit_code) diff --git a/tests/validated_config_db_connector_test.py b/tests/validated_config_db_connector_test.py new file mode 100644 index 0000000000..48d559cd9a --- /dev/null +++ b/tests/validated_config_db_connector_test.py @@ -0,0 +1,30 @@ +import imp +import os +import mock + +imp.load_source('validated_config_db_connector', \ + os.path.join(os.path.dirname(__file__), '..', 'config', 'validated_config_db_connector.py')) +import validated_config_db_connector + +from unittest import TestCase +from mock import patch +from generic_config_updater.gu_common import EmptyTableError +from utilities_common.db import Db + +SAMPLE_TABLE = 'VLAN' +SAMPLE_KEY = 'Vlan1000' +SAMPLE_VALUE_EMPTY = None + + +class TestValidatedConfigDBConnector(TestCase): + ''' + + Test Class for validated_config_db_connector.py + + ''' + def test_validated_config_db_connector_empty_table(self): + mock_generic_updater = mock.Mock() + mock_generic_updater.apply_patch = mock.Mock(side_effect=EmptyTableError) + with mock.patch('validated_config_db_connector.GenericUpdater', return_value=mock_generic_updater): + remove_entry_success = validated_config_db_connector.validated_set_entry(SAMPLE_TABLE, SAMPLE_KEY, SAMPLE_VALUE_EMPTY) + assert not remove_entry_success From b31681b43278a62b36381477ce42f752f48b5feb Mon Sep 17 00:00:00 2001 From: pettershao-ragilenetworks <81281940+pettershao-ragilenetworks@users.noreply.github.com> Date: Tue, 27 Sep 2022 01:47:07 +0800 Subject: [PATCH 20/38] Fix display disorder problem of show vrf (#2392) *Fix display disorder problem of show vrf --- show/main.py | 1 + tests/show_vrf_test.py | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/show/main.py b/show/main.py index 9c07d92080..0fce8037ea 100755 --- a/show/main.py +++ b/show/main.py @@ -325,6 +325,7 @@ def vrf(vrf_name): vrfs = [vrf_name] for vrf in vrfs: intfs = get_interface_bind_to_vrf(config_db, vrf) + intfs = natsorted(intfs) if len(intfs) == 0: body.append([vrf, ""]) else: diff --git a/tests/show_vrf_test.py b/tests/show_vrf_test.py index 269a968477..1b057b5c4e 100644 --- a/tests/show_vrf_test.py +++ b/tests/show_vrf_test.py @@ -27,9 +27,9 @@ def test_vrf_show(self): ------ --------------- Vrf1 Vrf101 Ethernet0.10 -Vrf102 PortChannel0002 +Vrf102 Eth36.10 + PortChannel0002 Vlan40 - Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 @@ -51,9 +51,9 @@ def test_vrf_bind_unbind(self): ------ --------------- Vrf1 Vrf101 Ethernet0.10 -Vrf102 PortChannel0002 +Vrf102 Eth36.10 + PortChannel0002 Vlan40 - Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 @@ -112,9 +112,9 @@ def test_vrf_bind_unbind(self): ------ --------------- Vrf1 Vrf101 Ethernet0.10 -Vrf102 PortChannel0002 +Vrf102 Eth36.10 + PortChannel0002 Vlan40 - Eth36.10 Vrf103 Ethernet4 Loopback0 Po0002.101 From bdc4a8a60c095a98709d115a6b6579e273993df8 Mon Sep 17 00:00:00 2001 From: Hamna Rauf <77397009+hamnarauf@users.noreply.github.com> Date: Tue, 27 Sep 2022 10:17:43 +0500 Subject: [PATCH 21/38] Fix broken pipeline build URL (#2363) The URL returned HTTP Error Code 404 (Not Found). --- README.md | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 46b7af71f1..f63b0832a2 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,16 @@ -[![Total alerts](https://img.shields.io/lgtm/alerts/g/Azure/sonic-utilities.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Azure/sonic-utilities/alerts/) -[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/Azure/sonic-utilities.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Azure/sonic-utilities/context:python) +*static analysis:* + +[![Total alerts](https://img.shields.io/lgtm/alerts/g/sonic-net/sonic-utilities.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/sonic-net/sonic-utilities/alerts/) +[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/sonic-net/sonic-utilities.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/sonic-net/sonic-utilities/context:python) + +*sonic-utilities builds:* + +[![master build](https://dev.azure.com/mssonic/build/_apis/build/status/Azure.sonic-utilities?branchName=master&label=master)](https://dev.azure.com/mssonic/build/_build/latest?definitionId=55&branchName=master) + +[![202205 build](https://dev.azure.com/mssonic/build/_apis/build/status/Azure.sonic-utilities?branchName=202205&label=202205)](https://dev.azure.com/mssonic/build/_build/latest?definitionId=55&branchName=202205) + +[![202012 build](https://dev.azure.com/mssonic/build/_apis/build/status/Azure.sonic-utilities?branchName=202012&label=202012)](https://dev.azure.com/mssonic/build/_build/latest?definitionId=55&branchName=202012) -[![Build](https://sonic-jenkins.westus2.cloudapp.azure.com/job/common/job/sonic-utilities-build/badge/icon)](https://sonic-jenkins.westus2.cloudapp.azure.com/job/common/job/sonic-utilities-build/) # SONiC: Software for Open Networking in the Cloud @@ -33,7 +42,7 @@ Currently, this list of dependencies is as follows: - python-swsscommon_1.0.0_amd64.deb -A convenient alternative is to let the SONiC build system configure a build enviroment for you. This can be done by cloning the [sonic-buildimage](https://github.com/Azure/sonic-buildimage) repo, building the sonic-utilities package inside the Debian Buster slave container, and staying inside the container once the build finishes. During the build process, the SONiC build system will build and install all the necessary dependencies inside the container. After following the instructions to clone and initialize the sonic-buildimage repo, this can be done as follows: +A convenient alternative is to let the SONiC build system configure a build enviroment for you. This can be done by cloning the [sonic-buildimage](https://github.com/sonic-net/sonic-buildimage) repo, building the sonic-utilities package inside the Debian Buster slave container, and staying inside the container once the build finishes. During the build process, the SONiC build system will build and install all the necessary dependencies inside the container. After following the instructions to clone and initialize the sonic-buildimage repo, this can be done as follows: 1. Configure the build environment for an ASIC type (any type will do, here we use `generic`) ``` @@ -71,13 +80,15 @@ A Debian package, containing data files needed by the utilities (bash_completion #### To build -Instructions for building the sonic-utilities-data package can be found in [sonic-utilities-data/README.md](https://github.com/Azure/sonic-utilities/blob/master/sonic-utilities-data/README.md) +Instructions for building the sonic-utilities-data package can be found in [sonic-utilities-data/README.md](https://github.com/sonic-net/sonic-utilities/blob/master/sonic-utilities-data/README.md) --- ## Contribution guide -All contributors must sign a contribution license agreement (CLA) before contributions can be accepted. This process is now automated via a GitHub bot when submitting new pull request. If the contributor has not yet signed a CLA, the bot will create a comment on the pull request containing a link to electronically sign the CLA. +Please read the [contributor guide](https://github.com/sonic-net/SONiC/wiki/Becoming-a-contributor) for more details on how to contribute. + +All contributors must sign an [Individual Contributor License Agreement (ICLA)](https://docs.linuxfoundation.org/lfx/easycla/v2-current/contributors/individual-contributor) before contributions can be accepted. This process is now automated via a GitHub bot when submitting new pull request. If the contributor has not yet signed a CLA, the bot will create a comment on the pull request containing a link to electronically sign the CLA. ### GitHub Workflow From dd6210fcc09921633b977eb04dad101eb6b0a3af Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 28 Sep 2022 01:14:28 -0700 Subject: [PATCH 22/38] [Vxlanmgrd] [CPA] Update the vxlan_tunnel name len to be under IFNAMIZ to overcome netdev creation failure (#2398) - Why I did Fixes sonic-net/sonic-buildimage#10466 - How I did it vxlan_tunnel_name has to be less than IFNAMSIZ ie. (16) for the netdev creation to succeed Signed-off-by: Vivek Reddy Karri --- scripts/neighbor_advertiser | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/neighbor_advertiser b/scripts/neighbor_advertiser index 131c172165..f8a119ab05 100644 --- a/scripts/neighbor_advertiser +++ b/scripts/neighbor_advertiser @@ -43,7 +43,7 @@ MIRROR_ACL_TABLE_NAME = 'EVERFLOW' MIRROR_ACL_TABLEV6_NAME = 'EVERFLOWV6' MIRROR_ACL_RULE_NAME = 'rule_arp' MIRROR_ACL_RULEV6_NAME = 'rule_nd' -VXLAN_TUNNEL_NAME = 'neighbor_advertiser' +VXLAN_TUNNEL_NAME = 'neigh_adv' VXLAN_TUNNEL_MAP_PREFIX = 'map_' From 4a783745ffa1596400755daea35c4aa018a6afa3 Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com> Date: Wed, 28 Sep 2022 21:06:55 +0300 Subject: [PATCH 23/38] [doc] update "config feature" section with "--block" option (#2409) - What I did Updated "config feature" section with "--block" option - How I did it Added missing documentation on "config feature" command Signed-off-by: Stepan Blyschak --- doc/Command-Reference.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/Command-Reference.md b/doc/Command-Reference.md index 5f188e7a78..cd5dc19452 100644 --- a/doc/Command-Reference.md +++ b/doc/Command-Reference.md @@ -3131,6 +3131,13 @@ This command will configure the state for a specific feature. admin@sonic:~$ sudo config feature state bgp disabled ``` +To make the command wait until the corresponding feature container stops(starts) use ```--block``` options: + +- Usage: + ``` + admin@sonic:~$ config feature state bgp enabled --block + ``` + **config feature autorestart ** This command will configure the status of auto-restart for a specific feature container. From 6bef652600fa1d1f8f75c92d8fd385dce89fad58 Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com> Date: Wed, 28 Sep 2022 21:09:30 +0300 Subject: [PATCH 24/38] [doc] add documentation on automatic techsupport based on memory (#2411) - What I did Added documentation on automatic techsupport based on memory availability - How I did it Update documentation Signed-off-by: Stepan Blyschak --- doc/Command-Reference.md | 69 +++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 18 deletions(-) diff --git a/doc/Command-Reference.md b/doc/Command-Reference.md index cd5dc19452..e6d0a554bc 100644 --- a/doc/Command-Reference.md +++ b/doc/Command-Reference.md @@ -10487,7 +10487,8 @@ In SONiC, there usually exists a set of tables related/relevant to a particular ### Event Driven Techsupport Invocation -This feature/capability makes the techsupport invocation event-driven based on core dump generation. This feature is only applicable for the processes running in the containers. More detailed explanation can be found in the HLD https://github.com/Azure/SONiC/blob/master/doc/auto_techsupport_and_coredump_mgmt.md +This feature/capability makes the techsupport invocation event-driven based on system events like core dump generation or low RAM availability. +This feature is only applicable for the processes running in the containers. More detailed explanation can be found in the HLD https://github.com/Azure/SONiC/blob/master/doc/auto_techsupport_and_coredump_mgmt.md #### config auto-techsupport global commands @@ -10559,6 +10560,35 @@ This feature/capability makes the techsupport invocation event-driven based on c config auto-techsupport global since ``` +**config auto-techsupport global available-mem-threshold** + +Configure available memory threshold in %. System will automatically generate a techsupport dump when available memory goes below the configured threshold. Setting this field to 0 will disable techsupport invokation. + +- Usage: + ``` + config auto-techsupport global available-mem-threshold + ``` + - Parameters: + - available-mem-threshold: Memory threshold. Configure 0 to disable techsupport invocation on memory usage threshold crossing +- Example: + ``` + config auto-techsupport global available-mem-threshold 20 + ``` + +**config auto-techsupport global min-available-mem** + +Configure minimum available memory in MB. System will automatically generate a techsupport dump when available memory goes below the configured threshold. + +- Usage: + ``` + config auto-techsupport global min-available-mem + ``` + - Parameters: + - min-available-mem: Minimum free memory amount in MB to trigger techsupport dump +- Example: + ``` + config auto-techsupport global min-available-mem 200 + ``` #### config auto-techsupport-feature commands @@ -10566,15 +10596,16 @@ This feature/capability makes the techsupport invocation event-driven based on c - Usage: ``` - config auto-techsupport-feature add --state --rate-limit-interval + config auto-techsupport-feature add --state --rate-limit-interval --available-mem-threshold ``` - Parameters: - state: enable/disable the capability for the specific feature/container. - rate-limit-interval: Rate limit interval for the corresponding feature. Configure 0 to explicitly disable. For the techsupport to be generated by auto-techsupport, both the global and feature specific rate-limit-interval has to be passed + - available-mem-threshold: Memory threshold. Configure 0 to disable techsupport invocation on memory usage threshold crossing. - Example: ``` - config auto-techsupport-feature add bgp --state enabled --rate-limit-interval 200 + config auto-techsupport-feature add bgp --state enabled --rate-limit-interval 200 --available-mem-threshold 50 ``` @@ -10596,6 +10627,7 @@ This feature/capability makes the techsupport invocation event-driven based on c ``` config auto-techsupport-feature update --state config auto-techsupport-feature update --rate-limit-interval + config auto-techsupport-feature update --available-mem-threshold ``` - Example: @@ -10616,9 +10648,9 @@ This feature/capability makes the techsupport invocation event-driven based on c - Example: ``` admin@sonic:~$ show auto-techsupport global - STATE RATE LIMIT INTERVAL (sec) MAX TECHSUPPORT LIMIT (%) MAX CORE LIMIT (%) SINCE - ------- --------------------------- -------------------------- ------------------ ---------- - enabled 180 10.0 5.0 2 days ago + STATE RATE LIMIT INTERVAL (sec) MAX TECHSUPPORT LIMIT (%) MAX CORE LIMIT (%) AVAILABLE MEM THRESHOLD (%) MIN AVAILABLE MEM (Kb) SINCE + ------- --------------------------- --------------------------- -------------------- ----------------------------- ------------------------ ------------ + enabled 180 10 5 10 200 2 days ago ``` **show auto-techsupport-feature** @@ -10631,13 +10663,13 @@ This feature/capability makes the techsupport invocation event-driven based on c - Example: ``` admin@sonic:~$ show auto-techsupport-feature - FEATURE NAME STATE RATE LIMIT INTERVAL (sec) - -------------- -------- -------------------------- - bgp enabled 600 - database enabled 600 - dhcp_relay enabled 600 - lldp enabled 600 - swss disabled 800 + FEATURE NAME STATE RATE LIMIT INTERVAL (sec) AVAILABLE MEM THRESHOLD (%) + -------------- -------- -------------------------- ------------------------------ + bgp enabled 600 10 + database enabled 600 10 + dhcp_relay enabled 600 10 + lldp enabled 600 10 + swss disabled 800 10 ``` **show auto-techsupport history** @@ -10650,11 +10682,12 @@ This feature/capability makes the techsupport invocation event-driven based on c - Example: ``` admin@sonic:~$ show auto-techsupport history - TECHSUPPORT DUMP TRIGGERED BY CORE DUMP - ---------------------------------------- -------------- ----------------------------- - sonic_dump_r-lionfish-16_20210901_221402 bgp bgpcfgd.1630534439.55.core.gz - sonic_dump_r-lionfish-16_20210901_203725 snmp python3.1630528642.23.core.gz - sonic_dump_r-lionfish-16_20210901_222408 teamd python3.1630535045.34.core.gz + TECHSUPPORT DUMP TRIGGERED BY EVENT TYPE CORE DUMP + ---------------------------------------- -------------- -------------- ----------------------------- + sonic_dump_r-lionfish-16_20210901_221402 bgp core bgpcfgd.1630534439.55.core.gz + sonic_dump_r-lionfish-16_20210901_203725 snmp core python3.1630528642.23.core.gz + sonic_dump_r-lionfish-16_20210901_222408 teamd core python3.1630535045.34.core.gz + sonic_dump_r-lionfish-16_20210901_222511 N/A memory N/A ``` Go Back To [Beginning of the document](#) or [Beginning of this section](#troubleshooting-commands) From 8760bbe80e1d28dae0f2d88bba96ce407b492f7c Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 29 Sep 2022 15:29:16 +0800 Subject: [PATCH 25/38] Add UT to check sonic installer does not depend on database (#2401) ### Description of PR Add new test cases to test sonic-installer does not depends on database docker. ### Type of change - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [x] Test case(new/improvement) ### Back port request ### Approach #### What is the motivation for this PR? Add new test cases to test sonic-installer does not depends on database docker. #### How did you do it? Add new test case to cover user scenarios. #### How did you verify/test it? Run new UT make sure they are all pass. Make sure all current UT not break during merge validation. #### Any platform specific information? N/A #### Supported testbed topology if it's a new test case?. --- tests/installer_dependency_test.py | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 tests/installer_dependency_test.py diff --git a/tests/installer_dependency_test.py b/tests/installer_dependency_test.py new file mode 100755 index 0000000000..ca5b5d20ec --- /dev/null +++ b/tests/installer_dependency_test.py @@ -0,0 +1,37 @@ +import pytest +import sonic_installer.main as sonic_installer +import utilities_common.cli as clicommon + +from click.testing import CliRunner +from unittest import mock + +# mock load_db_config to throw exception +class MockSonicDBConfig: + def load_sonic_db_config(): + raise RuntimeError("sonic installer 'list' command should not depends on database") + + def load_sonic_global_db_config(): + raise RuntimeError("sonic installer 'list' command should not depends on database") + + def isInit(): + return False + + def isGlobalInit(): + return False + +@mock.patch("swsscommon.swsscommon.SonicDBConfig", MockSonicDBConfig) +def test_sonic_installer_not_depends_on_database_container(): + runner = CliRunner() + result = runner.invoke( + sonic_installer.sonic_installer.commands['list'] + ) + assert result.exit_code == 1 + + # check InterfaceAliasConverter will break by the mock method, sonic installer use it to load db config. + exception_happen = False + try: + clicommon.InterfaceAliasConverter() + except RuntimeError: + exception_happen = True + + assert exception_happen == True From 7419c67314a63595e4a351920e9b53968fd910f6 Mon Sep 17 00:00:00 2001 From: yucgu <95731623+yucgu@users.noreply.github.com> Date: Thu, 29 Sep 2022 13:41:49 -0700 Subject: [PATCH 26/38] Added cisco config platform commands (#2242) What I did Add cisco sub-command option under 'config platform' command How I did it In config/main.py, check the platform type and import the cisco.py file under cisco platform code when it's cisco-8000. How to verify it Run config platform -h to see all commands. We will be able to see config platform cisco. This is only available on cisco devices. Signed-off-by: Yucai Gu yucgu@cisco.com --- config/main.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/main.py b/config/main.py index fb1fcbb1cb..c20e5980ee 100644 --- a/config/main.py +++ b/config/main.py @@ -1209,6 +1209,10 @@ def config(ctx): print("Caught an exception: " + str(e)) raise click.Abort() + if asic_type == 'cisco-8000': + from sonic_platform.cli.cisco import cisco + platform.add_command(cisco) + # Load database config files load_db_config() From ac71d745dadc8df86967f7aa506dff1ba832ff90 Mon Sep 17 00:00:00 2001 From: Sudharsan Dhamal Gopalarathnam Date: Thu, 29 Sep 2022 15:00:43 -0700 Subject: [PATCH 27/38] [VxLAN]Fix Vxlan delete command to throw error when there are references (#2404) *Check for VNET references for vxlan before deleting vxlan object --- config/vxlan.py | 10 ++++++++++ tests/vnet_input/config_db.json | 10 ++++++++++ tests/vxlan_test.py | 22 ++++++++++++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 tests/vnet_input/config_db.json diff --git a/config/vxlan.py b/config/vxlan.py index bfda1f4eff..be0a961001 100644 --- a/config/vxlan.py +++ b/config/vxlan.py @@ -38,6 +38,10 @@ def del_vxlan(db, vxlan_name): """Del VXLAN""" ctx = click.get_current_context() + vxlan_keys = db.cfgdb.get_keys('VXLAN_TUNNEL') + if vxlan_name not in vxlan_keys: + ctx.fail("Vxlan tunnel {} does not exist".format(vxlan_name)) + vxlan_keys = db.cfgdb.get_keys('VXLAN_EVPN_NVO') if not vxlan_keys: vxlan_count = 0 @@ -56,6 +60,12 @@ def del_vxlan(db, vxlan_name): if(vxlan_count > 0): ctx.fail("Please delete all VLAN VNI mappings.") + vnet_table = db.cfgdb.get_table('VNET') + vnet_keys = vnet_table.keys() + for vnet_key in vnet_keys: + if ('vxlan_tunnel' in vnet_table[vnet_key] and vnet_table[vnet_key]['vxlan_tunnel'] == vxlan_name): + ctx.fail("Please delete all VNET configuration referencing the tunnel " + vxlan_name) + db.cfgdb.set_entry('VXLAN_TUNNEL', vxlan_name, None) @vxlan.group('evpn_nvo') diff --git a/tests/vnet_input/config_db.json b/tests/vnet_input/config_db.json new file mode 100644 index 0000000000..51a75b39c9 --- /dev/null +++ b/tests/vnet_input/config_db.json @@ -0,0 +1,10 @@ +{ + "VNET|Vnet_2000": { + "peer_list": "", + "vni": "2000", + "vxlan_tunnel": "tunnel1" + }, + "VXLAN_TUNNEL|tunnel1": { + "src_ip": "10.10.10.10" + } +} diff --git a/tests/vxlan_test.py b/tests/vxlan_test.py index 5541a6e84a..b0e50f2e32 100644 --- a/tests/vxlan_test.py +++ b/tests/vxlan_test.py @@ -7,6 +7,10 @@ import config.main as config import show.main as show from utilities_common.db import Db +from .mock_tables import dbconnector + +test_path = os.path.dirname(os.path.abspath(__file__)) +mock_db_path = os.path.join(test_path, "vnet_input") show_vxlan_interface_output="""\ VTEP Information: @@ -247,6 +251,24 @@ def test_config_vxlan_add(self): assert result.exit_code == 0 assert result.output == show_vxlan_vlanvnimap_output + def test_config_vxlan_del(self): + dbconnector.dedicated_dbs['CONFIG_DB'] = os.path.join(mock_db_path, 'config_db') + db = Db() + runner = CliRunner() + + result = runner.invoke(config.config.commands["vxlan"].commands["del"], ["tunnel_invalid"], obj=db) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Error: Vxlan tunnel tunnel_invalid does not exist" in result.output + + result = runner.invoke(config.config.commands["vxlan"].commands["del"], ["tunnel1"], obj=db) + dbconnector.dedicated_dbs = {} + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Please delete all VNET configuration referencing the tunnel" in result.output + @classmethod def teardown_class(cls): os.environ['UTILITIES_UNIT_TESTING'] = "0" From cb0edd310d84362310a84d9cb93049fa1a5b23ee Mon Sep 17 00:00:00 2001 From: Senthil Bhava <112665339+skbhava@users.noreply.github.com> Date: Fri, 30 Sep 2022 08:53:24 -0700 Subject: [PATCH 28/38] Fix for show vxlan tunnel command display issue #11902 (#2391) * Issue: Only one vni to vlan map entry in the output of show vxlan tunnel command Fix: Fix: Added fix to display all vni to vlan map entries for "show vxlan tunnel" and "show vxlan name commands. --- show/vxlan.py | 30 ++++++++++++++++++++++-------- tests/vxlan_test.py | 25 +++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/show/vxlan.py b/show/vxlan.py index 0a00a28b03..c31a14910c 100644 --- a/show/vxlan.py +++ b/show/vxlan.py @@ -32,10 +32,17 @@ def name(vxlan_name): vxlan_map_keys = config_db.keys(config_db.CONFIG_DB, 'VXLAN_TUNNEL_MAP{}{}{}*'.format(config_db.KEY_SEPARATOR, vxlan_name, config_db.KEY_SEPARATOR)) if vxlan_map_keys: - vxlan_map_mapping = config_db.get_all(config_db.CONFIG_DB, vxlan_map_keys[0]) - r.append(vxlan_map_keys[0].split(config_db.KEY_SEPARATOR, 2)[2]) - r.append("{} -> {}".format(vxlan_map_mapping.get('vni'), vxlan_map_mapping.get('vlan'))) - table.append(r) + for key in natsorted(vxlan_map_keys): + vxlan_map_mapping = config_db.get_all(config_db.CONFIG_DB, key) + r.append(key.split(config_db.KEY_SEPARATOR, 2)[2]) + r.append("{} -> {}".format(vxlan_map_mapping.get('vni'), vxlan_map_mapping.get('vlan'))) + table.append(r) + r = [] + r.append(' ') + r.append(' ') + r.append(' ') + else: + table.append(r) click.echo(tabulate(table, header)) @@ -59,10 +66,17 @@ def tunnel(): vxlan_map_keys = config_db.keys(config_db.CONFIG_DB, 'VXLAN_TUNNEL_MAP{}{}{}*'.format(config_db.KEY_SEPARATOR, k, config_db.KEY_SEPARATOR)) if vxlan_map_keys: - vxlan_map_mapping = config_db.get_all(config_db.CONFIG_DB, vxlan_map_keys[0]) - r.append(vxlan_map_keys[0].split(config_db.KEY_SEPARATOR, 2)[2]) - r.append("{} -> {}".format(vxlan_map_mapping.get('vni'), vxlan_map_mapping.get('vlan'))) - table.append(r) + for key in natsorted(vxlan_map_keys): + vxlan_map_mapping = config_db.get_all(config_db.CONFIG_DB, key) + r.append(key.split(config_db.KEY_SEPARATOR, 2)[2]) + r.append("{} -> {}".format(vxlan_map_mapping.get('vni'), vxlan_map_mapping.get('vlan'))) + table.append(r) + r = [] + r.append(' ') + r.append(' ') + r.append(' ') + else: + table.append(r) click.echo(tabulate(table, header)) diff --git a/tests/vxlan_test.py b/tests/vxlan_test.py index b0e50f2e32..4404ba9de4 100644 --- a/tests/vxlan_test.py +++ b/tests/vxlan_test.py @@ -60,6 +60,15 @@ """ +show_vxlan_name_output="""\ +vxlan tunnel name source ip destination ip tunnel map name tunnel map mapping(vni -> vlan) +------------------- ----------- ---------------- ----------------- --------------------------------- +vtep1 1.1.1.1 map_100_Vlan100 100 -> Vlan100 + map_101_Vlan101 101 -> Vlan101 + map_102_Vlan102 102 -> Vlan102 + map_200_Vlan200 200 -> Vlan200 +""" + show_vxlan_remotevni_output="""\ +---------+--------------+-------+ | VLAN | RemoteVTEP | VNI | @@ -141,6 +150,22 @@ def test_show_vxlan_tunnel(self): assert result.exit_code == 0 assert result.output == show_vxlan_tunnel_output + def test_show_vxlan_tunnel_output(self): + runner = CliRunner() + result = runner.invoke(show.cli.commands["vxlan"].commands["tunnel"], []) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + assert result.output == show_vxlan_name_output + + def test_show_vxlan_name_vtep(self): + runner = CliRunner() + result = runner.invoke(show.cli.commands["vxlan"].commands["name"],["vtep1"]) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + assert result.output == show_vxlan_name_output + def test_show_vxlan_remotevni(self): runner = CliRunner() result = runner.invoke(show.cli.commands["vxlan"].commands["remotevni"], ["all"]) From 156257e2abba1f26309b9c5a3d11eac30d4ecef9 Mon Sep 17 00:00:00 2001 From: "Jamie (Bear) Murphy" <1613241+ITJamie@users.noreply.github.com> Date: Fri, 30 Sep 2022 16:54:11 +0100 Subject: [PATCH 29/38] check for vxlan mapping before removing vlan (#2388) * [Vxlan] check for vxlan mapping before removing vlan --- config/vlan.py | 4 ++++ tests/vlan_test.py | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/config/vlan.py b/config/vlan.py index 39aeefae7c..90932a5dd4 100644 --- a/config/vlan.py +++ b/config/vlan.py @@ -72,6 +72,10 @@ def del_vlan(db, vid): if keys: # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("VLAN ID {} can not be removed. First remove all members assigned to this VLAN.".format(vid)) + vxlan_table = db.cfgdb.get_table('VXLAN_TUNNEL_MAP') + for vxmap_key, vxmap_data in vxlan_table.items(): + if vxmap_data['vlan'] == 'Vlan{}'.format(vid): + ctx.fail("vlan: {} can not be removed. First remove vxlan mapping '{}' assigned to VLAN".format(vid, '|'.join(vxmap_key)) ) else: config_db = ValidatedConfigDBConnector(db.cfgdb) diff --git a/tests/vlan_test.py b/tests/vlan_test.py index a7f533a824..241cab0c0e 100644 --- a/tests/vlan_test.py +++ b/tests/vlan_test.py @@ -311,6 +311,30 @@ def test_config_vlan_add_rif_portchannel_member(self): assert result.exit_code != 0 assert "Error: PortChannel0001 is a router interface!" in result.output + def test_config_vlan_with_vxlanmap_del_vlan(self): + runner = CliRunner() + db = Db() + obj = {'config_db': db.cfgdb} + + # create vlan + result = runner.invoke(config.config.commands["vlan"].commands["add"], ["1027"], obj=db) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + + # create vxlan map + result = runner.invoke(config.config.commands["vxlan"].commands["map"].commands["add"], ["vtep1", "1027", "11027"], obj=db) + print(result.exit_code) + print(result.output) + assert result.exit_code == 0 + + # attempt to del vlan with vxlan map, should fail + result = runner.invoke(config.config.commands["vlan"].commands["del"], ["1027"], obj=db) + print(result.exit_code) + print(result.output) + assert result.exit_code != 0 + assert "Error: vlan: 1027 can not be removed. First remove vxlan mapping" in result.output + def test_config_vlan_del_vlan(self): runner = CliRunner() db = Db() From 4b2b766ac3ec77ee9f9bba0a357800a997c7b82f Mon Sep 17 00:00:00 2001 From: Mai Bui Date: Mon, 3 Oct 2022 11:41:03 -0700 Subject: [PATCH 30/38] [actions] Support Semgrep by Github Actions (#2417) Signed-off-by: maipbui #### Why I did it [Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities. When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs. When merging PR, Semgrep performs a full scan on master branch and report all findings. Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule) #### How I did it Integrate Semgrep into this repository by committing a job configuration file #### How to verify it PR: https://github.com/maipbui/sonic-buildimage/pull/2 Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404) PR https://github.com/maipbui/sonic-buildimage/pull/2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859) --- .github/workflows/semgrep.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 0000000000..8ebe082f50 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,21 @@ +name: Semgrep + +on: + pull_request: {} + push: + branches: + - master + - '201[7-9][0-1][0-9]' + - '202[0-9][0-1][0-9]' + +jobs: + semgrep: + name: Semgrep + runs-on: ubuntu-latest + container: + image: returntocorp/semgrep + steps: + - uses: actions/checkout@v3 + - run: semgrep ci + env: + SEMGREP_RULES: p/default From 57c509a9d7f0c8140ffb099a8e981e2cdde19fc2 Mon Sep 17 00:00:00 2001 From: siqbal1986 Date: Mon, 3 Oct 2022 16:58:06 -0700 Subject: [PATCH 31/38] [show] vnet endpoint [ip/ipv6] command (#2342) --- doc/Command-Reference.md | 36 +++++++++++++ show/vnet.py | 84 ++++++++++++++++++++++++++++++- tests/mock_tables/appl_db.json | 12 +++-- tests/mock_tables/state_db.json | 18 +++++++ tests/show_bfd_test.py | 24 +++++---- tests/show_vnet_vxlan_cli_test.py | 74 +++++++++++++++++++++++++++ 6 files changed, 233 insertions(+), 15 deletions(-) create mode 100644 tests/show_vnet_vxlan_cli_test.py diff --git a/doc/Command-Reference.md b/doc/Command-Reference.md index e6d0a554bc..0dc426ea70 100644 --- a/doc/Command-Reference.md +++ b/doc/Command-Reference.md @@ -9524,6 +9524,42 @@ This command displays brief information about all the vnets configured in the de Vnet_3000 tunnel1 3000 Vnet_2000,Vnet4000 ``` +**show vnet endpoint ** + +This command displays the list or vxlan tunnel endpoints and their status. In addition it also shows the number of prefixes associated with each endpoints in the tunnels. If an IP address of an endpoint is provided, this command also shows the associated prefixes a well. + +- Usage: + + ``` + show vnet endpoint + + ``` + +- Example: + + ``` + admin@sonic:~$ show vnet endpoint + Endpoint prefix count status + --------------------- -------------- -------- + fddd:a100:a251::a10:1 1 Down + fddd:a101:a251::a10:1 1 Up + 100.251.7.1 3 Up + + or + + admin@sonic:~$ show vnet endpoint fddd:a101:a251::a10:1 + Endpoint prefix status + --------------------- ---------------------------- -------- + fddd:a101:a251::a10:1 ['fddd:a150:a251::a6:1/128'] Up + + or + + admin@sonic:~$ show vnet endpoint 100.251.7.1 + Endpoint prefix status + ----------- --------------------------------------------------------- -------- + 100.251.7.1 ['160.62.191.1/32', '160.63.191.1/32', '160.64.191.1/32'] Up + ``` + **show vnet name ** This command displays brief information about configured in the device. diff --git a/show/vnet.py b/show/vnet.py index 4b5674cb62..46970e26f8 100644 --- a/show/vnet.py +++ b/show/vnet.py @@ -3,7 +3,7 @@ from natsort import natsorted from swsscommon.swsscommon import SonicV2Connector, ConfigDBConnector from tabulate import tabulate - +import ipaddress # # 'vnet' command ("show vnet") @@ -195,6 +195,88 @@ def neighbors(): if not bool(vnet_intfs): click.echo(tabulate(table, header)) +@vnet.command() +@click.argument('args', metavar='[IPADDRESS]', nargs=1, required=False) +def endpoint(args): + """Show Vxlan tunnel endpoint status""" + """Specify IPv4 or IPv6 address for detail""" + + state_db = SonicV2Connector() + state_db.connect(state_db.STATE_DB) + appl_db = SonicV2Connector() + appl_db.connect(appl_db.APPL_DB) + filter_by_ip = '' + if args and len(args) > 0: + try: + filter_by_ip = ipaddress.ip_network(args) + except ValueError: + # Not ip address just ignore it + print ("wrong parameter",args) + return + # Fetching data from appl_db for VNET TUNNEL ROUTES + vnet_rt_keys = appl_db.keys(appl_db.APPL_DB, "VNET_ROUTE_TUNNEL_TABLE:*") + vnet_rt_keys = natsorted(vnet_rt_keys) if vnet_rt_keys else [] + bfd_keys = state_db.keys(state_db.STATE_DB, "BFD_SESSION_TABLE|*") + if not filter_by_ip: + header = ['Endpoint', 'Endpoint Monitor', 'prefix count', 'status'] + prefix_count = {} + monitor_dict = {} + table = [] + for k in vnet_rt_keys: + val = appl_db.get_all(appl_db.APPL_DB, k) + endpoints = val.get('endpoint').split(',') if 'endpoint' in val else [] + if 'endpoint_monitor' in val: + monitors = val.get('endpoint_monitor').split(',') + else: + continue + for idx, endpoint in enumerate(endpoints): + monitor_dict[endpoint] = monitors[idx] + if endpoint not in prefix_count: + prefix_count[endpoint] = 0 + prefix_count[endpoint] += 1 + for endpoint in prefix_count: + r = [] + r.append(endpoint) + r.append(monitor_dict[endpoint]) + r.append(prefix_count[endpoint]) + bfd_session_key = "BFD_SESSION_TABLE|default|default|" + monitor_dict[endpoint] + if bfd_session_key in bfd_keys: + val_state = state_db.get_all(state_db.STATE_DB, bfd_session_key) + r.append(val_state.get('state')) + else: + r.append('Unknown') + table.append(r) + else: + table = [] + header = ['Endpoint', 'Endpoint Monitor', 'prefix', 'status'] + state = 'Unknown' + prefix = [] + monitor_list = [] + have_status = False + for k in vnet_rt_keys: + val = appl_db.get_all(appl_db.APPL_DB, k) + endpoints = val.get('endpoint').split(',') + monitors = val.get('endpoint_monitor').split(',') + for idx, endpoint in enumerate(endpoints): + if args == endpoint: + prefix.append(k.split(":", 2)[2]) + if not have_status: + bfd_session_key = "BFD_SESSION_TABLE|default|default|" + monitors[idx] + if bfd_session_key in bfd_keys: + val_state = state_db.get_all(state_db.STATE_DB, bfd_session_key) + state = val_state.get('state') + have_status = True + monitor_list.append( monitors[idx]) + break + if prefix: + r = [] + r.append(args) + r.append(monitor_list) + r.append(prefix) + r.append(state) + table.append(r) + click.echo(tabulate(table, header)) + @vnet.group() def routes(): diff --git a/tests/mock_tables/appl_db.json b/tests/mock_tables/appl_db.json index e72cb47a73..df2e25173f 100644 --- a/tests/mock_tables/appl_db.json +++ b/tests/mock_tables/appl_db.json @@ -315,15 +315,19 @@ "alias": "Vlan1000" }, "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.163.191.1/32": { - "endpoint":"100.251.7.1" + "endpoint":"100.251.7.1", + "endpoint_monitor":"100.251.7.1" }, "VNET_ROUTE_TUNNEL_TABLE:Vnet_v6_in_v6-0:fddd:a156:a251::a6:1/128": { - "endpoint": "fddd:a100:a251::a10:1,fddd:a101:a251::a10:1" + "endpoint": "fddd:a100:a251::a10:1,fddd:a101:a251::a10:1", + "endpoint_monitor":"fddd:a100:a251::a10:1,fddd:a101:a251::a10:1" }, "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.162.191.1/32": { - "endpoint":"100.251.7.1" + "endpoint":"100.251.7.1", + "endpoint_monitor":"100.251.7.1" }, "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.164.191.1/32": { - "endpoint":"100.251.7.1" + "endpoint":"100.251.7.1", + "endpoint_monitor":"100.251.7.1" } } diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index beecb681fc..8d2f25c1e2 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -890,5 +890,23 @@ "VNET_ROUTE_TUNNEL_TABLE|Vnet_v6_in_v6-0|fddd:a156:a251::a6:1/128": { "active_endpoints":"fddd:a100:a251::a10:1,fddd:a101:a251::a10:1", "state":"active" + }, + "BFD_SESSION_TABLE|default|default|100.251.7.1": { + "state":"Up", + "type": "async_active", + "local_addr" : "10.0.0.1", + "tx_interval" :"300", + "rx_interval" : "500", + "multiplier" : "3", + "multihop": "true" + }, + "BFD_SESSION_TABLE|default|default|fddd:a101:a251::a10:1": { + "state":"Down", + "type": "async_active", + "local_addr" : "fddd:c101:a251::a10:2", + "tx_interval" :"300", + "rx_interval" : "500", + "multiplier" : "3", + "multihop": "true" } } diff --git a/tests/show_bfd_test.py b/tests/show_bfd_test.py index fdf4fbe5e2..bd2df5f58b 100644 --- a/tests/show_bfd_test.py +++ b/tests/show_bfd_test.py @@ -38,13 +38,15 @@ def test_bfd_show(self): "tx_interval" :"400", "rx_interval" : "500", "multiplier" : "5", "multihop": "false"}) expected_output = """\ -Total number of BFD sessions: 4 -Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop ------------ ----------- ------- ------- ------------ ------------ ------------- ------------- ------------ ---------- -10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true -10.0.2.1 Ethernet12 default UP async_active 10.0.0.1 200 600 3 false -2000::10:1 default default UP async_active 2000::1 100 700 3 false -10.0.1.1 default VrfRed UP async_active 10.0.0.1 400 500 5 false +Total number of BFD sessions: 6 +Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop +--------------------- ----------- ------- ------- ------------ --------------------- ------------- ------------- ------------ ---------- +100.251.7.1 default default Up async_active 10.0.0.1 300 500 3 true +fddd:a101:a251::a10:1 default default Down async_active fddd:c101:a251::a10:2 300 500 3 true +10.0.1.1 default default DOWN async_active 10.0.0.1 300 500 3 true +10.0.2.1 Ethernet12 default UP async_active 10.0.0.1 200 600 3 false +2000::10:1 default default UP async_active 2000::1 100 700 3 false +10.0.1.1 default VrfRed UP async_active 10.0.0.1 400 500 5 false """ result = runner.invoke(show.cli.commands['bfd'].commands['summary'], [], obj=db) @@ -88,9 +90,11 @@ def test_bfd_show_no_session(self): db = Db() expected_output = """\ -Total number of BFD sessions: 0 -Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop ------------ ----------- ----- ------- ------ ------------ ------------- ------------- ------------ ---------- +Total number of BFD sessions: 2 +Peer Addr Interface Vrf State Type Local Addr TX Interval RX Interval Multiplier Multihop +--------------------- ----------- ------- ------- ------------ --------------------- ------------- ------------- ------------ ---------- +100.251.7.1 default default Up async_active 10.0.0.1 300 500 3 true +fddd:a101:a251::a10:1 default default Down async_active fddd:c101:a251::a10:2 300 500 3 true """ result = runner.invoke(show.cli.commands['bfd'].commands['summary'], [], obj=db) diff --git a/tests/show_vnet_vxlan_cli_test.py b/tests/show_vnet_vxlan_cli_test.py new file mode 100644 index 0000000000..f0cee3b257 --- /dev/null +++ b/tests/show_vnet_vxlan_cli_test.py @@ -0,0 +1,74 @@ +import os +import sys +import traceback +import mock_tables.dbconnector +from click.testing import CliRunner +from unittest import mock +from utilities_common.db import Db +import show.main as show + +#test_path = os.path.dirname(os.path.abspath(__file__)) + + + +class TestShowVnet(object): + @classmethod + def setup_class(cls): + print("SETUP") + os.environ["UTILITIES_UNIT_TESTING"] = "1" + + def test_show_vnet_routes_all_basic(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['routes'].commands['all'], [], obj=db) + assert result.exit_code == 0 + expected_output = """\ +vnet name prefix nexthop interface +----------- -------- --------- ----------- + +vnet name prefix endpoint mac address vni status +--------------- ------------------------ ------------------------------------------- ------------- ----- -------- +Vnet_v6_in_v6-0 fddd:a156:a251::a6:1/128 fddd:a100:a251::a10:1,fddd:a101:a251::a10:1 active +test_v4_in_v4-0 160.162.191.1/32 100.251.7.1 active +test_v4_in_v4-0 160.163.191.1/32 100.251.7.1 active +test_v4_in_v4-0 160.164.191.1/32 100.251.7.1 +""" + assert result.output == expected_output + + def test_show_vnet_endpoint(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['endpoint'], [], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Endpoint Endpoint Monitor prefix count status +--------------------- --------------------- -------------- -------- +fddd:a100:a251::a10:1 fddd:a100:a251::a10:1 1 Unknown +fddd:a101:a251::a10:1 fddd:a101:a251::a10:1 1 Down +100.251.7.1 100.251.7.1 3 Up +""" + assert result.output == expected_output + + def test_show_vnet_endpoint_ipv4(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['endpoint'], ['100.251.7.1'], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Endpoint Endpoint Monitor prefix status +----------- ------------------ ------------------------------------------------------------ -------- +100.251.7.1 ['100.251.7.1'] ['160.162.191.1/32', '160.163.191.1/32', '160.164.191.1/32'] Up +""" + assert result.output == expected_output + + def test_show_vnet_endpoint_ipv6(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['endpoint'], ['fddd:a101:a251::a10:1'], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Endpoint Endpoint Monitor prefix status +--------------------- ------------------------- ---------------------------- -------- +fddd:a101:a251::a10:1 ['fddd:a101:a251::a10:1'] ['fddd:a156:a251::a6:1/128'] Down +""" + assert result.output == expected_output From c1206aac3bb3dc5c85945fcdca316939fa45d7d5 Mon Sep 17 00:00:00 2001 From: isabelmsft <67024108+isabelmsft@users.noreply.github.com> Date: Tue, 4 Oct 2022 13:13:31 -0700 Subject: [PATCH 32/38] ConfigDB Updates with YANG Validation: Include potential for YANG validation even when adhoc validation is used (#2412) --- config/main.py | 16 ++++------------ config/vlan.py | 17 +++++------------ 2 files changed, 9 insertions(+), 24 deletions(-) diff --git a/config/main.py b/config/main.py index c20e5980ee..80661da8ee 100644 --- a/config/main.py +++ b/config/main.py @@ -2060,15 +2060,13 @@ def add_portchannel(ctx, portchannel_name, min_links, fallback, fast_rate): if fallback != 'false': fvs['fallback'] = 'true' + db = ValidatedConfigDBConnector(ctx.obj['db']) if ADHOC_VALIDATION: - db = ctx.obj['db'] if is_portchannel_name_valid(portchannel_name) != True: ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) if is_portchannel_present_in_db(db, portchannel_name): ctx.fail("{} already exists!".format(portchannel_name)) # TODO: MISSING CONSTRAINT IN YANG MODEL - else: - db = ValidatedConfigDBConnector(ctx.obj['db']) try: db.set_entry('PORTCHANNEL', portchannel_name, fvs) @@ -2081,8 +2079,8 @@ def add_portchannel(ctx, portchannel_name, min_links, fallback, fast_rate): def remove_portchannel(ctx, portchannel_name): """Remove port channel""" + db = ValidatedConfigDBConnector(ctx.obj['db']) if ADHOC_VALIDATION: - db = ctx.obj['db'] if is_portchannel_name_valid(portchannel_name) != True: ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) @@ -2098,8 +2096,6 @@ def remove_portchannel(ctx, portchannel_name): if len([(k, v) for k, v in db.get_table('PORTCHANNEL_MEMBER') if k == portchannel_name]) != 0: # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("Error: Portchannel {} contains members. Remove members before deleting Portchannel!".format(portchannel_name)) - else: - db = ValidatedConfigDBConnector(ctx.obj['db']) try: db.set_entry('PORTCHANNEL', portchannel_name, None) @@ -6177,8 +6173,8 @@ def loopback(ctx, redis_unix_socket_path): @click.argument('loopback_name', metavar='', required=True) @click.pass_context def add_loopback(ctx, loopback_name): + config_db = ValidatedConfigDBConnector(ctx.obj['db']) if ADHOC_VALIDATION: - config_db = ctx.obj['db'] if is_loopback_name_valid(loopback_name) is False: ctx.fail("{} is invalid, name should have prefix '{}' and suffix '{}' " .format(loopback_name, CFG_LOOPBACK_PREFIX, CFG_LOOPBACK_NO)) @@ -6186,8 +6182,6 @@ def add_loopback(ctx, loopback_name): lo_intfs = [k for k, v in config_db.get_table('LOOPBACK_INTERFACE').items() if type(k) != tuple] if loopback_name in lo_intfs: ctx.fail("{} already exists".format(loopback_name)) # TODO: MISSING CONSTRAINT IN YANG VALIDATION - else: - config_db = ValidatedConfigDBConnector(ctx.obj['db']) try: config_db.set_entry('LOOPBACK_INTERFACE', loopback_name, {"NULL" : "NULL"}) @@ -6198,7 +6192,7 @@ def add_loopback(ctx, loopback_name): @click.argument('loopback_name', metavar='', required=True) @click.pass_context def del_loopback(ctx, loopback_name): - config_db = ctx.obj['db'] + config_db = ValidatedConfigDBConnector(ctx.obj['db']) lo_config_db = config_db.get_table('LOOPBACK_INTERFACE') if ADHOC_VALIDATION: @@ -6208,8 +6202,6 @@ def del_loopback(ctx, loopback_name): lo_intfs = [k for k, v in lo_config_db.items() if type(k) != tuple] if loopback_name not in lo_intfs: ctx.fail("{} does not exist".format(loopback_name)) - else: - config_db = ValidatedConfigDBConnector(ctx.obj['db']) ips = [ k[1] for k in lo_config_db if type(k) == tuple and k[0] == loopback_name ] for ip in ips: diff --git a/config/vlan.py b/config/vlan.py index 90932a5dd4..45d698ce70 100644 --- a/config/vlan.py +++ b/config/vlan.py @@ -25,8 +25,8 @@ def add_vlan(db, vid): ctx = click.get_current_context() vlan = 'Vlan{}'.format(vid) + config_db = ValidatedConfigDBConnector(db.cfgdb) if ADHOC_VALIDATION: - config_db = db.cfgdb if not clicommon.is_vlanid_in_range(vid): ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) @@ -35,8 +35,6 @@ def add_vlan(db, vid): if clicommon.check_if_vlanid_exist(db.cfgdb, vlan): # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("{} already exists".format(vlan)) - else: - config_db = ValidatedConfigDBConnector(db.cfgdb) try: config_db.set_entry('VLAN', vlan, {'vlanid': str(vid)}) @@ -54,8 +52,8 @@ def del_vlan(db, vid): ctx = click.get_current_context() vlan = 'Vlan{}'.format(vid) + config_db = ValidatedConfigDBConnector(db.cfgdb) if ADHOC_VALIDATION: - config_db = db.cfgdb if not clicommon.is_vlanid_in_range(vid): ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) @@ -72,12 +70,11 @@ def del_vlan(db, vid): if keys: # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("VLAN ID {} can not be removed. First remove all members assigned to this VLAN.".format(vid)) + vxlan_table = db.cfgdb.get_table('VXLAN_TUNNEL_MAP') for vxmap_key, vxmap_data in vxlan_table.items(): if vxmap_data['vlan'] == 'Vlan{}'.format(vid): ctx.fail("vlan: {} can not be removed. First remove vxlan mapping '{}' assigned to VLAN".format(vid, '|'.join(vxmap_key)) ) - else: - config_db = ValidatedConfigDBConnector(db.cfgdb) try: config_db.set_entry('VLAN', 'Vlan{}'.format(vid), None) @@ -141,8 +138,8 @@ def add_vlan_member(db, vid, port, untagged): vlan = 'Vlan{}'.format(vid) + config_db = ValidatedConfigDBConnector(db.cfgdb) if ADHOC_VALIDATION: - config_db = db.cfgdb if not clicommon.is_vlanid_in_range(vid): ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) @@ -180,8 +177,6 @@ def add_vlan_member(db, vid, port, untagged): if (clicommon.interface_is_untagged_member(db.cfgdb, port) and untagged): # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("{} is already untagged member!".format(port)) - else: - config_db = ValidatedConfigDBConnector(db.cfgdb) try: config_db.set_entry('VLAN_MEMBER', (vlan, port), {'tagging_mode': "untagged" if untagged else "tagged" }) @@ -199,8 +194,8 @@ def del_vlan_member(db, vid, port): log.log_info("'vlan member del {} {}' executing...".format(vid, port)) vlan = 'Vlan{}'.format(vid) + config_db = ValidatedConfigDBConnector(db.cfgdb) if ADHOC_VALIDATION: - config_db = db.cfgdb if not clicommon.is_vlanid_in_range(vid): ctx.fail("Invalid VLAN ID {} (1-4094)".format(vid)) @@ -216,8 +211,6 @@ def del_vlan_member(db, vid, port): if not clicommon.is_port_vlan_member(db.cfgdb, port, vlan): # TODO: MISSING CONSTRAINT IN YANG MODEL ctx.fail("{} is not a member of {}".format(port, vlan)) - else: - config_db = ValidatedConfigDBConnector(db.cfgdb) try: config_db.set_entry('VLAN_MEMBER', (vlan, port), None) From 81e2aeccaeb65a3ef9608724d5a7f0236cbf12b8 Mon Sep 17 00:00:00 2001 From: jingwenxie Date: Tue, 4 Oct 2022 17:17:28 -0700 Subject: [PATCH 33/38] [minigraph] new workflow for golden path (#2396) #### What I did Change the behavior that load_minigraph will consume golden config by default. New behavior: `config load_minigraph`: No longer consume golden config. `config load_minigraph --golden_config`: Consume default golden config. /etc/sonic/golden_config_db.json `config load_minigraph --golden_config FilePath`: Consume golden config with FilePath #### How I did it Make golden_config click.Option() and add an argument for golden config path. #### How to verify it UT test. #### Previous command output (if the output of a command-line utility has changed) sudo config load_minigraph -h Usage: config load_minigraph [OPTIONS] Reconfigure based on minigraph. Options: -y, --yes -n, --no_service_restart Do not restart docker services -t, --traffic_shift_away Keep device in maintenance with TSA -p, --golden_config_path TEXT specify Golden Config path -?, -h, --help Show this message and exit. #### New command output (if the output of a command-line utility has changed) admin@vlab-01:~$ sudo config load_minigraph --golden_config_path -h Usage: config load_minigraph [OPTIONS] Reconfigure based on minigraph. Options: -y, --yes -n, --no_service_restart Do not restart docker services -t, --traffic_shift_away Keep device in maintenance with TSA -o, --override_config Enable config override. Proceed with default path. -p, --golden_config_path TEXT Provide golden config path to override. Use with --override_config -h, -?, --help Show this message and exit. --- config/main.py | 14 +++++++------- tests/config_test.py | 43 +++++++++++++++---------------------------- 2 files changed, 22 insertions(+), 35 deletions(-) diff --git a/config/main.py b/config/main.py index 80661da8ee..e2a05d156d 100644 --- a/config/main.py +++ b/config/main.py @@ -1727,9 +1727,10 @@ def load_mgmt_config(filename): expose_value=False, prompt='Reload config from minigraph?') @click.option('-n', '--no_service_restart', default=False, is_flag=True, help='Do not restart docker services') @click.option('-t', '--traffic_shift_away', default=False, is_flag=True, help='Keep device in maintenance with TSA') -@click.option('-p', '--golden_config_path', help='The path of golden config file') +@click.option('-o', '--override_config', default=False, is_flag=True, help='Enable config override. Proceed with default path.') +@click.option('-p', '--golden_config_path', help='Provide golden config path to override. Use with --override_config') @clicommon.pass_db -def load_minigraph(db, no_service_restart, traffic_shift_away, golden_config_path): +def load_minigraph(db, no_service_restart, traffic_shift_away, override_config, golden_config_path): """Reconfigure based on minigraph.""" log.log_info("'load_minigraph' executing...") @@ -1802,20 +1803,19 @@ def load_minigraph(db, no_service_restart, traffic_shift_away, golden_config_pat # Keep device isolated with TSA if traffic_shift_away: clicommon.run_command("TSA", display_cmd=True) - if golden_config_path or not golden_config_path and os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): + if override_config: log.log_warning("Golden configuration may override System Maintenance state. Please execute TSC to check the current System mode") click.secho("[WARNING] Golden configuration may override Traffic-shift-away state. Please execute TSC to check the current System mode") # Load golden_config_db.json - if golden_config_path: + if override_config: + if golden_config_path is None: + golden_config_path = DEFAULT_GOLDEN_CONFIG_DB_FILE if not os.path.isfile(golden_config_path): click.secho("Cannot find '{}'!".format(golden_config_path), fg='magenta') raise click.Abort() override_config_by(golden_config_path) - else: - if os.path.isfile(DEFAULT_GOLDEN_CONFIG_DB_FILE): - override_config_by(DEFAULT_GOLDEN_CONFIG_DB_FILE) # We first run "systemctl reset-failed" to remove the "failed" # status from all services before we attempt to restart them diff --git a/tests/config_test.py b/tests/config_test.py index 4ac30632fd..d2e7b270c0 100644 --- a/tests/config_test.py +++ b/tests/config_test.py @@ -411,27 +411,6 @@ def is_file_side_effect(filename): assert result.exit_code == 0 assert expected_output in result.output - def test_load_minigraph_with_golden_config(self, get_cmd_module, setup_single_broadcom_asic): - with mock.patch( - "utilities_common.cli.run_command", - mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command: - (config, show) = get_cmd_module - db = Db() - golden_config = {} - self.check_golden_config(db, config, golden_config, - "config override-config-table /etc/sonic/golden_config_db.json") - - def check_golden_config(self, db, config, golden_config, expected_output): - def is_file_side_effect(filename): - return True if 'golden_config' in filename else False - with mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): - runner = CliRunner() - result = runner.invoke(config.config.commands["load_minigraph"], ["-y"], obj=db) - print(result.exit_code) - print(result.output) - assert result.exit_code == 0 - assert expected_output in result.output - def test_load_minigraph_with_non_exist_golden_config_path(self, get_cmd_module): def is_file_side_effect(filename): return True if 'golden_config' in filename else False @@ -439,24 +418,32 @@ def is_file_side_effect(filename): mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): (config, show) = get_cmd_module runner = CliRunner() - result = runner.invoke(config.config.commands["load_minigraph"], ["-p", "non_exist.json", "-y"]) + result = runner.invoke(config.config.commands["load_minigraph"], ["--override_config", "--golden_config_path", "non_exist.json", "-y"]) assert result.exit_code != 0 assert "Cannot find 'non_exist.json'" in result.output - def test_load_minigraph_with_golden_config_path(self, get_cmd_module): + def test_load_minigraph_with_specified_golden_config_path(self, get_cmd_module): def is_file_side_effect(filename): return True if 'golden_config' in filename else False with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command, \ mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): (config, show) = get_cmd_module runner = CliRunner() - result = runner.invoke(config.config.commands["load_minigraph"], ["-p", "golden_config.json", "-y"]) - print(result.exit_code) - print(result.output) - traceback.print_tb(result.exc_info[2]) + result = runner.invoke(config.config.commands["load_minigraph"], ["--override_config", "--golden_config_path", "golden_config.json", "-y"]) assert result.exit_code == 0 assert "config override-config-table golden_config.json" in result.output + def test_load_minigraph_with_default_golden_config_path(self, get_cmd_module): + def is_file_side_effect(filename): + return True if 'golden_config' in filename else False + with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command, \ + mock.patch('os.path.isfile', mock.MagicMock(side_effect=is_file_side_effect)): + (config, show) = get_cmd_module + runner = CliRunner() + result = runner.invoke(config.config.commands["load_minigraph"], ["--override_config", "-y"]) + assert result.exit_code == 0 + assert "config override-config-table /etc/sonic/golden_config_db.json" in result.output + def test_load_minigraph_with_traffic_shift_away(self, get_cmd_module): with mock.patch("utilities_common.cli.run_command", mock.MagicMock(side_effect=mock_run_command_side_effect)) as mock_run_command: (config, show) = get_cmd_module @@ -477,7 +464,7 @@ def is_file_side_effect(filename): db = Db() golden_config = {} runner = CliRunner() - result = runner.invoke(config.config.commands["load_minigraph"], ["-ty"]) + result = runner.invoke(config.config.commands["load_minigraph"], ["-ty", "--override_config"]) print(result.exit_code) print(result.output) traceback.print_tb(result.exc_info[2]) From a817896b1786d3cbd6b6cf3cc513b1fdbce00f88 Mon Sep 17 00:00:00 2001 From: isabelmsft <67024108+isabelmsft@users.noreply.github.com> Date: Wed, 5 Oct 2022 15:21:18 -0700 Subject: [PATCH 34/38] YANG validation for ConfigDB Updates: MGMT_INTERFACE, PORTCHANNEL_MEMBER use cases (#2420) --- config/main.py | 200 +++++++++++++++++++++++++------------------------ 1 file changed, 104 insertions(+), 96 deletions(-) diff --git a/config/main.py b/config/main.py index e2a05d156d..b35d507b1c 100644 --- a/config/main.py +++ b/config/main.py @@ -2113,104 +2113,109 @@ def portchannel_member(ctx): @click.pass_context def add_portchannel_member(ctx, portchannel_name, port_name): """Add member to port channel""" - db = ctx.obj['db'] - if clicommon.is_port_mirror_dst_port(db, port_name): - ctx.fail("{} is configured as mirror destination port".format(port_name)) + db = ValidatedConfigDBConnector(ctx.obj['db']) + + if ADHOC_VALIDATION: + if clicommon.is_port_mirror_dst_port(db, port_name): + ctx.fail("{} is configured as mirror destination port".format(port_name)) # TODO: MISSING CONSTRAINT IN YANG MODEL - # Check if the member interface given by user is valid in the namespace. - if port_name.startswith("Ethernet") is False or interface_name_is_valid(db, port_name) is False: - ctx.fail("Interface name is invalid. Please enter a valid interface name!!") + # Check if the member interface given by user is valid in the namespace. + if port_name.startswith("Ethernet") is False or interface_name_is_valid(db, port_name) is False: + ctx.fail("Interface name is invalid. Please enter a valid interface name!!") - # Dont proceed if the port channel name is not valid - if is_portchannel_name_valid(portchannel_name) is False: - ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" - .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) + # Dont proceed if the port channel name is not valid + if is_portchannel_name_valid(portchannel_name) is False: + ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" + .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) - # Dont proceed if the port channel does not exist - if is_portchannel_present_in_db(db, portchannel_name) is False: - ctx.fail("{} is not present.".format(portchannel_name)) + # Dont proceed if the port channel does not exist + if is_portchannel_present_in_db(db, portchannel_name) is False: + ctx.fail("{} is not present.".format(portchannel_name)) - # Don't allow a port to be member of port channel if it is configured with an IP address - for key,value in db.get_table('INTERFACE').items(): - if type(key) == tuple: - continue - if key == port_name: - ctx.fail(" {} has ip address configured".format(port_name)) - return + # Don't allow a port to be member of port channel if it is configured with an IP address + for key,value in db.get_table('INTERFACE').items(): + if type(key) == tuple: + continue + if key == port_name: + ctx.fail(" {} has ip address configured".format(port_name)) # TODO: MISSING CONSTRAINT IN YANG MODEL + return - for key in db.get_keys('VLAN_SUB_INTERFACE'): - if type(key) == tuple: - continue - intf = key.split(VLAN_SUB_INTERFACE_SEPARATOR)[0] - parent_intf = get_intf_longname(intf) - if parent_intf == port_name: - ctx.fail(" {} has subinterfaces configured".format(port_name)) - - # Dont allow a port to be member of port channel if it is configured as a VLAN member - for k,v in db.get_table('VLAN_MEMBER'): - if v == port_name: - ctx.fail("%s Interface configured as VLAN_MEMBER under vlan : %s" %(port_name,str(k))) - return + for key in db.get_keys('VLAN_SUB_INTERFACE'): + if type(key) == tuple: + continue + intf = key.split(VLAN_SUB_INTERFACE_SEPARATOR)[0] + parent_intf = get_intf_longname(intf) + if parent_intf == port_name: + ctx.fail(" {} has subinterfaces configured".format(port_name)) # TODO: MISSING CONSTRAINT IN YANG MODEL + + # Dont allow a port to be member of port channel if it is configured as a VLAN member + for k,v in db.get_table('VLAN_MEMBER'): + if v == port_name: + ctx.fail("%s Interface configured as VLAN_MEMBER under vlan : %s" %(port_name,str(k))) # TODO: MISSING CONSTRAINT IN YANG MODEL + return - # Dont allow a port to be member of port channel if it is already member of a port channel - for k,v in db.get_table('PORTCHANNEL_MEMBER'): - if v == port_name: - ctx.fail("{} Interface is already member of {} ".format(v,k)) + # Dont allow a port to be member of port channel if it is already member of a port channel + for k,v in db.get_table('PORTCHANNEL_MEMBER'): + if v == port_name: + ctx.fail("{} Interface is already member of {} ".format(v,k)) # TODO: MISSING CONSTRAINT IN YANG MODEL - # Dont allow a port to be member of port channel if its speed does not match with existing members - for k,v in db.get_table('PORTCHANNEL_MEMBER'): - if k == portchannel_name: - member_port_entry = db.get_entry('PORT', v) + # Dont allow a port to be member of port channel if its speed does not match with existing members + for k,v in db.get_table('PORTCHANNEL_MEMBER'): + if k == portchannel_name: + member_port_entry = db.get_entry('PORT', v) + port_entry = db.get_entry('PORT', port_name) + + if member_port_entry is not None and port_entry is not None: + member_port_speed = member_port_entry.get(PORT_SPEED) + + port_speed = port_entry.get(PORT_SPEED) # TODO: MISSING CONSTRAINT IN YANG MODEL + if member_port_speed != port_speed: + ctx.fail("Port speed of {} is different than the other members of the portchannel {}" + .format(port_name, portchannel_name)) + + # Dont allow a port to be member of port channel if its MTU does not match with portchannel + portchannel_entry = db.get_entry('PORTCHANNEL', portchannel_name) + if portchannel_entry and portchannel_entry.get(PORT_MTU) is not None : port_entry = db.get_entry('PORT', port_name) - if member_port_entry is not None and port_entry is not None: - member_port_speed = member_port_entry.get(PORT_SPEED) + if port_entry and port_entry.get(PORT_MTU) is not None: + port_mtu = port_entry.get(PORT_MTU) - port_speed = port_entry.get(PORT_SPEED) - if member_port_speed != port_speed: - ctx.fail("Port speed of {} is different than the other members of the portchannel {}" + portchannel_mtu = portchannel_entry.get(PORT_MTU) # TODO: MISSING CONSTRAINT IN YANG MODEL + if portchannel_mtu != port_mtu: + ctx.fail("Port MTU of {} is different than the {} MTU size" .format(port_name, portchannel_name)) - # Dont allow a port to be member of port channel if its MTU does not match with portchannel - portchannel_entry = db.get_entry('PORTCHANNEL', portchannel_name) - if portchannel_entry and portchannel_entry.get(PORT_MTU) is not None : + # Dont allow a port to be member of port channel if its TPID is not at default 0x8100 + # If TPID is supported at LAG level, when member is added, the LAG's TPID is applied to the + # new member by SAI. port_entry = db.get_entry('PORT', port_name) + if port_entry and port_entry.get(PORT_TPID) is not None: + port_tpid = port_entry.get(PORT_TPID) # TODO: MISSING CONSTRAINT IN YANG MODEL + if port_tpid != DEFAULT_TPID: + ctx.fail("Port TPID of {}: {} is not at default 0x8100".format(port_name, port_tpid)) - if port_entry and port_entry.get(PORT_MTU) is not None: - port_mtu = port_entry.get(PORT_MTU) - - portchannel_mtu = portchannel_entry.get(PORT_MTU) - if portchannel_mtu != port_mtu: - ctx.fail("Port MTU of {} is different than the {} MTU size" - .format(port_name, portchannel_name)) - - # Dont allow a port to be member of port channel if its TPID is not at default 0x8100 - # If TPID is supported at LAG level, when member is added, the LAG's TPID is applied to the - # new member by SAI. - port_entry = db.get_entry('PORT', port_name) - if port_entry and port_entry.get(PORT_TPID) is not None: - port_tpid = port_entry.get(PORT_TPID) - if port_tpid != DEFAULT_TPID: - ctx.fail("Port TPID of {}: {} is not at default 0x8100".format(port_name, port_tpid)) + # Don't allow a port to be a member of portchannel if already has ACL bindings + try: + acl_bindings = get_port_acl_binding(ctx.obj['db_wrap'], port_name, ctx.obj['namespace']) # TODO: MISSING CONSTRAINT IN YANG MODEL + if acl_bindings: + ctx.fail("Port {} is already bound to following ACL_TABLES: {}".format(port_name, acl_bindings)) + except Exception as e: + ctx.fail(str(e)) - # Don't allow a port to be a member of portchannel if already has ACL bindings - try: - acl_bindings = get_port_acl_binding(ctx.obj['db_wrap'], port_name, ctx.obj['namespace']) - if acl_bindings: - ctx.fail("Port {} is already bound to following ACL_TABLES: {}".format(port_name, acl_bindings)) - except Exception as e: - ctx.fail(str(e)) + # Don't allow a port to be a member of portchannel if already has PBH bindings + try: + pbh_bindings = get_port_pbh_binding(ctx.obj['db_wrap'], port_name, DEFAULT_NAMESPACE) # TODO: MISSING CONSTRAINT IN YANG MODEL + if pbh_bindings: + ctx.fail("Port {} is already bound to following PBH_TABLES: {}".format(port_name, pbh_bindings)) + except Exception as e: + ctx.fail(str(e)) - # Don't allow a port to be a member of portchannel if already has PBH bindings try: - pbh_bindings = get_port_pbh_binding(ctx.obj['db_wrap'], port_name, DEFAULT_NAMESPACE) - if pbh_bindings: - ctx.fail("Port {} is already bound to following PBH_TABLES: {}".format(port_name, pbh_bindings)) - except Exception as e: - ctx.fail(str(e)) - - db.set_entry('PORTCHANNEL_MEMBER', (portchannel_name, port_name), - {'NULL': 'NULL'}) + db.set_entry('PORTCHANNEL_MEMBER', (portchannel_name, port_name), + {'NULL': 'NULL'}) + except ValueError: + ctx.fail("Portchannel or interface name is invalid or nonexistent") @portchannel_member.command('del') @click.argument('portchannel_name', metavar='', required=True) @@ -2223,22 +2228,25 @@ def del_portchannel_member(ctx, portchannel_name, port_name): ctx.fail("{} is invalid!, name should have prefix '{}' and suffix '{}'" .format(portchannel_name, CFG_PORTCHANNEL_PREFIX, CFG_PORTCHANNEL_NO)) - db = ctx.obj['db'] - - # Check if the member interface given by user is valid in the namespace. - if interface_name_is_valid(db, port_name) is False: - ctx.fail("Interface name is invalid. Please enter a valid interface name!!") + db = ValidatedConfigDBConnector(ctx.obj['db']) - # Dont proceed if the port channel does not exist - if is_portchannel_present_in_db(db, portchannel_name) is False: - ctx.fail("{} is not present.".format(portchannel_name)) + if ADHOC_VALIDATION: + # Check if the member interface given by user is valid in the namespace. + if interface_name_is_valid(db, port_name) is False: + ctx.fail("Interface name is invalid. Please enter a valid interface name!!") - # Dont proceed if the the port is not an existing member of the port channel - if not is_port_member_of_this_portchannel(db, port_name, portchannel_name): - ctx.fail("{} is not a member of portchannel {}".format(port_name, portchannel_name)) + # Dont proceed if the port channel does not exist + if is_portchannel_present_in_db(db, portchannel_name) is False: + ctx.fail("{} is not present.".format(portchannel_name)) - db.set_entry('PORTCHANNEL_MEMBER', (portchannel_name, port_name), None) - db.set_entry('PORTCHANNEL_MEMBER', portchannel_name + '|' + port_name, None) + # Dont proceed if the the port is not an existing member of the port channel + if not is_port_member_of_this_portchannel(db, port_name, portchannel_name): + ctx.fail("{} is not a member of portchannel {}".format(port_name, portchannel_name)) + + try: + db.set_entry('PORTCHANNEL_MEMBER', portchannel_name + '|' + port_name, None) + except JsonPatchConflict: + ctx.fail("Invalid or nonexistent portchannel or interface. Please ensure existence of portchannel member.") # @@ -4302,7 +4310,7 @@ def ip(ctx): def add(ctx, interface_name, ip_addr, gw): """Add an IP address towards the interface""" # Get the config_db connector - config_db = ctx.obj['config_db'] + config_db = ValidatedConfigDBConnector(ctx.obj['config_db']) if clicommon.get_interface_naming_mode() == "alias": interface_name = interface_alias_to_name(config_db, interface_name) @@ -4366,7 +4374,7 @@ def add(ctx, interface_name, ip_addr, gw): def remove(ctx, interface_name, ip_addr): """Remove an IP address from the interface""" # Get the config_db connector - config_db = ctx.obj['config_db'] + config_db = ValidatedConfigDBConnector(ctx.obj['config_db']) if clicommon.get_interface_naming_mode() == "alias": interface_name = interface_alias_to_name(config_db, interface_name) From 423779410d8f8784bc6a116aa656cb4f822c0ac6 Mon Sep 17 00:00:00 2001 From: Jing Zhang Date: Fri, 7 Oct 2022 15:28:49 -0700 Subject: [PATCH 35/38] [muxcable][config] add CLI support for mux mode detach (#2425) What I did Add support for config mux mode detach. Stemming from sonic-net/sonic-linkmgrd#79 sign-off: Jing Zhang zhangjing@microsoft.com How I did it Add detach to the choice list. How to verify it Existing unit test. Tested on DUT --- config/muxcable.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/muxcable.py b/config/muxcable.py index 071f578a7a..8344606ed4 100644 --- a/config/muxcable.py +++ b/config/muxcable.py @@ -280,7 +280,7 @@ def update_configdb_pck_loss_data(config_db, port, val): # 'muxcable' command ("config muxcable mode active|auto") @muxcable.command() -@click.argument('state', metavar='', required=True, type=click.Choice(["active", "auto", "manual", "standby"])) +@click.argument('state', metavar='', required=True, type=click.Choice(["active", "auto", "manual", "standby", "detach"])) @click.argument('port', metavar='', required=True, default=None) @click.option('--json', 'json_output', required=False, is_flag=True, type=click.BOOL) @clicommon.pass_db From 2372e2983fcec1d1b82c9883e0c34fa3fa9fc2e1 Mon Sep 17 00:00:00 2001 From: Andriy Yurkiv <70649192+ayurkiv-nvda@users.noreply.github.com> Date: Mon, 10 Oct 2022 19:29:06 +0300 Subject: [PATCH 36/38] [show priority-group drop counters] Remove backup with cached PG drop counters after 'config reload' (#2386) #### What I did After config reload for some period of time when COUNTERS_PG_PORT_MAP is not created yet, CLI command 'show prioriy-group counter' exits with the traceback because it expects COUNTERS_PG_PORT_MAP to be present and doesn't do proper handling for the situation when it is not yet populated. Handling was fixed #### How I did it use "not" instead of "is None" #### How to verify it UT added #### Previous command output (if the output of a command-line utility has changed) ``` root@r-lionfish-13:/home/admin# show priority-group drop counters Traceback (most recent call last): File "/usr/local/bin/pg-drop", line 262, in main() File "/usr/local/bin/pg-drop", line 255, in main pgdropstat.print_all_stat(COUNTER_TABLE_PREFIX, "pg_drop" ) File "/usr/local/bin/pg-drop", line 160, in print_all_stat self.build_header(type) File "/usr/local/bin/pg-drop", line 119, in build_header single_key = list(header_map.keys())[0] IndexError: list index out of range ``` #### New command output (if the output of a command-line utility has changed) `COUNTERS_PORT_NAME_MAP is empty!` --- scripts/pg-drop | 18 +++--- tests/pgdrop_input/counters_db.json | 83 ++++++++++++++++++++++++++ tests/pgdrop_input/counters_db2.json | 63 ++++++++++++++++++++ tests/pgdrop_input/counters_db3.json | 62 +++++++++++++++++++ tests/pgdrop_input/counters_db4.json | 62 +++++++++++++++++++ tests/pgdropstat_test.py | 89 ++++++++++++++++++++++++++-- 6 files changed, 362 insertions(+), 15 deletions(-) create mode 100644 tests/pgdrop_input/counters_db.json create mode 100644 tests/pgdrop_input/counters_db2.json create mode 100644 tests/pgdrop_input/counters_db3.json create mode 100644 tests/pgdrop_input/counters_db4.json diff --git a/scripts/pg-drop b/scripts/pg-drop index fee95124bd..6005fdb393 100755 --- a/scripts/pg-drop +++ b/scripts/pg-drop @@ -58,15 +58,15 @@ class PgDropStat(object): Get port ID using object ID """ port_id = self.counters_db.get(self.counters_db.COUNTERS_DB, COUNTERS_PG_PORT_MAP, oid) - if port_id is None: - print("Port is not available for oid '{}'".format(oid), file=sys.stderr) + if not port_id: + print("Port is not available for oid '{}'".format(oid)) sys.exit(1) return port_id # Get all ports self.counter_port_name_map = self.counters_db.get_all(self.counters_db.COUNTERS_DB, COUNTERS_PORT_NAME_MAP) - if self.counter_port_name_map is None: - print("COUNTERS_PORT_NAME_MAP is empty!", file=sys.stderr) + if not self.counter_port_name_map: + print("COUNTERS_PORT_NAME_MAP is empty!") sys.exit(1) self.port_pg_map = {} @@ -78,8 +78,8 @@ class PgDropStat(object): # Get PGs for each port counter_pg_name_map = self.counters_db.get_all(self.counters_db.COUNTERS_DB, COUNTERS_PG_NAME_MAP) - if counter_pg_name_map is None: - print("COUNTERS_PG_NAME_MAP is empty!", file=sys.stderr) + if not counter_pg_name_map: + print("COUNTERS_PG_NAME_MAP is empty!") sys.exit(1) for pg in counter_pg_name_map: @@ -101,8 +101,8 @@ class PgDropStat(object): oid - object ID for entry in redis """ pg_index = self.counters_db.get(self.counters_db.COUNTERS_DB, COUNTERS_PG_INDEX_MAP, oid) - if pg_index is None: - print("Priority group index is not available for oid '{}'".format(table_id), file=sys.stderr) + if not pg_index: + print("Priority group index is not available for oid '{}'".format(oid)) sys.exit(1) return pg_index @@ -111,7 +111,7 @@ class PgDropStat(object): Construct header for table with PG counters """ if pg_drop_type is None: - print("Header info is not available!", file=sys.stderr) + print("Header info is not available!") sys.exit(1) self.header_list = ['Port'] diff --git a/tests/pgdrop_input/counters_db.json b/tests/pgdrop_input/counters_db.json new file mode 100644 index 0000000000..448f7a124f --- /dev/null +++ b/tests/pgdrop_input/counters_db.json @@ -0,0 +1,83 @@ +{ + "COUNTERS_PORT_NAME_MAP": { + }, + "COUNTERS_PG_NAME_MAP": { + "Ethernet0:0": "oid:0x1a00000000034f", + "Ethernet0:1": "oid:0x1a000000000350", + "Ethernet0:2": "oid:0x1a000000000351", + "Ethernet0:3": "oid:0x1a000000000352", + "Ethernet0:4": "oid:0x1a000000000353", + "Ethernet0:5": "oid:0x1a000000000354", + "Ethernet0:6": "oid:0x1a000000000355", + "Ethernet0:7": "oid:0x1a000000000356", + "Ethernet4:0": "oid:0x1a000000000377", + "Ethernet4:1": "oid:0x1a000000000378", + "Ethernet4:2": "oid:0x1a000000000379", + "Ethernet4:3": "oid:0x1a00000000037a", + "Ethernet4:4": "oid:0x1a00000000037b", + "Ethernet4:5": "oid:0x1a00000000037c", + "Ethernet4:6": "oid:0x1a00000000037d", + "Ethernet4:7": "oid:0x1a00000000037e", + "Ethernet8:0": "oid:0x1a00000000039f", + "Ethernet8:1": "oid:0x1a0000000003a0", + "Ethernet8:2": "oid:0x1a0000000003a1", + "Ethernet8:3": "oid:0x1a0000000003a2", + "Ethernet8:4": "oid:0x1a0000000003a3", + "Ethernet8:5": "oid:0x1a0000000003a4", + "Ethernet8:6": "oid:0x1a0000000003a5", + "Ethernet8:7": "oid:0x1a0000000003a6" + }, + "COUNTERS_PG_PORT_MAP": { + "oid:0x1a00000000034f": "oid:0x1000000000012", + "oid:0x1a000000000350": "oid:0x1000000000012", + "oid:0x1a000000000351": "oid:0x1000000000012", + "oid:0x1a000000000352": "oid:0x1000000000012", + "oid:0x1a000000000353": "oid:0x1000000000012", + "oid:0x1a000000000354": "oid:0x1000000000012", + "oid:0x1a000000000355": "oid:0x1000000000012", + "oid:0x1a000000000356": "oid:0x1000000000012", + "oid:0x1a000000000377": "oid:0x1000000000013", + "oid:0x1a000000000378": "oid:0x1000000000013", + "oid:0x1a000000000379": "oid:0x1000000000013", + "oid:0x1a00000000037a": "oid:0x1000000000013", + "oid:0x1a00000000037b": "oid:0x1000000000013", + "oid:0x1a00000000037c": "oid:0x1000000000013", + "oid:0x1a00000000037d": "oid:0x1000000000013", + "oid:0x1a00000000037e": "oid:0x1000000000013", + "oid:0x1a00000000039f": "oid:0x1000000000014", + "oid:0x1a0000000003a0": "oid:0x1000000000014", + "oid:0x1a0000000003a1": "oid:0x1000000000014", + "oid:0x1a0000000003a2": "oid:0x1000000000014", + "oid:0x1a0000000003a3": "oid:0x1000000000014", + "oid:0x1a0000000003a4": "oid:0x1000000000014", + "oid:0x1a0000000003a5": "oid:0x1000000000014", + "oid:0x1a0000000003a6": "oid:0x1000000000014" + }, + + "COUNTERS_PG_INDEX_MAP": { + "oid:0x1a00000000034f": "0", + "oid:0x1a000000000350": "1", + "oid:0x1a000000000351": "2", + "oid:0x1a000000000352": "3", + "oid:0x1a000000000353": "4", + "oid:0x1a000000000354": "5", + "oid:0x1a000000000355": "6", + "oid:0x1a000000000356": "7", + "oid:0x1a000000000377": "0", + "oid:0x1a000000000378": "1", + "oid:0x1a000000000379": "2", + "oid:0x1a00000000037a": "3", + "oid:0x1a00000000037b": "4", + "oid:0x1a00000000037c": "5", + "oid:0x1a00000000037d": "6", + "oid:0x1a00000000037e": "7", + "oid:0x1a00000000039f": "0", + "oid:0x1a0000000003a0": "1", + "oid:0x1a0000000003a1": "2", + "oid:0x1a0000000003a2": "3", + "oid:0x1a0000000003a3": "4", + "oid:0x1a0000000003a4": "5", + "oid:0x1a0000000003a5": "6", + "oid:0x1a0000000003a6": "7" + } +} diff --git a/tests/pgdrop_input/counters_db2.json b/tests/pgdrop_input/counters_db2.json new file mode 100644 index 0000000000..3c5d84df1f --- /dev/null +++ b/tests/pgdrop_input/counters_db2.json @@ -0,0 +1,63 @@ +{ + "COUNTERS_PORT_NAME_MAP": { + "Ethernet0": "oid:0x1000000000012", + "Ethernet4": "oid:0x1000000000013", + "Ethernet8": "oid:0x1000000000014" + + }, + "COUNTERS_PG_NAME_MAP": { + }, + "COUNTERS_PG_PORT_MAP": { + "oid:0x1a00000000034f": "oid:0x1000000000012", + "oid:0x1a000000000350": "oid:0x1000000000012", + "oid:0x1a000000000351": "oid:0x1000000000012", + "oid:0x1a000000000352": "oid:0x1000000000012", + "oid:0x1a000000000353": "oid:0x1000000000012", + "oid:0x1a000000000354": "oid:0x1000000000012", + "oid:0x1a000000000355": "oid:0x1000000000012", + "oid:0x1a000000000356": "oid:0x1000000000012", + "oid:0x1a000000000377": "oid:0x1000000000013", + "oid:0x1a000000000378": "oid:0x1000000000013", + "oid:0x1a000000000379": "oid:0x1000000000013", + "oid:0x1a00000000037a": "oid:0x1000000000013", + "oid:0x1a00000000037b": "oid:0x1000000000013", + "oid:0x1a00000000037c": "oid:0x1000000000013", + "oid:0x1a00000000037d": "oid:0x1000000000013", + "oid:0x1a00000000037e": "oid:0x1000000000013", + "oid:0x1a00000000039f": "oid:0x1000000000014", + "oid:0x1a0000000003a0": "oid:0x1000000000014", + "oid:0x1a0000000003a1": "oid:0x1000000000014", + "oid:0x1a0000000003a2": "oid:0x1000000000014", + "oid:0x1a0000000003a3": "oid:0x1000000000014", + "oid:0x1a0000000003a4": "oid:0x1000000000014", + "oid:0x1a0000000003a5": "oid:0x1000000000014", + "oid:0x1a0000000003a6": "oid:0x1000000000014" + }, + + "COUNTERS_PG_INDEX_MAP": { + "oid:0x1a00000000034f": "0", + "oid:0x1a000000000350": "1", + "oid:0x1a000000000351": "2", + "oid:0x1a000000000352": "3", + "oid:0x1a000000000353": "4", + "oid:0x1a000000000354": "5", + "oid:0x1a000000000355": "6", + "oid:0x1a000000000356": "7", + "oid:0x1a000000000377": "0", + "oid:0x1a000000000378": "1", + "oid:0x1a000000000379": "2", + "oid:0x1a00000000037a": "3", + "oid:0x1a00000000037b": "4", + "oid:0x1a00000000037c": "5", + "oid:0x1a00000000037d": "6", + "oid:0x1a00000000037e": "7", + "oid:0x1a00000000039f": "0", + "oid:0x1a0000000003a0": "1", + "oid:0x1a0000000003a1": "2", + "oid:0x1a0000000003a2": "3", + "oid:0x1a0000000003a3": "4", + "oid:0x1a0000000003a4": "5", + "oid:0x1a0000000003a5": "6", + "oid:0x1a0000000003a6": "7" + } +} diff --git a/tests/pgdrop_input/counters_db3.json b/tests/pgdrop_input/counters_db3.json new file mode 100644 index 0000000000..00ae077d03 --- /dev/null +++ b/tests/pgdrop_input/counters_db3.json @@ -0,0 +1,62 @@ +{ + "COUNTERS_PORT_NAME_MAP": { + "Ethernet0": "oid:0x1000000000012", + "Ethernet4": "oid:0x1000000000013", + "Ethernet8": "oid:0x1000000000014" + }, + "COUNTERS_PG_NAME_MAP": { + "Ethernet0:0": "oid:0x1a00000000034f", + "Ethernet0:1": "oid:0x1a000000000350", + "Ethernet0:2": "oid:0x1a000000000351", + "Ethernet0:3": "oid:0x1a000000000352", + "Ethernet0:4": "oid:0x1a000000000353", + "Ethernet0:5": "oid:0x1a000000000354", + "Ethernet0:6": "oid:0x1a000000000355", + "Ethernet0:7": "oid:0x1a000000000356", + "Ethernet4:0": "oid:0x1a000000000377", + "Ethernet4:1": "oid:0x1a000000000378", + "Ethernet4:2": "oid:0x1a000000000379", + "Ethernet4:3": "oid:0x1a00000000037a", + "Ethernet4:4": "oid:0x1a00000000037b", + "Ethernet4:5": "oid:0x1a00000000037c", + "Ethernet4:6": "oid:0x1a00000000037d", + "Ethernet4:7": "oid:0x1a00000000037e", + "Ethernet8:0": "oid:0x1a00000000039f", + "Ethernet8:1": "oid:0x1a0000000003a0", + "Ethernet8:2": "oid:0x1a0000000003a1", + "Ethernet8:3": "oid:0x1a0000000003a2", + "Ethernet8:4": "oid:0x1a0000000003a3", + "Ethernet8:5": "oid:0x1a0000000003a4", + "Ethernet8:6": "oid:0x1a0000000003a5", + "Ethernet8:7": "oid:0x1a0000000003a6" + }, + "COUNTERS_PG_PORT_MAP": { + }, + + "COUNTERS_PG_INDEX_MAP": { + "oid:0x1a00000000034f": "0", + "oid:0x1a000000000350": "1", + "oid:0x1a000000000351": "2", + "oid:0x1a000000000352": "3", + "oid:0x1a000000000353": "4", + "oid:0x1a000000000354": "5", + "oid:0x1a000000000355": "6", + "oid:0x1a000000000356": "7", + "oid:0x1a000000000377": "0", + "oid:0x1a000000000378": "1", + "oid:0x1a000000000379": "2", + "oid:0x1a00000000037a": "3", + "oid:0x1a00000000037b": "4", + "oid:0x1a00000000037c": "5", + "oid:0x1a00000000037d": "6", + "oid:0x1a00000000037e": "7", + "oid:0x1a00000000039f": "0", + "oid:0x1a0000000003a0": "1", + "oid:0x1a0000000003a1": "2", + "oid:0x1a0000000003a2": "3", + "oid:0x1a0000000003a3": "4", + "oid:0x1a0000000003a4": "5", + "oid:0x1a0000000003a5": "6", + "oid:0x1a0000000003a6": "7" + } +} diff --git a/tests/pgdrop_input/counters_db4.json b/tests/pgdrop_input/counters_db4.json new file mode 100644 index 0000000000..366652a5ef --- /dev/null +++ b/tests/pgdrop_input/counters_db4.json @@ -0,0 +1,62 @@ +{ + "COUNTERS_PORT_NAME_MAP": { + "Ethernet0": "oid:0x1000000000012", + "Ethernet4": "oid:0x1000000000013", + "Ethernet8": "oid:0x1000000000014" + }, + "COUNTERS_PG_NAME_MAP": { + "Ethernet0:0": "oid:0x1a00000000034f", + "Ethernet0:1": "oid:0x1a000000000350", + "Ethernet0:2": "oid:0x1a000000000351", + "Ethernet0:3": "oid:0x1a000000000352", + "Ethernet0:4": "oid:0x1a000000000353", + "Ethernet0:5": "oid:0x1a000000000354", + "Ethernet0:6": "oid:0x1a000000000355", + "Ethernet0:7": "oid:0x1a000000000356", + "Ethernet4:0": "oid:0x1a000000000377", + "Ethernet4:1": "oid:0x1a000000000378", + "Ethernet4:2": "oid:0x1a000000000379", + "Ethernet4:3": "oid:0x1a00000000037a", + "Ethernet4:4": "oid:0x1a00000000037b", + "Ethernet4:5": "oid:0x1a00000000037c", + "Ethernet4:6": "oid:0x1a00000000037d", + "Ethernet4:7": "oid:0x1a00000000037e", + "Ethernet8:0": "oid:0x1a00000000039f", + "Ethernet8:1": "oid:0x1a0000000003a0", + "Ethernet8:2": "oid:0x1a0000000003a1", + "Ethernet8:3": "oid:0x1a0000000003a2", + "Ethernet8:4": "oid:0x1a0000000003a3", + "Ethernet8:5": "oid:0x1a0000000003a4", + "Ethernet8:6": "oid:0x1a0000000003a5", + "Ethernet8:7": "oid:0x1a0000000003a6" + }, + "COUNTERS_PG_PORT_MAP": { + "oid:0x1a00000000034f": "oid:0x1000000000012", + "oid:0x1a000000000350": "oid:0x1000000000012", + "oid:0x1a000000000351": "oid:0x1000000000012", + "oid:0x1a000000000352": "oid:0x1000000000012", + "oid:0x1a000000000353": "oid:0x1000000000012", + "oid:0x1a000000000354": "oid:0x1000000000012", + "oid:0x1a000000000355": "oid:0x1000000000012", + "oid:0x1a000000000356": "oid:0x1000000000012", + "oid:0x1a000000000377": "oid:0x1000000000013", + "oid:0x1a000000000378": "oid:0x1000000000013", + "oid:0x1a000000000379": "oid:0x1000000000013", + "oid:0x1a00000000037a": "oid:0x1000000000013", + "oid:0x1a00000000037b": "oid:0x1000000000013", + "oid:0x1a00000000037c": "oid:0x1000000000013", + "oid:0x1a00000000037d": "oid:0x1000000000013", + "oid:0x1a00000000037e": "oid:0x1000000000013", + "oid:0x1a00000000039f": "oid:0x1000000000014", + "oid:0x1a0000000003a0": "oid:0x1000000000014", + "oid:0x1a0000000003a1": "oid:0x1000000000014", + "oid:0x1a0000000003a2": "oid:0x1000000000014", + "oid:0x1a0000000003a3": "oid:0x1000000000014", + "oid:0x1a0000000003a4": "oid:0x1000000000014", + "oid:0x1a0000000003a5": "oid:0x1000000000014", + "oid:0x1a0000000003a6": "oid:0x1000000000014" + }, + + "COUNTERS_PG_INDEX_MAP": { + } +} diff --git a/tests/pgdropstat_test.py b/tests/pgdropstat_test.py index a46a05b25b..6b58b8f6e2 100644 --- a/tests/pgdropstat_test.py +++ b/tests/pgdropstat_test.py @@ -43,18 +43,95 @@ def setup_class(cls): os.environ['UTILITIES_UNIT_TESTING'] = "2" print("SETUP") + def replace_file(self, file_name_src, file_name_dst): + sample_config_db_file = os.path.join(test_path, file_name_src) + mock_config_db_file = os.path.join(test_path, "mock_tables", file_name_dst) + + #Backup origin config_db and replace it with config_db file with disabled PG_DROP counters + copyfile(mock_config_db_file, "/tmp/" + file_name_dst) + copyfile(sample_config_db_file, mock_config_db_file) + + return mock_config_db_file + + @pytest.fixture(scope='function') + def replace_counter_db_file(self): + mock_file = self.replace_file("pgdrop_input/counters_db.json", "counters_db.json") + + yield + + copyfile("/tmp/counters_db.json", mock_file) + @pytest.fixture(scope='function') def replace_config_db_file(self): - sample_config_db_file = os.path.join(test_path, "pgdrop_input", "config_db.json") - mock_config_db_file = os.path.join(test_path, "mock_tables", "config_db.json") + mock_file = self.replace_file("pgdrop_input/config_db.json", "config_db.json") - #Backup origin config_db and replace it with config_db file with disabled PG_DROP counters - copyfile(mock_config_db_file, "/tmp/config_db.json") - copyfile(sample_config_db_file, mock_config_db_file) + yield + + copyfile("/tmp/config_db.json", mock_file) + + @pytest.fixture(scope='function') + def replace_counter_db2_file(self): + mock_file = self.replace_file("pgdrop_input/counters_db2.json", "counters_db.json") yield - copyfile("/tmp/config_db.json", mock_config_db_file) + copyfile("/tmp/counters_db.json", mock_file) + + @pytest.fixture(scope='function') + def replace_counter_db3_file(self): + mock_file = self.replace_file("pgdrop_input/counters_db3.json", "counters_db.json") + + yield + + copyfile("/tmp/counters_db.json", mock_file) + + @pytest.fixture(scope='function') + def replace_counter_db4_file(self): + mock_file = self.replace_file("pgdrop_input/counters_db4.json", "counters_db.json") + + yield + + copyfile("/tmp/counters_db.json", mock_file) + + def test_show_pg_drop_pg_port_map(self, replace_counter_db3_file): + runner = CliRunner() + + result = runner.invoke(show.cli.commands["priority-group"].commands["drop"].commands["counters"]) + assert result.exit_code == 1 + print(result.exit_code) + + assert "Port is not available for oid" in result.output + print(result.exit_code) + + def test_show_pg_drop_pg_index_map(self, replace_counter_db4_file): + runner = CliRunner() + + result = runner.invoke(show.cli.commands["priority-group"].commands["drop"].commands["counters"]) + assert result.exit_code == 1 + print(result.exit_code) + + assert "Priority group index is not available for oid" in result.output + print(result.output) + + def test_show_pg_drop_port_name_map(self, replace_counter_db_file): + runner = CliRunner() + + result = runner.invoke(show.cli.commands["priority-group"].commands["drop"].commands["counters"]) + assert result.exit_code == 1 + print(result.exit_code) + + assert result.output == "COUNTERS_PORT_NAME_MAP is empty!\n" + print(result.output) + + def test_show_pg_drop_pg_name_map(self, replace_counter_db2_file): + runner = CliRunner() + + result = runner.invoke(show.cli.commands["priority-group"].commands["drop"].commands["counters"]) + assert result.exit_code == 1 + print(result.exit_code) + + assert result.output == "COUNTERS_PG_NAME_MAP is empty!\n" + print(result.output) def test_show_pg_drop_disabled(self, replace_config_db_file): runner = CliRunner() From 362ec9bd70540f1004e9da9481a1e5b065420ff2 Mon Sep 17 00:00:00 2001 From: siqbal1986 Date: Mon, 10 Oct 2022 11:15:06 -0700 Subject: [PATCH 37/38] [show] vnet advertised-route command (#2390) What I did Added a new show command to see the VNET Tunnel routes being advertised by BGP. The output can be filtered based on IPv4/Ipv6 and community string. How I did it Iterate over the BGP_PROFILE_TABLE in Application DB and ADVERTISE_NETWORK_TABLE in state DB. Correlate the information and filter based on community string. How to verify it run **show vnet advertised-routes ** with optional community string. $ show vnet advertised-route Prefix Profile Community Id ------------------------ ------------------- -------------- 160.62.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 160.63.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 160.64.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 fccc:a250:a251::a6:1/128 fddd:a150:a251::a6:1/128 FROM_SDN_SLB_ROUTES 1234:1235 $ show vnet advertised-route 1234:1235 Prefix Profile Community Id ------------------------ ------------------- -------------- 160.62.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 160.63.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 160.64.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 fddd:a150:a251::a6:1/128 FROM_SDN_SLB_ROUTES 1234:1235 --- show/vnet.py | 50 +++++++++++++++++++++++++++++++++ tests/mock_tables/appl_db.json | 3 ++ tests/mock_tables/state_db.json | 15 ++++++++++ tests/show_vnet_test.py | 48 +++++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+) diff --git a/show/vnet.py b/show/vnet.py index 46970e26f8..ba6f81ce8d 100644 --- a/show/vnet.py +++ b/show/vnet.py @@ -14,6 +14,56 @@ def vnet(): pass +@vnet.command() +@click.argument('args', metavar='[community:string]', required=False) +def advertised_routes(args): + """Show vnet advertised-routes [community string XXXX:XXXX]""" + state_db = SonicV2Connector() + state_db.connect(state_db.STATE_DB) + appl_db = SonicV2Connector() + appl_db.connect(appl_db.APPL_DB) + community_filter = '' + profile_filter = 'NO_PROFILE' + if args and len(args) > 0: + community_filter = args + + bgp_profile_keys = appl_db.keys(appl_db.APPL_DB, "BGP_PROFILE_TABLE:*") + bgp_profile_keys = natsorted(bgp_profile_keys) if bgp_profile_keys else [] + profiles = {} + for profilekey in bgp_profile_keys: + val = appl_db.get_all(appl_db.APPL_DB, profilekey) + if val: + community_id = val.get('community_id') + profiles[profilekey.split(':')[1]] = community_id + if community_filter and community_filter == community_id: + profile_filter = profilekey.split(':')[1] + break; + + adv_table_keys = state_db.keys(state_db.STATE_DB, "ADVERTISE_NETWORK_TABLE|*") + adv_table_keys = natsorted(adv_table_keys) if adv_table_keys else [] + header = ['Prefix', 'Profile', 'Community Id'] + table = [] + for k in adv_table_keys: + ip = k.split('|')[1] + val = state_db.get_all(appl_db.STATE_DB, k) + profile = val.get('profile') if val else 'NA' + if community_filter: + if profile == profile_filter: + r = [] + r.append(ip) + r.append(profile) + r.append(community_filter) + table.append(r) + else: + r = [] + r.append(ip) + r.append(profile) + if profile in profiles.keys(): + r.append(profiles[profile]) + table.append(r) + click.echo(tabulate(table, header)) + + @vnet.command() @click.argument('vnet_name', required=True) def name(vnet_name): diff --git a/tests/mock_tables/appl_db.json b/tests/mock_tables/appl_db.json index df2e25173f..fd60d8b136 100644 --- a/tests/mock_tables/appl_db.json +++ b/tests/mock_tables/appl_db.json @@ -329,5 +329,8 @@ "VNET_ROUTE_TUNNEL_TABLE:test_v4_in_v4-0:160.164.191.1/32": { "endpoint":"100.251.7.1", "endpoint_monitor":"100.251.7.1" + }, + "BGP_PROFILE_TABLE:FROM_SDN_SLB_ROUTES": { + "community_id" : "1234:1235" } } diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index 8d2f25c1e2..5e66e5b7d7 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -908,5 +908,20 @@ "rx_interval" : "500", "multiplier" : "3", "multihop": "true" + }, + "ADVERTISE_NETWORK_TABLE|160.63.191.1/32": { + "profile": "FROM_SDN_SLB_ROUTES" + }, + "ADVERTISE_NETWORK_TABLE|160.62.191.1/32": { + "profile": "FROM_SDN_SLB_ROUTES" + }, + "ADVERTISE_NETWORK_TABLE|160.64.191.1/32": { + "profile": "FROM_SDN_SLB_ROUTES" + }, + "ADVERTISE_NETWORK_TABLE|fddd:a150:a251::a6:1/128": { + "profile": "FROM_SDN_SLB_ROUTES" + }, + "ADVERTISE_NETWORK_TABLE|fccc:a250:a251::a6:1/128": { + "profile": "" } } diff --git a/tests/show_vnet_test.py b/tests/show_vnet_test.py index dcb7486178..5317b9b3ff 100644 --- a/tests/show_vnet_test.py +++ b/tests/show_vnet_test.py @@ -27,3 +27,51 @@ def test_show_vnet_routes_all_basic(self): test_v4_in_v4-0 160.164.191.1/32 100.251.7.1 """ assert result.output == expected_output + +class TestShowVnetAdvertisedRoutesIPX(object): + @classmethod + def setup_class(cls): + print("SETUP") + os.environ["UTILITIES_UNIT_TESTING"] = "1" + + def test_show_vnet_adv_routes_ip_basic(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['advertised-routes'], [], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Prefix Profile Community Id +------------------------ ------------------- -------------- +160.62.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +160.63.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +160.64.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +fccc:a250:a251::a6:1/128 +fddd:a150:a251::a6:1/128 FROM_SDN_SLB_ROUTES 1234:1235 +""" + assert result.output == expected_output + + def test_show_vnet_adv_routes_ip_string(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['advertised-routes'], ['1234:1235'], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Prefix Profile Community Id +------------------------ ------------------- -------------- +160.62.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +160.63.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +160.64.191.1/32 FROM_SDN_SLB_ROUTES 1234:1235 +fddd:a150:a251::a6:1/128 FROM_SDN_SLB_ROUTES 1234:1235 +""" + assert result.output == expected_output + + def test_show_vnet_adv_routes_ipv6_Error(self): + runner = CliRunner() + db = Db() + result = runner.invoke(show.cli.commands['vnet'].commands['advertised-routes'], ['1230:1235'], obj=db) + assert result.exit_code == 0 + expected_output = """\ +Prefix Profile Community Id +-------- --------- -------------- +""" + assert result.output == expected_output From c246801bac32a5a8b32dc878af07003eb846a27e Mon Sep 17 00:00:00 2001 From: pettershao-ragilenetworks <81281940+pettershao-ragilenetworks@users.noreply.github.com> Date: Tue, 11 Oct 2022 08:46:54 +0800 Subject: [PATCH 38/38] Filter port invalid MTU configuration (#2378) What I did Filter port invalid MTU configuration Adjust the MTU value to the range of [68,9216] --- config/main.py | 2 +- tests/config_int_mtu_test.py | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 tests/config_int_mtu_test.py diff --git a/config/main.py b/config/main.py index b35d507b1c..5ecfbd7dbc 100644 --- a/config/main.py +++ b/config/main.py @@ -4212,7 +4212,7 @@ def _get_all_mgmtinterface_keys(): @interface.command() @click.pass_context @click.argument('interface_name', metavar='', required=True) -@click.argument('interface_mtu', metavar='', required=True) +@click.argument('interface_mtu', metavar='', required=True, type=click.IntRange(68, 9216)) @click.option('-v', '--verbose', is_flag=True, help="Enable verbose output") def mtu(ctx, interface_name, interface_mtu, verbose): """Set interface mtu""" diff --git a/tests/config_int_mtu_test.py b/tests/config_int_mtu_test.py new file mode 100644 index 0000000000..c2037bcbe3 --- /dev/null +++ b/tests/config_int_mtu_test.py @@ -0,0 +1,26 @@ +import pytest +import config.main as config +from click.testing import CliRunner +from utilities_common.db import Db + +class TestConfigInterfaceMtu(object): + def test_interface_mtu_check(self): + runner = CliRunner() + db = Db() + result = runner.invoke(config.config.commands["interface"].commands["mtu"], + ["Ethernet0", "68"], obj=db) + assert result.exit_code != 0 + + result1 = runner.invoke(config.config.commands["interface"].commands["mtu"], + ["Ethernet0", "9216"], obj=db) + assert result1.exit_code != 0 + + def test_interface_invalid_mtu_check(self): + runner = CliRunner() + db = Db() + result = runner.invoke(config.config.commands["interface"].commands["mtu"], + ["Ethernet0", "67"], obj=db) + assert "Error: Invalid value" in result.output + result1 = runner.invoke(config.config.commands["interface"].commands["mtu"], + ["Ethernet0", "9217"], obj=db) + assert "Error: Invalid value" in result1.output