1 .. This work is licensed under a creative commons attribution 4.0 international
3 .. http://creativecommons.org/licenses/by/4.0
4 .. (c) opnfv, national center of scientific research "demokritos" and others.
12 This chapter provides a commonly used sampleVNFs CLI commmands description.
13 The more detailed information and details will be available from the CLI
21 The routeadd command provides a mechanism to add the routing entries for the
24 The destination device me be directly(host) attached or attached to net. The
25 parameter net or host should be used accordngly along with other information.
33 routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable>
37 routeadd net 0 202.16.100.20 0xffff0000
38 routeadd net 1 172.16.40.20 0xffff0000
39 routeadd host 0 202.16.100.20
40 routeadd host 1 172.16.40.20
49 routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable>
53 routeadd net 0 fec0::6a05:caff:fe30:21b0 64
54 routeadd net 1 2012::6a05:caff:fe30:2081 64
55 routeadd host 0 fec0::6a05:caff:fe30:21b0
56 routeadd host 1 2012::6a05:caff:fe30:2081
59 The route can also be added to the VNF as a config parameters. This method is
60 deprecated and not recommended to use but is supported for backward
69 ARP route table entries (ip, mask, if_port, nh) hex values with no 0x
73 arp_route_tbl = (c0106414,FFFF0000,0,c0106414)
74 arp_route_tbl = (ac102814,FFFF0000,1,ac102814)
83 ARP route table entries (ip, mask, if_port, nh) hex values with no 0x
87 nd_route_tbl = (0064:ff9b:0:0:0:0:9810:6414,120,0,0064:ff9b:0:0:0:0:9810:6414)
88 nd_route_tbl = (0064:ff9b:0:0:0:0:9810:2814,120,1,0064:ff9b:0:0:0:0:9810:2814)
93 The arpadd command is provided to add the static arp entries to the VNF.
101 p <arpicmp_pipe_id> arpadd <interface_id> <ip_address in deciaml> <mac addr in hex>
105 p 1 arpadd 0 202.16.100.20 00:ca:10:64:14:00
106 p 1 arpadd 1 172.16.40.20 00:ac:10:28:14:00
115 p <arpicmp_pipe_id> arpadd <interface_id> <ip_address in deciaml> <mac addr in hex>
119 p 1 arpadd 0 0064:ff9b:0:0:0:0:9810:6414 00:00:00:00:00:01
120 p 1 arpadd 1 0064:ff9b:0:0:0:0:9810:2814 00:00:00:00:00:02
125 Loadbalancer CLI commands for debug
130 -------------------------------------------------------------
132 -------------------------------------------------------------
133 p <pipe_id> lbentry dbg 0 0 To show received packets count
134 p <pipe_id> lbentry dbg 1 0 To reset received packets count
135 p <pipe_id> lbentry dbg 2 0 To set debug level
136 p <pipe_id> lbentry dbg 3 0 To display debug level
137 p <pipe_id> lbentry dbg 4 0 To display port statistics
143 The arpls command is used to list the arp and route entries.
149 P <pipe_id> arpls <0: IPv4, 1: IPv6>
157 vFW Specific commands
158 =====================
159 The following list of commands are specific to VFW pipeline.
163 Refer to "action add" CLI command line help to get more details.
164 Many options are available for this command for accept, fwd, count, conntrack
169 This command must be executed to apply the ACL rules configured.
180 This command is used to add teh ACL rules to vFW
182 Adding ACL rules for IPv4:
188 p vfw add <priority> <src_ip> <mask> <dst_ip> <mask> <src_port_start> <src_port_end> <dst_port_start> <dst_port_end> <protocol_mask> <action_id>
189 ;Log info: Prio = 1 (SA = 202.0.0.0/8, DA = 192.0.0.0/8, SP = 0-65535, DP = 0-65535, Proto = 0 / 0x0) => Action ID = 1
193 p vfw add 2 202.16.100.20 8 172.16.40.20 8 0 65535 0 65535 0 0 1
194 p vfw add 2 172.16.40.20 8 202.16.100.20 8 0 65535 0 65535 0 0 0
197 Adding ACL rules for IPv6:
203 p vfw add <priority> <src_ip> <mask> <dst_ip> <mask> <src_port_start> <src_port_end> <dst_port_start> <dst_port_end> <protocol_mask> <action_id>
207 p vfw add 2 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 1
208 p vfw add 2 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 0
233 Enable or disable the counterdump using the following commands
239 p vfw counterdump start
240 p vfw counterdump stop
244 Enable or Disable the dynamic debug logs
258 Enable or disable the firewall basic filtering using following commands.
265 p <pipe_id> vfw firewall 0
268 p <pipe_id> vfw firewall 1
272 Enable or disable the synproxy using following commands.
279 p <pipe_id> vfw synproxy 0
282 p <pipe_id> vfw synproxy 1
286 Enable or disable the connection tracking per VFW pipeline
292 To enable connection tracking
293 p action add <pipe_id> conntrack
295 To disable connection tracking
296 p action del <pipe_id> conntrack
302 A new file containing ACL rules and actions. The existing ACL rules and actions are
308 p vfw loadrules <rule file>
311 p vfw loadrules ./config/acl_script_rules.tc
315 List the ACL rules in vFW
321 List Active ACL rules
324 List Standby ACL rules
328 vACL Specific commands
329 ======================
330 Following are the typical commands used in vACL. Refer to CLI command line
331 prompt for more details.
336 Using pipeline CLI, an action can be added using the following command:
341 p action add <action-id> <action> <optional option>
346 p action add 1 accept
356 Where a port # must be specified
360 Where a port # must be specified
363 p action ls <pipleine-id>
368 Using pipeline CLI, an ACL rule can be added using the following command:
373 p acl add <priority> <src-ip> <mask> <dst-ip> <mask> <src-port-from> <src-port-to> <dst-port-from> <dst-port-to> <protocol> <protocol-mask> <action-id>
376 p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1
378 UDP only with source and destination IP addresses:
379 p acl add 1 172.16.100.00 24 172.16.40.00 24 0 65535 0 65535 17 255 1
380 p acl add 1 172.16.40.00 24 172.16.100.00 24 0 65535 0 65535 17 255 1
383 p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 17 255 1
387 p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1
392 Using pipeline CLI, the list of current ACL rules can be viewed using:
405 Using pipeline CLI, an ACL rule can be deleted using the following command:
410 p acl del <src-ip> <mask> <dst-ip> <mask> <src-port-from> <src-port-to> <dst-port-from> <dst-port-to> <protocol> <protocol-mask>
413 p acl del 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0
440 A new file containing ACL rules and actions. The existing ACL rules and actions are
446 p acl loadrules <rule file>
449 p acl loadrules ./config/acl_script_rules.tc
454 Debug logs can be turn on or turn off using the following commands
467 vCGNAT Specific commands
468 ========================
470 The following are the details of the CLI commands supported by vCGNAT.
471 Refer to vCGNAPT application CLI command prompt help more details.
475 To add bulk vCGNAPT entries
476 p <pipe_id> entry addm <prv_ip/prv_ipv6> <prv_port> <pub_ip> <pub_port> <phy_port> <ttl> <no_of_entries> <end_prv_port> <end_pub_port>
478 To add single vCGNAPT entry
479 p <pipe_id> entry add <prv_ip/prv_ipv6> <prv_port> <pub_ip> <pub_port> <phy_port> <ttl>
481 To delete single vCGNAPT entry
482 p <pipe_id> entry del <prv_ip/prv_ipv6> <prv_port> <phy_port>
484 Displays all vCGNAPT static entries
487 To display debug level , bulk entries added count
488 p <pipe_id> entry dbg 3 0 0
490 To show counters info
491 p <pipe_id> entry dbg 3 3 0
493 To show physical port statistics
494 p <pipe_id> entry dbg 6 0 0
496 To show SWQ number stats
497 p <pipe_id> entry dbg 6 1 <SWQ number>
499 For code instrumentation
500 p <pipe_id> entry dbg 7 0 0
502 Displays CGNAPT version
503 p <pipe_id> entry ver 1 0
505 To enable ipv6 traffic.
506 p <pipe_id> entry dbg 11 1 0
508 To disable ipv6 traffic.
509 p <pipe_id> entry dbg 11 0 0
511 To add Network Specific Preifx and depth in prefix table
512 p <pipe_id> nsp add <nsp_prefix/depth>
514 To delete Network Specific Preifx and depth in prefix table
515 p <pipe_id> nsp del <nsp_prefix/depth>
517 To show nsp prefix/depth configured/added in prefix table.
518 p <pipe_id> entry dbg 13 0 0
520 To show number of clients per public IP address
521 p <pipe_id> entry dbg 14 0 0
523 To show list of public IP addresses
524 p <pipe_id> entry dbg 15 0 0
526 To show number of clients per public IP address
530 p <pipe_id> entry dbg 11 1 0