Configuration Command Reference Guide

configure authority

Authority configuration is the top-most level in the SSR configuration hierarchy.

Subcommands

command	description
access-management	Role Based Access Control (RBAC) configuration.
alarm-shelving	Configuration to control alarm shelving behavior.
anti-virus-profile	User defined Anti-Virus profiles.
asset-connection-resiliency	Configure Asset Connection Resiliency
backwards-compatible-vrf-bgp-tenants	When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
bgp-service-generation	Configure Bgp Service Generation
certificate-revocation	Certificate revocation list with CRL details.
cli-messages	Configure Cli Messages
client-certificate	The client-certificate configuration contains client certificate content.
clone	Clone a list item
conductor-address	IP address or FQDN of the conductor
currency	Local monetary unit.
delete	Delete configuration data
district	Districts in the authority.
dscp-map	Configure Dscp Map
dynamic-hostname	Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier, {router-name} for Router Name, {authority-name} for Authority Name. For example, interface-\{interface-id\}.\{router-name\}.\{authority-name\}.
enhanced-security-key-management	Use certificate-based security key management.
fib-service-match	When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.
forward-error-correction-profile	A profile for Forward Error Correection parameters, describing how often to send parity packets.
icmp-control	Settings for ICMP packet handling
idp-profile	User defined IDP profiles.
ipfix-collector	Configuration for IPFIX record export.
ipv4-option-filter	Configure Ipv 4 Option Filter
ldap-server	LDAP Servers against which to authenticate user credentials.
management-service-generation	Configure Management Service Generation
metrics	Configuration for metrics collection.
metrics-profile	A collection of metrics
name	The identifier for the Authority.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
password-policy	Password policy for user's passwords.
pcli	Configure the PCLI.
performance-monitoring-profile	A performance monitoring profile used to determine how often packets should be marked.
radius-server	Radius Servers against which to authenticate user credentials.
rekey-interval	Hours between security key regeneration. Recommended value 24 hours.
remote-login	Configure Remote Login
resource-group	Collect objects into a management group.
router	The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.
routing	authority level routing configuration
secure-conductor-onboarding	Configure Secure Conductor Onboarding
security	The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets.
security-key-management	Configure Security Key Management
service	The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services.
service-class	Defines the association between DSCP value and a priority queue.
service-policy	A service policy, which defines parameters applied to services that reference the policy
session-record-profile	A profile to describe how to collect session records.
session-records	Configure Session Records
session-recovery-detection	Configure Session Recovery Detection
session-type	Type of session classification based on protocol and port, and associates it with a default class of service.
show	Show configuration data for 'authority'
software-access	Configuration for SSR software access for the authority. Supported on managed assets only.
software-update	Configure Software Update
step	Configure Step
step-repo	List of Service and Topology Exchange Protocol repositories.
syslog-policy	Configuration for syslog message generation.
tenant	A customer or user group within the Authority.
traffic-profile	A set of minimum guaranteed bandwidths, one for each traffic priority
trusted-ca-certificate	The trusted-ca-certificate configuration contains CA certificate content.
web-messages	Configure Web Messages
web-theme	Configure Web Theme

configure authority access-management

Role Based Access Control (RBAC) configuration.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
role	Configure Role
show	Show configuration data for 'access-management'
token	Configuration for HTTP authentication token generation.

configure authority access-management role

Configure Role

Usage

configure authority access-management role <name>

Positional Arguments

name	description
name	A unique name that identifies this role.

Subcommands

command	description
capability	The capabilities that this user will be granted.
clone	Clone a list item
delete	Delete configuration data
description	A description about the role.
exclude-resource	Exclude a resource from being associated with this role.
name	A unique name that identifies this role.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource	Associate this role with a resource.
resource-group	Associate this role with a top-level resource-group.
show	Show configuration data for 'role'

configure authority access-management role capability

The capabilities that this user will be granted.

Usage

configure authority access-management role capability [<identityref>]

Positional Arguments

name	description
identityref	Value to add to this list

Description

identityref

A value from a set of predefined names.

Options:

• config-read: Configuration Read Capability
• config-write: Configuration Write Capability
• provisioning: Asset Provisioning Capability

configure authority access-management role description

A description about the role.

Usage

configure authority access-management role description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority access-management role exclude-resource

Exclude a resource from being associated with this role.

Usage

configure authority access-management role exclude-resource <id>

Positional Arguments

name	description
id	Configure Id

Subcommands

command	description
id	Configure Id
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'exclude-resource'

configure authority access-management role exclude-resource id

Configure Id

Usage

configure authority access-management role exclude-resource id [<resource-id>]

Positional Arguments

name	description
resource-id	The value to set for this field

Description

resource-id (string)

The identifier of the resource.

Must be either just a * asterisk or an identifier followed by a colon which is then followed by either an asterisk, or a path that contains only valid yang names and list-keys separated by forward-slashes and optionally followed by a forward-slash and an asterisk.

Example: SSR:/authority/router/MyRouter/*

configure authority access-management role name

A unique name that identifies this role.

Usage

configure authority access-management role name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority access-management role resource

Associate this role with a resource.

Usage

configure authority access-management role resource <id>

Positional Arguments

name	description
id	Configure Id

Subcommands

command	description
delete	Delete configuration data
generated	Indicates whether or not the resource was automatically generated
id	Configure Id
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'resource'

configure authority access-management role resource generated

Indicates whether or not the resource was automatically generated

Usage

configure authority access-management role resource generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority access-management role resource id

Configure Id

Usage

configure authority access-management role resource id [<resource-id>]

Positional Arguments

name	description
resource-id	The value to set for this field

Description

resource-id (string)

The identifier of the resource.

Must be either just a * asterisk or an identifier followed by a colon which is then followed by either an asterisk, or a path that contains only valid yang names and list-keys separated by forward-slashes and optionally followed by a forward-slash and an asterisk.

Example: SSR:/authority/router/MyRouter/*

configure authority access-management role resource-group

Associate this role with a top-level resource-group.

Usage

configure authority access-management role resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority access-management token

Configuration for HTTP authentication token generation.

Subcommands

command	description
delete	Delete configuration data
expiration	Minutes after initial authentication that the authentication token is valid.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'token'

configure authority access-management token expiration

Minutes after initial authentication that the authentication token is valid.

Usage

configure authority access-management token expiration [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Units: minutes

Default: never

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 1-18446744073709551615

(1) enumeration

A value from a set of predefined names.

Options:

• never: Never expire

configure authority alarm-shelving

Configuration to control alarm shelving behavior.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
shelf	Shelf configuration and criteria for classifying alarms as shelved.
show	Show configuration data for 'alarm-shelving'

configure authority alarm-shelving shelf

Shelf configuration and criteria for classifying alarms as shelved.

Usage

configure authority alarm-shelving shelf <name>

Positional Arguments

name	description
name	An arbitrary name for the alarm shelf.

Subcommands

command	description
applies-to	Logical group to which a configuration element applies
category	Shelve alarms for this category.
clone	Clone a list item
delete	Delete configuration data
generated	Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation.
match-type	How the individual items in the shelf should be matched in order to trigger the shelving
message-regex	Shelve alarms with messages that match this regex.
name	An arbitrary name for the alarm shelf.
node-name	Shelve alarms from this node.
node-name-regex	Shelve alarms from nodes that match this regex.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
router-name	Shelve alarms from this router.
router-name-regex	Shelve alarms from routers that match this regex.
severity	Shelve alarms for this severity.
show	Show configuration data for 'shelf'

Release	Modification
6.3.0	Alarm suppression feature introduced

configure authority alarm-shelving shelf applies-to

Logical group to which a configuration element applies

Usage

configure authority alarm-shelving shelf applies-to <type>

Positional Arguments

name	description
type	Type of group to which the configuration applies.

Subcommands

command	description
delete	Delete configuration data
group-name	Name of the router-group to which this configuration applies.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Name of the resource-group to which this configuration applies.
router-name	Name of the router to which this configuration applies.
show	Show configuration data for 'applies-to'
type	Type of group to which the configuration applies.

configure authority alarm-shelving shelf applies-to group-name

Name of the router-group to which this configuration applies.

Usage

configure authority alarm-shelving shelf applies-to group-name [<leafref>]

Positional Arguments

name	description
leafref	Value to add to this list

Description

leafref

A reference to an existing value in the instance data.

configure authority alarm-shelving shelf applies-to resource-group

Name of the resource-group to which this configuration applies.

Usage

configure authority alarm-shelving shelf applies-to resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority alarm-shelving shelf applies-to router-name

Name of the router to which this configuration applies.

Usage

configure authority alarm-shelving shelf applies-to router-name [<leafref>]

Positional Arguments

name	description
leafref	Value to add to this list

Description

leafref

A reference to an existing value in the instance data.

configure authority alarm-shelving shelf applies-to type

Type of group to which the configuration applies.

Usage

configure authority alarm-shelving shelf applies-to type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• authority: Applies to all routers in the authority.
• router: Router(s) to which the configuration applies.
• router-group: Logical group of router(s) to which the configuration applies.
• resource-group: An RBAC management group to which the configuration applies

configure authority alarm-shelving shelf category

Shelve alarms for this category.

Usage

configure authority alarm-shelving shelf category [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• none: A Category of "none" indicates that Category will not be considered when evaluating alarms against this shelf
• extensible-alarm: Shelve alarms with a category of "extensible-alarm"
• system: Shelve alarms with a category of "system"
• process: Shelve alarms with a category of "process"
• interface: Shelve alarms with a category of "interface"
• platform: Shelve alarms with a category of "platform"
• peer: Shelve alarms with a category of "peer"
• base: Shelve alarms with a category of "base"
• node-base: Shelve alarms with a category of "node-base"
• global-base: Shelve alarms with a category of "global-base"
• network-interface: Shelve alarms with a category of "network-interface"
• platform-stat: Shelve alarms with a category of "platform-stat"
• redundancy: Shelve alarms with a category of "redundancy"
• giid: Shelve alarms with a category of "giid"
• asset: Shelve alarms with a category of "asset"
• prefix-delegation: Shelve alarms with a category of "prefix-delegation"
• service: Shelve alarms with a category of "service"
• bgp-neighbor: Shelve alarms with a category of "bgp-neighbor"
• msdp-neighbor: Shelve alarms with a category of "msdp-neighbor"

configure authority alarm-shelving shelf generated

Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation.

Usage

configure authority alarm-shelving shelf generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority alarm-shelving shelf match-type

How the individual items in the shelf should be matched in order to trigger the shelving

Usage

configure authority alarm-shelving shelf match-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: all

enumeration

A value from a set of predefined names.

Options:

• all: All items in the shelf must match an alarm in order to trigger the shelving.
• any: At least one item in the shelf must match an alarm in order to trigger the shelving

configure authority alarm-shelving shelf message-regex

Shelve alarms with messages that match this regex.

Usage

configure authority alarm-shelving shelf message-regex [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority alarm-shelving shelf name

An arbitrary name for the alarm shelf.

Usage

configure authority alarm-shelving shelf name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority alarm-shelving shelf node-name

Shelve alarms from this node.

Usage

configure authority alarm-shelving shelf node-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority alarm-shelving shelf node-name-regex

Shelve alarms from nodes that match this regex.

Usage

configure authority alarm-shelving shelf node-name-regex [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority alarm-shelving shelf router-name

Shelve alarms from this router.

Usage

configure authority alarm-shelving shelf router-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority alarm-shelving shelf router-name-regex

Shelve alarms from routers that match this regex.

Usage

configure authority alarm-shelving shelf router-name-regex [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority alarm-shelving shelf severity

Shelve alarms for this severity.

Usage

configure authority alarm-shelving shelf severity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• info: Shelve alarms with a severity level of "info"
• minor: Shelve alarms with a severity level of "minor"
• major: Shelve alarms with a severity level of "major"
• critical: Shelve alarms with a severity level of "critical"
• none: A Severity of "none" indicates that Severity will not be considered when evaluating alarms against this shelf

configure authority anti-virus-profile

User defined Anti-Virus profiles.

Usage

configure authority anti-virus-profile <name>

Positional Arguments

name	description
name	Name of the profile.

Subcommands

command	description
delete	Delete configuration data
fallback-option	Defines what action the system should take for the match.
max-filesize	Configure Max Filesize
mime-allowlist	MIME patterns for allowing
name	Name of the profile.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol	Defines protocols to allow.
show	Show configuration data for 'anti-virus-profile'
url-allowlist	URL patterns for allowing

configure authority anti-virus-profile fallback-option

Defines what action the system should take for the match.

Usage

configure authority anti-virus-profile fallback-option [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: log-and-permit

enumeration

A value from a set of predefined names.

Options:

• permit: Permit content size.
• log-and-permit: Log and Permit content size.
• block: Block content size.

configure authority anti-virus-profile max-filesize

Configure Max Filesize

Usage

configure authority anti-virus-profile max-filesize [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Default: 10000

uint64

An unsigned 64-bit integer.

configure authority anti-virus-profile mime-allowlist

MIME patterns for allowing

Usage

configure authority anti-virus-profile mime-allowlist [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

configure authority anti-virus-profile name

Name of the profile.

Usage

configure authority anti-virus-profile name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Anti-Virus profile name (default-policy|no-ftp|http-only|none) is reserved. Length: 0-20

configure authority anti-virus-profile protocol

Defines protocols to allow.

Usage

configure authority anti-virus-profile protocol [<enumeration>]

Positional Arguments

name	description
enumeration	Value to add to this list

Description

enumeration

A value from a set of predefined names.

Options:

• http: Allow HTTP protocol.
• smtp: Allow SMTP protocol.
• pop3: Allow POP3 protocol.
• imap: Allow IMAP protocol.
• ftp: Allow FTP protocol.

configure authority anti-virus-profile url-allowlist

URL patterns for allowing

Usage

configure authority anti-virus-profile url-allowlist [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

configure authority asset-connection-resiliency

Configure Asset Connection Resiliency

Subcommands

command	description
delete	Delete configuration data
enabled	Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'asset-connection-resiliency'
ssh-only	Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.

configure authority asset-connection-resiliency enabled

Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.

Usage

configure authority asset-connection-resiliency enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority asset-connection-resiliency ssh-only

Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.

Usage

configure authority asset-connection-resiliency ssh-only [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority backwards-compatible-vrf-bgp-tenants

When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3

Usage

configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority bgp-service-generation

Configure Bgp Service Generation

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
route-reflector-client-mesh	Generate service-route mesh for route reflector clients.
security-policy	Security policy to be used instead of 'internal'.
service-policy	Service policy to be used for generated BGP services.
show	Show configuration data for 'bgp-service-generation'

configure authority bgp-service-generation route-reflector-client-mesh

Generate service-route mesh for route reflector clients.

Usage

configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority bgp-service-generation security-policy

Security policy to be used instead of 'internal'.

Usage

configure authority bgp-service-generation security-policy [<security-ref>]

Positional Arguments

name	description
security-ref	The value to set for this field

Description

security-ref (leafref)

This type is used by other entities that need to reference configured security policies.

configure authority bgp-service-generation service-policy

Service policy to be used for generated BGP services.

Usage

configure authority bgp-service-generation service-policy [<service-policy-ref>]

Positional Arguments

name	description
service-policy-ref	The value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority certificate-revocation

Certificate revocation list with CRL details.

Usage

configure authority certificate-revocation <name>

Positional Arguments

name	description
name	An identifier for the certificate revocation.

Subcommands

command	description
backoff-interval	A delay in seconds to apply between polling different CRL endpoints to avoid excessive concurrent download attempts.
clone	Clone a list item
crl-endpoint	Configure Crl Endpoint
delete	Delete configuration data
name	An identifier for the certificate revocation.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
polling-interval	Frequency in minutes at which to fetch CRLs. Default is 60 minutes. Valid range is (1,10080).
show	Show configuration data for 'certificate-revocation'

configure authority certificate-revocation backoff-interval

A delay in seconds to apply between polling different CRL endpoints to avoid excessive concurrent download attempts.

Usage

configure authority certificate-revocation backoff-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-60

configure authority certificate-revocation crl-endpoint

Configure CRL Endpoint

Usage

configure authority certificate-revocation crl-endpoint <name>

Positional Arguments

name	description
name	Configure Name

Subcommands

command	description
delete	Delete configuration data
delta-uri	Override the URL to use to fetch a delta CRL.
name	Configure Name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'crl-endpoint'
uri	Override the URL to use to fetch a CRL.

configure authority certificate-revocation crl-endpoint delta-uri

Override the URL to use to fetch a delta CRL.

Usage

configure authority certificate-revocation crl-endpoint delta-uri [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must start with scheme: http Must contain contain only alphanumeric characters Length: 1-18446744073709551615

configure authority certificate-revocation crl-endpoint name

Configure Name

Usage

configure authority certificate-revocation crl-endpoint name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority certificate-revocation crl-endpoint uri

Override the URL to use to fetch a CRL.

Usage

configure authority certificate-revocation crl-endpoint uri [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must start with scheme: http Must contain contain only alphanumeric characters Length: 1-18446744073709551615

configure authority certificate-revocation name

An identifier for the certificate revocation.

Usage

configure authority certificate-revocation name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority certificate-revocation polling-interval

Frequency in minutes at which to fetch CRLs. Default is 60 minutes. Valid range is 1-10080.

Usage

configure authority certificate-revocation polling-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: minutes

Default: 60

uint32

An unsigned 32-bit integer.

Range: 1-10080

configure authority cli-messages

Configure Cli Messages

Subcommands

command	description
delete	Delete configuration data
login-message	The message displayed before login through console.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'cli-messages'
welcome-message	The message displayed after a successful login through console.

configure authority cli-messages login-message

The message displayed before login through console.

Usage

configure authority cli-messages login-message [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority cli-messages welcome-message

The message displayed after a successful login through console.

Usage

configure authority cli-messages welcome-message [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority client-certificate

The client-certificate configuration contains client certificate content.

Usage

configure authority client-certificate <name>

Positional Arguments

name	description
name	An identifier for the client certificate.

Subcommands

command	description
content	Client certificate content.
delete	Delete configuration data
file	Name of file that contains certificate content.
name	An identifier for the client certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'client-certificate'
validation-mode	Client certificate validation mode.

configure authority client-certificate content

Client certificate content.

Usage

configure authority client-certificate content [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority client-certificate file

Name of file that contains certificate content.

Usage

configure authority client-certificate file [<filepointer>]

Positional Arguments

name	description
filepointer	The value to set for this field

Description

filepointer (string)

A string representing an allowable security related file name.

Must contain only alphanumeric characters or any of the following: _ - .

configure authority client-certificate name

An identifier for the client certificate.

Usage

configure authority client-certificate name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority client-certificate validation-mode

Client certificate validation mode.

Usage

configure authority client-certificate validation-mode [<certificate-validation-mode>]

Positional Arguments

name	description
certificate-validation-mode	The value to set for this field

Description

certificate-validation-mode (enumeration)

Sets the mode of certificate validation

Options:

• strict: Reject insecure certificates during import.
• warn: Warn when importing insecure certificates

configure authority conductor-address

IP address or FQDN of the conductor

Usage

configure authority conductor-address [<host>]

Positional Arguments

name	description
host	Value to add to this list

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority currency

Local monetary unit.

Usage

configure authority currency [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

Default: USD

string

A text value.

configure authority district

Districts in the authority.

Usage

configure authority district <name>

Positional Arguments

name	description
name	Name of the district.

Subcommands

command	description
delete	Delete configuration data
name	Name of the district.
neighborhood	Neighborhoods which belong to this district.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Associate this district with a top-level resource-group.
show	Show configuration data for 'district'

configure authority district name

Name of the district.

Usage

configure authority district name [<non-default-district-name>]

Positional Arguments

name	description
non-default-district-name	The value to set for this field

Description

non-default-district-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority district neighborhood

Neighborhoods which belong to this district.

Usage

configure authority district neighborhood [<neighborhood-id>]

Positional Arguments

name	description
neighborhood-id	Value to add to this list

Description

neighborhood-id (string)

A string identifier for network neighborhood.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority district resource-group

Associate this district with a top-level resource-group.

Usage

configure authority district resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority dscp-map

Configure Dscp Map

Usage

configure authority dscp-map <name>

Positional Arguments

name	description
name	The name of the DSCP map

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
dscp-prioritization	Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.
dscp-traffic-class	Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.
name	The name of the DSCP map
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Associate this DSCP map with a top-level resource-group.
show	Show configuration data for 'dscp-map'

configure authority dscp-map dscp-prioritization

Mapping from incoming DSCP value to a priority. These values are used when in DSCP trust mode.

Usage

configure authority dscp-map dscp-prioritization <priority>

Positional Arguments

name	description
priority	The priority assigned to the incoming DSCP value.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
dscp-range	Configure Dscp Range
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
priority	The priority assigned to the incoming DSCP value.
show	Show configuration data for 'dscp-prioritization'

configure authority dscp-map dscp-prioritization dscp-range

Configure Dscp Range

Usage

configure authority dscp-map dscp-prioritization dscp-range <start-value>

Positional Arguments

name	description
start-value	Lower DSCP number.

Subcommands

command	description
delete	Delete configuration data
end-value	Upper DSCP number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dscp-range'
start-value	Lower DSCP number.

configure authority dscp-map dscp-prioritization dscp-range end-value

Upper DSCP number.

Usage

configure authority dscp-map dscp-prioritization dscp-range end-value [<dscp-end-value>]

Positional Arguments

name	description
dscp-end-value	The value to set for this field

Description

dscp-end-value (uint8)

Upper dscp range value. Default value is the start dscp value

Range: 0-63

configure authority dscp-map dscp-prioritization dscp-range start-value

Lower DSCP number.

Usage

configure authority dscp-map dscp-prioritization dscp-range start-value [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

dscp (uint8) (required)

A DSCP value (0-63)

Range: 0-63

configure authority dscp-map dscp-prioritization priority

The priority assigned to the incoming DSCP value.

Usage

configure authority dscp-map dscp-prioritization priority [<priority-id>]

Positional Arguments

name	description
priority-id	The value to set for this field

Description

priority-id (uint8)

An unsigned 8-bit integer.

Range: 0-3

configure authority dscp-map dscp-traffic-class

Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode.

Usage

configure authority dscp-map dscp-traffic-class <traffic-class>

Positional Arguments

name	description
traffic-class	The traffic-class assigned to the incoming DSCP value.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
dscp-range	Configure Dscp Range
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dscp-traffic-class'
traffic-class	The traffic-class assigned to the incoming DSCP value.

configure authority dscp-map dscp-traffic-class dscp-range

Configure Dscp Range

Usage

configure authority dscp-map dscp-traffic-class dscp-range <start-value>

Positional Arguments

name	description
start-value	Lower DSCP number.

Subcommands

command	description
delete	Delete configuration data
end-value	Upper DSCP number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dscp-range'
start-value	Lower DSCP number.

configure authority dscp-map dscp-traffic-class dscp-range end-value

Upper DSCP number.

Usage

configure authority dscp-map dscp-traffic-class dscp-range end-value [<dscp-end-value>]

Positional Arguments

name	description
dscp-end-value	The value to set for this field

Description

dscp-end-value (uint8)

Upper dscp range value. Default value is the start dscp value

Range: 0-63

configure authority dscp-map dscp-traffic-class dscp-range start-value

Lower DSCP number.

Usage

configure authority dscp-map dscp-traffic-class dscp-range start-value [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

dscp (uint8) (required)

A DSCP value (0-63)

Range: 0-63

configure authority dscp-map dscp-traffic-class traffic-class

The traffic-class assigned to the incoming DSCP value.

Usage

configure authority dscp-map dscp-traffic-class traffic-class [<traffic-class-id>]

Positional Arguments

name	description
traffic-class-id	The value to set for this field

Description

traffic-class-id (enumeration)

Relative priority of traffic.

Options:

• high: High priority traffic class.
• medium: Medium priority traffic class.
• low: Low priority traffic class.
• best-effort: Best-effort priority traffic class.

configure authority dscp-map name

The name of the DSCP map

Usage

configure authority dscp-map name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority dscp-map resource-group

Associate this DSCP map with a top-level resource-group.

Usage

configure authority dscp-map resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority dynamic-hostname

Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier, {router-name} for Router Name, {authority-name} for Authority Name. For example, interface-{interface-id}.{router-name}.{authority-name}.

Usage

configure authority dynamic-hostname [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

Default: interface-{interface-id}.{router-name}.{authority-name}

string

A text value.

Must contain substitution variables: {interface-id} for Network Interface Global Identifier {router-name} for Router Name {authority-name} for Authority Name For example, interface-{interface-id}.{router-name}.{authority-name}. Any other characters must be alphanumeric or any of the following: - _ .

configure authority enhanced-security-key-management

Use certificate-based security key management.

Usage

configure authority enhanced-security-key-management [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority fib-service-match

When creating FIB entries by matching route updates to service addresses, consider the specified service addresses.

Usage

configure authority fib-service-match [ best-match-only | any-match ]

Positional Arguments

name	description
best-match-only	This is the default value, and legacy behavior. When comparing prefixes from a route update to addresses configured in services, only addresses with the longest prefix match for a particular route are considered. In cases of transport overlap, services are visited in alphabetical order.
any-match	All service addresses that match the route update are considered when creating the FIB entries, including those with prefixes shorter than the update or those that do not have the best match service address. The transports from the service with the longest prefix are considered first. This minimizes missed entries, but may result in a higher FIB usage.

Description

Default: best-match-only

enumeration

A value from a set of predefined names.

Options:

• best-match-only: Longest matching service prefix only.
• any-match: All service prefixes are considered.

configure authority forward-error-correction-profile

A profile for Forward Error Correection parameters, describing how often to send parity packets.

Usage

configure authority forward-error-correction-profile <name>

Positional Arguments

name	description
name	The name of the Forward Error Correction profile

Subcommands

command	description
delete	Delete configuration data
mode	Whether to dynamically adjust forward error correction to account for observed loss.
name	The name of the Forward Error Correction profile
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
ratio	The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.
show	Show configuration data for 'forward-error-correction-profile'

configure authority forward-error-correction-profile mode

Whether to dynamically adjust forward error correction to account for observed loss.

Usage

configure authority forward-error-correction-profile mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: dynamic

enumeration

A value from a set of predefined names.

Options:

• dynamic: Alter ratio of packets to parity based on loss observed.
• static: Use a consistent ratio of packets to parity regardless of loss.

configure authority forward-error-correction-profile name

The name of the Forward Error Correction profile

Usage

configure authority forward-error-correction-profile name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority forward-error-correction-profile ratio

The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted.

Usage

configure authority forward-error-correction-profile ratio [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 10

uint8

An unsigned 8-bit integer.

Range: 2-50

configure authority icmp-control

Settings for ICMP packet handling

Subcommands

command	description
delete	Delete configuration data
icmp-async-reply	Whether to allow ICMP replies to be forwarded without corresponding requests.
icmp-session-match	How to differentiate ICMP sessions.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'icmp-control'

configure authority icmp-control icmp-async-reply

Whether to allow ICMP replies to be forwarded without corresponding requests.

Usage

configure authority icmp-control icmp-async-reply [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: allow

enumeration

A value from a set of predefined names.

Options:

• drop: ICMP replies without matching requests are dropped.
• allow: ICMP replies without matching requests are forwarded.

configure authority icmp-control icmp-session-match

How to differentiate ICMP sessions.

Usage

configure authority icmp-control icmp-session-match [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: identifier-only

enumeration

A value from a set of predefined names.

Options:

• identifier-only: ICMP sessions are based on identifier.
• identifier-and-type: ICMP sessions are based on identifier and type.

configure authority idp-profile

User defined IDP profiles.

Usage

configure authority idp-profile <name>

Positional Arguments

name	description
name	Name of the profile.

Subcommands

command	description
base-policy	Base policy used when building rules.
clone	Clone a list item
delete	Delete configuration data
name	Name of the profile.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rule	Configure Rule
show	Show configuration data for 'idp-profile'

configure authority idp-profile base-policy

Base policy used when building rules.

Usage

configure authority idp-profile base-policy [<idp-policy>]

Positional Arguments

name	description
idp-policy	The value to set for this field

Description

idp-policy (enumeration) (required)

Predefined policies for intrusion detection actions.

Options:

• alert: A policy that only alerts.
• standard: The standard blocking and alerting policy.
• strict: A strict blocking and alerting policy.
• critical: A strict blocking and alerting policy with dynamic group critical.

configure authority idp-profile name

Name of the profile.

Usage

configure authority idp-profile name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - IDP profile name (alert|strict|standard|none) is reserved. Length: 0-63

configure authority idp-profile rule

Configure Rule

Usage

configure authority idp-profile rule <name>

Positional Arguments

name	description
name	Name of the rule.

Subcommands

command	description
delete	Delete configuration data
description	Description of the rule.
match	The options to use for matching.
name	Name of the rule.
outcome	The outcome applied to the match
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rule'

configure authority idp-profile rule description

Description of the rule.

Usage

configure authority idp-profile rule description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority idp-profile rule match

The options to use for matching.

Subcommands

command	description
client-address	Client address prefix to match in the rule.
delete	Delete configuration data
destination-address	Destination address prefix to match in the rule.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
severities	List of severity to match in the rule.
severity	Match vulnerabilities only with severity mentioned or above.
show	Show configuration data for 'match'
vulnerability	List of custom vulnerabilities to match in the rule.

configure authority idp-profile rule match client-address

Client address prefix to match in the rule.

Usage

configure authority idp-profile rule match client-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority idp-profile rule match destination-address

Destination address prefix to match in the rule.

Usage

configure authority idp-profile rule match destination-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority idp-profile rule match severities

List of severity to match in the rule.

Usage

configure authority idp-profile rule match severities [<idp-severity>]

Positional Arguments

name	description
idp-severity	Value to add to this list

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

• minor: Filter minor or higher vulnerabilities.
• major: Filter major or higher vulnerabilities.
• critical: Filter only critical vulnerabilities.

configure authority idp-profile rule match severity

Match vulnerabilities only with severity mentioned or above.

Usage

configure authority idp-profile rule match severity [<idp-severity>]

Positional Arguments

name	description
idp-severity	The value to set for this field

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

• minor: Filter minor or higher vulnerabilities.
• major: Filter major or higher vulnerabilities.
• critical: Filter only critical vulnerabilities.

configure authority idp-profile rule match vulnerability

List of custom vulnerabilities to match in the rule.

Usage

configure authority idp-profile rule match vulnerability [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

configure authority idp-profile rule name

Name of the rule.

Usage

configure authority idp-profile rule name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority idp-profile rule outcome

The outcome applied to the match

Subcommands

command	description
action	Defines what action the system should take for the match.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
severity	Modify a vulnerability severity level of the match.
show	Show configuration data for 'outcome'

configure authority idp-profile rule outcome action

Defines what action the system should take for the match.

Usage

configure authority idp-profile rule outcome action [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration (required)

A value from a set of predefined names.

Options:

• alert: Alert only.
• drop: Drop session.
• close-tcp-connection: Close TCP Connection.

configure authority idp-profile rule outcome severity

Modify a vulnerability severity level of the match.

Usage

configure authority idp-profile rule outcome severity [<idp-severity>]

Positional Arguments

name	description
idp-severity	The value to set for this field

Description

idp-severity (enumeration)

Severity levels for IDP rules.

Options:

• minor: Filter minor or higher vulnerabilities.
• major: Filter major or higher vulnerabilities.
• critical: Filter only critical vulnerabilities.

configure authority ipfix-collector

Configuration for IPFIX record export.

Usage

configure authority ipfix-collector <name>

Positional Arguments

name	description
name	A unique name for the collector.

Subcommands

command	description
delete	Delete configuration data
interim-record-interval	The time after which a new interim record will be generated if a flow still exists.
ip-address	The IP address or hostname of the collector.
name	A unique name for the collector.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port of the collector.
protocol	The transport protocol to be used when communicating with the collector.
resource-group	Associate this IPFIX collector with a top-level resource-group.
sampling-percentage	The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||
show	Show configuration data for 'ipfix-collector'
template-refresh-interval	The time between template retransmissions when using the UDP protocol.
tenant	The tenants whose records this collector should receive. An empty list indicates all tenants.

configure authority ipfix-collector interim-record-interval

The time after which a new interim record will be generated if a flow still exists.

Usage

configure authority ipfix-collector interim-record-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 120

uint32

An unsigned 32-bit integer.

Range: 60-1800

configure authority ipfix-collector ip-address

The IP address or hostname of the collector.

Usage

configure authority ipfix-collector ip-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority ipfix-collector name

A unique name for the collector.

Usage

configure authority ipfix-collector name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority ipfix-collector port

The port of the collector.

Usage

configure authority ipfix-collector port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

Default: 4739

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority ipfix-collector protocol

The transport protocol to be used when communicating with the collector.

Usage

configure authority ipfix-collector protocol [<ipfix-protocol>]

Positional Arguments

name	description
ipfix-protocol	The value to set for this field

Description

Default: tcp

ipfix-protocol (enumeration)

Transport (Layer 4) protocol.

Options:

• tcp: Transmission Control Protocol.
• udp: User Datagram Protocol.

configure authority ipfix-collector resource-group

Associate this IPFIX collector with a top-level resource-group.

Usage

configure authority ipfix-collector resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority ipfix-collector sampling-percentage

The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 ||

Usage

configure authority ipfix-collector sampling-percentage [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: dynamic

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) decimal64

A 64-bit decimal value.

Range: 0-100 Fraction digits: 16

(1) enumeration

A value from a set of predefined names.

Options:

• dynamic: Dynamically determine sampling based on data volume.

configure authority ipfix-collector template-refresh-interval

The time between template retransmissions when using the UDP protocol.

Usage

configure authority ipfix-collector template-refresh-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 60

uint32

An unsigned 32-bit integer.

Range: 60-1800

configure authority ipfix-collector tenant

The tenants whose records this collector should receive. An empty list indicates all tenants.

Usage

configure authority ipfix-collector tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	Value to add to this list

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority ipv4-option-filter

Configure Ipv 4 Option Filter

Subcommands

command	description
action	How packets containing option headers are treated when being processed.
delete	Delete configuration data
drop-exclusion	Option headers that will not cause the packet to be dropped when present.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ipv4-option-filter'

configure authority ipv4-option-filter action

How packets containing option headers are treated when being processed.

Usage

configure authority ipv4-option-filter action [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: allow-all

enumeration

A value from a set of predefined names.

Options:

• allow-all: Allow all packets that contain options headers.
• drop-all: Drop all packets that contain options headers except for those defined in the exclusion list.

configure authority ipv4-option-filter drop-exclusion

Option headers that will not cause the packet to be dropped when present.

Usage

configure authority ipv4-option-filter drop-exclusion [<uint8>]

Positional Arguments

name	description
uint8	Value to add to this list

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority ldap-server

LDAP Servers against which to authenticate user credentials.

Usage

configure authority ldap-server <name>

Positional Arguments

name	description
name	The name of the LDAP server.

Subcommands

command	description
address	The IP address or FQDN of the LDAP server.
auto-generate-filter	When enabled, the SSR will generate user-search-base and group-search-base LDAP filters.
bind-type	The type of binding to the LDAP server.
certificate-assurance	LDAP assurance level to apply on server certificates in a TLS session.
delete	Delete configuration data
distinguished-name	The distinguished name to use for binding to the server.
group-search-base	An optional group search LDAP filter to restrict searches for this attribute type.
name	The name of the LDAP server.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
password	The password to use for binding to the server.
port	Port to connect to LDAP server.
resource-group	Associate this LDAP server with a top-level resource-group.
search-base	The LDAP search base string.
server-type	The type of LDAP server.
show	Show configuration data for 'ldap-server'
user-search-base	An optional user search LDAP filter to restrict searches for this attribute type.

configure authority ldap-server address

The IP address or FQDN of the LDAP server.

Usage

configure authority ldap-server address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority ldap-server auto-generate-filter

When enabled, the SSR will generate user-search-base and group-search-base LDAP filters.

Usage

configure authority ldap-server auto-generate-filter [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority ldap-server bind-type

The type of binding to the LDAP server.

Usage

configure authority ldap-server bind-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: anonymous

enumeration

A value from a set of predefined names.

Options:

• anonymous: Bind to this server anonymously.
• unauthenticated: Bind to this server with a distinguished name only.
• password: Bind to this server with a distinguished name and password.

configure authority ldap-server certificate-assurance

LDAP assurance level to apply on server certificates in a TLS session.

Usage

configure authority ldap-server certificate-assurance [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: strong

enumeration

A value from a set of predefined names.

Options:

• weak: Do not request or check any server certificates.
• mild: Ignore invalid or missing certificates but check for hostname
• moderate: Terminate on invalid certificate but ignore missing certificates.
• strong: Terminate on invalid and missing certificates.

configure authority ldap-server distinguished-name

The distinguished name to use for binding to the server.

Usage

configure authority ldap-server distinguished-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server group-search-base

An optional group search LDAP filter to restrict searches for this attribute type.

Usage

configure authority ldap-server group-search-base [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server name

The name of the LDAP server.

Usage

configure authority ldap-server name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority ldap-server password

The password to use for binding to the server.

Usage

configure authority ldap-server password [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority ldap-server port

Port to connect to LDAP server.

Usage

configure authority ldap-server port [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: server-type-default

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

(1) enumeration

A value from a set of predefined names.

Options:

• server-type-default: Use the default based on server-type.

configure authority ldap-server resource-group

Associate this LDAP server with a top-level resource-group.

Usage

configure authority ldap-server resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority ldap-server search-base

The LDAP search base string.

Usage

configure authority ldap-server search-base [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

Length: 1-18446744073709551615

configure authority ldap-server server-type

The type of LDAP server.

Usage

configure authority ldap-server server-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: ldaps

enumeration

A value from a set of predefined names.

Options:

• starttls: Connect to this server using STARTTLS. Default port is 389.
• ldaps: Connect to this server via LDAPS. Default port is 636.
• global-catalog: Connect to this server as an Active Directory Global Catalog. Default port is 3269.

configure authority ldap-server user-search-base

An optional user search LDAP filter to restrict searches for this attribute type.

Usage

configure authority ldap-server user-search-base [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority management-service-generation

Configure Management Service Generation

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
service-policy	Service policy to be used instead of auto-generated service policy.
service-route-type	Strategy to generate service-routes for management services.
show	Show configuration data for 'management-service-generation'

configure authority management-service-generation service-policy

Service policy to be used instead of auto-generated service policy.

Usage

configure authority management-service-generation service-policy [<service-policy-ref>]

Positional Arguments

name	description
service-policy-ref	The value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority management-service-generation service-route-type

Strategy to generate service-routes for management services.

Usage

configure authority management-service-generation service-route-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: paths-as-next-hop

enumeration

A value from a set of predefined names.

Options:

• paths-as-next-hop: Generate paths on a node as next-hops
• paths-as-service-route: Generate paths on a node as service-route

configure authority metrics

Configuration for metrics collection.

Subcommands

command	description
application-policy-hit-count-tracking	Configure Application Policy Hit Count Tracking
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'metrics'

configure authority metrics application-policy-hit-count-tracking

Configure Application Policy Hit Count Tracking

Subcommands

command	description
delete	Delete configuration data
enabled	Enable/disable tracking of policy hit counts for applications
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'application-policy-hit-count-tracking'

configure authority metrics application-policy-hit-count-tracking enabled

Enable/disable tracking of policy hit counts for applications

Usage

configure authority metrics application-policy-hit-count-tracking enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority metrics-profile

A collection of metrics

Usage

configure authority metrics-profile <name>

Positional Arguments

name	description
name	The name of the profile

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
filter	A list of parameter values that should be included in the output.
metric	The ID of the metric as it exists in the REST API
name	The name of the profile
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'metrics-profile'

configure authority metrics-profile filter

A list of parameter values that should be included in the output.

Usage

configure authority metrics-profile filter <parameter>

Positional Arguments

name	description
parameter	The name of the parameter being referenced

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
parameter	The name of the parameter being referenced
show	Show configuration data for 'filter'
value	The values that should be included if matched

configure authority metrics-profile filter parameter

The name of the parameter being referenced

Usage

configure authority metrics-profile filter parameter [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority metrics-profile filter value

The values that should be included if matched

Usage

configure authority metrics-profile filter value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

configure authority metrics-profile metric

The ID of the metric as it exists in the REST API

Usage

configure authority metrics-profile metric <id>

Positional Arguments

name	description
id	The ID of the metric as it exists in the REST API

Subcommands

command	description
delete	Delete configuration data
description	A customizable description of this metric's purpose
id	The ID of the metric as it exists in the REST API
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'metric'

configure authority metrics-profile metric description

A customizable description of this metric's purpose

Usage

configure authority metrics-profile metric description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority metrics-profile metric id

The ID of the metric as it exists in the REST API

Usage

configure authority metrics-profile metric id [<metric-id>]

Positional Arguments

name	description
metric-id	The value to set for this field

Description

metric-id (string)

A string metric identifier based on the stats YANG path which only uses alphanumerics, dashes, and forward slashes.

Must contain only alphanumeric characters or any of the following: - /

configure authority metrics-profile name

The name of the profile

Usage

configure authority metrics-profile name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority name

The identifier for the Authority.

Usage

configure authority name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string) (required)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority password-policy

Password policy for user's passwords.

Subcommands

command	description
delete	Delete configuration data
deny	The number of failed login attempts before locking a user
lifetime	The lifetime of a user's password in days
minimum-length	The minimum length of user's password.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'password-policy'
unlock-time	The time a user account will remained locked after failing login attempts

configure authority password-policy deny

The number of failed login attempts before locking a user

Usage

configure authority password-policy deny [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 6

uint32

An unsigned 32-bit integer.

Range: 1-65535

configure authority password-policy lifetime

The lifetime of a user's password in days

Usage

configure authority password-policy lifetime [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: days

Default: 99999

uint32

An unsigned 32-bit integer.

Range: 1-99999

configure authority password-policy minimum-length

The minimum length of user's password.

Usage

configure authority password-policy minimum-length [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 9

uint32

An unsigned 32-bit integer.

Range: 8-65535

configure authority password-policy unlock-time

The time a user account will remained locked after failing login attempts

Usage

configure authority password-policy unlock-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 1800

uint32

An unsigned 32-bit integer.

configure authority pcli

Configure the PCLI.

Subcommands

command	description
alias	An alias is a custom PCLI command that executes another PCLI command and optionally filters the output.
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'pcli'

configure authority pcli alias

An alias is a custom PCLI command that executes another PCLI command and optionally filters the output.

Usage

configure authority pcli alias <path>

Positional Arguments

name	description
path	The space-delimited path to the alias. This will be the text that a user must enter to run the alias.

Subcommands

command	description
clone	Clone a list item
command	The PCLI command that the alias will run.
delete	Delete configuration data
description	A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
path	The space-delimited path to the alias. This will be the text that a user must enter to run the alias.
resource-group	Associate this PCLI alias with a top-level resource-group.
show	Show configuration data for 'alias'

configure authority pcli alias command

The PCLI command that the alias will run.

Usage

configure authority pcli alias command <path>

Positional Arguments

name	description
path	The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
path	The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).
show	Show configuration data for 'command'
table-filter	Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)

configure authority pcli alias command path

The PCLI command that the alias will run. This must be an existing PCLI command but may contain a pipe (|), output redirection (> or >>), input redirection (< or <<), or the question mark to get help (?).

Usage

configure authority pcli alias command path [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias command table-filter

Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.)

Usage

configure authority pcli alias command table-filter [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias description

A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text.

Usage

configure authority pcli alias description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias path

The space-delimited path to the alias. This will be the text that a user must enter to run the alias.

Usage

configure authority pcli alias path [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-18446744073709551615

configure authority pcli alias resource-group

Associate this PCLI alias with a top-level resource-group.

Usage

configure authority pcli alias resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority performance-monitoring-profile

A performance monitoring profile used to determine how often packets should be marked.

Usage

configure authority performance-monitoring-profile <name>

Positional Arguments

name	description
name	The name of the performance monitoring profile.

Subcommands

command	description
delete	Delete configuration data
interval-duration	Represents the duration of a packet marking interval in milliseconds.
marking-count	The number of packets to mark within a given interval.
monitor-only	Collect statistics without influencing packet processing features.
name	The name of the performance monitoring profile.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Associate this performance monitoring profile with a top-level resource-group.
show	Show configuration data for 'performance-monitoring-profile'

configure authority performance-monitoring-profile interval-duration

Represents the duration of a packet marking interval in milliseconds.

Usage

configure authority performance-monitoring-profile interval-duration [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 10000

uint32

An unsigned 32-bit integer.

Range: 100-3600000

configure authority performance-monitoring-profile marking-count

The number of packets to mark within a given interval.

Usage

configure authority performance-monitoring-profile marking-count [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: packets

Default: 100

uint16

An unsigned 16-bit integer.

Range: 1-32767

configure authority performance-monitoring-profile monitor-only

Collect statistics without influencing packet processing features.

Usage

configure authority performance-monitoring-profile monitor-only [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority performance-monitoring-profile name

The name of the performance monitoring profile.

Usage

configure authority performance-monitoring-profile name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority performance-monitoring-profile resource-group

Associate this performance monitoring profile with a top-level resource-group.

Usage

configure authority performance-monitoring-profile resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority radius-server

Radius Servers against which to authenticate user credentials.

Usage

configure authority radius-server <name>

Positional Arguments

name	description
name	The name of the Radius server.

Subcommands

command	description
account-creation	Control account creation behavior.
address	The IP address or FQDN of the Radius server.
delete	Delete configuration data
name	The name of the Radius server.
ocsp	Whether to check the revocation status of the Radius server's certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port number Radius server listens on.
protocol	Use TLS or UDP protocol to communicate with Radius server.
secret	The secret key to bind to the Radius server.
server-name	Hostname of the Radius server.
show	Show configuration data for 'radius-server'
timeout	Radius Request Timeout.

configure authority radius-server account-creation

Control account creation behavior.

Usage

configure authority radius-server account-creation [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: manual

enumeration

A value from a set of predefined names.

Options:

• manual: Accounts must be created locally on the Router or Conductor before a user can log in.
• automatic: Create accounts automatically on first time login. The Radius server must contain the Vendor Specific Attribute (VSA) 'Juniper-Local-User-Name' set to the role that the user will be assigned. The role must be prefixed with 'SSR-', so to assign the user the admin role the VSA key would be set to 'SSR-admin'.

configure authority radius-server address

The IP address or FQDN of the Radius server.

Usage

configure authority radius-server address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority radius-server name

The name of the Radius server.

Usage

configure authority radius-server name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority radius-server ocsp

Whether to check the revocation status of the Radius server's certificate.

Usage

configure authority radius-server ocsp [<ocsp>]

Positional Arguments

name	description
ocsp	The value to set for this field

Description

ocsp (enumeration)

Whether to check the revocation status of a server's certificate.

Options:

• strict: Require a successful OCSP check in order to establish a connection.
• off: Do not check revocation status of the server certificate.

configure authority radius-server port

The port number Radius server listens on.

Usage

configure authority radius-server port [<port-number>]

Positional Arguments

name	description
port-number	The value to set for this field

Description

Default: 1812

port-number (uint16)

The port-number type represents a 16-bit port number of an Internet transport layer protocol such as UDP, TCP, DCCP, or SCTP. Port numbers are assigned by IANA. A current list of all assignments is available from <http://www.iana.org/>.

Note that the port number value zero is reserved by IANA. In situations where the value zero does not make sense, it can be excluded by subtyping the port-number type.

In the value set and its semantics, this type is equivalent to the InetPortNumber textual convention of the SMIv2.

Range: 0-65535

configure authority radius-server protocol

Use TLS or UDP protocol to communicate with Radius server.

Usage

configure authority radius-server protocol [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: udp

enumeration

A value from a set of predefined names.

Options:

• udp: Use UDP protocol to communicate with Radius server.
• tls: Use TLS over TCP protocol to communicate with Radius server.

configure authority radius-server secret

The secret key to bind to the Radius server.

Usage

configure authority radius-server secret [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-255

configure authority radius-server server-name

Hostname of the Radius server.

Usage

configure authority radius-server server-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority radius-server timeout

Radius Request Timeout.

Usage

configure authority radius-server timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority rekey-interval

Hours between security key regeneration. Recommended value 24 hours.

Usage

configure authority rekey-interval [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Units: hours

Default: never

warning

&#x27;rekey-interval&#x27; is deprecated and will be removed in a future software version

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint32

An unsigned 32-bit integer.

Range: 1-720

(1) enumeration

A value from a set of predefined names.

Options:

• never: Never regenerate security keys

configure authority remote-login

Configure Remote Login

Subcommands

command	description
delete	Delete configuration data
enabled	Enable remote login from a Conductor to managed assets.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'remote-login'

configure authority remote-login enabled

Enable remote login from a Conductor to managed assets.

Usage

configure authority remote-login enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority resource-group

Collect objects into a management group.

Usage

configure authority resource-group <name>

Positional Arguments

name	description
name	The name of the resource group.

Subcommands

command	description
delete	Delete configuration data
description	A description about the resource-group.
name	The name of the resource group.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'resource-group'

configure authority resource-group description

A description about the resource-group.

Usage

configure authority resource-group description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority resource-group name

The name of the resource group.

Usage

configure authority resource-group name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must be the single character '*' OR Must contain only alphanumeric characters or any of the following: _ - Length: 1-63

configure authority router

The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies.

Usage

configure authority router <name>

Positional Arguments

name	description
name	An identifier for the router.

Subcommands

command	description
administrative-group	An identifier that associates this router with an administrative group.
application-identification	Configure Application Identification
bfd	BFD parameters for sessions between nodes within the router.
certificate-revocations	Configure Certificate Revocations
clone	Clone a list item
conductor-address	IP address or FQDN of the conductor
delete	Delete configuration data
description	A human-readable string that allows administrators to describe this configuration.
dhcp-server-generated-address-pool	The address pool for KNI network-interfaces generated for dhcp-servers.
district-settings	Per-district settings for the router.
dns-config	Configure Dns Config
entitlement	Project configuration for entitlement reporting.
half-open-connection-limit	A limit on half-open TCP sessions.
icmp-probe-profile	Profile for active ICMP probes for reachability-detection enforcement
idp	Advanced IDP configuration.
inter-node-security	The name of the security policy used for inter node communication between router interfaces
key-exchange-algorithm-override	Key exchange algorithm selection for security key management for the router.
location	A descriptive location for this SSR.
location-coordinates	The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/
maintenance-mode	When enabled, the router will be in maintenance mode and alarms related to this router will be shelved.
management-proxy	Settings to enable forwarding of SSR management traffic to a proxy
management-service-generation	Configure Management Service Generation
max-inter-node-way-points	Maximum number of way points to be allocated on inter-node path.
ml-kem-keygen-priority	Priority for ML-KEM key generation with peers. Higher values indicate higher priority.
name	An identifier for the router.
nat-pool	A pool of shared NAT ports.
node	List of one or two SSR software instances, comprising an SSR.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
path-mtu-discovery	Automatic path MTU discovery between nodes within the router.
peer	Defines the properties associated with peer SSRs. The peer may be another router in the same authority or a router in a different authority
peering-common-name	The identifier to use with enhanced-security-key-management.
rate-limit-policy	Configuration for rate limiting policy for all associated service traffic across all interfaces on a given node, when configured within a service-class.
reachability-profile	Defines a traffic profile for reachability-detection enforcement
redundancy-group	A group of redundant interfaces which will fail over together if one goes down for any reason.
resource-group	Associate this router with a top-level resource-group.
reverse-flow-enforcement	When to enforce biflow reverse fib entry check
reverse-packet-session-resiliency	Parameters for setting session failover behavior without presence of forward traffic.
router-group	Logical group of routers for filtering services.
routing	A router-level container for all of the routing policies associated with a given SSR deployment. Each routing element may have one and only one routing-instance.
service-area-alarm-threshold-profile	Service Area Alarm Threshold Profile configuration
service-route	Defines a route for a service or an instance of a service (server or service agent).
service-route-policy	Used to define the properties of service routes. These capabilities influence route selection when determining the optimal path for establishing new sessions.
session-records	Configure Session Records
show	Show configuration data for 'router'
static-hostname-mapping	Map hostnames to ip-address resolutions. These entries will be put in /etc/hosts. This will prevent DNS requests from being sent for these hostnames.
system	System group configuration. Lets administrators configure system-wide properties for their SSR deployment.
udp-transform	UDP transform settings for interoperating with stateful TCP firewalls for nodes within the router.

configure authority router administrative-group

An identifier that associates this router with an administrative group.

Usage

configure authority router administrative-group [<name-id>]

Positional Arguments

name	description
name-id	Value to add to this list

Description

warning

administrative-group is deprecated and will be removed in a future software version

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router application-identification

Configure Application Identification

Subcommands

command	description
application-director-cache-max-capacity	The maximum capacity for caching application-director requests
auto-update	Automatic updating of application data
delete	Delete configuration data
max-capacity	The maximum capacity for resolved next-hops under a client
mode	Application learning modes.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
per-app-metrics	Enable per app classification metrics
show	Show configuration data for 'application-identification'
summary-corruption-upload-interval	A corruption event will be reported at most once every interval. Zero disables all uploads.
summary-retention	Configure Summary Retention
summary-tracking	Enable session stats tracking by applications
use-application-director-in-memory-db	Use in-memory db
web-filtering	Enhanced application identification with URL based filtering
write-interval	Interval to define how often analytics are calculated

configure authority router application-identification application-director-cache-max-capacity

The maximum capacity for caching application-director requests

Usage

configure authority router application-identification application-director-cache-max-capacity [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Default: 10000

uint64

An unsigned 64-bit integer.

configure authority router application-identification auto-update

Automatic updating of application data

Subcommands

command	description
day-of-week	The day of the week to perform updates
delete	Delete configuration data
enabled	Enable updates
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'auto-update'
update-frequency	How often to attempt to update
update-jitter	The max random jitter applied to the update time
update-time	The hour of the day on the local system to fetch

configure authority router application-identification auto-update day-of-week

The day of the week to perform updates

Usage

configure authority router application-identification auto-update day-of-week [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• sun: Download each Sunday
• mon: Download each Monday
• tue: Download each Tuesday
• wed: Download each Wednesday
• thu: Download each Thursday
• fri: Download each Friday
• sat: Download each Saturday

configure authority router application-identification auto-update enabled

Enable updates

Usage

configure authority router application-identification auto-update enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification auto-update update-frequency

How often to attempt to update

Usage

configure authority router application-identification auto-update update-frequency [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: weekly

enumeration

A value from a set of predefined names.

Options:

• daily: Download each day
• weekly: Download each week
• monthly: Download each month

configure authority router application-identification auto-update update-jitter

The max random jitter applied to the update time

Usage

configure authority router application-identification auto-update update-jitter [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 15

uint8

An unsigned 8-bit integer.

Range: 0-30

configure authority router application-identification auto-update update-time

The hour of the day on the local system to fetch

Usage

configure authority router application-identification auto-update update-time [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 0-23

configure authority router application-identification max-capacity

The maximum capacity for resolved next-hops under a client

Usage

configure authority router application-identification max-capacity [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Default: 10000

uint64

An unsigned 64-bit integer.

configure authority router application-identification mode

Application learning modes.

Usage

configure authority router application-identification mode [<enumeration>]

Positional Arguments

name	description
enumeration	Value to add to this list

Description

enumeration

A value from a set of predefined names.

Options:

• module: Learn application via modules.
• tls: Learn application via TLS server name parsing.
• http: Learn application via HTTP host name parsing.
• all: Learn application via any available techniques.

configure authority router application-identification per-app-metrics

Enable per app classification metrics

Usage

configure authority router application-identification per-app-metrics [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification summary-corruption-upload-interval

A corruption event will be reported at most once every interval. Zero disables all uploads.

Usage

configure authority router application-identification summary-corruption-upload-interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 15m

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router application-identification summary-retention

Configure Summary Retention

Subcommands

command	description
delete	Delete configuration data
duration	How long the AppID documents should be stored
enabled	Enable persistence of app summary to the DB for UI and other uses
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'summary-retention'

configure authority router application-identification summary-retention duration

How long the AppID documents should be stored

Usage

configure authority router application-identification summary-retention duration [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 24h

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router application-identification summary-retention enabled

Enable persistence of app summary to the DB for UI and other uses

Usage

configure authority router application-identification summary-retention enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification summary-tracking

Enable session stats tracking by applications

Usage

configure authority router application-identification summary-tracking [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router application-identification use-application-director-in-memory-db

Use in-memory db

Usage

configure authority router application-identification use-application-director-in-memory-db [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router application-identification web-filtering

Enhanced application identification with URL based filtering

Subcommands

command	description
classify-session	Configure Classify Session
delete	Delete configuration data
enabled	Whether web filtering should be enabled
max-retransmission-attempts-before-allow	Maximum number of retransmission packet attempts having a category cache miss before allowing session to continue
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'web-filtering'

configure authority router application-identification web-filtering classify-session

Configure Classify Session

Subcommands

command	description
delete	Delete configuration data
max-cache-size	The maximum size for the in-memory cache that stores url data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
retries	The maximum retries for client to request for classifying the session
show	Show configuration data for 'classify-session'
timeout	Maximum time in seconds that can be taken for classifying the session

configure authority router application-identification web-filtering classify-session max-cache-size

The maximum size for the in-memory cache that stores url data

Usage

configure authority router application-identification web-filtering classify-session max-cache-size [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 1-500000

configure authority router application-identification web-filtering classify-session retries

The maximum retries for client to request for classifying the session

Usage

configure authority router application-identification web-filtering classify-session retries [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-50

configure authority router application-identification web-filtering classify-session timeout

Maximum time in seconds that can be taken for classifying the session

Usage

configure authority router application-identification web-filtering classify-session timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-1000

configure authority router application-identification web-filtering enabled

Whether web filtering should be enabled

Usage

configure authority router application-identification web-filtering enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router application-identification web-filtering max-retransmission-attempts-before-allow

Maximum number of retransmission packet attempts having a category cache miss before allowing session to continue

Usage

configure authority router application-identification web-filtering max-retransmission-attempts-before-allow [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 4

uint8

An unsigned 8-bit integer.

Range: 1-100

configure authority router application-identification write-interval

Interval to define how often analytics are calculated

Usage

configure authority router application-identification write-interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 1m

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router bfd

BFD parameters for sessions between nodes within the router.

Subcommands

command	description
authentication-type	Describes the authentication type used in BFD packets
delete	Delete configuration data
desired-tx-interval	Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
dscp	The DSCP value to use with BFD packets.
dynamic-damping	When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
hold-down-time	Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
link-test-interval	This represents the interval between BFD echo tests sent to the peer node/router.
link-test-length	This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
maximum-hold-down-time	Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
multiplier	Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'
state	When enabled, run BFD between all nodes within the router.

configure authority router bfd authentication-type

Describes the authentication type used in BFD packets

Usage

configure authority router bfd authentication-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: sha256

enumeration

A value from a set of predefined names.

Options:

• simple: Simple Password.
• sha256: SHA256

configure authority router bfd desired-tx-interval

Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.

Usage

configure authority router bfd desired-tx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 50-600000

configure authority router bfd dscp

The DSCP value to use with BFD packets.

Usage

configure authority router bfd dscp [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

Default: 0

dscp (uint8)

A DSCP value (0-63)

Range: 0-63

configure authority router bfd dynamic-damping

When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.

Usage

configure authority router bfd dynamic-damping [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• enabled: Extend hold-down time exponentially if link flaps occur during hold-down time.
• disabled: Use simple hold-down timer for every link up event.

configure authority router bfd hold-down-time

Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.

Usage

configure authority router bfd hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-300

configure authority router bfd link-test-interval

This represents the interval between BFD echo tests sent to the peer node/router.

Usage

configure authority router bfd link-test-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router bfd link-test-length

This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.

Usage

configure authority router bfd link-test-length [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 10

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router bfd maximum-hold-down-time

Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.

Usage

configure authority router bfd maximum-hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router bfd multiplier

Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).

Usage

configure authority router bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router bfd required-min-rx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

configure authority router bfd state

When enabled, run BFD between all nodes within the router.

Usage

configure authority router bfd state [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: enabled

enumeration

A value from a set of predefined names.

Options:

• enabled: BFD is enabled on all nodes of this router.
• disabled: BFD is disabled on all nodes of this router.

configure authority router certificate-revocations

Configure Certificate Revocations

Usage

configure authority router certificate-revocations [<certificate-revocation-ref>]

Positional Arguments

name	description
certificate-revocation-ref	The value to set for this field

Description

certificate-revocation-ref (leafref)

This type is used by other entities that need to reference configured client revocation.

configure authority router conductor-address

IP address or FQDN of the conductor

Usage

configure authority router conductor-address [<host>]

Positional Arguments

name	description
host	Value to add to this list

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router description

A human-readable string that allows administrators to describe this configuration.

Usage

configure authority router description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router dhcp-server-generated-address-pool

The address pool for KNI network-interfaces generated for dhcp-servers.

Usage

configure authority router dhcp-server-generated-address-pool [<ipv4-prefix>]

Positional Arguments

name	description
ipv4-prefix	The value to set for this field

Description

Default: 169.254.130.0/24

ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

configure authority router district-settings

Per-district settings for the router.

Usage

configure authority router district-settings <district-name>

Positional Arguments

name	description
district-name	Name of the district.

Subcommands

command	description
delete	Delete configuration data
district-name	Name of the district.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'district-settings'
step-peer-path-sla-metrics-advertisement	STEP advertisement settings for peer path SLA metrics.

configure authority router district-settings district-name

Name of the district.

Usage

configure authority router district-settings district-name [<district-name>]

Positional Arguments

name	description
district-name	The value to set for this field

Description

district-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router district-settings step-peer-path-sla-metrics-advertisement

STEP advertisement settings for peer path SLA metrics.

Subcommands

command	description
delete	Delete configuration data
minimum-update-interval	Minimum (burst) interval in between updating peer path SLA metric values advertised in STEP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'step-peer-path-sla-metrics-advertisement'
update-burst-size	Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval.
update-rate-limit	Rate limit interval in between updating peer path SLA metric values advertised in STEP

configure authority router district-settings step-peer-path-sla-metrics-advertisement minimum-update-interval

Minimum (burst) interval in between updating peer path SLA metric values advertised in STEP

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement minimum-update-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 0-86400

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size

Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval.

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 1-100

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit

Rate limit interval in between updating peer path SLA metric values advertised in STEP

Usage

configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 180

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router dns-config

Configure Dns Config

Usage

configure authority router dns-config <mode>

Positional Arguments

name	description
mode	Mode of DNS server configuration.

Subcommands

command	description
address	Address of servers to use for DNS queries.
delete	Delete configuration data
mode	Mode of DNS server configuration.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dns-config'

configure authority router dns-config address

Address of servers to use for DNS queries.

Usage

configure authority router dns-config address [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router dns-config mode

Mode of DNS server configuration.

Usage

configure authority router dns-config mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• static: Static list of DNS nameservers
• automatic: Populate DNS nameservers from learned sources

configure authority router entitlement

Project configuration for entitlement reporting.

Subcommands

command	description
delete	Delete configuration data
description	A description of the project.
id	Project identifier.
max-bandwidth	Purchased bandwidth for the project.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'entitlement'

configure authority router entitlement description

A description of the project.

Usage

configure authority router entitlement description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router entitlement id

Project identifier.

Usage

configure authority router entitlement id [<entitlement-project-id>]

Positional Arguments

name	description
entitlement-project-id	The value to set for this field

Description

Default: trial

entitlement-project-id (string)

Indicates that an enclosing leaf represents the project ID for entitlement.

configure authority router entitlement max-bandwidth

Purchased bandwidth for the project.

Usage

configure authority router entitlement max-bandwidth [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

Default: 0

uint64

An unsigned 64-bit integer.

configure authority router half-open-connection-limit

A limit on half-open TCP sessions.

Usage

configure authority router half-open-connection-limit [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: unlimited

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint32

An unsigned 32-bit integer.

Range: 100-4294967295

(1) enumeration

A value from a set of predefined names.

Options:

• unlimited: No limit on this value

configure authority router icmp-probe-profile

Profile for active ICMP probes for reachability-detection enforcement

Usage

configure authority router icmp-probe-profile <name>

Positional Arguments

name	description
name	Name of the ICMP probe profile

Subcommands

command	description
delete	Delete configuration data
name	Name of the ICMP probe profile
number-of-attempts	Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
probe-address	Address to send ICMP ping requests to
probe-duration	Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval
probe-failure-trigger	Control how failure to ping probe-addresses impacts state.
probe-interval	Duration of how often to perform a link test to the destination
show	Show configuration data for 'icmp-probe-profile'
sla-metrics	SLA-metrics requirements for ICMP ping

configure authority router icmp-probe-profile name

Name of the ICMP probe profile

Usage

configure authority router icmp-probe-profile name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router icmp-probe-profile number-of-attempts

Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable

Usage

configure authority router icmp-probe-profile number-of-attempts [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 4

uint8

An unsigned 8-bit integer.

Range: 1-20

configure authority router icmp-probe-profile probe-address

Address to send ICMP ping requests to

Usage

configure authority router icmp-probe-profile probe-address [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router icmp-probe-profile probe-duration

Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval

Usage

configure authority router icmp-probe-profile probe-duration [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 1

uint8

An unsigned 8-bit integer.

Range: 1-10

configure authority router icmp-probe-profile probe-failure-trigger

Control how failure to ping probe-addresses impacts state.

Usage

configure authority router icmp-probe-profile probe-failure-trigger [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: any

enumeration

A value from a set of predefined names.

Options:

• any: Failure to ping any probe-address brings state down.
• all: Failure to ping all probe-addresses brings state down.

configure authority router icmp-probe-profile probe-interval

Duration of how often to perform a link test to the destination

Usage

configure authority router icmp-probe-profile probe-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-3600

configure authority router icmp-probe-profile sla-metrics

SLA-metrics requirements for ICMP ping

Subcommands

command	description
delete	Delete configuration data
latency	Configure Latency
max-loss	The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'sla-metrics'

configure authority router icmp-probe-profile sla-metrics latency

Configure Latency

Subcommands

command	description
delete	Delete configuration data
max	Maximum acceptable latency based on the ping test
mean	The maximum acceptable mean latency based on the ping test
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'latency'

configure authority router icmp-probe-profile sla-metrics latency max

Maximum acceptable latency based on the ping test

Usage

configure authority router icmp-probe-profile sla-metrics latency max [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 250

uint32

An unsigned 32-bit integer.

configure authority router icmp-probe-profile sla-metrics latency mean

The maximum acceptable mean latency based on the ping test

Usage

configure authority router icmp-probe-profile sla-metrics latency mean [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 100

uint32

An unsigned 32-bit integer.

configure authority router icmp-probe-profile sla-metrics max-loss

The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response

Usage

configure authority router icmp-probe-profile sla-metrics max-loss [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 10

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router idp

Advanced IDP configuration.

Subcommands

command	description
bypass-enabled	IDP config to enable/disable bypass
delete	Delete configuration data
mode	IDP config management mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'idp'

configure authority router idp bypass-enabled

IDP config to enable/disable bypass

Usage

configure authority router idp bypass-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router idp mode

IDP config management mode

Usage

configure authority router idp mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• auto: Automatically toggle IDP based on idp-policies
• disabled: Disable IDP
• spoke: Enable spoke mode for IDP
• hub: Enable hub mode for IDP

configure authority router inter-node-security

The name of the security policy used for inter node communication between router interfaces

Usage

configure authority router inter-node-security [<security-ref>]

Positional Arguments

name	description
security-ref	The value to set for this field

Description

security-ref (leafref) (required)

This type is used by other entities that need to reference configured security policies.

configure authority router key-exchange-algorithm-override

Key exchange algorithm selection for security key management for the router.

Subcommands

command	description
delete	Delete configuration data
diffie-hellman	Diffie-Hellman algorithm.
diffie-hellman-ml-kem	Diffie-Hellman and ML-KEM hybrid algorithm.
ml-kem	ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'key-exchange-algorithm-override'

configure authority router key-exchange-algorithm-override diffie-hellman

Diffie-Hellman algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman'

configure authority router key-exchange-algorithm-override diffie-hellman dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority router key-exchange-algorithm-override diffie-hellman dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem

Diffie-Hellman and ML-KEM hybrid algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman-ml-kem'

configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority router key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority router key-exchange-algorithm-override ml-kem

ML-KEM algorithm.

Subcommands

command	description
delete	Delete configuration data
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ml-kem'

configure authority router key-exchange-algorithm-override ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority router key-exchange-algorithm-override ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority router location

A descriptive location for this SSR.

Usage

configure authority router location [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router location-coordinates

The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/

Usage

configure authority router location-coordinates [<geolocation>]

Positional Arguments

name	description
geolocation	The value to set for this field

Description

geolocation (string)

Geolocation in ISO 6709 format.

Must be a geographic coordinate in ISO-6709 format. Example: +50.1-074.1/

configure authority router maintenance-mode

When enabled, the router will be in maintenance mode and alarms related to this router will be shelved.

Usage

configure authority router maintenance-mode [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router management-proxy

Settings to enable forwarding of SSR management traffic to a proxy

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
proxy	Configure Proxy
show	Show configuration data for 'management-proxy'

configure authority router management-proxy mode

Configure Mode

Usage

configure authority router management-proxy mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• learned:
• disabled:
• static:

configure authority router management-proxy proxy

Configure Proxy

Usage

configure authority router management-proxy proxy <address>

Positional Arguments

name	description
address	Configure Address

Subcommands

command	description
address	Configure Address
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	Configure Port
show	Show configuration data for 'proxy'

configure authority router management-proxy proxy address

Configure Address

Usage

configure authority router management-proxy proxy address [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority router management-proxy proxy port

Configure Port

Usage

configure authority router management-proxy proxy port [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16 (required)

An unsigned 16-bit integer.

Range: 1-65535

configure authority router management-service-generation

Configure Management Service Generation

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
proxy	Enable/disable proxy of public to private conductor addresses
service-policy	Service policy to be used instead of auto-generated service policy.
service-route-type	Strategy to generate service-routes for management services.
show	Show configuration data for 'management-service-generation'

configure authority router management-service-generation proxy

Enable/disable proxy of public to private conductor addresses

Usage

configure authority router management-service-generation proxy [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router management-service-generation service-policy

Service policy to be used instead of auto-generated service policy.

Usage

configure authority router management-service-generation service-policy [<service-policy-ref>]

Positional Arguments

name	description
service-policy-ref	The value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority router management-service-generation service-route-type

Strategy to generate service-routes for management services.

Usage

configure authority router management-service-generation service-route-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: paths-as-next-hop

enumeration

A value from a set of predefined names.

Options:

• paths-as-next-hop: Generate paths on a node as next-hops
• paths-as-service-route: Generate paths on a node as service-route

configure authority router max-inter-node-way-points

Maximum number of way points to be allocated on inter-node path.

Usage

configure authority router max-inter-node-way-points [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 50000

warning

a restart is required if max-inter-node-way-points is created, modified, or deleted

uint32

An unsigned 32-bit integer.

Range: 50000-1000000

configure authority router ml-kem-keygen-priority

Priority for ML-KEM key generation with peers. Higher values indicate higher priority.

Usage

configure authority router ml-kem-keygen-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority router name

An identifier for the router.

Usage

configure authority router name [<reserved-name-id>]

Positional Arguments

name	description
reserved-name-id	The value to set for this field

Description

warning

a restart is required if name is created or deleted

reserved-name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters, and cannot be the words 'all', 'any', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router nat-pool

A pool of shared NAT ports.

Usage

configure authority router nat-pool <name>

Positional Arguments

name	description
name	An identifier for the NAT Pool.

Subcommands

command	description
address-pool	Defines the NAT prefix and ports in the pool.
applies-to-local-breakout	Whether the nat pool applies to local breakout sessions.
clone	Clone a list item
delete	Delete configuration data
move	Move list items
name	An identifier for the NAT Pool.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nat-pool'

configure authority router nat-pool address-pool

Defines the NAT prefix and ports in the pool.

Usage

configure authority router nat-pool address-pool <address>

Positional Arguments

name	description
address	IP Prefix for the pool of NAT ports.

Subcommands

command	description
address	IP Prefix for the pool of NAT ports.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pool-type	Type of NAT pool
show	Show configuration data for 'address-pool'
tenant-name	Tenant for which this nat pool is applied

Description

The order of elements matters.

configure authority router nat-pool address-pool address

IP Prefix for the pool of NAT ports.

Usage

configure authority router nat-pool address-pool address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router nat-pool address-pool pool-type

Type of NAT pool

Usage

configure authority router nat-pool address-pool pool-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: static

enumeration

A value from a set of predefined names.

Options:

• static: Static IP assignment per endpoint
• dynamic: Dynamic IP port assignment per session

configure authority router nat-pool address-pool tenant-name

Tenant for which this nat pool is applied

Usage

configure authority router nat-pool address-pool tenant-name [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	Value to add to this list

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router nat-pool applies-to-local-breakout

Whether the nat pool applies to local breakout sessions.

Usage

configure authority router nat-pool applies-to-local-breakout [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router nat-pool name

An identifier for the NAT Pool.

Usage

configure authority router nat-pool name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node

List of one or two SSR software instances, comprising an SSR.

Usage

configure authority router node <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file.

Subcommands

command	description
anti-virus	Configure Anti Virus
asset-id	A unique identifier of an SSR node used for automated provisioning
asset-validation-enabled	Validate that the asset is suitable to run SSR.
clone	Clone a list item
delete	Delete configuration data
description	A description about the node.
device-interface	List of physical or virtual interfaces in the node.
enabled	Enable/disable the whole node.
forwarding-core-count	The number of CPU cores to dedicate to traffic forwarding when using 'manual' forwarding core mode.
forwarding-core-mode	The method by which the number of CPU cores dedicated to traffic forwarding should be determined.
idp	Configure Idp
ipfix	Node specific IPFIX configuration
location	A text description of the node's physical location.
loopback-address	The loopback IP address to use for management traffic originating on this node when routed via SVR.
name	An arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
platform-type	The platform type of the SSR node.
port-forwarding	Configuration for establishing local port-forwarding to remote server.
power-saver	Allow the traffic forwarding cores to sleep when there is no traffic to process
radius	Radius authentication parameters for this node.
reachability-detection	Layer 2 reachability detection
recovery-mode-enabled	Allow booting from USB storage devices.
reset-button-enabled	Enable the reset button for restarting or factory resetting.
role	The node's role in the SSR system.
secure-conductor-onboarding	Configure Secure Conductor Onboarding
serial-console-enabled	Enable serial console.
session-processor-count	The number of threads to use for session processing when using 'manual' session-processor mode.
session-processor-mode	The method by which the number of threads used for session processing should be determined.
session-setup-scaling	Whether or not to enable session setup scaling.
show	Show configuration data for 'node'
ssh-keepalive	Configure Ssh Keepalive
ssh-settings	Configure Ssh Settings
top-sessions	Views of top sessions by an ordering criteria.
usb-mass-storage-enabled	Allow mounting of USB mass-storage devices.

configure authority router node anti-virus

Configure Anti Virus

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
server-domain	Server domain for anti-virus
show	Show configuration data for 'anti-virus'

configure authority router node anti-virus server-domain

Server domain for anti-virus

Usage

configure authority router node anti-virus server-domain [<domain-name>]

Positional Arguments

name	description
domain-name	The value to set for this field

Description

domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node asset-id

A unique identifier of an SSR node used for automated provisioning

Usage

configure authority router node asset-id [<asset-id>]

Positional Arguments

name	description
asset-id	The value to set for this field

Description

asset-id (string)

A unique identifier of an SSR node.

Must not contain repeating, leading, or ending '_' character

configure authority router node asset-validation-enabled

Validate that the asset is suitable to run SSR.

Usage

configure authority router node asset-validation-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node description

A description about the node.

Usage

configure authority router node description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface

List of physical or virtual interfaces in the node.

Usage

configure authority router node device-interface <name>

Positional Arguments

name	description
name	A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.

Subcommands

command	description
bond-settings	Configure Bond Settings
bridge-name	An optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated
capture-filter	Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax.
clone	Clone a list item
delete	Delete configuration data
description	A description of the device-interface.
enabled	Whether this interface is administratively enabled.
fec-mode	Forward Error Correction (FEC) mode for the Ethernet link
forwarding	Whether this interface is used for forwarding traffic.
interface-name	The interface name associated with the OS network device.
link-settings	Ethernet link settings on the interface
lldp	Link Layer Description Protocol settings
load-balancing	Configure Load Balancing
lte	Configure Lte
name	A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.
network-interface	List of network interfaces for the device-interface.
network-namespace	The network namespace in which this network interface will be located
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
parent-bond	The bond type interface that this interface is grouped with.
pci-address	The PCI address of the device. Only relevant if type is ethernet.
pppoe	Configure Pppoe
promiscuous-mode	Enables promiscuous mode on the interface.
q-in-q	Enables Q-in-Q encapsulation
reinsert-vlan	Enables reinsertion of NIC-stripped VLAN on ingress packets, on supported devices.
session-optimization	Configure Session Optimization
shared-phys-address	Virtual MAC address for interface redundancy.
show	Show configuration data for 'device-interface'
sriov-vlan-filter	Enables VLAN filtering on supported SR-IOV devices.
strip-vlan	Enables VLAN stripping on ingress packets on supported devices.
target-interface	Specifies the name of an external interface to be automatically bridged to a logical interface.
traffic-engineering	Configure Traffic Engineering
type	Type of interface.
vmbus-uuid	The VMBus UUID of the network device. Hyper-V Environment only. Only relevant if type is ethernet.
vrrp	Parameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP).

configure authority router node device-interface bond-settings

Configure Bond Settings

Subcommands

command	description
delete	Delete configuration data
force-up	Force up when not receiving partner LACP PDUs.
force-up-timeout	Number of seconds before switching to force-up LACP mode.
lacp-enable	Use 802.3ad LACP protocol for the Bond.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'bond-settings'

configure authority router node device-interface bond-settings force-up

Force up when not receiving partner LACP PDUs.

Usage

configure authority router node device-interface bond-settings force-up [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface bond-settings force-up-timeout

Number of seconds before switching to force-up LACP mode.

Usage

configure authority router node device-interface bond-settings force-up-timeout [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 90

uint8

An unsigned 8-bit integer.

Range: 1-100

configure authority router node device-interface bond-settings lacp-enable

Use 802.3ad LACP protocol for the Bond.

Usage

configure authority router node device-interface bond-settings lacp-enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface bridge-name

An optional bridge name to be used for the bridging the kni and target interfaces. If no name is specified, one will be auto-generated

Usage

configure authority router node device-interface bridge-name [<bridge-name>]

Positional Arguments

name	description
bridge-name	The value to set for this field

Description

bridge-name (string)

A string identifier for bridge-name which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters.

Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - Length: 0-15

configure authority router node device-interface capture-filter

Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax.

Usage

configure authority router node device-interface capture-filter [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

configure authority router node device-interface description

A description of the device-interface.

Usage

configure authority router node device-interface description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface enabled

Whether this interface is administratively enabled.

Usage

configure authority router node device-interface enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface fec-mode

Forward Error Correction (FEC) mode for the Ethernet link

Usage

configure authority router node device-interface fec-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• auto: Enable automatic FEC mode negotiation
• baser: Enable BASE-R FEC mode
• rs: Enable Reed-Solomon FEC mode
• none: Disable FEC

configure authority router node device-interface forwarding

Whether this interface is used for forwarding traffic.

Usage

configure authority router node device-interface forwarding [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface interface-name

The interface name associated with the OS network device.

Usage

configure authority router node device-interface interface-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface link-settings

Ethernet link settings on the interface

Usage

configure authority router node device-interface link-settings [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• auto: Use auto-negotation for the Ethernet link
• 10Mbps-half: Force the Ethernet link to 10 Mbps half duplex
• 10Mbps-full: Force the Ethernet link to 10 Mbps full duplex
• 100Mbps-half: Force the Ethernet link to 100 Mbps half duplex
• 100Mbps-full: Force the Ethernet link to 100 Mbps full duplex

configure authority router node device-interface lldp

Link Layer Description Protocol settings

Subcommands

command	description
advertisement-interval	The frequency of sending LLDP advertisements.
delete	Delete configuration data
enabled	Whether or not LLDP sending and receiving is enabled on this device.
hold-multiplier	The multiplier to apply to the advertisement-interval when setting the LLDP TTL.
mode	The mode in which LLDP operates on the interface
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'lldp'

configure authority router node device-interface lldp advertisement-interval

The frequency of sending LLDP advertisements.

Usage

configure authority router node device-interface lldp advertisement-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 120

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface lldp enabled

Whether or not LLDP sending and receiving is enabled on this device.

Usage

configure authority router node device-interface lldp enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface lldp hold-multiplier

The multiplier to apply to the advertisement-interval when setting the LLDP TTL.

Usage

configure authority router node device-interface lldp hold-multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 4

uint8

An unsigned 8-bit integer.

Range: 2-10

configure authority router node device-interface lldp mode

The mode in which LLDP operates on the interface

Usage

configure authority router node device-interface lldp mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

warning

mode is deprecated and will be removed in a future software version

enumeration

A value from a set of predefined names.

Options:

• disabled: Disable LLDP
• receive-only: Receive and process incoming LLDP packets
• enabled: Enable sending and receiving LLDP packets

configure authority router node device-interface load-balancing

Configure Load Balancing

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'load-balancing'
utilization-high-water-mark	Percentage of allowed bandwidth utilization above which this interface will no longer be considered for load balancing.
utilization-low-water-mark	Percentage of allowed bandwidth utilization below which this interface will be reconsidered for load balancing.

configure authority router node device-interface load-balancing utilization-high-water-mark

Percentage of allowed bandwidth utilization above which this interface will no longer be considered for load balancing.

Usage

configure authority router node device-interface load-balancing utilization-high-water-mark [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 100

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface load-balancing utilization-low-water-mark

Percentage of allowed bandwidth utilization below which this interface will be reconsidered for load balancing.

Usage

configure authority router node device-interface load-balancing utilization-low-water-mark [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 80

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface lte

Configure Lte

Subcommands

command	description
apn-name	Name of the access point to connect to the LTE network.
authentication	Configure Authentication
carrier-image	Name of the carrier-image to load the SIM card with.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'lte'

configure authority router node device-interface lte apn-name

Name of the access point to connect to the LTE network.

Usage

configure authority router node device-interface lte apn-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

configure authority router node device-interface lte authentication

Configure Authentication

Subcommands

command	description
authentication-protocol	Authentication protocol used to authenticate the user.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
password	Password required to connect to the LTE network.
show	Show configuration data for 'authentication'
user-name	Username required to connect to the LTE network.

configure authority router node device-interface lte authentication authentication-protocol

Authentication protocol used to authenticate the user.

Usage

configure authority router node device-interface lte authentication authentication-protocol [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration (required)

A value from a set of predefined names.

Options:

• chap: Challenge-Handshake Authentication Protocol.
• pap: Password Authentication Protocol.

configure authority router node device-interface lte authentication password

Password required to connect to the LTE network.

Usage

configure authority router node device-interface lte authentication password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string) (required)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router node device-interface lte authentication user-name

Username required to connect to the LTE network.

Usage

configure authority router node device-interface lte authentication user-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

configure authority router node device-interface lte carrier-image

Name of the carrier-image to load the SIM card with.

Usage

configure authority router node device-interface lte carrier-image [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: none

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) enumeration

A value from a set of predefined names.

Options:

• none: Leave the current image alone.
• auto: Automatically set the image to match the carrier network.

(1) string

A text value.

configure authority router node device-interface name

A unique name identifier for the physical or virtual interface, used to reference it in other configuration sections and show commands.

Usage

configure authority router node device-interface name [<device-name>]

Positional Arguments

name	description
device-name	The value to set for this field

Description

device-name (string)

A string identifier for device-interface which only uses alphanumerics, underscores, dashes, or slashes, and cannot exceed 12 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-12

configure authority router node device-interface network-interface

List of network interfaces for the device-interface.

Usage

configure authority router node device-interface network-interface <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the interface, used to reference it in other configuration sections.

Subcommands

command	description
address	The list of IP addresses (along with subnet prefix length) on the interface.
adjacency	A list of adjacent routers.
bidirectional-nat	Defines the prefixes that need to be static natted in both directions.
billing-rate	Numeric rate of currency associated with the interface. When the billing-rate is flat the field indicated rate per day. When the billing-rate is metered the field indicates rate per byte.
billing-type	Billing type associated with the interface.
carrier	Carrier associated with the interface.
clone	Clone a list item
conductor	Whether the interface is used for communicating with the conductor.
default-route	Whether the interface is used as default-route for non-forwarding interfaces.
delete	Delete configuration data
description	A description about the interface.
dhcp	Whether this interface acquires IP address and other parameter via DHCP
dhcp-delayed-auth-key	The key used to generate the HMAC-MD5 value.
dhcp-delayed-auth-key-id	The key identifier that identifies the key used to generate the HMAC-MD5 value.
dhcp-delayed-auth-realm	The DHCP realm that identifies the key used to generate the HMAC-MD5 value.
dhcp-reconfig-auth-algorithm	The algorithm used by the Reconfigure Key authentication protocol to authenticate prefix-delegation messages.
dscp-map	Mapping of DSCP values to priorities.
dscp-steering	Configure Dscp Steering
dynamic-source-nat	Defines the prefixes that need to be dynamically source natted for packets ingressing this interface.
egress-source-nat-pool	Indicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.
enable-proxy-learning	Enable/Disable Proxy Learning
enforced-mss	Maximum allowed value for maximum segment size (MSS) on this interface.
ethernet-over-svr	L2 Bridge this network interface is assigned to.
filter-rule	A rule for dropping packets.
global-id	Global Interface Id (GIID) used in next-hop egress interface for routing data. All instances of a redundant interface will have the same GIID.
host-service	The host-service configuration is a service hosted by a router node.
hostname	Hostname for the interface. This is an optional fully-qualified domain name (FQDN).
icmp	Enable/disable ICMP Blackhole
ifcfg-option	Interface config options for non-forwarding interfaces
ingress-source-nat-pool	Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.
inter-router-security	The name of the security policy used for inbound inter-router traffic.
management	Allow management traffic to be sent over this interface
management-vector	Vector configuration for non-forwarding interfaces
move	Move list items
mtu	The maximum transmission unit (MTU) for packets sent on the interface.
multicast-listeners	Enables the sending of IGMP and MLD queries on this interface.
multicast-report-proxy	Enables the forwarding of IGMP and MLD joins/leaves/reports to valid multicast services to this network interface. These must come from other network interfaces which allow multicast listeners.
name	An arbitrary, unique name for the interface, used to reference it in other configuration sections.
neighbor	A list of mappings from IP addresses to physical addresses. Entries in this list are used as static entries in the ARP cache.
neighborhood	The neighborhoods to which this interface belongs.
off-subnet-arp-prefix	Address(es) for which the router will respond to ARP requests.
off-subnet-reverse-arp-mac-learning	When enabled, the source MAC address of the packet will be used for reverse traffic for off-subnet source ip address.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix-delegation	Enable/disable IPv6 Prefix Delegation Client.
prefix-delegation-authentication	Whether prefix-delegation messages are authenticated.
prefix-delegation-group	The name to identify a prefix-delegation group within which the pd-client interface will request a prefix and all the internal interfaces will be assigned a global address from this prefix based on their subnet-ids.
prefix-delegation-subnet-id	The identifier of a subnet within a prefix-delegation group which is used to construct a global IPv6 address for an internal interface.
preserve-dscp	Controls if DSCP bits are preserved on this interface.
prioritization-mode	Controls how packets received on this interface are prioritized.
qp-value	Quality points value that represents the 'quality' of the network the interface is connected to. It used for selecting egress interface based on the service class required minimum quality points.
reverse-arp-mac-learning	Controls whether the source MAC address of the packet can be used for reverse traffic when ARP is unresolved.
rewrite-dscp	Controls if DSCP bits are rewritten on this interface.
router-advertisement	Enable/disable IPv6 router advertisement to advertise the prefix learned via DHCPv6-PD.
show	Show configuration data for 'network-interface'
source-nat	Indicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.
tenant	Tenant to which this interface belongs.
tenant-prefixes	Tenant to source prefix mapping.
traffic-engineering	Configure Traffic Engineering
tunnel	Configure Tunnel
type	Type of network that the interface is connected to. Type is fabric for inter-node traffic, external for regular traffic, and shared for both fabric and external.
vlan	The VLAN id for the interface (0 for no VLAN, otherwise 1-4094).
vrrp	Configure Vrrp

configure authority router node device-interface network-interface address

The list of IP addresses (along with subnet prefix length) on the interface.

Usage

configure authority router node device-interface network-interface address <ip-address>

Positional Arguments

name	description
ip-address	The IP address on the interface.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
gateway	Optional gateway for destinations outside the subnet of the interface.
host-service	The host-service configuration is a service hosted by a router node.
in-subnet-arp-prefix	Address(es) for which the router will respond to ARP requests.
ip-address	The IP address on the interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
ppp-peer-ip	PPP Peer IP address for interfaces like T1.
prefix-length	The length of the subnet prefix.
show	Show configuration data for 'address'
utility-ip-address	Utility IP address used for purposes other than forwarding traffic.
valid-waypoint	Whether peer paths should be created from this local address

configure authority router node device-interface network-interface address gateway

Optional gateway for destinations outside the subnet of the interface.

Usage

configure authority router node device-interface network-interface address gateway [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service

The host-service configuration is a service hosted by a router node.

Usage

configure authority router node device-interface network-interface address host-service <service-type>

Positional Arguments

name	description
service-type	The type of hosted service

Subcommands

command	description
access-policy	List of access policies by address prefix, QSN or tenant and prefix.
address-pool	Address pool for allocation by the DHCP server
authoritative	Whether this is the authoritative DHCP server in the network. If true, server will respond to requests with NAK where appropriate according to RFC 2131
clone	Clone a list item
delete	Delete configuration data
description	A description about the hosted service.
echo-client-id	Whether the client id should be echoed in DHCP server responses as specified in RFC 6842 or not as specified in the original RFC 2131.
enabled	Enable/disable for host services
max-lease-time	Maximum lease time for leases allocated to clients.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
server-name	Server name that identifies the DHCP server to clients.
service-type	The type of hosted service
show	Show configuration data for 'host-service'
static-assignment	Static assignment(s) for DHCP configuration for a specific client
transport	The transport protocol(s) and port(s) for the service.

configure authority router node device-interface network-interface address host-service access-policy

List of access policies by address prefix, QSN or tenant and prefix.

Usage

configure authority router node device-interface network-interface address host-service access-policy <source>

Positional Arguments

name	description
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
permission	Whether or not to allow access to the service.
show	Show configuration data for 'access-policy'
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service
syslog	Configure Syslog

configure authority router node device-interface network-interface address host-service access-policy permission

Whether or not to allow access to the service.

Usage

configure authority router node device-interface network-interface address host-service access-policy permission [<access-mode>]

Positional Arguments

name	description
access-mode	The value to set for this field

Description

Default: allow

access-mode (enumeration)

Enumeration defining whether access is allowed or denied.

Options:

• allow: Allow access.
• deny: Deny access.

configure authority router node device-interface network-interface address host-service access-policy source

The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Usage

configure authority router node device-interface network-interface address host-service access-policy source [<source-spec>]

Positional Arguments

name	description
source-spec	The value to set for this field

Description

source-spec (union)

A source address prefix, QSN, service-group or combination of tenant-name and prefix.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

(2) qsn (string)

Qualified Service Name in the form: tenant[.authority][/[service-group/]service]

Must contain only alphanumeric characters or any of the following: / . _ - Required format: 'Tenant[.Authority[/ServiceGroup[/Service]]]'. No forward slash-delimited segment can exceed 62 characters.(e.g., Engineering.Authority128/Video/private_conferencing). Length: 1-1024

(3) service-spec (string)

Service group and service name portion of a Qualified Service Name.

Must contain only alphanumeric characters or any of the following: - _ / . Required format: '/groupLabel1[/groupLabel2[/groupLabel3...]]'. No forward slash-delimited segment can exceed 62 characters. Length: 0-127

(4) tenant-prefix (string)

A string identifier for a tenant prefix. Consists of a valid tenant name, followed by @ and a valid IP Address.

Must contain a valid tenant name, followed by @ and a valid IP Address. Length: 0-280

configure authority router node device-interface network-interface address host-service access-policy syslog

Configure Syslog

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'syslog'
syslog-policy	Syslog policy to be applied to the access policy.

configure authority router node device-interface network-interface address host-service access-policy syslog syslog-policy

Syslog policy to be applied to the access policy.

Usage

configure authority router node device-interface network-interface address host-service access-policy syslog syslog-policy [<syslog-policy-name>]

Positional Arguments

name	description
syslog-policy-name	The value to set for this field

Description

syslog-policy-name (string)

This type is used by other entities that need to reference configured syslog profiles.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-15

configure authority router node device-interface network-interface address host-service address-pool

Address pool for allocation by the DHCP server

Usage

configure authority router node device-interface network-interface address host-service address-pool <start-address>

Positional Arguments

name	description
start-address	Start of address pool.

Subcommands

command	description
clone	Clone a list item
custom	Custom DHCP options to be provided to clients.
delete	Delete configuration data
domain-name	Domain name provided to clients.
domain-server	Domain name server address(es) provided to clients in priority order.
end-address	End of address pool.
interface-mtu	Interface MTU provided to clients.
move	Move list items
ntp-server	NTP server address(es) provided to clients in priority order.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pop-server	POP server address(es) provided to clients in priority order.
router	Gateway router address(es) provided to clients in priority order.
show	Show configuration data for 'address-pool'
smtp-server	SMTP server address(es) provided to clients in priority order.
start-address	Start of address pool.
static-assignment	Static assignment(s) for DHCP configuration for a specific client
static-route	Static route(s) provided to clients. Note that for default routes the router option should be used.
tenant	Tenant to which clients will be assigned.
vendor-identifying-vendor-specific-information	Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].
vendor-specific-information	Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

configure authority router node device-interface network-interface address host-service address-pool custom

Custom DHCP options to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'custom'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool custom code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool custom description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool custom encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool custom quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service address-pool custom value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool custom value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool domain-name

Domain name provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool domain-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool domain-server

Domain name server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool domain-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool end-address

End of address pool.

Usage

configure authority router node device-interface network-interface address host-service address-pool end-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool interface-mtu

Interface MTU provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool interface-mtu [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 68-9198

configure authority router node device-interface network-interface address host-service address-pool ntp-server

NTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool ntp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool pop-server

POP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool pop-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool router

Gateway router address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool router [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool smtp-server

SMTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool smtp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool start-address

Start of address pool.

Usage

configure authority router node device-interface network-interface address host-service address-pool start-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment

Static assignment(s) for DHCP configuration for a specific client

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment <address>

Positional Arguments

name	description
address	Address for static assignment of this client.

Subcommands

command	description
address	Address for static assignment of this client.
circuit-identifier	DHCP circuit identifier option (RFC3046) identifying this client.
client-identifier	DHCP client identifier option identifying this client.
clone	Clone a list item
custom	Custom DHCP options to be provided to clients.
delete	Delete configuration data
description	A description of the static DHCP assignment.
domain-name	Domain name provided to clients.
domain-server	Domain name server address(es) provided to clients in priority order.
interface-mtu	Interface MTU provided to clients.
link-layer-address	MAC address identifying this client.
move	Move list items
ntp-server	NTP server address(es) provided to clients in priority order.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pop-server	POP server address(es) provided to clients in priority order.
router	Gateway router address(es) provided to clients in priority order.
show	Show configuration data for 'static-assignment'
smtp-server	SMTP server address(es) provided to clients in priority order.
static-route	Static route(s) provided to clients. Note that for default routes the router option should be used.
tenant	Tenant to which clients will be assigned.
vendor-identifying-vendor-specific-information	Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].
vendor-specific-information	Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

configure authority router node device-interface network-interface address host-service address-pool static-assignment address

Address for static assignment of this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment circuit-identifier

DHCP circuit identifier option (RFC3046) identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment circuit-identifier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment client-identifier

DHCP client identifier option identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment client-identifier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom

Custom DHCP options to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'custom'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment custom value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment description

A description of the static DHCP assignment.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-name

Domain name provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-server

Domain name server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment domain-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment interface-mtu

Interface MTU provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment interface-mtu [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 68-9198

configure authority router node device-interface network-interface address host-service address-pool static-assignment link-layer-address

MAC address identifying this client.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment link-layer-address [<mac-address>]

Positional Arguments

name	description
mac-address	The value to set for this field

Description

mac-address (string)

The mac-address type represents an IEEE 802 MAC address. The canonical representation uses lowercase characters.

In the value set and its semantics, this type is equivalent to the MacAddress textual convention of the SMIv2.

configure authority router node device-interface network-interface address host-service address-pool static-assignment ntp-server

NTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment ntp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment pop-server

POP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment pop-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment router

Gateway router address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment router [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment smtp-server

SMTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment smtp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route

Static route(s) provided to clients. Note that for default routes the router option should be used.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route <destination-address>

Positional Arguments

name	description
destination-address	Destination address of static route.

Subcommands

command	description
delete	Delete configuration data
destination-address	Destination address of static route.
gateway	Gateway address of static route.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-route'

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route destination-address

Destination address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route destination-address [<non-default-ip-address>]

Positional Arguments

name	description
non-default-ip-address	The value to set for this field

Description

non-default-ip-address (union)

A non-default IPv4 or IPv6 address

Must be one of the following types:

(0) non-default-ipv4-address (string)

A non-default IPv4 address

Must be a valid IPv4 address.

(1) non-default-ipv6-address (string)

A non-default IPv6 address

Must be a valid IPv4 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route gateway

Gateway address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment static-route gateway [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool static-assignment tenant

Tenant to which clients will be assigned.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	The value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information

Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information <enterprise-number> <code>

Positional Arguments

name	description
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-identifying-vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information enterprise-number

The vendor's registered 32-bit Enterprise Number as registered with IANA.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information enterprise-number [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-identifying-vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information

Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular
• array

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-assignment vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool static-route

Static route(s) provided to clients. Note that for default routes the router option should be used.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route <destination-address>

Positional Arguments

name	description
destination-address	Destination address of static route.

Subcommands

command	description
delete	Delete configuration data
destination-address	Destination address of static route.
gateway	Gateway address of static route.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-route'

configure authority router node device-interface network-interface address host-service address-pool static-route destination-address

Destination address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route destination-address [<non-default-ip-address>]

Positional Arguments

name	description
non-default-ip-address	The value to set for this field

Description

non-default-ip-address (union)

A non-default IPv4 or IPv6 address

Must be one of the following types:

(0) non-default-ipv4-address (string)

A non-default IPv4 address

Must be a valid IPv4 address.

(1) non-default-ipv6-address (string)

A non-default IPv6 address

Must be a valid IPv4 address.

configure authority router node device-interface network-interface address host-service address-pool static-route gateway

Gateway address of static route.

Usage

configure authority router node device-interface network-interface address host-service address-pool static-route gateway [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service address-pool tenant

Tenant to which clients will be assigned.

Usage

configure authority router node device-interface network-interface address host-service address-pool tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	The value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information

Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information <enterprise-number> <code>

Positional Arguments

name	description
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-identifying-vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string
• uint8
• uint16
• uint32
• boolean
• ipv4-address
• int32
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information enterprise-number

The vendor's registered 32-bit Enterprise Number as registered with IANA.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information enterprise-number [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-identifying-vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information

Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service address-pool vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service authoritative

Whether this is the authoritative DHCP server in the network. If true, server will respond to requests with NAK where appropriate according to RFC 2131

Usage

configure authority router node device-interface network-interface address host-service authoritative [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface address host-service description

A description about the hosted service.

Usage

configure authority router node device-interface network-interface address host-service description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service echo-client-id

Whether the client id should be echoed in DHCP server responses as specified in RFC 6842 or not as specified in the original RFC 2131.

Usage

configure authority router node device-interface network-interface address host-service echo-client-id [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface address host-service enabled

Enable/disable for host services

Usage

configure authority router node device-interface network-interface address host-service enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface address host-service max-lease-time

Maximum lease time for leases allocated to clients.

Usage

configure authority router node device-interface network-interface address host-service max-lease-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 86400

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface address host-service server-name

Server name that identifies the DHCP server to clients.

Usage

configure authority router node device-interface network-interface address host-service server-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service service-type

The type of hosted service

Usage

configure authority router node device-interface network-interface address host-service service-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• ssh: SSH Hosted service.
• netconf: Netconf service.
• web: Web service.
• dhcp-server: DHCP server service.
• snmp-server: Access SNMP server through this interface
• custom: Custom service.

configure authority router node device-interface network-interface address host-service static-assignment

Static assignment(s) for DHCP configuration for a specific client

Usage

configure authority router node device-interface network-interface address host-service static-assignment <address>

Positional Arguments

name	description
address	Address for static assignment of this client.

Subcommands

command	description
address	Address for static assignment of this client.
circuit-identifier	DHCP circuit identifier option (RFC3046) identifying this client.
client-identifier	DHCP client identifier option identifying this client.
clone	Clone a list item
custom	Custom DHCP options to be provided to clients.
delete	Delete configuration data
description	A description of the static DHCP assignment.
domain-name	Domain name provided to clients.
domain-server	Domain name server address(es) provided to clients in priority order.
interface-mtu	Interface MTU provided to clients.
link-layer-address	MAC address identifying this client.
move	Move list items
ntp-server	NTP server address(es) provided to clients in priority order.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pop-server	POP server address(es) provided to clients in priority order.
router	Gateway router address(es) provided to clients in priority order.
show	Show configuration data for 'static-assignment'
smtp-server	SMTP server address(es) provided to clients in priority order.
static-route	Static route(s) provided to clients. Note that for default routes the router option should be used.
tenant	Tenant to which clients will be assigned.
vendor-identifying-vendor-specific-information	Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].
vendor-specific-information	Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

configure authority router node device-interface network-interface address host-service static-assignment address

Address for static assignment of this client.

Usage

configure authority router node device-interface network-interface address host-service static-assignment address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment circuit-identifier

DHCP circuit identifier option (RFC3046) identifying this client.

Usage

configure authority router node device-interface network-interface address host-service static-assignment circuit-identifier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment client-identifier

DHCP client identifier option identifying this client.

Usage

configure authority router node device-interface network-interface address host-service static-assignment client-identifier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment custom

Custom DHCP options to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'custom'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service static-assignment custom code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service static-assignment custom description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment custom encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service static-assignment custom quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service static-assignment custom value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment custom value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service static-assignment description

A description of the static DHCP assignment.

Usage

configure authority router node device-interface network-interface address host-service static-assignment description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment domain-name

Domain name provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment domain-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment domain-server

Domain name server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service static-assignment domain-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment interface-mtu

Interface MTU provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment interface-mtu [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 68-9198

configure authority router node device-interface network-interface address host-service static-assignment link-layer-address

MAC address identifying this client.

Usage

configure authority router node device-interface network-interface address host-service static-assignment link-layer-address [<mac-address>]

Positional Arguments

name	description
mac-address	The value to set for this field

Description

mac-address (string)

The mac-address type represents an IEEE 802 MAC address. The canonical representation uses lowercase characters.

In the value set and its semantics, this type is equivalent to the MacAddress textual convention of the SMIv2.

configure authority router node device-interface network-interface address host-service static-assignment ntp-server

NTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service static-assignment ntp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment pop-server

POP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service static-assignment pop-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment router

Gateway router address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service static-assignment router [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment smtp-server

SMTP server address(es) provided to clients in priority order.

Usage

configure authority router node device-interface network-interface address host-service static-assignment smtp-server [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment static-route

Static route(s) provided to clients. Note that for default routes the router option should be used.

Usage

configure authority router node device-interface network-interface address host-service static-assignment static-route <destination-address>

Positional Arguments

name	description
destination-address	Destination address of static route.

Subcommands

command	description
delete	Delete configuration data
destination-address	Destination address of static route.
gateway	Gateway address of static route.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-route'

configure authority router node device-interface network-interface address host-service static-assignment static-route destination-address

Destination address of static route.

Usage

configure authority router node device-interface network-interface address host-service static-assignment static-route destination-address [<non-default-ip-address>]

Positional Arguments

name	description
non-default-ip-address	The value to set for this field

Description

non-default-ip-address (union)

A non-default IPv4 or IPv6 address

Must be one of the following types:

(0) non-default-ipv4-address (string)

A non-default IPv4 address

Must be a valid IPv4 address.

(1) non-default-ipv6-address (string)

A non-default IPv6 address

Must be a valid IPv4 address.

configure authority router node device-interface network-interface address host-service static-assignment static-route gateway

Gateway address of static route.

Usage

configure authority router node device-interface network-interface address host-service static-assignment static-route gateway [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address host-service static-assignment tenant

Tenant to which clients will be assigned.

Usage

configure authority router node device-interface network-interface address host-service static-assignment tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	The value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information

Vendor-Identifying Vendor-Specific Information Options (Option 125) to be provided to clients [RFC3925].

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information <enterprise-number> <code>

Positional Arguments

name	description
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
enterprise-number	The vendor's registered 32-bit Enterprise Number as registered with IANA.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-identifying-vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information enterprise-number

The vendor's registered 32-bit Enterprise Number as registered with IANA.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information enterprise-number [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-identifying-vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information

Vendor-Specific Information Options (Option 43) to be provided to clients [RFC2132].

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information <code>

Positional Arguments

name	description
code	The code of the custom DHCP option.

Subcommands

command	description
code	The code of the custom DHCP option.
delete	Delete configuration data
description	A description of the custom DHCP option.
encoded-type	The encoded type of the custom option.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
quantity	The allowed quantity of the custom option values.
show	Show configuration data for 'vendor-specific-information'
value	The value(s) of custom option to be provided to clients.

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information code

The code of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information code [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information description

A description of the custom DHCP option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information encoded-type

The encoded type of the custom option.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information encoded-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: string

enumeration

A value from a set of predefined names.

Options:

• string:
• uint8:
• uint16:
• uint32:
• boolean:
• ipv4-address:
• int32:
• binary: A continuous string of hexadecimal digits with a '0x' prefix. Valid examples are '0xabcdef' and '0x123456'.

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information quantity

The allowed quantity of the custom option values.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information quantity [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: singular

enumeration

A value from a set of predefined names.

Options:

• singular:
• array:

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information value

The value(s) of custom option to be provided to clients.

Usage

configure authority router node device-interface network-interface address host-service static-assignment vendor-specific-information value [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

The order of elements matters.

string (required)

A text value.

configure authority router node device-interface network-interface address host-service transport

The transport protocol(s) and port(s) for the service.

Usage

configure authority router node device-interface network-interface address host-service transport <protocol>

Positional Arguments

name	description
protocol	Layer 4 transport protocol.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port-range	Configure Port Range
protocol	Layer 4 transport protocol.
show	Show configuration data for 'transport'

configure authority router node device-interface network-interface address host-service transport port-range

Configure Port Range

Usage

configure authority router node device-interface network-interface address host-service transport port-range <start-port>

Positional Arguments

name	description
start-port	Lower transport (layer 4) port number.

Subcommands

command	description
delete	Delete configuration data
end-port	Upper transport (layer 4) port number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'port-range'
start-port	Lower transport (layer 4) port number.

configure authority router node device-interface network-interface address host-service transport port-range end-port

Upper transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface address host-service transport port-range end-port [<end-port>]

Positional Arguments

name	description
end-port	The value to set for this field

Description

end-port (uint16)

Upper transport (layer 4) port number. Default value is the start-port

Range: 0-65535

configure authority router node device-interface network-interface address host-service transport port-range start-port

Lower transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface address host-service transport port-range start-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16) (required)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node device-interface network-interface address host-service transport protocol

Layer 4 transport protocol.

Usage

configure authority router node device-interface network-interface address host-service transport protocol [<protocol>]

Positional Arguments

name	description
protocol	The value to set for this field

Description

protocol (enumeration)

Transport (Layer 4) protocol.

Options:

• tcp: Transmission Control Protocol.
• udp: User Datagram Protocol.
• icmp: Internet Control Management Protocol.
• gre: Generic Routing Encapsulation Protocol.
• esp: IPSec Encapsulating Security Payload Protocol.
• pim: Protocol Independent Multicast.

configure authority router node device-interface network-interface address in-subnet-arp-prefix

Address(es) for which the router will respond to ARP requests.

Usage

configure authority router node device-interface network-interface address in-subnet-arp-prefix [<unicast-ipv4-prefix>]

Positional Arguments

name	description
unicast-ipv4-prefix	Value to add to this list

Description

unicast-ipv4-prefix (string)

A unicast IPv4 prefix

configure authority router node device-interface network-interface address ip-address

The IP address on the interface.

Usage

configure authority router node device-interface network-interface address ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address ppp-peer-ip

PPP Peer IP address for interfaces like T1.

Usage

configure authority router node device-interface network-interface address ppp-peer-ip [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address prefix-length

The length of the subnet prefix.

Usage

configure authority router node device-interface network-interface address prefix-length [<prefix-length>]

Positional Arguments

name	description
prefix-length	The value to set for this field

Description

prefix-length (uint8) (required)

Prefix-length for IP address

Range: 0-128

configure authority router node device-interface network-interface address utility-ip-address

Utility IP address used for purposes other than forwarding traffic.

Usage

configure authority router node device-interface network-interface address utility-ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface address valid-waypoint

Whether peer paths should be created from this local address

Usage

configure authority router node device-interface network-interface address valid-waypoint [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency

A list of adjacent routers.

Usage

configure authority router node device-interface network-interface adjacency <ip-address> <peer>

Positional Arguments

name	description
ip-address	The IP address or hostname of adjacent router or waypoint-address of the peer router.
peer	Peer router to which this waypoint address belongs.

Subcommands

command	description
bfd	BFD parameters for the adjacency.
clone	Clone a list item
cost	Cost of the link.
delete	Delete configuration data
encapsulate-icmp-error-messages	Encapsulate ICMP errors in UDP across SVR for this adjacency
external-nat-address	This is the address or hostname that is seen by the adjacent router when it receives a packet from this router.
generated	Indicates whether or not the Adjacency was automatically generated as a result of STEP topology builder.
inter-router-security	The name of the security policy used for inter-router traffic to the peer via this adjacency.
ip-address	The IP address or hostname of adjacent router or waypoint-address of the peer router.
max-way-points	Maximum number of way points to be allocated on the peer path.
nat-keep-alive	NAT keep-alive settings for interoperating with external NATs for this adjacency.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
packet-resiliency	Enable/disable packet-resiliency per path.
path-metrics-rolling-avg-interval	This defines the rolling average interval used for computing various path metrics such as latency and loss.
path-mtu-discovery	Automatic path MTU discovery for this adjacency.
payload-encryption-override	Transport based encryption override for payload setting for the adjacency.
peer	Peer router to which this waypoint address belongs.
peer-connectivity	Whether the peer router is publicly reachable, or behind a firewall/NAT.
performance-monitoring	Performance Monitoring settings for this adjacency.
port-range	Range of destination ports that peer router is reachable at
post-encryption-padding	Whether to add a padding byte with value of 0x0 at the end of the packet payload when encryption is enabled for this adjacency.
qp-value	Quality points value that represents the 'quality' of the the link to the adjacent router. Used for selecting egress interface based on the service class required minimum quality points.
session-optimization	Configure Session Optimization
show	Show configuration data for 'adjacency'
source-nat-address	The source nat IP address or prefixes for packets received on the interface.
step-peer-path-advertisement	Update frequency and timeliness of the STEP peer path advertisement for this adjacency.
traffic-engineering	Configure Traffic Engineering
ttl-padding	Whether to perform TTL Padding on routers for this adjacency
udp-transform	UDP transform settings for interoperating with stateful TCP firewalls for the adjacency.
vector	Vector names for path selection.

configure authority router node device-interface network-interface adjacency bfd

BFD parameters for the adjacency.

Subcommands

command	description
authentication-type	Describes the authentication type used in BFD packets
delete	Delete configuration data
desired-tx-interval	Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
dscp	The DSCP value to use with BFD packets.
dynamic-damping	When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
hold-down-time	Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
link-test-interval	This represents the interval between BFD echo tests sent to the peer node/router.
link-test-length	This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
maximum-hold-down-time	Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
multiplier	Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'
state	When enabled, run BFD between all nodes within the router.

configure authority router node device-interface network-interface adjacency bfd authentication-type

Describes the authentication type used in BFD packets

Usage

configure authority router node device-interface network-interface adjacency bfd authentication-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: sha256

enumeration

A value from a set of predefined names.

Options:

• simple: Simple Password.
• sha256: SHA256

configure authority router node device-interface network-interface adjacency bfd desired-tx-interval

Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.

Usage

configure authority router node device-interface network-interface adjacency bfd desired-tx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 50-600000

configure authority router node device-interface network-interface adjacency bfd dscp

The DSCP value to use with BFD packets.

Usage

configure authority router node device-interface network-interface adjacency bfd dscp [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

Default: 0

dscp (uint8)

A DSCP value (0-63)

Range: 0-63

configure authority router node device-interface network-interface adjacency bfd dynamic-damping

When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.

Usage

configure authority router node device-interface network-interface adjacency bfd dynamic-damping [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• enabled: Extend hold-down time exponentially if link flaps occur during hold-down time.
• disabled: Use simple hold-down timer for every link up event.

configure authority router node device-interface network-interface adjacency bfd hold-down-time

Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.

Usage

configure authority router node device-interface network-interface adjacency bfd hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-300

configure authority router node device-interface network-interface adjacency bfd link-test-interval

This represents the interval between BFD echo tests sent to the peer node/router.

Usage

configure authority router node device-interface network-interface adjacency bfd link-test-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency bfd link-test-length

This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.

Usage

configure authority router node device-interface network-interface adjacency bfd link-test-length [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 10

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router node device-interface network-interface adjacency bfd maximum-hold-down-time

Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.

Usage

configure authority router node device-interface network-interface adjacency bfd maximum-hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency bfd multiplier

Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).

Usage

configure authority router node device-interface network-interface adjacency bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router node device-interface network-interface adjacency bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router node device-interface network-interface adjacency bfd required-min-rx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency bfd state

When enabled, run BFD between all nodes within the router.

Usage

configure authority router node device-interface network-interface adjacency bfd state [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: enabled

enumeration

A value from a set of predefined names.

Options:

• enabled: BFD is enabled on all nodes of this router.
• disabled: BFD is disabled on all nodes of this router.

configure authority router node device-interface network-interface adjacency cost

Cost of the link.

Usage

configure authority router node device-interface network-interface adjacency cost [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 0

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency encapsulate-icmp-error-messages

Encapsulate ICMP errors in UDP across SVR for this adjacency

Usage

configure authority router node device-interface network-interface adjacency encapsulate-icmp-error-messages [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency external-nat-address

This is the address or hostname that is seen by the adjacent router when it receives a packet from this router.

Usage

configure authority router node device-interface network-interface adjacency external-nat-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface adjacency generated

Indicates whether or not the Adjacency was automatically generated as a result of STEP topology builder.

Usage

configure authority router node device-interface network-interface adjacency generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency inter-router-security

The name of the security policy used for inter-router traffic to the peer via this adjacency.

Usage

configure authority router node device-interface network-interface adjacency inter-router-security [<security-ref>]

Positional Arguments

name	description
security-ref	The value to set for this field

Description

security-ref (leafref)

This type is used by other entities that need to reference configured security policies.

configure authority router node device-interface network-interface adjacency ip-address

The IP address or hostname of adjacent router or waypoint-address of the peer router.

Usage

configure authority router node device-interface network-interface adjacency ip-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface adjacency max-way-points

Maximum number of way points to be allocated on the peer path.

Usage

configure authority router node device-interface network-interface adjacency max-way-points [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 50000

warning

a restart is required if max-way-points is created, modified, or deleted

uint32

An unsigned 32-bit integer.

Range: 50000-1000000

configure authority router node device-interface network-interface adjacency nat-keep-alive

NAT keep-alive settings for interoperating with external NATs for this adjacency.

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nat-keep-alive'
tcp-inactivity-timeout	Represents the frequency with which TCP keep-alive packets are generated and should be shorter than the external NAT's TCP timeout settings.
udp-inactivity-timeout	Represents the frequency with which UDP keep-alive packets are generated and should be shorter than the external NAT's UDP timeout settings.

configure authority router node device-interface network-interface adjacency nat-keep-alive mode

Configure Mode

Usage

configure authority router node device-interface network-interface adjacency nat-keep-alive mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled.
• disabled: Do not send keep-alive packets to keep pinhole open on an external NAT device.

configure authority router node device-interface network-interface adjacency nat-keep-alive tcp-inactivity-timeout

Represents the frequency with which TCP keep-alive packets are generated and should be shorter than the external NAT's TCP timeout settings.

Usage

configure authority router node device-interface network-interface adjacency nat-keep-alive tcp-inactivity-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 1800

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency nat-keep-alive udp-inactivity-timeout

Represents the frequency with which UDP keep-alive packets are generated and should be shorter than the external NAT's UDP timeout settings.

Usage

configure authority router node device-interface network-interface adjacency nat-keep-alive udp-inactivity-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency packet-resiliency

Enable/disable packet-resiliency per path.

Subcommands

command	description
delete	Delete configuration data
enabled	Whether packet resiliency is enabled on this path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'packet-resiliency'

configure authority router node device-interface network-interface adjacency packet-resiliency enabled

Whether packet resiliency is enabled on this path.

Usage

configure authority router node device-interface network-interface adjacency packet-resiliency enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency path-metrics-rolling-avg-interval

This defines the rolling average interval used for computing various path metrics such as latency and loss.

Usage

configure authority router node device-interface network-interface adjacency path-metrics-rolling-avg-interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 60s

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router node device-interface network-interface adjacency path-mtu-discovery

Automatic path MTU discovery for this adjacency.

Subcommands

command	description
delete	Delete configuration data
enabled	Controls whether or not peer-path MTU discovery is performed
interval	Represents the frequency with which the peer-path MTU discovery is performed.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'path-mtu-discovery'

configure authority router node device-interface network-interface adjacency path-mtu-discovery enabled

Controls whether or not peer-path MTU discovery is performed

Usage

configure authority router node device-interface network-interface adjacency path-mtu-discovery enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency path-mtu-discovery interval

Represents the frequency with which the peer-path MTU discovery is performed.

Usage

configure authority router node device-interface network-interface adjacency path-mtu-discovery interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency payload-encryption-override

Transport based encryption override for payload setting for the adjacency.

Usage

configure authority router node device-interface network-interface adjacency payload-encryption-override [<payload-encryption-override>]

Positional Arguments

name	description
payload-encryption-override	The value to set for this field

Description

Default: disable-override

payload-encryption-override (enumeration)

Payload encryption override setting.

Options:

• enable-encryption: Enable encryption of payload even when the security-policy associated with the service has encrypt=false. If the payload is already encrypted by another SSR, send it out as is.
• disable-override: Disable override of the security policy and use the security policy settings associated with the service.

configure authority router node device-interface network-interface adjacency peer

Peer router to which this waypoint address belongs.

Usage

configure authority router node device-interface network-interface adjacency peer [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router node device-interface network-interface adjacency peer-connectivity

Whether the peer router is publicly reachable, or behind a firewall/NAT.

Usage

configure authority router node device-interface network-interface adjacency peer-connectivity [<peer-connectivity>]

Positional Arguments

name	description
peer-connectivity	The value to set for this field

Description

Default: bidirectional

peer-connectivity (enumeration)

The IP-layer connectivity behavior.

Options:

• bidirectional: Publicly reachable (i.e., not behind a firewall/NAT).
• outbound-only: Not publicly reachable (i.e., behind a firewall/NAT).

configure authority router node device-interface network-interface adjacency performance-monitoring

Performance Monitoring settings for this adjacency.

Subcommands

command	description
delete	Delete configuration data
enabled	Whether performance monitoring is enabled.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
profile	The name of the performance monitoring profile used for marking traffic.
show	Show configuration data for 'performance-monitoring'

configure authority router node device-interface network-interface adjacency performance-monitoring enabled

Whether performance monitoring is enabled.

Usage

configure authority router node device-interface network-interface adjacency performance-monitoring enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency performance-monitoring profile

The name of the performance monitoring profile used for marking traffic.

Usage

configure authority router node device-interface network-interface adjacency performance-monitoring profile [<performance-monitoring-profile-ref>]

Positional Arguments

name	description
performance-monitoring-profile-ref	The value to set for this field

Description

performance-monitoring-profile-ref (leafref)

This type is used by other entities that need to reference configured performance monitoring profiles.

configure authority router node device-interface network-interface adjacency port-range

Range of destination ports that peer router is reachable at

Usage

configure authority router node device-interface network-interface adjacency port-range <start-port>

Positional Arguments

name	description
start-port	Lower transport (layer 4) port number.

Subcommands

command	description
delete	Delete configuration data
end-port	Upper transport (layer 4) port number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'port-range'
start-port	Lower transport (layer 4) port number.

configure authority router node device-interface network-interface adjacency port-range end-port

Upper transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface adjacency port-range end-port [<end-port>]

Positional Arguments

name	description
end-port	The value to set for this field

Description

end-port (uint16)

Upper transport (layer 4) port number. Default value is the start-port

Range: 1025-65535

configure authority router node device-interface network-interface adjacency port-range start-port

Lower transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface adjacency port-range start-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 1025-65535

configure authority router node device-interface network-interface adjacency post-encryption-padding

Whether to add a padding byte with value of 0x0 at the end of the packet payload when encryption is enabled for this adjacency.

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'post-encryption-padding'

configure authority router node device-interface network-interface adjacency post-encryption-padding mode

Configure Mode

Usage

configure authority router node device-interface network-interface adjacency post-encryption-padding mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not add additional padding.
• enabled: Add one byte of padding to the end of the packet.

configure authority router node device-interface network-interface adjacency qp-value

Quality points value that represents the 'quality' of the the link to the adjacent router. Used for selecting egress interface based on the service class required minimum quality points.

Usage

configure authority router node device-interface network-interface adjacency qp-value [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 0

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency session-optimization

Configure Session Optimization

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'session-optimization'

configure authority router node device-interface network-interface adjacency session-optimization mode

Configure Mode

Usage

configure authority router node device-interface network-interface adjacency session-optimization mode [<session-optimization-mode>]

Positional Arguments

name	description
session-optimization-mode	The value to set for this field

Description

session-optimization-mode (enumeration)

When to apply session optimization. Auto is recommended.

Options:

• never-on: Never optimize TCP traffic.
• auto: Automatically determine if TCP optimization is required.

configure authority router node device-interface network-interface adjacency source-nat-address

The source nat IP address or prefixes for packets received on the interface.

Usage

configure authority router node device-interface network-interface adjacency source-nat-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

warning

source-nat-address is deprecated and will be removed in a future software version

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement

Update frequency and timeliness of the STEP peer path advertisement for this adjacency.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'step-peer-path-advertisement'
sla-metrics	Configure Sla Metrics

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics

Configure Sla Metrics

Subcommands

command	description
clone	Clone a list item
decrease-report-delay	Specifies mappings of peer path SLA metrics decrease to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.
delete	Delete configuration data
increase-report-delay	Specifies mappings of peer path SLA metrics increase to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.
moving-average-sample-size	Sample size for calculating the weighted moving average of peer path SLA metrics to be advertised into STEP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'sla-metrics'
significance-threshold	Thresholds for peer path SLA metrics. Values above the threshold are considered significant enough to be advertised into STEP.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay

Specifies mappings of peer path SLA metrics decrease to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay <percentage>

Positional Arguments

name	description
percentage	Largest percentage decrease seen among all of the metric values.

Subcommands

command	description
delay	Reporting delay for the given percentage decrease.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
percentage	Largest percentage decrease seen among all of the metric values.
show	Show configuration data for 'decrease-report-delay'

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay delay

Reporting delay for the given percentage decrease.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay percentage

Largest percentage decrease seen among all of the metric values.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics decrease-report-delay percentage [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay

Specifies mappings of peer path SLA metrics increase to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay <percentage>

Positional Arguments

name	description
percentage	Largest percentage increase seen among all of the metric values.

Subcommands

command	description
delay	Reporting delay for the given percentage increase.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
percentage	Largest percentage increase seen among all of the metric values.
show	Show configuration data for 'increase-report-delay'

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay delay

Reporting delay for the given percentage increase.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay percentage

Largest percentage increase seen among all of the metric values.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics increase-report-delay percentage [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: percent

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics moving-average-sample-size

Sample size for calculating the weighted moving average of peer path SLA metrics to be advertised into STEP.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics moving-average-sample-size [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 3

uint16

An unsigned 16-bit integer.

Range: 1-10000

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold

Thresholds for peer path SLA metrics. Values above the threshold are considered significant enough to be advertised into STEP.

Subcommands

command	description
delete	Delete configuration data
min-jitter	The threshold jitter value considered significant enough for advertising into STEP.
min-latency	The threshold latency value considered significant enough for advertising into STEP.
min-loss	The threshold of packet loss considered significant enough for advertising into STEP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'significance-threshold'

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-jitter

The threshold jitter value considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-jitter [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 2

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-latency

The threshold latency value considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-latency [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 5

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-loss

The threshold of packet loss considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface adjacency step-peer-path-advertisement sla-metrics significance-threshold min-loss [<decimal64>]

Positional Arguments

name	description
decimal64	The value to set for this field

Description

Units: percent

Default: 0.1

decimal64

A 64-bit decimal value.

Range: 0-100 Fraction digits: 16

configure authority router node device-interface network-interface adjacency traffic-engineering

Configure Traffic Engineering

Subcommands

command	description
delete	Delete configuration data
enabled	Whether traffic engineering is enabled on the adjacency.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'traffic-engineering'
traffic-profile	The name of the traffic profile used for traffic engineering on this adjacency
transmit-cap	The transmit capacity of the this adjacency.

configure authority router node device-interface network-interface adjacency traffic-engineering enabled

Whether traffic engineering is enabled on the adjacency.

Usage

configure authority router node device-interface network-interface adjacency traffic-engineering enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface adjacency traffic-engineering traffic-profile

The name of the traffic profile used for traffic engineering on this adjacency

Usage

configure authority router node device-interface network-interface adjacency traffic-engineering traffic-profile [<traffic-profile-ref>]

Positional Arguments

name	description
traffic-profile-ref	The value to set for this field

Description

traffic-profile-ref (leafref)

This type is used by other entities that need to reference configured traffic profiles.

configure authority router node device-interface network-interface adjacency traffic-engineering transmit-cap

The transmit capacity of the this adjacency.

Usage

configure authority router node device-interface network-interface adjacency traffic-engineering transmit-cap [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64

An unsigned 64-bit integer.

Range: 0-999999999999

configure authority router node device-interface network-interface adjacency ttl-padding

Whether to perform TTL Padding on routers for this adjacency

Usage

configure authority router node device-interface network-interface adjacency ttl-padding [<ttl-padding-type>]

Positional Arguments

name	description
ttl-padding-type	The value to set for this field

Description

Default: disabled

ttl-padding-type (union)

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint8

An unsigned 8-bit integer.

Range: 0-255

(1) enumeration

A value from a set of predefined names.

Options:

• auto: Automatically determine TTL padding.
• disabled: Do not pad TTL.

configure authority router node device-interface network-interface adjacency udp-transform

UDP transform settings for interoperating with stateful TCP firewalls for the adjacency.

Subcommands

command	description
delete	Delete configuration data
detect-interval	Represents the frequency with which the stateful TCP firewall discovery is performed.
mode	Configure Mode
nat-keep-alive-mode	Configure Nat Keep Alive Mode
nat-keep-alive-timeout	Represents the frequency with which keep-alive packets are generated.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'udp-transform'

configure authority router node device-interface network-interface adjacency udp-transform detect-interval

Represents the frequency with which the stateful TCP firewall discovery is performed.

Usage

configure authority router node device-interface network-interface adjacency udp-transform detect-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 300

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency udp-transform mode

Configure Mode

Usage

configure authority router node device-interface network-interface adjacency udp-transform mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto-detect

enumeration

A value from a set of predefined names.

Options:

• auto-detect: Detect if TCP to UDP transform is required. Special TCP packets are sent to the peer at the specified interval. If these packets are not returned, transformation is required.
• always-transform: Force UDP transform for all TCP traffic to the peer. TCP detection packets are never sent in this mode.

configure authority router node device-interface network-interface adjacency udp-transform nat-keep-alive-mode

Configure Nat Keep Alive Mode

Usage

configure authority router node device-interface network-interface adjacency udp-transform nat-keep-alive-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not send keep-alive packets to keep UDP sessions active during UDP transform.
• enabled: Inject keep-alive packets to keep UDP sessions active during UDP transform.

configure authority router node device-interface network-interface adjacency udp-transform nat-keep-alive-timeout

Represents the frequency with which keep-alive packets are generated.

Usage

configure authority router node device-interface network-interface adjacency udp-transform nat-keep-alive-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface adjacency vector

Vector names for path selection.

Usage

configure authority router node device-interface network-interface adjacency vector [<vector-name>]

Positional Arguments

name	description
vector-name	Value to add to this list

Description

vector-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router node device-interface network-interface bidirectional-nat

Defines the prefixes that need to be static natted in both directions.

Usage

configure authority router node device-interface network-interface bidirectional-nat <local-ip>

Positional Arguments

name	description
local-ip	For packets ingressing this interface, local IP will be source natted to remote IP.

Subcommands

command	description
applies-to-local-breakout	Whether the bidirectional nat applies to local breakout sessions.
delete	Delete configuration data
local-ip	For packets ingressing this interface, local IP will be source natted to remote IP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
remote-ip	For packets egressing this interface, the remote IP will be destination natted to local IP.
show	Show configuration data for 'bidirectional-nat'

configure authority router node device-interface network-interface bidirectional-nat applies-to-local-breakout

Whether the bidirectional nat applies to local breakout sessions.

Usage

configure authority router node device-interface network-interface bidirectional-nat applies-to-local-breakout [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface bidirectional-nat local-ip

For packets ingressing this interface, local IP will be source natted to remote IP.

Usage

configure authority router node device-interface network-interface bidirectional-nat local-ip [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface bidirectional-nat remote-ip

For packets egressing this interface, the remote IP will be destination natted to local IP.

Usage

configure authority router node device-interface network-interface bidirectional-nat remote-ip [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union) (required)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string) (required)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string) (required)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface billing-rate

Numeric rate of currency associated with the interface. When the billing-rate is flat the field indicated rate per day. When the billing-rate is metered the field indicates rate per byte.

Usage

configure authority router node device-interface network-interface billing-rate [<decimal64>]

Positional Arguments

name	description
decimal64	The value to set for this field

Description

decimal64

A 64-bit decimal value.

Fraction digits: 2

configure authority router node device-interface network-interface billing-type

Billing type associated with the interface.

Usage

configure authority router node device-interface network-interface billing-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• none: No billing is associated with this interface.
• flat: Flat billing. Is charged flat amount of currency per period of time.
• metered: Metered billing. Is charged based on the data usage.

configure authority router node device-interface network-interface carrier

Carrier associated with the interface.

Usage

configure authority router node device-interface network-interface carrier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface conductor

Whether the interface is used for communicating with the conductor.

Usage

configure authority router node device-interface network-interface conductor [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface default-route

Whether the interface is used as default-route for non-forwarding interfaces.

Usage

configure authority router node device-interface network-interface default-route [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface description

A description about the interface.

Usage

configure authority router node device-interface network-interface description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface dhcp

Whether this interface acquires IP address and other parameter via DHCP

Usage

configure authority router node device-interface network-interface dhcp [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: DHCP is disabled.
• v4: Only DHCPv4 is enabled.
• v6: Only DHCPv6 is enabled.
• v6-pd: Only DHCPv6 Prefix Delegation is enabled and the address is derived from the subnet-id and the prefix associated with the prefix-delegation-group.

configure authority router node device-interface network-interface dhcp-delayed-auth-key

The key used to generate the HMAC-MD5 value.

Usage

configure authority router node device-interface network-interface dhcp-delayed-auth-key [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface dhcp-delayed-auth-key-id

The key identifier that identifies the key used to generate the HMAC-MD5 value.

Usage

configure authority router node device-interface network-interface dhcp-delayed-auth-key-id [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface dhcp-delayed-auth-realm

The DHCP realm that identifies the key used to generate the HMAC-MD5 value.

Usage

configure authority router node device-interface network-interface dhcp-delayed-auth-realm [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface dhcp-reconfig-auth-algorithm

The algorithm used by the Reconfigure Key authentication protocol to authenticate prefix-delegation messages.

Usage

configure authority router node device-interface network-interface dhcp-reconfig-auth-algorithm [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: hmac-md5

enumeration

A value from a set of predefined names.

Options:

• hmac-md5: HMAC-MD5 is used to authenticate prefix-delegation messages.
• hmac-sha1: HMAC-SHA1 is used to authenticate prefix-delegation messages.
• hmac-sha256: HMAC-SHA256 is used to authenticate prefix-delegation messages.

configure authority router node device-interface network-interface dscp-map

Mapping of DSCP values to priorities.

Usage

configure authority router node device-interface network-interface dscp-map [<dscp-map-ref>]

Positional Arguments

name	description
dscp-map-ref	The value to set for this field

Description

dscp-map-ref (leafref)

This type is used by other entities that need to reference configured DSCP maps.

configure authority router node device-interface network-interface dscp-steering

Configure Dscp Steering

Subcommands

command	description
delete	Delete configuration data
enabled	Whether or not traffic on this interface should use DSCP values for flow and service lookups.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dscp-steering'
transport	Protocol and port(s) on which to enable dscp-steering.

configure authority router node device-interface network-interface dscp-steering enabled

Whether or not traffic on this interface should use DSCP values for flow and service lookups.

Usage

configure authority router node device-interface network-interface dscp-steering enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface dscp-steering transport

Protocol and port(s) on which to enable dscp-steering.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port-range	Configure Port Range
protocol	Layer 4 transport protocol.
show	Show configuration data for 'transport'

configure authority router node device-interface network-interface dscp-steering transport port-range

Configure Port Range

Usage

configure authority router node device-interface network-interface dscp-steering transport port-range <start-port>

Positional Arguments

name	description
start-port	Lower transport (layer 4) port number.

Subcommands

command	description
delete	Delete configuration data
end-port	Upper transport (layer 4) port number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'port-range'
start-port	Lower transport (layer 4) port number.

configure authority router node device-interface network-interface dscp-steering transport port-range end-port

Upper transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface dscp-steering transport port-range end-port [<end-port>]

Positional Arguments

name	description
end-port	The value to set for this field

Description

end-port (uint16)

Upper transport (layer 4) port number. Default value is the start-port

Range: 0-65535

configure authority router node device-interface network-interface dscp-steering transport port-range start-port

Lower transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface dscp-steering transport port-range start-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16) (required)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node device-interface network-interface dscp-steering transport protocol

Layer 4 transport protocol.

Usage

configure authority router node device-interface network-interface dscp-steering transport protocol [<protocol>]

Positional Arguments

name	description
protocol	The value to set for this field

Description

protocol (enumeration)

Transport (Layer 4) protocol.

Options:

• tcp: Transmission Control Protocol.
• udp: User Datagram Protocol.
• icmp: Internet Control Management Protocol.
• gre: Generic Routing Encapsulation Protocol.
• esp: IPSec Encapsulating Security Payload Protocol.
• pim: Protocol Independent Multicast.

configure authority router node device-interface network-interface dynamic-source-nat

Defines the prefixes that need to be dynamically source natted for packets ingressing this interface.

Usage

configure authority router node device-interface network-interface dynamic-source-nat <local-ip>

Positional Arguments

name	description
local-ip	For packets ingressing this interface, the IP which will be source natted to remote-ip IP.

Subcommands

command	description
applies-to-local-breakout	Whether the dynamic source nat applies to local breakout sessions.
delete	Delete configuration data
local-ip	For packets ingressing this interface, the IP which will be source natted to remote-ip IP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
remote-ip	For packets ingressing this interface, the IP to which the local-ip IP will be source natted.
show	Show configuration data for 'dynamic-source-nat'

configure authority router node device-interface network-interface dynamic-source-nat applies-to-local-breakout

Whether the dynamic source nat applies to local breakout sessions.

Usage

configure authority router node device-interface network-interface dynamic-source-nat applies-to-local-breakout [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface dynamic-source-nat local-ip

For packets ingressing this interface, the IP which will be source natted to remote-ip IP.

Usage

configure authority router node device-interface network-interface dynamic-source-nat local-ip [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface dynamic-source-nat remote-ip

For packets ingressing this interface, the IP to which the local-ip IP will be source natted.

Usage

configure authority router node device-interface network-interface dynamic-source-nat remote-ip [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union) (required)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string) (required)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string) (required)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface egress-source-nat-pool

Indicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.

Usage

configure authority router node device-interface network-interface egress-source-nat-pool [<nat-pool-ref>]

Positional Arguments

name	description
nat-pool-ref	The value to set for this field

Description

nat-pool-ref (leafref)

This type is used by other entities that need to reference configured NAT pools.

configure authority router node device-interface network-interface enable-proxy-learning

Enable/Disable Proxy Learning

Usage

configure authority router node device-interface network-interface enable-proxy-learning [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface enforced-mss

Maximum allowed value for maximum segment size (MSS) on this interface.

Usage

configure authority router node device-interface network-interface enforced-mss [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Units: bytes

Default: disabled

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint16

An unsigned 16-bit integer.

Range: 64-8960

(1) enumeration

A value from a set of predefined names.

Options:

• automatic: Automatically adjust MSS according to egress path
• disabled: Do not force MSS

configure authority router node device-interface network-interface ethernet-over-svr

L2 Bridge this network interface is assigned to.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
enabled	Whether the interface is used as ethernet over SVR bridge.
encapsulate-all-traffic	Whether all traffic arriving on the bridge should be encapsulated.
name	Name of the L2 over SVR bridge.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	A list of peer IPs representing the L2 adjacencies.
show	Show configuration data for 'ethernet-over-svr'

configure authority router node device-interface network-interface ethernet-over-svr enabled

Whether the interface is used as ethernet over SVR bridge.

Usage

configure authority router node device-interface network-interface ethernet-over-svr enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface ethernet-over-svr encapsulate-all-traffic

Whether all traffic arriving on the bridge should be encapsulated.

Usage

configure authority router node device-interface network-interface ethernet-over-svr encapsulate-all-traffic [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface ethernet-over-svr name

Name of the L2 over SVR bridge.

Usage

configure authority router node device-interface network-interface ethernet-over-svr name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface ethernet-over-svr peer

A list of peer IPs representing the L2 adjacencies.

Usage

configure authority router node device-interface network-interface ethernet-over-svr peer <ip-address> <peer>

Positional Arguments

name	description
ip-address	The IP address or hostname of the LAN segment of peer router which is associated with the same eosvr-bridge name.
peer	Peer router on which this L2 adjacency exists.

Subcommands

command	description
ip-address	The IP address or hostname of the LAN segment of peer router which is associated with the same eosvr-bridge name.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	Peer router on which this L2 adjacency exists.
show	Show configuration data for 'peer'

configure authority router node device-interface network-interface ethernet-over-svr peer ip-address

The IP address or hostname of the LAN segment of peer router which is associated with the same eosvr-bridge name.

Usage

configure authority router node device-interface network-interface ethernet-over-svr peer ip-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface ethernet-over-svr peer peer

Peer router on which this L2 adjacency exists.

Usage

configure authority router node device-interface network-interface ethernet-over-svr peer peer [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router node device-interface network-interface filter-rule

A rule for dropping packets.

Usage

configure authority router node device-interface network-interface filter-rule <name>

Positional Arguments

name	description
name	A unique name to identify this rule.

Subcommands

command	description
action	Action to be taken when a packet matches the filter rule.
bpf	Berkeley Packet Filter to be applied as a rule
delete	Delete configuration data
name	A unique name to identify this rule.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'filter-rule'

Description

The order of elements matters.

configure authority router node device-interface network-interface filter-rule action

Action to be taken when a packet matches the filter rule.

Usage

configure authority router node device-interface network-interface filter-rule action [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: deny

enumeration

A value from a set of predefined names.

Options:

• deny: Deny packets matching the filter rule.
• permit: Permit packets matching the filter rule. No further rules will run.

configure authority router node device-interface network-interface filter-rule bpf

Berkeley Packet Filter to be applied as a rule

Usage

configure authority router node device-interface network-interface filter-rule bpf [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface filter-rule name

A unique name to identify this rule.

Usage

configure authority router node device-interface network-interface filter-rule name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node device-interface network-interface global-id

Global Interface Id (GIID) used in next-hop egress interface for routing data. All instances of a redundant interface will have the same GIID.

Usage

configure authority router node device-interface network-interface global-id [<global-interface-id>]

Positional Arguments

name	description
global-interface-id	The value to set for this field

Description

global-interface-id (uint32)

A global interface identifier which is a virtual interface across an entire SSR. This can be a single network interface or a set of network interfaces in interface redundancy.

Range: 1-4294967295

configure authority router node device-interface network-interface host-service

The host-service configuration is a service hosted by a router node.

Usage

configure authority router node device-interface network-interface host-service <service-type>

Positional Arguments

name	description
service-type	The type of hosted service

Subcommands

command	description
access-policy	List of access policies by address prefix, QSN or tenant and prefix.
clone	Clone a list item
delete	Delete configuration data
description	A description about the hosted service.
enabled	Enable/disable for host services
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
service-type	The type of hosted service
show	Show configuration data for 'host-service'
transport	The transport protocol(s) and port(s) for the service.

configure authority router node device-interface network-interface host-service access-policy

List of access policies by address prefix, QSN or tenant and prefix.

Usage

configure authority router node device-interface network-interface host-service access-policy <source>

Positional Arguments

name	description
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
permission	Whether or not to allow access to the service.
show	Show configuration data for 'access-policy'
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service
syslog	Configure Syslog

configure authority router node device-interface network-interface host-service access-policy permission

Whether or not to allow access to the service.

Usage

configure authority router node device-interface network-interface host-service access-policy permission [<access-mode>]

Positional Arguments

name	description
access-mode	The value to set for this field

Description

Default: allow

access-mode (enumeration)

Enumeration defining whether access is allowed or denied.

Options:

• allow: Allow access.
• deny: Deny access.

configure authority router node device-interface network-interface host-service access-policy source

The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Usage

configure authority router node device-interface network-interface host-service access-policy source [<source-spec>]

Positional Arguments

name	description
source-spec	The value to set for this field

Description

source-spec (union)

A source address prefix, QSN, service-group or combination of tenant-name and prefix.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

(2) qsn (string)

Qualified Service Name in the form: tenant[.authority][/[service-group/]service]

Must contain only alphanumeric characters or any of the following: / . _ - Required format: 'Tenant[.Authority[/ServiceGroup[/Service]]]'. No forward slash-delimited segment can exceed 62 characters.(e.g., Engineering.Authority128/Video/private_conferencing). Length: 1-1024

(3) service-spec (string)

Service group and service name portion of a Qualified Service Name.

Must contain only alphanumeric characters or any of the following: - _ / . Required format: '/groupLabel1[/groupLabel2[/groupLabel3...]]'. No forward slash-delimited segment can exceed 62 characters. Length: 0-127

(4) tenant-prefix (string)

A string identifier for a tenant prefix. Consists of a valid tenant name, followed by @ and a valid IP Address.

Must contain a valid tenant name, followed by @ and a valid IP Address. Length: 0-280

configure authority router node device-interface network-interface host-service access-policy syslog

Configure Syslog

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'syslog'
syslog-policy	Syslog policy to be applied to the access policy.

configure authority router node device-interface network-interface host-service access-policy syslog syslog-policy

Syslog policy to be applied to the access policy.

Usage

configure authority router node device-interface network-interface host-service access-policy syslog syslog-policy [<syslog-policy-name>]

Positional Arguments

name	description
syslog-policy-name	The value to set for this field

Description

syslog-policy-name (string)

This type is used by other entities that need to reference configured syslog profiles.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-15

configure authority router node device-interface network-interface host-service description

A description about the hosted service.

Usage

configure authority router node device-interface network-interface host-service description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface host-service enabled

Enable/disable for host services

Usage

configure authority router node device-interface network-interface host-service enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface host-service service-type

The type of hosted service

Usage

configure authority router node device-interface network-interface host-service service-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• ssh: SSH Hosted service.
• netconf: Netconf service.
• web: Web service.
• dhcp-server: DHCP server service.
• snmp-server: Access SNMP server through this interface
• custom: Custom service.

configure authority router node device-interface network-interface host-service transport

The transport protocol(s) and port(s) for the service.

Usage

configure authority router node device-interface network-interface host-service transport <protocol>

Positional Arguments

name	description
protocol	Layer 4 transport protocol.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port-range	Configure Port Range
protocol	Layer 4 transport protocol.
show	Show configuration data for 'transport'

configure authority router node device-interface network-interface host-service transport port-range

Configure Port Range

Usage

configure authority router node device-interface network-interface host-service transport port-range <start-port>

Positional Arguments

name	description
start-port	Lower transport (layer 4) port number.

Subcommands

command	description
delete	Delete configuration data
end-port	Upper transport (layer 4) port number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'port-range'
start-port	Lower transport (layer 4) port number.

configure authority router node device-interface network-interface host-service transport port-range end-port

Upper transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface host-service transport port-range end-port [<end-port>]

Positional Arguments

name	description
end-port	The value to set for this field

Description

end-port (uint16)

Upper transport (layer 4) port number. Default value is the start-port

Range: 0-65535

configure authority router node device-interface network-interface host-service transport port-range start-port

Lower transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface host-service transport port-range start-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16) (required)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node device-interface network-interface host-service transport protocol

Layer 4 transport protocol.

Usage

configure authority router node device-interface network-interface host-service transport protocol [<protocol>]

Positional Arguments

name	description
protocol	The value to set for this field

Description

protocol (enumeration)

Transport (Layer 4) protocol.

Options:

• tcp: Transmission Control Protocol.
• udp: User Datagram Protocol.
• icmp: Internet Control Management Protocol.
• gre: Generic Routing Encapsulation Protocol.
• esp: IPSec Encapsulating Security Payload Protocol.
• pim: Protocol Independent Multicast.

configure authority router node device-interface network-interface hostname

Hostname for the interface. This is an optional fully-qualified domain name (FQDN).

Usage

configure authority router node device-interface network-interface hostname [<domain-name>]

Positional Arguments

name	description
domain-name	The value to set for this field

Description

domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface icmp

Enable/disable ICMP Blackhole

Usage

configure authority router node device-interface network-interface icmp [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: allow

enumeration

A value from a set of predefined names.

Options:

• drop: Neither respond to ICMP requests nor generate ICMP errors to/from IPs on this interface
• allow: Respond to ICMP requests and generate ICMP errors to/from IPs on this interface

configure authority router node device-interface network-interface ifcfg-option

Interface config options for non-forwarding interfaces

Usage

configure authority router node device-interface network-interface ifcfg-option <name>

Positional Arguments

name	description
name	Name of the ifcfg option

Subcommands

command	description
delete	Delete configuration data
name	Name of the ifcfg option
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ifcfg-option'
value	Value of the ifcfg options

configure authority router node device-interface network-interface ifcfg-option name

Name of the ifcfg option

Usage

configure authority router node device-interface network-interface ifcfg-option name [<ifcfg-key>]

Positional Arguments

name	description
ifcfg-key	The value to set for this field

Description

ifcfg-key (string)

A string representing an allowable ifcfg script option key

Must contain only capital alphanumeric characters or any of the following: _

configure authority router node device-interface network-interface ifcfg-option value

Value of the ifcfg options

Usage

configure authority router node device-interface network-interface ifcfg-option value [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

configure authority router node device-interface network-interface ingress-source-nat-pool

Indicates whether source address (and optional port) translation is performed for flows targetted towards an inter-router peer. In this case, the nat will be applied on the ingress router as opposed to the final egress router.

Usage

configure authority router node device-interface network-interface ingress-source-nat-pool [<nat-pool-ref>]

Positional Arguments

name	description
nat-pool-ref	The value to set for this field

Description

nat-pool-ref (leafref)

This type is used by other entities that need to reference configured NAT pools.

configure authority router node device-interface network-interface inter-router-security

The name of the security policy used for inbound inter-router traffic.

Usage

configure authority router node device-interface network-interface inter-router-security [<security-ref>]

Positional Arguments

name	description
security-ref	The value to set for this field

Description

security-ref (leafref)

This type is used by other entities that need to reference configured security policies.

configure authority router node device-interface network-interface management

Allow management traffic to be sent over this interface

Usage

configure authority router node device-interface network-interface management [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface management-vector

Vector configuration for non-forwarding interfaces

Subcommands

command	description
delete	Delete configuration data
name	Name of the vector.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
priority	Priority value for the paths with the vector.
show	Show configuration data for 'management-vector'

configure authority router node device-interface network-interface management-vector name

Name of the vector.

Usage

configure authority router node device-interface network-interface management-vector name [<vector-name>]

Positional Arguments

name	description
vector-name	The value to set for this field

Description

vector-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router node device-interface network-interface management-vector priority

Priority value for the paths with the vector.

Usage

configure authority router node device-interface network-interface management-vector priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 1-999999

configure authority router node device-interface network-interface mtu

The maximum transmission unit (MTU) for packets sent on the interface.

Usage

configure authority router node device-interface network-interface mtu [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1500

uint32

An unsigned 32-bit integer.

Range: 68-9198

configure authority router node device-interface network-interface multicast-listeners

Enables the sending of IGMP and MLD queries on this interface.

Usage

configure authority router node device-interface network-interface multicast-listeners [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: automatic

enumeration

A value from a set of predefined names.

Options:

• disabled: Multicast listeners are disabled.
• automatic: Multicast listeners are enabled or disabled based on the presence of multicast services with tenant based access policies which match this interface's tenant.
• enabled: Multicast listeners are enabled.

configure authority router node device-interface network-interface multicast-report-proxy

Enables the forwarding of IGMP and MLD joins/leaves/reports to valid multicast services to this network interface. These must come from other network interfaces which allow multicast listeners.

Usage

configure authority router node device-interface network-interface multicast-report-proxy [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface name

An arbitrary, unique name for the interface, used to reference it in other configuration sections.

Usage

configure authority router node device-interface network-interface name [<interface-name>]

Positional Arguments

name	description
interface-name	The value to set for this field

Description

interface-name (string)

A string identifier for network-interface which only uses alphanumerics, underscores, dashes, dots, or slashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - . Length: 0-63

configure authority router node device-interface network-interface neighbor

A list of mappings from IP addresses to physical addresses. Entries in this list are used as static entries in the ARP cache.

Usage

configure authority router node device-interface network-interface neighbor <ip-address>

Positional Arguments

name	description
ip-address	The IP address of a neighbor node.

Subcommands

command	description
delete	Delete configuration data
ip-address	The IP address of a neighbor node.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
phys-address	The physical level address (MAC address) of the neighbor node.
show	Show configuration data for 'neighbor'

configure authority router node device-interface network-interface neighbor ip-address

The IP address of a neighbor node.

Usage

configure authority router node device-interface network-interface neighbor ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface neighbor phys-address

The physical level address (MAC address) of the neighbor node.

Usage

configure authority router node device-interface network-interface neighbor phys-address [<phys-address>]

Positional Arguments

name	description
phys-address	The value to set for this field

Description

phys-address (string) (required)

Represents media- or physical-level addresses represented as a sequence octets, each octet represented by two hexadecimal numbers. Octets are separated by colons. The canonical representation uses lowercase characters.

In the value set and its semantics, this type is equivalent to the PhysAddress textual convention of the SMIv2.

Required format: 'XX:XX:XX:XX:XX:XX', where 'X' is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown.

configure authority router node device-interface network-interface neighborhood

The neighborhoods to which this interface belongs.

Usage

configure authority router node device-interface network-interface neighborhood <name>

Positional Arguments

name	description
name	The neighborhood to which this interface belongs.

Subcommands

command	description
bfd	BFD parameters for peers in the neighborhood.
clone	Clone a list item
delete	Delete configuration data
encapsulate-icmp-error-messages	Encapsulate ICMP errors in UDP across SVR on routers within this neighborhood
external-nat-address	This is the address or hostname that is seen by the adjacent router when it receives a packet from this router.
max-way-points	Maximum number of way points to be allocated on each peer paths within the neighborhood.
name	The neighborhood to which this interface belongs.
nat-keep-alive	NAT keep-alive settings for interoperating with external NATs for peers in the neighborhood.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
packet-resiliency	Enable/disable packet-resiliency per path.
path-metrics-rolling-avg-interval	This defines the rolling average interval used for computing various path metrics such as latency and loss.
path-mtu-discovery	Automatic path MTU discovery for peers in the neighborhood.
payload-encryption-override	Transport based encryption override for payload setting within the neighborhood.
peer-connectivity	Whether the peer router is publicly reachable, or behind a firewall/NAT.
peer-path-overlay	Overlay type for the neighborhood.
performance-monitoring	Performance Monitoring settings in the neighborhood.
port-range	Range of destination ports that local router is reachable by peer routers in the neighborhood.
post-encryption-padding	Whether to add a padding byte with value of 0x0 at the end of the packet payload when encryption is enabled for peers in the neighborhood.
qp-value	Quality points value that represents the 'quality' of the the links to adjacent routers in the neighborhood. Used for selecting egress interface based on the service class required minimum quality points.
session-optimization	Configure Session Optimization
show	Show configuration data for 'neighborhood'
step-peer-path-advertisement	Update frequency and timeliness of the STEP peer path advertisements for this neighborhood.
topology	Type of topology for this router in the network for the neighborhood. This determines the other routers in the neighborhood with which this router has an adjacency.
traffic-engineering	Configure Traffic Engineering
ttl-padding	Whether to perform TTL Padding on routers within this neighborhood
udp-transform	UDP transform settings for interoperating with stateful TCP firewalls for peers in the neighborhood.
vector	Vector name to associate with adjacencies in the neighborhood.

Description

The order of elements matters.

configure authority router node device-interface network-interface neighborhood bfd

BFD parameters for peers in the neighborhood.

Subcommands

command	description
authentication-type	Describes the authentication type used in BFD packets
delete	Delete configuration data
desired-tx-interval	Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
dscp	The DSCP value to use with BFD packets.
dynamic-damping	When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
hold-down-time	Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
link-test-interval	This represents the interval between BFD echo tests sent to the peer node/router.
link-test-length	This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
maximum-hold-down-time	Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
multiplier	Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'
state	When enabled, run BFD between all nodes within the router.

configure authority router node device-interface network-interface neighborhood bfd authentication-type

Describes the authentication type used in BFD packets

Usage

configure authority router node device-interface network-interface neighborhood bfd authentication-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: sha256

enumeration

A value from a set of predefined names.

Options:

• simple: Simple Password.
• sha256: SHA256

configure authority router node device-interface network-interface neighborhood bfd desired-tx-interval

Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.

Usage

configure authority router node device-interface network-interface neighborhood bfd desired-tx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

Range: 50-600000

configure authority router node device-interface network-interface neighborhood bfd dscp

The DSCP value to use with BFD packets.

Usage

configure authority router node device-interface network-interface neighborhood bfd dscp [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

Default: 0

dscp (uint8)

A DSCP value (0-63)

Range: 0-63

configure authority router node device-interface network-interface neighborhood bfd dynamic-damping

When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.

Usage

configure authority router node device-interface network-interface neighborhood bfd dynamic-damping [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• enabled: Extend hold-down time exponentially if link flaps occur during hold-down time.
• disabled: Use simple hold-down timer for every link up event.

configure authority router node device-interface network-interface neighborhood bfd hold-down-time

Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.

Usage

configure authority router node device-interface network-interface neighborhood bfd hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-300

configure authority router node device-interface network-interface neighborhood bfd link-test-interval

This represents the interval between BFD echo tests sent to the peer node/router.

Usage

configure authority router node device-interface network-interface neighborhood bfd link-test-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood bfd link-test-length

This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.

Usage

configure authority router node device-interface network-interface neighborhood bfd link-test-length [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 10

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router node device-interface network-interface neighborhood bfd maximum-hold-down-time

Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.

Usage

configure authority router node device-interface network-interface neighborhood bfd maximum-hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood bfd multiplier

Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).

Usage

configure authority router node device-interface network-interface neighborhood bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router node device-interface network-interface neighborhood bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router node device-interface network-interface neighborhood bfd required-min-rx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood bfd state

When enabled, run BFD between all nodes within the router.

Usage

configure authority router node device-interface network-interface neighborhood bfd state [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: enabled

enumeration

A value from a set of predefined names.

Options:

• enabled: BFD is enabled on all nodes of this router.
• disabled: BFD is disabled on all nodes of this router.

configure authority router node device-interface network-interface neighborhood encapsulate-icmp-error-messages

Encapsulate ICMP errors in UDP across SVR on routers within this neighborhood

Usage

configure authority router node device-interface network-interface neighborhood encapsulate-icmp-error-messages [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood external-nat-address

This is the address or hostname that is seen by the adjacent router when it receives a packet from this router.

Usage

configure authority router node device-interface network-interface neighborhood external-nat-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface neighborhood max-way-points

Maximum number of way points to be allocated on each peer paths within the neighborhood.

Usage

configure authority router node device-interface network-interface neighborhood max-way-points [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 50000

warning

a restart is required if max-way-points is created, modified, or deleted

uint32

An unsigned 32-bit integer.

Range: 50000-1000000

configure authority router node device-interface network-interface neighborhood name

The neighborhood to which this interface belongs.

Usage

configure authority router node device-interface network-interface neighborhood name [<neighborhood-id>]

Positional Arguments

name	description
neighborhood-id	The value to set for this field

Description

neighborhood-id (string)

A string identifier for network neighborhood.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router node device-interface network-interface neighborhood nat-keep-alive

NAT keep-alive settings for interoperating with external NATs for peers in the neighborhood.

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nat-keep-alive'
tcp-inactivity-timeout	Represents the frequency with which TCP keep-alive packets are generated and should be shorter than the external NAT's TCP timeout settings.
udp-inactivity-timeout	Represents the frequency with which UDP keep-alive packets are generated and should be shorter than the external NAT's UDP timeout settings.

configure authority router node device-interface network-interface neighborhood nat-keep-alive mode

Configure Mode

Usage

configure authority router node device-interface network-interface neighborhood nat-keep-alive mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• auto: Inject keep-alive packets in order to keep the pinhole open on external NAT device for sessions that match a session type with keep-alives enabled.
• disabled: Do not send keep-alive packets to keep pinhole open on an external NAT device.

configure authority router node device-interface network-interface neighborhood nat-keep-alive tcp-inactivity-timeout

Represents the frequency with which TCP keep-alive packets are generated and should be shorter than the external NAT's TCP timeout settings.

Usage

configure authority router node device-interface network-interface neighborhood nat-keep-alive tcp-inactivity-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 1800

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood nat-keep-alive udp-inactivity-timeout

Represents the frequency with which UDP keep-alive packets are generated and should be shorter than the external NAT's UDP timeout settings.

Usage

configure authority router node device-interface network-interface neighborhood nat-keep-alive udp-inactivity-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood packet-resiliency

Enable/disable packet-resiliency per path.

Subcommands

command	description
delete	Delete configuration data
enabled	Whether packet resiliency is enabled on this path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'packet-resiliency'

configure authority router node device-interface network-interface neighborhood packet-resiliency enabled

Whether packet resiliency is enabled on this path.

Usage

configure authority router node device-interface network-interface neighborhood packet-resiliency enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood path-metrics-rolling-avg-interval

This defines the rolling average interval used for computing various path metrics such as latency and loss.

Usage

configure authority router node device-interface network-interface neighborhood path-metrics-rolling-avg-interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 60s

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router node device-interface network-interface neighborhood path-mtu-discovery

Automatic path MTU discovery for peers in the neighborhood.

Subcommands

command	description
delete	Delete configuration data
enabled	Controls whether or not peer-path MTU discovery is performed
interval	Represents the frequency with which the peer-path MTU discovery is performed.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'path-mtu-discovery'

configure authority router node device-interface network-interface neighborhood path-mtu-discovery enabled

Controls whether or not peer-path MTU discovery is performed

Usage

configure authority router node device-interface network-interface neighborhood path-mtu-discovery enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood path-mtu-discovery interval

Represents the frequency with which the peer-path MTU discovery is performed.

Usage

configure authority router node device-interface network-interface neighborhood path-mtu-discovery interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood payload-encryption-override

Transport based encryption override for payload setting within the neighborhood.

Usage

configure authority router node device-interface network-interface neighborhood payload-encryption-override [<payload-encryption-override>]

Positional Arguments

name	description
payload-encryption-override	The value to set for this field

Description

Default: disable-override

payload-encryption-override (enumeration)

Payload encryption override setting.

Options:

• enable-encryption: Enable encryption of payload even when the security-policy associated with the service has encrypt=false. If the payload is already encrypted by another SSR, send it out as is.
• disable-override: Disable override of the security policy and use the security policy settings associated with the service.

configure authority router node device-interface network-interface neighborhood peer-connectivity

Whether the peer router is publicly reachable, or behind a firewall/NAT.

Usage

configure authority router node device-interface network-interface neighborhood peer-connectivity [<peer-connectivity>]

Positional Arguments

name	description
peer-connectivity	The value to set for this field

Description

Default: bidirectional

peer-connectivity (enumeration)

The IP-layer connectivity behavior.

Options:

• bidirectional: Publicly reachable (i.e., not behind a firewall/NAT).
• outbound-only: Not publicly reachable (i.e., behind a firewall/NAT).

configure authority router node device-interface network-interface neighborhood peer-path-overlay

Overlay type for the neighborhood.

Usage

configure authority router node device-interface network-interface neighborhood peer-path-overlay [<peer-path-overlay>]

Positional Arguments

name	description
peer-path-overlay	The value to set for this field

Description

Default: svr

peer-path-overlay (enumeration)

The overlay mechanism used for the peer path.

Options:

• svr: SVR (Secure Vector Routing) overlay.
• bfd-tunnel: Tunnel over BFD overlay.

configure authority router node device-interface network-interface neighborhood performance-monitoring

Performance Monitoring settings in the neighborhood.

Subcommands

command	description
delete	Delete configuration data
enabled	Whether performance monitoring is enabled.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
profile	The name of the performance monitoring profile used for marking traffic.
show	Show configuration data for 'performance-monitoring'

configure authority router node device-interface network-interface neighborhood performance-monitoring enabled

Whether performance monitoring is enabled.

Usage

configure authority router node device-interface network-interface neighborhood performance-monitoring enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood performance-monitoring profile

The name of the performance monitoring profile used for marking traffic.

Usage

configure authority router node device-interface network-interface neighborhood performance-monitoring profile [<performance-monitoring-profile-ref>]

Positional Arguments

name	description
performance-monitoring-profile-ref	The value to set for this field

Description

performance-monitoring-profile-ref (leafref)

This type is used by other entities that need to reference configured performance monitoring profiles.

configure authority router node device-interface network-interface neighborhood port-range

Range of destination ports that local router is reachable by peer routers in the neighborhood.

Usage

configure authority router node device-interface network-interface neighborhood port-range <start-port>

Positional Arguments

name	description
start-port	Lower transport (layer 4) port number.

Subcommands

command	description
delete	Delete configuration data
end-port	Upper transport (layer 4) port number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'port-range'
start-port	Lower transport (layer 4) port number.

configure authority router node device-interface network-interface neighborhood port-range end-port

Upper transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface neighborhood port-range end-port [<end-port>]

Positional Arguments

name	description
end-port	The value to set for this field

Description

end-port (uint16)

Upper transport (layer 4) port number. Default value is the start-port

Range: 1025-65535

configure authority router node device-interface network-interface neighborhood port-range start-port

Lower transport (layer 4) port number.

Usage

configure authority router node device-interface network-interface neighborhood port-range start-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 1025-65535

configure authority router node device-interface network-interface neighborhood post-encryption-padding

Whether to add a padding byte with value of 0x0 at the end of the packet payload when encryption is enabled for peers in the neighborhood.

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'post-encryption-padding'

configure authority router node device-interface network-interface neighborhood post-encryption-padding mode

Configure Mode

Usage

configure authority router node device-interface network-interface neighborhood post-encryption-padding mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not add additional padding.
• enabled: Add one byte of padding to the end of the packet.

configure authority router node device-interface network-interface neighborhood qp-value

Quality points value that represents the 'quality' of the the links to adjacent routers in the neighborhood. Used for selecting egress interface based on the service class required minimum quality points.

Usage

configure authority router node device-interface network-interface neighborhood qp-value [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 0

warning

qp-value is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood session-optimization

Configure Session Optimization

Subcommands

command	description
delete	Delete configuration data
mode	Configure Mode
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'session-optimization'

configure authority router node device-interface network-interface neighborhood session-optimization mode

Configure Mode

Usage

configure authority router node device-interface network-interface neighborhood session-optimization mode [<session-optimization-mode>]

Positional Arguments

name	description
session-optimization-mode	The value to set for this field

Description

session-optimization-mode (enumeration)

When to apply session optimization. Auto is recommended.

Options:

• never-on: Never optimize TCP traffic.
• auto: Automatically determine if TCP optimization is required.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement

Update frequency and timeliness of the STEP peer path advertisements for this neighborhood.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'step-peer-path-advertisement'
sla-metrics	Configure Sla Metrics

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics

Configure Sla Metrics

Subcommands

command	description
clone	Clone a list item
decrease-report-delay	Specifies mappings of peer path SLA metrics decrease to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.
delete	Delete configuration data
increase-report-delay	Specifies mappings of peer path SLA metrics increase to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.
moving-average-sample-size	Sample size for calculating the weighted moving average of peer path SLA metrics to be advertised into STEP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'sla-metrics'
significance-threshold	Thresholds for peer path SLA metrics. Values above the threshold are considered significant enough to be advertised into STEP.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay

Specifies mappings of peer path SLA metrics decrease to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay <percentage>

Positional Arguments

name	description
percentage	Largest percentage decrease seen among all of the metric values.

Subcommands

command	description
delay	Reporting delay for the given percentage decrease.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
percentage	Largest percentage decrease seen among all of the metric values.
show	Show configuration data for 'decrease-report-delay'

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay delay

Reporting delay for the given percentage decrease.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay percentage

Largest percentage decrease seen among all of the metric values.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics decrease-report-delay percentage [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay

Specifies mappings of peer path SLA metrics increase to STEP reporting delay. In combination, these mappings define a piecewise linear mapping function.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay <percentage>

Positional Arguments

name	description
percentage	Largest percentage increase seen among all of the metric values.

Subcommands

command	description
delay	Reporting delay for the given percentage increase.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
percentage	Largest percentage increase seen among all of the metric values.
show	Show configuration data for 'increase-report-delay'

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay delay

Reporting delay for the given percentage increase.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

uint32 (required)

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay percentage

Largest percentage increase seen among all of the metric values.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics increase-report-delay percentage [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: percent

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics moving-average-sample-size

Sample size for calculating the weighted moving average of peer path SLA metrics to be advertised into STEP.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics moving-average-sample-size [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 3

uint16

An unsigned 16-bit integer.

Range: 1-10000

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold

Thresholds for peer path SLA metrics. Values above the threshold are considered significant enough to be advertised into STEP.

Subcommands

command	description
delete	Delete configuration data
min-jitter	The threshold jitter value considered significant enough for advertising into STEP.
min-latency	The threshold latency value considered significant enough for advertising into STEP.
min-loss	The threshold of packet loss considered significant enough for advertising into STEP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'significance-threshold'

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-jitter

The threshold jitter value considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-jitter [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 2

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-latency

The threshold latency value considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-latency [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 5

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-loss

The threshold of packet loss considered significant enough for advertising into STEP.

Usage

configure authority router node device-interface network-interface neighborhood step-peer-path-advertisement sla-metrics significance-threshold min-loss [<decimal64>]

Positional Arguments

name	description
decimal64	The value to set for this field

Description

Units: percent

Default: 0.1

decimal64

A 64-bit decimal value.

Range: 0-100 Fraction digits: 16

configure authority router node device-interface network-interface neighborhood topology

Type of topology for this router in the network for the neighborhood. This determines the other routers in the neighborhood with which this router has an adjacency.

Usage

configure authority router node device-interface network-interface neighborhood topology [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: spoke

enumeration

A value from a set of predefined names.

Options:

• mesh: Full mesh. This router will have adjacencies to all other routers in the neighborhood.
• hub: The router is a hub in a hub-and-spoke topology. The router will have adjacencies with other routers in the neighborhood that are labeled 'spoke' or 'mesh'.
• spoke: The router is a spoke in a hub-and-spoke topology. The router will have adjacencies with other routers in the neighborhood that are labeled 'hub' or 'mesh'.

configure authority router node device-interface network-interface neighborhood traffic-engineering

Configure Traffic Engineering

Subcommands

command	description
delete	Delete configuration data
download	Configure Download
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'traffic-engineering'
upload	Configure Upload

configure authority router node device-interface network-interface neighborhood traffic-engineering download

Configure Download

Subcommands

command	description
delete	Delete configuration data
enabled	Whether traffic engineering should be enabled by our peer to limit its transmit capacity on this peer path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
receive-cap	Value that is used as the limit of our peer's transmit capacity on this peer path as to not overwhelm our interface.
show	Show configuration data for 'download'
traffic-profile	The name of the traffic profile our peer should use when limiting its transmit-capacity on this peer path

configure authority router node device-interface network-interface neighborhood traffic-engineering download enabled

Whether traffic engineering should be enabled by our peer to limit its transmit capacity on this peer path.

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering download enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood traffic-engineering download receive-cap

Value that is used as the limit of our peer's transmit capacity on this peer path as to not overwhelm our interface.

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering download receive-cap [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64

An unsigned 64-bit integer.

Range: 0-999999999999

configure authority router node device-interface network-interface neighborhood traffic-engineering download traffic-profile

The name of the traffic profile our peer should use when limiting its transmit-capacity on this peer path

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering download traffic-profile [<traffic-profile-ref>]

Positional Arguments

name	description
traffic-profile-ref	The value to set for this field

Description

traffic-profile-ref (leafref)

This type is used by other entities that need to reference configured traffic profiles.

configure authority router node device-interface network-interface neighborhood traffic-engineering upload

Configure Upload

Subcommands

command	description
delete	Delete configuration data
enabled	Whether traffic engineering is enabled on this peer path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'upload'
traffic-profile	The name of the traffic profile used for traffic engineering on this peer path
transmit-cap	The transmit capacity of this peer path.

configure authority router node device-interface network-interface neighborhood traffic-engineering upload enabled

Whether traffic engineering is enabled on this peer path.

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering upload enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface neighborhood traffic-engineering upload traffic-profile

The name of the traffic profile used for traffic engineering on this peer path

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering upload traffic-profile [<traffic-profile-ref>]

Positional Arguments

name	description
traffic-profile-ref	The value to set for this field

Description

traffic-profile-ref (leafref)

This type is used by other entities that need to reference configured traffic profiles.

configure authority router node device-interface network-interface neighborhood traffic-engineering upload transmit-cap

The transmit capacity of this peer path.

Usage

configure authority router node device-interface network-interface neighborhood traffic-engineering upload transmit-cap [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64

An unsigned 64-bit integer.

Range: 0-999999999999

configure authority router node device-interface network-interface neighborhood ttl-padding

Whether to perform TTL Padding on routers within this neighborhood

Usage

configure authority router node device-interface network-interface neighborhood ttl-padding [<ttl-padding-type>]

Positional Arguments

name	description
ttl-padding-type	The value to set for this field

Description

Default: disabled

ttl-padding-type (union)

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint8

An unsigned 8-bit integer.

Range: 0-255

(1) enumeration

A value from a set of predefined names.

Options:

• auto: Automatically determine TTL padding.
• disabled: Do not pad TTL.

configure authority router node device-interface network-interface neighborhood udp-transform

UDP transform settings for interoperating with stateful TCP firewalls for peers in the neighborhood.

Subcommands

command	description
delete	Delete configuration data
detect-interval	Represents the frequency with which the stateful TCP firewall discovery is performed.
mode	Configure Mode
nat-keep-alive-mode	Configure Nat Keep Alive Mode
nat-keep-alive-timeout	Represents the frequency with which keep-alive packets are generated.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'udp-transform'

configure authority router node device-interface network-interface neighborhood udp-transform detect-interval

Represents the frequency with which the stateful TCP firewall discovery is performed.

Usage

configure authority router node device-interface network-interface neighborhood udp-transform detect-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 300

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood udp-transform mode

Configure Mode

Usage

configure authority router node device-interface network-interface neighborhood udp-transform mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto-detect

enumeration

A value from a set of predefined names.

Options:

• auto-detect: Detect if TCP to UDP transform is required. Special TCP packets are sent to the peer at the specified interval. If these packets are not returned, transformation is required.
• always-transform: Force UDP transform for all TCP traffic to the peer. TCP detection packets are never sent in this mode.

configure authority router node device-interface network-interface neighborhood udp-transform nat-keep-alive-mode

Configure Nat Keep Alive Mode

Usage

configure authority router node device-interface network-interface neighborhood udp-transform nat-keep-alive-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not send keep-alive packets to keep UDP sessions active during UDP transform.
• enabled: Inject keep-alive packets to keep UDP sessions active during UDP transform.

configure authority router node device-interface network-interface neighborhood udp-transform nat-keep-alive-timeout

Represents the frequency with which keep-alive packets are generated.

Usage

configure authority router node device-interface network-interface neighborhood udp-transform nat-keep-alive-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node device-interface network-interface neighborhood vector

Vector name to associate with adjacencies in the neighborhood.

Usage

configure authority router node device-interface network-interface neighborhood vector [<vector-name>]

Positional Arguments

name	description
vector-name	The value to set for this field

Description

vector-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router node device-interface network-interface off-subnet-arp-prefix

Address(es) for which the router will respond to ARP requests.

Usage

configure authority router node device-interface network-interface off-subnet-arp-prefix [<unicast-ipv4-prefix>]

Positional Arguments

name	description
unicast-ipv4-prefix	Value to add to this list

Description

unicast-ipv4-prefix (string)

A unicast IPv4 prefix

configure authority router node device-interface network-interface off-subnet-reverse-arp-mac-learning

When enabled, the source MAC address of the packet will be used for reverse traffic for off-subnet source ip address.

Usage

configure authority router node device-interface network-interface off-subnet-reverse-arp-mac-learning [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface prefix-delegation

Enable/disable IPv6 Prefix Delegation Client.

Usage

configure authority router node device-interface network-interface prefix-delegation [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface prefix-delegation-authentication

Whether prefix-delegation messages are authenticated.

Usage

configure authority router node device-interface network-interface prefix-delegation-authentication [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Authentication of prefix-delegation messages is disabled.
• delayed: Delayed authentication protocol is used to authenticate prefix-delegation messages.
• reconfig-key: Reconfigure-key authentication protocol is used to authenticate prefix-delegation messages.

configure authority router node device-interface network-interface prefix-delegation-group

The name to identify a prefix-delegation group within which the pd-client interface will request a prefix and all the internal interfaces will be assigned a global address from this prefix based on their subnet-ids.

Usage

configure authority router node device-interface network-interface prefix-delegation-group [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface network-interface prefix-delegation-subnet-id

The identifier of a subnet within a prefix-delegation group which is used to construct a global IPv6 address for an internal interface.

Usage

configure authority router node device-interface network-interface prefix-delegation-subnet-id [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router node device-interface network-interface preserve-dscp

Controls if DSCP bits are preserved on this interface.

Usage

configure authority router node device-interface network-interface preserve-dscp [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface prioritization-mode

Controls how packets received on this interface are prioritized.

Usage

configure authority router node device-interface network-interface prioritization-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: local

enumeration

A value from a set of predefined names.

Options:

• local: Trust the internal classification for prioritization.
• dscp: Trust incoming DSCP values for prioritization.

configure authority router node device-interface network-interface qp-value

Quality points value that represents the 'quality' of the network the interface is connected to. It used for selecting egress interface based on the service class required minimum quality points.

Usage

configure authority router node device-interface network-interface qp-value [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 0

warning

qp-value is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

configure authority router node device-interface network-interface reverse-arp-mac-learning

Controls whether the source MAC address of the packet can be used for reverse traffic when ARP is unresolved.

Usage

configure authority router node device-interface network-interface reverse-arp-mac-learning [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface rewrite-dscp

Controls if DSCP bits are rewritten on this interface.

Usage

configure authority router node device-interface network-interface rewrite-dscp [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface router-advertisement

Enable/disable IPv6 router advertisement to advertise the prefix learned via DHCPv6-PD.

Usage

configure authority router node device-interface network-interface router-advertisement [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface source-nat

Indicates whether source address and port translation (NAPT) is performed for flows egressing the interface to the final destination.

Usage

configure authority router node device-interface network-interface source-nat [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface tenant

Tenant to which this interface belongs.

Usage

configure authority router node device-interface network-interface tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	The value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface tenant-prefixes

Tenant to source prefix mapping.

Usage

configure authority router node device-interface network-interface tenant-prefixes <tenant>

Positional Arguments

name	description
tenant	Tenant name.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'tenant-prefixes'
source-address	The source address(es) that define the tenant.
tenant	Tenant name.

configure authority router node device-interface network-interface tenant-prefixes source-address

The source address(es) that define the tenant.

Usage

configure authority router node device-interface network-interface tenant-prefixes source-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

ip-prefix (union) (required)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string) (required)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string) (required)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router node device-interface network-interface tenant-prefixes tenant

Tenant name.

Usage

configure authority router node device-interface network-interface tenant-prefixes tenant [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	The value to set for this field

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router node device-interface network-interface traffic-engineering

Configure Traffic Engineering

Subcommands

command	description
delete	Delete configuration data
enabled	Whether traffic engineering is enabled on the network interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'traffic-engineering'
traffic-profile	The name of the traffic profile used for traffic engineering on this network interface
transmit-cap	The transmit capacity of the this network interface.

configure authority router node device-interface network-interface traffic-engineering enabled

Whether traffic engineering is enabled on the network interface.

Usage

configure authority router node device-interface network-interface traffic-engineering enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface traffic-engineering traffic-profile

The name of the traffic profile used for traffic engineering on this network interface

Usage

configure authority router node device-interface network-interface traffic-engineering traffic-profile [<traffic-profile-ref>]

Positional Arguments

name	description
traffic-profile-ref	The value to set for this field

Description

traffic-profile-ref (leafref)

This type is used by other entities that need to reference configured traffic profiles.

configure authority router node device-interface network-interface traffic-engineering transmit-cap

The transmit capacity of the this network interface.

Usage

configure authority router node device-interface network-interface traffic-engineering transmit-cap [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64

An unsigned 64-bit integer.

Range: 0-999999999999

configure authority router node device-interface network-interface tunnel

Configure Tunnel

Subcommands

command	description
delete	Delete configuration data
destination	The destination of this tunnel.
internal-address	The source address to use when sending packets over the tunnel.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'tunnel'
source	How the tunnel source address will be obtained.

configure authority router node device-interface network-interface tunnel destination

The destination of this tunnel.

Usage

configure authority router node device-interface network-interface tunnel destination [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node device-interface network-interface tunnel internal-address

The source address to use when sending packets over the tunnel.

Usage

configure authority router node device-interface network-interface tunnel internal-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface tunnel source

How the tunnel source address will be obtained.

Subcommands

command	description
address	The source address of this tunnel.
delete	Delete configuration data
network-interface	Use the address of the interface with the same vlan.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'source'

configure authority router node device-interface network-interface tunnel source address

The source address of this tunnel.

Usage

configure authority router node device-interface network-interface tunnel source address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node device-interface network-interface tunnel source network-interface

Use the address of the interface with the same vlan.

Usage

configure authority router node device-interface network-interface tunnel source network-interface

Description

empty

Has no value.

configure authority router node device-interface network-interface type

Type of network that the interface is connected to. Type is fabric for inter-node traffic, external for regular traffic, and shared for both fabric and external.

Usage

configure authority router node device-interface network-interface type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: external

enumeration

A value from a set of predefined names.

Options:

• fabric: Fabric network for inter-node traffic.
• external: External network for regular traffic.
• shared: Network is both 'fabric' and 'external'.
• gre-tunnel: A GRE tunnel.

configure authority router node device-interface network-interface vlan

The VLAN id for the interface (0 for no VLAN, otherwise 1-4094).

Usage

configure authority router node device-interface network-interface vlan [<vlan>]

Positional Arguments

name	description
vlan	The value to set for this field

Description

Default: 0

vlan (uint16)

A VLAN identifier (0 for no VLAN, otherwise 1-4094).

Range: 0-4094

configure authority router node device-interface network-interface vrrp

Configure Vrrp

Subcommands

command	description
advertisement-interval	How frequently (in milliseconds) advertisements should be sent.
delete	Delete configuration data
enabled	Whether or not this interface should participate in VRRP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
priority	The priority of this interface within the virtual router pair.
show	Show configuration data for 'vrrp'
use-physical-address	Use the physical mac address of the device instead of the VRRP virtual mac.
vrid	The Virtual Router ID. This value must be mirrored by the redundant interface.

configure authority router node device-interface network-interface vrrp advertisement-interval

How frequently (in milliseconds) advertisements should be sent.

Usage

configure authority router node device-interface network-interface vrrp advertisement-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 100-40950

configure authority router node device-interface network-interface vrrp enabled

Whether or not this interface should participate in VRRP.

Usage

configure authority router node device-interface network-interface vrrp enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface vrrp priority

The priority of this interface within the virtual router pair.

Usage

configure authority router node device-interface network-interface vrrp priority [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 100

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router node device-interface network-interface vrrp use-physical-address

Use the physical mac address of the device instead of the VRRP virtual mac.

Usage

configure authority router node device-interface network-interface vrrp use-physical-address [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface network-interface vrrp vrid

The Virtual Router ID. This value must be mirrored by the redundant interface.

Usage

configure authority router node device-interface network-interface vrrp vrid [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router node device-interface network-namespace

The network namespace in which this network interface will be located

Usage

configure authority router node device-interface network-namespace [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - Length: 0-50

configure authority router node device-interface parent-bond

The bond type interface that this interface is grouped with.

Usage

configure authority router node device-interface parent-bond [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router node device-interface pci-address

The PCI address of the device. Only relevant if type is ethernet.

Usage

configure authority router node device-interface pci-address [<pci-address>]

Positional Arguments

name	description
pci-address	The value to set for this field

Description

pci-address (string)

A PCI address specifying domain, bus, device, and function

Must contain only hex digits or any of the following: . : Required format: 'aaaa:bb:cc.d' (e.g. 0000:00:1d.0). Length: 0-13

configure authority router node device-interface pppoe

Configure Pppoe

Subcommands

command	description
authentication-protocol	Authentication protocol used to authenticate the user.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
password	Password required to setup PPPoE connection.
show	Show configuration data for 'pppoe'
user-name	Username required to setup PPPoE connection.

configure authority router node device-interface pppoe authentication-protocol

Authentication protocol used to authenticate the user.

Usage

configure authority router node device-interface pppoe authentication-protocol [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• chap: Challenge-Handshake Authentication Protocol.
• pap: Password Authentication Protocol.

configure authority router node device-interface pppoe password

Password required to setup PPPoE connection.

Usage

configure authority router node device-interface pppoe password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router node device-interface pppoe user-name

Username required to setup PPPoE connection.

Usage

configure authority router node device-interface pppoe user-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node device-interface promiscuous-mode

Enables promiscuous mode on the interface.

Usage

configure authority router node device-interface promiscuous-mode [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface q-in-q

Enables Q-in-Q encapsulation

Subcommands

command	description
delete	Delete configuration data
outer-ethertype	The ethertype for the outer VLAN tag
outer-vlan	Add an outer VLAN tag to all non-zero VLAN interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'q-in-q'

configure authority router node device-interface q-in-q outer-ethertype

The ethertype for the outer VLAN tag

Usage

configure authority router node device-interface q-in-q outer-ethertype [<hex-string>]

Positional Arguments

name	description
hex-string	The value to set for this field

Description

hex-string (string) (required)

A hexadecimal string with octets represented as hex digits.

Length: 4

configure authority router node device-interface q-in-q outer-vlan

Add an outer VLAN tag to all non-zero VLAN interfaces

Usage

configure authority router node device-interface q-in-q outer-vlan [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

uint16 (required)

An unsigned 16-bit integer.

Range: 1-4094

configure authority router node device-interface reinsert-vlan

Enables reinsertion of NIC-stripped VLAN on ingress packets, on supported devices.

Usage

configure authority router node device-interface reinsert-vlan [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface session-optimization

Configure Session Optimization

Subcommands

command	description
delete	Delete configuration data
enable-detection	Whether session optimization detection is enabled on this device interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'session-optimization'

configure authority router node device-interface session-optimization enable-detection

Whether session optimization detection is enabled on this device interface.

Usage

configure authority router node device-interface session-optimization enable-detection [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node device-interface shared-phys-address

Virtual MAC address for interface redundancy.

Usage

configure authority router node device-interface shared-phys-address [<unicast-phys-address>]

Positional Arguments

name	description
unicast-phys-address	The value to set for this field

Description

unicast-phys-address (string)

A text value.

Required format: 'XX:XX:XX:XX:XX:XX', where 'X' is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown. Shared physical address must not be a multicast address nor 00:00:00:00:00:00

configure authority router node device-interface sriov-vlan-filter

Enables VLAN filtering on supported SR-IOV devices.

Usage

configure authority router node device-interface sriov-vlan-filter [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface strip-vlan

Enables VLAN stripping on ingress packets on supported devices.

Usage

configure authority router node device-interface strip-vlan [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface target-interface

Specifies the name of an external interface to be automatically bridged to a logical interface.

Usage

configure authority router node device-interface target-interface [<target-name>]

Positional Arguments

name	description
target-name	The value to set for this field

Description

target-name (string)

A string identifier for target-interface which cannot be slash or colon and cannot exceed 15 characters.

Must not contain slash, colon, or whitespace in target-interface name. Length: 1-15

configure authority router node device-interface traffic-engineering

Configure Traffic Engineering

Subcommands

command	description
delete	Delete configuration data
enabled	Whether traffic engineering is enabled on the interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'traffic-engineering'
traffic-profile	The name of the traffic profile used for traffic engineering on this device interface
transmit-cap	Value that is used in conjunction with the negotiated link speed to determine the transmit capacity of the interface.

configure authority router node device-interface traffic-engineering enabled

Whether traffic engineering is enabled on the interface.

Usage

configure authority router node device-interface traffic-engineering enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface traffic-engineering traffic-profile

The name of the traffic profile used for traffic engineering on this device interface

Usage

configure authority router node device-interface traffic-engineering traffic-profile [<traffic-profile-ref>]

Positional Arguments

name	description
traffic-profile-ref	The value to set for this field

Description

traffic-profile-ref (leafref)

This type is used by other entities that need to reference configured traffic profiles.

configure authority router node device-interface traffic-engineering transmit-cap

Value that is used in conjunction with the negotiated link speed to determine the transmit capacity of the interface.

Usage

configure authority router node device-interface traffic-engineering transmit-cap [<limit>]

Positional Arguments

name	description
limit	The value to set for this field

Description

Units: bits/second

limit (union)

A type for defining values such as rates and capacities for which the default value is unlimited.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 0-999999999999

(1) enumeration

A value from a set of predefined names.

Options:

• unlimited: No limit on this value.

configure authority router node device-interface type

Type of interface.

Usage

configure authority router node device-interface type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: ethernet

enumeration

A value from a set of predefined names.

Options:

• ethernet: A physical ethernet interface.
• pppoe: An interface using the Point-to-Point Protocol over Ethernet (PPPoE).
• host: A logical interface to the host system.
• bridged: A logical interface bridged to a target interface.
• lte: An interface using LTE.
• t1: An interface using a T1 card.
• bond: An aggregated group of ethernet interfaces.
• conduit: An interface which is used as a connection to a switch device.

configure authority router node device-interface vmbus-uuid

The VMBus UUID of the network device. Hyper-V Environment only. Only relevant if type is ethernet.

Usage

configure authority router node device-interface vmbus-uuid [<vmbus-uuid>]

Positional Arguments

name	description
vmbus-uuid	The value to set for this field

Description

vmbus-uuid (string)

A VMBUS UUID which specifies a network device

Must contain only hex digits. Required format: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

configure authority router node device-interface vrrp

Parameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP).

Subcommands

command	description
advertisement-interval	How frequently (in milliseconds) advertisements should be sent.
delete	Delete configuration data
enabled	Whether or not this interface should participate in VRRP.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
priority	The priority of this interface within the virtual router pair.
show	Show configuration data for 'vrrp'
use-physical-address	Use the physical mac address of the device instead of the VRRP virtual mac.
vlan	Vlan of the network-interface that will represent this device
vrid	The Virtual Router ID. This value must be mirrored by the redundant interface.

configure authority router node device-interface vrrp advertisement-interval

How frequently (in milliseconds) advertisements should be sent.

Usage

configure authority router node device-interface vrrp advertisement-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 100-40950

configure authority router node device-interface vrrp enabled

Whether or not this interface should participate in VRRP.

Usage

configure authority router node device-interface vrrp enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface vrrp priority

The priority of this interface within the virtual router pair.

Usage

configure authority router node device-interface vrrp priority [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 100

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router node device-interface vrrp use-physical-address

Use the physical mac address of the device instead of the VRRP virtual mac.

Usage

configure authority router node device-interface vrrp use-physical-address [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router node device-interface vrrp vlan

Vlan of the network-interface that will represent this device

Usage

configure authority router node device-interface vrrp vlan [<vlan>]

Positional Arguments

name	description
vlan	The value to set for this field

Description

Default: 0

vlan (uint16)

A VLAN identifier (0 for no VLAN, otherwise 1-4094).

Range: 0-4094

configure authority router node device-interface vrrp vrid

The Virtual Router ID. This value must be mirrored by the redundant interface.

Usage

configure authority router node device-interface vrrp vrid [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router node enabled

Enable/disable the whole node.

Usage

configure authority router node enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node forwarding-core-count

The number of CPU cores to dedicate to traffic forwarding when using 'manual' forwarding core mode.

Usage

configure authority router node forwarding-core-count [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

warning

a restart is required if forwarding-core-count is created, modified, or deleted

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router node forwarding-core-mode

The method by which the number of CPU cores dedicated to traffic forwarding should be determined.

Usage

configure authority router node forwarding-core-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: automatic

warning

a restart is required if forwarding-core-mode is created, modified, or deleted

enumeration

A value from a set of predefined names.

Options:

• automatic: The number of cores dedicated to traffic forwarding will be automatically determined based on system properties.
• manual: The number of cores dedicated to traffic forwarding will be set to the value of forwarding-core-count.

configure authority router node idp

Configure Idp

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
platform-size	Size of the IDP platform
show	Show configuration data for 'idp'

configure authority router node idp platform-size

Size of the IDP platform

Usage

configure authority router node idp platform-size [<idp-size>]

Positional Arguments

name	description
idp-size	The value to set for this field

Description

Default: auto

warning

a restart is required if platform-size is created, modified, or deleted

idp-size (enumeration)

Size of the idp platform

Options:

• auto: Automatically size the platform
• legacy: Set legacy mode override
• 4CPU-4G: Set 4CPU-4G as platform size
• 4CPU-8G: Set 4CPU-8G as platform size
• 6CPU-8G: Set 6CPU-8G as platform size
• 6CPU-12G: Set 6CPU-12G as platform size
• 6CPU-16G: Set 6CPU-16G as platform size
• 8CPU-16G: Set 8CPU-16G as platform size
• 8CPU-20G: Set 8CPU-20G as platform size
• 12CPU-16G: Set 12CPU-16G as platform size
• 12CPU-24G: Set 12CPU-24G as platform size
• 12CPU-32G: Set 12CPU-32G as platform size
• 16CPU-32G: Set 16CPU-32G as platform size
• 16CPU-40G: Set 16CPU-40G as platform size
• 20CPU-32G: Set 20CPU-32G as platform size
• 20CPU-48G: Set 20CPU-40G as platform size
• 20CPU-64G: Set 20CPU-64G as platform size
• 32CPU-64G: Set 32CPU-64G as platform size

configure authority router node ipfix

Node specific IPFIX configuration

Subcommands

command	description
delete	Delete configuration data
enabled	Enable or disable IPFIX export on this node
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ipfix'

configure authority router node ipfix enabled

Enable or disable IPFIX export on this node

Usage

configure authority router node ipfix enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node location

A text description of the node's physical location.

Usage

configure authority router node location [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router node loopback-address

The loopback IP address to use for management traffic originating on this node when routed via SVR.

Usage

configure authority router node loopback-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node name

An arbitrary, unique name for the node, used to reference it in other configuration sections. This MUST match the name in the local initialization file.

Usage

configure authority router node name [<reserved-name-id>]

Positional Arguments

name	description
reserved-name-id	The value to set for this field

Description

warning

a restart is required if name is created or deleted

reserved-name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters, and cannot be the words 'all', 'any', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node platform-type

The platform type of the SSR node.

Usage

configure authority router node platform-type [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

Default: unknown

string

A text value.

configure authority router node port-forwarding

Configuration for establishing local port-forwarding to remote server.

Usage

configure authority router node port-forwarding <local-address> <local-port> <local-interface>

Positional Arguments

name	description
local-address	The local address to forward from
local-port	The local port to forward from
local-interface	The local interface to forward from

Subcommands

command	description
delete	Delete configuration data
local-address	The local address to forward from
local-interface	The local interface to forward from
local-port	The local port to forward from
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
remote-host	The remote host to connect to from server
remote-interface	The remote interface to connect via on server
remote-port	The remote port to connect to from server
server-address	The server at the host address
server-destination	The server at known destination
server-port	The port to connect to on the server
show	Show configuration data for 'port-forwarding'

configure authority router node port-forwarding local-address

The local address to forward from

Usage

configure authority router node port-forwarding local-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node port-forwarding local-interface

The local interface to forward from

Usage

configure authority router node port-forwarding local-interface [<device-name>]

Positional Arguments

name	description
device-name	The value to set for this field

Description

device-name (string)

A string identifier for device-interface which only uses alphanumerics, underscores, dashes, or slashes, and cannot exceed 12 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-12

configure authority router node port-forwarding local-port

The local port to forward from

Usage

configure authority router node port-forwarding local-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node port-forwarding remote-host

The remote host to connect to from server

Usage

configure authority router node port-forwarding remote-host [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node port-forwarding remote-interface

The remote interface to connect via on server

Usage

configure authority router node port-forwarding remote-interface [<device-name>]

Positional Arguments

name	description
device-name	The value to set for this field

Description

device-name (string)

A string identifier for device-interface which only uses alphanumerics, underscores, dashes, or slashes, and cannot exceed 12 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-12

configure authority router node port-forwarding remote-port

The remote port to connect to from server

Usage

configure authority router node port-forwarding remote-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node port-forwarding server-address

The server at the host address

Usage

configure authority router node port-forwarding server-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router node port-forwarding server-destination

The server at known destination

Usage

configure authority router node port-forwarding server-destination [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• ha-node: The server on the HA node

configure authority router node port-forwarding server-port

The port to connect to on the server

Usage

configure authority router node port-forwarding server-port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router node power-saver

Allow the traffic forwarding cores to sleep when there is no traffic to process

Usage

configure authority router node power-saver [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

warning

a restart is required if power-saver is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router node radius

Radius authentication parameters for this node.

Subcommands

command	description
client-certificate-name	A client certificate to be used to communicate with Radius server.
delete	Delete configuration data
enable-message-authenticator	Enable enforcement of Message-Authenticator for all requests and responses. WARNING: It is considered unsafe to disable this enforcement and can expose the system to authentication attacks.
nas-identifier	The NAS Identifier to be used in outgoing Radius authentication requests.
nas-ip-address	The NAS IP Address to be used in outgoing Radius authentication requests.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
router-client-certificate-name	A client certificate to be used to communicate with Radius server.
show	Show configuration data for 'radius'

configure authority router node radius client-certificate-name

A client certificate to be used to communicate with Radius server.

Usage

configure authority router node radius client-certificate-name [<client-certificate-ref>]

Positional Arguments

name	description
client-certificate-ref	The value to set for this field

Description

client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate.

configure authority router node radius enable-message-authenticator

Enable enforcement of Message-Authenticator for all requests and responses. WARNING: It is considered unsafe to disable this enforcement and can expose the system to authentication attacks.

Usage

configure authority router node radius enable-message-authenticator [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router node radius nas-identifier

The NAS Identifier to be used in outgoing Radius authentication requests.

Usage

configure authority router node radius nas-identifier [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-253

configure authority router node radius nas-ip-address

The NAS IP Address to be used in outgoing Radius authentication requests.

Usage

configure authority router node radius nas-ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node radius router-client-certificate-name

A client certificate to be used to communicate with Radius server.

Usage

configure authority router node radius router-client-certificate-name [<router-client-certificate-ref>]

Positional Arguments

name	description
router-client-certificate-ref	The value to set for this field

Description

router-client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate for a specific router.

configure authority router node reachability-detection

Layer 2 reachability detection

Subcommands

command	description
arp-cache-timeout	Duration that an arp entry will be preserved in the system after it is no longer in use.
arp-refresh-interval	Represents the frequency in seconds that an arp entry is refreshed.
delete	Delete configuration data
expired-refresh-count	Represents the number of attempts to resolve an arp before declaring expired.
expired-refresh-interval	Represents the retry frequency in milliseconds of arp in expired state.
gateway-refresh-interval	Represents the frequency in seconds that a gateway arp entry is refreshed.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'reachability-detection'

configure authority router node reachability-detection arp-cache-timeout

Duration that an arp entry will be preserved in the system after it is no longer in use.

Usage

configure authority router node reachability-detection arp-cache-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 0

uint32

An unsigned 32-bit integer.

Range: 0-86400

configure authority router node reachability-detection arp-refresh-interval

Represents the frequency in seconds that an arp entry is refreshed.

Usage

configure authority router node reachability-detection arp-refresh-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 1200

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node reachability-detection expired-refresh-count

Represents the number of attempts to resolve an arp before declaring expired.

Usage

configure authority router node reachability-detection expired-refresh-count [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 10

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router node reachability-detection expired-refresh-interval

Represents the retry frequency in milliseconds of arp in expired state.

Usage

configure authority router node reachability-detection expired-refresh-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 500

uint32

An unsigned 32-bit integer.

Range: 500-60000

configure authority router node reachability-detection gateway-refresh-interval

Represents the frequency in seconds that a gateway arp entry is refreshed.

Usage

configure authority router node reachability-detection gateway-refresh-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router node recovery-mode-enabled

Allow booting from USB storage devices.

Usage

configure authority router node recovery-mode-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

a restart is required if recovery-mode-enabled is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router node reset-button-enabled

Enable the reset button for restarting or factory resetting.

Usage

configure authority router node reset-button-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

a restart is required if reset-button-enabled is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router node role

The node's role in the SSR system.

Usage

configure authority router node role [<node-role>]

Positional Arguments

name	description
node-role	The value to set for this field

Description

warning

a restart is required if role is created, modified, or deleted

node-role (enumeration) (required)

The node's role in the SSR system.

Options:

• control: A Control and Operations Resource node.
• slice: A Software Line-Card Engine node.
• combo: A combined Control and Slice.
• conductor: A remote management system.

configure authority router node secure-conductor-onboarding

Configure Secure Conductor Onboarding

Subcommands

command	description
delete	Delete configuration data
endorsement-key	The public endorsement key of the router's TPM in base64 encoded DER format. Required for strong mode onboarding on devices with vTPM.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'secure-conductor-onboarding'

configure authority router node secure-conductor-onboarding endorsement-key

The public endorsement key of the router's TPM in base64 encoded DER format. Required for strong mode onboarding on devices with vTPM.

Usage

configure authority router node secure-conductor-onboarding endorsement-key [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must be a base64 encoded string.

configure authority router node serial-console-enabled

Enable serial console.

Usage

configure authority router node serial-console-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

a restart is required if serial-console-enabled is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router node session-processor-count

The number of threads to use for session processing when using 'manual' session-processor mode.

Usage

configure authority router node session-processor-count [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

warning

a restart is required if session-processor-count is created, modified, or deleted

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router node session-processor-mode

The method by which the number of threads used for session processing should be determined.

Usage

configure authority router node session-processor-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: automatic

warning

a restart is required if session-processor-mode is created, modified, or deleted

enumeration

A value from a set of predefined names.

Options:

• automatic: The number of threads dedicated to session processing will be automatically determined based on system properties.
• manual: The number of threads dedicated to session processing will be set to the value of session-processor-count.

configure authority router node session-setup-scaling

Whether or not to enable session setup scaling.

Usage

configure authority router node session-setup-scaling [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

a restart is required if session-setup-scaling is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router node ssh-keepalive

Configure Ssh Keepalive

Subcommands

command	description
asset-inter-conductor-router-server	Configure Asset Inter Conductor Router Server
delete	Delete configuration data
inter-conductor-router-server	Configure Inter Conductor Router Server
inter-node	Configure Inter Node
inter-node-server	Configure Inter Node Server
inter-router	Configure Inter Router
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ssh-keepalive'

configure authority router node ssh-keepalive asset-inter-conductor-router-server

Configure Asset Inter Conductor Router Server

Subcommands

command	description
delete	Delete configuration data
interval	Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between the conductor and a managed router's asset connections.
max-attempts	Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between the conductor and a managed router's asset connections.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'asset-inter-conductor-router-server'

configure authority router node ssh-keepalive asset-inter-conductor-router-server interval

Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between the conductor and a managed router's asset connections.

Usage

configure authority router node ssh-keepalive asset-inter-conductor-router-server interval [<ssh-keepalive-interval>]

Positional Arguments

name	description
ssh-keepalive-interval	The value to set for this field

Description

Default: 5

ssh-keepalive-interval (uint8)

Timeout interval in seconds to send keepalive when an SSH connection is idle.

Range: 1-10

configure authority router node ssh-keepalive asset-inter-conductor-router-server max-attempts

Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between the conductor and a managed router's asset connections.

Usage

configure authority router node ssh-keepalive asset-inter-conductor-router-server max-attempts [<ssh-keepalive-max-attempts>]

Positional Arguments

name	description
ssh-keepalive-max-attempts	The value to set for this field

Description

Default: 4

ssh-keepalive-max-attempts (uint8)

Number of keepalive messages sent before disconnecting an SSH connection.

Range: 1-20

configure authority router node ssh-keepalive inter-conductor-router-server

Configure Inter Conductor Router Server

Subcommands

command	description
delete	Delete configuration data
interval	Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between the conductor and a managed router.
max-attempts	Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between the conductor and a managed router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-conductor-router-server'

configure authority router node ssh-keepalive inter-conductor-router-server interval

Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between the conductor and a managed router.

Usage

configure authority router node ssh-keepalive inter-conductor-router-server interval [<ssh-keepalive-interval>]

Positional Arguments

name	description
ssh-keepalive-interval	The value to set for this field

Description

Default: 5

warning

a restart is required if interval is created, modified, or deleted

ssh-keepalive-interval (uint8)

Timeout interval in seconds to send keepalive when an SSH connection is idle.

Range: 1-10

configure authority router node ssh-keepalive inter-conductor-router-server max-attempts

Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between the conductor and a managed router.

Usage

configure authority router node ssh-keepalive inter-conductor-router-server max-attempts [<ssh-keepalive-max-attempts>]

Positional Arguments

name	description
ssh-keepalive-max-attempts	The value to set for this field

Description

Default: 4

warning

a restart is required if max-attempts is created, modified, or deleted

ssh-keepalive-max-attempts (uint8)

Number of keepalive messages sent before disconnecting an SSH connection.

Range: 1-20

configure authority router node ssh-keepalive inter-node

Configure Inter Node

Subcommands

command	description
delete	Delete configuration data
interval	Timeout interval in seconds to send keepalive from SSH client when an SSH connection is idle between nodes within a router.
max-attempts	Number of keepalive messages sent from SSH client before disconnecting an SSH connection between nodes within a router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-node'

configure authority router node ssh-keepalive inter-node interval

Timeout interval in seconds to send keepalive from SSH client when an SSH connection is idle between nodes within a router.

Usage

configure authority router node ssh-keepalive inter-node interval [<ssh-keepalive-interval>]

Positional Arguments

name	description
ssh-keepalive-interval	The value to set for this field

Description

Default: 1

warning

a restart is required if interval is created, modified, or deleted

ssh-keepalive-interval (uint8)

Timeout interval in seconds to send keepalive when an SSH connection is idle.

Range: 1-10

configure authority router node ssh-keepalive inter-node max-attempts

Number of keepalive messages sent from SSH client before disconnecting an SSH connection between nodes within a router.

Usage

configure authority router node ssh-keepalive inter-node max-attempts [<ssh-keepalive-max-attempts>]

Positional Arguments

name	description
ssh-keepalive-max-attempts	The value to set for this field

Description

Default: 9

warning

a restart is required if max-attempts is created, modified, or deleted

ssh-keepalive-max-attempts (uint8)

Number of keepalive messages sent before disconnecting an SSH connection.

Range: 1-20

configure authority router node ssh-keepalive inter-node-server

Configure Inter Node Server

Subcommands

command	description
delete	Delete configuration data
interval	Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between nodes within a router.
max-attempts	Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between nodes within a router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-node-server'

configure authority router node ssh-keepalive inter-node-server interval

Timeout interval in seconds to send keepalive from SSHD server when an SSH connection is idle between nodes within a router.

Usage

configure authority router node ssh-keepalive inter-node-server interval [<ssh-keepalive-interval>]

Positional Arguments

name	description
ssh-keepalive-interval	The value to set for this field

Description

Default: 1

warning

a restart is required if interval is created, modified, or deleted

ssh-keepalive-interval (uint8)

Timeout interval in seconds to send keepalive when an SSH connection is idle.

Range: 1-10

configure authority router node ssh-keepalive inter-node-server max-attempts

Number of keepalive messages sent from SSHD server before disconnecting an SSH connection between nodes within a router.

Usage

configure authority router node ssh-keepalive inter-node-server max-attempts [<ssh-keepalive-max-attempts>]

Positional Arguments

name	description
ssh-keepalive-max-attempts	The value to set for this field

Description

Default: 9

warning

a restart is required if max-attempts is created, modified, or deleted

ssh-keepalive-max-attempts (uint8)

Number of keepalive messages sent before disconnecting an SSH connection.

Range: 1-20

configure authority router node ssh-keepalive inter-router

Configure Inter Router

Subcommands

command	description
delete	Delete configuration data
interval	Timeout interval in seconds to send keepalive from SSH client when an SSH connection is idle between the conductor and a managed router.
max-attempts	Number of keepalive messages sent from SSH client before disconnecting an SSH connection between the conductor and a managed router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-router'

configure authority router node ssh-keepalive inter-router interval

Timeout interval in seconds to send keepalive from SSH client when an SSH connection is idle between the conductor and a managed router.

Usage

configure authority router node ssh-keepalive inter-router interval [<ssh-keepalive-interval>]

Positional Arguments

name	description
ssh-keepalive-interval	The value to set for this field

Description

Default: 5

warning

a restart is required if interval is created, modified, or deleted

ssh-keepalive-interval (uint8)

Timeout interval in seconds to send keepalive when an SSH connection is idle.

Range: 1-10

configure authority router node ssh-keepalive inter-router max-attempts

Number of keepalive messages sent from SSH client before disconnecting an SSH connection between the conductor and a managed router.

Usage

configure authority router node ssh-keepalive inter-router max-attempts [<ssh-keepalive-max-attempts>]

Positional Arguments

name	description
ssh-keepalive-max-attempts	The value to set for this field

Description

Default: 4

warning

a restart is required if max-attempts is created, modified, or deleted

ssh-keepalive-max-attempts (uint8)

Number of keepalive messages sent before disconnecting an SSH connection.

Range: 1-20

configure authority router node ssh-settings

Configure Ssh Settings

Subcommands

command	description
delete	Delete configuration data
inter-node	Configure Inter Node
inter-router	Configure Inter Router
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ssh-settings'

configure authority router node ssh-settings inter-node

Configure Inter Node

Subcommands

command	description
delete	Delete configuration data
host-key-checking	Whether or not to check the host key of the remote node when establishing an SSH connection between nodes within a router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-node'

configure authority router node ssh-settings inter-node host-key-checking

Whether or not to check the host key of the remote node when establishing an SSH connection between nodes within a router.

Usage

configure authority router node ssh-settings inter-node host-key-checking [<ssh-host-key-checking>]

Positional Arguments

name	description
ssh-host-key-checking	The value to set for this field

Description

Default: no

warning

a restart is required if host-key-checking is created, modified, or deleted

ssh-host-key-checking (enumeration)

Whether to check host keys when connecting to a remote host.

Options:

• no: Do not check host keys.
• yes: Check host keys.
• accept-new: Accept new host keys.

configure authority router node ssh-settings inter-router

Configure Inter Router

Subcommands

command	description
delete	Delete configuration data
host-key-checking	Whether or not to check the host key of the remote node when establishing an SSH connection between the conductor and a managed router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'inter-router'

configure authority router node ssh-settings inter-router host-key-checking

Whether or not to check the host key of the remote node when establishing an SSH connection between the conductor and a managed router.

Usage

configure authority router node ssh-settings inter-router host-key-checking [<ssh-host-key-checking>]

Positional Arguments

name	description
ssh-host-key-checking	The value to set for this field

Description

Default: no

warning

a restart is required if host-key-checking is created, modified, or deleted

ssh-host-key-checking (enumeration)

Whether to check host keys when connecting to a remote host.

Options:

• no: Do not check host keys.
• yes: Check host keys.
• accept-new: Accept new host keys.

configure authority router node top-sessions

Views of top sessions by an ordering criteria.

Subcommands

command	description
bandwidth	Top sessions by bandwidth usage.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'top-sessions'

configure authority router node top-sessions bandwidth

Top sessions by bandwidth usage.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
session	Configure Session
show	Show configuration data for 'bandwidth'
tstamp	Configure Tstamp

configure authority router node top-sessions bandwidth session

Configure Session

Usage

configure authority router node top-sessions bandwidth session <session-id>

Positional Arguments

name	description
session-id	The globally-unique session identification number

Subcommands

command	description
delete	Delete configuration data
destination-ip	The destination IP of the session
destination-port	The destination port of the session
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol	The transport protocol
service-name	The name of the service that created session
session-id	The globally-unique session identification number
show	Show configuration data for 'session'
source-ip	The source IP of the session
source-port	The source port of the session
tenant	The tenant in which the session originated
value	Session's value

configure authority router node top-sessions bandwidth session destination-ip

The destination IP of the session

Usage

configure authority router node top-sessions bandwidth session destination-ip [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node top-sessions bandwidth session destination-port

The destination port of the session

Usage

configure authority router node top-sessions bandwidth session destination-port [<port-number>]

Positional Arguments

name	description
port-number	The value to set for this field

Description

port-number (uint16)

The port-number type represents a 16-bit port number of an Internet transport layer protocol such as UDP, TCP, DCCP, or SCTP. Port numbers are assigned by IANA. A current list of all assignments is available from <http://www.iana.org/>.

Note that the port number value zero is reserved by IANA. In situations where the value zero does not make sense, it can be excluded by subtyping the port-number type.

In the value set and its semantics, this type is equivalent to the InetPortNumber textual convention of the SMIv2.

Range: 0-65535

configure authority router node top-sessions bandwidth session protocol

The transport protocol

Usage

configure authority router node top-sessions bandwidth session protocol [<protocol>]

Positional Arguments

name	description
protocol	The value to set for this field

Description

protocol (enumeration)

Transport (Layer 4) protocol.

Options:

• tcp: Transmission Control Protocol.
• udp: User Datagram Protocol.
• icmp: Internet Control Management Protocol.
• gre: Generic Routing Encapsulation Protocol.
• esp: IPSec Encapsulating Security Payload Protocol.
• pim: Protocol Independent Multicast.

configure authority router node top-sessions bandwidth session service-name

The name of the service that created session

Usage

configure authority router node top-sessions bandwidth session service-name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node top-sessions bandwidth session session-id

The globally-unique session identification number

Usage

configure authority router node top-sessions bandwidth session session-id [<session-id>]

Positional Arguments

name	description
session-id	The value to set for this field

Description

session-id (string)

A globally-unique session identifier.

configure authority router node top-sessions bandwidth session source-ip

The source IP of the session

Usage

configure authority router node top-sessions bandwidth session source-ip [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router node top-sessions bandwidth session source-port

The source port of the session

Usage

configure authority router node top-sessions bandwidth session source-port [<port-number>]

Positional Arguments

name	description
port-number	The value to set for this field

Description

port-number (uint16)

The port-number type represents a 16-bit port number of an Internet transport layer protocol such as UDP, TCP, DCCP, or SCTP. Port numbers are assigned by IANA. A current list of all assignments is available from <http://www.iana.org/>.

Note that the port number value zero is reserved by IANA. In situations where the value zero does not make sense, it can be excluded by subtyping the port-number type.

In the value set and its semantics, this type is equivalent to the InetPortNumber textual convention of the SMIv2.

Range: 0-65535

configure authority router node top-sessions bandwidth session tenant

The tenant in which the session originated

Usage

configure authority router node top-sessions bandwidth session tenant [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router node top-sessions bandwidth session value

Session's value

Usage

configure authority router node top-sessions bandwidth session value [<decimal64>]

Positional Arguments

name	description
decimal64	The value to set for this field

Description

decimal64

A 64-bit decimal value.

Fraction digits: 4

configure authority router node top-sessions bandwidth tstamp

Configure Tstamp

Usage

configure authority router node top-sessions bandwidth tstamp [<timestamp>]

Positional Arguments

name	description
timestamp	The value to set for this field

Description

timestamp (uint32)

Number of seconds since UNIX epoch.

configure authority router node usb-mass-storage-enabled

Allow mounting of USB mass-storage devices.

Usage

configure authority router node usb-mass-storage-enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

a restart is required if usb-mass-storage-enabled is created, modified, or deleted

boolean

A true or false value.

Options: true or false

configure authority router path-mtu-discovery

Automatic path MTU discovery between nodes within the router.

Subcommands

command	description
delete	Delete configuration data
enabled	Controls whether or not peer-path MTU discovery is performed
interval	Represents the frequency with which the peer-path MTU discovery is performed.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'path-mtu-discovery'

configure authority router path-mtu-discovery enabled

Controls whether or not peer-path MTU discovery is performed

Usage

configure authority router path-mtu-discovery enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router path-mtu-discovery interval

Represents the frequency with which the peer-path MTU discovery is performed.

Usage

configure authority router path-mtu-discovery interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 600

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router peer

Defines the properties associated with peer SSRs. The peer may be another router in the same authority or a router in a different authority

Usage

configure authority router peer <name>

Positional Arguments

name	description
name	An arbitrary name that represents the properties associated with the peer router. Typically this will be the name of the authority or the value of the name field in the peer's router configuration.

Subcommands

command	description
authority-name	Name of the authority of the peer router.
bfd	BFD parameters for the peer router (deprecated). This is being replaced by BFD parameters in the neighborhood and adjacency in network-interfaces.
client-certificate-name	The name of the certificate to use for authentication for this peer router, if empty or not configured, the default certificate will be used
delete	Delete configuration data
description	A description of the peer router.
generated	Indicates whether or not the Peer was automatically generated as a result of routers existing in the same neighborhood.
key-exchange-algorithm-override	Key exchange algorithm selection for security key management for the peer router.
ml-kem-keygen-priority	Priority for ML-KEM key generation with peers. Higher values indicate higher priority.
name	An arbitrary name that represents the properties associated with the peer router. Typically this will be the name of the authority or the value of the name field in the peer's router configuration.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peering-common-name	The identifier to use with enhanced-security-key-management.
router-client-certificate-name	The name of the certificate to use for authentication for this peer router, if empty or not configured, the default certificate will be used
router-name	Name of the peer router.
show	Show configuration data for 'peer'

configure authority router peer authority-name

Name of the authority of the peer router.

Usage

configure authority router peer authority-name [<authority-name>]

Positional Arguments

name	description
authority-name	The value to set for this field

Description

authority-name (string) (required)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router peer bfd

BFD parameters for the peer router (deprecated). This is being replaced by BFD parameters in the neighborhood and adjacency in network-interfaces.

Subcommands

command	description
authentication-type	Describes the authentication type used in BFD packets
delete	Delete configuration data
desired-tx-interval	Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.
dscp	The DSCP value to use with BFD packets.
dynamic-damping	When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.
hold-down-time	Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.
link-test-interval	This represents the interval between BFD echo tests sent to the peer node/router.
link-test-length	This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.
maximum-hold-down-time	Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.
multiplier	Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'
state	When enabled, run BFD between all nodes within the router.

Description

warning

bfd is deprecated and will be removed in a future software version

configure authority router peer bfd authentication-type

Describes the authentication type used in BFD packets

Usage

configure authority router peer bfd authentication-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: sha256

warning

authentication-type is deprecated and will be removed in a future software version

enumeration

A value from a set of predefined names.

Options:

• simple: Simple Password.
• sha256: SHA256

configure authority router peer bfd desired-tx-interval

Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers.

Usage

configure authority router peer bfd desired-tx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

warning

desired-tx-interval is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

Range: 50-600000

configure authority router peer bfd dscp

The DSCP value to use with BFD packets.

Usage

configure authority router peer bfd dscp [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

Default: 0

warning

dscp is deprecated and will be removed in a future software version

dscp (uint8)

A DSCP value (0-63)

Range: 0-63

configure authority router peer bfd dynamic-damping

When enabled, extend the hold-down time if additional link flaps occur during the hold-down period.

Usage

configure authority router peer bfd dynamic-damping [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

warning

dynamic-damping is deprecated and will be removed in a future software version

enumeration

A value from a set of predefined names.

Options:

• enabled: Extend hold-down time exponentially if link flaps occur during hold-down time.
• disabled: Use simple hold-down timer for every link up event.

configure authority router peer bfd hold-down-time

Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time.

Usage

configure authority router peer bfd hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

warning

hold-down-time is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

Range: 1-300

configure authority router peer bfd link-test-interval

This represents the interval between BFD echo tests sent to the peer node/router.

Usage

configure authority router peer bfd link-test-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10

warning

link-test-interval is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router peer bfd link-test-length

This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests.

Usage

configure authority router peer bfd link-test-length [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: packets

Default: 10

warning

link-test-length is deprecated and will be removed in a future software version

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router peer bfd maximum-hold-down-time

Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value.

Usage

configure authority router peer bfd maximum-hold-down-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

warning

maximum-hold-down-time is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router peer bfd multiplier

Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20).

Usage

configure authority router peer bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

warning

multiplier is deprecated and will be removed in a future software version

uint8

An unsigned 8-bit integer.

Range: 3-20

configure authority router peer bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router peer bfd required-min-rx-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 1000

warning

required-min-rx-interval is deprecated and will be removed in a future software version

uint32

An unsigned 32-bit integer.

configure authority router peer bfd state

When enabled, run BFD between all nodes within the router.

Usage

configure authority router peer bfd state [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: enabled

warning

state is deprecated and will be removed in a future software version

enumeration

A value from a set of predefined names.

Options:

• enabled: BFD is enabled on all nodes of this router.
• disabled: BFD is disabled on all nodes of this router.

configure authority router peer client-certificate-name

The name of the certificate to use for authentication for this peer router, if empty or not configured, the default certificate will be used

Usage

configure authority router peer client-certificate-name [<client-certificate-ref>]

Positional Arguments

name	description
client-certificate-ref	The value to set for this field

Description

client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate.

configure authority router peer description

A description of the peer router.

Usage

configure authority router peer description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router peer generated

Indicates whether or not the Peer was automatically generated as a result of routers existing in the same neighborhood.

Usage

configure authority router peer generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router peer key-exchange-algorithm-override

Key exchange algorithm selection for security key management for the peer router.

Subcommands

command	description
delete	Delete configuration data
diffie-hellman	Diffie-Hellman algorithm.
diffie-hellman-ml-kem	Diffie-Hellman and ML-KEM hybrid algorithm.
ml-kem	ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'key-exchange-algorithm-override'

configure authority router peer key-exchange-algorithm-override diffie-hellman

Diffie-Hellman algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman'

configure authority router peer key-exchange-algorithm-override diffie-hellman dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority router peer key-exchange-algorithm-override diffie-hellman dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem

Diffie-Hellman and ML-KEM hybrid algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman-ml-kem'

configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority router peer key-exchange-algorithm-override diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority router peer key-exchange-algorithm-override ml-kem

ML-KEM algorithm.

Subcommands

command	description
delete	Delete configuration data
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ml-kem'

configure authority router peer key-exchange-algorithm-override ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority router peer key-exchange-algorithm-override ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority router peer ml-kem-keygen-priority

Priority for ML-KEM key generation with peers. Higher values indicate higher priority.

Usage

configure authority router peer ml-kem-keygen-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 0

uint32

An unsigned 32-bit integer.

configure authority router peer name

An arbitrary name that represents the properties associated with the peer router. Typically this will be the name of the authority or the value of the name field in the peer's router configuration.

Usage

configure authority router peer name [<peer-name>]

Positional Arguments

name	description
peer-name	The value to set for this field

Description

peer-name (string)

A string identifier for a peer, which uses alphanumerics, underscores, dots, or dashes, and cannot exceed 253 characters.

Must contain only alphanumeric characters or any of the following: - _ . (e.g., MyFirst-SSR-Router). Length: 0-253

configure authority router peer peering-common-name

The identifier to use with enhanced-security-key-management.

Usage

configure authority router peer peering-common-name [<peer-name>]

Positional Arguments

name	description
peer-name	The value to set for this field

Description

peer-name (string)

A string identifier for a peer, which uses alphanumerics, underscores, dots, or dashes, and cannot exceed 253 characters.

Must contain only alphanumeric characters or any of the following: - _ . (e.g., MyFirst-SSR-Router). Length: 0-253

configure authority router peer router-client-certificate-name

The name of the certificate to use for authentication for this peer router, if empty or not configured, the default certificate will be used

Usage

configure authority router peer router-client-certificate-name [<router-client-certificate-ref>]

Positional Arguments

name	description
router-client-certificate-ref	The value to set for this field

Description

router-client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate for a specific router.

configure authority router peer router-name

Name of the peer router.

Usage

configure authority router peer router-name [<router-name>]

Positional Arguments

name	description
router-name	The value to set for this field

Description

router-name (string) (required)

A text value.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router peering-common-name

The identifier to use with enhanced-security-key-management.

Usage

configure authority router peering-common-name [<peer-name>]

Positional Arguments

name	description
peer-name	The value to set for this field

Description

peer-name (string)

A string identifier for a peer, which uses alphanumerics, underscores, dots, or dashes, and cannot exceed 253 characters.

Must contain only alphanumeric characters or any of the following: - _ . (e.g., MyFirst-SSR-Router). Length: 0-253

configure authority router rate-limit-policy

Configuration for rate limiting policy for all associated service traffic across all interfaces on a given node, when configured within a service-class.

Usage

configure authority router rate-limit-policy <name>

Positional Arguments

name	description
name	The name for the rate limit policy.

Subcommands

command	description
delete	Delete configuration data
download-settings	max rate and burst values for rate-limiting applied for download of traffic.
mode	Configure Mode
name	The name for the rate limit policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rate-limit-policy'
upload-settings	max rate and burst values for rate-limiting applied for upload of traffic.

configure authority router rate-limit-policy download-settings

max rate and burst values for rate-limiting applied for download of traffic.

Subcommands

command	description
delete	Delete configuration data
max-burst	Limit the maximum burst size to this value.
max-rate	Limit the maximum rate to this value.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'download-settings'

configure authority router rate-limit-policy download-settings max-burst

Limit the maximum burst size to this value.

Usage

configure authority router rate-limit-policy download-settings max-burst [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits

uint64 (required)

An unsigned 64-bit integer.

Range: 0-107374182400

configure authority router rate-limit-policy download-settings max-rate

Limit the maximum rate to this value.

Usage

configure authority router rate-limit-policy download-settings max-rate [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64 (required)

An unsigned 64-bit integer.

Range: 0-107374182400

configure authority router rate-limit-policy mode

Configure Mode

Usage

configure authority router rate-limit-policy mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: per-service

enumeration

A value from a set of predefined names.

Options:

• per-service: Apply this rate limit policy at a per-service granularity.
• shared: This rate limit policy may be shared across different services.

configure authority router rate-limit-policy name

The name for the rate limit policy.

Usage

configure authority router rate-limit-policy name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router rate-limit-policy upload-settings

max rate and burst values for rate-limiting applied for upload of traffic.

Subcommands

command	description
delete	Delete configuration data
max-burst	Limit the maximum burst size to this value.
max-rate	Limit the maximum rate to this value.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'upload-settings'

configure authority router rate-limit-policy upload-settings max-burst

Limit the maximum burst size to this value.

Usage

configure authority router rate-limit-policy upload-settings max-burst [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits

uint64 (required)

An unsigned 64-bit integer.

Range: 0-107374182400

configure authority router rate-limit-policy upload-settings max-rate

Limit the maximum rate to this value.

Usage

configure authority router rate-limit-policy upload-settings max-rate [<uint64>]

Positional Arguments

name	description
uint64	The value to set for this field

Description

Units: bits/second

uint64 (required)

An unsigned 64-bit integer.

Range: 0-107374182400

configure authority router reachability-profile

Defines a traffic profile for reachability-detection enforcement

Usage

configure authority router reachability-profile <name>

Positional Arguments

name	description
name	Name of the reachability-profile

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
name	Name of the reachability-profile
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol	Reachability-detection enforcement for a protocol
show	Show configuration data for 'reachability-profile'

configure authority router reachability-profile name

Name of the reachability-profile

Usage

configure authority router reachability-profile name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router reachability-profile protocol

Reachability-detection enforcement for a protocol

Usage

configure authority router reachability-profile protocol <protocol-type>

Positional Arguments

name	description
protocol-type	The protocol to enforce reachability for

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol-type	The protocol to enforce reachability for
show	Show configuration data for 'protocol'
traffic-class	Reachability-detection enforcement for a traffic-class

configure authority router reachability-profile protocol protocol-type

The protocol to enforce reachability for

Usage

configure authority router reachability-profile protocol protocol-type [<reachability-profile-protocol>]

Positional Arguments

name	description
reachability-profile-protocol	The value to set for this field

Description

reachability-profile-protocol (enumeration)

A value from a set of predefined names.

Options:

• tcp: Traffic profile settings for TCP
• tls: Traffic profile settings for TLS
• udp: Traffic profile settings for UDP

configure authority router reachability-profile protocol traffic-class

Reachability-detection enforcement for a traffic-class

Usage

configure authority router reachability-profile protocol traffic-class <traffic-class-id>

Positional Arguments

name	description
traffic-class-id	Type of traffic-class to enforce

Subcommands

command	description
acceptable-error-threshold	Percentage of errors acceptable on the path before taking it offline. For TCP, this will include session closed before establishment, and any ICMP error that constitutes and session timeout before establishment. For UDP, this will include the destination unreachable class of ICMP errors
delete	Delete configuration data
enabled	Enable reachability-detection enforcment for this protocol and traffic class
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'traffic-class'
time-to-establishment	Reachability-detection time-to-establishment metrics
traffic-class-id	Type of traffic-class to enforce

configure authority router reachability-profile protocol traffic-class acceptable-error-threshold

Percentage of errors acceptable on the path before taking it offline. For TCP, this will include session closed before establishment, and any ICMP error that constitutes and session timeout before establishment. For UDP, this will include the destination unreachable class of ICMP errors

Usage

configure authority router reachability-profile protocol traffic-class acceptable-error-threshold [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 25

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router reachability-profile protocol traffic-class enabled

Enable reachability-detection enforcment for this protocol and traffic class

Usage

configure authority router reachability-profile protocol traffic-class enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router reachability-profile protocol traffic-class time-to-establishment

Reachability-detection time-to-establishment metrics

Subcommands

command	description
delete	Delete configuration data
enabled	Include time-to-establishment metrics in reachability-detection
max	Maximum acceptable session time-to-establishment in the detection window
mean	Maximum mean session time-to-establishment over the detection window
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'time-to-establishment'

configure authority router reachability-profile protocol traffic-class time-to-establishment enabled

Include time-to-establishment metrics in reachability-detection

Usage

configure authority router reachability-profile protocol traffic-class time-to-establishment enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router reachability-profile protocol traffic-class time-to-establishment max

Maximum acceptable session time-to-establishment in the detection window

Usage

configure authority router reachability-profile protocol traffic-class time-to-establishment max [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 500

uint32

An unsigned 32-bit integer.

configure authority router reachability-profile protocol traffic-class time-to-establishment mean

Maximum mean session time-to-establishment over the detection window

Usage

configure authority router reachability-profile protocol traffic-class time-to-establishment mean [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 250

uint32

An unsigned 32-bit integer.

configure authority router reachability-profile protocol traffic-class traffic-class-id

Type of traffic-class to enforce

Usage

configure authority router reachability-profile protocol traffic-class traffic-class-id [<net-traffic-class>]

Positional Arguments

name	description
net-traffic-class	The value to set for this field

Description

net-traffic-class (enumeration)

Relative priority of traffic.

Options:

• high: High priority traffic class.
• medium: Medium priority traffic class.
• low: Low priority traffic class.
• best-effort: Best-effort priority traffic class.

configure authority router redundancy-group

A group of redundant interfaces which will fail over together if one goes down for any reason.

Usage

configure authority router redundancy-group <name>

Positional Arguments

name	description
name	An arbitrary, unique name for this group.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
description	A description of the redundancy-group.
member	Configure Member
name	An arbitrary, unique name for this group.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
priority	Priority of member interfaces relative to their redundant interfaces. Higher priority interfaces take precedence.
show	Show configuration data for 'redundancy-group'

configure authority router redundancy-group description

A description of the redundancy-group.

Usage

configure authority router redundancy-group description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router redundancy-group member

Configure Member

Usage

configure authority router redundancy-group member <node> <device-id>

Positional Arguments

name	description
node	Name of the node the interface is on.
device-id	Device interface name.

Subcommands

command	description
device-id	Device interface name.
node	Name of the node the interface is on.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'member'

configure authority router redundancy-group member device-id

Device interface name.

Usage

configure authority router redundancy-group member device-id [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router redundancy-group member node

Name of the node the interface is on.

Usage

configure authority router redundancy-group member node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router redundancy-group name

An arbitrary, unique name for this group.

Usage

configure authority router redundancy-group name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router redundancy-group priority

Priority of member interfaces relative to their redundant interfaces. Higher priority interfaces take precedence.

Usage

configure authority router redundancy-group priority [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8 (required)

An unsigned 8-bit integer.

Range: 0-100

configure authority router resource-group

Associate this router with a top-level resource-group.

Usage

configure authority router resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority router reverse-flow-enforcement

When to enforce biflow reverse fib entry check

Usage

configure authority router reverse-flow-enforcement [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• none: Do not perform reverse fib entry lookup to set up reverse flow
• strict: Perform strict uRPF check on reverse fib entry next hop to set up reverse flow

configure authority router reverse-packet-session-resiliency

Parameters for setting session failover behavior without presence of forward traffic.

Subcommands

command	description
delete	Delete configuration data
detection-interval	Frequency at which each session will be checked for failover trigger in the absence of forward traffic.
enabled	Whether reverse packet triggered failover is enabled on this router when session resiliency is set.
minimum-packet-count	Minimum number of packets received on the flow to activate the feature
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'reverse-packet-session-resiliency'

configure authority router reverse-packet-session-resiliency detection-interval

Frequency at which each session will be checked for failover trigger in the absence of forward traffic.

Usage

configure authority router reverse-packet-session-resiliency detection-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-30

configure authority router reverse-packet-session-resiliency enabled

Whether reverse packet triggered failover is enabled on this router when session resiliency is set.

Usage

configure authority router reverse-packet-session-resiliency enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router reverse-packet-session-resiliency minimum-packet-count

Minimum number of packets received on the flow to activate the feature

Usage

configure authority router reverse-packet-session-resiliency minimum-packet-count [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: packets

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-999999

configure authority router router-group

Logical group of routers for filtering services.

Usage

configure authority router router-group [<name-id>]

Positional Arguments

name	description
name-id	Value to add to this list

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router routing

A router-level container for all of the routing policies associated with a given SSR deployment. Each routing element may have one and only one routing-instance.

Usage

configure authority router routing <type>

Positional Arguments

name	description
type	The type of the routing instance.

Subcommands

command	description
clone	Clone a list item
debug	Routing engine debug commands.
delete	Delete configuration data
description	Textual description of the routing instance.
igmp	IGMP configuration
interface	Internal loopback interface used for routing protocols
mist-events	MIST Event Configuration.
mld	MLD configuration
msdp	MSDP configuration
ospf	OSPF instance configuration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pim	PIM configuration
pimv6	PIMv6 configuration
rib-policy	List of protocol specific RIB policies
router-id	Router ID - 32-bit number in the form of a dotted quad. Some protocols use this parameter for identifying a router to its neighbors.
routing-protocol	Each entry contains configuration of a routing protocol instance.
service-admin-distance	Administrative distance for routes generated from services.
service-metric-use-sla	Consider peer path SLA in metric of routes generated from services.
show	Show configuration data for 'routing'
static-route	A list of static routes. The sub-element that allows administrators to configure static routes, that will be entered into the SSR's Routing Information Base (RIB).
type	The type of the routing instance.
vrf	A list of virtual router and forward instances (VRF's).

configure authority router routing debug

Routing engine debug commands.

Subcommands

command	description
bfd	Debug BFD commands.
bgp	Debug BGP commands.
delete	Delete configuration data
ospf	Debug OSPF commands.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rib	Debug RIB Manager commands.
show	Show configuration data for 'debug'
static-route	Debug static route commands.

configure authority router routing debug bfd

Debug BFD commands.

Subcommands

command	description
delete	Delete configuration data
network	Debug BFD network layer.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	Debug BFD peer events.
rib	Debug BFD RIB.
show	Show configuration data for 'bfd'

configure authority router routing debug bfd network

Debug BFD network layer.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'network'

configure authority router routing debug bfd peer

Debug BFD peer events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'peer'

configure authority router routing debug bfd rib

Debug BFD RIB.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rib'

configure authority router routing debug bgp

Debug BGP commands.

Subcommands

command	description
bestpath	Debug BGP bestpath.
bfd	Debug BGP BFD.
delete	Delete configuration data
graceful-restart	Debug BGP graceful restart.
keepalives	Debug BGP keepalives.
neighbor-events	Debug BGP neighbor events.
nht	Debug BGP next hop tracker (NHT).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rib	Debug BGP RIB.
show	Show configuration data for 'bgp'
update-groups	Debug BGP update groups.
updates	Debug BGP update.
vpn	Debug BGP VPN.

configure authority router routing debug bgp bestpath

Debug BGP bestpath.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix	Debug BGP bestpath prefix.
show	Show configuration data for 'bestpath'

configure authority router routing debug bgp bestpath prefix

Debug BGP bestpath prefix.

Usage

configure authority router routing debug bgp bestpath prefix [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing debug bgp bfd

Debug BGP BFD.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'bfd'

configure authority router routing debug bgp graceful-restart

Debug BGP graceful restart.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'graceful-restart'

configure authority router routing debug bgp keepalives

Debug BGP keepalives.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'keepalives'

configure authority router routing debug bgp neighbor-events

Debug BGP neighbor events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor-events'

configure authority router routing debug bgp nht

Debug BGP next hop tracker (NHT).

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nht'

configure authority router routing debug bgp rib

Debug BGP RIB.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rib'

configure authority router routing debug bgp update-groups

Debug BGP update groups.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'update-groups'

configure authority router routing debug bgp updates

Debug BGP update.

Subcommands

command	description
delete	Delete configuration data
in	Debug BGP updates in.
out	Debug BGP updates out.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix	Debug BGP update prefix.
show	Show configuration data for 'updates'

configure authority router routing debug bgp updates in

Debug BGP updates in.

Usage

configure authority router routing debug bgp updates in [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing debug bgp updates out

Debug BGP updates out.

Usage

configure authority router routing debug bgp updates out [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing debug bgp updates prefix

Debug BGP update prefix.

Usage

configure authority router routing debug bgp updates prefix [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	Value to add to this list

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing debug bgp vpn

Debug BGP VPN.

Subcommands

command	description
delete	Delete configuration data
leak-from-vrf	Debug BGP leak from VRF events.
leak-to-vrf	Debug BGP leak to VRF events.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'vpn'

configure authority router routing debug bgp vpn leak-from-vrf

Debug BGP leak from VRF events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'leak-from-vrf'

configure authority router routing debug bgp vpn leak-to-vrf

Debug BGP leak to VRF events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'leak-to-vrf'

configure authority router routing debug ospf

Debug OSPF commands.

Subcommands

command	description
bfd	Debug OSPF BFD.
default-information	Debug OSPF default information.
delete	Delete configuration data
events	Debug OSPF events.
graceful-restart	Debug OSPF graceful restart.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ospf'

configure authority router routing debug ospf bfd

Debug OSPF BFD.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'bfd'

configure authority router routing debug ospf default-information

Debug OSPF default information.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'default-information'

configure authority router routing debug ospf events

Debug OSPF events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'events'

configure authority router routing debug ospf graceful-restart

Debug OSPF graceful restart.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'graceful-restart'

configure authority router routing debug rib

Debug RIB Manager commands.

Subcommands

command	description
delete	Delete configuration data
events	Debug RIB events.
fpm	Debug RIB FIB push module (FPM).
kernel	Debug RIB kernel.
nexthop	Debug RIB next hop.
nht	Debug RIB next hop tracker (NHT).
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
packet	Debug RIB packets).
show	Show configuration data for 'rib'
table	Debug RIB table.

configure authority router routing debug rib events

Debug RIB events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'events'

configure authority router routing debug rib fpm

Debug RIB FIB push module (FPM).

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'fpm'

configure authority router routing debug rib kernel

Debug RIB kernel.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'kernel'

configure authority router routing debug rib nexthop

Debug RIB next hop.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nexthop'

configure authority router routing debug rib nht

Debug RIB next hop tracker (NHT).

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'nht'

configure authority router routing debug rib packet

Debug RIB packets).

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'packet'

configure authority router routing debug rib table

Debug RIB table.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'table'

configure authority router routing debug static-route

Debug static route commands.

Subcommands

command	description
delete	Delete configuration data
events	Debug static route events.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routes	Debug static route routes.
show	Show configuration data for 'static-route'

configure authority router routing debug static-route events

Debug static route events.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'events'

configure authority router routing debug static-route routes

Debug static route routes.

Subcommands

command	description
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'routes'

configure authority router routing description

Textual description of the routing instance.

Usage

configure authority router routing description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing igmp

IGMP configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of IGMP interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'igmp'

configure authority router routing igmp interface

List of IGMP interfaces

Usage

configure authority router routing igmp interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	Network interface name
join	List of Groups to join
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'
source-address-prefix-list	Policy to restrict source addresses from IGMP messages
version	IGMP Version

configure authority router routing igmp interface interface

Network interface name

Usage

configure authority router routing igmp interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing igmp interface join

List of Groups to join

Usage

configure authority router routing igmp interface join <group>

Positional Arguments

name	description
group	IPv4 address of the Group to Join

Subcommands

command	description
delete	Delete configuration data
group	IPv4 address of the Group to Join
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'join'
source	IPv4 address of the Source to Join

configure authority router routing igmp interface join group

IPv4 address of the Group to Join

Usage

configure authority router routing igmp interface join group [<multicast-ipv4-address>]

Positional Arguments

name	description
multicast-ipv4-address	The value to set for this field

Description

multicast-ipv4-address (string)

A multicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing igmp interface join source

IPv4 address of the Source to Join

Usage

configure authority router routing igmp interface join source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing igmp interface node

Interface node name

Usage

configure authority router routing igmp interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing igmp interface source-address-prefix-list

Policy to restrict source addresses from IGMP messages

Usage

configure authority router routing igmp interface source-address-prefix-list [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

Configure a prefix list of source-addresses from which IGMP messages will be permitted. The prefix list is then added to the IGMP configuration. If no source-address-prefix-list is provided, then IGMP messages are accepted from all addresses.

configure authority router routing igmp interface version

IGMP Version

Usage

configure authority router routing igmp interface version [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-3

configure authority router routing interface

Internal loopback interface used for routing protocols

Usage

configure authority router routing interface <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.

Subcommands

command	description
delete	Delete configuration data
enabled	Administratively enable/disable the interface.
ip-address	The IP address of the interface.
name	An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing interface enabled

Administratively enable/disable the interface.

Usage

configure authority router routing interface enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing interface ip-address

The IP address of the interface.

Usage

configure authority router routing interface ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing interface name

An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.

Usage

configure authority router routing interface name [<bridge-name>]

Positional Arguments

name	description
bridge-name	The value to set for this field

Description

bridge-name (string)

A string identifier for bridge-name which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters.

Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - The name 'lo' is reserved. Length: 0-15

configure authority router routing mist-events

MIST Event Configuration.

Subcommands

command	description
bgp	MIST BGP Event Configuration.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'mist-events'

configure authority router routing mist-events bgp

MIST BGP Event Configuration.

Subcommands

command	description
delete	Delete configuration data
enable	Enable/Disable MIST BGP Event Generation.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'bgp'

configure authority router routing mist-events bgp enable

Enable/Disable MIST BGP Event Generation.

Usage

configure authority router routing mist-events bgp enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing mld

MLD configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of MLD interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'mld'

configure authority router routing mld interface

List of MLD interfaces

Usage

configure authority router routing mld interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	Network interface name
join	List of Groups to join
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'
version	MLD Version

configure authority router routing mld interface interface

Network interface name

Usage

configure authority router routing mld interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing mld interface join

List of Groups to join

Usage

configure authority router routing mld interface join <group>

Positional Arguments

name	description
group	IPv6 address of the Group to Join

Subcommands

command	description
delete	Delete configuration data
group	IPv6 address of the Group to Join
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'join'
source	IPv6 address of the Source to Join

configure authority router routing mld interface join group

IPv6 address of the Group to Join

Usage

configure authority router routing mld interface join group [<multicast-ipv6-address>]

Positional Arguments

name	description
multicast-ipv6-address	The value to set for this field

Description

multicast-ipv6-address (string)

A multicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing mld interface join source

IPv6 address of the Source to Join

Usage

configure authority router routing mld interface join source [<unicast-ipv6-address>]

Positional Arguments

name	description
unicast-ipv6-address	The value to set for this field

Description

unicast-ipv6-address (string)

A unicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing mld interface node

Interface node name

Usage

configure authority router routing mld interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing mld interface version

MLD Version

Usage

configure authority router routing mld interface version [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 1-2

configure authority router routing msdp

MSDP configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
mesh-group	MSDP Mesh-Group Configuration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	MSDP Peer Configuration
show	Show configuration data for 'msdp'

configure authority router routing msdp mesh-group

MSDP Mesh-Group Configuration

Usage

configure authority router routing msdp mesh-group <name>

Positional Arguments

name	description
name	Name of the Mesh-Group

Subcommands

command	description
auth-password	Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.
delete	Delete configuration data
member	IPv4 address of the Mesh-group member
name	Name of the Mesh-Group
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'mesh-group'
source	Source Address for the mesh-group

configure authority router routing msdp mesh-group auth-password

Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.

Usage

configure authority router routing msdp mesh-group auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing msdp mesh-group member

IPv4 address of the Mesh-group member

Usage

configure authority router routing msdp mesh-group member [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	Value to add to this list

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing msdp mesh-group name

Name of the Mesh-Group

Usage

configure authority router routing msdp mesh-group name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router routing msdp mesh-group source

Source Address for the mesh-group

Usage

configure authority router routing msdp mesh-group source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing msdp peer

MSDP Peer Configuration

Usage

configure authority router routing msdp peer <address>

Positional Arguments

name	description
address	IPv4 address of the Peer

Subcommands

command	description
address	IPv4 address of the Peer
auth-password	Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'peer'
source	Source Address for the peer adjacency

configure authority router routing msdp peer address

IPv4 address of the Peer

Usage

configure authority router routing msdp peer address [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing msdp peer auth-password

Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.

Usage

configure authority router routing msdp peer auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing msdp peer source

Source Address for the peer adjacency

Usage

configure authority router routing msdp peer source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing ospf

OSPF instance configuration

Usage

configure authority router routing ospf <instance>

Positional Arguments

name	description
instance	Number of OSPF instance

Subcommands

command	description
advertise-default	Advertise default route into OSPF
area	List of OSPF areas
clone	Clone a list item
delete	Delete configuration data
distance	OSPF route administrative distance
graceful-restart	Enable OSPF graceful restart
instance	Number of OSPF instance
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into OSPF
router-id	Defined in RFC 2328. A 32-bit number that uniquely identifies the router
show	Show configuration data for 'ospf'
timers	OSPF Timers
version	OSPF version

configure authority router routing ospf advertise-default

Advertise default route into OSPF

Subcommands

command	description
always	Advertise default route into OSPF even when there is no default route in the routing table
delete	Delete configuration data
metric	Advertised metric of the default route
metric-type	Advertised metric type of default route
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the default route
show	Show configuration data for 'advertise-default'

configure authority router routing ospf advertise-default always

Advertise default route into OSPF even when there is no default route in the routing table

Usage

configure authority router routing ospf advertise-default always [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing ospf advertise-default metric

Advertised metric of the default route

Usage

configure authority router routing ospf advertise-default metric [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing ospf advertise-default metric-type

Advertised metric type of default route

Usage

configure authority router routing ospf advertise-default metric-type [<ospf-external-metric-type>]

Positional Arguments

name	description
ospf-external-metric-type	The value to set for this field

Description

Default: type-2

ospf-external-metric-type (enumeration)

OSPF external metric type

Options:

• type-1: External metric type 1, comparable to link state metric
• type-2: External metric type 2, larger than link state metric

configure authority router routing ospf advertise-default policy

A policy to apply to the default route

Usage

configure authority router routing ospf advertise-default policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing ospf area

List of OSPF areas

Usage

configure authority router routing ospf area <id>

Positional Arguments

name	description
id	Area ID

Subcommands

command	description
authentication-type	Area authentication type
clone	Clone a list item
default-cost	Set the summary default route cost for a stub or NSSA area.
delete	Delete configuration data
id	Area ID
interface	List of interfaces in area
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	List of routing interfaces in area
show	Show configuration data for 'area'
summary-advertisement	Enable/Disable summary advertisement into the stub or NSSA area.
summary-range	Summarize routes matching address/mask - Applicable to Area Border Routers (ABRs) only
type	Area type

configure authority router routing ospf area authentication-type

Area authentication type

Usage

configure authority router routing ospf area authentication-type [<area-authentication-type>]

Positional Arguments

name	description
area-authentication-type	The value to set for this field

Description

Default: none

area-authentication-type (enumeration)

OSPF area authentication. Can be overriden by interface authentication.

Options:

• none: No authentication
• simple: Simple (plain text) password authentication
• md5: MD5 HMAC authentication

configure authority router routing ospf area default-cost

Set the summary default route cost for a stub or NSSA area.

Usage

configure authority router routing ospf area default-cost [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-16777215

configure authority router routing ospf area id

Area ID

Usage

configure authority router routing ospf area id [<area-id-type>]

Positional Arguments

name	description
area-id-type	The value to set for this field

Description

area-id-type (string)

Area ID type.

configure authority router routing ospf area interface

List of interfaces in area

Usage

configure authority router routing ospf area interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
authentication-type	OSPF interface authentication type.
bfd	BFD Client Configuration.
clone	Clone a list item
cost	Interface cost
dead-interval	Interval after which a neighbor is declared down (seconds) if hello packets are not received.
delete	Delete configuration data
hello-interval	Interval between hello packets (seconds).
interface	Network interface name
message-digest-key	MD5 HMAC authentication message digest keys
network-type	Interface network type
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
passive	Enable/Disable passive interface - a passive interface's prefix will be advertised but no neighbor adjacencies will be formed on the interface.
password	OSPF simple authentication password
priority	Router priority
show	Show configuration data for 'interface'

configure authority router routing ospf area interface authentication-type

OSPF interface authentication type.

Usage

configure authority router routing ospf area interface authentication-type [<interface-authentication-type>]

Positional Arguments

name	description
interface-authentication-type	The value to set for this field

Description

Default: area

interface-authentication-type (enumeration)

OSPF interface authentication type

Options:

• area: Use area authentication type
• none: No interface authentication
• simple: Simple (plain text) password authentication
• md5: MD5 HMAC authentication

configure authority router routing ospf area interface bfd

BFD Client Configuration.

Subcommands

command	description
delete	Delete configuration data
desired-tx-interval	The minimum transmission interval in milliseconds used to send BFD control packets.
enable	Enable/Disable BFD protocol
multiplier	The number of BFD packets that can be lost without the BFD session declared as down.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'

configure authority router routing ospf area interface bfd desired-tx-interval

The minimum transmission interval in milliseconds used to send BFD control packets.

Usage

configure authority router routing ospf area interface bfd desired-tx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing ospf area interface bfd enable

Enable/Disable BFD protocol

Usage

configure authority router routing ospf area interface bfd enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing ospf area interface bfd multiplier

The number of BFD packets that can be lost without the BFD session declared as down.

Usage

configure authority router routing ospf area interface bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-255

configure authority router routing ospf area interface bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router routing ospf area interface bfd required-min-rx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing ospf area interface cost

Interface cost

Usage

configure authority router routing ospf area interface cost [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing ospf area interface dead-interval

Interval after which a neighbor is declared down (seconds) if hello packets are not received.

Usage

configure authority router routing ospf area interface dead-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 40

uint32

An unsigned 32-bit integer.

Range: 1-2147483647

configure authority router routing ospf area interface hello-interval

Interval between hello packets (seconds).

Usage

configure authority router routing ospf area interface hello-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing ospf area interface interface

Network interface name

Usage

configure authority router routing ospf area interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing ospf area interface message-digest-key

MD5 HMAC authentication message digest keys

Usage

configure authority router routing ospf area interface message-digest-key <id>

Positional Arguments

name	description
id	Message digest key identifier

Subcommands

command	description
delete	Delete configuration data
id	Message digest key identifier
key	Message digest secret key
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'message-digest-key'

configure authority router routing ospf area interface message-digest-key id

Message digest key identifier

Usage

configure authority router routing ospf area interface message-digest-key id [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing ospf area interface message-digest-key key

Message digest secret key

Usage

configure authority router routing ospf area interface message-digest-key key [<routing-password-type>]

Positional Arguments

name	description
routing-password-type	The value to set for this field

Description

routing-password-type (string)

A routing engine password that is hidden from the UI.

Invalid whitespace or other unrecognized character.

configure authority router routing ospf area interface network-type

Interface network type

Usage

configure authority router routing ospf area interface network-type [<interface-network-type>]

Positional Arguments

name	description
interface-network-type	The value to set for this field

Description

Default: unspecified

interface-network-type (enumeration)

OSPF interface network type

Options:

• unspecified: Unspecified network type
• broadcast: Broadcast network
• point-to-point: Point-to-point network

configure authority router routing ospf area interface node

Interface node name

Usage

configure authority router routing ospf area interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing ospf area interface passive

Enable/Disable passive interface - a passive interface's prefix will be advertised but no neighbor adjacencies will be formed on the interface.

Usage

configure authority router routing ospf area interface passive [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing ospf area interface password

OSPF simple authentication password

Usage

configure authority router routing ospf area interface password [<routing-password-type>]

Positional Arguments

name	description
routing-password-type	The value to set for this field

Description

routing-password-type (string)

A routing engine password that is hidden from the UI.

Invalid whitespace or other unrecognized character.

configure authority router routing ospf area interface priority

Router priority

Usage

configure authority router routing ospf area interface priority [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 1

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router routing ospf area routing-interface

List of routing interfaces in area

Usage

configure authority router routing ospf area routing-interface <routing-interface>

Positional Arguments

name	description
routing-interface	Routing interface name

Subcommands

command	description
cost	Interface cost
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	Routing interface name
show	Show configuration data for 'routing-interface'

configure authority router routing ospf area routing-interface cost

Interface cost

Usage

configure authority router routing ospf area routing-interface cost [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing ospf area routing-interface routing-interface

Routing interface name

Usage

configure authority router routing ospf area routing-interface routing-interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing ospf area summary-advertisement

Enable/Disable summary advertisement into the stub or NSSA area.

Usage

configure authority router routing ospf area summary-advertisement [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing ospf area summary-range

Summarize routes matching address/mask - Applicable to Area Border Routers (ABRs) only

Usage

configure authority router routing ospf area summary-range <prefix>

Positional Arguments

name	description
prefix	Summarization prefix

Subcommands

command	description
advertise	Advertise or hide
cost	Advertised cost of summary route
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix	Summarization prefix
show	Show configuration data for 'summary-range'

configure authority router routing ospf area summary-range advertise

Advertise or hide

Usage

configure authority router routing ospf area summary-range advertise [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing ospf area summary-range cost

Advertised cost of summary route

Usage

configure authority router routing ospf area summary-range cost [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing ospf area summary-range prefix

Summarization prefix

Usage

configure authority router routing ospf area summary-range prefix [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing ospf area type

Area type

Usage

configure authority router routing ospf area type [<area-type>]

Positional Arguments

name	description
area-type	The value to set for this field

Description

Default: normal

area-type (enumeration)

A value from a set of predefined names.

Options:

• normal: OSPF normal area
• stub: OSPF stub area
• nssa: OSPF Not-So-Stubby Area (NSSA)

configure authority router routing ospf distance

OSPF route administrative distance

Subcommands

command	description
delete	Delete configuration data
external	Administrative distance for external OSPF routes
inter-area	Administrative distance for inter-area OSPF routes
intra-area	Administrative distance for intra-area OSPF routes
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'distance'

configure authority router routing ospf distance external

Administrative distance for external OSPF routes

Usage

configure authority router routing ospf distance external [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing ospf distance inter-area

Administrative distance for inter-area OSPF routes

Usage

configure authority router routing ospf distance inter-area [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing ospf distance intra-area

Administrative distance for intra-area OSPF routes

Usage

configure authority router routing ospf distance intra-area [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing ospf graceful-restart

Enable OSPF graceful restart

Subcommands

command	description
delete	Delete configuration data
helper	OSPF graceful restart helper support
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	OSPF graceful restart duration
show	Show configuration data for 'graceful-restart'

configure authority router routing ospf graceful-restart helper

OSPF graceful restart helper support

Subcommands

command	description
delete	Delete configuration data
helper-restart-time	Helper support graceful restart duration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'helper'
strict-lsa-checking	When enabled, helper will abort graceful restart if a LSA change occurs that affects the restarting router

configure authority router routing ospf graceful-restart helper helper-restart-time

Helper support graceful restart duration

Usage

configure authority router routing ospf graceful-restart helper helper-restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 10-1800

configure authority router routing ospf graceful-restart helper strict-lsa-checking

When enabled, helper will abort graceful restart if a LSA change occurs that affects the restarting router

Usage

configure authority router routing ospf graceful-restart helper strict-lsa-checking [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

• Units: seconds
• Range: 10-1800
• Default: 120

configure authority router routing ospf graceful-restart restart-time

OSPF graceful restart duration

Usage

configure authority router routing ospf graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 1-1800

configure authority router routing ospf instance

Number of OSPF instance

Usage

configure authority router routing ospf instance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-8

configure authority router routing ospf redistribute

List of routing protocols to redistribute into OSPF. Allows administrators to control which sources of routes will get redistributed into OSPF by the SSR.

Usage

configure authority router routing ospf redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into OSPF

Subcommands

command	description
delete	Delete configuration data
metric	Advertised metric of redistributed route
metric-type	Advertised metric type of redistributed route
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into OSPF
show	Show configuration data for 'redistribute'

configure authority router routing ospf redistribute metric

Advertised metric of redistributed route

Usage

configure authority router routing ospf redistribute metric [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing ospf redistribute metric-type

Advertised metric type of redistributed route

Usage

configure authority router routing ospf redistribute metric-type [<ospf-external-metric-type>]

Positional Arguments

name	description
ospf-external-metric-type	The value to set for this field

Description

Default: type-2

ospf-external-metric-type (enumeration)

OSPF external metric type

Options:

• type-1: External metric type 1, comparable to link state metric
• type-2: External metric type 2, larger than link state metric

configure authority router routing ospf redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing ospf redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing ospf redistribute protocol

The routing protocol to redistribute into OSPF

Usage

configure authority router routing ospf redistribute protocol [<redistribute-into-ospf>]

Positional Arguments

name	description
redistribute-into-ospf	The value to set for this field

Description

redistribute-into-ospf (enumeration)

A value from a set of predefined names. Valid values: bgp, connected, service, static. This controls which types of routes the redistribution will include. The service value will control whether this router will advertise SSR's service routes into OSPF.

Options:

name	description
bgp	BGP routes
connected	Interface routes
service	Service routes
static	Static routes

configure authority router routing ospf router-id

Defined in RFC 2328. A 32-bit number that uniquely identifies the router

Usage

configure authority router routing ospf router-id [<dotted-quad>]

Positional Arguments

name	description
dotted-quad	The value to set for this field

Description

dotted-quad (string)

An unsigned 32-bit number expressed in the dotted-quad notation, i.e., four octets written as decimal numbers and separated with the '.' (full stop) character.

configure authority router routing ospf timers

OSPF Timers

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'
spf	OSPF SPF Timers

configure authority router routing ospf timers spf

OSPF SPF Timers

Subcommands

command	description
delay	Initial SPF delay.
delete	Delete configuration data
hold-time	Adaptive hold-time.
maximum-hold-time	Maximum hold-time.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'spf'

configure authority router routing ospf timers spf delay

Initial SPF delay.

Usage

configure authority router routing ospf timers spf delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 0

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing ospf timers spf hold-time

Adaptive hold-time.

Usage

configure authority router routing ospf timers spf hold-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 5000

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing ospf timers spf maximum-hold-time

Maximum hold-time.

Usage

configure authority router routing ospf timers spf maximum-hold-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 30000

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing ospf version

OSPF version

Usage

configure authority router routing ospf version [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: ospfv2

enumeration

A value from a set of predefined names.

Options:

• ospfv2:
• ospfv3:

configure authority router routing pim

PIM configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of PIM interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	PIM graceful restart duration
rp	PIM RP Configuration
show	Show configuration data for 'pim'

configure authority router routing pim interface

List of PIM interfaces

Usage

configure authority router routing pim interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
delete	Delete configuration data
dr-priority	Preference of a particular device in the DR election process. The lowest priority is 1.
hello-interval	Configure Hello Interval
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing pim interface dr-priority

Preference of a particular device in the DR election process. The lowest priority is 1.

Usage

configure authority router routing pim interface dr-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-4294967295

configure authority router routing pim interface hello-interval

Configure Hello Interval

Usage

configure authority router routing pim interface hello-interval [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 30

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing pim interface interface

Network interface name

Usage

configure authority router routing pim interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing pim interface node

Interface node name

Usage

configure authority router routing pim interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing pim restart-time

PIM graceful restart duration

Usage

configure authority router routing pim restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 0-1800

configure authority router routing pim rp

PIM RP Configuration

Usage

configure authority router routing pim rp <group-range>

Positional Arguments

name	description
group-range	Multicast Group address range for this RP

Subcommands

command	description
address	IPv4 address of the RP
delete	Delete configuration data
group-range	Multicast Group address range for this RP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rp'

configure authority router routing pim rp address

IPv4 address of the RP

Usage

configure authority router routing pim rp address [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing pim rp group-range

Multicast Group address range for this RP

Usage

configure authority router routing pim rp group-range [<multicast-ipv4-prefix>]

Positional Arguments

name	description
multicast-ipv4-prefix	The value to set for this field

Description

multicast-ipv4-prefix (string)

A multicast IPv4 prefix

configure authority router routing pimv6

PIMv6 configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of PIMv6 interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rp	PIMv6 RP Configuration
show	Show configuration data for 'pimv6'

configure authority router routing pimv6 interface

List of PIMv6 interfaces

Usage

configure authority router routing pimv6 interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
delete	Delete configuration data
dr-priority	Preference of a particular device in the DR election process. The lowest priority is 1.
hello-interval	Configure Hello Interval
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing pimv6 interface dr-priority

Preference of a particular device in the DR election process. The lowest priority is 1.

Usage

configure authority router routing pimv6 interface dr-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-4294967295

configure authority router routing pimv6 interface hello-interval

Configure Hello Interval

Usage

configure authority router routing pimv6 interface hello-interval [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 30

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing pimv6 interface interface

Network interface name

Usage

configure authority router routing pimv6 interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing pimv6 interface node

Interface node name

Usage

configure authority router routing pimv6 interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing pimv6 rp

PIMv6 RP Configuration

Usage

configure authority router routing pimv6 rp <group-range>

Positional Arguments

name	description
group-range	IPv6 Multicast Group address range for this RP

Subcommands

command	description
address	IPv6 address of the RP
delete	Delete configuration data
group-range	IPv6 Multicast Group address range for this RP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rp'

configure authority router routing pimv6 rp address

IPv6 address of the RP

Usage

configure authority router routing pimv6 rp address [<unicast-ipv6-address>]

Positional Arguments

name	description
unicast-ipv6-address	The value to set for this field

Description

unicast-ipv6-address (string) (required)

A unicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing pimv6 rp group-range

IPv6 Multicast Group address range for this RP

Usage

configure authority router routing pimv6 rp group-range [<multicast-ipv6-prefix>]

Positional Arguments

name	description
multicast-ipv6-prefix	The value to set for this field

Description

multicast-ipv6-prefix (string)

A multicast IPv6 prefix

configure authority router routing rib-policy

List of protocol specific RIB policies

Usage

configure authority router routing rib-policy <family> <protocol>

Positional Arguments

name	description
family	The routing protocol address family
protocol	The routing protocol RIB policy

Subcommands

command	description
delete	Delete configuration data
family	The routing protocol address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the protocol route
protocol	The routing protocol RIB policy
show	Show configuration data for 'rib-policy'

configure authority router routing rib-policy family

The routing protocol address family

Usage

configure authority router routing rib-policy family [<rib-family>]

Positional Arguments

name	description
rib-family	The value to set for this field

Description

rib-family (enumeration)

A value from a set of predefined names.

Options:

• ipv4: IPv4 Address Family
• ipv6: IPv6 Address Famimly

configure authority router routing rib-policy policy

A policy to apply to the protocol route

Usage

configure authority router routing rib-policy policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing rib-policy protocol

The routing protocol RIB policy

Usage

configure authority router routing rib-policy protocol [<rib-protocol>]

Positional Arguments

name	description
rib-protocol	The value to set for this field

Description

rib-protocol (enumeration)

A value from a set of predefined names.

Options:

• any: Any RIB protocol
• bgp: BGP routes
• connected: Interface routes
• ospf: OSPF routes
• service: Service routes
• static: Static routes

configure authority router routing router-id

Router ID - 32-bit number in the form of a dotted quad. Some protocols use this parameter for identifying a router to its neighbors.

Usage

configure authority router routing router-id [<dotted-quad>]

Positional Arguments

name	description
dotted-quad	The value to set for this field

Description

dotted-quad (string)

An unsigned 32-bit number expressed in the dotted-quad notation, i.e., four octets written as decimal numbers and separated with the '.' (full stop) character.

configure authority router routing routing-protocol

Each entry contains configuration of a routing protocol instance.

Usage

configure authority router routing routing-protocol <type>

Positional Arguments

name	description
type	Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

Subcommands

command	description
address-family	Address family configuration
clone	Clone a list item
cluster-id	Route reflector cluster id.
conditional-advertisement	Configure Conditional Advertisement
confederation	Configuration options specifying parameters when the local router is within an autonomous system which is part of a BGP confederation.
delete	Delete configuration data
description	Textual description of the routing protocol instance.
graceful-restart	Configuration parameters relating to BGP graceful restart.
local-as	Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991.
neighbor	List of BGP neighbors configured on the local system, uniquely identified by neighbor IPv[46] address
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into BGP
route-reflector-allow-outbound-policy	Apply outbound policy on route reflector clients.
route-selection-options	Set of configuration options that govern best path selection.
router-id	Router id of the router, expressed as an 32-bit value, IPv4 address.
show	Show configuration data for 'routing-protocol'
timers	Config parameters related to timers associated with the BGP neighbor
type	Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

configure authority router routing routing-protocol address-family

Address family configuration

Usage

configure authority router routing routing-protocol address-family <afi-safi>

Positional Arguments

name	description
afi-safi	Address family type

Subcommands

command	description
afi-safi	Address family type
aggregate-address	Address prefixes to aggregate
clone	Clone a list item
default-route-distance	Configuration options relating to the administrative distance (or preference) assigned to routes received from different sources (external, internal, and local).
delete	Delete configuration data
graceful-restart	Configuration parameters relating to BGP graceful restart.
network	Advertises a network into BGP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into BGP
show	Show configuration data for 'address-family'
use-multiple-paths	Parameters related to the use of multiple paths for the same NLRI
vpn-export	Configure Vpn Export
vpn-import	Configure Vpn Import

configure authority router routing routing-protocol address-family afi-safi

Address family type

Usage

configure authority router routing routing-protocol address-family afi-safi [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• ipv4-unicast: IPv4 unicast (AFI,SAFI = 1,1)
• ipv6-unicast: IPv6 unicast (AFI,SAFI = 2,1)
• ipv4-vpn: IPv4 vpn (AFI,SAFI = 1,128)
• ipv6-vpn: IPv6 vpn (AFI,SAFI = 2,128)

configure authority router routing routing-protocol address-family aggregate-address

Address prefixes to aggregate

Usage

configure authority router routing routing-protocol address-family aggregate-address <prefix>

Positional Arguments

name	description
prefix	The prefix to aggregate from

Subcommands

command	description
as-set	Generate as-set information for the resultant aggregate
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	Policy to apply to the aggregate route
prefix	The prefix to aggregate from
show	Show configuration data for 'aggregate-address'
summary-only	Specifies that the prefixes aggregated by this aggregation are not to be advertised: only the aggregate itself will be advertised

configure authority router routing routing-protocol address-family aggregate-address as-set

Generate as-set information for the resultant aggregate

Usage

configure authority router routing routing-protocol address-family aggregate-address as-set [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol address-family aggregate-address policy

Policy to apply to the aggregate route

Usage

configure authority router routing routing-protocol address-family aggregate-address policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol address-family aggregate-address prefix

The prefix to aggregate from

Usage

configure authority router routing routing-protocol address-family aggregate-address prefix [<not-host-ip-prefix>]

Positional Arguments

name	description
not-host-ip-prefix	The value to set for this field

Description

not-host-ip-prefix (union)

A not host IPv4 or IPv6 prefix

Must be one of the following types:

(0) not-host-ipv4-prefix (string)

A not host IPv4 prefix

(1) not-host-ipv6-prefix (string)

A not host IPv6 prefix

configure authority router routing routing-protocol address-family aggregate-address summary-only

Specifies that the prefixes aggregated by this aggregation are not to be advertised: only the aggregate itself will be advertised

Usage

configure authority router routing routing-protocol address-family aggregate-address summary-only [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol address-family default-route-distance

Configuration options relating to the administrative distance (or preference) assigned to routes received from different sources (external, internal, and local).

Subcommands

command	description
delete	Delete configuration data
external	Administrative distance for routes learned from external BGP (eBGP).
internal	Administrative distance for routes learned from internal BGP (iBGP).
local	Administrative distance for local routes
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'default-route-distance'

configure authority router routing routing-protocol address-family default-route-distance external

Administrative distance for routes learned from external BGP (eBGP).

Usage

configure authority router routing routing-protocol address-family default-route-distance external [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 20

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing routing-protocol address-family default-route-distance internal

Administrative distance for routes learned from internal BGP (iBGP).

Usage

configure authority router routing routing-protocol address-family default-route-distance internal [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 200

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing routing-protocol address-family default-route-distance local

Administrative distance for local routes

Usage

configure authority router routing routing-protocol address-family default-route-distance local [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 200

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing routing-protocol address-family graceful-restart

Configuration parameters relating to BGP graceful restart.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.
show	Show configuration data for 'graceful-restart'
stale-routes-time	An upper-bound on the time that the stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

Description

warning

graceful-restart is deprecated and will be removed in a future software version

configure authority router routing routing-protocol address-family graceful-restart restart-time

Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.

Usage

configure authority router routing routing-protocol address-family graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

warning

restart-time is deprecated and will be removed in a future software version

uint16

An unsigned 16-bit integer.

Range: 0-4096

configure authority router routing routing-protocol address-family graceful-restart stale-routes-time

An upper-bound on the time that the stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

Usage

configure authority router routing routing-protocol address-family graceful-restart stale-routes-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

warning

stale-routes-time is deprecated and will be removed in a future software version

uint16

An unsigned 16-bit integer.

Range: 1-3600

configure authority router routing routing-protocol address-family network

Advertises a network into BGP

Usage

configure authority router routing routing-protocol address-family network <network-address>

Positional Arguments

name	description
network-address	Specify a network to announce via BGP for this address family

Subcommands

command	description
delete	Delete configuration data
network-address	Specify a network to announce via BGP for this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	a policy to apply to the imported route
show	Show configuration data for 'network'

configure authority router routing routing-protocol address-family network network-address

Specify a network to announce via BGP for this address family

Usage

configure authority router routing routing-protocol address-family network network-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing routing-protocol address-family network policy

a policy to apply to the imported route

Usage

configure authority router routing routing-protocol address-family network policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol address-family redistribute

List of routing protocols to redistribute into BGP

Usage

configure authority router routing routing-protocol address-family redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into BGP

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into BGP
show	Show configuration data for 'redistribute'

configure authority router routing routing-protocol address-family redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing routing-protocol address-family redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol address-family redistribute protocol

The routing protocol to redistribute into BGP

Usage

configure authority router routing routing-protocol address-family redistribute protocol [<redistribute-into-bgp>]

Positional Arguments

name	description
redistribute-into-bgp	The value to set for this field

Description

redistribute-into-bgp (enumeration)

A value from a set of predefined names.

Options:

• connected: Interface routes
• service: Service routes
• static: Static routes
• ospf: OSPF routes

configure authority router routing routing-protocol address-family use-multiple-paths

Parameters related to the use of multiple paths for the same NLRI

Subcommands

command	description
delete	Delete configuration data
ebgp	Multipath parameters for eBGP
ibgp	Multipath parameters for iBGP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'use-multiple-paths'

configure authority router routing routing-protocol address-family use-multiple-paths ebgp

Multipath parameters for eBGP

Subcommands

command	description
delete	Delete configuration data
maximum-paths	Maximum number of parallel paths to consider when using eBGP multipath for this address family. The default is to use a single path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ebgp'

configure authority router routing routing-protocol address-family use-multiple-paths ebgp maximum-paths

Maximum number of parallel paths to consider when using eBGP multipath for this address family. The default is to use a single path.

Usage

configure authority router routing routing-protocol address-family use-multiple-paths ebgp maximum-paths [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: paths

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-64

configure authority router routing routing-protocol address-family use-multiple-paths ibgp

Multipath parameters for iBGP

Subcommands

command	description
delete	Delete configuration data
maximum-paths	Maximum number of parallel paths to consider when using iBGP multipath for this address family. The default is to use a single path
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ibgp'

configure authority router routing routing-protocol address-family use-multiple-paths ibgp maximum-paths

Maximum number of parallel paths to consider when using iBGP multipath for this address family. The default is to use a single path

Usage

configure authority router routing routing-protocol address-family use-multiple-paths ibgp maximum-paths [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: paths

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-64

configure authority router routing routing-protocol address-family vpn-export

Configure Vpn Export

Subcommands

command	description
delete	Delete configuration data
export-policy	Export policy for vpn export
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
route-distinguisher	Route Distinguisher for vpn export
show	Show configuration data for 'vpn-export'
vpn-export-route-target	Route Target list for vpn export

configure authority router routing routing-protocol address-family vpn-export export-policy

Export policy for vpn export

Usage

configure authority router routing routing-protocol address-family vpn-export export-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol address-family vpn-export route-distinguisher

Route Distinguisher for vpn export

Usage

configure authority router routing routing-protocol address-family vpn-export route-distinguisher [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	The value to set for this field

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing routing-protocol address-family vpn-export vpn-export-route-target

Route Target list for vpn export

Usage

configure authority router routing routing-protocol address-family vpn-export vpn-export-route-target [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing routing-protocol address-family vpn-import

Configure Vpn Import

Subcommands

command	description
delete	Delete configuration data
import-policy	Export policy for vpn import
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'vpn-import'
vpn-import-route-target	Route Target list for vpn import

configure authority router routing routing-protocol address-family vpn-import import-policy

Export policy for vpn import

Usage

configure authority router routing routing-protocol address-family vpn-import import-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol address-family vpn-import vpn-import-route-target

Route Target list for vpn import

Usage

configure authority router routing routing-protocol address-family vpn-import vpn-import-route-target [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing routing-protocol cluster-id

Route reflector cluster id.

Usage

configure authority router routing routing-protocol cluster-id [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority router routing routing-protocol conditional-advertisement

Configure Conditional Advertisement

Subcommands

command	description
delete	Delete configuration data
interval-time	Conditional advertisement scanner process interval time.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'conditional-advertisement'

configure authority router routing routing-protocol conditional-advertisement interval-time

Conditional advertisement scanner process interval time.

Usage

configure authority router routing routing-protocol conditional-advertisement interval-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 60

uint16

An unsigned 16-bit integer.

Range: 5-240

configure authority router routing routing-protocol confederation

Configuration options specifying parameters when the local router is within an autonomous system which is part of a BGP confederation.

Subcommands

command	description
delete	Delete configuration data
identifier	Confederation identifier for the autonomous system.
member-as	Remote autonomous systems that are to be treated as part of the local confederation.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'confederation'

configure authority router routing routing-protocol confederation identifier

Confederation identifier for the autonomous system.

Usage

configure authority router routing routing-protocol confederation identifier [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing routing-protocol confederation member-as

Remote autonomous systems that are to be treated as part of the local confederation.

Usage

configure authority router routing routing-protocol confederation member-as [<as-number>]

Positional Arguments

name	description
as-number	Value to add to this list

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing routing-protocol description

Textual description of the routing protocol instance.

Usage

configure authority router routing routing-protocol description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing routing-protocol graceful-restart

Configuration parameters relating to BGP graceful restart.

Subcommands

command	description
delete	Delete configuration data
mode	Graceful restart mode.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.
select-delay-time	After GR restart and reconnect with a GR helper peer, this is the minimum time to delay the best route selection process and sending the initial End-of-RIB to all BGP neighbors. This is the minimum of the currently unexposed selection deferral timer (RFC-4724) where that timer is a maximum and currently hard- coded to 360 seconds.
show	Show configuration data for 'graceful-restart'
stale-routes-time	An upper-bound on the time that the stale routes will be retained by a router after a session is restarted or 0 to disable. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged.

configure authority router routing routing-protocol graceful-restart mode

Graceful restart mode.

Usage

configure authority router routing routing-protocol graceful-restart mode [<graceful-restart-mode>]

Positional Arguments

name	description
graceful-restart-mode	The value to set for this field

Description

Default: helper

graceful-restart-mode (enumeration)

configure BGP graceful restart mode [rfc4724]

Options:

• enable: enable graceful restart and helper mode
• helper: enable graceful restart helper mode only
• disable: disable graceful restart

configure authority router routing routing-protocol graceful-restart restart-time

Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.

Usage

configure authority router routing routing-protocol graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 1-4095

configure authority router routing routing-protocol graceful-restart select-delay-time

After GR restart and reconnect with a GR helper peer, this is the minimum time to delay the best route selection process and sending the initial End-of-RIB to all BGP neighbors. This is the minimum of the currently unexposed selection deferral timer (RFC-4724) where that timer is a maximum and currently hard-coded to 360 seconds.

The select-delay-time is an optional BGP graceful restart timer that ensures BGP graceful restart will end only after the configured timer value. The select-delay-timer was added to ensure that BGP does not send the End-of-RIB before learning the OSPF routes that are being redistributed into BGP.

When the select-delay-timer is configured, it ensures that the timer has expired before sending the End-of-RIB to the peers. The select-delay-timer starts when BGP first connects to a GR-enabled peer after restart.

When the select-delay-timer is not configured, BGP processes graceful restart normally, ensuring all peers send End-of-RIB messages and perform the best route calculation.

Usage

configure authority router routing routing-protocol graceful-restart select-delay-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 0

uint16

An unsigned 16-bit integer.

Range: 0-360

configure authority router routing routing-protocol graceful-restart stale-routes-time

An upper-bound on the time that the stale routes will be retained by a router after a session is restarted or 0 to disable. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged.

Usage

configure authority router routing routing-protocol graceful-restart stale-routes-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 360

uint16

An unsigned 16-bit integer.

Range: 0-3600

configure authority router routing routing-protocol local-as

Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991.

Usage

configure authority router routing routing-protocol local-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing routing-protocol neighbor

List of BGP neighbors configured on the local system, uniquely identified by neighbor IPv[46] address

Usage

configure authority router routing routing-protocol neighbor <neighbor-address>

Positional Arguments

name	description
neighbor-address	IP address of the BGP neighbor

Subcommands

command	description
address-family	Address family configuration
auth-password	Configures an MD5 authentication password for use with neighboring devices.
bfd	BFD Client Configuration.
clone	Clone a list item
delete	Delete configuration data
description	An optional textual description (intended primarily for use with a neighbor or group
graceful-restart	Configuration parameters relating to BGP neighbor graceful restart. If not explicitly configured, neighbor inherits from BGP instance.
local-as	The local autonomous system number that is to be used when establishing sessions with the remote neighbor or neighbor group, if this differs from the global BGP router autonomous system number.
multihop	Configuration parameters specifying the multihop behaviour for BGP sessions to the neighbor
negotiate-capabilities	If set to false, suppress sending the Capabilities Optional Parameter in the BGP OPEN message.
neighbor-address	IP address of the BGP neighbor
neighbor-as	AS number of the neighbor.
neighbor-policy	Configure Neighbor Policy
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor'
shutdown	If set to true, the neighbors connection will not come up.
timers	Config parameters related to timers associated with the BGP neighbor
transport	Configuration parameters relating to the transport protocol used by the BGP session to the neighbor

configure authority router routing routing-protocol neighbor address-family

Address family configuration

Usage

configure authority router routing routing-protocol neighbor address-family <afi-safi>

Positional Arguments

name	description
afi-safi	Address family type

Subcommands

command	description
activate	Activate address family for neighbor
afi-safi	Address family type
as-path-options	Configuration parameters allowing manipulation of the AS_PATH attribute for this address family
conditional-advertisement	Configure Conditional Advertisement
delete	Delete configuration data
neighbor-policy	Configure Neighbor Policy
next-hop-self	Sets the router as the next hop for this neighbor and this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix-limit	Configure the maximum number of prefixes that will be accepted from a neighbor for this address family
remove-private-as	Modify private AS numbers in updates sent to neighbors for this address family.
route-reflector	Route reflector client configuration
send-default-route	If set to true, generate and send the default-route for this address-family to the neighbor
show	Show configuration data for 'address-family'

configure authority router routing routing-protocol neighbor address-family activate

Activate address family for neighbor

Usage

configure authority router routing routing-protocol neighbor address-family activate [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor address-family afi-safi

Address family type

Usage

configure authority router routing routing-protocol neighbor address-family afi-safi [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• ipv4-unicast: IPv4 unicast (AFI,SAFI = 1,1)
• ipv6-unicast: IPv6 unicast (AFI,SAFI = 2,1)
• ipv4-vpn: IPv4 vpn (AFI,SAFI = 1,128)
• ipv6-vpn: IPv6 vpn (AFI,SAFI = 2,128)

configure authority router routing routing-protocol neighbor address-family as-path-options

Configuration parameters allowing manipulation of the AS_PATH attribute for this address family

Subcommands

command	description
allow-own-as	Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected for this address family.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'as-path-options'

configure authority router routing routing-protocol neighbor address-family as-path-options allow-own-as

Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected for this address family.

Usage

configure authority router routing routing-protocol neighbor address-family as-path-options allow-own-as [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router routing routing-protocol neighbor address-family conditional-advertisement

Configure Conditional Advertisement

Subcommands

command	description
advertisement-policy	A policy selecting routes to conditionally advertise.
delete	Delete configuration data
exist-policy	If this policy matches any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.
non-exist-policy	If this policy does not match any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'conditional-advertisement'

configure authority router routing routing-protocol neighbor address-family conditional-advertisement advertisement-policy

A policy selecting routes to conditionally advertise.

Usage

configure authority router routing routing-protocol neighbor address-family conditional-advertisement advertisement-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref) (required)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor address-family conditional-advertisement exist-policy

If this policy matches any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.

Usage

configure authority router routing routing-protocol neighbor address-family conditional-advertisement exist-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor address-family conditional-advertisement non-exist-policy

If this policy does not match any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.

Usage

configure authority router routing routing-protocol neighbor address-family conditional-advertisement non-exist-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor address-family neighbor-policy

Configure Neighbor Policy

Subcommands

command	description
delete	Delete configuration data
inbound-policy	A policy to apply to the NLRIs inbound from this neighbor.
outbound-policy	A policy to apply to the NLRIs outbound to this neighbor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor-policy'

configure authority router routing routing-protocol neighbor address-family neighbor-policy inbound-policy

A policy to apply to the NLRIs inbound from this neighbor.

Usage

configure authority router routing routing-protocol neighbor address-family neighbor-policy inbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor address-family neighbor-policy outbound-policy

A policy to apply to the NLRIs outbound to this neighbor.

Usage

configure authority router routing routing-protocol neighbor address-family neighbor-policy outbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor address-family next-hop-self

Sets the router as the next hop for this neighbor and this address family

Usage

configure authority router routing routing-protocol neighbor address-family next-hop-self [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor address-family prefix-limit

Configure the maximum number of prefixes that will be accepted from a neighbor for this address family

Subcommands

command	description
delete	Delete configuration data
max-prefixes	Maximum number of prefixes that will be accepted from the neighbor for this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-timer	Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
show	Show configuration data for 'prefix-limit'
shutdown-threshold-pct	Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries.

configure authority router routing routing-protocol neighbor address-family prefix-limit max-prefixes

Maximum number of prefixes that will be accepted from the neighbor for this address family

Usage

configure authority router routing routing-protocol neighbor address-family prefix-limit max-prefixes [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: prefixes

uint32 (required)

An unsigned 32-bit integer.

configure authority router routing routing-protocol neighbor address-family prefix-limit restart-timer

Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.

Usage

configure authority router routing routing-protocol neighbor address-family prefix-limit restart-timer [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing routing-protocol neighbor address-family prefix-limit shutdown-threshold-pct

Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries.

Usage

configure authority router routing routing-protocol neighbor address-family prefix-limit shutdown-threshold-pct [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router routing routing-protocol neighbor address-family remove-private-as

Modify private AS numbers in updates sent to neighbors for this address family.

Usage

configure authority router routing routing-protocol neighbor address-family remove-private-as [<remove-private-as-option>]

Positional Arguments

name	description
remove-private-as-option	The value to set for this field

Description

remove-private-as-option (enumeration)

Set of options for configuring how private AS numbers are modified in advertised AS paths.

Options:

• all: Remove all private ASes in the AS path.
• replace-all: Replace all private ASes with the local AS.
• only: Remove private ASes only if the AS path contains just private ASes.
• replace-only: Replace private ASes with the local AS only if the AS path contains just private ASes.
• disable: Do not remove private ASes.

configure authority router routing routing-protocol neighbor address-family route-reflector

Route reflector client configuration

Subcommands

command	description
client	Configure the neighbor as a route reflector client for this address family.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'route-reflector'

configure authority router routing routing-protocol neighbor address-family route-reflector client

Configure the neighbor as a route reflector client for this address family.

Usage

configure authority router routing routing-protocol neighbor address-family route-reflector client [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor address-family send-default-route

If set to true, generate and send the default-route for this address-family to the neighbor

Usage

configure authority router routing routing-protocol neighbor address-family send-default-route [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor auth-password

Configures an MD5 authentication password for use with neighboring devices.

Usage

configure authority router routing routing-protocol neighbor auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing routing-protocol neighbor bfd

BFD Client Configuration.

Subcommands

command	description
delete	Delete configuration data
desired-tx-interval	The minimum transmission interval in milliseconds used to send BFD control packets.
enable	Enable/Disable BFD protocol
multiplier	The number of BFD packets that can be lost without the BFD session declared as down.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'

configure authority router routing routing-protocol neighbor bfd desired-tx-interval

The minimum transmission interval in milliseconds used to send BFD control packets.

Usage

configure authority router routing routing-protocol neighbor bfd desired-tx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing routing-protocol neighbor bfd enable

Enable/Disable BFD protocol

Usage

configure authority router routing routing-protocol neighbor bfd enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor bfd multiplier

The number of BFD packets that can be lost without the BFD session declared as down.

Usage

configure authority router routing routing-protocol neighbor bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-255

configure authority router routing routing-protocol neighbor bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router routing routing-protocol neighbor bfd required-min-rx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing routing-protocol neighbor description

An optional textual description (intended primarily for use with a neighbor or group

Usage

configure authority router routing routing-protocol neighbor description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing routing-protocol neighbor graceful-restart

Configuration parameters relating to BGP neighbor graceful restart. If not explicitly configured, neighbor inherits from BGP instance.

Subcommands

command	description
delete	Delete configuration data
mode	Graceful restart mode.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'graceful-restart'

configure authority router routing routing-protocol neighbor graceful-restart mode

Graceful restart mode.

Usage

configure authority router routing routing-protocol neighbor graceful-restart mode [<graceful-restart-mode>]

Positional Arguments

name	description
graceful-restart-mode	The value to set for this field

Description

graceful-restart-mode (enumeration)

configure BGP graceful restart mode [rfc4724]

Options:

• enable: enable graceful restart and helper mode
• helper: enable graceful restart helper mode only
• disable: disable graceful restart

configure authority router routing routing-protocol neighbor local-as

The local autonomous system number that is to be used when establishing sessions with the remote neighbor or neighbor group, if this differs from the global BGP router autonomous system number.

Usage

configure authority router routing routing-protocol neighbor local-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing routing-protocol neighbor multihop

Configuration parameters specifying the multihop behaviour for BGP sessions to the neighbor

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'multihop'
ttl	Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled

configure authority router routing routing-protocol neighbor multihop ttl

Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled

Usage

configure authority router routing routing-protocol neighbor multihop ttl [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing routing-protocol neighbor negotiate-capabilities

If set to false, suppress sending the Capabilities Optional Parameter in the BGP OPEN message.

Usage

configure authority router routing routing-protocol neighbor negotiate-capabilities [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor neighbor-address

IP address of the BGP neighbor

Usage

configure authority router routing routing-protocol neighbor neighbor-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing routing-protocol neighbor neighbor-as

AS number of the neighbor.

Usage

configure authority router routing routing-protocol neighbor neighbor-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32) (required)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing routing-protocol neighbor neighbor-policy

Configure Neighbor Policy

Subcommands

command	description
delete	Delete configuration data
inbound-policy	A policy to apply to the NLRIs inbound from this neighbor.
outbound-policy	A policy to apply to the NLRIs outbound to this neighbor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor-policy'

configure authority router routing routing-protocol neighbor neighbor-policy inbound-policy

A policy to apply to the NLRIs inbound from this neighbor.

Usage

configure authority router routing routing-protocol neighbor neighbor-policy inbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor neighbor-policy outbound-policy

A policy to apply to the NLRIs outbound to this neighbor.

Usage

configure authority router routing routing-protocol neighbor neighbor-policy outbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor shutdown

If set to true, the neighbors connection will not come up.

Usage

configure authority router routing routing-protocol neighbor shutdown [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol neighbor timers

Config parameters related to timers associated with the BGP neighbor

Subcommands

command	description
connect-retry	Time interval between attempts to establish a session with the neighbor.
delete	Delete configuration data
hold-time	Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.
keepalive-interval	Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.
minimum-advertisement-interval	Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a neighbor. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'

configure authority router routing routing-protocol neighbor timers connect-retry

Time interval between attempts to establish a session with the neighbor.

Usage

configure authority router routing routing-protocol neighbor timers connect-retry [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing routing-protocol neighbor timers hold-time

Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.

Usage

configure authority router routing routing-protocol neighbor timers hold-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 0,3-65535

configure authority router routing routing-protocol neighbor timers keepalive-interval

Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.

Usage

configure authority router routing routing-protocol neighbor timers keepalive-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing routing-protocol neighbor timers minimum-advertisement-interval

Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a neighbor. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability.

Usage

configure authority router routing routing-protocol neighbor timers minimum-advertisement-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-600

configure authority router routing routing-protocol neighbor transport

Configuration parameters relating to the transport protocol used by the BGP session to the neighbor

Subcommands

command	description
bgp-service-generation	Approach used for generating a BGP service and service routes to enable SVR transport for the BGP session with the neighbor.
delete	Delete configuration data
local-address	Set the source IP address to be used for the BGP peering session. This must be expressed as a reference to the name of a routing interface or network interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
passive-mode	Wait for neighbors to issue requests to open a BGP session, rather than initiating sessions from the local router.
show	Show configuration data for 'transport'

configure authority router routing routing-protocol neighbor transport bgp-service-generation

Approach used for generating a BGP service and service routes to enable SVR transport for the BGP session with the neighbor.

Subcommands

command	description
delete	Delete configuration data
disabled	Do not generate a BGP service or service routes.
neighbor-vrf	Name of the neighbor's VRF in which the peer BGP instance resides. Can be 'default'.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
same-neighbor-vrf	Generate BGP service if there is a matching peer with a BGP instance within the same VRF.
show	Show configuration data for 'bgp-service-generation'

configure authority router routing routing-protocol neighbor transport bgp-service-generation disabled

Do not generate a BGP service or service routes.

Usage

configure authority router routing routing-protocol neighbor transport bgp-service-generation disabled

Description

empty

Has no value.

configure authority router routing routing-protocol neighbor transport bgp-service-generation neighbor-vrf

Name of the neighbor's VRF in which the peer BGP instance resides. Can be 'default'.

Usage

configure authority router routing routing-protocol neighbor transport bgp-service-generation neighbor-vrf [<vrf-name-or-default-vrf>]

Positional Arguments

name	description
vrf-name-or-default-vrf	The value to set for this field

Description

vrf-name-or-default-vrf (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters, and cannot be the words 'all', 'any', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - Length: 1-15

configure authority router routing routing-protocol neighbor transport bgp-service-generation same-neighbor-vrf

Generate BGP service if there is a matching peer with a BGP instance within the same VRF.

Usage

configure authority router routing routing-protocol neighbor transport bgp-service-generation same-neighbor-vrf

Description

empty

Has no value.

configure authority router routing routing-protocol neighbor transport local-address

Set the source IP address to be used for the BGP peering session. This must be expressed as a reference to the name of a routing interface or network interface.

Subcommands

command	description
delete	Delete configuration data
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	Configure Routing Interface
show	Show configuration data for 'local-address'

configure authority router routing routing-protocol neighbor transport local-address interface

Network interface name

Usage

configure authority router routing routing-protocol neighbor transport local-address interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref (required)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor transport local-address node

Interface node name

Usage

configure authority router routing routing-protocol neighbor transport local-address node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref (required)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor transport local-address routing-interface

Configure Routing Interface

Usage

configure authority router routing routing-protocol neighbor transport local-address routing-interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing routing-protocol neighbor transport passive-mode

Wait for neighbors to issue requests to open a BGP session, rather than initiating sessions from the local router.

Usage

configure authority router routing routing-protocol neighbor transport passive-mode [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol redistribute

List of routing protocols to redistribute into BGP

Usage

configure authority router routing routing-protocol redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into BGP

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into BGP
show	Show configuration data for 'redistribute'

configure authority router routing routing-protocol redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing routing-protocol redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing routing-protocol redistribute protocol

The routing protocol to redistribute into BGP

Usage

configure authority router routing routing-protocol redistribute protocol [<redistribute-into-bgp>]

Positional Arguments

name	description
redistribute-into-bgp	The value to set for this field

Description

redistribute-into-bgp (enumeration)

A value from a set of predefined names.

Options:

• connected: Interface routes
• service: Service routes
• static: Static routes
• ospf: OSPF routes

configure authority router routing routing-protocol route-reflector-allow-outbound-policy

Apply outbound policy on route reflector clients.

Usage

configure authority router routing routing-protocol route-reflector-allow-outbound-policy [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol route-selection-options

Set of configuration options that govern best path selection.

Subcommands

command	description
always-compare-med	Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS.
delete	Delete configuration data
external-compare-router-id	When comparing similar routes received from external BGP neighbors, use the router-id as a criterion to select the active path.
ignore-as-path-length	Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'route-selection-options'

configure authority router routing routing-protocol route-selection-options always-compare-med

Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS.

Usage

configure authority router routing routing-protocol route-selection-options always-compare-med [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol route-selection-options external-compare-router-id

When comparing similar routes received from external BGP neighbors, use the router-id as a criterion to select the active path.

Usage

configure authority router routing routing-protocol route-selection-options external-compare-router-id [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol route-selection-options ignore-as-path-length

Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length.

Usage

configure authority router routing routing-protocol route-selection-options ignore-as-path-length [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing routing-protocol router-id

Router id of the router, expressed as an 32-bit value, IPv4 address.

Usage

configure authority router routing routing-protocol router-id [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority router routing routing-protocol timers

Config parameters related to timers associated with the BGP neighbor

Subcommands

command	description
delete	Delete configuration data
hold-time	Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.
keepalive-interval	Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'

configure authority router routing routing-protocol timers hold-time

Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.

Usage

configure authority router routing routing-protocol timers hold-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 90

uint16

An unsigned 16-bit integer.

Range: 0,3-65535

configure authority router routing routing-protocol timers keepalive-interval

Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.

Usage

configure authority router routing routing-protocol timers keepalive-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing routing-protocol type

Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

Usage

configure authority router routing routing-protocol type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• bgp: BGP routing protocol

configure authority router routing service-admin-distance

Administrative distance for routes generated from services.

Usage

configure authority router routing service-admin-distance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 254

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing service-metric-use-sla

Consider peer path SLA in metric of routes generated from services.

Usage

configure authority router routing service-metric-use-sla [<boolean>]

Positional Arguments

name	description
boolean	Default: True (enabled). Enable or disable the use of the service-metric-use-sla feature.

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing static-route

A list of static routes. The sub-element that allows administrators to configure static routes, that will be entered into the SSR's Routing Information Base (RIB).

Usage

configure authority router routing static-route <destination-prefix> <distance>

Positional Arguments

name	description
destination-prefix	IPv4 or IPv6 destination prefix that must be unicast.
distance	Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
description	Textual description of the route.
destination-prefix	IPv4 or IPv6 destination prefix that must be unicast.
distance	Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.
next-hop	List of next-hops. An empty list creates a blackhole route.
next-hop-interface	List of next-hop interfaces.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-route'

configure authority router routing static-route description

Textual description of the route.

Usage

configure authority router routing static-route description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing static-route destination-prefix

IPv4 or IPv6 destination prefix that must be unicast.

Usage

configure authority router routing static-route destination-prefix [<unicast-ip-prefix>]

Positional Arguments

name	description
unicast-ip-prefix	The value to set for this field

Description

unicast-ip-prefix (union)

A unicast IPv4 or IPv6 prefix

Must be one of the following types:

(0) unicast-ipv4-prefix (string)

A unicast IPv4 prefix

(1) unicast-ipv6-prefix (string)

A unicast IPv6 prefix

configure authority router routing static-route distance

Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.

Usage

configure authority router routing static-route distance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing static-route next-hop

List of next-hops. An empty list creates a blackhole route.

Usage

configure authority router routing static-route next-hop [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing static-route next-hop-interface

List of next-hop interfaces.

Usage

configure authority router routing static-route next-hop-interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'next-hop-interface'

configure authority router routing static-route next-hop-interface interface

Network interface name

Usage

configure authority router routing static-route next-hop-interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing static-route next-hop-interface node

Interface node name

Usage

configure authority router routing static-route next-hop-interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing type

The type of the routing instance.

Usage

configure authority router routing type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• default-instance: This identity represents a default routing instance.

configure authority router routing vrf

A list of virtual router and forward instances (VRF's).

Usage

configure authority router routing vrf <name>

Positional Arguments

name	description
name	The name of the VRF.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
description	Textual description of the VRF instance.
igmp	IGMP VRF configuration
interface	Internal loopback interface used for routing protocols
mld	MLD VRF configuration
msdp	MSDP configuration
name	The name of the VRF.
ospf	OSPF instance configuration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pim	PIM VRF configuration
pimv6	PIMv6 VRF configuration
rib-policy	List of protocol specific RIB policies
router-id	Router ID - 32-bit number in the form of a dotted quad. Some protocols use this parameter for identifying a router to its neighbors.
routing-protocol	Each entry contains configuration of a routing protocol instance.
service-admin-distance	Administrative distance for routes generated from services.
show	Show configuration data for 'vrf'
static-route	A list of static routes. The sub-element that allows administrators to configure static routes, that will be entered into the SSR's Routing Information Base (RIB).
tenant-name	List of tenants in this VRF.

configure authority router routing vrf description

Textual description of the VRF instance.

Usage

configure authority router routing vrf description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing vrf igmp

IGMP VRF configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of IGMP interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'igmp'

configure authority router routing vrf igmp interface

List of IGMP interfaces

Usage

configure authority router routing vrf igmp interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	Network interface name
join	List of Groups to join
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'
source-address-prefix-list	Policy to restrict source addresses from IGMP messages
version	IGMP Version

configure authority router routing vrf igmp interface interface

Network interface name

Usage

configure authority router routing vrf igmp interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf igmp interface join

List of Groups to join

Usage

configure authority router routing vrf igmp interface join <group>

Positional Arguments

name	description
group	IPv4 address of the Group to Join

Subcommands

command	description
delete	Delete configuration data
group	IPv4 address of the Group to Join
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'join'
source	IPv4 address of the Source to Join

configure authority router routing vrf igmp interface join group

IPv4 address of the Group to Join

Usage

configure authority router routing vrf igmp interface join group [<multicast-ipv4-address>]

Positional Arguments

name	description
multicast-ipv4-address	The value to set for this field

Description

multicast-ipv4-address (string)

A multicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf igmp interface join source

IPv4 address of the Source to Join

Usage

configure authority router routing vrf igmp interface join source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf igmp interface node

Interface node name

Usage

configure authority router routing vrf igmp interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf igmp interface source-address-prefix-list

Policy to restrict source addresses from IGMP messages

Usage

configure authority router routing vrf igmp interface source-address-prefix-list [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf igmp interface version

IGMP Version

Usage

configure authority router routing vrf igmp interface version [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-3

configure authority router routing vrf interface

Internal loopback interface used for routing protocols

Usage

configure authority router routing vrf interface <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.

Subcommands

command	description
delete	Delete configuration data
enabled	Administratively enable/disable the interface.
ip-address	The IP address of the interface.
name	An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing vrf interface enabled

Administratively enable/disable the interface.

Usage

configure authority router routing vrf interface enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf interface ip-address

The IP address of the interface.

Usage

configure authority router routing vrf interface ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing vrf interface name

An arbitrary, unique name for the routing interface, used to reference it in other routing configuration sections.

Usage

configure authority router routing vrf interface name [<bridge-name>]

Positional Arguments

name	description
bridge-name	The value to set for this field

Description

bridge-name (string)

A string identifier for bridge-name which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters.

Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - The name 'lo' is reserved. Length: 0-15

configure authority router routing vrf mld

MLD VRF configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of MLD interfaces
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'mld'

configure authority router routing vrf mld interface

List of MLD interfaces

Usage

configure authority router routing vrf mld interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	Network interface name
join	List of Groups to join
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'
version	MLD Version

configure authority router routing vrf mld interface interface

Network interface name

Usage

configure authority router routing vrf mld interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf mld interface join

List of Groups to join

Usage

configure authority router routing vrf mld interface join <group>

Positional Arguments

name	description
group	IPv6 address of the Group to Join

Subcommands

command	description
delete	Delete configuration data
group	IPv6 address of the Group to Join
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'join'
source	IPv6 address of the Source to Join

configure authority router routing vrf mld interface join group

IPv6 address of the Group to Join

Usage

configure authority router routing vrf mld interface join group [<multicast-ipv6-address>]

Positional Arguments

name	description
multicast-ipv6-address	The value to set for this field

Description

multicast-ipv6-address (string)

A multicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing vrf mld interface join source

IPv6 address of the Source to Join

Usage

configure authority router routing vrf mld interface join source [<unicast-ipv6-address>]

Positional Arguments

name	description
unicast-ipv6-address	The value to set for this field

Description

unicast-ipv6-address (string)

A unicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing vrf mld interface node

Interface node name

Usage

configure authority router routing vrf mld interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf mld interface version

MLD Version

Usage

configure authority router routing vrf mld interface version [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 2

uint8

An unsigned 8-bit integer.

Range: 1-2

configure authority router routing vrf msdp

MSDP configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
mesh-group	MSDP Mesh-Group Configuration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	MSDP Peer Configuration
show	Show configuration data for 'msdp'

configure authority router routing vrf msdp mesh-group

MSDP Mesh-Group Configuration

Usage

configure authority router routing vrf msdp mesh-group <name>

Positional Arguments

name	description
name	Name of the Mesh-Group

Subcommands

command	description
auth-password	Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.
delete	Delete configuration data
member	IPv4 address of the Mesh-group member
name	Name of the Mesh-Group
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'mesh-group'
source	Source Address for the mesh-group

configure authority router routing vrf msdp mesh-group auth-password

Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.

Usage

configure authority router routing vrf msdp mesh-group auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing vrf msdp mesh-group member

IPv4 address of the Mesh-group member

Usage

configure authority router routing vrf msdp mesh-group member [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	Value to add to this list

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf msdp mesh-group name

Name of the Mesh-Group

Usage

configure authority router routing vrf msdp mesh-group name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router routing vrf msdp mesh-group source

Source Address for the mesh-group

Usage

configure authority router routing vrf msdp mesh-group source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf msdp peer

MSDP Peer Configuration

Usage

configure authority router routing vrf msdp peer <address>

Positional Arguments

name	description
address	IPv4 address of the Peer

Subcommands

command	description
address	IPv4 address of the Peer
auth-password	Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'peer'
source	Source Address for the peer adjacency

configure authority router routing vrf msdp peer address

IPv4 address of the Peer

Usage

configure authority router routing vrf msdp peer address [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf msdp peer auth-password

Configures an MD5 authentication password for use with MSDP peers and Mesh-Groups.

Usage

configure authority router routing vrf msdp peer auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing vrf msdp peer source

Source Address for the peer adjacency

Usage

configure authority router routing vrf msdp peer source [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf name

The name of the VRF.

Usage

configure authority router routing vrf name [<vrf-name>]

Positional Arguments

name	description
vrf-name	The value to set for this field

Description

vrf-name (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters, and cannot be the words 'all', 'any', 'default', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - The name 'lo' is reserved. Length: 1-15

configure authority router routing vrf ospf

OSPF instance configuration

Usage

configure authority router routing vrf ospf <instance>

Positional Arguments

name	description
instance	Number of OSPF instance

Subcommands

command	description
advertise-default	Advertise default route into OSPF
area	List of OSPF areas
clone	Clone a list item
delete	Delete configuration data
distance	OSPF route administrative distance
graceful-restart	Enable OSPF graceful restart
instance	Number of OSPF instance
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into OSPF
router-id	Defined in RFC 2328. A 32-bit number that uniquely identifies the router
show	Show configuration data for 'ospf'
timers	OSPF Timers
version	OSPF version

configure authority router routing vrf ospf advertise-default

Advertise default route into OSPF

Subcommands

command	description
always	Advertise default route into OSPF even when there is no default route in the routing table
delete	Delete configuration data
metric	Advertised metric of the default route
metric-type	Advertised metric type of default route
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the default route
show	Show configuration data for 'advertise-default'

configure authority router routing vrf ospf advertise-default always

Advertise default route into OSPF even when there is no default route in the routing table

Usage

configure authority router routing vrf ospf advertise-default always [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf advertise-default metric

Advertised metric of the default route

Usage

configure authority router routing vrf ospf advertise-default metric [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing vrf ospf advertise-default metric-type

Advertised metric type of default route

Usage

configure authority router routing vrf ospf advertise-default metric-type [<ospf-external-metric-type>]

Positional Arguments

name	description
ospf-external-metric-type	The value to set for this field

Description

Default: type-2

ospf-external-metric-type (enumeration)

OSPF external metric type

Options:

• type-1: External metric type 1, comparable to link state metric
• type-2: External metric type 2, larger than link state metric

configure authority router routing vrf ospf advertise-default policy

A policy to apply to the default route

Usage

configure authority router routing vrf ospf advertise-default policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf ospf area

List of OSPF areas

Usage

configure authority router routing vrf ospf area <id>

Positional Arguments

name	description
id	Area ID

Subcommands

command	description
authentication-type	Area authentication type
clone	Clone a list item
default-cost	Set the summary default route cost for a stub or NSSA area.
delete	Delete configuration data
id	Area ID
interface	List of interfaces in area
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	List of routing interfaces in area
show	Show configuration data for 'area'
summary-advertisement	Enable/Disable summary advertisement into the stub or NSSA area.
summary-range	Summarize routes matching address/mask - Applicable to Area Border Routers (ABRs) only
type	Area type

configure authority router routing vrf ospf area authentication-type

Area authentication type

Usage

configure authority router routing vrf ospf area authentication-type [<area-authentication-type>]

Positional Arguments

name	description
area-authentication-type	The value to set for this field

Description

Default: none

area-authentication-type (enumeration)

OSPF area authentication. Can be overriden by interface authentication.

Options:

• none: No authentication
• simple: Simple (plain text) password authentication
• md5: MD5 HMAC authentication

configure authority router routing vrf ospf area default-cost

Set the summary default route cost for a stub or NSSA area.

Usage

configure authority router routing vrf ospf area default-cost [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-16777215

configure authority router routing vrf ospf area id

Area ID

Usage

configure authority router routing vrf ospf area id [<area-id-type>]

Positional Arguments

name	description
area-id-type	The value to set for this field

Description

area-id-type (string)

Area ID type.

configure authority router routing vrf ospf area interface

List of interfaces in area

Usage

configure authority router routing vrf ospf area interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
authentication-type	OSPF interface authentication type.
bfd	BFD Client Configuration.
clone	Clone a list item
cost	Interface cost
dead-interval	Interval after which a neighbor is declared down (seconds) if hello packets are not received.
delete	Delete configuration data
hello-interval	Interval between hello packets (seconds).
interface	Network interface name
message-digest-key	MD5 HMAC authentication message digest keys
network-type	Interface network type
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
passive	Enable/Disable passive interface - a passive interface's prefix will be advertised but no neighbor adjacencies will be formed on the interface.
password	OSPF simple authentication password
priority	Router priority
show	Show configuration data for 'interface'

configure authority router routing vrf ospf area interface authentication-type

OSPF interface authentication type.

Usage

configure authority router routing vrf ospf area interface authentication-type [<interface-authentication-type>]

Positional Arguments

name	description
interface-authentication-type	The value to set for this field

Description

Default: area

interface-authentication-type (enumeration)

OSPF interface authentication type

Options:

• area: Use area authentication type
• none: No interface authentication
• simple: Simple (plain text) password authentication
• md5: MD5 HMAC authentication

configure authority router routing vrf ospf area interface bfd

BFD Client Configuration.

Subcommands

command	description
delete	Delete configuration data
desired-tx-interval	The minimum transmission interval in milliseconds used to send BFD control packets.
enable	Enable/Disable BFD protocol
multiplier	The number of BFD packets that can be lost without the BFD session declared as down.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'

configure authority router routing vrf ospf area interface bfd desired-tx-interval

The minimum transmission interval in milliseconds used to send BFD control packets.

Usage

configure authority router routing vrf ospf area interface bfd desired-tx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing vrf ospf area interface bfd enable

Enable/Disable BFD protocol

Usage

configure authority router routing vrf ospf area interface bfd enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf area interface bfd multiplier

The number of BFD packets that can be lost without the BFD session declared as down.

Usage

configure authority router routing vrf ospf area interface bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-255

configure authority router routing vrf ospf area interface bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router routing vrf ospf area interface bfd required-min-rx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing vrf ospf area interface cost

Interface cost

Usage

configure authority router routing vrf ospf area interface cost [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing vrf ospf area interface dead-interval

Interval after which a neighbor is declared down (seconds) if hello packets are not received.

Usage

configure authority router routing vrf ospf area interface dead-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 40

uint32

An unsigned 32-bit integer.

Range: 1-2147483647

configure authority router routing vrf ospf area interface hello-interval

Interval between hello packets (seconds).

Usage

configure authority router routing vrf ospf area interface hello-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing vrf ospf area interface interface

Network interface name

Usage

configure authority router routing vrf ospf area interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf ospf area interface message-digest-key

MD5 HMAC authentication message digest keys

Usage

configure authority router routing vrf ospf area interface message-digest-key <id>

Positional Arguments

name	description
id	Message digest key identifier

Subcommands

command	description
delete	Delete configuration data
id	Message digest key identifier
key	Message digest secret key
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'message-digest-key'

configure authority router routing vrf ospf area interface message-digest-key id

Message digest key identifier

Usage

configure authority router routing vrf ospf area interface message-digest-key id [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf ospf area interface message-digest-key key

Message digest secret key

Usage

configure authority router routing vrf ospf area interface message-digest-key key [<routing-password-type>]

Positional Arguments

name	description
routing-password-type	The value to set for this field

Description

routing-password-type (string)

A routing engine password that is hidden from the UI.

Invalid whitespace or other unrecognized character.

configure authority router routing vrf ospf area interface network-type

Interface network type

Usage

configure authority router routing vrf ospf area interface network-type [<interface-network-type>]

Positional Arguments

name	description
interface-network-type	The value to set for this field

Description

Default: unspecified

interface-network-type (enumeration)

OSPF interface network type

Options:

• unspecified: Unspecified network type
• broadcast: Broadcast network
• point-to-point: Point-to-point network

configure authority router routing vrf ospf area interface node

Interface node name

Usage

configure authority router routing vrf ospf area interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf ospf area interface passive

Enable/Disable passive interface - a passive interface's prefix will be advertised but no neighbor adjacencies will be formed on the interface.

Usage

configure authority router routing vrf ospf area interface passive [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf area interface password

OSPF simple authentication password

Usage

configure authority router routing vrf ospf area interface password [<routing-password-type>]

Positional Arguments

name	description
routing-password-type	The value to set for this field

Description

routing-password-type (string)

A routing engine password that is hidden from the UI.

Invalid whitespace or other unrecognized character.

configure authority router routing vrf ospf area interface priority

Router priority

Usage

configure authority router routing vrf ospf area interface priority [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 1

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router routing vrf ospf area routing-interface

List of routing interfaces in area

Usage

configure authority router routing vrf ospf area routing-interface <routing-interface>

Positional Arguments

name	description
routing-interface	Routing interface name

Subcommands

command	description
cost	Interface cost
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	Routing interface name
show	Show configuration data for 'routing-interface'

configure authority router routing vrf ospf area routing-interface cost

Interface cost

Usage

configure authority router routing vrf ospf area routing-interface cost [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 10

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing vrf ospf area routing-interface routing-interface

Routing interface name

Usage

configure authority router routing vrf ospf area routing-interface routing-interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf ospf area summary-advertisement

Enable/Disable summary advertisement into the stub or NSSA area.

Usage

configure authority router routing vrf ospf area summary-advertisement [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf area summary-range

Summarize routes matching address/mask - Applicable to Area Border Routers (ABRs) only

Usage

configure authority router routing vrf ospf area summary-range <prefix>

Positional Arguments

name	description
prefix	Summarization prefix

Subcommands

command	description
advertise	Advertise or hide
cost	Advertised cost of summary route
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix	Summarization prefix
show	Show configuration data for 'summary-range'

configure authority router routing vrf ospf area summary-range advertise

Advertise or hide

Usage

configure authority router routing vrf ospf area summary-range advertise [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf area summary-range cost

Advertised cost of summary route

Usage

configure authority router routing vrf ospf area summary-range cost [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing vrf ospf area summary-range prefix

Summarization prefix

Usage

configure authority router routing vrf ospf area summary-range prefix [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing vrf ospf area type

Area type

Usage

configure authority router routing vrf ospf area type [<area-type>]

Positional Arguments

name	description
area-type	The value to set for this field

Description

Default: normal

area-type (enumeration)

A value from a set of predefined names.

Options:

• normal: OSPF normal area
• stub: OSPF stub area
• nssa: OSPF Not-So-Stubby Area (NSSA)

configure authority router routing vrf ospf distance

OSPF route administrative distance

Subcommands

command	description
delete	Delete configuration data
external	Administrative distance for external OSPF routes
inter-area	Administrative distance for inter-area OSPF routes
intra-area	Administrative distance for intra-area OSPF routes
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'distance'

configure authority router routing vrf ospf distance external

Administrative distance for external OSPF routes

Usage

configure authority router routing vrf ospf distance external [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf ospf distance inter-area

Administrative distance for inter-area OSPF routes

Usage

configure authority router routing vrf ospf distance inter-area [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf ospf distance intra-area

Administrative distance for intra-area OSPF routes

Usage

configure authority router routing vrf ospf distance intra-area [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 110

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf ospf graceful-restart

Enable OSPF graceful restart

Subcommands

command	description
delete	Delete configuration data
helper	OSPF graceful restart helper support
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	OSPF graceful restart duration
show	Show configuration data for 'graceful-restart'

configure authority router routing vrf ospf graceful-restart helper

OSPF graceful restart helper support

Subcommands

command	description
delete	Delete configuration data
helper-restart-time	Helper support graceful restart duration
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'helper'
strict-lsa-checking	When enabled, helper will abort graceful restart if a LSA change occurs that affects the restarting router

configure authority router routing vrf ospf graceful-restart helper helper-restart-time

Helper support graceful restart duration

Usage

configure authority router routing vrf ospf graceful-restart helper helper-restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 10-1800

configure authority router routing vrf ospf graceful-restart helper strict-lsa-checking

When enabled, helper will abort graceful restart if a LSA change occurs that affects the restarting router

Usage

configure authority router routing vrf ospf graceful-restart helper strict-lsa-checking [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf ospf graceful-restart restart-time

OSPF graceful restart duration

Usage

configure authority router routing vrf ospf graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 1-1800

configure authority router routing vrf ospf instance

Number of OSPF instance

Usage

configure authority router routing vrf ospf instance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-8

configure authority router routing vrf ospf redistribute

List of routing protocols to redistribute into OSPF

Usage

configure authority router routing vrf ospf redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into OSPF

Subcommands

command	description
delete	Delete configuration data
metric	Advertised metric of redistributed route
metric-type	Advertised metric type of redistributed route
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into OSPF
show	Show configuration data for 'redistribute'

configure authority router routing vrf ospf redistribute metric

Advertised metric of redistributed route

Usage

configure authority router routing vrf ospf redistribute metric [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 0-16777214

configure authority router routing vrf ospf redistribute metric-type

Advertised metric type of redistributed route

Usage

configure authority router routing vrf ospf redistribute metric-type [<ospf-external-metric-type>]

Positional Arguments

name	description
ospf-external-metric-type	The value to set for this field

Description

Default: type-2

ospf-external-metric-type (enumeration)

OSPF external metric type

Options:

• type-1: External metric type 1, comparable to link state metric
• type-2: External metric type 2, larger than link state metric

configure authority router routing vrf ospf redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing vrf ospf redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf ospf redistribute protocol

The routing protocol to redistribute into OSPF

Usage

configure authority router routing vrf ospf redistribute protocol [<redistribute-into-ospf>]

Positional Arguments

name	description
redistribute-into-ospf	The value to set for this field

Description

redistribute-into-ospf (enumeration)

A value from a set of predefined names.

Options:

• bgp: BGP routes
• connected: Interface routes
• service: Service routes
• static: Static routes

configure authority router routing vrf ospf router-id

Defined in RFC 2328. A 32-bit number that uniquely identifies the router

Usage

configure authority router routing vrf ospf router-id [<dotted-quad>]

Positional Arguments

name	description
dotted-quad	The value to set for this field

Description

dotted-quad (string)

An unsigned 32-bit number expressed in the dotted-quad notation, i.e., four octets written as decimal numbers and separated with the '.' (full stop) character.

configure authority router routing vrf ospf timers

OSPF Timers

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'
spf	OSPF SPF Timers

configure authority router routing vrf ospf timers spf

OSPF SPF Timers

Subcommands

command	description
delay	Initial SPF delay.
delete	Delete configuration data
hold-time	Adaptive hold-time.
maximum-hold-time	Maximum hold-time.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'spf'

configure authority router routing vrf ospf timers spf delay

Initial SPF delay.

Usage

configure authority router routing vrf ospf timers spf delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 0

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing vrf ospf timers spf hold-time

Adaptive hold-time.

Usage

configure authority router routing vrf ospf timers spf hold-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 5000

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing vrf ospf timers spf maximum-hold-time

Maximum hold-time.

Usage

configure authority router routing vrf ospf timers spf maximum-hold-time [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: milliseconds

Default: 30000

uint32

An unsigned 32-bit integer.

Range: 0-600000

configure authority router routing vrf ospf version

OSPF version

Usage

configure authority router routing vrf ospf version [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: ospfv2

enumeration

A value from a set of predefined names.

Options:

• ospfv2:
• ospfv3:

configure authority router routing vrf pim

PIM VRF configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of PIM interfaces in the VRF
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rp	PIM RP Configuration
show	Show configuration data for 'pim'

configure authority router routing vrf pim interface

List of PIM interfaces in the VRF

Usage

configure authority router routing vrf pim interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
delete	Delete configuration data
dr-priority	Preference of a particular device in the DR election process. The lowest priority is 1.
hello-interval	Configure Hello Interval
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing vrf pim interface dr-priority

Preference of a particular device in the DR election process. The lowest priority is 1.

Usage

configure authority router routing vrf pim interface dr-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-4294967295

configure authority router routing vrf pim interface hello-interval

Configure Hello Interval

Usage

configure authority router routing vrf pim interface hello-interval [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 30

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf pim interface interface

Network interface name

Usage

configure authority router routing vrf pim interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf pim interface node

Interface node name

Usage

configure authority router routing vrf pim interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf pim rp

PIM RP Configuration

Usage

configure authority router routing vrf pim rp <group-range>

Positional Arguments

name	description
group-range	Multicast Group address range for this RP

Subcommands

command	description
address	IPv4 address of the RP
delete	Delete configuration data
group-range	Multicast Group address range for this RP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rp'

configure authority router routing vrf pim rp address

IPv4 address of the RP

Usage

configure authority router routing vrf pim rp address [<unicast-ipv4-address>]

Positional Arguments

name	description
unicast-ipv4-address	The value to set for this field

Description

unicast-ipv4-address (string) (required)

A unicast IPv4 address

Must be a valid IPv4 address.

configure authority router routing vrf pim rp group-range

Multicast Group address range for this RP

Usage

configure authority router routing vrf pim rp group-range [<multicast-ipv4-prefix>]

Positional Arguments

name	description
multicast-ipv4-prefix	The value to set for this field

Description

multicast-ipv4-prefix (string)

A multicast IPv4 prefix

configure authority router routing vrf pimv6

PIMv6 VRF configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
interface	List of PIMv6 interfaces in the VRF
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rp	PIMv6 RP Configuration
show	Show configuration data for 'pimv6'

configure authority router routing vrf pimv6 interface

List of PIMv6 interfaces in the VRF

Usage

configure authority router routing vrf pimv6 interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
delete	Delete configuration data
dr-priority	Preference of a particular device in the DR election process. The lowest priority is 1.
hello-interval	Configure Hello Interval
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'interface'

configure authority router routing vrf pimv6 interface dr-priority

Preference of a particular device in the DR election process. The lowest priority is 1.

Usage

configure authority router routing vrf pimv6 interface dr-priority [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-4294967295

configure authority router routing vrf pimv6 interface hello-interval

Configure Hello Interval

Usage

configure authority router routing vrf pimv6 interface hello-interval [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 30

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf pimv6 interface interface

Network interface name

Usage

configure authority router routing vrf pimv6 interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf pimv6 interface node

Interface node name

Usage

configure authority router routing vrf pimv6 interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf pimv6 rp

PIMv6 RP Configuration

Usage

configure authority router routing vrf pimv6 rp <group-range>

Positional Arguments

name	description
group-range	IPv6 Multicast Group address range for this RP

Subcommands

command	description
address	IPv6 address of the RP
delete	Delete configuration data
group-range	IPv6 Multicast Group address range for this RP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'rp'

configure authority router routing vrf pimv6 rp address

IPv6 address of the RP

Usage

configure authority router routing vrf pimv6 rp address [<unicast-ipv6-address>]

Positional Arguments

name	description
unicast-ipv6-address	The value to set for this field

Description

unicast-ipv6-address (string) (required)

A unicast IPv6 address

Must be a valid IPv6 address.

configure authority router routing vrf pimv6 rp group-range

IPv6 Multicast Group address range for this RP

Usage

configure authority router routing vrf pimv6 rp group-range [<multicast-ipv6-prefix>]

Positional Arguments

name	description
multicast-ipv6-prefix	The value to set for this field

Description

multicast-ipv6-prefix (string)

A multicast IPv6 prefix

configure authority router routing vrf rib-policy

List of protocol specific RIB policies

Usage

configure authority router routing vrf rib-policy <family> <protocol>

Positional Arguments

name	description
family	The routing protocol address family
protocol	The routing protocol RIB policy

Subcommands

command	description
delete	Delete configuration data
family	The routing protocol address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the protocol route
protocol	The routing protocol RIB policy
show	Show configuration data for 'rib-policy'

configure authority router routing vrf rib-policy family

The routing protocol address family

Usage

configure authority router routing vrf rib-policy family [<rib-family>]

Positional Arguments

name	description
rib-family	The value to set for this field

Description

rib-family (enumeration)

A value from a set of predefined names.

Options:

• ipv4: IPv4 Address Family
• ipv6: IPv6 Address Famimly

configure authority router routing vrf rib-policy policy

A policy to apply to the protocol route

Usage

configure authority router routing vrf rib-policy policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf rib-policy protocol

The routing protocol RIB policy

Usage

configure authority router routing vrf rib-policy protocol [<rib-protocol>]

Positional Arguments

name	description
rib-protocol	The value to set for this field

Description

rib-protocol (enumeration)

A value from a set of predefined names.

Options:

• any: Any RIB protocol
• bgp: BGP routes
• connected: Interface routes
• ospf: OSPF routes
• service: Service routes
• static: Static routes

configure authority router routing vrf router-id

Router ID - 32-bit number in the form of a dotted quad. Some protocols use this parameter for identifying a router to its neighbors.

Usage

configure authority router routing vrf router-id [<dotted-quad>]

Positional Arguments

name	description
dotted-quad	The value to set for this field

Description

dotted-quad (string)

An unsigned 32-bit number expressed in the dotted-quad notation, i.e., four octets written as decimal numbers and separated with the '.' (full stop) character.

configure authority router routing vrf routing-protocol

Each entry contains configuration of a routing protocol instance.

Usage

configure authority router routing vrf routing-protocol <type>

Positional Arguments

name	description
type	Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

Subcommands

command	description
address-family	Address family configuration
clone	Clone a list item
cluster-id	Route reflector cluster id.
conditional-advertisement	Configure Conditional Advertisement
confederation	Configuration options specifying parameters when the local router is within an autonomous system which is part of a BGP confederation.
delete	Delete configuration data
description	Textual description of the routing protocol instance.
graceful-restart	Configuration parameters relating to BGP graceful restart.
local-as	Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991.
neighbor	List of BGP neighbors configured on the local system, uniquely identified by neighbor IPv[46] address
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into BGP
route-reflector-allow-outbound-policy	Apply outbound policy on route reflector clients.
route-selection-options	Set of configuration options that govern best path selection.
router-id	Router id of the router, expressed as an 32-bit value, IPv4 address.
show	Show configuration data for 'routing-protocol'
timers	Config parameters related to timers associated with the BGP neighbor
type	Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

configure authority router routing vrf routing-protocol address-family

Address family configuration

Usage

configure authority router routing vrf routing-protocol address-family <afi-safi>

Positional Arguments

name	description
afi-safi	Address family type

Subcommands

command	description
afi-safi	Address family type
aggregate-address	Address prefixes to aggregate
clone	Clone a list item
default-route-distance	Configuration options relating to the administrative distance (or preference) assigned to routes received from different sources (external, internal, and local).
delete	Delete configuration data
graceful-restart	Configuration parameters relating to BGP graceful restart.
network	Advertises a network into BGP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
redistribute	List of routing protocols to redistribute into BGP
show	Show configuration data for 'address-family'
use-multiple-paths	Parameters related to the use of multiple paths for the same NLRI
vpn-export	Configure Vpn Export
vpn-import	Configure Vpn Import

configure authority router routing vrf routing-protocol address-family afi-safi

Address family type

Usage

configure authority router routing vrf routing-protocol address-family afi-safi [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• ipv4-unicast: IPv4 unicast (AFI,SAFI = 1,1)
• ipv6-unicast: IPv6 unicast (AFI,SAFI = 2,1)
• ipv4-vpn: IPv4 vpn (AFI,SAFI = 1,128)
• ipv6-vpn: IPv6 vpn (AFI,SAFI = 2,128)

configure authority router routing vrf routing-protocol address-family aggregate-address

Address prefixes to aggregate

Usage

configure authority router routing vrf routing-protocol address-family aggregate-address <prefix>

Positional Arguments

name	description
prefix	The prefix to aggregate from

Subcommands

command	description
as-set	Generate as-set information for the resultant aggregate
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	Policy to apply to the aggregate route
prefix	The prefix to aggregate from
show	Show configuration data for 'aggregate-address'
summary-only	Specifies that the prefixes aggregated by this aggregation are not to be advertised: only the aggregate itself will be advertised

configure authority router routing vrf routing-protocol address-family aggregate-address as-set

Generate as-set information for the resultant aggregate

Usage

configure authority router routing vrf routing-protocol address-family aggregate-address as-set [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol address-family aggregate-address policy

Policy to apply to the aggregate route

Usage

configure authority router routing vrf routing-protocol address-family aggregate-address policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol address-family aggregate-address prefix

The prefix to aggregate from

Usage

configure authority router routing vrf routing-protocol address-family aggregate-address prefix [<not-host-ip-prefix>]

Positional Arguments

name	description
not-host-ip-prefix	The value to set for this field

Description

not-host-ip-prefix (union)

A not host IPv4 or IPv6 prefix

Must be one of the following types:

(0) not-host-ipv4-prefix (string)

A not host IPv4 prefix

(1) not-host-ipv6-prefix (string)

A not host IPv6 prefix

configure authority router routing vrf routing-protocol address-family aggregate-address summary-only

Specifies that the prefixes aggregated by this aggregation are not to be advertised: only the aggregate itself will be advertised

Usage

configure authority router routing vrf routing-protocol address-family aggregate-address summary-only [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol address-family default-route-distance

Configuration options relating to the administrative distance (or preference) assigned to routes received from different sources (external, internal, and local).

Subcommands

command	description
delete	Delete configuration data
external	Administrative distance for routes learned from external BGP (eBGP).
internal	Administrative distance for routes learned from internal BGP (iBGP).
local	Administrative distance for local routes
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'default-route-distance'

configure authority router routing vrf routing-protocol address-family default-route-distance external

Administrative distance for routes learned from external BGP (eBGP).

Usage

configure authority router routing vrf routing-protocol address-family default-route-distance external [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 20

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf routing-protocol address-family default-route-distance internal

Administrative distance for routes learned from internal BGP (iBGP).

Usage

configure authority router routing vrf routing-protocol address-family default-route-distance internal [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 200

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf routing-protocol address-family default-route-distance local

Administrative distance for local routes

Usage

configure authority router routing vrf routing-protocol address-family default-route-distance local [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 200

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf routing-protocol address-family graceful-restart

Configuration parameters relating to BGP graceful restart.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.
show	Show configuration data for 'graceful-restart'
stale-routes-time	An upper-bound on the time that the stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

Description

warning

graceful-restart is deprecated and will be removed in a future software version

configure authority router routing vrf routing-protocol address-family graceful-restart restart-time

Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.

Usage

configure authority router routing vrf routing-protocol address-family graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

warning

restart-time is deprecated and will be removed in a future software version

uint16

An unsigned 16-bit integer.

Range: 0-4096

configure authority router routing vrf routing-protocol address-family graceful-restart stale-routes-time

An upper-bound on the time that the stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

Usage

configure authority router routing vrf routing-protocol address-family graceful-restart stale-routes-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

warning

stale-routes-time is deprecated and will be removed in a future software version

uint16

An unsigned 16-bit integer.

Range: 1-3600

configure authority router routing vrf routing-protocol address-family network

Advertises a network into BGP

Usage

configure authority router routing vrf routing-protocol address-family network <network-address>

Positional Arguments

name	description
network-address	Specify a network to announce via BGP for this address family

Subcommands

command	description
delete	Delete configuration data
network-address	Specify a network to announce via BGP for this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	a policy to apply to the imported route
show	Show configuration data for 'network'

configure authority router routing vrf routing-protocol address-family network network-address

Specify a network to announce via BGP for this address family

Usage

configure authority router routing vrf routing-protocol address-family network network-address [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority router routing vrf routing-protocol address-family network policy

a policy to apply to the imported route

Usage

configure authority router routing vrf routing-protocol address-family network policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol address-family redistribute

List of routing protocols to redistribute into BGP

Usage

configure authority router routing vrf routing-protocol address-family redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into BGP

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into BGP
show	Show configuration data for 'redistribute'

configure authority router routing vrf routing-protocol address-family redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing vrf routing-protocol address-family redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol address-family redistribute protocol

The routing protocol to redistribute into BGP

Usage

configure authority router routing vrf routing-protocol address-family redistribute protocol [<redistribute-into-bgp>]

Positional Arguments

name	description
redistribute-into-bgp	The value to set for this field

Description

redistribute-into-bgp (enumeration)

A value from a set of predefined names.

Options:

• connected: Interface routes
• service: Service routes
• static: Static routes
• ospf: OSPF routes

configure authority router routing vrf routing-protocol address-family use-multiple-paths

Parameters related to the use of multiple paths for the same NLRI

Subcommands

command	description
delete	Delete configuration data
ebgp	Multipath parameters for eBGP
ibgp	Multipath parameters for iBGP
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'use-multiple-paths'

configure authority router routing vrf routing-protocol address-family use-multiple-paths ebgp

Multipath parameters for eBGP

Subcommands

command	description
delete	Delete configuration data
maximum-paths	Maximum number of parallel paths to consider when using eBGP multipath for this address family. The default is to use a single path.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ebgp'

configure authority router routing vrf routing-protocol address-family use-multiple-paths ebgp maximum-paths

Maximum number of parallel paths to consider when using eBGP multipath for this address family. The default is to use a single path.

Usage

configure authority router routing vrf routing-protocol address-family use-multiple-paths ebgp maximum-paths [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: paths

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-64

configure authority router routing vrf routing-protocol address-family use-multiple-paths ibgp

Multipath parameters for iBGP

Subcommands

command	description
delete	Delete configuration data
maximum-paths	Maximum number of parallel paths to consider when using iBGP multipath for this address family. The default is to use a single path
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ibgp'

configure authority router routing vrf routing-protocol address-family use-multiple-paths ibgp maximum-paths

Maximum number of parallel paths to consider when using iBGP multipath for this address family. The default is to use a single path

Usage

configure authority router routing vrf routing-protocol address-family use-multiple-paths ibgp maximum-paths [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: paths

Default: 1

uint32

An unsigned 32-bit integer.

Range: 1-64

configure authority router routing vrf routing-protocol address-family vpn-export

Configure Vpn Export

Subcommands

command	description
delete	Delete configuration data
export-policy	Export policy for vpn export
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
route-distinguisher	Route Distinguisher for vpn export
show	Show configuration data for 'vpn-export'
vpn-export-route-target	Route Target list for vpn export

configure authority router routing vrf routing-protocol address-family vpn-export export-policy

Export policy for vpn export

Usage

configure authority router routing vrf routing-protocol address-family vpn-export export-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol address-family vpn-export route-distinguisher

Route Distinguisher for vpn export

Usage

configure authority router routing vrf routing-protocol address-family vpn-export route-distinguisher [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	The value to set for this field

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing vrf routing-protocol address-family vpn-export vpn-export-route-target

Route Target list for vpn export

Usage

configure authority router routing vrf routing-protocol address-family vpn-export vpn-export-route-target [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing vrf routing-protocol address-family vpn-import

Configure Vpn Import

Subcommands

command	description
delete	Delete configuration data
import-policy	Export policy for vpn import
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'vpn-import'
vpn-import-route-target	Route Target list for vpn import

configure authority router routing vrf routing-protocol address-family vpn-import import-policy

Export policy for vpn import

Usage

configure authority router routing vrf routing-protocol address-family vpn-import import-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol address-family vpn-import vpn-import-route-target

Route Target list for vpn import

Usage

configure authority router routing vrf routing-protocol address-family vpn-import vpn-import-route-target [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union) (required)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string (required)

A text value.

Must be <ipv4-address>:<uint16>

(1) string (required)

A text value.

Must be <uint16>:<uint32>

(2) string (required)

A text value.

Must be <uint32>:<uint16>

configure authority router routing vrf routing-protocol cluster-id

Route reflector cluster id.

Usage

configure authority router routing vrf routing-protocol cluster-id [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority router routing vrf routing-protocol conditional-advertisement

Configure Conditional Advertisement

Subcommands

command	description
delete	Delete configuration data
interval-time	Conditional advertisement scanner process interval time.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'conditional-advertisement'

configure authority router routing vrf routing-protocol conditional-advertisement interval-time

Conditional advertisement scanner process interval time.

Usage

configure authority router routing vrf routing-protocol conditional-advertisement interval-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 60

uint16

An unsigned 16-bit integer.

Range: 5-240

configure authority router routing vrf routing-protocol confederation

Configuration options specifying parameters when the local router is within an autonomous system which is part of a BGP confederation.

Subcommands

command	description
delete	Delete configuration data
identifier	Confederation identifier for the autonomous system.
member-as	Remote autonomous systems that are to be treated as part of the local confederation.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'confederation'

configure authority router routing vrf routing-protocol confederation identifier

Confederation identifier for the autonomous system.

Usage

configure authority router routing vrf routing-protocol confederation identifier [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing vrf routing-protocol confederation member-as

Remote autonomous systems that are to be treated as part of the local confederation.

Usage

configure authority router routing vrf routing-protocol confederation member-as [<as-number>]

Positional Arguments

name	description
as-number	Value to add to this list

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing vrf routing-protocol description

Textual description of the routing protocol instance.

Usage

configure authority router routing vrf routing-protocol description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing vrf routing-protocol graceful-restart

Configuration parameters relating to BGP graceful restart.

Subcommands

command	description
delete	Delete configuration data
mode	Graceful restart mode.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-time	Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.
select-delay-time	After GR restart and reconnect with a GR helper peer, this is the minimum time to delay the best route selection process and sending the initial End-of-RIB to all BGP neighbors. This is the minimum of the currently unexposed selection deferral timer (RFC-4724) where that timer is a maximum and currently hard- coded to 360 seconds.
show	Show configuration data for 'graceful-restart'
stale-routes-time	An upper-bound on the time that the stale routes will be retained by a router after a session is restarted or 0 to disable. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

configure authority router routing vrf routing-protocol graceful-restart mode

Graceful restart mode.

Usage

configure authority router routing vrf routing-protocol graceful-restart mode [<graceful-restart-mode>]

Positional Arguments

name	description
graceful-restart-mode	The value to set for this field

Description

Default: helper

graceful-restart-mode (enumeration)

configure BGP graceful restart mode [rfc4724]

Options:

• enable: enable graceful restart and helper mode
• helper: enable graceful restart helper mode only
• disable: disable graceful restart

configure authority router routing vrf routing-protocol graceful-restart restart-time

Estimated time for the local BGP speaker to restart a session. This value is advertised in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is less than or equal to the hold-time value.

Usage

configure authority router routing vrf routing-protocol graceful-restart restart-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 120

uint16

An unsigned 16-bit integer.

Range: 1-4095

configure authority router routing vrf routing-protocol graceful-restart select-delay-time

After GR restart and reconnect with a GR helper peer, this is the minimum time to delay the best route selection process and sending the initial End-of-RIB to all BGP neighbors. This is the minimum of the currently unexposed selection deferral timer (RFC-4724) where that timer is a maximum and currently hard- coded to 360 seconds.

Usage

configure authority router routing vrf routing-protocol graceful-restart select-delay-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 0

uint16

An unsigned 16-bit integer.

Range: 0-360

configure authority router routing vrf routing-protocol graceful-restart stale-routes-time

An upper-bound on the time that the stale routes will be retained by a router after a session is restarted or 0 to disable. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724

Usage

configure authority router routing vrf routing-protocol graceful-restart stale-routes-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 360

uint16

An unsigned 16-bit integer.

Range: 0-3600

configure authority router routing vrf routing-protocol local-as

Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991.

Usage

configure authority router routing vrf routing-protocol local-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing vrf routing-protocol neighbor

List of BGP neighbors configured on the local system, uniquely identified by neighbor IPv[46] address

Usage

configure authority router routing vrf routing-protocol neighbor <neighbor-address>

Positional Arguments

name	description
neighbor-address	IP address of the BGP neighbor

Subcommands

command	description
address-family	Address family configuration
auth-password	Configures an MD5 authentication password for use with neighboring devices.
bfd	BFD Client Configuration.
clone	Clone a list item
delete	Delete configuration data
description	An optional textual description (intended primarily for use with a neighbor or group
graceful-restart	Configuration parameters relating to BGP neighbor graceful restart. If not explicitly configured, neighbor inherits from BGP instance.
local-as	The local autonomous system number that is to be used when establishing sessions with the remote neighbor or neighbor group, if this differs from the global BGP router autonomous system number.
multihop	Configuration parameters specifying the multihop behaviour for BGP sessions to the neighbor
negotiate-capabilities	If set to false, suppress sending the Capabilities Optional Parameter in the BGP OPEN message.
neighbor-address	IP address of the BGP neighbor
neighbor-as	AS number of the neighbor.
neighbor-policy	Configure Neighbor Policy
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor'
shutdown	If set to true, the neighbors connection will not come up.
timers	Config parameters related to timers associated with the BGP neighbor
transport	Configuration parameters relating to the transport protocol used by the BGP session to the neighbor

configure authority router routing vrf routing-protocol neighbor address-family

Address family configuration

Usage

configure authority router routing vrf routing-protocol neighbor address-family <afi-safi>

Positional Arguments

name	description
afi-safi	Address family type

Subcommands

command	description
activate	Activate address family for neighbor
afi-safi	Address family type
as-path-options	Configuration parameters allowing manipulation of the AS_PATH attribute for this address family
conditional-advertisement	Configure Conditional Advertisement
delete	Delete configuration data
neighbor-policy	Configure Neighbor Policy
next-hop-self	Sets the router as the next hop for this neighbor and this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix-limit	Configure the maximum number of prefixes that will be accepted from a neighbor for this address family
remove-private-as	Modify private AS numbers in updates sent to neighbors for this address family.
route-reflector	Route reflector client configuration
send-default-route	If set to true, generate and send the default-route for this address-family to the neighbor
show	Show configuration data for 'address-family'

configure authority router routing vrf routing-protocol neighbor address-family activate

Activate address family for neighbor

Usage

configure authority router routing vrf routing-protocol neighbor address-family activate [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor address-family afi-safi

Address family type

Usage

configure authority router routing vrf routing-protocol neighbor address-family afi-safi [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• ipv4-unicast: IPv4 unicast (AFI,SAFI = 1,1)
• ipv6-unicast: IPv6 unicast (AFI,SAFI = 2,1)
• ipv4-vpn: IPv4 vpn (AFI,SAFI = 1,128)
• ipv6-vpn: IPv6 vpn (AFI,SAFI = 2,128)

configure authority router routing vrf routing-protocol neighbor address-family as-path-options

Configuration parameters allowing manipulation of the AS_PATH attribute for this address family

Subcommands

command	description
allow-own-as	Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected for this address family.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'as-path-options'

configure authority router routing vrf routing-protocol neighbor address-family as-path-options allow-own-as

Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected for this address family.

Usage

configure authority router routing vrf routing-protocol neighbor address-family as-path-options allow-own-as [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement

Configure Conditional Advertisement

Subcommands

command	description
advertisement-policy	A policy selecting routes to conditionally advertise.
delete	Delete configuration data
exist-policy	If this policy matches any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.
non-exist-policy	If this policy does not match any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'conditional-advertisement'

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement advertisement-policy

A policy selecting routes to conditionally advertise.

Usage

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement advertisement-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref) (required)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement exist-policy

If this policy matches any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.

Usage

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement exist-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement non-exist-policy

If this policy does not match any BGP route, advertise the routes matched by advertisement-policy, otherwise do not advertise the routes matched by advertisement-policy.

Usage

configure authority router routing vrf routing-protocol neighbor address-family conditional-advertisement non-exist-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor address-family neighbor-policy

Configure Neighbor Policy

Subcommands

command	description
delete	Delete configuration data
inbound-policy	A policy to apply to the NLRIs inbound from this neighbor.
outbound-policy	A policy to apply to the NLRIs outbound to this neighbor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor-policy'

configure authority router routing vrf routing-protocol neighbor address-family neighbor-policy inbound-policy

A policy to apply to the NLRIs inbound from this neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor address-family neighbor-policy inbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor address-family neighbor-policy outbound-policy

A policy to apply to the NLRIs outbound to this neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor address-family neighbor-policy outbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor address-family next-hop-self

Sets the router as the next hop for this neighbor and this address family

Usage

configure authority router routing vrf routing-protocol neighbor address-family next-hop-self [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit

Configure the maximum number of prefixes that will be accepted from a neighbor for this address family

Subcommands

command	description
delete	Delete configuration data
max-prefixes	Maximum number of prefixes that will be accepted from the neighbor for this address family
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
restart-timer	Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.
show	Show configuration data for 'prefix-limit'
shutdown-threshold-pct	Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries.

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit max-prefixes

Maximum number of prefixes that will be accepted from the neighbor for this address family

Usage

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit max-prefixes [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: prefixes

uint32 (required)

An unsigned 32-bit integer.

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit restart-timer

Time interval after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit for this adddress family.

Usage

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit restart-timer [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit shutdown-threshold-pct

Threshold on number of prefixes that can be received from a neighbor for this address family before generation of warning messages or log entries.

Usage

configure authority router routing vrf routing-protocol neighbor address-family prefix-limit shutdown-threshold-pct [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router routing vrf routing-protocol neighbor address-family remove-private-as

Modify private AS numbers in updates sent to neighbors for this address family.

Usage

configure authority router routing vrf routing-protocol neighbor address-family remove-private-as [<remove-private-as-option>]

Positional Arguments

name	description
remove-private-as-option	The value to set for this field

Description

remove-private-as-option (enumeration)

Set of options for configuring how private AS numbers are modified in advertised AS paths.

Options:

• all: Remove all private ASes in the AS path.
• replace-all: Replace all private ASes with the local AS.
• only: Remove private ASes only if the AS path contains just private ASes.
• replace-only: Replace private ASes with the local AS only if the AS path contains just private ASes.
• disable: Do not remove private ASes.

configure authority router routing vrf routing-protocol neighbor address-family route-reflector

Route reflector client configuration

Subcommands

command	description
client	Configure the neighbor as a route reflector client for this address family.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'route-reflector'

configure authority router routing vrf routing-protocol neighbor address-family route-reflector client

Configure the neighbor as a route reflector client for this address family.

Usage

configure authority router routing vrf routing-protocol neighbor address-family route-reflector client [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor address-family send-default-route

If set to true, generate and send the default-route for this address-family to the neighbor

Usage

configure authority router routing vrf routing-protocol neighbor address-family send-default-route [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor auth-password

Configures an MD5 authentication password for use with neighboring devices.

Usage

configure authority router routing vrf routing-protocol neighbor auth-password [<password>]

Positional Arguments

name	description
password	The value to set for this field

Description

password (string)

A password type that is hidden from the UI. The internal storage format is dependent on the individual field.

configure authority router routing vrf routing-protocol neighbor bfd

BFD Client Configuration.

Subcommands

command	description
delete	Delete configuration data
desired-tx-interval	The minimum transmission interval in milliseconds used to send BFD control packets.
enable	Enable/Disable BFD protocol
multiplier	The number of BFD packets that can be lost without the BFD session declared as down.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
required-min-rx-interval	Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.
show	Show configuration data for 'bfd'

configure authority router routing vrf routing-protocol neighbor bfd desired-tx-interval

The minimum transmission interval in milliseconds used to send BFD control packets.

Usage

configure authority router routing vrf routing-protocol neighbor bfd desired-tx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing vrf routing-protocol neighbor bfd enable

Enable/Disable BFD protocol

Usage

configure authority router routing vrf routing-protocol neighbor bfd enable [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor bfd multiplier

The number of BFD packets that can be lost without the BFD session declared as down.

Usage

configure authority router routing vrf routing-protocol neighbor bfd multiplier [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 3

uint8

An unsigned 8-bit integer.

Range: 2-255

configure authority router routing vrf routing-protocol neighbor bfd required-min-rx-interval

Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting.

Usage

configure authority router routing vrf routing-protocol neighbor bfd required-min-rx-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: milliseconds

Default: 1000

uint16

An unsigned 16-bit integer.

Range: 50-60000

configure authority router routing vrf routing-protocol neighbor description

An optional textual description (intended primarily for use with a neighbor or group

Usage

configure authority router routing vrf routing-protocol neighbor description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing vrf routing-protocol neighbor graceful-restart

Configuration parameters relating to BGP neighbor graceful restart. If not explicitly configured, neighbor inherits from BGP instance.

Subcommands

command	description
delete	Delete configuration data
mode	Graceful restart mode.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'graceful-restart'

configure authority router routing vrf routing-protocol neighbor graceful-restart mode

Graceful restart mode.

Usage

configure authority router routing vrf routing-protocol neighbor graceful-restart mode [<graceful-restart-mode>]

Positional Arguments

name	description
graceful-restart-mode	The value to set for this field

Description

graceful-restart-mode (enumeration)

configure BGP graceful restart mode [rfc4724]

Options:

• enable: enable graceful restart and helper mode
• helper: enable graceful restart helper mode only
• disable: disable graceful restart

configure authority router routing vrf routing-protocol neighbor local-as

The local autonomous system number that is to be used when establishing sessions with the remote neighbor or neighbor group, if this differs from the global BGP router autonomous system number.

Usage

configure authority router routing vrf routing-protocol neighbor local-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing vrf routing-protocol neighbor multihop

Configuration parameters specifying the multihop behaviour for BGP sessions to the neighbor

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'multihop'
ttl	Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled

configure authority router routing vrf routing-protocol neighbor multihop ttl

Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled

Usage

configure authority router routing vrf routing-protocol neighbor multihop ttl [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf routing-protocol neighbor negotiate-capabilities

If set to false, suppress sending the Capabilities Optional Parameter in the BGP OPEN message.

Usage

configure authority router routing vrf routing-protocol neighbor negotiate-capabilities [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor neighbor-address

IP address of the BGP neighbor

Usage

configure authority router routing vrf routing-protocol neighbor neighbor-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing vrf routing-protocol neighbor neighbor-as

AS number of the neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor neighbor-as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32) (required)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority router routing vrf routing-protocol neighbor neighbor-policy

Configure Neighbor Policy

Subcommands

command	description
delete	Delete configuration data
inbound-policy	A policy to apply to the NLRIs inbound from this neighbor.
outbound-policy	A policy to apply to the NLRIs outbound to this neighbor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'neighbor-policy'

configure authority router routing vrf routing-protocol neighbor neighbor-policy inbound-policy

A policy to apply to the NLRIs inbound from this neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor neighbor-policy inbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor neighbor-policy outbound-policy

A policy to apply to the NLRIs outbound to this neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor neighbor-policy outbound-policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor shutdown

If set to true, the neighbors connection will not come up.

Usage

configure authority router routing vrf routing-protocol neighbor shutdown [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol neighbor timers

Config parameters related to timers associated with the BGP neighbor

Subcommands

command	description
connect-retry	Time interval between attempts to establish a session with the neighbor.
delete	Delete configuration data
hold-time	Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.
keepalive-interval	Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.
minimum-advertisement-interval	Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a neighbor. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'

configure authority router routing vrf routing-protocol neighbor timers connect-retry

Time interval between attempts to establish a session with the neighbor.

Usage

configure authority router routing vrf routing-protocol neighbor timers connect-retry [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing vrf routing-protocol neighbor timers hold-time

Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.

Usage

configure authority router routing vrf routing-protocol neighbor timers hold-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 0,3-65535

configure authority router routing vrf routing-protocol neighbor timers keepalive-interval

Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.

Usage

configure authority router routing vrf routing-protocol neighbor timers keepalive-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing vrf routing-protocol neighbor timers minimum-advertisement-interval

Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a neighbor. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability.

Usage

configure authority router routing vrf routing-protocol neighbor timers minimum-advertisement-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-600

configure authority router routing vrf routing-protocol neighbor transport

Configuration parameters relating to the transport protocol used by the BGP session to the neighbor

Subcommands

command	description
bgp-service-generation	Approach used for generating a BGP service and service routes to enable SVR transport for the BGP session with the neighbor.
delete	Delete configuration data
local-address	Set the source IP address to be used for the BGP peering session. This must be expressed as a reference to the name of a routing interface or network interface.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
passive-mode	Wait for neighbors to issue requests to open a BGP session, rather than initiating sessions from the local router.
show	Show configuration data for 'transport'

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation

Approach used for generating a BGP service and service routes to enable SVR transport for the BGP session with the neighbor.

Subcommands

command	description
delete	Delete configuration data
disabled	Do not generate a BGP service or service routes.
neighbor-vrf	Name of the neighbor's VRF in which the peer BGP instance resides. Can be 'default'.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
same-neighbor-vrf	Generate BGP service if there is a matching peer with a BGP instance within the same VRF.
show	Show configuration data for 'bgp-service-generation'

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation disabled

Do not generate a BGP service or service routes.

Usage

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation disabled

Description

empty

Has no value.

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation neighbor-vrf

Name of the neighbor's VRF in which the peer BGP instance resides. Can be 'default'.

Usage

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation neighbor-vrf [<vrf-name-or-default-vrf>]

Positional Arguments

name	description
vrf-name-or-default-vrf	The value to set for this field

Description

vrf-name-or-default-vrf (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters, and cannot be the words 'all', 'any', or 'unknown'.

Must contain only alphanumeric characters or any of the following: _ - Length: 1-15

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation same-neighbor-vrf

Generate BGP service if there is a matching peer with a BGP instance within the same VRF.

Usage

configure authority router routing vrf routing-protocol neighbor transport bgp-service-generation same-neighbor-vrf

Description

empty

Has no value.

configure authority router routing vrf routing-protocol neighbor transport local-address

Set the source IP address to be used for the BGP peering session. This must be expressed as a reference to the name of a routing interface or network interface.

Subcommands

command	description
delete	Delete configuration data
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
routing-interface	Configure Routing Interface
show	Show configuration data for 'local-address'

configure authority router routing vrf routing-protocol neighbor transport local-address interface

Network interface name

Usage

configure authority router routing vrf routing-protocol neighbor transport local-address interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref (required)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor transport local-address node

Interface node name

Usage

configure authority router routing vrf routing-protocol neighbor transport local-address node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref (required)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor transport local-address routing-interface

Configure Routing Interface

Usage

configure authority router routing vrf routing-protocol neighbor transport local-address routing-interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol neighbor transport passive-mode

Wait for neighbors to issue requests to open a BGP session, rather than initiating sessions from the local router.

Usage

configure authority router routing vrf routing-protocol neighbor transport passive-mode [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol redistribute

List of routing protocols to redistribute into BGP

Usage

configure authority router routing vrf routing-protocol redistribute <protocol>

Positional Arguments

name	description
protocol	The routing protocol to redistribute into BGP

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A policy to apply to the redistributed route
protocol	The routing protocol to redistribute into BGP
show	Show configuration data for 'redistribute'

configure authority router routing vrf routing-protocol redistribute policy

A policy to apply to the redistributed route

Usage

configure authority router routing vrf routing-protocol redistribute policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority router routing vrf routing-protocol redistribute protocol

The routing protocol to redistribute into BGP

Usage

configure authority router routing vrf routing-protocol redistribute protocol [<redistribute-into-bgp>]

Positional Arguments

name	description
redistribute-into-bgp	The value to set for this field

Description

redistribute-into-bgp (enumeration)

A value from a set of predefined names.

Options:

• connected: Interface routes
• service: Service routes
• static: Static routes
• ospf: OSPF routes

configure authority router routing vrf routing-protocol route-reflector-allow-outbound-policy

Apply outbound policy on route reflector clients.

Usage

configure authority router routing vrf routing-protocol route-reflector-allow-outbound-policy [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol route-selection-options

Set of configuration options that govern best path selection.

Subcommands

command	description
always-compare-med	Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS.
delete	Delete configuration data
external-compare-router-id	When comparing similar routes received from external BGP neighbors, use the router-id as a criterion to select the active path.
ignore-as-path-length	Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'route-selection-options'

configure authority router routing vrf routing-protocol route-selection-options always-compare-med

Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS.

Usage

configure authority router routing vrf routing-protocol route-selection-options always-compare-med [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol route-selection-options external-compare-router-id

When comparing similar routes received from external BGP neighbors, use the router-id as a criterion to select the active path.

Usage

configure authority router routing vrf routing-protocol route-selection-options external-compare-router-id [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol route-selection-options ignore-as-path-length

Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length.

Usage

configure authority router routing vrf routing-protocol route-selection-options ignore-as-path-length [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router routing vrf routing-protocol router-id

Router id of the router, expressed as an 32-bit value, IPv4 address.

Usage

configure authority router routing vrf routing-protocol router-id [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority router routing vrf routing-protocol timers

Config parameters related to timers associated with the BGP neighbor

Subcommands

command	description
delete	Delete configuration data
hold-time	Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.
keepalive-interval	Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'timers'

configure authority router routing vrf routing-protocol timers hold-time

Time interval that a BGP session will be considered active in the absence of keepalive or other messages from the neighbor. The hold-time is typically set to 3x the keepalive-interval.

Usage

configure authority router routing vrf routing-protocol timers hold-time [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 90

uint16

An unsigned 16-bit integer.

Range: 0,3-65535

configure authority router routing vrf routing-protocol timers keepalive-interval

Time interval between transmission of keepalive messages to the neighbor. Must be set to 1/3 the hold-time or smaller.

Usage

configure authority router routing vrf routing-protocol timers keepalive-interval [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 30

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router routing vrf routing-protocol type

Type of the routing protocol - an identity derived from the 'routing-protocol' base identity.

Usage

configure authority router routing vrf routing-protocol type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• bgp: BGP routing protocol

configure authority router routing vrf service-admin-distance

Administrative distance for routes generated from services.

Usage

configure authority router routing vrf service-admin-distance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 254

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf static-route

A list of static routes. The sub-element that allows administrators to configure static routes, that will be entered into the SSR's Routing Information Base (RIB).

Usage

configure authority router routing vrf static-route <destination-prefix> <distance>

Positional Arguments

name	description
destination-prefix	IPv4 or IPv6 destination prefix that must be unicast.
distance	Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
description	Textual description of the route.
destination-prefix	IPv4 or IPv6 destination prefix that must be unicast.
distance	Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.
next-hop	List of next-hops. An empty list creates a blackhole route.
next-hop-interface	List of next-hop interfaces.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-route'

configure authority router routing vrf static-route description

Textual description of the route.

Usage

configure authority router routing vrf static-route description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router routing vrf static-route destination-prefix

IPv4 or IPv6 destination prefix that must be unicast.

Usage

configure authority router routing vrf static-route destination-prefix [<unicast-ip-prefix>]

Positional Arguments

name	description
unicast-ip-prefix	The value to set for this field

Description

unicast-ip-prefix (union)

A unicast IPv4 or IPv6 prefix

Must be one of the following types:

(0) unicast-ipv4-prefix (string)

A unicast IPv4 prefix

(1) unicast-ipv6-prefix (string)

A unicast IPv6 prefix

configure authority router routing vrf static-route distance

Static route administrative distance. Used in calculating route preference when multiple possible paths exist learned via different sources.

Usage

configure authority router routing vrf static-route distance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-255

configure authority router routing vrf static-route next-hop

List of next-hops. An empty list creates a blackhole route.

Usage

configure authority router routing vrf static-route next-hop [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router routing vrf static-route next-hop-interface

List of next-hop interfaces.

Usage

configure authority router routing vrf static-route next-hop-interface <node> <interface>

Positional Arguments

name	description
node	Interface node name
interface	Network interface name

Subcommands

command	description
interface	Network interface name
node	Interface node name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'next-hop-interface'

configure authority router routing vrf static-route next-hop-interface interface

Network interface name

Usage

configure authority router routing vrf static-route next-hop-interface interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf static-route next-hop-interface node

Interface node name

Usage

configure authority router routing vrf static-route next-hop-interface node [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router routing vrf tenant-name

List of tenants in this VRF.

Usage

configure authority router routing vrf tenant-name [<tenant-ref>]

Positional Arguments

name	description
tenant-ref	Value to add to this list

Description

tenant-ref (leafref)

This type is used by other entities that need to reference configured tenants.

configure authority router service-area-alarm-threshold-profile

Service Area Alarm Threshold Profile configuration

Subcommands

command	description
alarm-clear-threshold	Alarm clear threshold, configurable between 0-100%, default is 70%.
alarm-clear-waiting-window	Alarm clear waiting window, in seconds. Must be a multiple of 5 (e.g., 5, 10, ..., 300). Default is 180 seconds.
alarm-trigger-threshold	Alarm trigger threshold, configurable between 0-100%, default is 85%.
alarm-trigger-waiting-window	Alarm trigger waiting window, in seconds. Must be a multiple of 5 (e.g., 5, 10, ..., 300). Default is 180 seconds.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'service-area-alarm-threshold-profile'

configure authority router service-area-alarm-threshold-profile alarm-clear-threshold

Alarm clear threshold, configurable between 0-100%, default is 70%.

Usage

configure authority router service-area-alarm-threshold-profile alarm-clear-threshold [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 70

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router service-area-alarm-threshold-profile alarm-clear-waiting-window

Alarm clear waiting window, in seconds. Must be a multiple of 5 (e.g., 5, 10, ..., 300). Default is 180 seconds.

Usage

configure authority router service-area-alarm-threshold-profile alarm-clear-waiting-window [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 180

uint16

An unsigned 16-bit integer.

Range: 5-300

configure authority router service-area-alarm-threshold-profile alarm-trigger-threshold

Alarm trigger threshold, configurable between 0-100%, default is 85%.

Usage

configure authority router service-area-alarm-threshold-profile alarm-trigger-threshold [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 85

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router service-area-alarm-threshold-profile alarm-trigger-waiting-window

Alarm trigger waiting window, in seconds. Must be a multiple of 5 (e.g., 5, 10, ..., 300). Default is 180 seconds.

Usage

configure authority router service-area-alarm-threshold-profile alarm-trigger-waiting-window [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Units: seconds

Default: 180

uint16

An unsigned 16-bit integer.

Range: 5-300

configure authority router service-route

Defines a route for a service or an instance of a service (server or service agent).

Usage

configure authority router service-route <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the service route.

Subcommands

command	description
bridge-name	EOSVR bridge to forward packets to for the service.
clone	Clone a list item
delete	Delete configuration data
enable-failover	Enable failover across next-hops and service-routes that have this flag set.
generated	Indicates whether or not the Service Route was automatically generated as a result of STEP topology builder, Conductor, BGP/SVR, or DHCP Relay services.
host	Packets are passed to the host operating system for processing
name	An arbitrary, unique name for the service route.
nat-target	The address or fqdn of the server that packets are forwarded to for the service. The destination is natted to this address.
next-hop	An instance of the nexthop for the service route.
next-peer	Peer router to forward packets to for the service.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer	Peer router to forward packets to for the service.
port-target	The port of the server that packets are forwarded to for the service. The destination is port natted to this port. If no value is specified, no translation occurs.
reachability-detection	Configure Reachability Detection
routing-stack	Packets are passed to the internal routing agent for processing
routing-stack-vrf	VRF in which the internal routing agent will receive the packets
service-name	The name of the service that this service route applies to.
service-route-policy	Service Route Policy that applies to the service route.
show	Show configuration data for 'service-route'
use-bgp-over-svr	Combine BGP over SVR routes with local service routes.
use-learned-routes	Use learned (from routing protocols), connected, and static routes.
vector	Vector name to assign a cost to this service-route.

configure authority router service-route bridge-name

EOSVR bridge to forward packets to for the service.

Usage

configure authority router service-route bridge-name [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route enable-failover

Enable failover across next-hops and service-routes that have this flag set.

Usage

configure authority router service-route enable-failover [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router service-route generated

Indicates whether or not the Service Route was automatically generated as a result of STEP topology builder, Conductor, BGP/SVR, or DHCP Relay services.

Usage

configure authority router service-route generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router service-route host

Packets are passed to the host operating system for processing

Usage

configure authority router service-route host <node-name>

Positional Arguments

name	description
node-name	The name of the node on which the host interface resides.

Subcommands

command	description
delete	Delete configuration data
move	Move list items
node-name	The name of the node on which the host interface resides.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'host'
target-address	The ipv4 address or fqdn of the server that packets are forwarded to for the service. The destination is natted to this address.

configure authority router service-route host node-name

The name of the node on which the host interface resides.

Usage

configure authority router service-route host node-name [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route host target-address

The ipv4 address or fqdn of the server that packets are forwarded to for the service. The destination is natted to this address.

Usage

configure authority router service-route host target-address [<hostv4>]

Positional Arguments

name	description
hostv4	Value to add to this list

Description

The order of elements matters.

hostv4 (union)

The host type represents either an IPv4 address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router service-route name

An arbitrary, unique name for the service route.

Usage

configure authority router service-route name [<service-route-name>]

Positional Arguments

name	description
service-route-name	The value to set for this field

Description

service-route-name (string)

A service route name identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 320 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-320

configure authority router service-route nat-target

The address or fqdn of the server that packets are forwarded to for the service. The destination is natted to this address.

Usage

configure authority router service-route nat-target [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router service-route next-hop

An instance of the nexthop for the service route.

Usage

configure authority router service-route next-hop <node-name> <interface>

Positional Arguments

name	description
node-name	The name of the node on which the interface resides.
interface	A reference to the name of a configured network layer interface used to reach the destination.

Subcommands

command	description
delete	Delete configuration data
gateway-ip	Gateway ip address of the service route nexthop.
interface	A reference to the name of a configured network layer interface used to reach the destination.
move	Move list items
node-name	The name of the node on which the interface resides.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'next-hop'
source-nat-pool	Apply source address (and optional port) translation for flows created towards the configured next-hop. This config will override any source-nat settings on the egress network-interface.
target-address	Target addresses for the service route nexthop.
vector	Vector name to assign a cost to this next-hop in service-route

configure authority router service-route next-hop gateway-ip

Gateway ip address of the service route nexthop.

Usage

configure authority router service-route next-hop gateway-ip [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router service-route next-hop interface

A reference to the name of a configured network layer interface used to reach the destination.

Usage

configure authority router service-route next-hop interface [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route next-hop node-name

The name of the node on which the interface resides.

Usage

configure authority router service-route next-hop node-name [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route next-hop source-nat-pool

Apply source address (and optional port) translation for flows created towards the configured next-hop. This config will override any source-nat settings on the egress network-interface.

Usage

configure authority router service-route next-hop source-nat-pool [<nat-pool-ref>]

Positional Arguments

name	description
nat-pool-ref	The value to set for this field

Description

nat-pool-ref (leafref)

This type is used by other entities that need to reference configured NAT pools.

configure authority router service-route next-hop target-address

Target addresses for the service route nexthop.

Usage

configure authority router service-route next-hop target-address [<host>]

Positional Arguments

name	description
host	Value to add to this list

Description

The order of elements matters.

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router service-route next-hop vector

Vector name to assign a cost to this next-hop in service-route

Usage

configure authority router service-route next-hop vector [<vector-name>]

Positional Arguments

name	description
vector-name	The value to set for this field

Description

vector-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router service-route next-peer

Peer router to forward packets to for the service.

Usage

configure authority router service-route next-peer [<leafref>]

Positional Arguments

name	description
leafref	Value to add to this list

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route peer

Peer router to forward packets to for the service.

Usage

configure authority router service-route peer [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route port-target

The port of the server that packets are forwarded to for the service. The destination is port natted to this port. If no value is specified, no translation occurs.

Usage

configure authority router service-route port-target [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router service-route reachability-detection

Configure Reachability Detection

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
detection-window	Time window for aggregate stats calculation (max and mean)
enabled	Whether reachability detection is enabled on this service-route.
enforcement	Whether reachability detection is enforced on this service-route.
hold-down	Hold-down time for when the path is determined down
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
probe	Configure Probe
probe-type	The mode for performing probes in addition to reachability-detection enforcement
reachability-profile	The reachability-profile to apply to this service-route
show	Show configuration data for 'reachability-detection'

configure authority router service-route reachability-detection detection-window

Time window for aggregate stats calculation (max and mean)

Usage

configure authority router service-route reachability-detection detection-window [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 5

uint8

An unsigned 8-bit integer.

Range: 5-60

configure authority router service-route reachability-detection enabled

Whether reachability detection is enabled on this service-route.

Usage

configure authority router service-route reachability-detection enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router service-route reachability-detection enforcement

Whether reachability detection is enforced on this service-route.

Usage

configure authority router service-route reachability-detection enforcement [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router service-route reachability-detection hold-down

Hold-down time for when the path is determined down

Usage

configure authority router service-route reachability-detection hold-down [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Units: seconds

Default: 5

uint8

An unsigned 8-bit integer.

Range: 5-60

configure authority router service-route reachability-detection probe

Configure Probe

Usage

configure authority router service-route reachability-detection probe <name>

Positional Arguments

name	description
name	Name of the probe

Subcommands

command	description
delete	Delete configuration data
enabled	Enable reachability probe
icmp-probe-profile	The ICMP probe profile settings to use for this path
name	Name of the probe
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'probe'

configure authority router service-route reachability-detection probe enabled

Enable reachability probe

Usage

configure authority router service-route reachability-detection probe enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router service-route reachability-detection probe icmp-probe-profile

The ICMP probe profile settings to use for this path

Usage

configure authority router service-route reachability-detection probe icmp-probe-profile [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route reachability-detection probe name

Name of the probe

Usage

configure authority router service-route reachability-detection probe name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router service-route reachability-detection probe-type

The mode for performing probes in addition to reachability-detection enforcement

Usage

configure authority router service-route reachability-detection probe-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Ignore probe state and use organic traffic to determine path health
• always: Factor probe state into path health

configure authority router service-route reachability-detection reachability-profile

The reachability-profile to apply to this service-route

Usage

configure authority router service-route reachability-detection reachability-profile [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route routing-stack

Packets are passed to the internal routing agent for processing

Usage

configure authority router service-route routing-stack

Description

empty

Has no value.

configure authority router service-route routing-stack-vrf

VRF in which the internal routing agent will receive the packets

Usage

configure authority router service-route routing-stack-vrf [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route service-name

The name of the service that this service route applies to.

Usage

configure authority router service-route service-name [<service-name-ref>]

Positional Arguments

name	description
service-name-ref	The value to set for this field

Description

service-name-ref (leafref) (required)

This type is used by other entities that need to reference configured services.

configure authority router service-route service-route-policy

Service Route Policy that applies to the service route.

Usage

configure authority router service-route service-route-policy [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router service-route use-bgp-over-svr

Combine BGP over SVR routes with local service routes.

Usage

configure authority router service-route use-bgp-over-svr

Description

empty

Has no value.

configure authority router service-route use-learned-routes

Use learned (from routing protocols), connected, and static routes.

Usage

configure authority router service-route use-learned-routes

Description

empty

Has no value.

configure authority router service-route vector

Vector name to assign a cost to this service-route.

Usage

configure authority router service-route vector [<vector-name>]

Positional Arguments

name	description
vector-name	The value to set for this field

Description

vector-name (string)

A text value.

Must contain only alphanumeric characters or any of the following: . _ - Length: 0-63

configure authority router service-route-policy

Used to define the properties of service routes. These capabilities influence route selection when determining the optimal path for establishing new sessions.

Usage

configure authority router service-route-policy <name>

Positional Arguments

name	description
name	A unique name for the service route policy.

Subcommands

command	description
delete	Delete configuration data
description	A description for the service route policy.
include-parent-routes	When true, the routes from the immediate parent service will be used in addition to those provisioned for the child service. By default, only provisioned routes for a child service is in use.
max-sessions	Maximum number of active sessions. When configured, once the service-route using this service-route-policy reaches the configured threshold, no new sessions will be established until the rate drops below the configured value.
name	A unique name for the service route policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
packet-replication	When true, packets will be replicated for all next-hops in the associated service-route.
session-high-water-mark	Percentage of maximum sessions above which the route will no longer be considered for load balancing.
session-low-water-mark	Percentage of maximum sessions below which the route will be reconsidered for load balancing.
session-rate	Maximum rate in sessions per second. When configured, once the service-route using this service-route-policy reaches the configured rate limit threshold, no new sessions will be established until the rate drops below the configured value.
show	Show configuration data for 'service-route-policy'

configure authority router service-route-policy description

A description for the service route policy.

Usage

configure authority router service-route-policy description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router service-route-policy include-parent-routes

When true, the routes from the immediate parent service will be used in addition to those provisioned for the child service. By default, only provisioned routes for a child service is in use.

Usage

configure authority router service-route-policy include-parent-routes [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router service-route-policy max-sessions

Maximum number of active sessions. When configured, once the service-route using this service-route-policy reaches the configured threshold, no new sessions will be established until the rate drops below the configured value.

Usage

configure authority router service-route-policy max-sessions [<limit>]

Positional Arguments

name	description
limit	The value to set for this field

Description

limit (union)

A type for defining values such as rates and capacities for which the default value is unlimited.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 0-999999999999

(1) enumeration

A value from a set of predefined names.

Options:

• unlimited: No limit on this value.

configure authority router service-route-policy name

A unique name for the service route policy.

Usage

configure authority router service-route-policy name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router service-route-policy packet-replication

When true, packets will be replicated for all next-hops in the associated service-route.

Usage

configure authority router service-route-policy packet-replication [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router service-route-policy session-high-water-mark

Percentage of maximum sessions above which the route will no longer be considered for load balancing.

Usage

configure authority router service-route-policy session-high-water-mark [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 95

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router service-route-policy session-low-water-mark

Percentage of maximum sessions below which the route will be reconsidered for load balancing.

Usage

configure authority router service-route-policy session-low-water-mark [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

Units: percent

Default: 90

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority router service-route-policy session-rate

Maximum rate in sessions per second. When configured, once the service-route using this service-route-policy reaches the configured rate limit threshold, no new sessions will be established until the rate drops below the configured value.

Usage

configure authority router service-route-policy session-rate [<limit>]

Positional Arguments

name	description
limit	The value to set for this field

Description

limit (union)

A type for defining values such as rates and capacities for which the default value is unlimited.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 0-999999999999

(1) enumeration

A value from a set of predefined names.

Options:

• unlimited: No limit on this value.

configure authority router session-records

Configure Session Records

Subcommands

command	description
delete	Delete configuration data
include-error-records	Whether to enable session records for session errors; override the authority config.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'session-records'

configure authority router session-records include-error-records

Whether to enable session records for session errors; override the authority config.

Usage

configure authority router session-records include-error-records [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority router static-hostname-mapping

Map hostnames to ip-address resolutions. These entries will be put in /etc/hosts. This will prevent DNS requests from being sent for these hostnames.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-hostname-mapping'
static-entry	Static hostname mapping entry.

configure authority router static-hostname-mapping static-entry

Static hostname mapping entry.

Usage

configure authority router static-hostname-mapping static-entry <hostname>

Positional Arguments

name	description
hostname	Hostname to set the resolution for.

Subcommands

command	description
delete	Delete configuration data
hostname	Hostname to set the resolution for.
ip-address	Ip-address for the corresponding hostname.
move	Move list items
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'static-entry'

configure authority router static-hostname-mapping static-entry hostname

Hostname to set the resolution for.

Usage

configure authority router static-hostname-mapping static-entry hostname [<domain-name-not-ipv4>]

Positional Arguments

name	description
domain-name-not-ipv4	The value to set for this field

Description

domain-name-not-ipv4 (string)

A subset of domain-name that are not IPv4 addresses

Length: 1-253

configure authority router static-hostname-mapping static-entry ip-address

Ip-address for the corresponding hostname.

Usage

configure authority router static-hostname-mapping static-entry ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	Value to add to this list

Description

The order of elements matters.

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router system

System group configuration. Lets administrators configure system-wide properties for their SSR deployment.

Subcommands

command	description
asset-connection-resiliency	Configure Asset Connection Resiliency
audit	Configuration for audit events
client-certificate	Contains the content of client certificates for this router.
clone	Clone a list item
contact	The administrator contact information for the system.
delete	Delete configuration data
inactivity-timer	The amount of time a user is allowed to be idle before being automatically disconnected from the system.
local-login	Configure Local Login
log-category	Log category configuration lets administrators configure the SSR's log level for specific log categories, overriding the default log-level setting.
log-level	The log level is the degree to which the SSR writes information into its log files, by default. WARNING: using the 'trace' level will significantly impact system performance and is not recommended for production environments. The 'log-category' configuration should be used instead for 'trace' level of specific categories.
metrics	Parameters controlling metric configuration and collection. Governs various aspects of the SSR's data sampling for analytics purposes.
ntp	NTP configuration lets administrators configure information about the NTP servers within their management network.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
radius	Configure Radius
remote-login	Configure Remote Login
secure-conductor-onboarding	Configure Secure Conductor Onboarding
services	Address information for internal services
show	Show configuration data for 'system'
software-access	Configuration for SSR software access for this router. Supported on managed assets only. Any settings configured here will override the authority software access settings.
software-update	Configuration for SSR software updates. Supported on managed assets only.
syslog	Syslog configuration lets administrators configure the SSR's interaction with external syslog services.

configure authority router system asset-connection-resiliency

Configure Asset Connection Resiliency

Subcommands

command	description
delete	Delete configuration data
enabled	Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'asset-connection-resiliency'

configure authority router system asset-connection-resiliency enabled

Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.

Usage

configure authority router system asset-connection-resiliency enabled [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: use-authority-setting

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) boolean

A true or false value.

Options: true or false

(1) enumeration

A value from a set of predefined names.

Options:

• use-authority-setting: Use the authority wide asset connection resiliency state.

configure authority router system audit

Configuration for audit events

Subcommands

command	description
administration	Configure Administration
clone	Clone a list item
delete	Delete configuration data
disk-full-action	Action to take when disk is full.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
remote-logging-server	Audit remote logging server using the auditd remote protocol. For standard syslog servers use the syslog server config instead.
retention	How long events should be persisted. This includes the explicit events here as well as the the implicit alarm and provisioning events
security	Configure Security
show	Show configuration data for 'audit'
system	Configuration for system events
traffic	Configuration for traffic requests

configure authority router system audit administration

Configure Administration

Subcommands

command	description
delete	Delete configuration data
enabled	Enable/disable logging of administration events
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
persist	Enable/disable persistence of administration events by SSR
show	Show configuration data for 'administration'

configure authority router system audit administration enabled

Enable/disable logging of administration events

Usage

configure authority router system audit administration enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit administration persist

Enable/disable persistence of administration events by SSR

Usage

configure authority router system audit administration persist [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit disk-full-action

Action to take when disk is full.

Usage

configure authority router system audit disk-full-action [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: ignore

enumeration

A value from a set of predefined names.

Options:

• halt: On failure halt the system.
• ignore: Ignore the failure.

configure authority router system audit remote-logging-server

Audit remote logging server using the auditd remote protocol. For standard syslog servers use the syslog server config instead.

Usage

configure authority router system audit remote-logging-server <address> <port>

Positional Arguments

name	description
address	The remote IP address or FQDN of the audit logging server.
port	The remote port of the audit logging server.

Subcommands

command	description
address	The remote IP address or FQDN of the audit logging server.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The remote port of the audit logging server.
show	Show configuration data for 'remote-logging-server'

configure authority router system audit remote-logging-server address

The remote IP address or FQDN of the audit logging server.

Usage

configure authority router system audit remote-logging-server address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system audit remote-logging-server port

The remote port of the audit logging server.

Usage

configure authority router system audit remote-logging-server port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router system audit retention

How long events should be persisted. This includes the explicit events here as well as the the implicit alarm and provisioning events

Usage

configure authority router system audit retention [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 180d

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system audit security

Configure Security

Subcommands

command	description
delete	Delete configuration data
enabled	Enable/disable logging of security events
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
persist	Enable/disable persistence of security events by SSR
show	Show configuration data for 'security'

configure authority router system audit security enabled

Enable/disable logging of security events

Usage

configure authority router system audit security enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit security persist

Enable/disable persistence of security events by SSR

Usage

configure authority router system audit security persist [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit system

Configuration for system events

Subcommands

command	description
delete	Delete configuration data
enabled	Enable/disable logging of system events
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
persist	Enable/disable persistence of system events by SSR
show	Show configuration data for 'system'

configure authority router system audit system enabled

Enable/disable logging of system events

Usage

configure authority router system audit system enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit system persist

Enable/disable persistence of system events by SSR

Usage

configure authority router system audit system persist [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system audit traffic

Configuration for traffic requests

Subcommands

command	description
delete	Delete configuration data
enabled	Enable/disable logging of traffic requests
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
persist	Enable/disable persistence of traffic events by SSR
show	Show configuration data for 'traffic'

configure authority router system audit traffic enabled

Enable/disable logging of traffic requests

Usage

configure authority router system audit traffic enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router system audit traffic persist

Enable/disable persistence of traffic events by SSR

Usage

configure authority router system audit traffic persist [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system client-certificate

Contains the content of client certificates for this router.

Usage

configure authority router system client-certificate <name>

Positional Arguments

name	description
name	An identifier for the client certificate.

Subcommands

command	description
content	Client certificate content.
delete	Delete configuration data
file	Name of file that contains certificate content.
name	An identifier for the client certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'client-certificate'
validation-mode	Router level Client certificate validation mode.

configure authority router system client-certificate content

Client certificate content.

Usage

configure authority router system client-certificate content [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

configure authority router system client-certificate file

Name of file that contains certificate content.

Usage

configure authority router system client-certificate file [<filepointer>]

Positional Arguments

name	description
filepointer	The value to set for this field

Description

filepointer (string)

A string representing an allowable security related file name.

Must contain only alphanumeric characters or any of the following: _ - .

configure authority router system client-certificate name

An identifier for the client certificate.

Usage

configure authority router system client-certificate name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router system client-certificate validation-mode

Router level Client certificate validation mode.

Usage

configure authority router system client-certificate validation-mode [<certificate-validation-mode>]

Positional Arguments

name	description
certificate-validation-mode	The value to set for this field

Description

certificate-validation-mode (enumeration)

Sets the mode of certificate validation

Options:

• strict: Reject insecure certificates during import.
• warn: Warn when importing insecure certificates

configure authority router system contact

The administrator contact information for the system.

Usage

configure authority router system contact [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router system inactivity-timer

The amount of time a user is allowed to be idle before being automatically disconnected from the system.

Usage

configure authority router system inactivity-timer [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 900

uint32

An unsigned 32-bit integer.

Range: 30-86400

configure authority router system local-login

Configure Local Login

Subcommands

command	description
delete	Delete configuration data
netconf	Configure Netconf
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'local-login'

configure authority router system local-login netconf

Configure Netconf

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
session-limit	Number of Netconf sessions permitted on the system.
session-limit-action	Action performed when local session limit exceeded.
show	Show configuration data for 'netconf'

configure authority router system local-login netconf session-limit

Number of Netconf sessions permitted on the system.

Usage

configure authority router system local-login netconf session-limit [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 10

uint32

An unsigned 32-bit integer.

Range: 0-100

configure authority router system local-login netconf session-limit-action

Action performed when local session limit exceeded.

Usage

configure authority router system local-login netconf session-limit-action [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: issue-warning

enumeration

A value from a set of predefined names.

Options:

• no-action: Take no action.
• issue-warning: Log and issue warning to all current shell sessions that the session limit has been exceeded.

configure authority router system log-category

Log category configuration lets administrators configure the SSR's log level for specific log categories, overriding the default log-level setting.

Usage

configure authority router system log-category <name>

Positional Arguments

name	description
name	The log category.

Subcommands

command	description
delete	Delete configuration data
log-level	The log level setting for this category.
name	The log category.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'log-category'

configure authority router system log-category log-level

The log level setting for this category.

Usage

configure authority router system log-category log-level [<log-level>]

Positional Arguments

name	description
log-level	The value to set for this field

Description

log-level (enumeration) (required)

Log levels

Options:

• fatal: Only record log messages with level "fatal" or higher.
• error: Only record log messages with level "error" or higher.
• warning: Only record log messages with level "warning" or higher.
• info: Only record log messages with level "info" or higher.
• debug: Only record log messages with level "debug" or higher.
• trace: Only record log messages with level "trace" or higher.

configure authority router system log-category name

The log category.

Usage

configure authority router system log-category name [<log-category>]

Positional Arguments

name	description
log-category	The value to set for this field

Description

log-category (enumeration)

Log categories

Options:

• ATCS: Components related to the SSR Analytics Engine.
• CFGD: Components related to the SSR Configuration Engine.
• DATA: Components related to the configuration and state databases.
• DISC: Discovery-based components (except BFD). Today this is DHCP and ARP.
• USER: User-created log messages, generated via the 'write' command.
• FLC: Control system for packet forwarding.
• FLPP: System for processing the initial packet of each new session.
• HWMC: Control system for packet processing.
• IPC: The subsystem responsible for messaging between components within the SSR product.
• LINK: The subsystem for inter-node communication (today, BFD).
• PLAT: Components related to the underlying platform management.
• PLUG: Components related to plugin management.
• RDB: The subsystem responsible for synchronizing data between nodes.
• RTG: Components related to the routing engine.
• SNMP: Components related to the SNMP engine.
• SATF: Failures related to multi-threaded session setup.
• SESS: Components related to session setup.
• STEP: Components related to STEP.
• TEST: Components related to testing.
• UTIL: Components related to utility libraries.
• DPDK: Components related to DPDK.
• DNS: Components related to DNS.
• HTTP: Components related to HTTP request/response processing.
• PCLI: All the PCLI's log messages.
• BONS: Components related to the configuration database.
• LDAP: All the System Security Services Daemon logs.
• RIB: Components related to routing changes.
• IDP: Components related to IDP.

configure authority router system log-level

The log level is the degree to which the SSR writes information into its log files, by default. WARNING: using the 'trace' level will significantly impact system performance and is not recommended for production environments. The 'log-category' configuration should be used instead for 'trace' level of specific categories.

Usage

configure authority router system log-level [<log-level>]

Positional Arguments

name	description
log-level	The value to set for this field

Description

Default: info

log-level (enumeration)

Log levels

Options:

• fatal: Only record log messages with level "fatal" or higher.
• error: Only record log messages with level "error" or higher.
• warning: Only record log messages with level "warning" or higher.
• info: Only record log messages with level "info" or higher.
• debug: Only record log messages with level "debug" or higher.
• trace: Only record log messages with level "trace" or higher.

configure authority router system metrics

Parameters controlling metric configuration and collection. Governs various aspects of the SSR's data sampling for analytics purposes.

Subcommands

command	description
application-policy-hit-count-tracking	Enable/disable tracking of policy hit counts for applications
application-stats-interval	Interval at which the delta of identified application stats will be computed
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
profile	Configure Profile
retention	The durations to be used for internal metric storage
sample-period	The period on which metrics are sampled
show	Show configuration data for 'metrics'

configure authority router system metrics application-policy-hit-count-tracking

Enable/disable tracking of policy hit counts for applications

Usage

configure authority router system metrics application-policy-hit-count-tracking [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto

enumeration

A value from a set of predefined names.

Options:

• enabled: Enable tracking of application policy hit counts.
• disabled: Disable tracking of application policy hit counts.
• auto: Use the value configured at the authority level.

configure authority router system metrics application-stats-interval

Interval at which the delta of identified application stats will be computed

Usage

configure authority router system metrics application-stats-interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 1m

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics profile

Configure Profile

Usage

configure authority router system metrics profile <name>

Positional Arguments

name	description
name	A profile to be used on this router

Subcommands

command	description
delete	Delete configuration data
name	A profile to be used on this router
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
retention	How long the metrics should be retained on box
show	Show configuration data for 'profile'

configure authority router system metrics profile name

A profile to be used on this router

Usage

configure authority router system metrics profile name [<metrics-profile-ref>]

Positional Arguments

name	description
metrics-profile-ref	The value to set for this field

Description

metrics-profile-ref (leafref)

A reference to one of the defined metrics profiles

configure authority router system metrics profile retention

How long the metrics should be retained on box

Usage

configure authority router system metrics profile retention [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: in-memory

enumeration

A value from a set of predefined names.

Options:

• in-memory: Don't store any historical data
• short: Metrics will be stored for the short duration as defined in the router's config
• intermediate: Metrics will be stored for the short and intermediate durations as defined in the router's config
• long: Metrics will be stored for the short, intermediate, and long durations as defined in the router's config

configure authority router system metrics retention

The durations to be used for internal metric storage

Subcommands

command	description
delete	Delete configuration data
intermediate	The intermediate historical retention bucket
long	The longest historical retention bucket
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
short	The shortest historical retention bucket
show	Show configuration data for 'retention'

configure authority router system metrics retention intermediate

The intermediate historical retention bucket

Subcommands

command	description
delete	Delete configuration data
duration	How long the intermediate retention should retain metrics
enabled	Whether intermediate and subsequent retentions should be disabled
interval	How frequently metrics should be aggregated into the intermediate retention
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'intermediate'

configure authority router system metrics retention intermediate duration

How long the intermediate retention should retain metrics

Usage

configure authority router system metrics retention intermediate duration [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 1d

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics retention intermediate enabled

Whether intermediate and subsequent retentions should be disabled

Usage

configure authority router system metrics retention intermediate enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system metrics retention intermediate interval

How frequently metrics should be aggregated into the intermediate retention

Usage

configure authority router system metrics retention intermediate interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 5m

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics retention long

The longest historical retention bucket

Subcommands

command	description
delete	Delete configuration data
duration	How long the long retention should retain metrics
enabled	Whether the long retention should be disabled
interval	How frequently metrics should be aggregated into the long retention
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'long'

configure authority router system metrics retention long duration

How long the long retention should retain metrics

Usage

configure authority router system metrics retention long duration [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 180d

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics retention long enabled

Whether the long retention should be disabled

Usage

configure authority router system metrics retention long enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system metrics retention long interval

How frequently metrics should be aggregated into the long retention

Usage

configure authority router system metrics retention long interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 1h

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics retention short

The shortest historical retention bucket

Subcommands

command	description
delete	Delete configuration data
duration	How long the short retention should retain metrics
enabled	Whether short and subsequent retentions should be disabled
interval	How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated 'sample-period' element.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'short'

configure authority router system metrics retention short duration

How long the short retention should retain metrics

Usage

configure authority router system metrics retention short duration [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 1h

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics retention short enabled

Whether short and subsequent retentions should be disabled

Usage

configure authority router system metrics retention short enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system metrics retention short interval

How frequently metrics should be inserted into the short retention. This is equivallent to the deprecated 'sample-period' element.

Usage

configure authority router system metrics retention short interval [<duration>]

Positional Arguments

name	description
duration	The value to set for this field

Description

Default: 5s

duration (string)

A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d

Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d

configure authority router system metrics sample-period

The period on which metrics are sampled

Usage

configure authority router system metrics sample-period [<int8>]

Positional Arguments

name	description
int8	The value to set for this field

Description

Units: seconds

Default: 5

warning

sample-period is deprecated and will be removed in a future software version

int8

A signed 8-bit integer.

Range: 1-60

configure authority router system ntp

NTP configuration lets administrators configure information about the NTP servers within their management network.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
orphan-stratum	Value to use as stratum when upstream NTP servers are unavailable and router nodes synchronize in orphan mode. The numerical value should be greater than the expected stratum value of the upstream NTP servers. For example if upstream clocks are stratum 4 or 5, then this setting should be 6.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
server	The list of NTP servers configured for this device.
show	Show configuration data for 'ntp'

configure authority router system ntp orphan-stratum

Value to use as stratum when upstream NTP servers are unavailable and router nodes synchronize in orphan mode. The numerical value should be greater than the expected stratum value of the upstream NTP servers. For example if upstream clocks are stratum 4 or 5, then this setting should be 6.

Usage

configure authority router system ntp orphan-stratum [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 5

uint32

An unsigned 32-bit integer.

Range: 1-15

configure authority router system ntp server

The list of NTP servers configured for this device.

Usage

configure authority router system ntp server <ip-address>

Positional Arguments

name	description
ip-address	The address or hostname of NTP server.

Subcommands

command	description
authentication-key	Configure Authentication Key
delete	Delete configuration data
ip-address	The address or hostname of NTP server.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'server'

configure authority router system ntp server authentication-key

Configure Authentication Key

Subcommands

command	description
delete	Delete configuration data
key-number	The key number identifier for the authentication key
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'authentication-key'
type	The algorithm used by symmetric key
value	The authentication key value

configure authority router system ntp server authentication-key key-number

The key number identifier for the authentication key

Usage

configure authority router system ntp server authentication-key key-number [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32 (required)

An unsigned 32-bit integer.

Range: 1-65534

configure authority router system ntp server authentication-key type

The algorithm used by symmetric key

Usage

configure authority router system ntp server authentication-key type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration (required)

A value from a set of predefined names.

Options:

• md5: Key uses MD5 authentication algorithm
• sha1: Key uses SHA1 authentication algorithm

configure authority router system ntp server authentication-key value

The authentication key value

Usage

configure authority router system ntp server authentication-key value [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string (required)

A text value.

Length: 1-40

configure authority router system ntp server ip-address

The address or hostname of NTP server.

Usage

configure authority router system ntp server ip-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system radius

Configure Radius

Subcommands

command	description
account-creation	Control account creation behavior.
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
radius-server	Radius Servers against which to authenticate user credentials.
show	Show configuration data for 'radius'

configure authority router system radius account-creation

Control account creation behavior.

Usage

configure authority router system radius account-creation [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: use-authority-setting

enumeration

A value from a set of predefined names.

Options:

• use-authority-setting: Use the authority wide account creation behavior.
• manual: Accounts must be created locally on the Router or Conductor before a user can log in.
• automatic: Create accounts automatically on first time login. The Radius server must contain the Vendor Specific Attribute (VSA) 'Juniper-Local-User-Name' set to the role that the user will be assigned. The role must be prefixed with 'SSR-', so to assign the user the admin role the VSA key would be set to 'SSR-admin'.

configure authority router system radius radius-server

Radius Servers against which to authenticate user credentials.

Usage

configure authority router system radius radius-server <name>

Positional Arguments

name	description
name	The name of the Radius server.

Subcommands

command	description
address	The IP address or FQDN of the Radius server.
delete	Delete configuration data
name	The name of the Radius server.
ocsp	Whether to check the revocation status of the Radius server's certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port number Radius server listens on.
protocol	Use TLS or UDP protocol to communicate with Radius server.
secret	The secret key to bind to the Radius server.
server-name	Hostname of the Radius server.
show	Show configuration data for 'radius-server'
timeout	Radius Request Timeout.

configure authority router system radius radius-server address

The IP address or FQDN of the Radius server.

Usage

configure authority router system radius radius-server address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union) (required)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string) (required)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system radius radius-server name

The name of the Radius server.

Usage

configure authority router system radius radius-server name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router system radius radius-server ocsp

Whether to check the revocation status of the Radius server's certificate.

Usage

configure authority router system radius radius-server ocsp [<ocsp>]

Positional Arguments

name	description
ocsp	The value to set for this field

Description

ocsp (enumeration)

Whether to check the revocation status of a server's certificate.

Options:

• strict: Require a successful OCSP check in order to establish a connection.
• off: Do not check revocation status of the server certificate.

configure authority router system radius radius-server port

The port number Radius server listens on.

Usage

configure authority router system radius radius-server port [<port-number>]

Positional Arguments

name	description
port-number	The value to set for this field

Description

Default: 1812

port-number (uint16)

The port-number type represents a 16-bit port number of an Internet transport layer protocol such as UDP, TCP, DCCP, or SCTP. Port numbers are assigned by IANA. A current list of all assignments is available from <http://www.iana.org/>.

Note that the port number value zero is reserved by IANA. In situations where the value zero does not make sense, it can be excluded by subtyping the port-number type.

In the value set and its semantics, this type is equivalent to the InetPortNumber textual convention of the SMIv2.

Range: 0-65535

configure authority router system radius radius-server protocol

Use TLS or UDP protocol to communicate with Radius server.

Usage

configure authority router system radius radius-server protocol [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: udp

enumeration

A value from a set of predefined names.

Options:

• udp: Use UDP protocol to communicate with Radius server.
• tls: Use TLS over TCP protocol to communicate with Radius server.

configure authority router system radius radius-server secret

The secret key to bind to the Radius server.

Usage

configure authority router system radius radius-server secret [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 1-255

configure authority router system radius radius-server server-name

Hostname of the Radius server.

Usage

configure authority router system radius radius-server server-name [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router system radius radius-server timeout

Radius Request Timeout.

Usage

configure authority router system radius radius-server timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router system remote-login

Configure Remote Login

Subcommands

command	description
delete	Delete configuration data
enabled	Enable remote login from a Conductor to assets on this Router.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'remote-login'

configure authority router system remote-login enabled

Enable remote login from a Conductor to assets on this Router.

Usage

configure authority router system remote-login enabled [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Default: use-authority-setting

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) boolean

A true or false value.

Options: true or false

(1) enumeration

A value from a set of predefined names.

Options:

• use-authority-setting: Use the authority wide remote-login state.

configure authority router system secure-conductor-onboarding

Configure Secure Conductor Onboarding

Subcommands

command	description
delete	Delete configuration data
mode	The secure conductor onboarding mode.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
pre-shared-secret	A 48-byte base64 encoded string used for conductor and router onboarding verification.
show	Show configuration data for 'secure-conductor-onboarding'

configure authority router system secure-conductor-onboarding mode

The secure conductor onboarding mode.

Usage

configure authority router system secure-conductor-onboarding mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• disabled: The secure conductor onboarding process is disabled.
• weak: Allows routers with a TPM to use pre-loaded self-signed certificates when onboarding.
• strong: For devices with DevID. Ensures the asset-id matches the serialNumber field in the router's public certificate. For public cloud instances with a vTPM, the router's endorsement key must match the configured endorsement key on the node.

configure authority router system secure-conductor-onboarding pre-shared-secret

A 48-byte base64 encoded string used for conductor and router onboarding verification.

Usage

configure authority router system secure-conductor-onboarding pre-shared-secret [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Must be a 48 byte, base64 encoded string (64 characters). Length: 64

configure authority router system services

Address information for internal services

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'services'
snmp-server	SNMP server configuration.
webserver	Web server & REST API.

configure authority router system services snmp-server

SNMP server configuration.

Subcommands

command	description
access-control	SNMP access control policy.
clone	Clone a list item
delete	Delete configuration data
enabled	Enable SNMP server on all control nodes in this router.
engine-id	The SNMPv3 Engine ID.
notification-receiver	List of SNMP receivers that the SNMP server will send notifications.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port on which the SNMP server listens.
show	Show configuration data for 'snmp-server'
vacm	View-based Access Control Model settings.
version	The SNMP server protocol version.

configure authority router system services snmp-server access-control

SNMP access control policy.

Usage

configure authority router system services snmp-server access-control <name>

Positional Arguments

name	description
name	An arbitrary, unique name for this access control policy.

Subcommands

command	description
community	The SNMP community string for this access-control policy.
delete	Delete configuration data
name	An arbitrary, unique name for this access control policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'access-control'
source	The SNMP client host to restrict access to.
usm	User-based Security Model settings.
view	The view to use for this access control policy.

configure authority router system services snmp-server access-control community

The SNMP community string for this access-control policy.

Usage

configure authority router system services snmp-server access-control community [<snmp-community>]

Positional Arguments

name	description
snmp-community	The value to set for this field

Description

snmp-community (string)

A string representing an SNMP community.

Cannot contain quotes or spaces in community string. Length: 1-255

configure authority router system services snmp-server access-control name

An arbitrary, unique name for this access control policy.

Usage

configure authority router system services snmp-server access-control name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router system services snmp-server access-control source

The SNMP client host to restrict access to.

Usage

configure authority router system services snmp-server access-control source [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system services snmp-server access-control usm

User-based Security Model settings.

Subcommands

command	description
authentication	Authentication type.
authentication-key	Authentication key.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
privacy	Privacy type.
privacy-key	Privacy key.
show	Show configuration data for 'usm'
user-name	USM User name.

configure authority router system services snmp-server access-control usm authentication

Authentication type.

Usage

configure authority router system services snmp-server access-control usm authentication [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• none:
• md5:
• sha:

configure authority router system services snmp-server access-control usm authentication-key

Authentication key.

Usage

configure authority router system services snmp-server access-control usm authentication-key [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 8-128

configure authority router system services snmp-server access-control usm privacy

Privacy type.

Usage

configure authority router system services snmp-server access-control usm privacy [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: none

enumeration

A value from a set of predefined names.

Options:

• none:
• des:
• aes:

configure authority router system services snmp-server access-control usm privacy-key

Privacy key.

Usage

configure authority router system services snmp-server access-control usm privacy-key [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

Length: 8-128

configure authority router system services snmp-server access-control usm user-name

USM User name.

Usage

configure authority router system services snmp-server access-control usm user-name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string) (required)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router system services snmp-server access-control view

The view to use for this access control policy.

Usage

configure authority router system services snmp-server access-control view [<snmp-vacm-view-ref>]

Positional Arguments

name	description
snmp-vacm-view-ref	The value to set for this field

Description

snmp-vacm-view-ref (leafref)

This type is used by other entities that need to reference configured snmp vacm views.

configure authority router system services snmp-server enabled

Enable SNMP server on all control nodes in this router.

Usage

configure authority router system services snmp-server enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router system services snmp-server engine-id

The SNMPv3 Engine ID.

Usage

configure authority router system services snmp-server engine-id [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority router system services snmp-server notification-receiver

List of SNMP receivers that the SNMP server will send notifications.

Usage

configure authority router system services snmp-server notification-receiver <ip-address> <port> <type>

Positional Arguments

name	description
ip-address	The address to which the SNMP servers send notifications.
port	The port to which the SNMP servers send notifications.
type	The type of notification to send.

Subcommands

command	description
access-control	The access-control policy to use when notifying this receiver.
community	The SNMP community string to use when notifying this receiver.
delete	Delete configuration data
ip-address	The address to which the SNMP servers send notifications.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port to which the SNMP servers send notifications.
show	Show configuration data for 'notification-receiver'
type	The type of notification to send.

configure authority router system services snmp-server notification-receiver access-control

The access-control policy to use when notifying this receiver.

Usage

configure authority router system services snmp-server notification-receiver access-control [<snmp-access-control-ref>]

Positional Arguments

name	description
snmp-access-control-ref	The value to set for this field

Description

snmp-access-control-ref (leafref)

This type is used by other entities that need to reference configured snmp access-controls.

configure authority router system services snmp-server notification-receiver community

The SNMP community string to use when notifying this receiver.

Usage

configure authority router system services snmp-server notification-receiver community [<snmp-community>]

Positional Arguments

name	description
snmp-community	The value to set for this field

Description

warning

community is deprecated and will be removed in a future software version

snmp-community (string)

A string representing an SNMP community.

Cannot contain quotes or spaces in community string. Length: 1-255

configure authority router system services snmp-server notification-receiver ip-address

The address to which the SNMP servers send notifications.

Usage

configure authority router system services snmp-server notification-receiver ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router system services snmp-server notification-receiver port

The port to which the SNMP servers send notifications.

Usage

configure authority router system services snmp-server notification-receiver port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router system services snmp-server notification-receiver type

The type of notification to send.

Usage

configure authority router system services snmp-server notification-receiver type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• trap:
• inform:

configure authority router system services snmp-server port

The port on which the SNMP server listens.

Usage

configure authority router system services snmp-server port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

Default: 161

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router system services snmp-server vacm

View-based Access Control Model settings.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'vacm'
view	SNMP view policy.

configure authority router system services snmp-server vacm view

SNMP view policy.

Usage

configure authority router system services snmp-server vacm view <name>

Positional Arguments

name	description
name	An arbitrary, unique name for this view policy.

Subcommands

command	description
delete	Delete configuration data
excluded	OID view to disallow.
included	OID view to allow.
name	An arbitrary, unique name for this view policy.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'view'
strict	When parsing the included OIDs, strict mode will prevent any OIDs that are not a part of the SSR supported OIDs from being added to the specified view.

configure authority router system services snmp-server vacm view excluded

OID view to disallow.

Usage

configure authority router system services snmp-server vacm view excluded [<snmp-oid>]

Positional Arguments

name	description
snmp-oid	Value to add to this list

Description

snmp-oid (string)

A string representing an SNMP OID.

Can only define numerical OIDs with '.' separating objects.

configure authority router system services snmp-server vacm view included

OID view to allow.

Usage

configure authority router system services snmp-server vacm view included [<snmp-oid>]

Positional Arguments

name	description
snmp-oid	Value to add to this list

Description

snmp-oid (string)

A string representing an SNMP OID.

Can only define numerical OIDs with '.' separating objects.

configure authority router system services snmp-server vacm view name

An arbitrary, unique name for this view policy.

Usage

configure authority router system services snmp-server vacm view name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority router system services snmp-server vacm view strict

When parsing the included OIDs, strict mode will prevent any OIDs that are not a part of the SSR supported OIDs from being added to the specified view.

Usage

configure authority router system services snmp-server vacm view strict [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system services snmp-server version

The SNMP server protocol version.

Usage

configure authority router system services snmp-server version [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: v2c

enumeration

A value from a set of predefined names.

Options:

• v2c:
• v3:

configure authority router system services webserver

Web server & REST API.

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
enabled	Enable Web server & REST API on all control nodes in this router.
max-sockets-per-request	The maximum number of sockets the webserver will use per outbound request. Zero means no per-request limit but the max-total-sockets still applies.
max-total-sockets	The maximum number of total sockets the webserver will use when making outbound requests.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port on which the Web servers listen.
server	List of control node server addresses. When present, they override the defaults from global configuration.
show	Show configuration data for 'webserver'
ssl	Configure SSL encryption for HTTPS.

configure authority router system services webserver enabled

Enable Web server & REST API on all control nodes in this router.

Usage

configure authority router system services webserver enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system services webserver max-sockets-per-request

The maximum number of sockets the webserver will use per outbound request. Zero means no per-request limit but the max-total-sockets still applies.

Usage

configure authority router system services webserver max-sockets-per-request [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 50

uint16

An unsigned 16-bit integer.

Range: 0-65535

configure authority router system services webserver max-total-sockets

The maximum number of total sockets the webserver will use when making outbound requests.

Usage

configure authority router system services webserver max-total-sockets [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 250

uint16

An unsigned 16-bit integer.

Range: 1-65535

configure authority router system services webserver port

The port on which the Web servers listen.

Usage

configure authority router system services webserver port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

Default: 443

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router system services webserver server

List of control node server addresses. When present, they override the defaults from global configuration.

Usage

configure authority router system services webserver server <node-name>

Positional Arguments

name	description
node-name	The name of the control node.

Subcommands

command	description
delete	Delete configuration data
ip-address	IP address for the server on the control node.
node-name	The name of the control node.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'server'

configure authority router system services webserver server ip-address

IP address for the server on the control node.

Usage

configure authority router system services webserver server ip-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union) (required)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string) (required)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string) (required)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority router system services webserver server node-name

The name of the control node.

Usage

configure authority router system services webserver server node-name [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority router system services webserver ssl

Configure SSL encryption for HTTPS.

Subcommands

command	description
cipher-suites	Configure the allowed ciphers for TLSv1.3. The full list of available ciphers can be viewed by running the 'openssl ciphers -s -tls1_3' shell command. See 'CIPHER LIST FORMAT' and 'CIPHER STRINGS' in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.
ciphers	Configure the allowed ciphers for TLSv1.2. The full list of available ciphers can be viewed by running the 'openssl ciphers' shell command. See 'CIPHER LIST FORMAT' and 'CIPHER STRINGS' in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol	Configure the allowed protocols. By default both 'TLSv1.2' and 'TLSv1.3' are used. If compatibility with older browsers is not required then only TLSv1.3 should be used.
show	Show configuration data for 'ssl'

configure authority router system services webserver ssl cipher-suites

Configure the allowed ciphers for TLSv1.3. The full list of available ciphers can be viewed by running the 'openssl ciphers -s -tls1_3' shell command. See 'CIPHER LIST FORMAT' and 'CIPHER STRINGS' in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.

Usage

configure authority router system services webserver ssl cipher-suites [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

Default: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

string

A text value.

Must contain only alphanumeric characters or any of the following: . - _ :

configure authority router system services webserver ssl ciphers

Configure the allowed ciphers for TLSv1.2. The full list of available ciphers can be viewed by running the 'openssl ciphers' shell command. See 'CIPHER LIST FORMAT' and 'CIPHER STRINGS' in the OpenSSL documentation https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for the permitted values and their meanings.

Usage

configure authority router system services webserver ssl ciphers [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

Default: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

string

A text value.

Must contain only alphanumeric characters or any of the following: . - _ :

configure authority router system services webserver ssl protocol

Configure the allowed protocols. By default both 'TLSv1.2' and 'TLSv1.3' are used. If compatibility with older browsers is not required then only TLSv1.3 should be used.

Usage

configure authority router system services webserver ssl protocol [<string>]

Positional Arguments

name	description
string	Value to add to this list

Description

string

A text value.

Must contain only alphanumeric characters or any of the following: . - _ Length: 1-63

configure authority router system software-access

Configuration for SSR software access for this router. Supported on managed assets only. Any settings configured here will override the authority software access settings.

Subcommands

command	description
channel	The software access channel to use. The channel will only grant access to software which is permitted for the given software access username and token.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
router-credentials	Configure Router Credentials
rpm-channel	The software access RPM channel to use. The RPM channel will override the router channel for repositories providing RPMs. The channel will only grant access to software which is permitted for the given software access username and token.
show	Show configuration data for 'software-access'
ssr-image-channel	The software access SSR image channel to use. The SSR image channel will override the router channel for repositories providing SSR images. The channel will only grant access to software which is permitted for the given software access username and token.
use-authority-credentials	Configure Use Authority Credentials

configure authority router system software-access channel

The software access channel to use. The channel will only grant access to software which is permitted for the given software access username and token.

Usage

configure authority router system software-access channel [<router-software-access-channel>]

Positional Arguments

name	description
router-software-access-channel	The value to set for this field

Description

Default: use-authority-channel

router-software-access-channel (enumeration)

The router software access channel.

Options:

• use-authority-channel: Use the configured authority channel.
• prealpha: Override the authority channel with the prealpha channel.
• alpha: Override the authority channel with the alpha channel.
• beta: Override the authority channel with the beta channel.
• release: Override the authority channel with the release channel.

configure authority router system software-access router-credentials

Configure Router Credentials

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'router-credentials'
token	The router software access token.
username	The router software access username.

configure authority router system software-access router-credentials token

The router software access token.

Usage

configure authority router system software-access router-credentials token [<software-access-token>]

Positional Arguments

name	description
software-access-token	The value to set for this field

Description

software-access-token (string)

The software access token.

Must not contain whitespace in the software access token.

configure authority router system software-access router-credentials username

The router software access username.

Usage

configure authority router system software-access router-credentials username [<software-access-username>]

Positional Arguments

name	description
software-access-username	The value to set for this field

Description

software-access-username (string)

The software access username.

Must not contain a colon or whitespace in the software access username.

configure authority router system software-access rpm-channel

The software access RPM channel to use. The RPM channel will override the router channel for repositories providing RPMs. The channel will only grant access to software which is permitted for the given software access username and token.

Usage

configure authority router system software-access rpm-channel [<router-software-access-channel-override>]

Positional Arguments

name	description
router-software-access-channel-override	The value to set for this field

Description

Default: use-software-access-channel

router-software-access-channel-override (enumeration)

The router software access channel overrides.

Options:

• use-authority-channel: Use the configured authority channel.
• use-software-access-channel: Use the configured router channel.
• prealpha: Override the configured channel with the prealpha channel.
• alpha: Override the configured channel with the alpha channel.
• beta: Override the configured channel with the beta channel.
• release: Override the configured channel with the release channel.

configure authority router system software-access ssr-image-channel

The software access SSR image channel to use. The SSR image channel will override the router channel for repositories providing SSR images. The channel will only grant access to software which is permitted for the given software access username and token.

Usage

configure authority router system software-access ssr-image-channel [<router-software-access-channel-override>]

Positional Arguments

name	description
router-software-access-channel-override	The value to set for this field

Description

Default: use-software-access-channel

router-software-access-channel-override (enumeration)

The router software access channel overrides.

Options:

• use-authority-channel: Use the configured authority channel.
• use-software-access-channel: Use the configured router channel.
• prealpha: Override the configured channel with the prealpha channel.
• alpha: Override the configured channel with the alpha channel.
• beta: Override the configured channel with the beta channel.
• release: Override the configured channel with the release channel.

configure authority router system software-access use-authority-credentials

Configure Use Authority Credentials

Usage

configure authority router system software-access use-authority-credentials [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system software-update

Configuration for SSR software updates. Supported on managed assets only.

Subcommands

command	description
delete	Delete configuration data
download	Configuration for software downloads. Supported on managed assets only.
max-bandwidth	Bandwidth limit for downloads of software updates.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
repository	Configuration for how to retrieve software updates.
rpm-operation-timeout	The timeout in seconds for rpm downloads and installs. Once the timeout is reached, the rpm operation will fail.
show	Show configuration data for 'software-update'
timeout	The timeout in seconds for the upgrade. Once the timeout is reached, the upgrade will fail. The timeout is reset when the device reboots during the upgrade.

configure authority router system software-update download

Configuration for software downloads. Supported on managed assets only.

Subcommands

command	description
attempts	The maximum number of attempts to try the download before considering it failed. If set to 0, the download will retry until the timeout is hit.
delete	Delete configuration data
enable-timeout	Whether to set a timeout on the overall length of the download.
maximum-retry-delay	The maximum amount of time in seconds to wait in between download attempts. The retry delay will start off small and back off exponentially up to this duration.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'download'
timeout	The timeout in seconds for the download. Once the timeout is reached, the download will fail.

configure authority router system software-update download attempts

The maximum number of attempts to try the download before considering it failed. If set to 0, the download will retry until the timeout is hit.

Usage

configure authority router system software-update download attempts [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

Default: 10

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority router system software-update download enable-timeout

Whether to set a timeout on the overall length of the download.

Usage

configure authority router system software-update download enable-timeout [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority router system software-update download maximum-retry-delay

The maximum amount of time in seconds to wait in between download attempts. The retry delay will start off small and back off exponentially up to this duration.

Usage

configure authority router system software-update download maximum-retry-delay [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 0-86400

configure authority router system software-update download timeout

The timeout in seconds for the download. Once the timeout is reached, the download will fail.

Usage

configure authority router system software-update download timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 10800

uint32

An unsigned 32-bit integer.

Range: 1800-604800

configure authority router system software-update max-bandwidth

Bandwidth limit for downloads of software updates.

Usage

configure authority router system software-update max-bandwidth [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Units: bits/second

Default: unlimited

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint64

An unsigned 64-bit integer.

Range: 1-999999999999

(1) enumeration

A value from a set of predefined names.

Options:

• unlimited: No limit on this value

configure authority router system software-update repository

Configuration for how to retrieve software updates.

Subcommands

command	description
address	The address of the Conductor to use as a proxy to the Internet.
delete	Delete configuration data
offline-mode	Software updates are received through the Conductor without internet connectivity
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'repository'
source-type	The location from which to retrieve software updates.

configure authority router system software-update repository address

The address of the Conductor to use as a proxy to the Internet.

Usage

configure authority router system software-update repository address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system software-update repository offline-mode

Software updates are received through the Conductor without internet connectivity

Usage

configure authority router system software-update repository offline-mode [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority router system software-update repository source-type

The location from which to retrieve software updates.

Usage

configure authority router system software-update repository source-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: internet-only

enumeration

A value from a set of predefined names.

Options:

• conductor-only: Download software from the Conductor, using it as a proxy to the Internet if it has not already downloaded the requested software.
• prefer-conductor: Download software from the Conductor, using the Internet if the Conductor has not already downloaded the requested software.
• internet-only: Download software from publicly available sources via the Internet.

configure authority router system software-update rpm-operation-timeout

The timeout in seconds for rpm downloads and installs. Once the timeout is reached, the rpm operation will fail.

Usage

configure authority router system software-update rpm-operation-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 600

uint32

An unsigned 32-bit integer.

Range: 300-86400

configure authority router system software-update timeout

The timeout in seconds for the upgrade. Once the timeout is reached, the upgrade will fail. The timeout is reset when the device reboots during the upgrade.

Usage

configure authority router system software-update timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

Range: 1800-604800

configure authority router system syslog

Syslog configuration lets administrators configure the SSR's interaction with external syslog services.

Subcommands

command	description
auth	Configure Auth
client-certificate-name	A client certificate to be used to communicate with syslog server.
clone	Clone a list item
delete	Delete configuration data
dropped-packets-cache	Configure Dropped Packets Cache
facility	The facility under which syslog messages will be recorded.
ocsp	Whether to check the revocation status of the Syslog server's certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
protocol	Use TCP or UDP protocol to communicate with syslog server.
router-client-certificate-name	A client certificate to be used to communicate with syslog server.
server	The list of syslog servers configured for this device.
severity	Sets the level at which messages will be sent to the syslog server.
show	Show configuration data for 'syslog'

configure authority router system syslog auth

Configure Auth

Subcommands

command	description
delete	Delete configuration data
include	The list of syslog messages to include in the syslog server. Default is 'all'.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'auth'

configure authority router system syslog auth include

The list of syslog messages to include in the syslog server. Default is 'all'.

Usage

configure authority router system syslog auth include [<enumeration>]

Positional Arguments

name	description
enumeration	Value to add to this list

Description

enumeration

A value from a set of predefined names.

Options:

• all: Include all syslog messages.
• login: Include system access syslog messages.
• session: Include traffic related syslog messages.
• config-change: Include configuration related syslog messages.

configure authority router system syslog client-certificate-name

A client certificate to be used to communicate with syslog server.

Usage

configure authority router system syslog client-certificate-name [<client-certificate-ref>]

Positional Arguments

name	description
client-certificate-ref	The value to set for this field

Description

client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate.

configure authority router system syslog dropped-packets-cache

Configure Dropped Packets Cache

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dropped-packets-cache'
size	The size of the dropped packets cache for each worker core. The cache is used to store dropped packet counts per 5-tuple to avoid packet by packet syslog messages.
timeout	The timeout in seconds for the dropped packets cache. Entries will be kept in the cache until they are evicted for space constraints or this timeout is reached. On those conditions, the syslog message will be produced for this entry with its count.

configure authority router system syslog dropped-packets-cache size

The size of the dropped packets cache for each worker core. The cache is used to store dropped packet counts per 5-tuple to avoid packet by packet syslog messages.

Usage

configure authority router system syslog dropped-packets-cache size [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 512

uint32

An unsigned 32-bit integer.

Range: 1-100000

configure authority router system syslog dropped-packets-cache timeout

The timeout in seconds for the dropped packets cache. Entries will be kept in the cache until they are evicted for space constraints or this timeout is reached. On those conditions, the syslog message will be produced for this entry with its count.

Usage

configure authority router system syslog dropped-packets-cache timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Default: 10

uint32

An unsigned 32-bit integer.

Range: 1-600

configure authority router system syslog facility

The facility under which syslog messages will be recorded.

Usage

configure authority router system syslog facility [<syslog-facility>]

Positional Arguments

name	description
syslog-facility	The value to set for this field

Description

Default: local0

syslog-facility (enumeration)

The facility under which syslog messages will be recorded.

Options:

• auth: security and authorization messages
• authpriv: security and authorization messages (private)
• cron: cron daemon messages
• daemon: system daemons without separate facility
• kern: kernel messages
• lpr: line printer subsystem messages
• mail: mail subsystem messages
• news: USENET news subsystem messages
• syslog: messages generated internally by syslog
• user: generic user-level messages
• uucp: UUCP messages
• local0: syslog local use 0 facility reserved for local use
• local1: syslog local use 1 facility reserved for local use
• local2: syslog local use 2 facility reserved for local use
• local3: syslog local use 3 facility reserved for local use
• local4: syslog local use 4 facility reserved for local use
• local5: syslog local use 5 facility reserved for local use
• local6: syslog local use 6 facility reserved for local use
• local7: syslog local use 7 facility reserved for local use
• any: match any syslog facility

configure authority router system syslog ocsp

Whether to check the revocation status of the Syslog server's certificate.

Usage

configure authority router system syslog ocsp [<ocsp>]

Positional Arguments

name	description
ocsp	The value to set for this field

Description

ocsp (enumeration)

Whether to check the revocation status of a server's certificate.

Options:

• strict: Require a successful OCSP check in order to establish a connection.
• off: Do not check revocation status of the server certificate.

configure authority router system syslog protocol

Use TCP or UDP protocol to communicate with syslog server.

Usage

configure authority router system syslog protocol [<syslog-protocol>]

Positional Arguments

name	description
syslog-protocol	The value to set for this field

Description

Default: udp

syslog-protocol (enumeration)

Use TCP or UDP protocol to communicate with syslog server.

Options:

• udp: Use UDP protocol to communicate with syslog server.
• tcp: Use TCP protocol to communicate with syslog server.
• tls: Use TLS over TCP protocol to communicate with syslog server.

configure authority router system syslog router-client-certificate-name

A client certificate to be used to communicate with syslog server.

Usage

configure authority router system syslog router-client-certificate-name [<router-client-certificate-ref>]

Positional Arguments

name	description
router-client-certificate-ref	The value to set for this field

Description

router-client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate for a specific router.

configure authority router system syslog server

The list of syslog servers configured for this device.

Usage

configure authority router system syslog server <ip-address> <port>

Positional Arguments

name	description
ip-address	The address of remote syslog server.
port	The port on which remote syslog server listens

Subcommands

command	description
client-certificate-name	A client certificate to be used to communicate with syslog server.
clone	Clone a list item
delete	Delete configuration data
filter	The list of facilities and severity to sent to the remote syslog server
ip-address	The address of remote syslog server.
ocsp	Whether to check the revocation status of the Syslog server's certificate.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
port	The port on which remote syslog server listens
protocol	Use TCP UDP or TLS protocol to communicate with syslog server.
router-client-certificate-name	A client certificate to be used to communicate with syslog server.
show	Show configuration data for 'server'

configure authority router system syslog server client-certificate-name

A client certificate to be used to communicate with syslog server.

Usage

configure authority router system syslog server client-certificate-name [<client-certificate-ref>]

Positional Arguments

name	description
client-certificate-ref	The value to set for this field

Description

client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate.

configure authority router system syslog server filter

The list of facilities and severity to sent to the remote syslog server

Usage

configure authority router system syslog server filter <facility>

Positional Arguments

name	description
facility	The facility under which syslog messages will be recorded.

Subcommands

command	description
delete	Delete configuration data
facility	The facility under which syslog messages will be recorded.
match	Regex match that will be applied to the raw syslog message to filter specific messages for the configured facility and severity.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
severity	Sets the level at which messages will be sent to the syslog server.
show	Show configuration data for 'filter'

configure authority router system syslog server filter facility

The facility under which syslog messages will be recorded.

Usage

configure authority router system syslog server filter facility [<syslog-facility>]

Positional Arguments

name	description
syslog-facility	The value to set for this field

Description

syslog-facility (enumeration)

The facility under which syslog messages will be recorded.

Options:

• auth: security and authorization messages
• authpriv: security and authorization messages (private)
• cron: cron daemon messages
• daemon: system daemons without separate facility
• kern: kernel messages
• lpr: line printer subsystem messages
• mail: mail subsystem messages
• news: USENET news subsystem messages
• syslog: messages generated internally by syslog
• user: generic user-level messages
• uucp: UUCP messages
• local0: syslog local use 0 facility reserved for local use
• local1: syslog local use 1 facility reserved for local use
• local2: syslog local use 2 facility reserved for local use
• local3: syslog local use 3 facility reserved for local use
• local4: syslog local use 4 facility reserved for local use
• local5: syslog local use 5 facility reserved for local use
• local6: syslog local use 6 facility reserved for local use
• local7: syslog local use 7 facility reserved for local use
• any: match any syslog facility

configure authority router system syslog server filter match

Regex match that will be applied to the raw syslog message to filter specific messages for the configured facility and severity.

Usage

configure authority router system syslog server filter match [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority router system syslog server filter severity

Sets the level at which messages will be sent to the syslog server.

Usage

configure authority router system syslog server filter severity [<syslog-severity>]

Positional Arguments

name	description
syslog-severity	The value to set for this field

Description

Default: error

syslog-severity (enumeration)

Sets the level at which messages will be sent to the syslog server.

Options:

• emergency: Only record log messages with level "emergency" or higher
• alert: Only record log messages with level "alert" or higher
• critical: Only record log messages with level "critical" or higher
• error: Only record log messages with level "error" or higher
• warning: Only record log messages with level "warning" or higher
• notice: Only record log messages with level "notice" or higher
• info: Only record log messages with level "info" or higher
• debug: Only record log messages with level "debug" or higher

configure authority router system syslog server ip-address

The address of remote syslog server.

Usage

configure authority router system syslog server ip-address [<host>]

Positional Arguments

name	description
host	The value to set for this field

Description

host (union)

The host type represents either an IP address or a DNS domain name.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority router system syslog server ocsp

Whether to check the revocation status of the Syslog server's certificate.

Usage

configure authority router system syslog server ocsp [<ocsp>]

Positional Arguments

name	description
ocsp	The value to set for this field

Description

ocsp (enumeration)

Whether to check the revocation status of a server's certificate.

Options:

• strict: Require a successful OCSP check in order to establish a connection.
• off: Do not check revocation status of the server certificate.

configure authority router system syslog server port

The port on which remote syslog server listens

Usage

configure authority router system syslog server port [<l4-port>]

Positional Arguments

name	description
l4-port	The value to set for this field

Description

l4-port (uint16)

Transport (layer 4) port number.

Range: 0-65535

configure authority router system syslog server protocol

Use TCP UDP or TLS protocol to communicate with syslog server.

Usage

configure authority router system syslog server protocol [<syslog-protocol>]

Positional Arguments

name	description
syslog-protocol	The value to set for this field

Description

Default: automatic

syslog-protocol (enumeration)

Use TCP or UDP protocol to communicate with syslog server.

Options:

• automatic: Automatically inherit the protocol from syslog config.
• udp: Use UDP protocol to communicate with syslog server.
• tcp: Use TCP protocol to communicate with syslog server.
• tls: Use TLS over TCP protocol to communicate with syslog server.

configure authority router system syslog server router-client-certificate-name

A client certificate to be used to communicate with syslog server.

Usage

configure authority router system syslog server router-client-certificate-name [<router-client-certificate-ref>]

Positional Arguments

name	description
router-client-certificate-ref	The value to set for this field

Description

router-client-certificate-ref (leafref)

This type is used by other entities that need to reference configured client certificate for a specific router.

configure authority router system syslog severity

Sets the level at which messages will be sent to the syslog server.

Usage

configure authority router system syslog severity [<syslog-severity>]

Positional Arguments

name	description
syslog-severity	The value to set for this field

Description

Default: error

syslog-severity (enumeration)

Sets the level at which messages will be sent to the syslog server.

Options:

• emergency: Only record log messages with level "emergency" or higher
• alert: Only record log messages with level "alert" or higher
• critical: Only record log messages with level "critical" or higher
• error: Only record log messages with level "error" or higher
• warning: Only record log messages with level "warning" or higher
• notice: Only record log messages with level "notice" or higher
• info: Only record log messages with level "info" or higher
• debug: Only record log messages with level "debug" or higher

configure authority router udp-transform

UDP transform settings for interoperating with stateful TCP firewalls for nodes within the router.

Subcommands

command	description
delete	Delete configuration data
detect-interval	Represents the frequency with which the stateful TCP firewall discovery is performed.
mode	Configure Mode
nat-keep-alive-mode	Configure Nat Keep Alive Mode
nat-keep-alive-timeout	Represents the frequency with which keep-alive packets are generated.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'udp-transform'

configure authority router udp-transform detect-interval

Represents the frequency with which the stateful TCP firewall discovery is performed.

Usage

configure authority router udp-transform detect-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 300

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority router udp-transform mode

Configure Mode

Usage

configure authority router udp-transform mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: auto-detect

enumeration

A value from a set of predefined names.

Options:

• auto-detect: Detect if TCP to UDP transform is required. Special TCP packets are sent to the peer at the specified interval. If these packets are not returned, transformation is required.
• always-transform: Force UDP transform for all TCP traffic to the peer. TCP detection packets are never sent in this mode.

configure authority router udp-transform nat-keep-alive-mode

Configure Nat Keep Alive Mode

Usage

configure authority router udp-transform nat-keep-alive-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: disabled

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not send keep-alive packets to keep UDP sessions active during UDP transform.
• enabled: Inject keep-alive packets to keep UDP sessions active during UDP transform.

configure authority router udp-transform nat-keep-alive-timeout

Represents the frequency with which keep-alive packets are generated.

Usage

configure authority router udp-transform nat-keep-alive-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 1-86400

configure authority routing

authority level routing configuration

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
filter	A filter which operates on a set of objects and returns accept or reject to be used by other constructs to process the objects
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	A construct for processing which consists of a set of statements executed in sequence
resource-group	Associate this routing configuration with a top-level resource-group.
show	Show configuration data for 'routing'

configure authority routing filter

A filter which operates on a set of objects and returns accept or reject to be used by other constructs to process the objects

Usage

configure authority routing filter <name>

Positional Arguments

name	description
name	An arbitrary identifying name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
move	Move list items
name	An arbitrary identifying name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
rule	A fragment of the filter which defines a subset of the logic on how to process the objects going through the filter
show	Show configuration data for 'filter'
type	A filter type

configure authority routing filter name

An arbitrary identifying name

Usage

configure authority routing filter name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority routing filter rule

A fragment of the filter which defines a subset of the logic on how to process the objects going through the filter

Usage

configure authority routing filter rule <name>

Positional Arguments

name	description
name	An arbitrary identifying name

Subcommands

command	description
as-path	An AS-path regex to match on
community	A BGP community regex to match on
delete	Delete configuration data
extended-community	A BGP extended community regex to match on
filter	Filter action indicating how to handle elements matching the rule
ge	Match the prefix greater than or equal to said prefix length
le	Match the prefix less than or equal to said prefix length
name	An arbitrary identifying name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
prefix	The prefix to match
show	Show configuration data for 'rule'

Description

The order of elements matters.

configure authority routing filter rule as-path

An AS-path regex to match on

Usage

configure authority routing filter rule as-path [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority routing filter rule community

A BGP community regex to match on

Usage

configure authority routing filter rule community [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority routing filter rule extended-community

A BGP extended community regex to match on

Usage

configure authority routing filter rule extended-community [<regex>]

Positional Arguments

name	description
regex	The value to set for this field

Description

regex (string)

A regular expression (regex) type.

configure authority routing filter rule filter

Filter action indicating how to handle elements matching the rule

Usage

configure authority routing filter rule filter [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: accept

enumeration

A value from a set of predefined names.

Options:

• accept: Indicates elements matching the rule should not be filtered by the calling construct
• reject: Indicates elements matching the rule should be filtered by the calling construct

configure authority routing filter rule ge

Match the prefix greater than or equal to said prefix length

Usage

configure authority routing filter rule ge [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-128

configure authority routing filter rule le

Match the prefix less than or equal to said prefix length

Usage

configure authority routing filter rule le [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 1-128

configure authority routing filter rule name

An arbitrary identifying name

Usage

configure authority routing filter rule name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority routing filter rule prefix

The prefix to match

Usage

configure authority routing filter rule prefix [<ip-prefix>]

Positional Arguments

name	description
ip-prefix	The value to set for this field

Description

ip-prefix (union)

The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

configure authority routing filter type

A filter type

Usage

configure authority routing filter type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref (required)

A value from a set of predefined names.

Options:

• prefix-filter: Filter based on IPv4 prefixes within a given range
• prefix-filter-ipv6: Filter based on IPv6 prefixes within a given range
• as-path-filter: Filter based on the BGP AS path
• community-filter: Filter based on the BGP community value
• extended-community-filter: Filter based on the BGP extended community value

configure authority routing policy

A construct for processing which consists of a set of statements executed in sequence

Usage

configure authority routing policy <name>

Positional Arguments

name	description
name	An arbitrary identifying name

Subcommands

command	description
clone	Clone a list item
delete	Delete configuration data
move	Move list items
name	An arbitrary identifying name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'policy'
statement	A fragment of a policy that is executed in sequence. A statement is executed by first running the conditions. If all the conditions match (or if no conditions are specified) the policy (accept or reject) is consulted. An accept means execute the actions in the statement and then terminate the policy returning accept. A reject means do not execute the actions and terminate the policy returning reject. The accept terminating the policy may be modified by flow actions. If a policy reaches the end of the statement list and no statement has been executed there is an implicit reject

configure authority routing policy name

An arbitrary identifying name

Usage

configure authority routing policy name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority routing policy statement

A fragment of a policy that is executed in sequence. A statement is executed by first running the conditions. If all the conditions match (or if no conditions are specified) the policy (accept or reject) is consulted. An accept means execute the actions in the statement and then terminate the policy returning accept. A reject means do not execute the actions and terminate the policy returning reject. The accept terminating the policy may be modified by flow actions. If a policy reaches the end of the statement list and no statement has been executed there is an implicit reject

Usage

configure authority routing policy statement <name>

Positional Arguments

name	description
name	An arbitrary identifying name

Subcommands

command	description
action	The actions to take if the conditions evaluates to true and policy is accept. Flow altering actions are executed last
clone	Clone a list item
condition	The conditions which define a match to the statement.
delete	Delete configuration data
name	An arbitrary identifying name
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
policy	The policy action, accept or reject, to be returned if the conditions evaluate to true. If no conditions are given the condition evaluation is true
show	Show configuration data for 'statement'

Description

The order of elements matters.

configure authority routing policy statement action

The actions to take if the conditions evaluates to true and policy is accept. Flow altering actions are executed last

Usage

configure authority routing policy statement action <type>

Positional Arguments

name	description
type	The action type

Subcommands

command	description
add	The metric value to add
additive	Merge the community attribute values
aggregator-address	The aggregator IP address
as	The aggregator as
bgp-weight	The BGP weight value
community-attribute	The new community attribute values
community-filter	The community filter to use to remove matching communities.
delete	Delete configuration data
distance	The administrative distance value
exclude	The AS(s) to exclude from the as-path
ip-address	The new next hop IP address to set
local-preference	The local preference value
no-extended-communities	Remove all extended communities
none	Remove all communities
origin	The BGP origin value
originator-id	The new originator id to set
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer-address	Set the next hop to the IP address of the peer
policy	The policy to call. If this policy returns reject then the current policy will terminate and return reject
prepend	The AS(s) to prepend to the as-path
route-target	The new extended-community route target value
service-policy	The service policy to select the best path.
set	The metric value
show	Show configuration data for 'action'
site-of-origin	The new extended-community site of origin value
statement	The statement to process next which must be after the current statement.
subtract	The metric value to subtract
tag	The tag value
type	The action type

configure authority routing policy statement action add

The metric value to add

Usage

configure authority routing policy statement action add [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action additive

Merge the community attribute values

Usage

configure authority routing policy statement action additive

Description

empty

Has no value.

configure authority routing policy statement action aggregator-address

The aggregator IP address

Usage

configure authority routing policy statement action aggregator-address [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority routing policy statement action as

The aggregator as

Usage

configure authority routing policy statement action as [<as-number>]

Positional Arguments

name	description
as-number	The value to set for this field

Description

as-number (uint32)

The as-number type represents autonomous system numbers which identify an Autonomous System (AS). An AS is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs'. IANA maintains the AS number space and has delegated large parts to the regional registries.

Autonomous system numbers were originally limited to 16 bits. BGP extensions have enlarged the autonomous system number space to 32 bits. This type therefore uses an uint32 base type without a range restriction in order to support a larger autonomous system number space.

In the value set and its semantics, this type is equivalent to the InetAutonomousSystemNumber textual convention of the SMIv2.

configure authority routing policy statement action bgp-weight

The BGP weight value

Usage

configure authority routing policy statement action bgp-weight [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action community-attribute

The new community attribute values

Usage

configure authority routing policy statement action community-attribute [<set-community>]

Positional Arguments

name	description
set-community	Value to add to this list

Description

set-community (union)

A BGP community. Accepts the well-known communities internet, local-AS, no-advertise and no-export or any 32 bit communtity value specified as <uint16>:<uint16> (in decimal).

Must be one of the following types:

(0) enumeration

A value from a set of predefined names.

Options:

• internet:
• local-AS:
• no-advertise:
• no-export:

(1) string

A text value.

Must be <uint16>:<uint16>

configure authority routing policy statement action community-filter

The community filter to use to remove matching communities.

Usage

configure authority routing policy statement action community-filter [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement action distance

The administrative distance value

Usage

configure authority routing policy statement action distance [<uint8>]

Positional Arguments

name	description
uint8	The value to set for this field

Description

uint8

An unsigned 8-bit integer.

Range: 0-255

configure authority routing policy statement action exclude

The AS(s) to exclude from the as-path

Usage

configure authority routing policy statement action exclude [<as-path>]

Positional Arguments

name	description
as-path	The value to set for this field

Description

as-path (string)

A list of BGP autonomous system numbers (uint32) space separated.

Must be space separated list of <uint32>

configure authority routing policy statement action ip-address

The new next hop IP address to set

Usage

configure authority routing policy statement action ip-address [<unicast-non-default-ipv4-address>]

Positional Arguments

name	description
unicast-non-default-ipv4-address	The value to set for this field

Description

unicast-non-default-ipv4-address (string)

A unicast non-default IPv4 address

Must be a valid IPv4 address.

configure authority routing policy statement action local-preference

The local preference value

Usage

configure authority routing policy statement action local-preference [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action no-extended-communities

Remove all extended communities

Usage

configure authority routing policy statement action no-extended-communities

Description

empty

Has no value.

configure authority routing policy statement action none

Remove all communities

Usage

configure authority routing policy statement action none

Description

empty

Has no value.

configure authority routing policy statement action origin

The BGP origin value

Usage

configure authority routing policy statement action origin [<origin>]

Positional Arguments

name	description
origin	The value to set for this field

Description

origin (enumeration)

BGP ORIGIN attribute.

Options:

• igp: Network Layer Reachability Information is interior to the originating AS.
• egp: Network Layer Reachability Information learned via the EGP protocol [RFC904].
• incomplete: Network Layer Reachability Information learned by some other means.

configure authority routing policy statement action originator-id

The new originator id to set

Usage

configure authority routing policy statement action originator-id [<ipv4-address>]

Positional Arguments

name	description
ipv4-address	The value to set for this field

Description

ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

configure authority routing policy statement action peer-address

Set the next hop to the IP address of the peer

Usage

configure authority routing policy statement action peer-address

Description

empty

Has no value.

configure authority routing policy statement action policy

The policy to call. If this policy returns reject then the current policy will terminate and return reject

Usage

configure authority routing policy statement action policy [<policy-ref>]

Positional Arguments

name	description
policy-ref	The value to set for this field

Description

policy-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement action prepend

The AS(s) to prepend to the as-path

Usage

configure authority routing policy statement action prepend [<as-path>]

Positional Arguments

name	description
as-path	The value to set for this field

Description

as-path (string)

A list of BGP autonomous system numbers (uint32) space separated.

Must be space separated list of <uint32>

configure authority routing policy statement action route-target

The new extended-community route target value

Usage

configure authority routing policy statement action route-target [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string

A text value.

Must be <ipv4-address>:<uint16>

(1) string

A text value.

Must be <uint16>:<uint32>

(2) string

A text value.

Must be <uint32>:<uint16>

configure authority routing policy statement action service-policy

The service policy to select the best path.

Usage

configure authority routing policy statement action service-policy [<service-policy-ref>]

Positional Arguments

name	description
service-policy-ref	The value to set for this field

Description

service-policy-ref (leafref)

This type is used by other entities that need to reference configured service policies.

configure authority routing policy statement action set

The metric value

Usage

configure authority routing policy statement action set [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action site-of-origin

The new extended-community site of origin value

Usage

configure authority routing policy statement action site-of-origin [<set-extended-community>]

Positional Arguments

name	description
set-extended-community	Value to add to this list

Description

set-extended-community (union)

A BGP extended community (RFC-4360), an 8 octet value, 6 value octets are specified here. The 2 octet type is part of the set extended community action. The following formats are accepted:

a) A.B.C.D:EF b) EF:GHJK c) GHJK:EF

A.B.C.D: Four Byte IP EF: Two byte ASN (in decimal) GHJK: Four-byte ASN (in decimal)

Must be one of the following types:

(0) string

A text value.

Must be <ipv4-address>:<uint16>

(1) string

A text value.

Must be <uint16>:<uint32>

(2) string

A text value.

Must be <uint32>:<uint16>

configure authority routing policy statement action statement

The statement to process next which must be after the current statement.

Usage

configure authority routing policy statement action statement [<policy-statement-ref>]

Positional Arguments

name	description
policy-statement-ref	The value to set for this field

Description

policy-statement-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement action subtract

The metric value to subtract

Usage

configure authority routing policy statement action subtract [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action tag

The tag value

Usage

configure authority routing policy statement action tag [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement action type

The action type

Usage

configure authority routing policy statement action type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• set-aggregator: An action which sets the BGP aggregator
• modify-as-path: An action which changes the BGP as-path
• set-path-based-as-path: An action which changes the BGP as-path depending on the best path to a peer
• set-atomic-aggregate: An action which sets the BGP atomic aggregate attribute
• set-community: An action which sets the BGP community attribute
• remove-community: An action which removes the BGP community attribute
• set-extended-community: An action which sets the BGP extended community attribute
• set-next-hop: An action which sets the next hop
• set-local-preference: An action which sets the BGP local preference
• modify-metric: An action which sets the metric
• set-originator-id: An action which sets the originator id
• set-origin: An action which sets the origin
• set-tag: An action which sets the tag
• set-bgp-weight: An action which sets the BGP weight
• set-distance: An action which sets the administrative distance
• continue: A flow action that advances to the next (or specified) entry in the policy
• call: A flow action calls the given policy

configure authority routing policy statement condition

The conditions which define a match to the statement.

Usage

configure authority routing policy statement condition <type>

Positional Arguments

name	description
type	The condition type

Subcommands

command	description
as-path-filter	The autonomous system path filter name
community-filter	The community filter name
delete	Delete configuration data
extended-community-filter	The extended community filter name
metric	The metric value to match on.
next-hop-interface	Name of the next hop interface to match on
next-hop-node	Name of the node the next hop interface resides on.
origin	The BGP origin to match on
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
peer-address	The peer address to match
peer-local	Match local addresses (static or redistributed routes)
prefix-filter	The prefix filter name
probability	The probability of a match
show	Show configuration data for 'condition'
tag	The tag to match
type	The condition type

configure authority routing policy statement condition as-path-filter

The autonomous system path filter name

Usage

configure authority routing policy statement condition as-path-filter [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement condition community-filter

The community filter name

Usage

configure authority routing policy statement condition community-filter [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement condition extended-community-filter

The extended community filter name

Usage

configure authority routing policy statement condition extended-community-filter [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement condition metric

The metric value to match on.

Usage

configure authority routing policy statement condition metric [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

configure authority routing policy statement condition next-hop-interface

Name of the next hop interface to match on

Usage

configure authority routing policy statement condition next-hop-interface [<network-interface-ref>]

Positional Arguments

name	description
network-interface-ref	The value to set for this field

Description

network-interface-ref (leafref)

This type is used by other entities that need to reference all configured network interfaces across all routers, nodes, and device interfaces.

configure authority routing policy statement condition next-hop-node

Name of the node the next hop interface resides on.

Usage

configure authority routing policy statement condition next-hop-node [<node-name-ref>]

Positional Arguments

name	description
node-name-ref	The value to set for this field

Description

node-name-ref (leafref)

This type is used by other entities that need to reference all configured nodes across all routers.

configure authority routing policy statement condition origin

The BGP origin to match on

Usage

configure authority routing policy statement condition origin [<origin>]

Positional Arguments

name	description
origin	The value to set for this field

Description

origin (enumeration)

BGP ORIGIN attribute.

Options:

• igp: Network Layer Reachability Information is interior to the originating AS.
• egp: Network Layer Reachability Information learned via the EGP protocol [RFC904].
• incomplete: Network Layer Reachability Information learned by some other means.

configure authority routing policy statement condition peer-address

The peer address to match

Usage

configure authority routing policy statement condition peer-address [<ip-address>]

Positional Arguments

name	description
ip-address	The value to set for this field

Description

ip-address (union)

The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version.

Must be one of the following types:

(0) ipv4-address (string)

The ipv4-address type represents an IPv4 address in dotted-quad notation.

Must be a valid IPv4 address.

(1) ipv6-address (string)

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation.

The canonical format of IPv6 addresses uses the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

Must be a valid IPv6 address.

configure authority routing policy statement condition peer-local

Match local addresses (static or redistributed routes)

Usage

configure authority routing policy statement condition peer-local

Description

empty

Has no value.

configure authority routing policy statement condition prefix-filter

The prefix filter name

Usage

configure authority routing policy statement condition prefix-filter [<filter-ref>]

Positional Arguments

name	description
filter-ref	The value to set for this field

Description

filter-ref (leafref)

A reference to an existing value in the instance data.

configure authority routing policy statement condition probability

The probability of a match

Usage

configure authority routing policy statement condition probability [<percentage>]

Positional Arguments

name	description
percentage	The value to set for this field

Description

percentage (uint8)

Integer indicating a percentage value

Range: 0-100

configure authority routing policy statement condition tag

The tag to match

Usage

configure authority routing policy statement condition tag [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

uint32

An unsigned 32-bit integer.

Range: 1-4294967295

configure authority routing policy statement condition type

The condition type

Usage

configure authority routing policy statement condition type [<identityref>]

Positional Arguments

name	description
identityref	The value to set for this field

Description

identityref

A value from a set of predefined names.

Options:

• address-prefix-filter-condition: An IPv4 prefix filter condition on address
• next-hop-prefix-filter-condition: An IPv4 prefix filter condition on next hop
• source-prefix-filter-condition: An IPv4 prefix filter condition on route source
• address-prefix-filter-ipv6-condition: An IPv6 prefix filter condition on address
• next-hop-prefix-filter-ipv6-condition: An IPv6 prefix filter condition on next hop
• as-path-filter-condition: An autonomous path filter condition
• community-filter-condition: A community filter condition
• extended-community-filter-condition: An extended community filter condition
• next-hop-interface-condition: A next hop interface condition
• metric-condition: A metric condition
• origin-condition: An origin condition
• peer-condition: A peer condition
• probability-condition: A probablity condition
• tag-condition: A tag condition

configure authority routing policy statement name

An arbitrary identifying name

Usage

configure authority routing policy statement name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority routing policy statement policy

The policy action, accept or reject, to be returned if the conditions evaluate to true. If no conditions are given the condition evaluation is true

Usage

configure authority routing policy statement policy [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: accept

enumeration

A value from a set of predefined names.

Options:

• accept: On the conditions evaluating true execute the actions specified in the statement and terminate the policy returning accept
• reject: On the conditions evaluating true do not execute the actions specified in the statement and terminate the policy returning reject

configure authority routing resource-group

Associate this routing configuration with a top-level resource-group.

Usage

configure authority routing resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority secure-conductor-onboarding

Configure Secure Conductor Onboarding

Subcommands

command	description
ca-certificate	The CA certificate used to sign the public certificate.
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
public-certificate	The public certificate the conductor will use to prove it is the correct conductor.
rate-limits	Rate limits for secure conductor onboarding requests.
show	Show configuration data for 'secure-conductor-onboarding'

configure authority secure-conductor-onboarding ca-certificate

The CA certificate used to sign the public certificate.

Usage

configure authority secure-conductor-onboarding ca-certificate [<ca-certificate-ref>]

Positional Arguments

name	description
ca-certificate-ref	The value to set for this field

Description

ca-certificate-ref (leafref) (required)

This type is used by other entities that need to reference configured CA certificate.

configure authority secure-conductor-onboarding public-certificate

The public certificate the conductor will use to prove it is the correct conductor.

Usage

configure authority secure-conductor-onboarding public-certificate [<client-certificate-ref>]

Positional Arguments

name	description
client-certificate-ref	The value to set for this field

Description

client-certificate-ref (leafref) (required)

This type is used by other entities that need to reference configured client certificate.

configure authority secure-conductor-onboarding rate-limits

Rate limits for secure conductor onboarding requests.

Subcommands

command	description
delete	Delete configuration data
global	The maximum number of SCO requests per second allowed from all clients.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
per-client	The maximum number of SCO requests per second allowed from a single client IP.
show	Show configuration data for 'rate-limits'

configure authority secure-conductor-onboarding rate-limits global

The maximum number of SCO requests per second allowed from all clients.

Usage

configure authority secure-conductor-onboarding rate-limits global [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 100

uint16

An unsigned 16-bit integer.

Range: 1-1000

configure authority secure-conductor-onboarding rate-limits per-client

The maximum number of SCO requests per second allowed from a single client IP.

Usage

configure authority secure-conductor-onboarding rate-limits per-client [<uint16>]

Positional Arguments

name	description
uint16	The value to set for this field

Description

Default: 1

uint16

An unsigned 16-bit integer.

Range: 1-100

configure authority security

The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets.

Usage

configure authority security <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the security policy, used to reference it in other configuration sections.

Subcommands

command	description
adaptive-encryption	Prevent packets that are detected as encrypted from being encrypted again as they pass through the router.
delete	Delete configuration data
description	A description of the security policy.
encrypt	When enabled, the router will encrypt metadata (between nodes or routers) or payload (for a service or a tenant).
encryption-cipher	Encryption cipher and mode.
encryption-iv	The initialization vector (IV) for encryption.
encryption-key	The encryption key for the security policy.
hmac	Whether or not to add HMAC to a packet.
hmac-cipher	The cipher used for generating the HMAC value inserted into metadata.
hmac-key	The HMAC key for the security policy.
hmac-mode	Whether or not to add HMAC to packets.
name	An arbitrary, unique name for the security policy, used to reference it in other configuration sections.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Associate this security with a top-level resource-group.
show	Show configuration data for 'security'

configure authority security adaptive-encryption

Prevent packets that are detected as encrypted from being encrypted again as they pass through the router.

Usage

configure authority security adaptive-encryption [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority security description

A description of the security policy.

Usage

configure authority security description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority security encrypt

When enabled, the router will encrypt metadata (between nodes or routers) or payload (for a service or a tenant).

Usage

configure authority security encrypt [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority security encryption-cipher

Encryption cipher and mode.

Usage

configure authority security encryption-cipher [<encryption-cipher>]

Positional Arguments

name	description
encryption-cipher	The value to set for this field

Description

Default: aes-cbc-128

encryption-cipher (enumeration)

Encryption cipher and mode.

Options:

• aes-cbc-128: AES Cipher Block Chaining 128-bit Encryption Mode.
• aes-cbc-256: AES Cipher Block Chaining 256-bit Encryption Mode.

configure authority security encryption-iv

The initialization vector (IV) for encryption.

Usage

configure authority security encryption-iv [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) hex-string (string)

A hexadecimal string with octets represented as hex digits.

Length: 32

(1) hex-string (string)

A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.

Required format: 'XX:XX:XX:XX:XX:XX', where 'X' is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown. Length: 47

configure authority security encryption-key

The encryption key for the security policy.

Usage

configure authority security encryption-key [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) hex-string (string)

A hexadecimal string with octets represented as hex digits.

Length: 32,64

(1) hex-string (string)

A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.

Required format: 'XX:XX:XX:XX:XX:XX', where 'X' is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown. Length: 47,95

configure authority security hmac

Whether or not to add HMAC to a packet.

Usage

configure authority security hmac [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

warning

hmac is deprecated and will be removed in a future software version

boolean

A true or false value.

Options: true or false

configure authority security hmac-cipher

The cipher used for generating the HMAC value inserted into metadata.

Usage

configure authority security hmac-cipher [<hmac-cipher>]

Positional Arguments

name	description
hmac-cipher	The value to set for this field

Description

Default: sha256-128

hmac-cipher (enumeration)

HMAC cipher and mode.

Options:

• sha1: SHA1 160-bit Key Hashed Message Authentication Code Mode.
• sha256: SHA256 256-bit Key Hashed Message Authentication Code Mode.
• sha256-128: SHA256 128-bit Key Hashed Message Authentication Code Mode.
• sha384: SHA384 384-bit Key Hashed Message Authentication Code Mode.
• sha512: SHA512 512-bit Key Hashed Message Authentication Code Mode.

configure authority security hmac-key

The HMAC key for the security policy.

Usage

configure authority security hmac-key [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) hex-string (string)

A hexadecimal string with octets represented as hex digits.

Length: 8,16,32,40,64

(1) hex-string (string)

A hexadecimal string with octets represented as hex digits separated by colons. The canonical representation uses lowercase characters.

Required format: 'XX:XX:XX:XX:XX:XX', where 'X' is a hexidecimal digit (e.g., 00:0a:95:9d:68:16). Length may vary from the example shown. Length: 11,23,47,59,95

configure authority security hmac-mode

Whether or not to add HMAC to packets.

Usage

configure authority security hmac-mode [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: time-based

enumeration

A value from a set of predefined names.

Options:

• disabled: Do not add HMAC to packets.
• regular: Add HMAC to packets.
• time-based: Add time-based HMAC to packets.

configure authority security name

An arbitrary, unique name for the security policy, used to reference it in other configuration sections.

Usage

configure authority security name [<name-id>]

Positional Arguments

name	description
name-id	The value to set for this field

Description

name-id (string)

A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-63

configure authority security resource-group

Associate this security with a top-level resource-group.

Usage

configure authority security resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority security-key-management

Configure Security Key Management

Subcommands

command	description
ca-profile	Configure Ca Profile
clone	Clone a list item
delete	Delete configuration data
invalid-certificate-behavior	Behavior when a certificate is revoked, expired, or invalid.
key-exchange-algorithm	Key exchange algorithm selection for security key management for authority.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
payload-key-rekey-interval	Hours between payload security key regeneration.
peer-key-rekey-interval	Hours between security key regeneration for peer routers.
peer-key-retransmit-interval	Seconds between security key retransmission for peer routers, when peer key establishment has not been acknowledged.
peer-key-timeout	Seconds before security key retransmission timeout for peer routers, when peer key establishment has not been acknowledged.
show	Show configuration data for 'security-key-management'

configure authority security-key-management ca-profile

Configure CA Profile

Usage

configure authority security-key-management ca-profile <url>

Positional Arguments

name	description
url	Location of the CA.

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
revocation-check-interval	Hours between security key revocation check.
show	Show configuration data for 'ca-profile'
url	Location of the CA.

configure authority security-key-management ca-profile revocation-check-interval

Hours between security key revocation check.

Usage

configure authority security-key-management ca-profile revocation-check-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: hours

Default: 48

uint32

An unsigned 32-bit integer.

Range: 0-720

configure authority security-key-management ca-profile url

Location of the CA.

Usage

configure authority security-key-management ca-profile url [<uri>]

Positional Arguments

name	description
uri	The value to set for this field

Description

uri (string)

The uri type represents a Uniform Resource Identifier (URI) as defined by STD 66.

Objects using the uri type MUST be in US-ASCII encoding, and MUST be normalized as described by RFC 3986 Sections 6.2.1, 6.2.2.1, and 6.2.2.2. All unnecessary percent-encoding is removed, and all case-insensitive characters are set to lowercase except for hexadecimal digits, which are normalized to uppercase as described in Section 6.2.2.1.

The purpose of this normalization is to help provide unique URIs. Note that this normalization is not sufficient to provide uniqueness. Two URIs that are textually distinct after this normalization may still be equivalent.

Objects using the uri type may restrict the schemes that they permit. For example, 'data:' and 'urn:' schemes might not be appropriate.

A zero-length URI is not a valid URI. This can be used to express 'URI absent' where required.

In the value set and its semantics, this type is equivalent to the Uri SMIv2 textual convention defined in RFC 5017.

configure authority security-key-management invalid-certificate-behavior

Behavior when a certificate is revoked, expired, or invalid.

Usage

configure authority security-key-management invalid-certificate-behavior [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: fail-soft

enumeration

A value from a set of predefined names.

Options:

• fail-soft: An indication will be presented that appropriate action needs to be taken.
• fail-hard: Remove all peering relationships and do not participate in SVR.

configure authority security-key-management key-exchange-algorithm

Key exchange algorithm selection for security key management for authority.

Subcommands

command	description
delete	Delete configuration data
diffie-hellman	Diffie-Hellman algorithm.
diffie-hellman-ml-kem	Diffie-Hellman and ML-KEM hybrid algorithm.
ml-kem	ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'key-exchange-algorithm'

configure authority security-key-management key-exchange-algorithm diffie-hellman

Configure the Diffie-Hellman algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman'

configure authority security-key-management key-exchange-algorithm diffie-hellman dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority security-key-management key-exchange-algorithm diffie-hellman dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem

Diffie-Hellman and ML-KEM hybrid algorithm.

Subcommands

command	description
delete	Delete configuration data
dh-key-size	The key size used for Diffie-Hellman algorithm.
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'diffie-hellman-ml-kem'

configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem dh-key-size

The key size used for Diffie-Hellman algorithm.

Usage

configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem dh-key-size [<diffie-hellman-key-size>]

Positional Arguments

name	description
diffie-hellman-key-size	The value to set for this field

Description

diffie-hellman-key-size (enumeration)

The key size to use in the Diffie-Hellman key exchange

Options:

• 1024: 1024 bit key size
• 2048: 2048 bit key size
• 4096: 4096 bit key size

configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority security-key-management key-exchange-algorithm diffie-hellman-ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority security-key-management key-exchange-algorithm ml-kem

ML-KEM algorithm.

Subcommands

command	description
delete	Delete configuration data
ml-kem-key-size	The key size used for ML-KEM algorithm.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'ml-kem'

configure authority security-key-management key-exchange-algorithm ml-kem ml-kem-key-size

The key size used for ML-KEM algorithm.

Usage

configure authority security-key-management key-exchange-algorithm ml-kem ml-kem-key-size [<ml-kem-key-size>]

Positional Arguments

name	description
ml-kem-key-size	The value to set for this field

Description

ml-kem-key-size (enumeration)

The key size to use in the ML-KEM key exchange

Options:

• 512: 512 bit key size
• 768: 768 bit key size
• 1024: 1024 bit key size

configure authority security-key-management payload-key-rekey-interval

Hours between payload security key regeneration.

Usage

configure authority security-key-management payload-key-rekey-interval [<union>]

Positional Arguments

name	description
union	The value to set for this field

Description

Units: hours

Default: 24

union

A value that corresponds to one of its member types.

Must be one of the following types:

(0) uint32

An unsigned 32-bit integer.

Range: 1-720

(1) enumeration

A value from a set of predefined names.

Options:

• never: never regenerate payload security keys

configure authority security-key-management peer-key-rekey-interval

Hours between security key regeneration for peer routers.

Usage

configure authority security-key-management peer-key-rekey-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: hours

Default: 24

uint32

An unsigned 32-bit integer.

Range: 0-720

configure authority security-key-management peer-key-retransmit-interval

Seconds between security key retransmission for peer routers, when peer key establishment has not been acknowledged.

Usage

configure authority security-key-management peer-key-retransmit-interval [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 30

uint32

An unsigned 32-bit integer.

Range: 5-3600

configure authority security-key-management peer-key-timeout

Seconds before security key retransmission timeout for peer routers, when peer key establishment has not been acknowledged.

Usage

configure authority security-key-management peer-key-timeout [<uint32>]

Positional Arguments

name	description
uint32	The value to set for this field

Description

Units: seconds

Default: 3600

uint32

An unsigned 32-bit integer.

configure authority service

The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services.

Usage

configure authority service <name>

Positional Arguments

name	description
name	An arbitrary, unique name for the service such as the domain/host name portion of the URL to reach the service.

Subcommands

command	description
access-policy	List of access policies by address prefix, QSN or tenant and prefix.
access-policy-generated	Indicates whether or not the access-policy configuration was automatically created during conductor service generation.
address	The destination address prefix or hostname to match the route.
application-identification	Application identification mode.
application-name	Application name to identify application. This will be matched against the Domain Names imported via the application modules
application-type	Use generic service behavior, or custom application specific logic.
applies-to	Logical group to which a configuration element applies
clone	Clone a list item
delete	Delete configuration data
description	A description about the service/application.
domain-name	Domain name that identifies a service. Traffic matching this domain name will be considered to belong to this service.
domain-name-category	Domain name categorization of this service. This will be matched against the imported categories using the domain pulled from the data stream
dscp-range	When matched with a dscp-steering configuration in the network-interface, this dscp-range allows tunnel traffic to be matched to a more specific service via DSCP value.
enabled	Enable/disable the service. When disabled, packets addressed to this service's address(es) will not be processed.
fqdn-resolution-type	IP address family to use for FQDN resolutions for this service.
generate-categories	Automatically generate category-based application identification services under this service.
generated	Indicates whether or not the Service was automatically generated as a result of Conductor, BGP/SVR, or DHCP Relay services.
multicast-sender-policy	List of multicast sender policies by address prefix, QSN or tenant and prefix.
name	An arbitrary, unique name for the service such as the domain/host name portion of the URL to reach the service.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
scope	Defines whether or not tenantless sources have access to this service.
security	The name of the security policy to use for the service
service-group	A string used to group services together, where each service with the same string gets added to the service group. Service Groups can be referenced within the QSN to target a group of services.
service-policy	Service policy that applies to the service.
session-record	Settings related to session records.
share-service-routes	Enable/disable sharing of service routes with other routers via STEP.
show	Show configuration data for 'service'
source-nat	Configure Source Nat
subcategory	Subcategory of this service. This will be matched against the subcategory classification derived from the data stream. Subcategories are treated as more specific matches than its enclosing category.
tap-multiplexing	Enable/disable tap-multiplexing on this service.
tenant	The configured tenant.
transport	The transport protocol(s) and port(s) for the service.
ttl-padding	Configure Ttl Padding
url	URL that identifies a service. Traffic matching this URL will be considered to belong to this service.

configure authority service access-policy

List of access policies by address prefix, QSN or tenant and prefix.

Usage

configure authority service access-policy <source>

Positional Arguments

name	description
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Subcommands

command	description
anti-virus-policy	Built-in policy for unified threat management.
anti-virus-profile	User-defined profile for unified threat management.
delete	Delete configuration data
idp-policy	Built-in policy for intrusion detection prevention and monitoring.
idp-profile	User-defined profile for intrusion detection prevention and monitoring.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
permission	Whether or not to allow access to the service.
show	Show configuration data for 'access-policy'
source	The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service
syslog	Configure Syslog

configure authority service access-policy anti-virus-policy

Built-in policy for unified threat management.

Usage

configure authority service access-policy anti-virus-policy [<optional-anti-virus-policy>]

Positional Arguments

name	description
optional-anti-virus-policy	The value to set for this field

Description

optional-anti-virus-policy (enumeration)

Predefined policies for Unified Threat Management.

Options:

• none: No AV policy.
• default-policy: Include all protocols.
• no-ftp: Include all protocols except ftp.
• http-only: Include only http protocol.

configure authority service access-policy anti-virus-profile

User-defined profile for unified threat management.

Usage

configure authority service access-policy anti-virus-profile [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority service access-policy idp-policy

Built-in policy for intrusion detection prevention and monitoring.

Usage

configure authority service access-policy idp-policy [<optional-idp-policy>]

Positional Arguments

name	description
optional-idp-policy	The value to set for this field

Description

optional-idp-policy (enumeration)

Predefined policies for intrusion detection actions

Options:

• none: No IDP policy.
• alert: A policy that only alerts.
• standard: The standard blocking and alerting policy.
• strict: A strict blocking and alerting policy.
• critical: A strict blocking and alerting policy with dynamic group critical.

configure authority service access-policy idp-profile

User-defined profile for intrusion detection prevention and monitoring.

Usage

configure authority service access-policy idp-profile [<leafref>]

Positional Arguments

name	description
leafref	The value to set for this field

Description

leafref

A reference to an existing value in the instance data.

configure authority service access-policy permission

Whether or not to allow access to the service.

Usage

configure authority service access-policy permission [<access-mode>]

Positional Arguments

name	description
access-mode	The value to set for this field

Description

Default: allow

access-mode (enumeration)

Enumeration defining whether access is allowed or denied.

Options:

• allow: Allow access.
• deny: Deny access.

configure authority service access-policy source

The source QSN or address(es) to which the policy applies. For a QSN, this may be a tenant, service-group, or service, or a combination there of. The following forms are valid: tenant tenant/service-group/ tenant/service-group/service tenant/service /service-group/ /service-group/service /service

Usage

configure authority service access-policy source [<source-spec>]

Positional Arguments

name	description
source-spec	The value to set for this field

Description

source-spec (union)

A source address prefix, QSN, service-group or combination of tenant-name and prefix.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

(2) qsn (string)

Qualified Service Name in the form: tenant[.authority][/[service-group/]service]

Must contain only alphanumeric characters or any of the following: / . _ - Required format: 'Tenant[.Authority[/ServiceGroup[/Service]]]'. No forward slash-delimited segment can exceed 62 characters.(e.g., Engineering.Authority128/Video/private_conferencing). Length: 1-1024

(3) service-spec (string)

Service group and service name portion of a Qualified Service Name.

Must contain only alphanumeric characters or any of the following: - _ / . Required format: '/groupLabel1[/groupLabel2[/groupLabel3...]]'. No forward slash-delimited segment can exceed 62 characters. Length: 0-127

(4) tenant-prefix (string)

A string identifier for a tenant prefix. Consists of a valid tenant name, followed by @ and a valid IP Address.

Must contain a valid tenant name, followed by @ and a valid IP Address. Length: 0-280

configure authority service access-policy syslog

Configure Syslog

Subcommands

command	description
delete	Delete configuration data
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'syslog'
syslog-policy	Syslog policy to be applied to the access policy.

configure authority service access-policy syslog syslog-policy

Syslog policy to be applied to the access policy.

Usage

configure authority service access-policy syslog syslog-policy [<syslog-policy-name>]

Positional Arguments

name	description
syslog-policy-name	The value to set for this field

Description

syslog-policy-name (string)

This type is used by other entities that need to reference configured syslog profiles.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-15

configure authority service access-policy-generated

Indicates whether or not the access-policy configuration was automatically created during conductor service generation.

Usage

configure authority service access-policy-generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority service address

The destination address prefix or hostname to match the route.

Usage

configure authority service address [<host-prefix>]

Positional Arguments

name	description
host-prefix	Value to add to this list

Description

host-prefix (union)

The host type represents either an IP prefix or a DNS domain name.

Must be one of the following types:

(0) ipv4-prefix (string)

The ipv4-prefix type represents an IPv4 address prefix. The prefix length is given by the number following the slash character and must be less than or equal to 32.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The canonical format of an IPv4 prefix has all bits of the IPv4 address set to zero that are not part of the IPv4 prefix.

(1) ipv6-prefix (string)

The ipv6-prefix type represents an IPv6 address prefix. The prefix length is given by the number following the slash character and must be less than or equal 128.

A prefix length value of n corresponds to an IP address mask that has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0.

The IPv6 address should have all bits that do not belong to the prefix set to zero.

The canonical format of an IPv6 prefix has all bits of the IPv6 address set to zero that are not part of the IPv6 prefix. Furthermore, IPv6 address is represented in the compressed format described in RFC 4291, Section 2.2, item 2 with the following additional rules: the :: substitution must be applied to the longest sequence of all-zero 16-bit chunks in an IPv6 address. If there is a tie, the first sequence of all-zero 16-bit chunks is replaced by ::. Single all-zero 16-bit chunks are not compressed. The canonical format uses lowercase characters and leading zeros are not allowed.

(2) domain-name (string)

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible.

Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability.

The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation.

The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitely or it may depend on the configuration of the resolver.

Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492

Length: 1-253

configure authority service application-identification

Application identification mode.

Usage

configure authority service application-identification [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: inherited

enumeration

A value from a set of predefined names.

Options:

• inherited: Inherit from router level config for application identification.
• disabled: Disable application identification.

configure authority service application-name

Application name to identify application. This will be matched against the Domain Names imported via the application modules

Usage

configure authority service application-name [<glob-pattern>]

Positional Arguments

name	description
glob-pattern	Value to add to this list

Description

glob-pattern (string)

A glob style pattern (following POSIX.2 fnmatch() without special treatment of file paths):

• • matches a sequence of characters
• ? matches a single character
• [seq] matches any character in seq
• [!seq] matches any character not in seq

A backslash followed by a character matches the following character. In particular:

• * matches *
• ? matches ?
• \ matches \

A sequence seq may be a sequence of characters (e.g., [abc] or a range of characters (e.g., [a-c]).

Length: 1-18446744073709551615

configure authority service application-type

Use generic service behavior, or custom application specific logic.

Usage

configure authority service application-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: generic

enumeration

A value from a set of predefined names.

Options:

• generic: Default service handling.
• dhcp-relay: Act as a DHCP relay.
• dns-proxy: Act as a DNS Proxy.
• ftp-control: Handle FTP control traffic on this service. Pinholes for data flows will be established based on passive mode exchanges detected on the control flows.
• ftp-data: Pinhole service for FTP data flows. Must be paired with an FTP control service to be effective.
• template: Template service for hierarchical services.

configure authority service applies-to

Logical group to which a configuration element applies

Usage

configure authority service applies-to <type>

Positional Arguments

name	description
type	Type of group to which the configuration applies.

Subcommands

command	description
delete	Delete configuration data
group-name	Name of the router-group to which this configuration applies.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
resource-group	Name of the resource-group to which this configuration applies.
router-name	Name of the router to which this configuration applies.
show	Show configuration data for 'applies-to'
type	Type of group to which the configuration applies.

configure authority service applies-to group-name

Name of the router-group to which this configuration applies.

Usage

configure authority service applies-to group-name [<leafref>]

Positional Arguments

name	description
leafref	Value to add to this list

Description

leafref

A reference to an existing value in the instance data.

configure authority service applies-to resource-group

Name of the resource-group to which this configuration applies.

Usage

configure authority service applies-to resource-group [<resource-group-ref>]

Positional Arguments

name	description
resource-group-ref	Value to add to this list

Description

resource-group-ref (leafref)

This type is used by other entities that need to reference configured resource groups.

configure authority service applies-to router-name

Name of the router to which this configuration applies.

Usage

configure authority service applies-to router-name [<leafref>]

Positional Arguments

name	description
leafref	Value to add to this list

Description

leafref

A reference to an existing value in the instance data.

configure authority service applies-to type

Type of group to which the configuration applies.

Usage

configure authority service applies-to type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

enumeration

A value from a set of predefined names.

Options:

• authority: Applies to all routers in the authority.
• router: Router(s) to which the configuration applies.
• router-group: Logical group of router(s) to which the configuration applies.
• resource-group: An RBAC management group to which the configuration applies

configure authority service description

A description about the service/application.

Usage

configure authority service description [<string>]

Positional Arguments

name	description
string	The value to set for this field

Description

string

A text value.

configure authority service domain-name

Domain name that identifies a service. Traffic matching this domain name will be considered to belong to this service.

Usage

configure authority service domain-name [<glob-pattern>]

Positional Arguments

name	description
glob-pattern	Value to add to this list

Description

glob-pattern (string)

A glob style pattern (following POSIX.2 fnmatch() without special treatment of file paths):

• matches a sequence of characters ? matches a single character [seq] matches any character in seq [!seq] matches any character not in seq

A backslash followed by a character matches the following character. In particular:

* matches * ? matches ? \ matches \

A sequence seq may be a sequence of characters (e.g., [abc] or a range of characters (e.g., [a-c]).

Length: 1-18446744073709551615

configure authority service domain-name-category

Domain name categorization of this service. This will be matched against the imported categories using the domain pulled from the data stream

Usage

configure authority service domain-name-category [<domain-category-type>]

Positional Arguments

name	description
domain-category-type	Value to add to this list

Description

domain-category-type (string)

A domain name category type identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 20 characters.

Must contain only alphanumeric characters or any of the following: _ - Length: 0-20

configure authority service dscp-range

When matched with a dscp-steering configuration in the network-interface, this dscp-range allows tunnel traffic to be matched to a more specific service via DSCP value.

Usage

configure authority service dscp-range <start-value>

Positional Arguments

name	description
start-value	Lower DSCP number.

Subcommands

command	description
delete	Delete configuration data
end-value	Upper DSCP number.
override-generated	Force auto-generated configuration and any modifications to it to persist on commit
show	Show configuration data for 'dscp-range'
start-value	Lower DSCP number.

configure authority service dscp-range end-value

Upper DSCP number.

Usage

configure authority service dscp-range end-value [<dscp-end-value>]

Positional Arguments

name	description
dscp-end-value	The value to set for this field

Description

dscp-end-value (uint8)

Upper dscp range value. Default value is the start dscp value

Range: 0-63

configure authority service dscp-range start-value

Lower DSCP number.

Usage

configure authority service dscp-range start-value [<dscp>]

Positional Arguments

name	description
dscp	The value to set for this field

Description

dscp (uint8) (required)

A DSCP value (0-63)

Range: 0-63

configure authority service enabled

Enable/disable the service. When disabled, packets addressed to this service's address(es) will not be processed.

Usage

configure authority service enabled [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: true

boolean

A true or false value.

Options: true or false

configure authority service fqdn-resolution-type

IP address family to use for FQDN resolutions for this service.

Usage

configure authority service fqdn-resolution-type [<enumeration>]

Positional Arguments

name	description
enumeration	The value to set for this field

Description

Default: v4

enumeration

A value from a set of predefined names.

Options:

• v4: Resolve FQDNs as IPv4 addresses only.
• v6: Resolve FQDNs as IPv6 addresses only.

configure authority service generate-categories

Automatically generate category-based application identification services under this service.

Usage

configure authority service generate-categories [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

Default: false

boolean

A true or false value.

Options: true or false

configure authority service generated

Indicates whether or not the Service was automatically generated as a result of Conductor, BGP/SVR, or DHCP Relay services.

Usage

configure authority service generated [<boolean>]

Positional Arguments

name	description
boolean	The value to set for this field

Description

boolean

A true or false value.

Options: true or false

configure authority service multicast-sender-policy