Skip to main content

Command Line Reference

The Command Line Reference guide is better understood if you know the basics of operating the programmable command line interface (PCLI). Commands and actions such as clear, edit, delete, restore, and show, for example, are described here. If you have not used the PCLI before, please refer to About the PCLI for an explanation of how it works.

adopt

Assign the current router to a Mist organization.

Usage

adopt [{org-id <org-id> | registration-code <registration-code>}] [force] [router-name <router-name>]
Keyword Arguments
namedescription
forceSkip confirmation prompt.
org-idThe ID of the Mist organization where the router is assigned.
registration-codeThe registration code used to assign this router to an organization.
router-nameAssign a name to the router.
See Also
commanddescription
show mistDisplay information about the link between the SSR and the Mist Cloud

Description

If you know the ID of the organization in Mist, or the registration code for the router, you can use the optional org-id or registration-code arguments. Otherwise, use the interactive dialog to walk through entering Mist credentials and assigning the router to an organization.

ReleaseModification
6.0.0This feature was introduced

clear app-id cache

Clear app-id entries from cache

Usage

clear app-id cache [force] [stale-entries] [node <node>] {router <router> | resource-group <resource-group>} [<cache>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to clear app-id cache entries
resource-groupThe name of the resource group
routerThe router on which to clear app-idcache entries
stale-entriesOnly clear the stale (expired) entries
Positional Arguments
namedescription
cacheClear app-id entries from address cache, domain cache, url cache, or all (default: all)
See Also
commanddescription
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-addressLook up application identification by address key
lookup application by-domainLook up application identification by domain name or url key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

clear app-id cache-entry address

Clear specific app-id entry from cache by address key

Usage

clear app-id cache-entry address [force] [node <node>] {router <router> | resource-group <resource-group>} <ip> <port> <protocol>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to clear app-id cache entry
resource-groupThe name of the resource group
routerThe router on which to clear app-id cache entry
Positional Arguments
namedescription
ipIP address of the address key [type: IP address]
portPort of the address key [type: port]
protocolProtocol of the address key [type: string or uint8]
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-addressLook up application identification by address key
lookup application by-domainLook up application identification by domain name or url key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

clear app-id cache-entry domain

Clear specific app-id entry from cache by domain name key

Usage

clear app-id cache-entry domain [force] [node <node>] {router <router> | resource-group <resource-group>} <domain>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to clear app-id cache entry
resource-groupThe name of the resource group
routerThe router on which to clear app-id cache entry
Positional Arguments
namedescription
domainDomain name
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-addressLook up application identification by address key
lookup application by-domainLook up application identification by domain name or url key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

clear app-id cache-entry url

Clear specific app-id entry from cache by url key

Usage

clear app-id cache-entry url [force] [node <node>] {router <router> | resource-group <resource-group>} <url>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to clear app-id cache entry
resource-groupThe name of the resource group
routerThe router on which to clear app-id cache entry
Positional Arguments
namedescription
urlURL
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
lookup application by-addressLook up application identification by address key
lookup application by-domainLook up application identification by domain name or url key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

clear app-id stats

Clear inactive app-id stats

Usage

clear app-id stats [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to clear inactive app-id stats
resource-groupThe name of the resource group
routerThe router on which to clear inactive app-id stats
See Also
commanddescription
show stats app-id applicationsStatistics for 'applications'

clear arp

Refresh the entire ARP cache or a subset if arguments are provided.

Usage

clear arp [{vlan <vlan> | ip <ip>}] [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceThe device interface on which to refresh the ARP cache (default: all).
forceSkip confirmation prompt. Only required when targeting all routers.
ipThe IP address for which to clear an ARP entry (must be specified after 'device-interface'). [type: IP address]
nodeThe name of the node.
resource-groupThe name of the resource group.
routerThe name of the router.
vlanThe VLAN on which to clear the ARP cache (must be specified after 'device-interface'). [type: int]
See Also
commanddescription
show arpShows the contents of the ARP table on the specified node.

Description

The clear arp command is typically used during troubleshooting to force a refresh of ARP (Address Resolution Protocol) entries from an SSR or node's ARP cache. The command has multiple filters, allowing administrators to specify which entry to refresh. The PCLI auto-completes typed entries for improved accuracy.

note

ARP entries are not removed or deleted; instead the command forces a refresh of the cache outside of the scheduled ARP timeout.

Version History

ReleaseModification
3.2.0This feature was introduced

clear bgp

Clear routes associated with one or all BGP neighbors.

Usage

clear bgp [{in | out | soft}] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} <neighbor>
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
inSoft reset received BGP updates
outSoft reset transmitted BGP updates
resource-groupThe name of the resource group
routerThe name of the router for which to clear BGP neighbors
softSoft reset received and transmitted BGP updates
vrfVRF name
Positional Arguments
namedescription
neighborneighbor ip-address [type: IP address or 'all']
See Also
commanddescription
show bgpDisplays information about the state of the BGP process on the SSR.

clear history

Clear the PCLI's command history for this user.

Usage

clear history
See Also
commanddescription
show historyShow PCLI command history for the current user.

clear pim mroute

Clears all multicast routes.

Usage

clear pim mroute [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to clear multicast routes
vrfVRF name

clone

Clone the configuration of one router to create a new router with a new name and identical contents.

Usage

router [force] <name> <new-name>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
nameAn identifier for the router
new-nameThe new value for the router name

Example

admin@conductor-east-1.RTR_EAST_CONDUCTOR# configure authority clone router Boston NewYork

Description

The clone command duplicates the configuration data from the existing Boston router into a new router with the name NewYork, and stages it to the candidate configuration.

Version History

ReleaseModification
5.0.0This feature was introduced

commit

Commit the candidate config as the new running config.

Usage

commit [force] [validate-router-all]
Keyword Arguments
namedescription
forceSkip confirmation prompt
validate-router-allDistribute config to each managed router for validation and wait for results before committing

Description

The commit command causes the SSR to validate the candidate configuration, and then replace the running configuration with the candidate configuration (assuming it passes the validation step). It is used once a series of configuration changes have been made, and an administrator wishes to "activate" those configuration changes.

When run from an SSR conductor, the conductor only validates the configuration itself locally before committing the configuration and then distributing it to all managed routers. If the user wishes, the conductor has the ability to distribute the configuration to all managed routers for each of them to validate it and report the results of their validation before the commit takes place (assuming a successful validation). This operation is much slower than local validation because the conductor must wait for all routers to report their results and some may be unreachable or timeout. The user may request a distributed validation by using the validate-router-all keyword.

The commit command will prompt a user for confirmation, as this is a (potentially) service affecting command. By supplying the optional force keyword, the confirmation step is skipped:

*admin@labsystem1.fiedler# commit
Are you sure you want to commit the candidate config? [y/N]: y
Configuration committed

*admin@labsystem1.fiedler# commit force
Configuration committed
admin@labsystem1.fiedler#

If the validation step fails, the administrator will be notified, the commit step is not executed, and the existing running configuration will remain in place. The validator will get a list of all errors that must be addressed before the commit can be completed. There may also be warnings displayed in the event that the candidate configuration contains elements that are deprecated.

Example

*admin@burl-corp-primary.burl-corp# commit
✖ Validating, then committing...
% Error: Failed to commit:
1. Service name "bar" does not exist

config
authority
router burl-corp
service-route foo
service-name

2. A service route must have at least one next-hop, peer,
nat-target, use-learned-routes, routing-stack or host configured. It cannot have both
the peer and nat-target configured.

config
authority
router burl-corp
service-route foo

3. Service-route foo for service '' is not allowed on router burl-corp. Please check the applies-to config
on the service.

config
authority
router burl-corp
service-route foo

Version History

ReleaseModification
1.0.0This feature was introduced
3.0.0force feature was added

compare config

Display the differences between two configurations.

Usage

compare config [<old>] [<new>]
Positional Arguments
namedescription
oldThe original configuration against which differences should be computed (default: running). Can be candidate, running, factory-defaults, or the name of a previously exported configuration.
newThe updated configuration for which differences should be computed. Can be candidate, running, factory-defaults, or the name of a previously exported configuration.

Description

The compare config command presents a list of differences between the two configurations specified as arguments on the command line. The one listed first influences the output in a very important way: the SSR will return a list of configuration commands that will cause the configuration to be listed first to be brought to parity with the one listed second. (Note: since the only editable configuration is the "candidate" configuration, the changes outlined by the compare config command cannot be directly applied to the "running" configuration.)

The ability to specify a previously exported configuration file to compare against the running or candidate config allows you to compare configurations without having to import the exported config into the candidate config for comparison.

In the example below, the candidate and running configurations are identical save for a single service-route that has been added to the candidate configuration.

*admin@labsystem1.fiedler# compare config running candidate

config
authority
router Fabric128
name Fabric128
service-route myRoute
name myRoute
service-name myService
destination 10.10.10.10
exit
exit
exit
exit

This shows that the running configuration is missing the candidate's service-route. By reversing the order of the arguments, the output changes:

*admin@labsystem1.fiedler# compare config candidate running

config
authority
router Fabric128
name Fabric128
delete service-route force myRoute
exit
exit
exit

Note here that the output shows that the running configuration has deleted the candidate configuration's service-route via the delete service-route force myRoute statement. Cutting and pasting this configuration into the PCLI will affect the candidate configuration – and make it match the running configuration.

When two configurations are identical, comparing them will return that there are no changes to display:

admin@labsystem1.fiedler# compare config candidate running

# No differences
admin@labsystem1.fiedler#
See Also
commanddescription
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Version History

ReleaseModification
2.0.0This feature was introduced
5.1.0Added the ability to compare between the running or candidate config and an exported config, or between two exported configurations.

configure

Usage

configure [authority [ ... ] ]

Description

The configure command places administrators into the configuration tree (hierarchy), where they will be making changes to the candidate configuration. When entered as a standalone command (i.e., configure by itself), the administrator is placed at the top of the configuration tree.

admin@labsystem1.fiedler# configure
admin@labsystem.beacon (config)#

Alternatively, administrators may execute the configure command with optional arguments to enter into configuration mode "deeper" in the configuration tree. For example:

admin@labsystem1.fiedler# configure authority router Fabric128
admin@labsystem1.fiedler (router[name=Fabric128])#

By supplying optional arguments to the configure command as in the above example, the administrator has entered into the configuration tree at the "router" tier, within the router element named "Fabric128". Not only can administrators enter into the configuration tree at any point through this technique, but new configuration can also applied directly in this same way.

admin@labsystem1.fiedler# configure auth router Fabric128 description "sample description"
admin@labsystem1.fiedler# show config candidate

config

authority
name Authority128

router Fabric128
name Fabric128
location usa
description "sample description"
...

Required Fields

Some arguments and subcommands contain required fields for configuration. The configure help text now identifies required fields. For example:

...
usage: inter-node-security [<security-ref>]

The name of the security policy used for inter node communication between router interfaces

positional arguments:
security-ref The value to set for this field

security-ref (leafref) (required): This type is used by other entities that need to reference configured security policies.

Options: internal, aes1, or test

Version History

ReleaseModification
1.0.0This feature was introduced
2.0.0Command was renamed to configure from config

connect

Connect to a Managed Router. For more information, read Connecting to SSRs from Conductor.

Usage

connect [username <username>] router <router> node <node>
Keyword Arguments
namedescription
nodeThe node to connect to
routerThe router to connect to
usernameUsername to use for login to the Managed Router (default: <current user>)

create capture-filter

Creates a capture-filter using BPF syntax (as used in wireshark) on the target interface.

Usage

create capture-filter device-interface <device-interface> router <router> node <node> <capture-filter>
Keyword Arguments
namedescription
device-interfaceThe device interface on which to create the capture filter
nodeThe node on which to create the capture filter
routerThe router on which to create the capture filter
Positional Arguments
namedescription
capture-filterThe capture-filter to create (Uses BPF syntax)
See Also
commanddescription
delete capture-filterDeletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.)
show capture-filtersShow active capture-filters.
show stats packet-captureStats pertaining to captured packets

Example

admin@tp-colo-primary.tp-colo# create capture-filter device-interface blended-5 "host 172.18.5.4"
Successfully created capture-filter

Version History

ReleaseModification
4.4.0This feature was introduced

create certificate request webserver

Create a certificate signing request.

Usage

create certificate request webserver
See Also
commanddescription
create certificate self-signed webserverCreate a self-signed certificate.
delete certificate webserverDelete the webserver certificate.
import certificate webserverImport a certificate to be used by the webserver.
show certificate webserverDisplay the webserver certificate

Description

The create certificate request webserver generates a certificate-request, which is then sent to a Certificate Authority. The SSR will, through a series of interactive prompts, request information from the administrator to generate either the request or certificate, as appropriate.

The certificate created by the create certificate command stores its output file at /etc/128technology/pki/.

create certificate self-signed webserver

Create a self-signed certificate.

Usage

create certificate self-signed webserver
See Also
commanddescription
create certificate request webserverCreate a certificate signing request.
delete certificate webserverDelete the webserver certificate.
import certificate webserverImport a certificate to be used by the webserver.
show certificate webserverDisplay the webserver certificate

Description

The create certificate self-signed webserver generates a self-signed certificate which is used for the local webserver. The SSR will, through a series of interactive prompts, request information from the administrator to generate either the request or certificate, as appropriate.

Example

admin@labsystem1.fiedler# create certificate self-signed webserver
Certificate common name: test.128technology.com
Country name (2 char): US
State name: MA
Organization name: 128Technology
RSA key size (2048/4096) [4096]: 4096
Certificate validity in days (1 - 7300) [365]: 365
Self-signed certificate successfully
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31228 (0x79fc)
...

create config autogenerated

Run configuration generation.

Usage

create config autogenerated

Description

Forces re-generation of all automatically generated configuration items, and stages the configuration changes into the current candidate configuration. Configuration generation is done automatically as part of a commit. This command serves only to aid in debugging, and allows you to validate, inspect, and make edits, without committing the changes.

See Also
commanddescription
compare configDisplay the differences between two configurations.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Version History

ReleaseModification
5.1.0This feature was introduced

create session-capture

Creates a session capture at the specified node and service.

Usage

create session-capture [source-ip <source-ip>] [source-port <source-port>] [destination-ip <destination-ip>] [destination-port <destination-port>] [protocol <protocol>] [session-count <session-count>] [packet-count <packet-count>] [local-only] [tag <tag>] service <service> router <router> node <node>
Keyword Arguments
namedescription
destination-ipThe destination IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0)
destination-portThe destination port to match (can be a range) [type: port or port-range] (default: 0-65535)
local-onlySession capture is local to the node
nodeThe ingress node on which to create the session capture
packet-countThe number of packets to capture per session, in each direction [type: 'unlimited' or positive int] (default: 100)
protocolThe protocol to match (in decimal or by name, eg 'tcp') [type: string or uint8] (default: all)
routerThe router on which to create the session capture
serviceThe service on which to create the session capture
session-countThe number of sessions to capture [type: 'unlimited' or positive int] (default: 100)
source-ipThe source IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0)
source-portThe source port to match (can be a range) [type: port or port-range] (default: 0-65535)
tagAn optional custom name for the session capture pcap files
See Also
commanddescription
delete session-captureDeletes session capture from selected service.
delete session-capture by-idDeletes session-capture by capture-id from selected service.
show session-capturesShow active session-captures.

Description

When destination or source IPs are not specified, any IP will be matched.

When destination or source port is not provided, port range of 0-65535 is used.

When protocol is not provided, all protocols will be matched.

When session-count is not specified, default will be unlimited.

When packet-count is not specified, default is 100 packets in each direction for each session matched.

create user

Create a new user account interactively.

Usage

create user [<username>]
Positional Arguments
namedescription
usernamethe name of the account to create
See Also
commanddescription
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

The create user command allows administrators to create user accounts for user and/or administrative access to the SSR's management port. Issuing the create user <username> launches an interactive session that prompts for the new user's full name, password, whether they are an administrative or basic user, and the enabled/disabled state of that user account.

note

Password policies have been updated with the release of version 5.6. Please see Password Policies for additional information.

Example

admin@labsystem1.fiedler# create user jdeveloper
Creating account "jdeveloper"...
Full Name: Joe Developer
Password: <not echoed to screen>
Confirm: <not echoed to screen>
Role (user | admin) [user]: admin
Enabled: true
Account "jdeveloper" successfully created

Version History

ReleaseModification
2.0.0This feature was introduced

delete capture-filter

Deletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.)

Usage

delete capture-filter device-interface <device-interface> router <router> node <node> <capture-filter>
Keyword Arguments
namedescription
device-interfaceThe device interface on which to delete the capture filter
nodeThe node on which to remove the capture filter
routerThe router on which to remove the capture filter
Positional Arguments
namedescription
capture-filterThe capture-filter to remove (Uses BPF syntax)
See Also
commanddescription
create capture-filterCreates a capture-filter using BPF syntax (as used in wireshark) on the target interface.
show capture-filtersShow active capture-filters.
show stats packet-captureStats pertaining to captured packets

Example

admin@tp-colo-primary.tp-colo# delete capture-filter device-interface blended-5 "host 172.18.5.4"
Successfully deleted capture-filter

Version History

ReleaseModification
4.4.0This feature was introduced

delete (in config)

Usage

delete { <configuration> } [ force ]

Description

The delete command, when issued within the configuration hierarchy, lets administrators delete portions of the candidate configuration. This can be used to delete specific fields within a configuration element, or entire elements.

The command will prompt you for confirmation before deleting the configuration, unless the optional keyword force is included.

Example

admin@labsystem1.fiedler# config authority router burlington
admin@labsystem1.fiedler (router[name=burlington])# delete node combo1
Are you sure you want to delete item "[name=combo1]" [y/N]: N
Operation canceled

Version History

ReleaseModification
1.0.0This feature was introduced

delete certificate webserver

Delete the webserver certificate.

Usage

delete certificate webserver [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt
See Also
commanddescription
create certificate request webserverCreate a certificate signing request.
create certificate self-signed webserverCreate a self-signed certificate.
import certificate webserverImport a certificate to be used by the webserver.
show certificate webserverDisplay the webserver certificate

Description

The delete certificate webserver command allows administrators to delete certificates that are stored on the SSR. Note that the SSR will always prompt the administrator to confirm deletion (the "force" keyword is not allowed).

Example

admin@labsystem1.fiedler# delete certificate webserver
Are you sure you want to delete certificate 'webserver'? [y/N]: y
admin@labsystem1.fiedler#

Version History

ReleaseModification
1.0.0This feature was introduced

delete config exported

Delete an exported configuration from disk.

Usage

delete config exported [force] <name>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
nameName of the exported configuration to delete
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

The delete config command allows administrators to delete configurations from the SSR's filesystem that had previously been exported with the export config command. The force flag will skip the confirmation check without prompting the user.

Example

admin@cnd1.conductor# delete config exported 20180115_export.gz
Are you sure that you want to delete exported config '20180115_export.gz'? [y/N]: y
Successfully deleted exported configuration: '20180115_export.gz'
admin@cnd1.conductor#

Version History

ReleaseModification
3.2.0This feature was introduced

delete flows

Clears all active flow data from this node.

Usage

delete flows [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node from which to delete flow entries
resource-groupThe name of the resource group
routerThe router from which to delete flow entries

Description

The delete flows command clears all active flow data from this node. Administrators can specify which node to clear flow data from by adding the node name as an optional argument to the command.

This command has been maintained for backward compatibility to older versions of software. The delete sessions command is preferred in versions newer than 3.2.0.

warning

This may be a service impacting operation.

Example

admin@labsystem1.fiedler# delete flows linecard-test
admin@labsystem1.fiedler#

Version History

ReleaseModification
1.0.0This feature was introduced

delete session-capture

Deletes session capture from selected service.

Usage

delete session-capture [source-ip <source-ip>] [source-port <source-port>] [destination-ip <destination-ip>] [destination-port <destination-port>] [protocol <protocol>] [session-count <session-count>] [packet-count <packet-count>] [local-only] [tag <tag>] service <service> router <router> node <node>
Keyword Arguments
namedescription
destination-ipThe destination IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0)
destination-portThe destination port to match (can be a range) [type: port or port-range] (default: 0-65535)
local-onlySession capture is local to the node
nodeThe node on which to remove the session-capture filter
packet-countThe number of packets to capture per session, in each direction [type: 'unlimited' or positive int] (default: 100)
protocolThe protocol to match (in decimal or by name, eg 'tcp') [type: string or uint8] (default: all)
routerThe router on which to remove the session-capture filter
serviceThe service on which to create the session capture
session-countThe number of sessions to capture [type: 'unlimited' or positive int] (default: 100)
source-ipThe source IP address/prefix to match [type: IP prefix] (default: 0.0.0.0/0)
source-portThe source port to match (can be a range) [type: port or port-range] (default: 0-65535)
tagAn optional custom name for the session capture pcap files
Subcommands
commanddescription
by-idDeletes session-capture by capture-id from selected service.
See Also
commanddescription
create session-captureCreates a session capture at the specified node and service.
delete session-capture by-idDeletes session-capture by capture-id from selected service.
show session-capturesShow active session-captures.

delete session-capture by-id

Deletes session-capture by capture-id from selected service.

Usage

delete session-capture by-id service <service> router <router> node <node> <capture-id>
Keyword Arguments
namedescription
nodeThe node on which to remove the session-capture filter
routerThe router on which to remove the session-capture filter
serviceThe service on which to create the session capture
Positional Arguments
namedescription
capture-idThe session-capture to remove.
See Also
commanddescription
create session-captureCreates a session capture at the specified node and service.
delete session-captureDeletes session capture from selected service.
show session-capturesShow active session-captures.

delete sessions

Delete all current sessions or a subset if arguments are provided.

Usage

delete sessions [{session-id <session-id> | service-name <service-name>}] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node from which to delete sessions
resource-groupThe name of the resource group
routerThe router from which to delete sessions
service-nameThe name of the service for which to delete all sessions
session-idThe identifier of the session to be deleted

Description

The delete sessions command removes all current sessions or a subset if arguments are provided.

warning

This may be a service impacting operation.

delete system software

Remove or cancel a previously started download.

Usage

delete system software version <version>
Keyword Arguments
namedescription
versionThe version to cancel or remove.
See Also
commanddescription
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.

delete user

Delete a user account

Usage

delete user [force] <username>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
usernamethe name of the account to delete
Subcommands
commanddescription
tokensRevoke API access tokens for a user.
See Also
commanddescription
create userCreate a new user account interactively.
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Example

admin@labsystem1.fiedler# delete user jdeveloper
Delete account 'jdeveloper'? [y/N]: y
Account 'jdeveloper' successfully deleted

Version History

ReleaseModification
2.0.0This feature was introduced

delete user tokens

Revoke API access tokens for a user.

Usage

delete user tokens [force] <username>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
usernamethe name of the account to revoke API tokens for
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

edit prompt

Allows the user to specify a custom format for the PCLI prompt.

Usage

edit prompt <format>
Positional Arguments
namedescription
formatFormat string for the prompt display
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

The edit prompt command lets administrators change the display of the PCLI prompt, and includes a flexible array of options for customizability. In addition to various variables, the prompt string can include conditional statements, to affect the display of the prompt under different operating modes. All of this is accomplished by supplying a format string, which contains the syntax of the desired PCLI prompt.

State Variables
===============

{user} - Name of the currently logged in user
{address} - Address (node.router) of the current system
{node} - Name of the connected node
{router} - Name of the connected router
{context} - Currently set context if one is set; empty otherwise
{path} - Full path to the current PCLI menu, separated by &#x27;/&#x27;
{location} - Name of current PCLI menu
{privilege} - &quot;#&quot; if the current user has administrator privileges, else &quot;&gt;&quot;

Conditional Variables
=====================

{top-level} - Evaluates true if the PCLI is at the top menu
{uncomitted} - Evaluates true if the candidate configuration differs from the running configuration

Conditionals
============

A conditional statement allows the prompt to be customized with conditional or state variables

The format of a conditional statement is:

[condition?value_if_true:value_if_false]

The condition is true if a state variable is not an empty string or if a conditional variable is true

For example:

'This prompt is [top-level?definitely:not] top level'

Yields one of the following:

'This prompt is definitely top level' (if top-level is true or has a value)

'This prompt is not top level' (if top-level is false or has no value)

Timestamps
==========

Custom timestamps are created with the use of standard strftime format codes

For example:

'(%x %H:%M) {user}@{address}$ '

Yields:

'(03/08/17 11:46) admin@node.router$ '

See <https://docs.python.org/3/library/datetime.html#strftime-strptime-behavior> for all format codes

Any '?'s that appear in a timestamp must be escaped with a '\'

Special characters*
==================

\n - Newline
\t - Tab
\[ - Literal '['
\] - Literal ']'
{{ - Literal '{'
}} - Literal '}'
%% - Literal '%'

* Use \\ if not using a quoted string to specify the prompt

Version History

ReleaseModification
3.1.0This feature was introduced

edit user

Modify an existing user account

Usage

edit user [<username>]
Positional Arguments
namedescription
usernameThe name of the account to modify (default: <current user>)
Subcommands
commanddescription
modeEdit the current user's configuration mode.
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

note

The password must be at least eight characters long, with at least one uppercase letter, one lowercase letter, one digit, and cannot contain any characters that repeat more than three times.

The edit user command enters a configuration subtree specific to administering user accounts. From within this subtree, administrators can change any of the attributes associated with a user account (full name, password, role, and enabled state). This is done in a "configuration-like" way, where commands are issued as attribute value.

As with standard configuration, using the &quot;?&quot; command will list the options available for editing.

Example

admin@labsystem1.fiedler# edit user jdeveloper
admin@labsystem1.fiedler (user[name=jdeveloper])# ?

User Attributes
---------------
enabled Enable or disable this user.
full-name The user's full name, for display purposes only.
password No help available
role A list of roles assigned to the user.

General Commands
----------------
delete Delete an attribute from a user account
do Execute a top-level command
exit Exit this menu (You can also press Ctrl+D)
quit Quit the PCLI
top Return to the root menu
up Exit this menu and navigate up the hierarchy the given number of levels
where Display the current location in the CLI hierarchy

admin@labsystem1.fiedler (user[name=jdeveloper])#

Modifying these attributes is done as follows:

admin@labsystem1.fiedler (user[name=jdeveloper])# full-name "Joseph Developer"
Account 'jdeveloper' updated successfully
admin@labsystem1.fiedler (user[name=jdeveloper])# top
admin@labsystem1.fiedler# show user jdeveloper

=============================
Information for jdeveloper:
=============================
Enabled: true
Full Name: Joseph Developer
Role: admin
admin@labsystem1.fiedler#

Version History

ReleaseModification
2.0.0This feature was introduced

edit user mode

Edit the current user's configuration mode.

Usage

edit user mode <value>
Positional Arguments
namedescription
valuebasic | advanced
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

Advanced mode exposes additional configuration elements for editing and viewing.

exit (in config)

The exit command moves your focus to the PCLI home.

Usage

exit

Example

admin@labsystem1.fiedler# config authority router beacon
admin@labsystem1.fiedler (router[name=beacon])# where
configure authority router beacon
admin@labsystem1.fiedler (router[name=beacon])# exit
admin@labsystem1.fiedler# where
admin@labsystem1.fiedler#

Version History

ReleaseModification
1.0.0This feature was introduced

export config

Export a copy of the current running or candidate config.

Usage

export config <datastore> <export-name>
Positional Arguments
namedescription
datastorerunning | candidate
export-nameA name consisting of alphanumeric characters or any of the following: . - _
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

The export command takes a configuration from a previously created backup (via create config backup), from the candidate configuration, or from the SSR's running configuration, and stores it as a file on the local filesystem. It can then be taken off, moved onto other systems, archived, etc.

Exported files are stored in /etc/128technology/config-exports/ and are stored as GZIP compressed files.

The export command's complement, import is used to reverse the process, taking a configuration archive and restoring it onto a system. The delete config exported command removes unneeded exported configurations.

Example

admin@labsystem1.fiedler# export config candidate myCandidate
Successfully exported configuration: /etc/128technology/config-exports/myCandidate.gz
admin@labsystem1.fiedler#

Version History

ReleaseModification
2.0.0This feature was introduced
3.1.0The location of the exported configuration changed

import certificate webserver

Import a certificate to be used by the webserver.

Usage

import certificate webserver
See Also
commanddescription
create certificate request webserverCreate a certificate signing request.
create certificate self-signed webserverCreate a self-signed certificate.
delete certificate webserverDelete the webserver certificate.
show certificate webserverDisplay the webserver certificate

Description

This command allows administrators to load certificates into their SSR by pasting them into their active PCLI session. By issuing the import certificate command, the PCLI prompts the user for the name of the certificate they plan to import, then asks whether it is a CA (certificate authority) certificate or not. Once these questions are answered, administrators can paste the certificate, and is reminded to press CTRL-D once the pasting is complete. Pressing CTRL-D causes the SSR to validate the configuration to ensure it is a valid X.509 certificate before loading it into persistent storage. If the X.509 validation fails, the user is informed as follows:

Example

admin@labsystem1.fiedler# import certificate webserver
Enter the CA certificate in PEM format (Press CTRL-D to finish):
Certificate is not in valid X509 format
admin@labsystem1.fiedler#

Version History

ReleaseModification
1.0.0This feature was introduced

import config

Import a configuration as the candidate config.

Usage

import config [force] <name>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
nameName of the configuration file to import
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

This command takes a backup configuration (one that has been stored with the export command) and overwrites the current candidate configuration with its contents. Inclusion of the optional "force" keyword will skip the prompt for confirmation.

Example

admin@labsystem1.fiedler# import config myCandidate.gz
Replace the existing candidate configuration with the contents of backup _myCandidate.gz_? [y/N]: y
Backup configuration _myCandidate.gz_ successfully written to the candidate config
admin@labsystem1.fiedler#

Version History

ReleaseModification
2.0.0This feature was introduced

import iso

Import SSR ISO to the local repository

Usage

import iso [check-rpm-signature <check-rpm-signature>] [force] [verbose] {hunt | filepath <filepath>}
Keyword Arguments
namedescription
check-rpm-signaturerequired | allow-unsigned | disabled (default: required)
filepathThe absolute filepath to the ISO
forceSkip confirmation prompt
huntFind and import all ISOs from the filesystem
verboseIncrease log level verbosity

Example

admin@conductor.Conductor# import iso hunt
This command is resource intensive and can take a while. Are you sure? [y/N]: y
Current Installer version: 2.5.0-0.20200326163206.snapshot
Installer will run in non-interactive mode
Refreshing DNF cache (this may take a few minutes)
Cleaning DNF data: expire-cache
Making the DNF cache
Cleaning legacy local repos (this may take a few minutes)
Installer will hunt for ISOs to import
Importing packages for 128T-4.4.0-0.202004021313.release.el7.x86_64.rpm
Installer complete
Import success

Version History

ReleaseModification
4.4.0This feature was introduced

lookup application by-address

Look up application identification by address key

Usage

lookup application by-address router <router> node <node> <ip> <port> <protocol>
Keyword Arguments
namedescription
nodeThe node on which to look up application identification
routerThe router on which to look up application identification
Positional Arguments
namedescription
ipIP address of the address key [type: IP address]
portPort of the address key [type: port]
protocolProtocol of the address key [type: string or uint8]
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-domainLook up application identification by domain name or url key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

lookup application by-domain

Look up application identification by domain name or url key

Usage

lookup application by-domain router <router> node <node> <domain-url>
Keyword Arguments
namedescription
nodeThe node on which to look up application identification
routerThe router on which to look up application identification
Positional Arguments
namedescription
domain-urlDomain name or URL
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-addressLook up application identification by address key
show app-id cacheShow information of app-id entries in cache
show stats app-id application-director cacheStatistics for 'cache'

manage plugin install

Install a plugin on conductor.

Usage

manage plugin install [node <node>] <name> [<version>]
Keyword Arguments
namedescription
nodeNode to install on (default: all)
Positional Arguments
namedescription
nameName of plugin to install
versionVersion of plugin to install (default: latest)
See Also
commanddescription
manage plugin removeRemove an installed plugin.
show plugins availableShows latest verison of plugins available for install.
show plugins categoriesShows all possible plugin categories.
show plugins installedShows installed plugins.

manage plugin remove

Remove an installed plugin.

Usage

manage plugin remove [node <node>] <name>
Keyword Arguments
namedescription
nodeNode to remove on (default: all)
Positional Arguments
namedescription
nameName of plugin to be removed
See Also
commanddescription
manage plugin installInstall a plugin on conductor.
show plugins availableShows latest verison of plugins available for install.
show plugins categoriesShows all possible plugin categories.
show plugins installedShows installed plugins.

migrate

Migrate an SSR to a new conductor. For more details on the SSR router migration refer to How to: Conductor Migration.

Usage

migrate [skip-validation] [force] conductor <address> [<address>] router <router>
Keyword Arguments
namedescription
conductorThe address(es) of the conductor node(s) to migrate to
forceSkip confirmation prompt
routerThe router to migrate
skip-validationAttempt to migrate the router without checking if migration is possible
See Also
commanddescription
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

ping

Send an ICMP request through a network interface.

Usage

ping [count <count>] [size <size>] [timeout <timeout>] [set-df-bit] [egress-interface <egress-interface>] [gateway-ip <gateway-ip>] router <router> node <node> <destination-ip>
Keyword Arguments
namedescription
countNumber of ping requests to send [type: int] (default: 4)
egress-interfaceNetwork interface from which to ping
gateway-ipGateway IP address from which to ping [type: IP address]
nodeThe node from which to send the ping request
routerThe router from which to send the ping request
set-df-bitSet the IPv4 'Don't Fragment' bit on the request packet
sizeNumber of data bytes to send [type: int] (default: 56)
timeoutTime to wait for a response, in seconds [max: 10 seconds] [type: int] (default: 1)
Positional Arguments
namedescription
destination-ipDestination IP of the ping request [type: IP address]

Description

This issues ICMP requests to the specified destination-ip merely as a connectivity test, and bypasses the typical packet processing logic that would potentially restrict access to various tenants and destined for service addresses. The count modifier will affect the number of pings that are issued. The interface modifier lets administrators specify the egress interface for issuing the pings. The timeout modifier will set the waiting period for a reply before declaring the ping as a failure. The set-df-bit and record-route options enable the respective flags in the outgoing ICMP request.

Example

admin@gouda.novigrad# ping egress-interface wan-interface 8.8.8.8
PING 8.8.8.8 56 bytes of data.
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=0 ttl=57 time=12.97ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=1 ttl=57 time=10.597ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=2 ttl=57 time=10.643ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=3 ttl=57 time=10.444ms

Version History

ReleaseModification
3.2.0This feature was introduced. The previous behavior of the ping command is now realized as service-ping

quit

Quit the PCLI.

Usage

quit

Description

This command logs the user out, and quits the PCLI.

Version History

ReleaseModification
1.0.0This feature was introduced

refresh dns resolutions

Refreshes all DNS resolutions configured on the platform.

Usage

refresh dns resolutions [{router <router> | resource-group <resource-group>}] [hostname <hostname>] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
hostnameThe DNS hostname belonging to a node
resource-groupThe name of the resource group
routerThe name of the router (default: <current router>)
See Also
commanddescription
set dns resolutionSets a hostname resolution temporarily until the next time the node processes config
show dns resolutionsShows all DNS resolutions

release dhcp lease

Releases an active DHCP lease.

Usage

release dhcp lease [force] [node <node>] {router <router> | resource-group <resource-group>} network-interface <network-interface>
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
network-interfaceThe network interface on which to release the current DHCP lease
nodeThe name of the node (default: all)
resource-groupThe name of the resource group
routerThe name of the router
See Also
commanddescription
show dhcp mappingsShow each DHCP mapping from an interface to mapping/IP family/config types.
show dhcp prefix-delegationShow the prefix learned for prefix-delegation.
show dhcp v4Display dhcp lease info for network-interfaces.
show dhcp v6Display dhcp lease info for network-interfaces.

repeat

Repeat any command multiple times.

Usage

repeat [beep] [exit-on-failure] [interval <interval>] <command> [<command> ...]
Keyword Arguments
namedescription
beepBeep if the command fails to execute
exit-on-failureExit if the command fails to execute
intervalSeconds to wait between updates [type: int] (default: 2)
Positional Arguments
namedescription
commandCommand to repeat

Description

This command can be used to "watch" statistics over a specified period. In order to stop the repeat command, the user must issue a CTRL-C.

Example

admin@gouda.novigrad# repeat show stats device-interface

Running "show stats device-interface" every 2 seconds

Wed 2020-04-22 17:42:04 UTC
Retrieving statistics...

Device Interface Management Stats
---------------------------------

================= ======= =======
Metric Node Value
================= ======= =======
message-failure gouda 0
message-success gouda 2

Completed in 1.66 seconds

replace config

Search for and replace configuration data that matches a specified pattern.

Usage

replace config <find> <replace>
Keyword Arguments
namedescription
forceReplace all matching data without prompts
Positional Arguments
namedescription
findThe text to find in the candidate configuration
replaceThe new value to replace 'find' with

Description

The replace command is a powerful tool for making sweeping configuration changes, similar to a "find and replace" operation in a word processor. The replace command has several optional arguments that affect how the replacement occurs; case-sensitive will only match elements within the configuration that match the case supplied with the query string. The regex argument treats the query string as a regular expression. The whole-word argument requires that the match be an entire word, rather than just a substring or partial match.

The user-supplied query string and replacement string are the matching text, and the replacement text, respectively.

Example

admin@labsystem1.fiedler# replace config all internal newInternal
Replacing 'config authority router RTR_EAST_CONDUCTOR inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_EAST_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_WEST_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority router RTR_CENTRAL_COMBO inter-node-security internal' with 'newInternal'...
Replacing 'config authority security internal name internal' with 'newInternal'...
Replace completed successfully
admin@labsystem1.fiedler#

Version History

ReleaseModification
3.1.0This feature was introduced

request idp restart

Restart IDP Command

Usage

request idp restart [force] [rebuild] router <router> node <node>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node for which to restart IDP
rebuildDelete and rebuild IDP
routerThe router for which to restart IDP
See Also
commanddescription
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Initiate a restart of the underlying IDP engine.

Version History

ReleaseModification
6.0.4This feature was introduced
6.1.0show idp application details added

request idp signature-query

Request IDP signature database connectivity.

Usage

request idp signature-query [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to refresh security signature data
resource-groupThe name of the resource group
routerThe router for which to refresh security signature data

Description

Query and display the IDP signature database connectivity details.

See Also
commanddescription
request idp restartRestart IDP Command
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Version History

ReleaseModification
6.0.4This feature was introduced

request system software download

Download a new version of the SSR.

Usage

request system software download version <version>
Keyword Arguments
namedescription
versionThe version to download.
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.

request system software upgrade

Upgrade to a new version of the SSR.

Usage

request system software upgrade version <version>
Keyword Arguments
namedescription
versionThe version to upgrade to.
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.

Description

warning

This may be a service impacting operation.

restore config factory-default

Restore the candidate config to the factory defaults.

Usage

restore config factory-default [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

This command removes all administrator-added configuration, and restores the basic configuration to all of the SSR's factory default settings. The PCLI will prompt for confirmation before resetting the configuration, unless the optional force modifier is added.

Example

admin@labsystem1.fiedler# restore config factory-default
Are you sure you want to restore the candidate config to factory defaults? [y/N]: n
Operation canceled

Version History

ReleaseModification
1.1.0This feature was introduced. Replaces the deprecated reset-factory-default-config

restore config running

Discard uncommitted changes from the candidate config.

Usage

restore config running [force] [<username>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
usernameName of the account to discard candidate changes from (default: <current user>)
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

This command removes all administrator-added configuration since the last commit, effectively bringing the running configuration and the candidate configuration back to parity. The PCLI will prompt for confirmation before resetting the configuration, unless the optional force modifier is added.

Example

*admin@node1.bernstein# restore config running
Are you sure you want to discard uncommitted changes from the candidate config? [y/N]: y
Candidate configuration changes successfully discarded
*admin@node1.bernstein#

Version History

ReleaseModification
1.1.0This feature was introduced
2.0.0Previously named restore config candidate

restore prompt

Restore the PCLI prompt to the factory default.

Usage

restore prompt [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

The restore prompt command returns the PCLI's prompt to its factory default, in the event that an administrator has modified it.

Example

(04/10/2020 19:56) admin@gouda.novigrad$restore prompt
Restore the default prompt? [y/N]: y
PCLI prompt successfully updated
admin@gouda.novigrad#

Version History

ReleaseModification
3.1.0This feature was introduced

restore system factory-default

Restore the system to factory defaults.

Usage

restore system factory-default [force] [router <router>] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe name of the node
routerThe name of the router (default: <current router>)

Description

Once initiated, the system will begin to stop all running processes and restore the system to the factory default configuration. Once the process has been completed, the system will reboot.

restore users factory-default

Restore the user configuration to factory defaults.

Usage

restore users factory-default [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

The restore users factory-default command deletes all administratively created user accounts (i.e., all but the ones that are installed with the SSR routing software natively) and leaves the system with just the admin and user accounts.

Version History

ReleaseModification
2.0.0This feature was introduced

rotate log

Rotate log files.

Usage

rotate log [force] [router <router>] [node <node>] [<process-name>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to rotate logfiles
routerThe router for which to rotate logfiles (default: <current router>)
Positional Arguments
namedescription
process-nameThe process for which to rotate logfiles (default: all)
See Also
commanddescription
set log levelSet the log level of a process.
write log messageWrite a message to the log.
write log snapshotWrite a snapshot to the log.

Description

This command is used to rotate log files (i.e., close the current log file and open a new one) generated by the various processes that comprise the SSR to rotate. The SSR's log files, stored in /var/log/128technology, keep 25 prior logs for each process, space permitting. Files are rotated such that, for instance, pcli.log becomes pcli.1.log while pcli.1.log becomes pcli.2.log, and so on. The oldest log file for each process is removed.

The rotate log command is useful prior to engaging in troubleshooting exercises, to help narrow down which files may contain items of interest. It is particularly useful when used in conjunction with the write command, described elsewhere in this document.

Without any arguments, the rotate log command will rotate all log files on all nodes.

For more information about SSR logging read Understanding Logs on the SSR

Example

admin@labsystem1.fiedler# rotate log
Logs successfully rotated
admin@labsystem1.fiedler#

The optional arguments process-name and node-name let administrators specify which processes should rotate their logs, and on which nodes.

admin@labsystem1.fiedler# shell ls -ltr /var/log/128technology/ | grep highwayManager
-rw-r--r-- 1 root root 14964 Oct 8 05:34 highwayManager.4.log
-rw-r--r-- 1 root root 35908 Oct 8 05:42 highwayManager.3.log
-rw-r--r-- 1 root root 10653 Oct 11 11:12 highwayManager.2.log
-rw-r--r-- 1 root root 146057 Oct 11 11:42 highwayManager.1.log
-rw-r--r-- 1 root root 117673 Oct 11 14:48 highwayManager.log
admin@labsystem1.fiedler# rotate log highwayManager labsystem1
Logs successfully rotated

admin@labsystem1.fiedler# shell ls -ltr /var/log/128technology/ | grep highwayManager
-rw-r--r-- 1 root root 14964 Oct 8 05:34 highwayManager.5.log
-rw-r--r-- 1 root root 35908 Oct 8 05:42 highwayManager.4.log
-rw-r--r-- 1 root root 10653 Oct 11 11:12 highwayManager.3.log
-rw-r--r-- 1 root root 146057 Oct 11 11:42 highwayManager.2.log
-rw-r--r-- 1 root root 117673 Oct 11 14:48 highwayManager.1.log
-rw-r--r-- 1 root root 0 Oct 12 09:45 highwayManager.log

In this example you can see that what was previously named highwayManager.4.log has been rotated to highwayManager.5.log; likewise, all other logs were incremented. What was highwayManager.log is now highwayManager.1.log, and a new highwayManager.log file has been created, and is empty.

Version History

ReleaseModification
2.0.0This feature was introduced

save packet-buffer-snapshot

Gathers packet buffer pool information and stores it in a logfile.

Usage

save packet-buffer-snapshot [filename <filename>] router <router> node <node>
Keyword Arguments
namedescription
filenameFilename to save the buffer pool snapshot (default: packetBuffers.log)
nodeThe name of the node
routerThe name of the router

Description

This command saves a snapshot of the packet buffer pool information in a logfile at /var/log/128technology.

save runtime-stats

Gathers runtime process stats and stores it in a logfile.

Usage

save runtime-stats [{router <router> | resource-group <resource-group>}] [force] [node <node>] <filename> [<process-name>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeTarget node from which to gather runtime stats
resource-groupThe name of the resource group
routerTarget router from which to gather runtime stats (default: <current router>)
Positional Arguments
namedescription
filenameCustom filename to store system information
process-nameTarget process from which to gather runtime stats (default: all)

Example

admin@gouda.novigrad# save runtime-stats stats.txt
Retrieving Runtime Stats...
Runtime stats saved to /var/log/128technology/stats.txt

save tech-support-info

Gather system information for technical support.

Usage

save tech-support-info [force] [manifest <manifest>] [since <since>] [router <router>] [node <node>] [<prefix>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
manifestThe manifest describing the commands and logs to collect (default: summary)
nodeThe name of the node
routerThe name of the router (default: <current router>)
sinceOnly collect logs created after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] (default: 1d)
Positional Arguments
namedescription
prefixCustom file prefix to add the archive file

Description

This command packages statistics, logs and other diagnostic data, to exchange with Juniper's support team. The tech-support-info command echoes the location where it stores the file when complete (/var/log/128technology/tech-support-info.tar.gz).

New manifest files can be created and placed into /etc/128technology/tech-support-manifests. Each manifest contains a list of PCLI commands, shell commands, files, and systemd journal's to collect.

note

This command collect a lot of data, and may take some time to complete.

Example

admin@labsystem1.fiedler# save tech-support-info

Retrieving Tech Support Info...
/var/log/128technology/tech-support-info.tar.gz

Search for any PCLI command or configuration data from the current location in the command tree.

Usage

search [limit <limit>] <find>
Keyword Arguments
namedescription
limitlimit the maximum number of results [type: int]
Positional Arguments
namedescription
findFind all the matching text
Subcommands
commanddescription
commandsSearch PCLI commands.
configSearch both config datastores for specific data.
config-attributesSearch configuration attributes.

Description

The search command and its various subcommands let users search through the SSR's PCLI command tree, the configuration tree, and user-supplied configuration data to locate the information specified by the supplied find string.

When omitting the optional filter, the search command will return results for all of the types of information it can locate: commands, configuration attributes, and configuration data.

Example

admin@labsystem1.fiedler# search ntp

Commands:
- show ntp
- show config candidate authority router system ntp
- show config candidate authority router system ntp server
- show config candidate authority router system ntp server ip-address
- show config candidate authority router system services ntp
- show config running authority router system ntp
- show config running authority router system ntp server
- show config running authority router system ntp server ip-address
- show config running authority router system services ntp

Configuration Attributes:
- configure authority router system ntp
- configure authority router system services ntp

search commands

Search PCLI commands.

Usage

search commands [limit <limit>] <find>
Keyword Arguments
namedescription
limitlimit the maximum number of results [type: int]
Positional Arguments
namedescription
findFind all the matching text

search config

Search both config datastores for specific data.

Usage

search config [limit <limit>] <find>
Keyword Arguments
namedescription
limitlimit the maximum number of results [type: int]
Positional Arguments
namedescription
findFind all the matching text
Subcommands
commanddescription
candidateSearch candidate configuration data
runningSearch running configuration data

Description

The output of search can be filtered by explicitly specifying commands configuration.

Example

admin@gouda.novigrad# search commands reset
Commands:
- show stats highway firewall-detector tcp-reset-received
- show stats packet-processing action success tcp-proxy sessions-reset
- show stats redundancy session-reads tcp-reset-sent
- show stats service-area sent tcp-reset-for-adaptive-encryption-failure
admin@labsystem1.fiedler# search config Newton

Candidate and Running Configuration:
- config authority router Fabric128 node ptcricket location Newton, MA

admin@labsystem1.fiedler#

search config candidate

Search candidate configuration data

Usage

search config candidate [limit <limit>] <find>
Keyword Arguments
namedescription
limitlimit the maximum number of results [type: int]
Positional Arguments
namedescription
findFind all the matching text

Example

admin@labsystem1.fiedler# search config candidate myRoute

Candidate Configuration:
- config authority router Fabric128 service-route myRoute name myRoute

admin@labsystem1.fiedler#

search config running

Search running configuration data

Usage

search config running [limit <limit>] <find>
Keyword Arguments
namedescription
case-sensitiveInterpret the search query as case-sensitive
limitlimit the maximum number of results [type: int]
regexProcess the query as a regular expression
whole-wordDon't allow partial matches of words
Positional Arguments
namedescription
findFind all the matching text

Example

admin@labsystem1.fiedler# search config running Newton

Running Configuration:
- config authority router Fabric128 node ptcricket location Newton, MA

admin@labsystem1.fiedler#

search config-attributes

Search configuration attributes.

Usage

search config-attributes [limit <limit>] <find>
Keyword Arguments
namedescription
limitlimit the maximum number of results [type: int]
Positional Arguments
namedescription
findFind all the matching text

Description

The output of search can be filtered by explicitly specifying config-attributes configuration.

Example

admin@gouda.novigrad# search config-attributes name
Configuration Attributes:
- configure authority dscp-map name
- configure authority dynamic-hostname
- configure authority ipfix-collector name
- configure authority ldap-server name
- configure authority name
- configure authority router name
- configure authority router nat-pool address-pool tenant-name
- configure authority router nat-pool name
- configure authority router node device-interface name
- configure authority router node device-interface network-interface hostname
- configure authority router node device-interface network-interface management-vector name
- configure authority router node device-interface network-interface name
- configure authority router node device-interface network-interface neighborhood name
- configure authority router node name
- configure authority router peer authority-name
- configure authority router peer name
- configure authority router peer router-name
- configure authority router redundancy-group name
- configure authority router routing interface name
- configure authority router service-route host node-name
- configure authority router service-route name
- configure authority router service-route next-hop node-name
- configure authority router service-route service-name
- configure authority router service-route-policy name
- configure authority router system log-category name
- configure authority router system services snmp-server access-control name
- configure authority router system services webserver server node-name
- configure authority routing filter name
- configure authority routing filter rule name
- configure authority routing policy name
- configure authority routing policy statement name
- configure authority security name
- configure authority service application-name
- configure authority service name
- configure authority service-class name
- configure authority service-policy name
- configure authority service-policy vector name
- configure authority session-type name
- configure authority tenant name
- configure authority traffic-profile name

send command download

Download SSR software on a router

Usage

send command download [dry-run] [force] {router <router> | resource-group <resource-group>} [<version>]
Keyword Arguments
namedescription
dry-runView version changes without command execution
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router on which to download software
Positional Arguments
namedescription
versionThe version of SSR as semantic version and optionally a release identifier (e.g. "3.0.0" or "3.0.1-snapshot1"); if not provided, the latest is assumed
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command reconnect

Attempt to reconnect an asset

Usage

send command reconnect [router <router>] [node <node>]
Keyword Arguments
namedescription
nodeThe name of the node
routerThe name of the router (default: <current router>)
Subcommands
commanddescription
disconnectedAttempt to reconnect all disconnected assets.
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

send command reconnect disconnected

Attempt to reconnect all disconnected assets.

Usage

send command reconnect disconnected [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

send command restart

Restart an SSR node

Usage

send command restart [force] router <router> node <node>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node to restart
routerThe router to restart
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command rollback

Rollback an SSR to the previously installed version

Usage

send command rollback [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to rollback
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command start

Start an SSR node

Usage

send command start [force] router <router> node <node>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node to start
routerThe router to start
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command stop

Stop an SSR node

Usage

send command stop [force] router <router> node <node>
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node to stop
routerThe router to stop
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command sync

Transition an asset back to connected and perform a sync.

Usage

send command sync [{router <router> | resource-group <resource-group>}] [force] [force] [node <node>]
Keyword Arguments
namedescription
forceA single force forces the synchronization by disabling the smart sync skip mechanism. A second force skips the confirmation prompt. This argument can be repeated up to 2 times.
nodeThe node to sync
resource-groupThe name of the resource group
routerThe router to sync (default: <current router>)
See Also
commanddescription
migrateMigrate a SSR router to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart a SSR node
send command rollbackRollback a SSR router to the previously installed version
send command startStart a SSR node
send command stopStop a SSR node
send command upgradeUpgrade a SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

Transition an asset back to connected and perform a sync. The sync operation ensures the asset is provisioned correctly and all plugin changes are applied.

Version History

ReleaseModification
5.6.7This feature was introduced

send command upgrade

Upgrade an SSR node

Usage

send command upgrade [dry-run] [force] {router <router> | resource-group <resource-group>} <version>
Keyword Arguments
namedescription
dry-runView version changes without command execution
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to upgrade
Positional Arguments
namedescription
versionThe version of SSR as semantic version and optionally a release identifier (e.g. "3.0.0" or "3.0.1-snapshot1"); if not provided, the latest is assumed
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

send command is only available within the PCLI of an SSR Conductor.

send command yum-cache-refresh

Refresh the yum cache as well as the SSR software versions available for download and upgrade.

Usage

send command yum-cache-refresh [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to refresh
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

service-ping

Send an ICMP request using a service or tenant

Usage

service-ping [count <count>] [size <size>] [timeout <timeout>] [set-df-bit] [service-name <service-name>] [tenant <tenant>] [source-ip <source-ip>] router <router> node <node> <destination-ip>
Keyword Arguments
namedescription
countNumber of ping requests to send [type: int] (default: 4)
nodeThe node from which to send the ping request
routerThe router from which to send the ping request
service-nameName of service which includes the destination trying to be reached; only required if service is ambiguous
set-df-bitSet the IPv4 'Don't Fragment' bit on the request packet
sizeNumber of data bytes to send [type: int] (default: 56)
source-ipIP from which to test whether traffic is allowed [type: IP address]
tenantName of source tenant for ICMP request (default is the global tenant)
timeoutTime to wait for a response, in seconds [max: 10 seconds] [type: int] (default: 1)
Positional Arguments
namedescription
destination-ipDestination IP of the ping request [type: IP address]

Description

This issues ICMP requests to the specified destination-ip, and offers the administrators a variety of ways to formulate the request. The tenant and service-name modifiers specify which "source tenant" to use for the request, and the name of the service for which the destination-ip applies. The count modifier will affect the number of pings that are issued. The interface modifier lets administrators specify the egress interface for issuing the pings. The timeout modifier will set the waiting period for a reply before declaring the ping as a failure. The set-df-bit and record-route options enable the respective flags in the outgoing ICMP request.

Example

admin@gouda.novigrad# service-ping service-name Internet tenant lanSubnet source-ip 192.168.0.5 8.8.8.8
PING 8.8.8.8 56 bytes of data.
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=0 ttl=57 time=22.296ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=1 ttl=57 time=11.303ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=2 ttl=57 time=10.516ms
Ping from 8.8.8.8 (8.8.8.8): icmp_seq=3 ttl=57 time=10.428ms

Version History

ReleaseModification
2.0.0This feature was introduced
3.0.0Included tenant, service, and node information
3.2.0Previously named ping

set config encryption

Sets the encryption key for the SSR configuration

Usage

set config encryption [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to disable config encryption (default: all)
resource-groupThe name of the resource group
routerThe router on which to set config encryption (default: <current router>)
Subcommands
commanddescription
disabledDisables the encryption for the SSR configuration
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Example

admin@node1.t128# set config encryption
Are you sure you would like to enable configuration encryption? [y/N]: y
✔ Encrypting configuration... 1/1 targets complete.
Configuration was successfully encrypted.

Version History

ReleaseModification
4.5.0This feature was introduced

set config encryption disabled

Disables the encryption for the SSR configuration

Usage

set config encryption disabled [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt
nodeThe node on which to disable config encryption (default: all)
resource-groupThe name of the resource group
routerThe router on which to disable config encryption (default: <current router>)

Example

admin@node1.t128# set config encryption disabled
Are you sure you would like to disable configuration encryption? [y/N]: y
✔ Disabling configuration encryption... 1/1 targets complete.
Configuration encryption was successfully disabled.

Version History

ReleaseModification
4.5.0This feature was introduced

set config local-override

This command enables the local config override mode on an SSR Managed Router.

Description

Engaging local config override mode allows the user to make changes to the local configuration that will not be overwritten by the Conductor until local config override mode is disabled.

Usage

set config local-override [force] router <router>
Keyword Arguments
namedescription
forceSkip confirmation prompt
routerThe router for which to enable local override
Subcommands
commanddescription
disabledThis command disables the local config override mode on an SSR Managed Router.
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show stats configMetrics pertaining to the get-config RPC

Description

Engaging local config override mode allows the user to make changes to the local configuration that will not be overwritten by the Conductor until local config override mode is disabled.

set config local-override disabled

This command disables the local config override mode on an SSR Managed Router.

Usage

set config local-override disabled [force] router <router>
Keyword Arguments
namedescription
forceSkip confirmation prompt
routerThe router on which to disable local override

Version History

ReleaseModification
6.2.0This feature was introduced

set dns resolution

Sets a hostname resolution temporarily until the next time the node processes config

Usage

set dns resolution [router <router>] <hostname> <ip-address>
Keyword Arguments
namedescription
routerThe router on which to set the hostname resolution (default: <current router>)
Positional Arguments
namedescription
hostnameThe hostname to set the resolution for
ip-addressThe ip-address the hostname should resolve to [type: IP address]
See Also
commanddescription
refresh dns resolutionsRefreshes all DNS resolutions configured on the platform.
show dns resolutionsShows all DNS resolutions

Example

admin@node1.t128# set dns resolution my.router 1.2.3.4
Successfully set hostname resolution on node node1

Version History

ReleaseModification
4.5.0This feature was introduced

set log level

Set the log level of a process.

Usage

set log level [category <category>] [force] [router <router>] [node <node>] <level> [<process-name>]
Keyword Arguments
namedescription
categoryThe log category for which to set the level (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to set the corresponding process log level
routerThe router on which to set the corresponding process log level (default: <current router>)
Positional Arguments
namedescription
levelThe log level
process-nameThe process for which to set the log level (the log level will change for all processes when no process is specified) (default: all)
Subcommands
commanddescription
configuredReset the process log level to the configured system log level.
See Also
commanddescription
rotate logRotate log files.
write log messageWrite a message to the log.
write log snapshotWrite a snapshot to the log.

Description

The set log level command adjusts the degree to which the SSR writes information into its log files. This is used to selectively turn up and down log verbosity for troubleshooting purposes.

The optional <process-name> and <node-name> arguments, can selectively change only a specific SSR's software process on a given node.

The level must be one of: fatal, error, warning, info, debug, and trace. These are listed in order of increasing verbosity. Juniper generally recommends that systems be set to info level by default under normal operating circumstances.

As of software version 3.1, a new subcommand set log level category, allows administrators to collectively adjust groups of related functionality for specific troubleshooting exercises – instead of blindly adjusting the entire system's log level and potentially impacting performance.

The category can be any of the following:

Category NameLong NameDescription
ATCSAnalyticsComponents related to the SSR Analytics Engine.
CFGDConfig DirectorComponents related to the 128T Configuration Engine.
DATAMetadata DatabaseComponents related to the configuration and state databases.
DISCDiscoveryDiscovery-based components (except BFD). Today this is DHCP and ARP.
USERUserUser-created log messages, generated via the 'write' command.
FLCFastLane ControlControl system for packet forwarding.
FLPPFirst Packet ProcessingSystem for processing the initial packet of each new session.
HWMCHighwayManager ControlControl system for packet processing.
IPCInterprocess CommunicationsThe subsystem responsible for messaging between components within the SSR product.
LINKInternode Link DetectionThe subsystem for inter-node communication (today, BFD).
PLATPlatformComponents related to the underlying platform management.
PLUGPlugin ComponentsComponents related to plugin management.
RDBRedundancy DatabaseThe subsystem responsible for synchronizing data between nodes.
RTGRoutingComponents related to the routing engine.
SNMPSimple Network Management Protocol.Components related to the SNMP engine.
SATFSession Processing Thread FailuresFailures related to multi-threaded session setup.
SESSSession StartupComponents related to session setup.
STEPSTEPComponents related to STEP.
TESTTestComponents related to testing.
UTILUtilityComponents related to utility libraries.
DPDKDPDKComponents related to DPDK.
DNSDomain Name SystemComponents related to DNS.
HTTPHTTPComponents related to HTTP request/response processing.
PCLIPCLIAll the PCLI's log messages.
BONSConfiguration DatabaseComponents related to the configuration database.
LDAPLDAPAll the System Security Services Daemon logs.
RIBRIBComponents related to routing changes.
IDPIDPComponents related to IDP.

Version History

ReleaseModification
2.0.0This feature was introduced
3.1.0Log categories introduced
6.0.0LDAP category added

set log level configured

Reset the process log level to the configured system log level.

Usage

set log level configured [category <category>] [force] [router <router>] [node <node>] [<process-name>]
Keyword Arguments
namedescription
categoryThe log category for which to reset the level. (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to set the corresponding process log level
routerThe router on which to set the corresponding process log level (default: <current router>)
Positional Arguments
namedescription
process-nameThe process for which to set the log level (the log level will change for all processes when no process is specified) (default: all)

Description

Will return the SSR's logging behavior to the verbosity specified within the configuration, located at: authority &gt; router &gt; system &gt; log-level. Alternatively, administrators can specify a log level to dynamically change all system processes to use.

set password

Change your password.

Usage

set password
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
show rolesDisplay all configured roles
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

Description

The set password command allows a PCLI user to change their password. As is typical with most password changing routines, as a security precaution the user must enter their current password before they're permitted to change it.

note

If a password is lost or forgotten and the account is inaccessible, the account cannot be recovered. Please keep password records accessible and secure.

Version History

ReleaseModification
2.0.0This feature was introduced

set provisional-status

Set the provisional status of a device-interface to down, or returning it to the "up" state after taking it down.

Usage

set provisional-status router <router> node <node> <name> <status>
Keyword Arguments
namedescription
nodeThe node on which to set the device's provisional status
routerThe router on which to set the device's provisional status
Positional Arguments
namedescription
nameDevice interface on which to set the provisional status
statusThe desired provisional status for the device
See Also
commanddescription
show device-interfaceDisplay detailed device interface information.

Description

The set provisional-status command allows a specific interface to be brought down without a configuration change. This is useful in situations where you need to temporarily bring down a just device interface (i.e., to trigger an interface failover).

Example

admin@test1.Fabric128# set provisional-status node test1 10 down
✔ Setting provisional status...
Successfully set provisional status for device 10
admin@test1.Fabric128# set provisional-status node test1 10 up
✔ Setting provisional status...
Successfully set provisional status for device 10

Version History

ReleaseModification
4.5.3This feature was introduced

set software access-token

Save credentials for accessing SSR software repositories.

Usage

set software access-token [{router <router> | resource-group <resource-group>}] [force] [node <node>] <username> <token>
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe name of the node.
resource-groupThe name of the resource group.
routerThe name of the router (default: <current router>).
Positional Arguments
namedescription
usernameThe username for the software access account.
tokenAuthentication token for SSR software.
ReleaseModification
5.5.2This feature was introduced

set system software image

Set the boot image.

Usage

set system software image <image>
Positional Arguments
namedescription
imageThe image to load on next boot
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.
ReleaseModification
6.0.0This feature was introduced

set time

Set the system date and time.

Usage

set time [force] <date>
Keyword Arguments
namedescription
forceSkip confirmation prompt
Positional Arguments
namedescription
dateThe date to be used for the system date

Description

date can be in almost any common format. It can contain month names, time zones, AM and PM, yesterday, etc. For example,

set time 2020-07-21 14:19:13.489392193 +0530

specifies the instant of time that is 489,392,193 nanoseconds after July 21, 2020 at 2:19:13 PM in a time zone that is 5 hours and 30 minutes east of UTC.

Relative times can also be used. For example,

set time +2 hours

set time -5 min

the first adds two hours to the current time and the second moves the clock back by five minutes.

ReleaseModification
6.1.0This feature was introduced

shell

Execute a Unix shell command.

Usage

shell [<command> ...]
Positional Arguments
namedescription
commandShell command to execute

Description

The shell command allows administrators to execute a bash shell, or to execute a command within the context of a bash shell (specified as a series of optional parameters to the shell command).

Example

admin@cnd1.conductor# shell ls -la /var/log/128technology/ | head
Piping output...
total 134600
drwxrwxr-x+ 2 root root 12288 Feb 7 10:13 .
drwxr-xr-x. 14 root root 4096 Feb 5 03:40 ..
-rw-rwxr--+ 1 root root 6885 Feb 7 10:12 128-server.log
-rw-rwxr--+ 1 root root 5613 Jan 15 09:41 accessManager.10.log
-rw-rwxr--+ 1 root root 3640 Feb 7 10:10 accessManager.1.log
-rw-rwxr--+ 1 root root 3640 Feb 4 07:35 accessManager.2.log
-rw-rwxr--+ 1 root root 3640 Feb 1 16:36 accessManager.3.log
-rw-rwxr--+ 1 root root 3640 Jan 29 09:50 accessManager.4.log
-rw-rwxr--+ 1 root root 3640 Jan 26 10:23 accessManager.5.log
admin@cnd1.conductor#

Version History

ReleaseModification
1.0.0This feature was introduced

show alarms

Display currently active or shelved alarms

Usage

show alarms [{router <router> | resource-group <resource-group>}] [shelved] [id <id>] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
idID for which to display alarm information
resource-groupThe name of the resource group
routerThe router for which to display alarms (default: all)
shelvedDisplay shelved alarms
See Also
commanddescription
show events alarmShow alarm events from the historical events database.

Description

The show alarms subcommand shows all of the active alarms on your SSR.

A list of all alarms your SSR is capable of generating and details about them can be found in the Alarm Guide.

Example

admin@cnd1.conductor# show alarms
Wed 2018-01-17 15:14:03 EST

================== ===================== ========== ============= ========== ===================================
ID Time Severity Source Category Message
================== ===================== ========== ============= ========== ===================================
cnd1.conductor:4 2018-01-17 13:22:38 major unavailable system No connectivity to b1.branch1
cnd1.conductor:5 2018-01-17 13:22:38 major unavailable system No connectivity to dc1.datacenter
cnd1.conductor:6 2018-01-17 13:22:38 major unavailable system No connectivity to dc2.datacenter
There are 0 shelved alarms

Completed in 0.35 seconds

Version History

ReleaseModification
1.1.0This feature was introduced
3.1.0Previously allowed filtering by node, now the command shows all alarms.

show app-id cache

Show information of app-id entries in cache

Usage

show app-id cache [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} <cache>
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to show app-id cache entries
resource-groupThe name of the resource group
routerThe router on which to show app-id cache entries
rowsThe number of app-id cache to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
cacheShow app-id entries from address, domain, or url cache
See Also
commanddescription
clear app-id cacheClear app-id entries from cache
clear app-id cache-entry addressClear specific app-id entry from cache by address key
clear app-id cache-entry domainClear specific app-id entry from cache by domain name key
clear app-id cache-entry urlClear specific app-id entry from cache by url key
lookup application by-addressLook up application identification by address key
lookup application by-domainLook up application identification by domain name or url key
show stats app-id application-director cacheStatistics for 'cache'

show app-id categories

Show available top-level categories

Usage

show app-id categories [router <router>] [node <node>] [<name>]
Keyword Arguments
namedescription
nodeThe node on which to show app-id categories
routerThe router on which to show app-id categories (default: <current router>)
Positional Arguments
namedescription
nameDisplay the subcategories for category 'name'

show app-id web-filtering

Show web-filtering state

Usage

show app-id web-filtering router <router> node <node>
Keyword Arguments
namedescription
nodeThe node from which to retrieve
routerThe router from which to retrieve

show application modules registration

Display registered application-modules.

Usage

show application modules registration [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe name of the node
resource-groupThe name of the resource group
routerThe name of the router
See Also
commanddescription
show application modules statusDisplay applications provided by a module.

Description

The show application modules registration subcommand shows all of the modules that provide application names to SSR as part of its Application Classification feature.

show application modules status

Display applications provided by a module.

Usage

show application modules status [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} name <name> [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameThe module to get status for
nodeThe name of the node
resource-groupThe name of the resource group
routerThe name of the router
rowsThe number of application entries to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
show application modules registrationDisplay registered application-modules.

Description

The show application modules status subcommand shows all of application names and transport information of a module, as well as other debugging information.

show application names

Display application name entries.

Usage

show application names [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe name of the node
resource-groupThe name of the resource group
routerThe name of the router
rowsThe number of application name entries to display at once [type: int or 'all'] (default: 50)

Description

The show application names subcommand shows all of the application names that the SSR has learned, or been configured to recognize, as part of its Application Classification feature.

Example

admin@gouda.novigrad# show application names
Wed 2020-04-22 16:06:43 UTC

Node: gouda

================== =============== ================ ===================== =====================
Application Name Session Count Ip Tuple Count Date Discovered Last Updated
================== =============== ================ ===================== =====================
O365-Skype 6 5 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-Exchange 5 16 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-Common 0 25 2021-04-14 09:20:09 2021-04-14 09:20:09
O365-SharePoint 0 5 2021-04-14 09:20:09 2021-04-14 09:20:09
dropbox 0 65 2021-04-14 13:37:49 2021-04-14 13:37:49
gmail 0 17 2021-04-14 13:58:09 2021-04-14 13:58:09
google-drive 0 27 2021-04-14 13:58:09 2021-04-14 13:58:09

The various columns are as follows:

ColumnDescription
Application NameThe name of the identified application.
Session CountThe number of active sessions for the application.
Ip Tuple CountThe number of addresses and ports associated with the application.
Date DiscoveredThe time at which the router first learned this application. Restarting the router or deleting the application will reset the time.
Last UpdatedThe time at which the router updated the entries for the application. The time is updated when the ip tuple information associated with the application has changed.

Version History

ReleaseModification
3.2.0This feature was introduced

show arp

Shows the contents of the ARP table on the specified node.

Usage

show arp [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve arp entries
resource-groupThe name of the resource group
routerThe router from which to retrieve arp entries
rowsThe number of arps to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
proxyDisplay proxy ARP info for network-interfaces.
See Also
commanddescription
clear arpClear the entire ARP cache or a subset if arguments are provided.

Description

The show arp subcommand displays the ARP table (MAC address to IP address binding) for a given node. The number of lines of output is controlled through the use of the optional rows attribute. When the rows command is not present, the SSR will default to displaying the first 50 rows of the specified node's ARP table. Using detail displays additional information including time to next refresh (ms), retry count (if expired), and time of last resolved ARP.

Example

admin@gouda.novigrad# show arp
Wed 2020-04-22 16:01:05 UTC

Node: gouda

========== ====== ================= =================== ========
Dev Name VLAN IP Dest MAC State
========== ====== ================= =================== ========
kni254 0 169.254.127.127 1a:f1:bd:a4:ae:6e Valid
lan 0 192.168.0.34 b1:7b:c1:04:0b:ba Valid
lan 0 192.168.0.35 01:0e:58:b1:94:bf Valid
lan 0 192.168.0.146 a4:83:e7:0b:d7:e1 Valid
wan 0 1.2.3.4 21:41:71:c1:99:c1 Valid

Completed in 0.07 seconds

admin@node1.aws# show arp detail
Tue 2023-01-17 20:58:15 UTC
Node: node1.aws Page 1

========== ====== ===== ====== ======= ======== ========= ======================

Dev Name VLAN IP Mac State Expiry Retries Last Resolved

========== ====== ===== ====== ======= ======== ========= ======================
wan 0 1 a Valid 324 - 2023-01-23T10:20:32
mgmt 0 2 b Valid 400 - 2023-01-23T10:20:32
lan 0 3 0 Refresh 732 2 2023-01-23T08:11:54
lan 0 4 0 Refresh 520 2 ---

Version History

ReleaseModification
1.0.0This feature was introduced
2.0.0Added requirement for use of 'node' keyword when specifying a node name.
6.1.0Added verbosity subcommand

show arp proxy

Display proxy ARP info for network-interfaces.

Usage

show arp proxy [{router <router> | resource-group <resource-group>}] [name <name>] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameNetwork interface for which to display proxy ARP info (default: all)
nodeThe node for which to display proxy ARP info
resource-groupThe name of the resource group
routerThe router for which to display proxy ARP info (default: all)

Description

Displays a list of all configured proxies, grouped by network interface.

Example

admin@test1.Fabric128# show arp proxy
Mon 2020-01-27 18:35:24 UTC
Node: test1
======== ======== ====== =================== ===================
Device Name VLAN MAC Prefix
======== ======== ====== =================== ===================
10 intf10 None fa:16:3e:3b:b7:ee 172.16.100.100/30
10 intf10 None fa:16:3e:3b:b7:ee 172.16.1.100/32
Completed in 0.08 seconds

show assets

Shows the automated provisioning status of SSR nodes.

Usage

show assets [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<id>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display assets
resource-groupThe name of the resource group
routerThe router for which to display assets (default: all)
Positional Arguments
namedescription
idThe asset id of the SSR node from which to retrieve the status
Subcommands
commanddescription
errorsShows the SSR nodes that have errors.
softwareShows assets software information.
summaryA summary of assets connected to the Conductor.
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assets softwareShows assets software information.
show assets summaryA summary of assets connected to the Conductor.

Description

The show assets command displays the automated provisioning status of the SSR nodes within an Authority. With SSR's automated provisioning feature set, each "asset" represents a platform into which the SSR software is installed, updated, managed, etc. The show assets command allows administrators to see, at a glance, the state of all assets – including which software versions have been installed on which nodes, what their router and node identifiers are, etc.

Example

admin@labsystem1.fiedler# show assets
Fri 2017-07-21 11:12:49 EDT

========== ================ ============== ============== =============
Asset Id Router Node SSR Version Status
========== ================ ============== ============== =============
T10_DUT2 none none unknown pending
T10_DUT3 RTR_WEST_COMBO combo-west-1 3.1 running
T10_DUT4 none none unknown pending

Completed in 0.03 seconds

The optional id argument allows administrators to retrieve more detailed information about a specific asset:

admin@labsystem1.fiedler# show assets T10_DUT3
Fri 2017-07-21 15:41:54 UTC

========================
T10_DUT3
========================
Router: RTR_WEST_COMBO
Node: combo-west-1
SSR Version: 3.1
Status: running

Completed in 0.19 seconds

Version History

ReleaseModification
3.1.0This feature was introduced

show assets errors

Shows the SSR nodes that have errors.

Usage

show assets errors [{router <router> | resource-group <resource-group>}] [force] [<id>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router for which to display assets summary (default: all)
Positional Arguments
namedescription
idThe asset id of the SSR node from which to retrieve the status

Description

show assets errors will display all assets with at least one automated provisioner related error.

Example

admin@labsystem1.fiedler# show assets errors
Fri 2017-07-21 15:41:54 UTC

======== ========== =============== ========
Router Node Asset Id Errors
======== ========== =============== ========
Boston Aquarium Aquarium-1234 1
NYC nyc asset-10 2

Version History

ReleaseModification
4.4.0This feature was introduced

show assets software

Shows assets software information.

Usage

show assets software [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display available software
resource-groupThe name of the resource group
routerThe router for which to display available software (default: all)
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets summaryA summary of assets connected to the Conductor.

Description

Displays software related information for each managed asset. The following information is provided:

  • Current running version of software.
  • Versions available for download and the repository where they are located.
  • Software versions currently being downloaded.
  • Previously downloaded versions that can be used to upgrade the platform.

Example

admin@tp-cond-primary.tp-cond# show assets software
Fri 2020-04-24 13:25:52 UTC

=========== ===================== ================================== ========================================== ============= ============
Router Node Installed Available Downloading Downloaded
=========== ===================== ================================== ========================================== ============= ============
burl-corp burl-corp-primary 5.6.1-18.el7 5.6.2-7.el7
5.6.3-6.el7
5.6.4-3.el7
5.6.5-5.el7
burl-corp-secondary 5.6.1-18.el7 5.6.2-7.el7
5.6.3-6.el7
5.6.4-3.el7
5.6.5-5.el7
tp-colo tp-colo-primary 5.6.9-3.el7
tp-colo-secondary 5.6.9-3.el7
tp-cond tp-cond-primary 5.6.9-3.el7
tp-cond-secondary 5.6.9-3.el7
tp-lab tp-lab-primary 5.6.8-9.el7 5.6.9-3.el7
tp-lab-secondary 5.6.8-9.el7 5.6.9-3.el7

Completed in 0.65 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

show assets summary

A summary of assets connected to the Conductor.

Usage

show assets summary [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router for which to display assets summary (default: all)
See Also
commanddescription
migrateMigrate an SSR to a new conductor
send command downloadDownload SSR software on a router
send command reconnectAttempt to reconnect an asset
send command reconnect disconnectedAttempt to reconnect all disconnected assets.
send command restartRestart an SSR node
send command rollbackRollback an SSR to the previously installed version
send command startStart an SSR node
send command stopStop an SSR node
send command syncTransition an asset back to 'connected' and perform a sync.
send command upgradeUpgrade an SSR node
send command yum-cache-refreshRefresh the yum cache as well as the SSR software versions available for download and upgrade.
show assetsShows the automated provisioning status of SSR nodes.
show assets softwareShows assets software information.

Description

show assets summary will display a total of all assets in each state.

Example

admin@labsystem1.fiedler# show assets summary
Fri 2017-07-21 15:41:54 UTC

=====================================
Summary of Assets
=====================================
total: 5
pending: 2
not-installed: 1
installed: 2

assets with errors: 2

Version History

ReleaseModification
4.4.0This feature was introduced

show bfd

Show BFD Peer <>

Usage

show bfd [vrf <vrf>] [peer <ip>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
peerRetrieve BFD information for this peer.
resource-groupThe name of the resource group.
routerThe router to request BFD information from.
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show bgp

Displays information about the state of the BGP process on the SSR.

Usage

show bgp [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<route>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display BGP routes
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
routeroute ip-prefix [type: IP prefix]
Subcommands
commanddescription
ipv4-vpnDisplays information about the state of the BGP IPv4 vpn table on the SSR router.
ipv6Displays information about the state of the BGP IPv6 routes on the SSR router.
ipv6-vpnDisplays information about the state of the BGP IPv6 vpn table on the SSR router.
neighborsDisplays information about the state of the BGP neighbors on the SSR router.
path-based-policyShow the current BGP path-based-policy summary from the routing manager.
summaryShow the current BGP summary from the routing manager.
See Also
commanddescription
clear bgpClear routes associated with one or all BGP neighbors.

Description

The show bgp command and associated subcommands display information about the state of the BGP process on the SSR. Each of these subcommands will be described in more detail in the sections that follow.

Example

When the show bgp command is issued with no command line arguments, the system returns the general status of the BGP process:

admin@labsystem1.fiedler# show bgp
BGP table version is 0, local router ID is 128.128.128.128
Status codes: s suppressed, d damped, h history, \* valid, > best, =
multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.18.11.0/24 172.18.1.2 0 0 4200000001 i
*> 172.18.22.0/24 172.18.2.2 0 0 4200000002 i
*> 172.31.255.10/32 172.18.3.2 0 4200000003 i
*> 192.168.128.0 0.0.0.0 0 32768 i

Total number of prefixes 4

The <route> argument is given as an IP prefix (CIDR). The show bgp <route> command gives detailed information on the specified route, if it exists in the SSR's Routing Information Base (RIB).

admin@labsystem1.fiedler# show bgp 172.18.11.0/24
BGP routing table entry for 172.18.11.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
172.18.2.2 172.18.3.2
4200000001
172.18.1.2 from 172.18.1.2 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Last update: Wed Feb 10 19:08:49 2016

Version History

ReleaseModification
1.0.0This feature was introduced
5.1.0Added VFR support

show bgp ipv4-vpn

Displays information about the state of the BGP IPv4 vpn table on the SSR router.

Usage

show bgp ipv4-vpn [rows <rows>] [force] {router <router> | resource-group <resource-group>} [<rd>] [<prefix>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the BGP IPv4 vpn table
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
rdroute distinguisher, ip prefix, ip address, or route distinguisher and ip prefix
prefixip prefix

Version History

ReleaseModification
6.2.0This feature was introduced

show bgp ipv6

Displays information about the state of the BGP IPv6 routes on the SSR router.

Usage

show bgp ipv6 [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<route>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display BGP IPv6 routes
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
routeroute ip-prefix [type: IP prefix]

show bgp ipv6-vpn

Displays information about the state of the BGP IPv6 vpn table on the SSR router.

Usage

show bgp ipv6-vpn [rows <rows>] [force] {router <router> | resource-group <resource-group>} [<rd>] [<prefix>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the BGP IPv6 vpn table
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
rdroute distinguisher, ip prefix, ip address, or route distinguisher and ip prefix
prefixip prefix

Version History

ReleaseModification
6.2.0This feature was introduced

show bgp neighbors

Displays information about the state of the BGP neighbors on the SSR.

Usage

show bgp neighbors [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<neighbor-ip>] [<option>] [<family>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display BGP neighbors
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
neighbor-ipThe IP address of the neighbor [type: IP address]
optionadvertised-routes | received-routes
familyipv4 | ipv6 | ipv4-vpn | ipv6-vpn | all

Description

The show bgp neighbors command displays detailed information about each of the SSR's BGP peers. By specifying a specific peer (through the optional argument <neighbor-ip>), administrators can view state information about one peer at a time. When specifying a specific neighbor, the output may include the routes shared with that peer by appending advertised-route or received from that peer by appending received-routes.

Example

admin@labsystem1.fiedler# show bgp neighbors
BGP neighbor is 172.18.1.2, remote AS 4200000001, local AS 4200000128, external
link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:27:25
Last read 00:00:25, hold time is 90, keepalive interval is 30 seconds
Configured hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Route refresh: advertised and received(old &amp; new)
Address family IPv4 Unicast: advertised and received
Graceful Restart Capabilty: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
...

Version History

ReleaseModification
1.0.0This feature was introduced
5.1.0Added VFR support

show bgp path-based-policy

Show the current BGP path-based-policy summary from the routing manager.

Usage

show bgp path-based-policy [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the BGP path-based-policy
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Description

The show bgp path-based-policy gives administrators a summary table of the current state of path based BGP.

The show bgp path-based-policy detail gives the additional information of all peers.

show bgp summary

Show the current BGP summary from the routing manager.

Usage

show bgp summary [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<family>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the BGP summary
rowsThe number of bgp entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
familyipv4 | ipv6 | ipv4-vpn | ipv6-vpn | all

Description

The show bgp summary gives administrators a high-level summary table of the state of all of the SSR's BGP peers.

It includes information on each BGP neighbor, including the version (V) of BGP that they are using (generally v4), the Autonomous System number (AS), the number of BGP messages sent and received (MsgSent, MsgRcvd), the table version (TblVer), etc.

Example

admin@labsystem1.fiedler# show bgp summary
BGP router identifier 128.128.128.128, local AS number 4200000128
RIB entries 7, using 784 bytes of memory
Peers 3, using 13 KiB of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.18.1.2 4 4200000001 62 73 0 0 0 00:29:07 1
172.18.2.2 4 4200000002 62 73 0 0 0 00:29:10 1
172.18.3.2 4 4200000003 88 84 0 0 0 00:09:53 1

Total number of neighbors 3

Version History

ReleaseModification
1.0.0This feature was introduced
5.1.0Added VFR support

show capacity

Shows current fib/flow/arp/action usage and capacities at the specified node.

Usage

show capacity [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve capacities
resource-groupThe name of the resource group
routerThe router from which to retrieve capacities

Example

admin@gouda.novigrad# show capacity
Wed 2020-04-22 15:17:55 UTC

Node: gouda

===================== ========= ========== =======
Resource Entries Capacity Usage
===================== ========= ========== =======
access-policy-table 17 5402 0.3%
action-pool 2274 301210 0.8%
arp-table 23 65535 0.0%
fib-table 176 19051 0.9%
flow-table 1882 131554 1.4%
source-tenant-table 54 2736 2.0%

Completed in 0.09 seconds

show capture-filters

Show active capture-filters.

Usage

show capture-filters [{router <router> | resource-group <resource-group>}] [device-interface <device-interface>] [force] [node <node>]
Keyword Arguments
namedescription
device-interfaceDevice interface on which to show capture-filters (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to show capture-filters
resource-groupThe name of the resource group
routerThe router on which to show capture-filters (default: all)
See Also
commanddescription
create capture-filterCreates a capture-filter using BPF syntax (as used in wireshark) on the target interface.
delete capture-filterDeletes a capture-filter created using create capture-filter. (It will not delete filters committed as part of the configuration.)
show stats packet-captureStats pertaining to captured packets

Description

Shows all configured capture-filters, including static capture-filters that exist as part of the configuration as well as dynamic capture-filters (i.e., those created using the create capture-filter command).

Example

admin@tp-colo-primary.tp-colo# show capture-filters device-interface blended-5
Thu 2020-04-23 20:28:05 UTC

========= ================= ================ =================
Router Node Interface Name Capture Filters
========= ================= ================ =================
tp-colo tp-colo-primary blended-5 host 172.18.5.4

Completed in 0.01 seconds

Version History

ReleaseModification
4.4.0This feature was introduced

show certificate webserver

Display the webserver certificate

Usage

show certificate webserver
See Also
commanddescription
create certificate request webserverCreate a certificate signing request.
create certificate self-signed webserverCreate a self-signed certificate.
delete certificate webserverDelete the webserver certificate.
import certificate webserverImport a certificate to be used by the webserver.

Example

admin@labsystem1.fiedler# show certificate webserver

Certificate:
​ Data:
​ Version: 3 (0x2)
​ Serial Number: 17087 (0x42bf)
​ Signature Algorithm: sha256WithRSAEncryption
​ Issuer: C=US, ST=MA, O=a, CN=a
​ Validity
​ Not Before: May 5 04:49:02 2016 GMT
​ Not After : May 6 04:49:02 2017 GMT
​ Subject: C=US, ST=MA, O=a, CN=a
​ Subject Public Key Info:
​ Public Key Algorithm: rsaEncryption
...

Version History

ReleaseModification
1.0.0This feature was introduced

show config candidate

Display candidate configuration data

Usage

show config candidate [verbose] [flat]

Description

This command returns the current candidate configuration on the SSR (i.e., the configuration that is currently being edited, not the configuration that is actively running). The output from show config candidate will only show fields and values within the configuration that are set to non-default values, for brevity.

The show config candidate command has two optional flags: verbose and flat. Adding the verbose flag will show the entire configuration, including items that are part of the system's default configuration (normally hidden when using show config candidate by itself). Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements, which can singularly affect each component of the configuration discretely. That is, any of the lines can be used without any context to configure a single attribute, object, etc.

Note that the output from show config candidate is formatted in such a way so as to allow the text to be cut and pasted into a CLI session to configure a separate SSR.

admin@labsystem1.fiedler# show config candidate
config
​ authority
​ router Fabric128
​ name Fabric128
​ node labsystem1
​ name labsystem1
​ id 1
​ description "Primary lab system"
​ location "Newton, MA"
​ role combo
​ device-interface 1
​ id 1
​ description "external network"
​ type ethernet
​ pci-address 0000:02:00.0
...

The same configuration using the flat flag is displayed quite differently:

admin@labsystem1.fiedler# show config candidate flat
config authority router Fabric128 name Fabric128
config authority router Fabric128 node labsystem1 name labsystem1
config authority router Fabric128 node labsystem1 id 1
config authority router Fabric128 node labsystem1 description "Primary lab system"
config authority router Fabric128 node labsystem1 location "Newton, MA"
config authority router Fabric128 node labsystem1 role combo
config authority router Fabric128 node labsystem1 device-interface 1 id 1
config authority router Fabric128 node labsystem1 device-interface 1 description "external network"
config authority router Fabric128 node labsystem1 device-interface 1 type ethernet
config authority router Fabric128 node labsystem1 device-interface 1 pci-address 0000:02:00.0

The show config candidate command also lets users show specific portions of the configuration by specifying the path to the areas of interest. For multiple instance items, such as node, service, etc., a keyword all will display all items of the specified type:

admin@labsystem1.fiedler# show config candidate authority session-type verbose all
config
​ authority
​ session-type HTTP
​ name HTTP
​ service-class Standard
​ timeout 7200000
​ transport tcp
​ protocol tcp
​ port-range 80
​ start-port 80
​ exit
​ port-range 8080
​ start-port 8080
​ exit
​ exit
​ exit
...
Keyword Arguments
namedescription
flatDisplay with full paths on each line instead of as a hierarchy
verboseDisplay all config data, including default values
Subcommands
commanddescription
authorityShow configuration data for authority
generatedShow configuration data for generated

Version History

ReleaseModification
1.0.0This feature was introduced as "show candidate-config"
2.0.0Renamed and reorganized as "show config candidate". flat, verbose, and configuration branch arguments added

show config disk-cache

Display table of cached disk configurations and their metadata

Usage

show config disk-cache [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe name of the node
resource-groupThe name of the resource group
routerThe name of the router (default: <current router>)

Version History

ReleaseModification
6.2.0This feature was introduced

show config exports

Display configuration exports.

Usage

show config exports [<name>] [<flat>]

Description

This command lists the set of exported configurations that are stored on your SSR.

The show config exports command has two optional flags: name and flat. Use the name flag to identify a specific configuration to display. Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements.

Positional Arguments
namedescription
nameThe name of the exported configuration to display (default: all)
flatDisplay with full paths on each line instead of as a hierarchy. Only applicable when name is not 'all'
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config local-overrideDisplay local config override status.
show config versionDisplay running configuration version.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Example 1

admin@conductor-east-1.RTR_EAST_CONDUCTOR# show config exports
Mon 2021-02-22 15:19:28 EST
✔ Retrieving exported configurations...
======================= ====================== ================= ===================
Name Date Modified Compressed Size Uncompressed Size
======================= ====================== ================= ===================
Arthur-C-Doyle.gz 2021-01-25T16:28:27Z 1.8 kB 18.1 kB
SherlockHolmes.gz 2021-01-25T16:04:29Z 1.8 kB 18.1 kB
DoctorWatson.gz 2021-01-25T16:06:27Z 1.8 kB 18.1 kB

Completed in 0.22 seconds

Example 2

admin@conductor-east-1.RTR_EAST_CONDUCTOR# show config exports DoctorWatson.gz flat
Mon 2021-02-22 15:21:35 EST
✔ Retrieving exported configurations...
config authority router RTR_EAST_CONDUCTOR name RTR_EAST_CONDUCTOR
config authority router RTR_EAST_CONDUCTOR location usa
config authority router RTR_EAST_CONDUCTOR resource-group east-admin
config authority router RTR_EAST_CONDUCTOR system log-level trace
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 name conductor-east-1
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric type ethernet
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric pci-address 0000:00:04.0
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric forwarding false
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric global-id 22
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric type fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric address 172.16.3.1 ip-address 172.16.3.1
config authority router RTR_EAST_CONDUCTOR node conductor-east-1 device-interface fabric network-interface fabric address 172.16.3.1 prefix-length 24
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 name conductor-east-2
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric type ethernet
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric pci-address 0000:00:04.0
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric forwarding false
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric name fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric global-id 23
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric type fabric
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric address 172.16.3.2 ip-address 172.16.3.2
config authority router RTR_EAST_CONDUCTOR node conductor-east-2 device-interface fabric network-interface fabric address 172.16.3.2 prefix-length 24
config authority resource-group east-admin name east-admin
config authority access-management role east-admin name east-admin
config authority access-management role east-admin capability config-write
config authority access-management role east-admin capability config-read
config authority access-management role east-admin resource-group east-admin
config authority access-management token expiration 1800
Completed in 0.18 seconds
admin@conductor-east-1.RTR_EAST_CONDUCTOR#

Version History

ReleaseModification
3.0.0This feature was introduced
5.1.0Added the name flag, allowing you to identify a specific configuration to display.

show config local-override

Display local config override status.

Description

This command displays the local config override mode status for a Managed SSR Router. Engaging local config override mode allows the user to make changes to the local configuration that will not be overwritten by the Conductor until local config override mode is disabled.

Usage

show config local-override [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router for which to display alarms (default: all)
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config versionDisplay running configuration version.
show stats configMetrics pertaining to the get-config RPC

Version History

ReleaseModification
6.2.0This feature was introduced

show config locally-modified

Display all routers with a locally modified config version.

Usage

show config locally-modified

show config out-of-sync

Display all routers with a config version that is out of sync with the conductor.

Usage

show config out-of-sync

show config running

Display running configuration data

Usage

show config running [verbose] [flat]

Description

This command returns the current running configuration on the SSR (i.e., the configuration that is active and processing traffic). The output from show config running will only show fields and values within the configuration that are set to non-default values, for brevity.

The show config running command has two optional flags: verbose and flat. Adding the verbose flag will show the entire configuration, including items that are part of the system's default configuration (normally hidden when using show config running by itself). Adding the flat flag will output the configuration as a series of individual, fully qualified configuration statements, which can singularly affect each component of the configuration discretely. That is, any of the lines can be used without any context to configure a single attribute, object, etc.

Note that the output from show config running is formatted in such a way so as to allow the text to be cut and pasted into a CLI session to configure a separate SSR.

admin@labsystem1.fiedler# show config running
config
​ authority
​ name Authority128
​ router Fabric128
​ name Fabric128
​ description "Default router"
​ inter-node-security internal
...

The show config running command also lets users show specific portions of the configuration by specifying the path to the areas of interest. For multiple instance items, such as node, service, etc., a keyword all will display all items of the specified type:

admin@labsystem1.fiedler# show config running authority service-class verbose all
config
​ authority
​ service-class Standard
​ name Standard
​ dscp 0
​ priority 0
​ rate-limit false
​ max-flow-rate 0
​ max-flow-burst 0
​ exit

​ service-class NetworkControl
​ name NetworkControl
​ dscp 48
​ priority 0
​ rate-limit false
​ max-flow-rate 0
​ max-flow-burst 0
​ exit
...
Keyword Arguments
namedescription
flatDisplay with full paths on each line instead of as a hierarchy
verboseDisplay all config data, including default values
Subcommands
commanddescription
authorityShow configuration data for authority
generatedShow configuration data for generated

Version History

ReleaseModification
1.0.0This feature was introduced as "show running-config"
2.0.0Renamed and reorganized as "show config running"

show config version

Display running configuration version.

Usage

show config version [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router (default: <current router>)
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
set config local-overrideThis command enables the local config override mode on an SSR Managed Router.
show config exportsDisplay configuration exports.
show config local-overrideDisplay local config override status.
show events config commitShows events related to running config change
show stats configMetrics pertaining to the get-config RPC

Description

This command displays the version number of the running configuration on the SSR. This version number is auto-generated, and is the UNIX timestamp when the configuration is committed. (As a consequence, you should expect that successive commits to the same configuration will increment the version by more than one. This is a change in behavior from pre-2.0 software, which used a monotonically incrementing integer to represent the configuration version.)

Example

admin@labsystem1.fiedler# show config version
Fri 2017-02-24 09:34:43 EST
Version 1487780689 committed at: Wed 2017-02-22 11:24:49

Completed in 0.17 seconds

Version History

ReleaseModification
1.0.0This feature was introduced
2.0.0The behavior changed as described in the Description text above
3.0.0Updated to display the timestamp of the configuration change in human readable form

show context stats start-time

Usage

show context stats start-time

Description

The show context stats start-time subcommand shows the stats start-time (if set), or indicates that there is no start-time currently set. For more information on setting stats start-time, please refer to set context in this manual.

Example

admin@cnd1.conductor# show context stats start-time
No stats start time set, show stats will be relative to launch time

admin@cnd1.conductor# set context stats start-time "December 25, 2017"
Stats start time set to: 2017-12-25 00:00:00

admin@cnd1.conductor# show context stats start-time
Stats start time set to: 2017-12-25 00:00:00

admin@cnd1.conductor# clear context stats start-time
Success

admin@cnd1.conductor# show context stats start-time
No stats start time set, show stats will be relative to launch time

Privileges Required

Available to admin and user.

Version History

ReleaseModification
3.2.0This feature was introduced
5.0.0This feature was removed

show device-interface

Display detailed device interface information.

Usage

show device-interface [name <name>] [force] [node <node>] router <router> [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nameDevice interface to display (if omitted, all will be displayed) (default: all)
nodeThe node for which to display device interfaces
routerThe router for which to display device interfaces
Positional Arguments
namedescription
verbositydetail | summary | extended-statistics | registers (default: detail)

Description

This command displays detailed information about device interface(s) (i.e., physical ports) on an SSR node. The optional command line arguments allow a user to reduce the set of information to a specific set of interfaces on a given node, or a specific interface on a specific node.

Omitting all optional arguments will display detailed information on all device interfaces defined within the SSR.

Example

admin@test1.Fabric128# show device-interface name 10
Mon 2020-11-23 20:45:37 UTC

✔ Retrieving device interface information...

========================================
test1:10
========================================
Type: ethernet
Forwarding: true
PCI Address: 0000:00:04.0
MAC Address: fa:16:3e:16:42:6c

Admin Status: up
Operational Status: up
Provisional Status: up
Redundancy Status: non-redundant
Speed: 1 Gb/s
Duplex: full

in-octets: 0
in-unicast-pkts: 0
in-errors: 0
out-octets: 0
out-unicast-pkts: 0
out-errors: 0

Plugin Info: unavailable

Completed in 0.17 seconds

Version History

ReleaseModification
2.0.0This feature was introduced
3.0.0Added requirement for prepending keywords to the device-interface-id and node arguments to avoid command line ambiguity
3.2.0Device-interface is keyed by name rather than id
4.5.3Added support for Provisional Status

show dhcp mappings

Show each DHCP mapping from an interface to mapping/IP family/config types.

Usage

show dhcp mappings [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to identify DHCP mappings
resource-groupThe name of the resource group
routerThe name of the router to show
rowsThe number of mappings to display at once [type: int or 'all'] (default: 50)
See Also
commanddescription
release dhcp leaseReleases an active DHCP lease.
show dhcp prefix-delegationShow the prefix learned for prefix-delegation.
show dhcp v4Display dhcp lease info for network-interfaces.
show dhcp v6Display dhcp lease info for network-interfaces.

Example

admin@gouda.novigrad# show dhcp mappings
Wed 2020-04-22 15:05:25 UTC

Node: gouda

================= ================== ====== ============== ================ =============
Src Device Port Dest Device Port VLAN Mapping Type IP Family Type Config Type
================= ================== ====== ============== ================ =============
1 252 0 originating ipv4 server
2 0 0 originating ipv4 client
252 1 0 derived ipv4 server

Completed in 0.05 seconds

show dhcp prefix-delegation

Show the prefix learned for prefix-delegation.

Usage

show dhcp prefix-delegation [group <group>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
groupPrefix-delegation group to display (if omitted, all will be displayed)
resource-groupThe name of the resource group
routerThe name of the router to show
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
release dhcp leaseReleases an active DHCP lease.
show dhcp mappingsShow each DHCP mapping from an interface to mapping/IP family/config types.
show dhcp v4Display dhcp lease info for network-interfaces.
show dhcp v6Display dhcp lease info for network-interfaces.

Example

admin@gouda.novigrad# show dhcp prefix-delegation
Wed 2020-04-22 14:47:05 UTC

========== ============ ================ ========== ============== ===============
Router Group Name Interface Name Status Prefix Prefix Length
========== ============ ================ ========== ============== ===============
novigrad pd-group-1 t128tuntap1 resolved 2001:db2:1:: 56

Completed in 0.08 seconds

show dhcp v4

Display dhcp lease info for network-interfaces.

Usage

show dhcp v4 [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameNetwork interface to display (default: all)
nodeThe node for which to display dhcp lease info
resource-groupThe name of the resource group
routerThe router for which to display dhcp lease info
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
release dhcp leaseReleases an active DHCP lease.
show dhcp mappingsShow each DHCP mapping from an interface to mapping/IP family/config types.
show dhcp prefix-delegationShow the prefix learned for prefix-delegation.
show dhcp v6Display dhcp lease info for network-interfaces.

Example

admin@gouda.novigrad# show dhcp v4
Wed 2020-04-22 14:47:05 UTC

========== ======= ================== =================== ============ ================ =============== ==============
Router Node Device Interface Network Interface Dhcp State Address Prefix Length Gateway
========== ======= ================== =================== ============ ================ =============== ==============
novigrad gouda wan wan-interface Resolved 1.2.3.4 24 1.2.3.1

Completed in 0.20 seconds

Specifying the argument detail provides additional information

admin@gouda.novigrad# show dhcp v4 detail
Wed 2020-04-22 14:55:43 UTC

============================================================
Router
============================================================
Node: gouda
Device Interface: wan
Network Interface: wan-interface
Dhcp State: Resolved
State Machine State: Bound
Lease Start Time: Wed Apr 22 14:13:09 2020
Lease Renewal Time: Wed Apr 22 15:13:09 2020
Lease Rebinding Time: Wed Apr 22 15:43:09 2020
Lease Expiration Time: Wed Apr 22 16:13:09 2020
Learned MTU: 0 bytes
Server Address: 1.2.3.1
Dns Server Address:
- 8.8.8.8
- 1.1.1.1
Addresses:
Address: 1.2.3.4
Prefix Length: 24
Gateway: 1.2.3.1

Completed in 0.30 seconds

show dhcp v6

Display dhcp lease info for network-interfaces.

Usage

show dhcp v6 [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameNetwork interface to display (default: all)
nodeThe node for which to display dhcp lease info
resource-groupThe name of the resource group
routerThe router for which to display dhcp lease info
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
release dhcp leaseReleases an active DHCP lease.
show dhcp mappingsShow each DHCP mapping from an interface to mapping/IP family/config types.
show dhcp prefix-delegationShow the prefix learned for prefix-delegation.
show dhcp v4Display dhcp lease info for network-interfaces.

Example

admin@gouda.novigrad# show dhcp v6
Wed 2020-04-22 14:47:05 UTC

========== ======= ================== =================== ============ ================================= =============== =================================
Router Node Device Interface Network Interface Dhcp State Address Prefix Length Gateway
========== ======= ================== =================== ============ ================================= =============== =================================
novigrad gouda wan wan-interface Resolved 2001:db8:85a3:0:0:8a2e:370:7334 96 2001:db8:85a3:0:0:8a2e:370:7330

Completed in 0.20 seconds

show dns resolutions

Shows all DNS resolutions

Usage

show dns resolutions [{router <router> | resource-group <resource-group>}] [hostname <hostname>] [rows <rows>] [force] [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
hostnameThe DNS hostname belonging to a node
resource-groupThe name of the resource group
routerThe name of the router holding the node with the DNS resolutions (default: <current router>)
rowsThe number of dns resolutions to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
refresh dns resolutionsRefreshes all DNS resolutions configured on the platform.
set dns resolutionSets a hostname resolution temporarily until the next time the node processes config

Description

Shows all hostnames that require DNS resolution. Hostnames can be specified throughout the configuration; commonly defined on the network-interface and within a service.

Example

admin@gouda.novigrad# show dns resolutions
Wed 2020-04-22 14:31:54 UTC

========== ======= ========================= ========== ====================== ======================
Router Node Hostname Resolved Last Resolved Expiration
========== ======= ========================= ========== ====================== ======================
novigrad gouda my.host.name Y 2020-04-22T14:30:43Z 2020-04-22T14:34:43Z

Completed in 0.02 seconds

Specifying the argument detail provides additional information

admin@gouda.novigrad# show dns resolutions detail
Wed 2020-04-22 14:43:43 UTC

=============================================
Node: gouda.novigrad
=============================================
Router: novigrad
Node: gouda
DNS Resolution:
Hostname: my.host.name
Resolved: Y
IPv4 Address: 1.2.3.4
Last Resolved: 2020-04-22T14:42:44Z
Expiration: 2020-04-22T14:46:44Z

Completed in 0.10 seconds

show domain-categories

Display app-id-v2 domain-name categories used by sessions

Usage

show domain-categories [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display domain-name categories of active sessions
resource-groupThe name of the resource group
routerThe router for which to display domain-name categories of active sessions
See Also
commanddescription
show domain-namesDisplay app-id-v2 domain-names used by sessions

show domain-names

Display app-id-v2 domain-names used by sessions

Usage

show domain-names [category <category>] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>} [<request-order>]
Keyword Arguments
namedescription
categoryCategory to show domain-names for
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve app-id domain-names
resource-groupThe name of the resource group
routerThe router from which to retrieve app-id domain-names
rowsThe number of domain-names to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
request-orderGet domains sorted by most-sessions or most-recent
See Also
commanddescription
show domain-categoriesDisplay app-id-v2 domain-name categories used by sessions

show dynamic-peer-update

Display view of dynamic peer update on the conductor.

Usage

show dynamic-peer-update [{router <router> | resource-group <resource-group>}] [rows <rows>] [force] [<table>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerRouter for which to show dynamic peer update information (default: all)
rowsThe number of hostnames to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
tableShow the learned-hostnames of a router, or show the peer-hostnames of a router, or all (default: all)
See Also
commanddescription
show stats dynamic-peer-updateStats pertaining to dynamic peer update processes
sync peer addressesSynchronize dynamic addresses (DHCP and PPPoE) between routers and a conductor.

show entitlement

Displays entitlement utilized.

Usage

show entitlement [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display entitlement utilized. Conductor routers will show the entitlement utilized per project of all conducted routers. (default: <current router>)

Description

The SSR Networking Platform calculates the Peak Router Bandwidth Capacity; this is the highest router bandwidth value of any 5 second interval over the specific license period. The Router Bandwidth is calculated based on the aggregate of sessions traversing the router.

Example

admin@gouda.novigrad# show entitlement
Tue 2020-04-21 18:56:30 UTC
============= =========== ======================
Project Month Entitlement Utilized
============= =========== ======================
Lab Router *Apr 2020 11.94 Mbps
Mar 2020 14.23 Mbps

Completed in 0.63 seconds

The asterisk next to the date indicates the current month and therefore a partial entitlement calcuation.

Version History

ReleaseModification
1.1.0This feature was introduced

show events

Show events from the historical events database.

Usage

show events [{router <router> | resource-group <resource-group>}] [from <from>] [to <to>] [type <type>] [flat] [rows <rows>] [limit <limit>] [force] [<verbosity>]
Keyword Arguments
namedescription
flatDisplay configuration with full paths on each line instead of as a hierarchy. Only applicable for 'admin.running_config_change' events.
forceSkip confirmation prompt. Only required when targeting all routers
fromOnly show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp] (default: 1970-01-01 00:00:00)
limitThe total number of events to retrieve [type: int]
resource-groupThe name of the resource group
routerThe name of the router for which to display events (default: <current router>)
rowsThe number of events to display at once [type: int or 'all'] (default: 50)
toOnly show events before the provided time. You can use the provided standard timestamps, such as 45m, 1d, or 1mo; or enter a value [type: timestamp]
typeFilter events based on the event type and subtype
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
show alarmsDisplay currently active or shelved alarms

Description

The show events command displays various event records that the SSR collects during operation.

The output can be optionally restricted to specific time windows using the from and to qualifiers. Because this command can generate a lot of output, the rows limiter is particularly useful on busy systems.

Categories can be enabled or disabled individually in config &gt; authority &gt; router &gt; audit. There are five main top-level categories that can be filtered using the type argument.

  • admin: A catch-all category for events that are triggered by a user's action.

  • alarm: A historical record of 'show alarms' including a unique event each time an alarm was created and cleared.

  • system: A catch-all category for events that the system creates itself.

  • traffic: A record of whether traffic was allowed or denied. By default this is disabled.

  • provisioning: A historical record of show assets including unique events for each internal state transition.

Additional filtering can be done by specifying a dot (.) followed by a subtype. For example, type admin.running_config_change will only show configuration change events, while type system.ntp_adjustment will only display NTP adjustment events. The output can be optionally restricted to specific time windows using the from and to qualifiers. Because this command can generate a lot of output, the rows and limit limiters are particularly useful on busy systems.

Example

user@labsystem1.fiedler> show events alarm
Fri 2017-07-21 11:59:51 EDT
=================== ============ ====================== ==========
Node Event Type Time Severity ...
=================== ============ ====================== ==========
labsystem1 clear 2017-07-21T15:24:04Z major
labsystem1 clear 2017-07-21T15:24:04Z major
labsystem1 add 2017-07-21T15:23:59Z major
labsystem2 add 2017-07-21T15:23:59Z major
labsystem2 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 clear 2017-07-21T15:23:19Z major
labsystem1 add 2017-07-21T15:23:14Z major

Completed in 0.11 seconds
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Version History

ReleaseModification
3.1.0This feature was introduced

show events config commit

Shows events related to running config change

Usage

show events config commit [{router <router> | resource-group <resource-group>}] [flat] [from <from>] [to <to>] [force] [<verbosity>]
Keyword Arguments
namedescription
flatDisplay with full paths on each line instead of as a hierarchy
forceSkip confirmation prompt. Only required when targeting all routers
fromOnly show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo. [type: timestamp]
resource-groupThe name of the resource group
routerThe router for which to display config commit events (default: <current router>)
toOnly show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]
Positional Arguments
namedescription
verbositydetail | summary (default: detail)
See Also
commanddescription
compare configDisplay the differences between two configurations.
create config autogeneratedRun configuration generation.
delete config exportedDelete an exported configuration from disk.
export configExport a copy of the current running or candidate config.
import configImport a configuration as the candidate config.
restore config factory-defaultRestore the candidate config to the factory defaults.
restore config runningDiscard uncommitted changes from the candidate config.
set config encryptionSets the encryption key for the SSR configuration
show config exportsDisplay configuration exports.
show config versionDisplay running configuration version.
show stats configMetrics pertaining to the get-config RPC

Example

admin@node1.t128# configure authority router t128 description "test router"
*admin@node1.t128# commit
Are you sure you want to commit the candidate config? [y/N]: y
✔ Validating, then committing...
Configuration committed
admin@node1.t128# show events config commit
Thu 2020-06-04 12:47:59 UTC
✔ Retrieving configuration events...

======================================================================
2020-06-04T12:47:53.487Z admin changed running configuration on t128
======================================================================

config

authority

router t128
name t128
description "test router"
exit
exit
exit

Completed in 0.09 seconds

Version History

ReleaseModification
4.5.0This feature was introduced

show events config encryption

Shows events related to config encryption change

Usage

show events config encryption [{router <router> | resource-group <resource-group>}] [from <from>] [to <to>] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
fromOnly show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]
resource-groupThe name of the resource group
routerThe router for which to display config encryption events (default: <current router>)
toOnly show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]

Example

admin@node1.t128# show events config encryption
Thu 2020-06-04 13:24:47 UTC
✔ Retrieving configuration events...

========================================================================
2020-06-04T12:38:17.409Z root changed configuration encryption on t128
========================================================================
enable encryption

========================================================================
2020-06-04T12:39:37.930Z root changed configuration encryption on t128
========================================================================
disable encryption

Completed in 0.08 seconds

Version History

ReleaseModification
4.5.0This feature was introduced

show fib

Shows current fib entries at the specified node.

Usage

show fib [{service-name <name> | hierarchy-service-name <name> | contains-service-name <name> | match-service-name <name>}] [rows <rows>] [vrf <vrf>] [tenant <tenant>] [source-ip <source-ip>] [source-interface <source-interface>] [summary] [force] [node <node>] {router <router> | resource-group <resource-group>} [<ip-prefix>]
Keyword Arguments
namedescription
contains-service-nameThe partial substring match to show for the fib
forceSkip confirmation prompt. Only required when targeting all routers.
hierarchy-service-nameThe hierarchy root to show for the fib
match-service-nameThe regex to match service names to show for the fib
nodeThe node from which to retrieve fib entries
resource-groupThe name of the resource group
routerThe router from which to retrieve fib entries
rowsThe number of fib nodes to display at once. Enter a number or all (default: 50).
service-nameThe exact service name to show for the fib
source-interfaceThe incoming network-interface used to perform a source lookup
source-ipThe incoming ip-address used to perform a source lookup [type: IP address]
summaryshow next-hop information as a count if summary
tenantThe tenant name match to show for the fib
vrfVRF name
Positional Arguments
namedescription
ip-prefixFIB IP prefix [type: IP prefix]
Subcommands
commanddescription
lookupShows current fib entries at the specified node using incoming packet info

Description

This command shows the Forwarding Information Base (FIB) entries on the node that is specified by the node-name argument. The output may be limited to a specified number of rows by adding the optional rows modifier at the end of the command.

This command can generate a large quantity of output on a busy system, and it is advised that administrators exercise caution when issuing this command without the rows modifier.

Example

admin@gouda.novigrad# show fib
Tue 2020-04-21 17:48:39 UTC

Node: gouda

Entry Count: 176
Capacity: 19051

==================== ======= ======= ==================== ========================= ==============
IP Prefix Port Proto Tenant Service Next Hops
==================== ======= ======= ==================== ========================= ==============
0.0.0.0/0 <any> <any> lanSubnet Internet 1.2.3.4
0.0.0.0/0 <any> <any> _internal_ Internet 1.2.3.4
0.0.0.0/0 <any> <any> MBP.lanSubnet Internet 1.2.3.4
96.230.191.0/24 <any> <any> lanSubnet Internet 1.2.3.4
96.230.191.0/24 <any> <any> _internal_ Internet 1.2.3.4
1.2.3.430/32 <any> igmp <global> <ControlMessageService> <none>
1.2.3.4/32 179 tcp <global> <ControlMessageService> <none>
1.2.3.4/32 179 tcp blocklist <ControlMessageService> <none>
1.2.3.4/32 500 udp <global> VPN 192.168.0.3
1.2.3.4/32 500 udp blocklist VPN 192.168.0.3
127.0.0.0/8 <any> <any> <global> <ControlMessageService> <none>
127.0.0.0/8 <any> <any> untrustedLanSubnet <ControlMessageService> <none>
169.254.127.126/31 <any> <any> lanSubnet Internet 1.2.3.4
169.254.127.126/31 <any> <any> _internal_ Internet 1.2.3.4
169.254.127.126/32 53 udp _internal_ LanDnsProxy 1.2.3.4
1.2.3.4
169.254.127.126/32 53 udp MBP.lanSubnet LanDnsProxy 1.2.3.4
1.2.3.4
169.254.127.126/32 179 tcp _internal_ <ControlMessageService> <none>
169.254.128.132/32 <any> <any> lanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> <any> _internal_ Internet 1.2.3.4
169.254.128.132/32 <any> <any> MBP.lanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> <any> untrustedLanSubnet Internet 1.2.3.4
169.254.128.132/32 <any> igmp <global> <ControlMessageService> <none>
...

Version History

ReleaseModification
1.0.0This feature was introduced
3.0.0Added node keyword to enforce PCLI consistency
5.1.0Added next hop details, and the ability to filter by VFR, resource-group, and tenant.
5.2.0Added and the following arguments: service-name, hierarchy-service-name, contains-service-name, match-service-name, source-ip, and source-interface.

show fib lookup

Shows current FIB entries at the specified node using incoming packet info.

Usage

show fib lookup [tenant <tenant>] [source-ip <source-ip>] [source-interface <source-interface>] [summary] [force] [node <node>] {router <router> | resource-group <resource-group>} destination-ip <destination-ip> destination-port <destination-port> protocol <protocol>
Keyword Arguments
namedescription
destination-ipThe incoming destination IP-address used to lookup fibs [type: IP address].
destination-portThe incoming destination port used to lookup the fib [type: port].
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node on which to find a fib entry.
protocolName or number of the protocol used to lookup the fib [type: string or uint8].
resource-groupThe name of the resource group.
routerThe router on which to find a fib entry.
source-interfaceThe incoming network-interface used to perform a source lookup.
source-ipThe incoming ip-address used to perform a source lookup [type: IP address].
summaryshow next-hop information as a count if summary.
tenantThe tenant name used to lookup the fib.

Description

This command shows the Forwarding Information Base (FIB) entries on the node that is specified by the node-name argument. The output may be limited to a specified number of rows by adding the optional rows modifier at the end of the command.

This command can generate a large quantity of output on a busy system, and it is advised that administrators exercise caution when issuing this command without the rows modifier.

ReleaseModification
5.2.0Introduced the command

show history

Show PCLI command history for the current user.

Usage

show history [rows <rows>] [from <from>] [to <to>]
Keyword Arguments
namedescription
fromOnly show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]
rowsThe number of recent commands to show [type: int between 0 and 500 or 'all'] (default: all)
toOnly show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]
See Also
commanddescription
clear historyClear the PCLI's command history for this user.

Example

admin@gouda.novigrad# show history
1 show run
2 show config running
3 quit
4 shell

...

465 show ntp
466 show network-interface
467 show network-interface wan-interface
468 show network-interface name wan-interface
469 show network-interface application
470 show history

show idp application details

Show IDP engine details.

Usage

show idp application details [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which engine started.
resource-groupThe name of the resource group.
routerThe router for which engine started.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP event by application.
show idp events by-attackShow IDP event by attack type.
show idp events by-severityShow IDP event by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query and display the IDP engine details.

show idp application status

Show underlying IDP application status.

Usage

show idp application status [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which to display status.
resource-groupThe name of the resource group.
routerThe router for which to display status.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query and display the current state of the IDP application along with detailed messages.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp details

Show underlying IDP details.

Usage

show idp details [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which to display idp details.
resource-groupThe name of the resource group.
routerThe router for which to display idp details.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow underlying IDP application status.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query and display the IDP details.

show idp events

Show all IDP events.

Usage

show idp events [{from <from> | since <since>}] [to <to>] [verbose] [rows <rows>] router <router> node <node>
Keyword Arguments
namedescription
fromOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
nodeThe name of the node.
routerThe name of the router.
rowsThe number of event entries to display at once [type: int or 'all'] (default: 50).
sinceOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
toOnly show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
verboseGet detailed event information.
Subcommands
commanddescription
by-applicationShow IDP event by application.
by-attackShow IDP event by attack type.
by-severityShow IDP event by severity level.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp events by-application

Show IDP events by application.

Usage

show idp events by-application [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
namedescription
fromOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
nameFilter IDP events by application.
nodeThe name of the node.
routerThe name of the router.
rowsThe number of event entries to display at once [type: int or 'all'] (default: 50).
sinceOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
toOnly show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
verboseGet detailed event information.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query by application name and display summary, brief or detailed, of filtered events.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp events by-attack

Show IDP events by attack type.

Usage

show idp events by-attack [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
namedescription
fromOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
nameFilter IDP events by attack.
nodeThe name of the node.
routerThe name of the router.
rowsThe number of event entries to display at once [type: int or 'all'] (default: 50).
sinceOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
toOnly show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
verboseGet detailed event information.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query by attack type and display summary, brief or detailed, of filtered events.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp events by-severity

Show IDP events by severity level.

Usage

show idp events by-severity [{from <from> | since <since>}] [to <to>] [verbose] [name <name>] [rows <rows>] router <router> node <node>
Keyword Arguments
namedescription
fromOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
nameFilter IDP events by severity.
nodeThe name of the node.
routerThe name of the router.
rowsThe number of event entries to display at once [type: int or 'all'] (default: 50).
sinceOnly show events after the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
toOnly show events before the specified time, events are kept for 24 hours maximum. Can either be a timestamp, such as yyyy-mm-dd hh:mm:ss, hh:mm and 8am, 2pm (assume current day if not specified) or a delta, such as 45m, 2h, 1d [type: timestamp].
verboseGet detailed event information.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query by severity level and display summary, brief or detailed, of filtered events.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp network

Show IDP networks.

Usage

show idp network [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which to display networks.
resource-groupThe name of the resource group.
routerThe router for which to display networks.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp platformShow IDP platform data.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query and display the current state of the IDP network along with detailed messages.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp platform

Show IDP platform data.

Usage

show idp platform [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which to display IDP platform informatiion.
resource-groupThe name of the resource group.
routerThe router for which to display IDP platform information.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp signaturesShow IDP signature package details.
show stats idpMetrics about IDP.

Description

Query and display IDP platform data.

Version History

ReleaseModification
6.0.4This feature was introduced.

show idp signatures

Show IDP signature package details.

Usage

show idp signatures [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeThe node for which to display signature package details.
resource-groupThe name of the resource group.
routerThe router for which to display signature package details.
See Also
commanddescription
request idp restartRestart IDP Command.
request idp signature-queryRequest IDP signature database connectivity.
show idp application detailsShow IDP engine details.
show idp application statusShow IDP application status.
show idp detailsShow IDP details.
show idp eventsShow all IDP events.
show idp events by-applicationShow IDP events by application.
show idp events by-attackShow IDP events by attack type.
show idp events by-severityShow IDP events by severity level.
show idp networkShow IDP networks.
show idp platformShow IDP platform data.
show stats idpMetrics about IDP.

Description

Query and display the IDP signature package details.

Version History

ReleaseModification
6.0.4This feature was introduced.

show igmp groups

Show IGMP groups

Usage

show igmp groups [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual IGMP group [type: IP address]
resource-groupThe name of the resource group
routerThe router to request IGMP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show igmp interface

Show IGMP interface

Usage

show igmp interface [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [name <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual Interface [type: IP address]
nameSpecify name to see individual IGMP interface
resource-groupThe name of the resource group
routerThe router to request IGMP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show load-balancer

Shows current load balancer agent entries from the highway manager at the specified node.

Usage

show load-balancer [service <service>] [agent <agent>] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
agentAgent name to show. If unspecified, shows all agents. (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodenode for which to display load balancer
resource-groupThe name of the resource group
routerrouter for which to display load balancer
rowsThe number of load balance services to display at once [type: int or 'all'] (default: 50)
serviceService name to show. If unspecified, shows all services. (default: all)

Description

The show load-balancer command provides feedback on the SSR's load balancing behavior, when configured to balance traffic (via a service-policy).

This command, when issued without any filters (agent, node, or service) will display all agents, nodes, and services that are subject to load balancing. (The output can be quite verbose.) These filters may be combined to "hone in" on specific agents/nodes/services selectively.

This command is extremely helpful for identifying why the SSR selected specific destinations for its session-oriented traffic.

Example

admin@labsystem1.fiedler# show load-balancer
===============================================================================
Service: web
Strategy: proportional
+-----------+--------+-----------+
| Agent | Node | Service |
|-----------+--------+-----------|
| agent_2_a | test1 | web |
+-----------+--------+-----------+

Capacity:
====== ===== ====== ======
Used Max Util Rate
====== ===== ====== ======
0 2000 0.0% 0/s
====== ===== ====== ======

Paths (count 1):
intf10.0 gateway 172.16.12.1
====== ========= ======= ======= ========= ========
Type Quality State Loss Latency Jitter
====== ========= ======= ======= ========= ========
local 30 unknown unknown unknown unknown
====== ========= ======= ======= ========= ========
...

Version History

ReleaseModification
1.1.0This feature was introduced

show lte

Display LTE summary.

Usage

show lte [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data
Subcommands
commanddescription
connectionDisplay LTE connection.
detailDisplay LTE detail.
modemDisplay lte modem.
networkDisplay LTE network.
profileDisplay LTE profile.
signalDisplay LTE signal.
simDisplay LTE sim.

show lte connection

Display LTE connection.

Usage

show lte connection [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

Description

This command queries the LTE devices and displays the following state info:

  • registration-status
  • connection-status
  • netstat (tx, rx, tx-error, rx-error, etc)

show lte detail

Display LTE detail.

Usage

show lte detail [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

show lte firmware

Display lte firmware information.

Usage

show lte firmwware [device-interface <device-interface>] [force] [node <node>] router <router>
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
routerThe router for which to display LTE data

Description

This command queries the LTE devices and displays the following state info:

  • carrier-name
  • FW-version
  • IMEI
  • card-model
  • bands-supported
  • bands-enabled

show lte modem

Display LTE modem.

Usage

show lte modem [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

show lte network

Display LTE network.

Usage

show lte network [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

show lte profile

Display LTE profile.

Usage

show lte profile [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

show lte signal

Display LTE signal.

Usage

show lte signal [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

Description

This command queries the LTE devices and displays the following state info:

  • rating
  • RSSI
  • SNR
  • carrier-name

show lte sim

Display LTE sim.

Usage

show lte sim [device-interface <device-interface>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
resource-groupThe name of the resource group
routerThe router for which to display LTE data

Description

This command queries the LTE devices and displays the following state info:

  • ICCID
  • registration-status
  • carrier-name
  • carrier-mcc
  • carrier-mnc

show lte summary

Display lte device summary.

Usage

show lte summary [device-interface <device-interface>] [force] [node <node>] router <router>

Keyword Arguments

namedescription
device-interfaceLTE device interface (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display LTE data
routerThe router for which to display LTE data

Description

This command queries the LTE devices and displays the following state info:

  • device-name
  • target-name
  • registration-status
  • connection-status (show IP if connected, otherwise, show previous error)
  • signal-strength (rating, RSSI, and SNR)

show mist

Display information about the link between the SSR and the Mist Cloud.

Usage

show mist [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers.
nodeNode for which to display Mist state.
resource-groupThe name of the resource group.
routerRouter for which to display Mist state (default: all).
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
adoptAssign the current router to a Mist organization.
ReleaseModification
5.5.2This feature was introduced

show msdp mesh-group

Show MSDP mesh-groups

Usage

show msdp mesh-group [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request MSDP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Version History

ReleaseModification
6.2.0This feature was introduced

show msdp peer

Show MSDP Peer

Usage

show msdp peer [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual peer [type: IP address]
resource-groupThe name of the resource group
routerThe router to request MSDP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Version History

ReleaseModification
6.2.0This feature was introduced

show msdp sa

Show MSDP SA (Source-Active)

Usage

show msdp sa [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual SA [type: IP address]
resource-groupThe name of the resource group
routerThe router to request MSDP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Version History

ReleaseModification
6.2.0This feature was introduced

show network-interface

Display network-interface data for network-interface.

Usage

show network-interface [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameNetwork interface to display (if omitted, all will be displayed)
nodeThe node for which to display network-interface data
resource-groupThe name of the resource group
routerThe router for which to display network-interface data
Subcommands
commanddescription
applicationDisplay application data info for network-interfaces.

Description

The show network-interface, a counterpart to show device-interface, shows information and statistics relevant to the logical interfaces configured on your SSR networking platform.

The show network-interface command will show router, node, and device names, as well as the network-interface name and basic information about each interface.

Example

admin@gouda.novigrad# show network-interface
Tue 2020-04-21 15:19:25 UTC

========== ======= ======== ================ ============ ====== ============= ========== ========== =================== ============== ========================= ======== ======== ======
Router Node Device Name Forwarding VLAN Device Type Type DHCP Address Gateway Hostname Admin Oper GIID
Status Status
========== ======= ======== ================ ============ ====== ============= ========== ========== =================== ============== ========================= ======== ======== ======
novigrad gouda wan wan-interface true 0 ethernet external v4 1.2.3.4/24 2.3.4.5 my.host.name up up 1
novigrad gouda lan lan-interface true 0 ethernet external disabled 192.168.0.1/24 -- -- up up 2
novigrad gouda lan lan-untrusted true 3000 ethernet external disabled 172.16.0.1/24 -- -- up up 4
novigrad gouda mgmt mgmt-interface false 0 ethernet external disabled 192.168.0.2/24 -- -- n/a n/a 3

Completed in 0.33 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

show network-interface application

Display application data info for network-interfaces.

Usage

show network-interface application [name <name>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nameNetwork interface to display (default: all)
nodeThe node for which to display application data
resource-groupThe name of the resource group
routerThe router for which to display application data

Description

The command show network-interface application can be used to display information regarding DHCP client reservations when running a DHCP server on the respective network-interface.

Example

admin@gouda.novigrad# show network-interface application
Tue 2020-04-21 15:26:19 UTC

====================================================================================================
Application Data
====================================================================================================

Interface: gouda:wan-interface
state: Interface not configured for any managed application

Interface: gouda:lan-interface
dhcp-server:
kea-status:
active (running/success) since Sat 2020-04-11 12:57:23 UTC
kea-ctrl-status:
active (running/success) since Sat 2020-04-11 12:57:23 UTC
metrics:
declined-addresses: 0
pkt4-ack-sent: 1900
pkt4-discover-received: 403
pkt4-inform-received: 469
pkt4-offer-sent: 403
pkt4-received: 2317
pkt4-release-received: 2
pkt4-request-received: 1443
pkt4-sent: 2303
reclaimed-declined-addresses: 0
reclaimed-leases: 13
subnet[1].assigned-addresses: 24
subnet[1].declined-addresses: 0
subnet[1].reclaimed-declined-addresses:0
subnet[1].reclaimed-leases: 13
subnet[1].total-addresses: 181
subnets:
subnet:
current-lease-count: 24
current-leases:
lease:
client-last-transaction-time: 2020-04-21 15:26:12
hostname: homecomtsiphone
hw-address: 70:3c:69:58:01:28
ip-address: 192.168.0.36
valid-lifetime: 86400
subnet: 192.168.0.1/24

...

ha-heartbeat:
role: primary
state: standalone

Interface: gouda:lan-untrusted
state: Interface not configured for any managed application

Interface: gouda:mgmt-interface
state: Interface not configured for any managed application

Completed in 0.76 seconds

show ntp

Display ntp status from the node monitor at the specified node.

Usage

show ntp [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve ntp status
resource-groupThe name of the resource group
routerThe router from which to retrieve ntp status (default: <current router>)

Description

The show ntp subcommand displays properties of the NTP (Network Time Protocol) process running on the local node, or on the node specified as the optional <node‑name> parameter passed on the command line.

Example

admin@gouda.novigrad# show ntp
Tue 2020-04-21 15:17:26 UTC

Node: gouda

======== ================== ================= ========= ====== ====== ====== ======= ========= ======== ======== ============
Status Time Source Ref. ID Stratum Type When Poll Reach Delay Offset Jitter Tally Code
======== ================== ================= ========= ====== ====== ====== ======= ========= ======== ======== ============
active *time-a-g.nist.g .NIST. 1 u 628 1024 377 22.968 -0.239 1.700 syspeer
active +time-a-wwv.nist .NIST. 1 u 18 1024 377 50.919 0.959 1.524 candidate
active +voipmonitor.wci 216.218.254.202 2 u 659 1024 377 71.502 -2.721 8.596 candidate
active +ec2-52-6-191-28 128.138.140.44 2 u 85 1024 377 19.926 -1.250 2.324 candidate
active -time.cloudflare 10.11.8.211 3 u 334 1024 375 45.860 -9.908 10.247 outlyer
active +electrode.felix 77.37.6.59 3 u 124 1024 377 115.003 -0.834 2.565 candidate
active +ntp1.as34288.ne 85.158.25.74 2 u 183 1024 377 114.938 -5.516 4.387 candidate
active +time-b-b.nist.g .NIST. 1 u 971 1024 377 48.929 -0.438 3.269 candidate
active -acheron.bitsrc. 120.251.163.32 3 u 588 1024 377 77.970 3.562 3.732 outlyer

Completed in 1.30 seconds

The "Ref. ID" field is a four letter ASCII string assigned to the reference clock, and refers to the identifiers defined in RFC 5905.

Version History

ReleaseModification
2.0.0This feature was introduced

show ospf

Show general information about OSPF.

Usage

show ospf [rows <rows>] [vrf <vrf>] [area <area-id>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
areaThe area to filter OSPF information for
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
border-routersShow information about the OSPF border routers.
databaseShow OSPF database information.
interfacesShow information about the OSPF interfaces.
neighborsShow information about OSPF neighbors.
routesShow information about the OSPF routes.

Example

admin@combo-east.ComboEast# show ospf
Fri 2020-04-17 19:11:06 UTC

=========== ============ ========== ============= ==================== ========= =========== =============
Router Router ID ABR Type ASBR Router External LSA Count Area ID Area Type Area Border
Router
=========== ============ ========== ============= ==================== ========= =========== =============
ComboEast 172.16.4.2 cisco true 1 0.0.0.0
ComboEast 172.16.4.2 cisco true 1 0.0.0.1 normal

Completed in 0.35 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf detail
Fri 2020-04-17 19:11:14 UTC

====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Deferred Shutdown: 0.0 s
RFC1583 Compatible: false
Stub Advertisement Enabled: false
Opaque Capable: false
Post-Start Enabled: 0.0 s
Pre-Shutdown Enabled: 0.0 s
SPF Schedule Delay: 0.0 s
Holdtime Minimum: 50 ms
Holdtime Maximum: 5000 ms
Holdtime Multiplier: 1
SPF Last Executed: 4m 16s ago
SPF Last Duration: 0 ms
SPF Has Not Run: false
SPF Timer Due: 0.0 s
LSA Minimum Interval: 5.0 s
LSA Minimum Arrival: 1.0 s
Write Multiplier: 20
Refresh Timer: 10.0 s
ABR Type: cisco
ASBR Router: true
External LSA Count: 1
External LSA Checksum: 0x00004aa4
Opaque AS LSA Count: 0
Opaque AS LSA Checksum: 0x00000000
Attached Area Count: 2
Adjacency Changes Logged: false
Adjacency Changes Logged (all): false
Area:
Area ID: 0.0.0.0
Backbone: true
Interface Total Count: 1
Interface Active Count: 1
Fully Adjacent Neighbor Count: 1
Authentication: none
Passing Fully Virtual Adjacencies: 0
SPF Executed Count: 8
LSA Count: 5
LSA Router Count: 2
LSA Router Checksum: 0x00019ad4
LSA Network Count: 1
LSA Network Checksum: 0x0000f755
LSA Summary Count: 2
LSA Summary Checksum: 0x0000f3ad
LSA ASBR Count: 0
LSA ASBR Checksum: 0x00000000
LSA NSSA Count: 0
LSA NSSA Checksum: 0x00000000
LSA Opaque Link Count: 0
LSA Opaque Link Checksum: 0x00000000
LSA Opaque Area Count: 0
LSA Opaque Area Checksum: 0x00000000
Area:
Area ID: 0.0.0.1
Area Type: normal
Backbone: false
No Summaries: false
Shortcutting Mode: default
S-bit Concensus: true
Interface Total Count: 1
Interface Active Count: 1
Fully Adjacent Neighbor Count: 0
Authentication: none
Passing Fully Virtual Adjacencies: 0
SPF Executed Count: 3
LSA Count: 3
LSA Router Count: 1
LSA Router Checksum: 0x000042bc
LSA Network Count: 0
LSA Network Checksum: 0x00000000
LSA Summary Count: 2
LSA Summary Checksum: 0x00014c4b
LSA ASBR Count: 0
LSA ASBR Checksum: 0x00000000
LSA NSSA Count: 0
LSA NSSA Checksum: 0x00000000
LSA Opaque Link Count: 0
LSA Opaque Link Checksum: 0x00000000
LSA Opaque Area Count: 0
LSA Opaque Area Checksum: 0x00000000

Completed in 0.29 seconds

show ospf border-routers

Show information about the OSPF border routers.

Usage

show ospf border-routers [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf border-routers
Fri 2020-04-17 19:12:20 UTC

============= ================== ================
Router Name Border Router ID Routes (count)
============= ================== ================
ComboEast 172.16.4.3 1

Completed in 0.29 seconds

Specifying the argument detail provides additional information

dmin@combo-east.ComboEast# show ospf border-routers detail
Fri 2020-04-17 19:12:30 UTC

========================================
Router: ComboEast
========================================
Border Router:
Border Router ID: 172.16.4.3
Route:
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
ABR: true
ASBR: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11

Completed in 0.33 seconds

show ospf database

Show OSPF database information.

Usage

show ospf database [rows <rows>] [vrf <vrf>] [self-originate] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
self-originateRetrieve only self-originated LSA information
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
lsaShow OSPF database LSA information.
max-ageShow OSPF LSAs which have reached maximum age.

Example

admin@combo-east.ComboEast# show ospf database
Fri 2020-04-17 19:13:24 UTC

=========== ============= ============= ============ ==================== ====== =================
Router Area ID Type LSA ID Advertising Router Age Sequence Number
=========== ============= ============= ============ ==================== ====== =================
ComboEast 0.0.0.0 Router 172.16.4.2 172.16.4.2 386 0x80000006
ComboEast 0.0.0.0 Router 172.16.4.3 172.16.4.3 1120 0x80000005
ComboEast 0.0.0.0 Network 172.16.3.3 172.16.4.3 1121 0x80000001
ComboEast 0.0.0.0 Summary 172.16.1.0 172.16.4.2 421 0x80000002
ComboEast 0.0.0.0 Summary 172.16.2.0 172.16.4.3 1289 0x80000002
ComboEast 0.0.0.1 Router 172.16.4.2 172.16.4.2 381 0x80000005
ComboEast 0.0.0.1 Summary 172.16.2.0 172.16.4.2 421 0x80000001
ComboEast 0.0.0.1 Summary 172.16.3.0 172.16.4.2 421 0x80000001
ComboEast unavailable AS_External 12.0.0.1 172.16.4.2 386 0x80000001

Completed in 0.39 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf database detail
Fri 2020-04-17 19:13:37 UTC

==============================================
Router: ComboEast
==============================================
Area:
Area ID: 0.0.0.0
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 398
Sequence Number: 0x80000006
Checksum: 0x0000d067
Link Count: 1
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
Age: 1133
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Link Count: 1
LSA Type:
Type: Network
LSA:
LSA ID: 172.16.3.3
Advertising Router: 172.16.4.3
Age: 1133
Sequence Number: 0x80000001
Checksum: 0x0000f755
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.1.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000002
Checksum: 0x0000824f
Route IP Prefix: 172.16.1.0/24
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.3
Age: 1301
Sequence Number: 0x80000002
Checksum: 0x0000715e
Route IP Prefix: 172.16.2.0/24
Area:
Area ID: 0.0.0.1
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 393
Sequence Number: 0x80000005
Checksum: 0x000042bc
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000001
Checksum: 0x0000dde9
Route IP Prefix: 172.16.2.0/24
LSA:
LSA ID: 172.16.3.0
Advertising Router: 172.16.4.2
(self)
Age: 433
Sequence Number: 0x80000001
Checksum: 0x00006e62
Route IP Prefix: 172.16.3.0/24
Area:
Area ID: unavailable
LSA Type:
Type: AS_External
LSA:
LSA ID: 12.0.0.1
Advertising Router: 172.16.4.2
(self)
Age: 398
Sequence Number: 0x80000001
Checksum: 0x00004aa4
Route IP Prefix: 12.0.0.1/32
External Metric Type: type-2
Route Tag: 0

Completed in 0.34 seconds

show ospf database lsa

Show OSPF database LSA information.

Usage

show ospf database lsa [{origin <ip> | self-originate}] [rows <rows>] [vrf <vrf>] [lsa-id <id>] [force] {router <router> | resource-group <resource-group>} lsa-type <type> [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
lsa-idThe Link State ID to retrieve
lsa-typeThe LSA type to retrieve
originRetrieve LSAs from this advertising router IP
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
self-originateRetrieve only self-originated LSA information
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf database lsa lsa-type router
Fri 2020-04-17 19:15:01 UTC

=========== ========= ============ ========== =========== ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== =========== ============= ============
ComboEast 0.0.0.0 172.16.4.2 Router ABR, ASBR unavailable 1
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1
ComboEast 0.0.0.1 172.16.4.2 Router ABR, ASBR unavailable 1

Completed in 0.33 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf database lsa lsa-type router detail
Fri 2020-04-17 19:15:24 UTC

====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
LSA Type: Router
Age: 506
Sequence Number: 0x80000006
Checksum: 0x0000d067
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
- ASBR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.2
Metric: 10
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 1240
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10
Area:
Area ID: 0.0.0.1
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
LSA Type: Router
Age: 501
Sequence Number: 0x80000005
Checksum: 0x000042bc
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
- ASBR
Metric: unavailable
Link Count: 1
Link:
Link Type: Stub
Link ID Type: Net
Link ID: 172.16.1.0
Data Type: NetworkMask
Data: 255.255.255.0
Metric: 10

Completed in 0.40 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-id 172.16.4.3 lsa-type router
Fri 2020-04-17 19:16:25 UTC

=========== ========= ============ ========== ======= ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== ======= ============= ============
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1

Completed in 0.35 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-id 172.16.4.3 lsa-type router detail
Fri 2020-04-17 19:17:24 UTC

====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 1359
Sequence Number: 0x80000005
Checksum: 0x0000ca6d
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10

Completed in 0.26 seconds

show ospf database max-age

Show OSPF LSAs which have reached maximum age.

Usage

show ospf database max-age [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf database max-age
Fri 2020-04-17 19:19:15 UTC

=========== ========== ============= ======================= =================
Router LSA ID LSA Type Advertising Router IP Reference Count
=========== ========== ============= ======================= =================
ComboEast 12.0.0.1 AS_External 172.16.4.2 4

Completed in 0.34 seconds
admin@combo-east.ComboEast# show ospf database self-originate
Fri 2020-04-17 19:21:29 UTC

=========== ========= ========= ============ ==================== ===== =================
Router Area ID Type LSA ID Advertising Router Age Sequence Number
=========== ========= ========= ============ ==================== ===== =================
ComboEast 0.0.0.0 Router 172.16.4.2 172.16.4.2 148 0x80000007
ComboEast 0.0.0.0 Summary 172.16.1.0 172.16.4.2 906 0x80000002
ComboEast 0.0.0.1 Router 172.16.4.2 172.16.4.2 148 0x80000006
ComboEast 0.0.0.1 Summary 172.16.2.0 172.16.4.2 906 0x80000001
ComboEast 0.0.0.1 Summary 172.16.3.0 172.16.4.2 906 0x80000001

Completed in 0.33 seconds
admin@combo-east.ComboEast# show ospf database self-originate detail
Fri 2020-04-17 19:21:39 UTC

============================================
Router: ComboEast
============================================
Area:
Area ID: 0.0.0.0
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 158
Sequence Number: 0x80000007
Checksum: 0x0000c870
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.1.0
Advertising Router: 172.16.4.2
(self)
Age: 915
Sequence Number: 0x80000002
Checksum: 0x0000824f
Route IP Prefix: 172.16.1.0/24
Area:
Area ID: 0.0.0.1
LSA Type:
Type: Router
LSA:
LSA ID: 172.16.4.2
Advertising Router: 172.16.4.2
(self)
Age: 158
Sequence Number: 0x80000006
Checksum: 0x00003ac5
Link Count: 1
LSA Type:
Type: Summary
LSA:
LSA ID: 172.16.2.0
Advertising Router: 172.16.4.2
(self)
Age: 916
Sequence Number: 0x80000001
Checksum: 0x0000dde9
Route IP Prefix: 172.16.2.0/24
LSA:
LSA ID: 172.16.3.0
Advertising Router: 172.16.4.2
(self)
Age: 916
Sequence Number: 0x80000001
Checksum: 0x00006e62
Route IP Prefix: 172.16.3.0/24

Completed in 0.32 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-type router origin 172.16.4.3
Fri 2020-04-17 19:25:03 UTC

=========== ========= ============ ========== ======= ============= ============
Router Area ID LSA ID LSA Type Flags Metric Link Count
=========== ========= ============ ========== ======= ============= ============
ComboEast 0.0.0.0 172.16.4.3 Router ABR unavailable 1

Completed in 0.38 seconds
admin@combo-east.ComboEast# show ospf database lsa lsa-type router origin 172.16.4.3 detail
Fri 2020-04-17 19:25:12 UTC

====================================================
Router: ComboEast
====================================================
Router ID: 172.16.4.2
Area:
Area ID: 0.0.0.0
LSA:
LSA ID: 172.16.4.3
Advertising Router: 172.16.4.3
LSA Type: Router
Age: 144
Sequence Number: 0x80000006
Checksum: 0x0000c86e
Length: 36 bytes
Translated: false
Options:
- E
Flags:
- ABR
Metric: unavailable
Link Count: 1
Link:
Link Type: Transit
Link ID Type: DesignatedRouterAddress
Link ID: 172.16.3.3
Data Type: RouterInterfaceAddress
Data: 172.16.3.3
Metric: 10

Completed in 0.37 seconds

show ospf interfaces

Show information about the OSPF interfaces.

Usage

show ospf interfaces [rows <rows>] [vrf <vrf>] [network-interface <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
network-interfaceThe network interface to fetch OSPF information for
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf interfaces
Fri 2020-04-17 19:29:52 UTC

============= ================== =========== ======== ============ =========== ========= ===========
Router Name Device Interface Network Status IP Address OSPF Type Area ID Area Type
Interface
============= ================== =========== ======== ============ =========== ========= ===========
ComboEast 10 intf10 up 172.16.1.2 Peer 0.0.0.1 normal
/24
ComboEast 11 intf11 up 172.16.3.2 Peer 0.0.0.0 normal
/24

Completed in 0.37 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf interfaces detail
Fri 2020-04-17 19:30:06 UTC

===============================================
Router: ComboEast
===============================================
Interface:
Device Interface: 10
Network Interface: intf10
Interface Index: 3
Status: up
MTU Size: 1500 bytes
Bandwidth: 10 Mbps
OSPF Enabled: true
OSPF Running: false
Flags:
- UP
- BROADCAST
- RUNNING
- MULTICAST
Address:
IP Address: 172.16.1.2/24
Broadcast IP Address: unavailable
Unnumbered Interface: false
V-Link Peer: unavailable
MTU Mismatch Detection: false
Router ID: 172.16.4.2
OSPF Type: Peer
OSPF State: DR
Area ID: 0.0.0.1
Area Type: normal
Network Type: BROADCAST
Cost: 10
Transmit Delay: 1.0 s
Priority: 1
BDR ID: unavailable
BDR Address: unavailable
LSA Sequence: 0x00000000
Multicast Member (All): true
Multicast Member (DR): true
Timer Hello: 0.1 s
Timer Dead: 0.025 s
Timer Wait: 0.025 s
Timer Retransmit: 0.2 s
Timer Hello Due: 6.981 s
Timer Passive: false
Neighbor Count: 0
Adjacent Neighbor Count: 0
Interface:
Device Interface: 11
Network Interface: intf11
Interface Index: 4
Status: up
MTU Size: 1500 bytes
Bandwidth: 10 Mbps
OSPF Enabled: true
OSPF Running: false
Flags:
- UP
- BROADCAST
- RUNNING
- MULTICAST
Address:
IP Address: 172.16.3.2/24
Broadcast IP Address: unavailable
Unnumbered Interface: false
V-Link Peer: unavailable
MTU Mismatch Detection: false
Router ID: 172.16.4.2
OSPF Type: Peer
OSPF State: Backup
Area ID: 0.0.0.0
Area Type: normal
Network Type: BROADCAST
Cost: 10
Transmit Delay: 1.0 s
Priority: 1
BDR ID: 172.16.4.2
BDR Address: 172.16.3.2
LSA Sequence: 0x00000000
Multicast Member (All): true
Multicast Member (DR): true
Timer Hello: 0.1 s
Timer Dead: 0.025 s
Timer Wait: 0.025 s
Timer Retransmit: 0.2 s
Timer Hello Due: 1.85 s
Timer Passive: false
Neighbor Count: 1
Adjacent Neighbor Count: 1

Completed in 0.32 seconds

show ospf neighbors

Show information about OSPF neighbors.

Usage

show ospf neighbors [rows <rows>] [vrf <vrf>] [network-interface <name>] [neighbor <ip>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
neighborThe neighbor IP address for which to fetch OSPF information
network-interfaceThe network interface to fetch OSPF neighbor information for
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf neighbors
Fri 2020-04-17 19:30:22 UTC

============= ==================== ========== ======= ==================== =================== ===========
Router Name Neighbor Router ID Priority State Dead Timer Due (s) Interface Address Interface
State
============= ==================== ========== ======= ==================== =================== ===========
ComboEast 172.16.4.3 1 Full 31.302 172.16.3.2 DR

Completed in 0.32 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf neighbors detail
Fri 2020-04-17 19:30:36 UTC

==============================================================
Router: ComboEast
==============================================================
Neighbor:
Neighbor Router ID: 172.16.4.3
Priority: 1
State: Full
Dead Timer Due: 37.832 s
Interface Address: 172.16.3.2
Device Interface: 11
Network Interface: intf11
Interface State: DR
Area ID: 0.0.0.0
Area Type: normal
Database Summary List Count: 0
LSA Request List Count: 0
LSA Retransmission List Count: 0
State Change Count: 6 changes
Last Progressive Change: 35m 52s ago
Last Regressive Change: never
Last Regressive Change Reason: NoEvent
Designated Router ID: 172.16.3.3
Backup Designated Router ID: 172.16.3.2
Options:
- E
Thread Inactivity Timer: true
Thread Database Description Retransmission: false
Thread LSA Request Retransmission: true
Thread LSA Update Retransmission: true

Completed in 0.30 seconds

show ospf routes

Show information about the OSPF routes.

Usage

show ospf routes [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPF information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

admin@combo-east.ComboEast# show ospf routes
Fri 2020-04-17 19:33:20 UTC

============= =============== ============ ========= ====== ========= =======
Router Name Route Prefix Route Type Area ID Cost Discard Paths
============= =============== ============ ========= ====== ========= =======
ComboEast 172.16.1.0/24 Network 0.0.0.1 10 1
ComboEast 172.16.2.0/24 Network 0.0.0.0 20 1
ComboEast 172.16.3.0/24 Network 0.0.0.0 10 1

Completed in 0.40 seconds

Specifying the argument detail provides additional information

admin@combo-east.ComboEast# show ospf routes detail
Fri 2020-04-17 19:33:29 UTC

===========================================
Router: ComboEast
===========================================
Network Route:
Route Prefix: 172.16.1.0/24
Area ID: 0.0.0.1
Cost: 10
Inter-Area: false
Intra-Area: true
Path:
Device Interface: 10
Network Interface: intf10
Network Route:
Route Prefix: 172.16.2.0/24
Area ID: 0.0.0.0
Cost: 20
Inter-Area: true
Intra-Area: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11
Network Route:
Route Prefix: 172.16.3.0/24
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
Intra-Area: true
Path:
Device Interface: 11
Network Interface: intf11
No External Routes
Router:
Router ID: 172.16.4.3
Route:
Area ID: 0.0.0.0
Cost: 10
Inter-Area: false
ABR: true
ASBR: false
Path:
Via: 172.16.3.3
Device Interface: 11
Network Interface: intf11

Completed in 0.35 seconds

show ospfv3

Show general information about OSPFv3.

Usage

show ospfv3 [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
databaseShow OSPFv3 database information.
interfacesShow OSPFv3 interfaces
neighborsShow information about OSPFv3 neighbors.
routesShow information about the OSPFv3 routes.

show ospfv3 database

Show OSPFv3 database information.

Usage

show ospfv3 database [rows <rows>] [vrf <vrf>] [self-originate] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
self-originateRetrieve only self-originated LSA information
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
lsaShow OSPFv3 database LSA information.

show ospfv3 database lsa

Show OSPFv3 database LSA information.

Usage

show ospfv3 database lsa [{self-originate}] [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} lsa-type <type> [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
lsa-typeThe LSA type to retrieve
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
self-originateRetrieve only self-originated LSA information
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show ospfv3 interfaces

Show OSPFv3 interfaces

Usage

show ospfv3 interfaces [rows <rows>] [vrf <vrf>] [interface <interface>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
interfaceThe interface to fetch OSPFv3 information for
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show ospfv3 neighbors

Show information about OSPFv3 neighbors.

Usage

show ospfv3 neighbors [rows <rows>] [vrf <vrf>] [neighbor <ip>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
neighborThe neighbor IP address for which to fetch OSPFv3 information
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show ospfv3 routes

Show information about the OSPFv3 routes.

Usage

show ospfv3 routes [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request OSPFv3 information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show packet-buffer-locations

Display the packet buffer pool locations.

Usage

show packet-buffer-locations [pool <pool>] router <router> node <node>
Keyword Arguments
namedescription
nodeNode for which to display packet-buffer pool information
poolDisplay the location details of the packet buffer pools (default: all)
routerRouter for which to display packet-buffer pool information

Description

This command displays the total number of allocated buffers, capacity and their buffer pool location in the highway.

show peers

Display peer information.

Usage

show peers [name <name>] [dynamic-damping] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
dynamic-dampingdisplay BFD dynamic-damping stats
forceSkip confirmation prompt. Only required when targeting all routers
namePeer to display (default: all)
resource-groupThe name of the resource group
routerThe router on which to display peers
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
Subcommands
commanddescription
hostnamesDisplay resolved hostnames of peers

Description

The show peers command displays properties of each of the "neighboring" SSRs that the router in question has a peering association with.

This command shows information on peering associations between SSRs, not peering associations with BGP peers. For information on BGP peering statistics, refer to "show bgp" in this document.

For each peer it shows which interface the peer is reachable via, the destination IP address for which the peer is reached, the VLAN to use to reach it, and whether the peer is currently "up", "down", or "initializing".

Example

admin@tp-cond-primary.tp-cond# show peers router all
Fri 2020-04-17 19:07:42 UTC

============================== ===================== ==================== ================ ========= ============= =============
Peer Node Network Interface Destination Status Hostname Path MTU
============================== ===================== ==================== ================ ========= ============= =============
burl-corp -> brawny burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> seattle-site burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
burl-corp -> tpn_router burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable
tp-colo -> imjustarouter tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> imjustarouter tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> mobile128T tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> mobile128T tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> brawny tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable
tp-colo -> brawny tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable
tp-colo -> tp-lab tp-colo-primary colo-lab-pri 1.2.3.4 up unavailable unavailable
tp-colo -> tp-lab tp-colo-secondary colo-lab-sec 1.2.3.4 standby unavailable unavailable
tp-lab -> tp-colo tp-lab-primary lab-colo-pri 1.2.3.4 standby unavailable unavailable
tp-lab -> tp-colo tp-lab-secondary lab-colo-sec 1.2.3.4 up unavailable unavailable

Completed in 1.25 seconds

The detail option will show peer path statistics (loss, latency, jitter, calculated MOS, uptime) for each peer path.

admin@tp-cond-primary.tp-cond# show peers router all detail
Wed 2020-04-22 20:58:38 UTC
WARNING: Targeting router 'all' may take a long time. Continue anyway? [y/N]: y

============================== ===================== ==================== ============= ========= ============= ============= ============= ============ ========= ======= =============
Peer Node Network Interface Destination Status Hostname Path MTU Latency(ms) Jitter(ms) Loss(%) MOS Uptime
============================== ===================== ==================== ============= ========= ============= ============= ============= ============ ========= ======= =============
burl-corp -> brawny burl-corp-secondary lighttower 1.2.3.4 down unavailable unavailable 22 1 0 0.439 unavailable
burl-corp -> seattle-site burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 88 0 0 0.436 12d4h31m
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable 8 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-primary comcast 1.2.3.4 up unavailable unavailable 1 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 7 0 0 0.44 12d4h31m
burl-corp -> tp-colo burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 3 0 0 0.44 12d4h31m
burl-corp -> tpn_router burl-corp-secondary lighttower 1.2.3.4 up unavailable unavailable 1 0 0 0.44 12d4h31m
tp-colo -> imjustarouter tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable 19 1 0 0.439 1d0h46m
tp-colo -> imjustarouter tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 17 0 0 0.44 unavailable
tp-colo -> mobile128T tp-colo-primary public-lab-dmz-pri 1.2.3.4 up unavailable unavailable 18 0 0 0.44 1d0h46m
tp-colo -> mobile128T tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 19 0 0 0.439 unavailable
tp-colo -> brawny tp-colo-primary public-lab-dmz-pri 1.2.3.4 down unavailable unavailable 33 0 0 0.439 unavailable
tp-colo -> brawny tp-colo-secondary public-lab-dmz-sec 1.2.3.4 standby unavailable unavailable 22 0 0 0.439 unavailable
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable 8 0 0 0.44 0d12h41m
tp-colo -> burl-corp tp-colo-primary public-blended 1.2.3.4 up unavailable unavailable 7 0 0 0.44 1d0h46m
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable 1 0 0 0.44 1d0h57m
tp-colo -> burl-corp tp-colo-secondary public-comcast 1.2.3.4 up unavailable unavailable 2 0 0 0.44 0d10h2m
tp-colo -> tp-lab tp-colo-primary colo-lab-pri 1.2.3.4 up unavailable unavailable 0 0 0 0.44 1d0h46m
tp-colo -> tp-lab tp-colo-secondary colo-lab-sec 1.2.3.4 standby unavailable unavailable 0 0 0 0.44 unavailable
tp-lab -> tp-colo tp-lab-primary lab-colo-pri 1.2.3.4 standby unavailable unavailable - - - - unavailable
tp-lab -> tp-colo tp-lab-secondary lab-colo-sec 1.2.3.4 up unavailable unavailable 0 0 0 0.44 1d0h46m

Completed in 1.34 seconds

Version History

ReleaseModification
3.0.0This feature was introduced

show peers hostnames

Display resolved hostnames of peers

Usage

show peers hostnames [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router on which to display peer hostnames (default: all)

Example

admin@tp-cond-primary.tp-cond# show peers hostnames router tp-lab
Fri 2020-04-17 19:16:15 UTC

=================== ======== ======================== ============
Peer Router Hostname IP Address
=================== ======== ======================== ============
tp-lab -> tp-colo tp-lab nodea.router1.128t.com 1.2.3.4
tp-lab -> tp-colo tp-lab nodea.router1.128t.com 1.2.3.4

Completed in 0.24 seconds

show pim interface

Show PIM interface

Usage

show pim interface [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [name <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual PIM Interface [type: IP address]
nameThe global interface to fetch PIM information for
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show pim join

Show PIM join

Usage

show pim join [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual PIM group [type: IP address]
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show pim mroute

Show PIM mroute

Usage

show pim mroute [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressThe Source or Group [type: IP address]
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show pim neighbor

Show PIM neighbor

Usage

show pim neighbor [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [name <name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual PIM Neighbor [type: IP address]
nameSee all neighbors for this interface
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show pim rp-info

Show PIM rp-info

Usage

show pim rp-info [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify address to see individual PIM RP [type: IP address]
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show pim state

Show PIM state

Usage

show pim state [rows <rows>] [vrf <vrf>] [ip-address <ip-address>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-addressSpecify group address to see individual PIM group [type: IP address]
resource-groupThe name of the resource group
routerThe router to request PIM information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show platform

Display platform information of nodes.

Usage

show platform [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<category>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which platform info will be displayed
resource-groupresource group whose routers' platform info will be displayed
routerThe router for which platform info will be displayed (default: <current router>)
Positional Arguments
namedescription
categoryall | cpu | device-interfaces | disk | fan-speeds | memory | operating-system | temperatures | vendor (default: all)
See Also
commanddescription
show stats cpuCPU utilization information
show stats diskDisk usage information
show stats memoryMemory usage information

Description

The show platform command displays properties of the underlying platform upon which the SSR software is running. This can assist in finding PCI addresses and MAC addresses for the hardware in the system, as well as disk information, OS information, etc.

Example

admin@labsystem1.fiedler# show platform
Mon 2017-02-27 16:00:20 EST

========================================================
labsystem1
========================================================

------------------
Memory Information
------------------
Memory:

---------------
CPU Information
---------------
Type: Pentium (Fill By OEM)
Speed: 1.60
Cores: 4

...

Version History

ReleaseModification
3.0.0This feature was introduced

show plugins available

Shows latest verison of plugins available for install.

Usage

show plugins available [{name <name> | category <category>}] [node <node>]
Keyword Arguments
namedescription
categoryFilter plugins by category
nameName of plugin to show
nodeThe node for which to display available plugins (default: all)
See Also
commanddescription
manage plugin installInstall a plugin on conductor.
manage plugin removeRemove an installed plugin.
show plugins categoriesShows all possible plugin categories.
show plugins installedShows installed plugins.

show plugins categories

Shows all possible plugin categories.

Usage

show plugins categories
See Also
commanddescription
manage plugin installInstall a plugin on conductor.
manage plugin removeRemove an installed plugin.
show plugins availableShows latest verison of plugins available for install.
show plugins installedShows installed plugins.

show plugins installed

Shows installed plugins.

Usage

show plugins installed [category <category>] [node <node>]
Keyword Arguments
namedescription
categoryFilter plugins by category
nodeThe node for which to display installed plugins (default: all)
See Also
commanddescription
manage plugin installInstall a plugin on conductor.
manage plugin removeRemove an installed plugin.
show plugins availableShows latest verison of plugins available for install.
show plugins categoriesShows all possible plugin categories.

show plugins state

Show plugin state data for a given plugin

Usage

show plugins state [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<verbosity>] <plugin>
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodenode for which to display plugin state data
resource-groupThe name of the resource group
routerrouter for which to display plugin state data (default: all)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
pluginname of plugin to display state data for

show rib

Displays the contents of the Routing Information Base (RIB)

Usage

show rib [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>} [<route>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display RIB routes
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name
Positional Arguments
namedescription
routeRoute ip-prefix [type: IP prefix]
Subcommands
commanddescription
bgpDisplays the contents of the Routing Information Base (RIB) filtered to show only those learned from BGP.
connectedDisplays the contents of the Routing Information Base (RIB) filtered to show only connected routes.
ospfDisplays the contents of the Routing Information Base (RIB) filtered to show only those learned from OSPF.
staticDisplays the contents of the Routing Information Base (RIB) filtered to show only static routes.
summaryDisplays a summary of the Routing Information Base (RIB)

Description

The show rib subcommand displays the contents of the SSR's Routing Information Base (RIB). This is the complete list of connected, direct, and learned routes on the system. (Note that the output may be quite verbose.)

When issuing the command without any arguments, the entire RIB is displayed.

Example

admin@labsystem1.fiedler# show rib
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,
> - selected route, * - FIB route

C>* 10.0.0.0/16 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.1.0/24 is directly connected, 1-10.0
C>* 172.16.2.0/24 is directly connected, 1-11.0
C>* 172.16.3.0/24 is directly connected, dpdk3

When a specific route is given as an argument to the command, more detail is shown for that route:

admin@labsystem1.fiedler# show rib 10.0.0.0/16 summary
Routing entry for 10.0.0.0/16
Known via "connected", distance 0, metric 0, vrf 0, best
* directly connected, eth0

admin@labsystem1.fiedler#

show rib bgp

Displays the contents of the Routing Information Base (RIB) filtered to show only those learned from BGP.

Usage

show rib bgp [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the RIB
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name

Description

The show rib bgp subcommand displays the contents of the SSR's Routing Information Base (RIB) filtered to show only those learned from BGP.

Example

admin@labsystem1.fiedler# show rib bgp
Fri 2020-04-17 17:23:28 UTC
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route

B> 0.0.0.0/0 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.23/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.24/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.25/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.26/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.27/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.28/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 85.12.94.202/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 64.112.104.111/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 64.112.104.112/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 64.112.104.113/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
B> 64.112.104.114/32 [20/0] via 172.2.34.23 (recursive), 2d10h30m
* via 172.2.34.23, g684 onlink, 2d10h30m
...

show rib connected

Displays the contents of the Routing Information Base (RIB) filtered to show only connected routes.

Usage

show rib connected [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the RIB
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name

Description

The show rib connected subcommand displays the contents of the SSR's Routing Information Base (RIB) filtered to show only the connected routes.

Example

admin@gouda.novigrad# show rib connected
Fri 2020-04-17 18:35:34 UTC
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route

C>* 96.230.191.0/24 is directly connected, g1, 6d05h38m
C>* 169.254.127.126/31 is directly connected, g4294967294, 6d05h38m
C>* 169.254.128.132/32 is directly connected, g5, 6d05h38m
C>* 172.16.0.0/24 is directly connected, g4, 6d05h38m
C>* 192.168.0.0/24 is directly connected, g2, 6d05h38m


Completed in 0.22 seconds

show rib ospf

Displays the contents of the Routing Information Base (RIB) filtered to show only those learned from OSPF.

Usage

show rib ospf [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the RIB
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name

Description

The show rib ospf subcommand displays the contents of the SSR's Routing Information Base (RIB) filtered to show only those learned from OSPF.

Example

@combo-east.ComboEast# show rib ospf
Fri 2020-04-17 19:10:07 UTC
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route

O 172.16.1.0/24 [110/10] is directly connected, g1, 00:03:46
O>* 172.16.2.0/24 [110/20] via 172.16.3.3, g2, 00:15:15
O 172.16.3.0/24 [110/10] is directly connected, g2, 00:15:25

show rib static

Displays the contents of the Routing Information Base (RIB) filtered to show only static routes.

Usage

show rib static [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the RIB
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name

Description

The show rib static subcommand displays the contents of the SSR's Routing Information Base (RIB) filtered to show only static routes.

Example

admin@gouda.novigrad# show rib static
Fri 2020-04-17 18:54:38 UTC
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route

S>* 1.1.1.1/32 [10/0] is directly connected, g1, 00:00:07
S>* 10.10.10.10/32 [5/0] unreachable (blackhole), 00:01:24


Completed in 0.31 seconds

show rib summary

Displays a summary of the Routing Information Base (RIB)

Usage

show rib summary [rows <rows>] [vrf <vrf>] [force] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router for which to display the RIB summary
rowsThe number of rib entries to display at once [type: int or 'all'] (default: 50)
vrfVRF name

Description

The show rib summary command outputs a concise table with statistics on the RIB.

Example

admin@gouda.novigrad# show rib summary
Fri 2020-04-17 18:40:02 UTC
IP Address Family
Route Source Routes FIB (vrf Default-IP-Routing-Table)
kernel 9 9
connected 5 5
------
Totals 14 14

IPv6 Address Family
Route Source Routes FIB (vrf Default-IP-Routing-Table)
------
Totals 0 0

Completed in 0.29 seconds

show roles

Display all configured roles

Usage

show roles [name <name>] [rows <rows>]
Keyword Arguments
namedescription
namerole to display
rowsThe number of roles to display at once [type: int or 'all'] (default: 50)
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show userDisplay information for user accounts.
show user activityShow the most recent usage of SSR.

show security key-status

Display detailed security key status.

Usage

show security key-status [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display security key status
resource-groupThe name of the resource group
routerThe router for which to display security key status (default: <current router>)

Description

The show security key-status subcommand displays information and statistics related to the SSR's security rekeying feature. It will indicate the current key index (which will be common among all routers managed by an SSR conductor) and relevant statistics on when the last rekey event occurred, when the next will occur, etc.

Example

admin@cnd1.conductor# show security key-status
Wed 2018-02-07 12:46:20 EST

=========================================
cnd1.conductor
=========================================
Key manager state: active_leader
Rekey index: 1
Last rekey: n/a
Next rekey: n/a
Key change count: 1
Config key change count: 0
Key change error: n/a
Config key change error: n/a

Completed in 0.17 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

show service

Displays service information at the specified node.

Usage

show service [{service-name <name> | hierarchy-service-name <name> | contains-service-name <name>}] [node <node>] router <router> [<verbosity>]
Keyword Arguments
namedescription
contains-service-nameThe partial substring match to show service info for
hierarchy-service-nameThe hierarchy root to show service info for
nodeThe node for which to display service info (default: all)
routerThe router for which to display service info
service-nameThe exact service name to show service info for
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Description

The show service command display active service information from the SSR. This command has multiple service filters allowing target to specific service or services. Output can be displayed in summary or in detail view.

show service-path

Displays service path information at the specified node.

Usage

show service-path [{service-name <name> | hierarchy-service-name <name> | contains-service-name <name>}] [{rows <rows> | detail}] router <router> node <node>
Keyword Arguments
namedescription
contains-service-nameThe partial substring match for which to display the service path
detailDisplay detail info of service path
hierarchy-service-nameThe hierarchy root for which to display the service path
idpDisplay idp related service-paths
nodeThe node for which to display service path
routerThe router for which to display the service path
rowsThe number of service paths to display at once [type: int or 'all'] (default: 50)
service-nameThe exact service name for which to display the service path

Description

The show service-path command displays active service paths passing through the SSR. This simplifies troubleshooting, allowing you to determine where sessions belonging to a particular service would egress. Multiple service filters allow you to target a specific service or services. Output can be displayed as a summary or in a detail view with pagination support. When using the detail argument, in-path metrics are managed by the performance monitor when enabled. If the performance monitor is not enabled, the local metrics generated by BFD are used.

Example 1 Summary

show service-path

Service Service-route Type Destination Next-Hop Interface Vector Cost Rate Capacity State

Web web-route1 service-agent 4.4.4.4 1.1.1.2 lan red 10 1 200/3000 Up*
Web web-route1 service-agent 4.4.4.4 1.1.1.3 lan red 10 1 200/3000 Up
Web web-route2 service-agent 5.5.5.5 2.2.2.2 lan blue 20 2 50/unlimited Down
Login <None> BgpOverSVR 10.1.1.1 1.2.3.4 wan red 10 3 - Up
Login <None> BgpOverSVR 11.1.1.1 1.2.3.4 wan red 10 1 - Up
App1 <None> Routed - - - - - - - -
App1 learned-routed Routed - - - - - - - -


Example 2 Detail

show service-path service-name web detail
==============
Service: web
==============
Service-Route: web-route1
Type: service-agent
Destination: 4.4.4.4
Next-Hop: 1.1.1.2, Lan(Up)
Peer: unavailable
Path-Metrics:
High
TCP: latency [5ms] loss [3] jitter [2ms]
TLS: latency [3ms] loss [3] jitter [2ms]
UDP: latency [4ms] loss [2] jitter [0ms]
ICMP: latency [3ms] loss [2] jitter [0ms]
Medium
TCP: latency [200ms] loss [200] jitter [200ms] (Exceeds maximum latency of 100ms)
TLS: latency [100ms] loss [100] jitter [100ms]
UDP: latency [100ms] loss [100] jitter [100ms]
ICMP: latency [100ms] loss [100] jitter [100ms]
Low
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Best-Effort
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Vector: Red
Cost: 10
Rate: 1
Capacity: 200/3000
Index: 17

Service-Route: web-route1
Type: service-agent
Destination: 4.4.4.4
Next-Hop: 1.1.1.3, Lan(Down)[Gateway Arp unresolved)
Peer: unavailable
Path-Metrics:
High
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Medium
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Low
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Best-Effort
TCP: latency [0ms] loss [0] jitter [0ms]
TLS: latency [0ms] loss [0] jitter [0ms]
UDP: latency [0ms] loss [0] jitter [0ms]
ICMP: latency [0ms] loss [0] jitter [0ms]
Vector: Red
Cost: 10
Rate: 1
Capacity: 200/3000
Index: 18

Version History

ReleaseModification
5.1.0Detail fields added: Next-hop, Peer, Path-Metrics, Index

show session-captures

Show active session-captures.

Usage

show session-captures [{id <id> | detail}] [{router <router> | resource-group <resource-group>}] [service <service>] [force] [node <node>]
Keyword Arguments
namedescription
detailDisplay session-captures in detail
forceSkip confirmation prompt. Only required when targeting all routers
idThe session-capture to show in detail
nodeThe node on which to show session-captures
resource-groupThe name of the resource group
routerThe router on which to show session-captures (default: all)
serviceService for which to show session-captures (default: all)
See Also
commanddescription
create session-captureCreates a session capture at the specified node and service.
delete session-captureDeletes session capture from selected service.
delete session-capture by-idDeletes session-capture by capture-id from selected service.

show sessions

Displays active sessions passing through the SSR.

Usage

show sessions [{service-name <name> | hierarchy-service-name <name> | contains-service-name <name>}] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
contains-service-nameThe partial substring match to show sessions for
forceSkip confirmation prompt. Only required when targeting all routers
hierarchy-service-nameThe hierarchy root to show sessions for
nodeThe node from which to retrieve session flows
resource-groupThe name of the resource group
routerThe router from which to retrieve session flows
rowsThe number of session flows to display at once [type: int or 'all'] (default: 50)
service-nameThe exact service name to show sessions for
Subcommands
commanddescription
by-idShow information of a session for a given Id
top<bandwidth>

Description

The show sessions command displays active sessions passing through the SSR (or the node specified by the optional node-name argument. The output from the command shows the sessions internal ID (useful for searching through log files), the service, tenant, and source/destination IP information for each active session.

The NAT IP and Port fields will be populated whenever a session is subject to source NAT (see source-nat later in this reference guide for more information). It also shows the timeout value that will cause the session to expire if it remains idle for that number of seconds.

Various services and tenants may display with surrounding braces to indicate that these are internally-generated services and tenants. These internal services and tenants are created when peering between adjacent nodes, establishing BGP sessions, BFD sessions, etc.

info

The contents of the table will vary based upon the software version in use. This applies when, for example, a conductor running a new software version requests session table data from routers running older software versions.

Example

show sessions

admin@gouda.novigrad# show sessions
Fri 2020-04-17 16:55:34 UTC

Node: gouda

====================================== ===== ============= =========== ========== ====== ======= ================= ========== ================= =========== ================= ========== =================== ========= =================
Session Id Dir Service Tenant Dev Name VLAN Proto Src IP Src Port Dest IP Dest Port NAT IP NAT Port Payload Encrypted Timeout Uptime
====================================== ===== ============= =========== ========== ====== ======= ================= ========== ================= =========== ================= ========== =================== ========= =================
01187fb8-765a-45e5-ae90-37d77f15e292 fwd Internet lanSubnet lan 0 udp 192.168.0.28 44674 35.166.173.18 9930 96.230.191.130 19569 false 154 0 days 0:00:28
01187fb8-765a-45e5-ae90-37d77f15e292 rev Internet lanSubnet wan 0 udp 35.166.173.18 9930 96.230.191.130 19569 0.0.0.0 0 false 154 0 days 0:00:28
0859a4ae-bcff-4aa6-b812-79a5236a6c13 fwd Internet lanSubnet lan 0 tcp 192.168.0.41 60843 17.249.171.246 443 96.230.191.130 51941 false 2 0 days 0:00:10
0859a4ae-bcff-4aa6-b812-79a5236a6c13 rev Internet lanSubnet wan 0 tcp 17.249.171.246 443 96.230.191.130 51941 0.0.0.0 0 false 2 0 days 0:00:10
146ebae5-822b-49e3-a0bf-b5329181b9d5 fwd Internet lanSubnet lan 0 tcp 192.168.0.41 60838 17.248.185.112 443 96.230.191.130 53054 false 1879 0 days 0:00:24
146ebae5-822b-49e3-a0bf-b5329181b9d5 rev Internet lanSubnet wan 0 tcp 17.248.185.112 443 96.230.191.130 53054 0.0.0.0 0 false 1879 0 days 0:00:24
1ee1761c-a193-413c-889f-41fd61fe5242 fwd Internet lanSubnet lan 0 udp 192.168.0.72 55723 208.67.222.222 443 96.230.191.130 22918 false 1891 0 days 0:00:11
1ee1761c-a193-413c-889f-41fd61fe5242 rev Internet lanSubnet wan 0 udp 208.67.222.222 443 96.230.191.130 22918 0.0.0.0 0 false 1891 0 days 0:00:11

show sessions by-id

Show information of a session for a given ID.

Usage

show sessions by-id [node <node>] router <router> <id> [<verbosity>]
Keyword Arguments
namedescription
nodeThe node on which to show show session by-id (default: all)
routerThe router on which to show session by-id
Positional Arguments
namedescription
idUnique identifier of a session to be displayed
verbositydetail | summary (default: detail)

Example

show sessions by-id

admin@node1.seattle-site-01# show sessions by-id cea963be-be0b-4a9a-9368-7956b3975687
Thu 2020-11-12 18:49:01 UTC
✔ Retrieving session information...
============================================================================================================================================================================================================
seattle-site-01.node1 Session ID: cea963be-be0b-4a9a-9368-7956b3975687
============================================================================================================================================================================================================
Service name: internet
Session source: SourceType: PUBLIC
Session type: HTTPS
Service class: Bronze
Source tenant: seattle-reid.field-eng.corp
Peer name: N/A
Inter node: N/A
Inter router: N/A
Ingress source nat: N/A
Payload security policy: encrypt-hmac-disabled
Common name info: N/A
Session keys:
Forward session key: [discriminator 42949672960, tenant seattle-reid.field-eng.corp, peer <unknownPeer>, src ip 172.25.128.59, dest ip 23.45.228.49, src port 38562, dest port 443, proto 6]
Reverse session key: [discriminator 42949672960, tenant seattle-reid.field-eng.corp, peer <unknownPeer>, src ip 23.45.228.49, dest ip 96.93.108.35, src port 443, dest port 61291, proto 6]
State info:
Session state: ESTABLISHED
Redundancy state: SYNCED
Time info:
Start time: 0 days 0:02:00
Ttl duration for database: 1900
Forward flows:
Key: [src ip 172.25.128.59, dest ip 23.45.228.49, src l4 port 38562, dest l4 port 443, proto 6, vlan 6, device port 3]
Direction: forward
Tcp state: Established
Packets received: 30
Packets sent: 30
Decrypt security policy: <empty>
Action list: DpiIngress TtlValidateIpv4 TcpStateMachine IpHeaderTransform EthernetHeaderTransform AppForward
Time to live: 1781
Path index: 0
Attributes:
Path key: NextHop : 1-1.0=96.93.108.38, destination Ip <empty>/128
Arp status: Valid
Waypoint key: <empty>
Source nat key: dynamic source nat; address 96.93.108.35; port 61291; protocol tcp (6)
Metadata security policy: <empty>
Reverse flows:
Key: [src ip 23.45.228.49, dest ip 96.93.108.35, src l4 port 443, dest l4 port 61291, proto 6, vlan 0, device port 1]
Direction: reverse
Tcp state: Established
Packets received: 31
Packets sent: 31
Decrypt security policy: <empty>
Action list: TtlValidateIpv4 TcpStateMachine DpiEgress IpHeaderTransform EthernetHeaderTransform AppForward
Time to live: 1781
Path index: 0
Attributes:
Path key: NextHop : 1-3.6=172.25.128.59, destination Ip 172.25.128.59/32
Arp status: Valid
Waypoint key: <empty>
Source nat key: <empty>
Metadata security policy: <empty>

Version History

ReleaseModification
1.0.0This feature was introduced
3.0.0Added node keyword to enforce PCLI consistency
3.1.0Was show flows - Substantially reformatted output
4.5.3Added by-id subcommand

show sessions top bandwidth

Display the top sessions ordered by bandwidth.

Usage

show sessions top bandwidth [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router for which to display top sessions by bandwidth
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Description

The top bandwidth subcommand will list, in order, the top ten highest consumers of bandwidth among all active sessions. This is useful to understand the current utilization on your SSR network resources.

Example

admin@gouda.novigrad# show sessions top bandwidth
Fri 2020-04-17 16:59:01 UTC

Node: gouda

============= ==================== ==================== ========== ========== ===================
Bandwidth Source Destination Protocol Service Tenant
============= ==================== ==================== ========== ========== ===================
695.50 kbps 192.168.0.32:59066 3.21.226.121:8801 udp Internet MikeMBP.lanSubnet
343.72 kbps 192.168.0.72:61321 52.207.7.190:443 tcp Internet lanSubnet
151.55 kbps 192.168.0.32:51109 3.21.226.121:8801 udp Internet MikeMBP.lanSubnet
130.15 kbps 192.168.0.72:61320 54.174.137.247:443 tcp Internet lanSubnet
8.42 kbps 192.168.0.32:51417 3.21.226.121:8801 udp Internet MikeMBP.lanSubnet
7.74 kbps 192.168.0.72:51018 208.67.222.222:443 udp Internet lanSubnet
6.72 kbps 192.168.0.72:51015 208.67.222.222:443 udp Internet lanSubnet
6.49 kbps 192.168.0.32:55306 35.174.127.31:443 tcp Internet MikeMBP.lanSubnet
5.94 kbps 192.168.0.32:56504 3.21.226.121:443 tcp Internet MikeMBP.lanSubnet
3.27 kbps 192.168.0.68:64345 17.167.192.225:443 tcp Internet lanSubnet

Completed in 0.10 seconds

show stats

Please refer to the Show Stats Reference for detailed information about show stats.

show step clients

Show STEP clients

Usage

show step clients [rows <rows>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request STEP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show step lsdb

Show STEP link state database

Usage

show step lsdb [rows <rows>] [originator <originator-name>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
originatorThe STEP originating router
resource-groupThe name of the resource group
routerThe router to request STEP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show step routes

Show STEP routes

Usage

show step routes [rows <rows>] [node <node-name>] [service <service-name>] [ip-prefix <prefix>] [force] {router <router> | resource-group <resource-group>} [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
ip-prefixSTEP routes for this ip prefix [type: IP prefix]
nodeSTEP routes on this node
resource-groupThe name of the resource group
routerThe router to request STEP information from
rowsThe number of items to display at once [type: int or 'all'] (default: 50)
serviceSTEP routes for this service
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show step-repo clients

Show STEP repo clients

Usage

show step-repo clients [<verbosity>]
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

show system

Display detailed system state.

Usage

show system [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display system state
resource-groupThe name of the resource group
routerThe router for which to display system state (default: <current router>)
Subcommands
commanddescription
connectivityDisplay inter-node connection statuses.
processesDisplay a table summarizing the statuses of processes.
registryShows registered services from the system services coordinator for the specified process, node or router.
servicesDisplay a table summarizing statuses of SSR systemd services.
software<available> | <download> | <upgrade>
versionShow system version information.
See Also
commanddescription
show alarmsDisplay currently active or shelved alarms

Description

The show system subcommand displays overall system health for the nodes that comprise your SSR. It includes the state of the node ("starting" is displayed when the node is in the process of starting up and is not yet ready for handling traffic, "running" means the node is active, "offline" means the node is configured but not currently present), its role, software version, and uptime.

Example

admin@labsystem1.fiedler# show system
Mon 2017-02-27 15:11:06 EST

===============================
labsystem1
===============================
Status: running
Version: 4.3.2
Uptime: 4 days 6:17:31
Role: combo
Alarm Count: 0

Completed in 0.22 seconds

show system connectivity

Display inter-node connection statuses.

Usage

show system connectivity [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display connection statuses
resource-groupThe name of the resource group
routerThe router for which to display connection statuses (default: <current router>)
Subcommands
commanddescription
internalDisplays inter-node secure communication connections.

Description

The connectivity subcommand displays the state of all connected systems. On an SSR Conductor, this is a convenient way to display all of the nodes that are connected, disconnected, or "unconfigured". (Note: when a node appears as unconfigured, it means that it is attempting to connect to the SSR conductor, but that conductor does not have any supporting configuration to supply to it.)

Example

admin@cnd1.conductor# show system connectivity
Fri 2018-02-09 09:30:48 EST

================ ================ ==============
Local Node Remote Node State
================ ================ ==============
cnd1.conductor b1.branch1 disconnected
cnd1.conductor dc1.datacenter disconnected
cnd1.conductor dc2.datacenter disconnected

Completed in 0.20 seconds

show system connectivity internal

Displays inter-node secure communication connections.

Usage

show system connectivity internal [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display internal connections
resource-groupThe name of the resource group
routerThe router for which to display internal connections (default: <current router>)

Description

The internal subcommand of show system connectivity internal will report all interprocess connections that are currently available on the system, as well as connections between a router and conductor (if applicable).

Example

admin@cnd1.conductor# show system connectivity internal
Fri 2018-02-09 09:31:38 EST

================ ================ ================= ================= ===========
Local Node Remote Node Service Address Message
================ ================ ================= ================= ===========
cnd1.conductor cnd1.conductor Zookeeper 127.0.0.1:4370 Connected
cnd1.conductor cnd1.conductor db-store 127.0.0.2:9042 Connected
cnd1.conductor cnd1.conductor ssc 127.0.0.2:12222 Connected
cnd1.conductor cnd1.conductor step-repository 127.0.0.2:15555 Connected

Completed in 0.27 seconds

show system processes

Display a table summarizing the statuses of processes.

Usage

show system processes [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display statuses of processes
resource-groupThe name of the resource group
routerThe router for which to display statuses of processes (default: <current router>)
See Also
commanddescription
show stats processMetrics about SSR processes

Description

The processes subcommand will list the processes for all nodes in the cluster, and which processes on which nodes are considered leaders (from a high availability standpoint).

Example

admin@tp-cond-primary.tp-cond# show system processes router tp-colo
Wed 2020-04-15 20:35:32 UTC

=========================== ============================= ========= ========= =======
Node Process Status Primary Role
=========================== ============================= ========= ========= =======
tp-colo-primary.tp-colo accessManager running combo
tp-colo-primary.tp-colo analyticsReporter running combo
tp-colo-primary.tp-colo applicationFrameworkManager running combo
tp-colo-primary.tp-colo conflux running combo
tp-colo-primary.tp-colo databaseQueryCoordinator running combo
tp-colo-primary.tp-colo dnsManager running Y combo
tp-colo-primary.tp-colo dynamicPeerUpdateManager running Y combo
tp-colo-primary.tp-colo highway running combo
tp-colo-primary.tp-colo nodeMonitor running combo
tp-colo-primary.tp-colo persistentDataManager running combo
tp-colo-primary.tp-colo redisServerManager running Y combo
tp-colo-primary.tp-colo routingManager running Y combo
tp-colo-primary.tp-colo secureCommunicationManager running combo
tp-colo-primary.tp-colo securityKeyManager running Y combo
tp-colo-primary.tp-colo snmpTrapAgent running combo
tp-colo-primary.tp-colo stateMonitor running combo
tp-colo-primary.tp-colo systemServicesCoordinator running combo
tp-colo-secondary.tp-colo accessManager running combo
tp-colo-secondary.tp-colo analyticsReporter running combo
tp-colo-secondary.tp-colo applicationFrameworkManager running combo
tp-colo-secondary.tp-colo conflux running combo
tp-colo-secondary.tp-colo databaseQueryCoordinator running combo
tp-colo-secondary.tp-colo dnsManager running N combo
tp-colo-secondary.tp-colo dynamicPeerUpdateManager running N combo
tp-colo-secondary.tp-colo highway running combo
tp-colo-secondary.tp-colo nodeMonitor running combo
tp-colo-secondary.tp-colo persistentDataManager running combo
tp-colo-secondary.tp-colo redisServerManager running N combo
tp-colo-secondary.tp-colo routingManager running N combo
tp-colo-secondary.tp-colo secureCommunicationManager running combo
tp-colo-secondary.tp-colo securityKeyManager running N combo
tp-colo-secondary.tp-colo snmpTrapAgent running combo
tp-colo-secondary.tp-colo stateMonitor running combo
tp-colo-secondary.tp-colo systemServicesCoordinator running combo

Completed in 0.23 seconds

show system registry

Shows registered services from the system services coordinator for the specified process, node or router.

Usage

show system registry [<router-name>] [<node-name>] [<process-name>]
Positional Arguments
namedescription
router-nameThe router from which to retrieve registered services (default: all)
node-nameThe node from which to retrieve registered services (default: all)
process-nameThe process from which to retrieve registered services (default: all)
See Also
commanddescription
show stats registered-servicesStats pertaining to Registered Services
show stats sscMetrics pertaining to the SSC

Description

The registry subcommand shows the processes/services that have registered with the local system's "SSC" (system services coordinator). On an SSR Conductor, this will show all of the connected routers_ registered system processes/services.

Example

admin@tp-cond-primary.tp-cond# show system registry
Wed 2020-04-15 20:39:35 UTC

=========== ===================== ============================ ===============================
Router Node Process Registered Service
=========== ===================== ============================ ===============================
burl-corp burl-corp-primary all ALL
burl-corp burl-corp-secondary all ALL
tp-colo tp-colo-primary all ALL
tp-colo tp-colo-secondary all ALL
tp-cond tp-cond-primary accessManager LOG
tp-cond tp-cond-secondary accessManager LOG
tp-cond tp-cond-primary analyticsReporter LOG
tp-cond tp-cond-secondary analyticsReporter LOG
tp-cond tp-cond-primary automatedProvisioner ASSET_STATE_SYNC
tp-cond tp-cond-primary automatedProvisioner ASSET_MAINTENANCE
tp-cond tp-cond-primary automatedProvisioner LOG
tp-cond tp-cond-secondary automatedProvisioner ASSET_MAINTENANCE
tp-cond tp-cond-secondary automatedProvisioner LOG
tp-cond tp-cond-secondary automatedProvisioner AUTOMATED_PROVISIONING
tp-cond tp-cond-primary conflux LOG
tp-cond tp-cond-secondary conflux LOG
tp-cond tp-cond-primary databaseQueryCoordinator STATS
tp-cond tp-cond-primary databaseQueryCoordinator AUDIT
tp-cond tp-cond-primary databaseQueryCoordinator ENTITLEMENT
tp-cond tp-cond-primary databaseQueryCoordinator ANALYTICS
tp-cond tp-cond-primary databaseQueryCoordinator LOG
tp-cond tp-cond-secondary databaseQueryCoordinator ANALYTICS
tp-cond tp-cond-secondary databaseQueryCoordinator ENTITLEMENT
tp-cond tp-cond-secondary databaseQueryCoordinator STATS
tp-cond tp-cond-secondary databaseQueryCoordinator LOG
tp-cond tp-cond-secondary databaseQueryCoordinator AUDIT
tp-cond tp-cond-primary dnsManager DNS_RESOLUTION
tp-cond tp-cond-primary dnsManager LOG
tp-cond tp-cond-secondary dnsManager LOG
tp-cond tp-cond-secondary dnsManager DNS_RESOLUTION
tp-cond tp-cond-primary dynamicPeerUpdateManager LOG
tp-cond tp-cond-secondary dynamicPeerUpdateManager CONDUCTOR_SHOW_DYNAMIC_PEER
tp-cond tp-cond-secondary dynamicPeerUpdateManager CONDUCTOR_DYNAMIC_PEER_UPDATE
tp-cond tp-cond-secondary dynamicPeerUpdateManager LOG
tp-cond tp-cond-primary nodeMonitor GET_PCI_ADDRESSES
tp-cond tp-cond-primary nodeMonitor NODE_INFO
tp-cond tp-cond-primary nodeMonitor LDAP_INFO
...

show system services

Display a table summarizing statuses of SSR systemd services.

Usage

show system services [{router <router> | resource-group <resource-group>}] [force] [node <node>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display statuses
resource-groupThe name of the resource group
routerThe router for which to display statuses (default: <current router>)

Description

Most SSR processes are under the control of a process aptly named the processManager. Some services must exist outside of the control of the processManager and are instead goverened by Linux's systemd. show system services displays a table summarizing statuses of SSR systemd services.

Example

admin@tp-cond-primary.tp-cond# show system services
Wed 2020-04-15 20:41:18 UTC

========================= ============================== ==============
Node Service Active State
========================= ============================== ==============
tp-cond-primary.tp-cond 128T-plugin-adapter.service active
tp-cond-primary.tp-cond 128TWeb.service active
tp-cond-primary.tp-cond 128TWebAuth.service active
tp-cond-primary.tp-cond auditd.service active
tp-cond-primary.tp-cond mars.service active
tp-cond-primary.tp-cond prank.service active
tp-cond-primary.tp-cond t128-process-metrics.service active
tp-cond-primary.tp-cond tank.service active

Completed in 0.11 seconds

show system software available

Display new versions of the SSR that can be installed.

Usage

show system software available [<verbosity>]
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.

show system software download

Display in-progress and completed downloads of new SSR versions.

Usage

show system software download [version <version>]
Keyword Arguments
namedescription
versionDisplay state about only a single version
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software upgradeFollow an in-progress upgrade.
show system versionShow system version information.

show system software upgrade

Follow an in-progress upgrade.

Usage

show system software upgrade
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system versionShow system version information.

show system version

Show system version information.

Usage

show system version [{router <router> | resource-group <resource-group>}] [force] [node <node>] [<verbosity>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node to show version information for
resource-groupThe name of the resource group
routerThe router to show version information for (default: <current router>)
Positional Arguments
namedescription
verbositydetail | summary (default: summary)
See Also
commanddescription
delete system softwareRemove or cancel a previously started download.
request system software downloadDownload a new version of the SSR.
request system software upgradeUpgrade to a new version of the SSR.
set system software imageSet the boot image.
show system software availableDisplay new versions of the SSR that can be installed.
show system software downloadDisplay in-progress and completed downloads of new SSR versions.
show system software upgradeFollow an in-progress upgrade.

Description

The version argument displays more detailed information about the software build (number, date) that is running on your system.

Example

admin@gouda.novigrad# show system version detail
Wed 2020-04-15 20:49:21 UTC

==============================================================
Node: gouda.novigrad
==============================================================
Version: 4.3.2
Build Date: 2020-04-09T18:00:17Z
Build Machine: releasehost1.openstacklocal
Build User: jenkins
Build Directory: /i95code
Hash: 137944e030d9fdc2f7d6c037a32722e540ced67d
Package: 128T-4.3.2-1.el7

Completed in 0.06 seconds

show tenant members

Shows the prefix-to-tenant associations by network-interface on the specified node.

Usage

show tenant members [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve tenant members
resource-groupThe name of the resource group
routerThe router from which to retrieve tenant members
rowsThe number of tenant members to display at once [type: int or 'all'] (default: 50)

Description

The show tenant subcommand displays the mapping logic that the SSR uses for associating the source IP address of inbound requests to tenant definitions – whether they be interface-based (i.e., a tenant has been configured on a network-interface) or member based (i.e., a prefix has been configured within a neighborhood).

Example

admin@gouda.novigrad# show tenant members
Wed 2020-04-15 19:10:00 UTC

Node: gouda

============ ========= =================== ================ =================== ==================== =============
Device I/F VLAN ID Network I/F Network I/F IP Source IP Prefix Tenant Source Type
============ ========= =================== ================ =================== ==================== =============
lan 0 lan-interface 192.168.0.2 192.168.0.0/24 lanSubnet PUBLIC
lan 0 lan-interface 192.168.0.2 192.168.0.32/32 MBP.lanSubnet PUBLIC
lan 3000 lan-untrusted 172.16.0.1 0.0.0.0/0 untrustedLanSubnet PUBLIC
wan 0 wan-interface 96.230.191.130 35.156.0.0/14 blocklist PUBLIC
wan 0 wan-interface 96.230.191.130 217.0.0.0/8 blocklist PUBLIC
wan 0 wan-interface 96.230.191.130 218.0.0.0/8 blocklist PUBLIC
dh00000001 0 dhcp-server-gen-2 169.254.128.132 0.0.0.0/0 <global> PUBLIC
kni254 0 controlKniIf 169.254.127.126 0.0.0.0/0 _internal_ PUBLIC
wan 0 wan-interface 96.230.191.130 220.0.0.0/8 blocklist PUBLIC
wan 0 wan-interface 96.230.191.130 222.0.0.0/8 blocklist PUBLIC

Completed in 9.01 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

show top sources

Show top sources (by source address) over the last 30 minutes at the specified node.

Usage

show top sources [by <by>] [rows <rows>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
bytotal-data | session-count [type: metric] (default: total-data)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node from which to retrieve top sources
resource-groupThe name of the resource group
routerThe router from which to retrieve top sources
rowsThe number of top sources to display at once [type: int or 'all'] (default: 10)

Description

The show top sources command will render a table displaying the highest consumers (by source address) of data or rote number of sessions.

Example

admin@gouda.novigrad# show top sources
Wed 2020-04-15 18:48:19 UTC
Results from last 30 minutes

Node: gouda

============== =================== ============== =============== ===================
Source IP Tenant Total Data ▾ Session Count Current Bandwidth
============== =================== ============== =============== ===================
192.168.0.23 lanSubnet 2.10 GB 62 0 bps
192.168.0.25 lanSubnet 1.36 GB 238 3.44 Mbps
192.168.0.32 MBP.lanSubnet 157.78 MB 1337 46.81 kbps
192.168.0.53 lanSubnet 44.98 MB 856 0 bps
192.168.0.72 lanSubnet 36.87 MB 91 9.60 kbps
192.168.0.41 lanSubnet 32.19 MB 325 0 bps
192.168.0.78 lanSubnet 5.83 MB 52 216 bps
192.168.0.68 lanSubnet 3.80 MB 212 0 bps
192.168.0.3 lanSubnet 2.34 MB 398 21.41 kbps
192.168.0.5 lanSubnet 1.21 MB 150 0 bps

Completed in 0.07 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

show udp-transform

Display the status of UDP transform between peers.

Usage

show udp-transform [peer <peer>] [force] [node <node>] {router <router> | resource-group <resource-group>}
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node for which to display transform status
peerOnly display udp-transforms for a single peer (default: all)
resource-groupThe name of the resource group
routerThe router for which to display transform status

Description

An SSR may need to transform TCP packets into UDP packets to enable SVR to traverse stateful firewalls. By default, the SSR runs a firewall detector process over peer paths, and will dynamically enable UDP transform when necessary. (Administrators may also elect to enable UDP transform if they know there are stateful firewalls in the path.) This command shows whether a path has UDP transform enabled, and if so, which firewall detection tests triggered the feature to be enabled.

Example

admin@labsystem1.fiedler# show udp-transform router newton
============= ============ ============ ========== =========================================
Router Name Node Name Peer Status Reason(s)
============= ============ ============ ========== =========================================
newton labsystem2 becket enabled TCP SYN; Mid-flow; TCP SYN Jumbo;
becket enabled TCP SYN; TCP SYN Jumbo;
burlington enabled TCP SYN; Mid-flow; TCP SYN Jumbo;

show user

Display information for user accounts.

Usage

show user [<username>]
Positional Arguments
namedescription
usernamethe name of the account to display (default: <current user>)
Subcommands
commanddescription
activityShow the most recent usage of SSR.
lock-statusDisplay failed login attempts.
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show user activityShow the most recent usage of SSR.

Description

The show user subcommand displays the attributes for the specified user account (i.e., whether the account is enabled, the user's full name, and their role).

Example

admin@labsystem1.fiedler# show user jdeveloper

=============================
Information for jdeveloper:
=============================
Enabled: true
Full Name: Joe Developer
Role: admin

admin@labsystem1.fiedler#

If the SSR is configured to obtain user accounts from LDAP, the connectivity status of the LDAP server is displayed at the end of the output.

admin@labsystem1.fiedler# show user all

============== ====================== ======= =============== =========
Username Full Name Roles Features Enabled
============== ====================== ======= =============== =========
admin admin configure true
user user user show-commands true
jdeveloper Joe Developer admin configure true


LDAP server is configured and online

Version History

ReleaseModification
2.0.0This feature was introduced
4.4.0LDAP status was added to show user all

show user activity

Show the most recent usage of SSR.

Usage

show user activity [from <from>] [to <to>] [rows <rows>] [<username>]
Keyword Arguments
namedescription
fromOnly show events after the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo. [type: timestamp]
rowsThe number of events to display at once [type: int] (default: 50)
toOnly show events before the provided time. Can either be a timestamp or a delta, such as 45m, 1d, or 1mo [type: timestamp]
Positional Arguments
namedescription
usernamethe name of the account to display (default: <current user>)
See Also
commanddescription
create userCreate a new user account interactively.
delete userDelete a user account
delete user tokensRevoke API access tokens for a user.
edit promptAllows the user to specify a custom format for the PCLI prompt.
edit userModify an existing user account
edit user modeEdit the current user's configuration mode.
restore promptRestore the PCLI prompt to the factory default.
restore users factory-defaultRestore the user configuration to factory defaults.
set passwordChange your password.
show rolesDisplay all configured roles
show userDisplay information for user accounts.

show user lock-status

Display failed login attempts.

Usage

show user lock-status [<username>]
Positional Arguments
namedescription
usernamethe name of the account to display (default: all)

Description

Display information from the faillock database about failed login attempts, whether the account is locked, and when the user will be allowed to attempt another password-based login.

User's can become locked out of the system if they are in violation of the password-policy that is specified in configure authority password-policy. The policy allows an administrator to configure the maximum number of password attempts (deny,) and the amount of time that the account must remain locked until the next valid attempt may be allowed (unlock-time.)

show vrf

Show VRF name, tenants, and interfaces

Usage

show vrf [force] {router <router> | resource-group <resource-group>} [<verbosity>]

Description

Provides details about all configured VRF’s including name, tenants, network-interfaces, and routing-interfaces in each VRF. Use to verify whether the configuration was specified correctly and resulted in the desired VRF state.

Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe router to request VRF information from
Positional Arguments
namedescription
verbositydetail | summary (default: summary)

Example

show vrf
Wed 2020-12-09 19:56:31 UTC

Retrieving from 'ComboEast'...

======= ========= ==================== ====================
Name Tenants Routing Interfaces Network Interfaces
======= ========= ==================== ====================
chips chips lo0-chips combo-east 12-173
salsa salsa lo0-salsa
tacos tacos combo-east 10-174

Completed in 0.03 seconds

Version History

ReleaseModification
5.1.0This feature was introduced

sync peer addresses

Synchronize dynamic addresses (DHCP and PPPoE) between routers and a conductor.

Usage

sync peer addresses [{router <router> | resource-group <resource-group>}] [force]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
resource-groupThe name of the resource group
routerThe name of the router to synchronize (default: <current router>)
See Also
commanddescription
show dynamic-peer-updateDisplay view of dynamic peer update on the conductor.
show stats dynamic-peer-updateStats pertaining to dynamic peer update processes

Description

This command will force a network element (or group of network elements) to synchronize any dynamically-learned IP addresses to its conductor. (The conductor will redistribute these dynamic addresses to other members of the Authority as necessary.)

Example

admin@cnd1.conductor# sync peer addresses
Fri 2018-02-09 09:46:44 EST
Successfully synchronized dynamic peer addresses

Completed in 0.06 seconds

Version History

ReleaseModification
3.2.0This feature was introduced

time

Force another command to display its execution time.

Usage

time <command> [<command> ...]
Positional Arguments
namedescription
commandCommand to run and time

Description

When time preceeds another command, it will provide the total amount of wall clock time it takes for the operation to complete. Natively not all PCLI commands output the duration it takes to complete the operation. The time command, much like the Linux version, provides this information.

Example

Are you sure you want to commit the candidate config? [y/N]: y
✔ Validating, then committing...
Configuration committed

admin@gouda.novigrad# time commit
Wed 2020-04-15 15:50:26 UTC
Are you sure you want to commit the candidate config? [y/N]: y
✔ Validating, then committing...
Configuration committed
Completed in 4.86 seconds

trace

Trace the HTTP API calls of another command, for troubleshooting purposes.

Usage

trace [verbose] [verbose] [verbose] [no-logs] <command> [<command> ...]
Keyword Arguments
namedescription
no-logsDo not display log messages.
verboseInclude additional information about each request and response. This argument can be repeated up to 3 times
Positional Arguments
namedescription
commandTrace another command's HTTP calls

Description

The trace command is used when attempting to determine what SSR services need to be inspected during troubleshooting.

traceroute

Print the route packets take to network host.

Usage

traceroute [max-hops <max-hops>] [wait-time <wait-time>] [egress-interface <egress-interface>] [source-ip <source-ip>] [gateway-ip <gateway-ip>] [service <service>] [tenant <tenant>] [peer <peer>] router <router> node <node> <destination-ip>
Keyword Arguments
namedescription
egress-interfaceNetwork interface on which to originate the traceroute session
gateway-ipThe gateway address on the egress interface [type: IP address]
max-hopsThe maximum number of hops before the operation is terminated [type: int]
nodeThe node on which to start the traceroute
peerThe peer name for the traceroute command
routerThe router on which to start the traceroute
serviceThe service for the traceroute command
source-ipThe source address. Optional if the matching service utilizes a source-nat [type: IP address] (default: 127.0.0.1)
tenantThe tenant name for the traceroute command
wait-timeThe maximum time, in seconds, to wait for a response to each probe (default 3s) [type: int]
Positional Arguments
namedescription
destination-ipThe destination address [type: IP address]

Description

The Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route one's packets follow (or finding the miscreant gateway that's discarding your packets) can be difficult. Traceroute utilizes the IP protocol 'time to live' field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. Each iteration of the traceroute algorithm will execute three probes. The maximum time that the entire algorithm can take is 3 x wait-time x max-hops.

  • Service Traceroute: Enter the service name and destination-ip. (Additional arguments are optional)

traceroute service <service-name> tenant <tenant-name> source-ip <address> <destination-ip>

The source-ip is only required if there is no source-nat configured. If you omit the source-ip without source-nat configured, then you will get an error requesting to either apply source-nat, or provide a source-ip.

  • Routed Traceroute: Enter the destination-ip. By specifying the optional arguments egress-interface and gateway-ip, routed traceroute will bypass the service, tenant, and routing table.

traceroute <destination-ip> egress-interface <interface-name> <gateway-ip>

  • Peer Traceroute: Enter the peer name, egress-interface, and destination-ip. (Additional arguments are optional)

traceroute peer <peer> egress-interface <interface-name> <destination-ip>

Example

admin@combo-west-a.combo-west# traceroute service east tenant red 172.16.1.201
Running traceroute...
traceroute to 172.16.1.201, 64 hops max
1. 172.16.102.101 10ms 7ms 1ms
2. 172.16.101.1 20ms 5ms 2ms
3. 172.16.4.1 42ms 5ms 6ms
4. 172.16.1.201 4ms 4ms 3ms

Version History:

ReleaseModification
6.1.0Introduced
6.2.3-R2Updates and improvements made to the keyword arguments

validate

Validate the candidate config.

Usage

validate [router <router>]
Keyword Arguments
namedescription
routerThe name of the router (default: <current router>)

Description

This command validates the current candidate configuration to check for referential integrity among the various configuration objects, to check for the use of deprecated configuration elements, and to supply warnings when various configuration elements cannot be validated.

Many configuration elements within the SSR refer to other configuration elements by their name. If an administrator mistypes a name, or a referenced object is deleted without updating the source of that reference, this candidate configuration is said to be invalid. By using the validate command, administrators can ensure their configuration is valid prior to committing it to be the running configuration.

note

Validation occurs automatically whenever the commit command is run; this standalone command allows administrators to check for validity without requiring that the configuration is committed immediately.

The validate command provides warnings when a configuration contains deprecated elements - elements that are scheduled for removal in a future release of the SSR software. This is to give administrators the opportunity to replace the impacted configuration stanzas with their replacement.

The validate command will also provide warnings when a configuration cannot be validated and requires administrative oversight.

When validation fails, the administrator is notified via output to the CLI. The output from the validate command will identify the configuration that is failing validation.

When run from an SSR conductor, the conductor only validates the configuration itself locally. If the user wishes, the conductor has the ability to distribute the configuration to all managed routers for each of them to validate it and report the results of their validation. This operation is much slower than local validation because the conductor must wait for all routers to report their results and some may be unreachable or timeout. The user may request a distributed validation by executing validate router all.

note

validation occurs automatically whenever the commit command is run; this standalone command allows administrators to check for validity without requiring that the configuration is committed immediately.

Example

admin@node1.bernstein# validate
✖ Validating...
% Error: Candidate configuration is invalid:
1. inter-node-security is required
reported by router 'bernstein'

config
authority
router datacenter

Version History

ReleaseModification
1.0.0This feature was introduced

where

Display the current location in the CLI hierarchy.

Usage

where

Description

This command returns the user's current position within the CLI hierarchy. When executed from the main CLI prompt, it returns nothing. When executed from within the configuration tree, it returns the user's current position within the tree.

Example

admin@labsystem1.fiedler# where
admin@labsystem1.fiedler# conf auth router newton
admin@labsystem1.fiedler (router[name=newton])# where
configure authority router newton
admin@labsystem1.fiedler (router[name=newton])#

Version History

ReleaseModification
1.0.0This feature was introduced

write log message

Write a message to the log.

Usage

write log message [force] [router <router>] [node <node>] <message> [<process-name>]
Keyword Arguments
namedescription
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to log
routerThe router on which to log (default: <current router>)
Positional Arguments
namedescription
messageThe message to write to the log (messages with a space must be surrounded with quotes)
process-nameThe process to which to write a log message (default: all)
See Also
commanddescription
rotate logRotate log files.
set log levelSet the log level of a process.
write log snapshotWrite a snapshot to the log.

Description

The write log message command lets administrators write messages into log files; this is typically used as a marker during troubleshooting exercises, to insert a string that can later be located to reference the onset of a test.

Example

admin@labsystem1.fiedler# write log message "---- starting test here ----"
Log message successfully written
admin@labsystem1.fiedler#

This message will appear in the log files with the category type "USER", as is demonstrated here:

[admin@labsystem1 ~]$ tail -n 5 /var/log/128technology/stateMonitor.log
"message" : "No connectivity to labsystem5.burlington",
"value" : "2"
}}
Total alarms for node: 0
Mar 13 14:14:38.345 [USER| -- ] INFO (stateMonitPoller) ---- starting test here ----
[admin@labsystem1 ~]$

Version History

ReleaseModification
2.0.0This feature was introduced

write log snapshot

Write a snapshot to the log.

Usage

write log snapshot [category <category>] [force] [router <router>] [node <node>] [<process-name>]
Keyword Arguments
namedescription
categoryThe log category for which to write the snapshot. (default: all)
forceSkip confirmation prompt. Only required when targeting all routers
nodeThe node on which to log
routerThe router on which to log (default: <current router>)
Positional Arguments
namedescription
process-nameThe process to write a snapshot (default: all)
See Also
commanddescription
rotate logRotate log files.
set log levelSet the log level of a process.
write log messageWrite a message to the log.

Description

The write log snapshot command is debugging tool that outputs zookeeper state information related information to each respective process that utilizes zookeeper.

Example

admin@gouda.novigrad# write log snapshot
The snapshot was successfully written
[root@novigrad ~]# less /var/log/128technology/persistentDataManager.log
...
Apr 14 17:23:43.538 [DATA| -- ] INFO (persistentPoller) Zookeeper debug snapshot info:
zk::Client:
clientID = 0x1010444f3f60003
IO thread = 0x8d432700
Completion thread = 0x8cc31700
Current state = Connected (3)
Current server = 127.0.0.1:2181
Servers = 127.0.0.1:2181
History:
Apr 11 12:56:01.675 zk::Client::connectRequested
Apr 11 12:56:01.682 zk::Client::onConnect
zk::Node: event history for dead Nodes
History:
================================================================================
PersistentDataZooKeeper for statePda
Reader recipes: 0
Writer recipes: 3
...