From 93f7c9271674cf99d556a2216ee8b22bf46d4d7e Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 22 Jul 2024 16:27:39 -0400 Subject: [PATCH 01/13] start of release notes --- docs/release_notes_128t_5.6.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index b16bfd9bc7..69b1741257 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -24,6 +24,38 @@ Before upgrading please review the [**Upgrade Considerations**](intro_upgrade_co ------ - **Plugin Upgrades:** If you are running with plugins, updates are required for some plugins **before** upgrading the conductor to SSR version 5.4.0 or higher. Please review the [Plugin Configuration Generation Changes](intro_upgrade_considerations.md#plugin-configuration-generation-changes) for additional information. +## Release 5.6.16-8 + +**Release Date:** July 26, 2024 + +### Resolved Issues + +- **The following CVE's have been identified and addressed in this release:** +CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868 +------ +- **I95-47195 Address multiple PPPoE issues:** Reintroduced the PPPoE network `reinit` script to resolve a highway crash caused by the PPPoE/LTE target `ifcfg` being a `nullptr`. +------ +- **I95-47196 PPPoE device shown as operationally down when it is up:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. +------ +- **I95-49015 PPPoE interface is not resolved after reboot of node even though auto negotiation is enabled:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. +------ +- **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. +------ +- **I95-49218 +------ +- **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding). +------ +- **I95-56203 The First Article Inspection (FAI) scan archive is empty:** Resolved an issue with `logrotate` clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files. +------ +- **I95-56236 Routers not able to be onboarded after upgrading a Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the results files from being reviewed for errors, which stopped the onboarding process. +------ + + +------ +- **I95-56682 :** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. +--- + + ## Release 5.6.15-1 **Release Date:** June 27, 2024 From 89f94d8dfbc2adee04b4e1baf72c3fd641cddab0 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 22 Jul 2024 16:31:20 -0400 Subject: [PATCH 02/13] more --- docs/release_notes_128t_5.6.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index 69b1741257..cdead74a8d 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -49,7 +49,16 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-56236 Routers not able to be onboarded after upgrading a Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the results files from being reviewed for errors, which stopped the onboarding process. ------ +- **I95-56326 Potential crash while collecting TSI:** Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash. +------ +- **I95-56455 Zero-byte files when updating conductor hardware using an OTP image:** A check has been added to verify that `api.key` and `router-api.key` are non-zero length and valid. If not, the keys are regenerated. +------ + +- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The `ComponentDiskUtilizationMonitor` checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process. +------ +- **I95-56612 `fib-service-match any-match` missing some FIB entries:** Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue. +------ ------ - **I95-56682 :** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. From 7c6ce00e0a078c157660835a283049e06832ebf8 Mon Sep 17 00:00:00 2001 From: Chris Date: Tue, 23 Jul 2024 17:05:22 -0400 Subject: [PATCH 03/13] generating release notes. Still have to add command information and link. --- docs/about_releases.mdx | 2 +- docs/release_notes_128t_5.6.md | 35 ++++++++++++++++++++++++++++------ docs/releases.table.js | 5 +++++ 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/docs/about_releases.mdx b/docs/about_releases.mdx index 1f2a2483a0..7c029f97af 100644 --- a/docs/about_releases.mdx +++ b/docs/about_releases.mdx @@ -26,7 +26,7 @@ Version `6.1.0` introduces changes to the SSR software release model. Every six | --| -- | -- | -- | -- | -- | | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39) | November 16, 2023 | [6.2.5](release_notes_128t_6.2.md#release-625-5r2) | November 16, 2025 | May 16, 2026 | | Release 6.1 | [6.1.0](release_notes_128t_6.1.md#release-610-55) | April 14, 2023 | [6.1.9](release_notes_128t_6.1.md#release-619-2) | September 22, 2025 | June 22, 2026 | -| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.15](release_notes_128t_5.6.md#release-5615-1) | June 16, 2024 | December 16, 2024 | +| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.15](release_notes_128t_5.6.md#release-5616-9) | June 16, 2024 | December 16, 2024 | ## Out of Support diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index cdead74a8d..4373139301 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -41,7 +41,7 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------ -- **I95-49218 +- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `rib-policy ipv4|ipv6 policy ` command from either the `routing default-instance` or inside `vrf` to provide addtional filtering for OSPF routes. For more information see [`routing default-instance rib-policy`](add_link_here). ------ - **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding). ------ @@ -53,16 +53,39 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-56455 Zero-byte files when updating conductor hardware using an OTP image:** A check has been added to verify that `api.key` and `router-api.key` are non-zero length and valid. If not, the keys are regenerated. ------ - - +- **I95-56527 Failure of GUI to validate and commit PCLI executed change:** Resolved an issue where an escape character caused the generation of an invalide JSON document. +------ - **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The `ComponentDiskUtilizationMonitor` checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process. ------ - **I95-56612 `fib-service-match any-match` missing some FIB entries:** Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue. ------- - ------ - **I95-56682 :** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ---- +------ +- **I95-56715 Address validation in migrate feature in conductor UI is not working correctly:** Resolved an isssue between the client and the server during the use of the GUI `migrate` operation, where the conductor address was not read correctly, and returning an irrelevant error message. +------ +- **I95-56726 `No Timeout Queue` message logged in cases where a config commit fails, or a conductor fails to load a config on startup:** Resolved an issue with `ThreadPoolWithExternalPoller` that resulted in a stack trace in the logs which starts with message `No TimeoutQueue:`. +------ +- **I95-56727 Allow domain names that begin with numerically:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`. +------ +- **I95-56822 Router stuck in a continuous upgrade/failure state:** Resolved an issue when DNS name servers were changed on the conductor, in certain cases the conductor software proxy would not correctly load these changes. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests. +------ +- **I95-56843 Error logs filled with irrelevant KNI network script info:** The log output has been reduced to provide related information. +------ +- **I95-56843 lte / pppoe default-route check incorrectly reporting warnings:** Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without `default-route` or `management-vector` configured. +------ +- **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor. +------ +- **I95-57000 Hub crash while generating TSI log:** Resolved an issue where unmapped memory access during packet buffer location walk caused a hub crash. Protections against unmapped memory access have been added. +------ +- **I95-57017 Application ID failed to block some domains:** Resolved an issue where DPI failed to identify the domain-name from SNI if the `client-hello` is split up into multiple TCP packet segments. +------ +- **I95-57082 Unable to delete a capture-filter using an escape character (/):** This issue has been resolved. +------ +- **I95-57110 Crash seen during add and delete peers while sending traffic:** A race condition has been fixed that could cause a crash in the packet-processing highway process if a peer-path is removed from configuration. +------ +- **I95-57114 Unable to upgrade AWS Conductor:** Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade. +------ +- **I95-57205 Repeated core dumps:** Resolved a race condition where a thread tries to call a function before the object is fully made. In this case the object was for DHCP, LTE, and PPPoE interfaces. ## Release 5.6.15-1 diff --git a/docs/releases.table.js b/docs/releases.table.js index 28cb092d3d..5d56277fd5 100644 --- a/docs/releases.table.js +++ b/docs/releases.table.js @@ -5,6 +5,11 @@ import React from "react"; // New entries should be placed at the top. // ---------------------------------------------------------------------------- export const releases = [ + { + version: '5.6.16', + url:'release_notes_128t_5.6#release-5616-9', + releaseDate: 'July 26, 2024', + }, { version: '5.6.15', url:'release_notes_128t_5.6#release-5615-1', From b724085eefde99efc748fc3aef9395fd2091ddbf Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 25 Jul 2024 10:16:39 -0400 Subject: [PATCH 04/13] adding rib policy command info. --- docs/about_releases.mdx | 2 +- docs/config_command_guide.md | 153 +++++++++++++++++++++++++++++++++ docs/release_notes_128t_5.6.md | 4 +- docs/releases.table.js | 2 +- 4 files changed, 157 insertions(+), 4 deletions(-) diff --git a/docs/about_releases.mdx b/docs/about_releases.mdx index 7c029f97af..0208e9e23d 100644 --- a/docs/about_releases.mdx +++ b/docs/about_releases.mdx @@ -26,7 +26,7 @@ Version `6.1.0` introduces changes to the SSR software release model. Every six | --| -- | -- | -- | -- | -- | | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39) | November 16, 2023 | [6.2.5](release_notes_128t_6.2.md#release-625-5r2) | November 16, 2025 | May 16, 2026 | | Release 6.1 | [6.1.0](release_notes_128t_6.1.md#release-610-55) | April 14, 2023 | [6.1.9](release_notes_128t_6.1.md#release-619-2) | September 22, 2025 | June 22, 2026 | -| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.15](release_notes_128t_5.6.md#release-5616-9) | June 16, 2024 | December 16, 2024 | +| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.15](release_notes_128t_5.6.md#release-5616-3) | June 16, 2024 | December 16, 2024 | ## Out of Support diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md index 8fcf0c8a03..8cdc0695dc 100755 --- a/docs/config_command_guide.md +++ b/docs/config_command_guide.md @@ -16638,6 +16638,82 @@ configure authority router routing pim rp group-range [] | ---- | ----------- | | multicast-ipv4-prefix | The value to set for this field | +## `configure authority router routing rib-policy` + +List of protocol specific RIB policies + +#### Usage + +``` +configure authority router routing rib-policy +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| family | The routing protocol address family | +| protocol | The routing protocol RIB policy | + +##### Subcommands + +| command | description | +| ------- | ----------- | +| `delete` | Delete configuration data | +| [`family`](#configure-authority-router-routing-rib-policy-family) | The routing protocol address family | +| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | +| [`policy`](#configure-authority-router-routing-rib-policy-policy) | A policy to apply to the protocol route | +| [`protocol`](#configure-authority-router-routing-rib-policy-protocol) | The routing protocol RIB policy | +| `show` | Show configuration data for 'rib-policy' | + +## `configure authority router routing rib-policy family` + +The routing protocol address family + +#### Usage + +``` +configure authority router routing rib-policy family [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| rib-family | The value to set for this field | + +## `configure authority router routing rib-policy policy` + +A policy to apply to the protocol route + +#### Usage + +``` +configure authority router routing rib-policy policy [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| policy-ref | The value to set for this field | + +## `configure authority router routing rib-policy protocol` + +The routing protocol RIB policy + +#### Usage + +``` +configure authority router routing rib-policy protocol [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| rib-protocol | The value to set for this field | + ## `configure authority router routing routing-protocol` Each entry contains configuration of a routing protocol instance. @@ -20423,6 +20499,83 @@ configure authority router routing vrf pim rp group-range [ +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| family | The routing protocol address family | +| protocol | The routing protocol RIB policy | + +##### Subcommands + +| command | description | +| ------- | ----------- | +| `delete` | Delete configuration data | +| [`family`](#configure-authority-router-routing-vrf-rib-policy-family) | The routing protocol address family | +| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | +| [`policy`](#configure-authority-router-routing-vrf-rib-policy-policy) | A policy to apply to the protocol route | +| [`protocol`](#configure-authority-router-routing-vrf-rib-policy-protocol) | The routing protocol RIB policy | +| `show` | Show configuration data for 'rib-policy' | + +## `configure authority router routing vrf rib-policy family` + +The routing protocol address family + +#### Usage + +``` +configure authority router routing vrf rib-policy family [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| rib-family | The value to set for this field | + +## `configure authority router routing vrf rib-policy policy` + +A policy to apply to the protocol route + +#### Usage + +``` +configure authority router routing vrf rib-policy policy [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| policy-ref | The value to set for this field | + +## `configure authority router routing vrf rib-policy protocol` + +The routing protocol RIB policy + +#### Usage + +``` +configure authority router routing vrf rib-policy protocol [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| rib-protocol | The value to set for this field | + ## `configure authority router routing vrf routing-protocol` Each entry contains configuration of a routing protocol instance. diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index 4373139301..dad0694568 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -24,7 +24,7 @@ Before upgrading please review the [**Upgrade Considerations**](intro_upgrade_co ------ - **Plugin Upgrades:** If you are running with plugins, updates are required for some plugins **before** upgrading the conductor to SSR version 5.4.0 or higher. Please review the [Plugin Configuration Generation Changes](intro_upgrade_considerations.md#plugin-configuration-generation-changes) for additional information. -## Release 5.6.16-8 +## Release 5.6.16-3 **Release Date:** July 26, 2024 @@ -41,7 +41,7 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------ -- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `rib-policy ipv4|ipv6 policy ` command from either the `routing default-instance` or inside `vrf` to provide addtional filtering for OSPF routes. For more information see [`routing default-instance rib-policy`](add_link_here). +- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_caommand_guide.md#configure-authority-router-routing-vrf-rib-policy). ------ - **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding). ------ diff --git a/docs/releases.table.js b/docs/releases.table.js index 5d56277fd5..df6481a4fa 100644 --- a/docs/releases.table.js +++ b/docs/releases.table.js @@ -7,7 +7,7 @@ import React from "react"; export const releases = [ { version: '5.6.16', - url:'release_notes_128t_5.6#release-5616-9', + url:'release_notes_128t_5.6#release-5616-3', releaseDate: 'July 26, 2024', }, { From 49c155ee76f5feb08dd98936fa395b605f5f8973 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 25 Jul 2024 10:33:15 -0400 Subject: [PATCH 05/13] fix typo --- docs/release_notes_128t_5.6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index dad0694568..1275c16e6b 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -41,7 +41,7 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------ -- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_caommand_guide.md#configure-authority-router-routing-vrf-rib-policy). +- **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_command_guide.md#configure-authority-router-routing-vrf-rib-policy). ------ - **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding). ------ From 366326f59a2fe11b046f4f895fbb459f3872ef15 Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 25 Jul 2024 15:52:03 -0400 Subject: [PATCH 06/13] Added review comments --- docs/release_notes_128t_5.6.md | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index 1275c16e6b..b97422fe2f 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -33,41 +33,33 @@ Before upgrading please review the [**Upgrade Considerations**](intro_upgrade_co - **The following CVE's have been identified and addressed in this release:** CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868 ------ -- **I95-47195 Address multiple PPPoE issues:** Reintroduced the PPPoE network `reinit` script to resolve a highway crash caused by the PPPoE/LTE target `ifcfg` being a `nullptr`. ------- -- **I95-47196 PPPoE device shown as operationally down when it is up:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------- -- **I95-49015 PPPoE interface is not resolved after reboot of node even though auto negotiation is enabled:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. +- **I95-47195, I95-47196, I95-49015, I95-49599, I95-56682 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed:** Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface. ------ - **I95-49018 Peers are not coming up for PPPoE interface on a standalone setup:** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------ - **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_command_guide.md#configure-authority-router-routing-vrf-rib-policy). ------ -- **I95-49599 PPPd and PPPoE-connect prematurely killed by `reinit`:** This has been resolved by skipping network `reinit` when namespace, KNI, and target-interface remain unchanged. This avoids pppd being killed prematurely before PADO timeout (used to determine server not responding). ------- - **I95-56203 The First Article Inspection (FAI) scan archive is empty:** Resolved an issue with `logrotate` clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files. ------ -- **I95-56236 Routers not able to be onboarded after upgrading a Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the results files from being reviewed for errors, which stopped the onboarding process. +- **I95-56236 Routers unable to onboard after upgrading the Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process. ------ -- **I95-56326 Potential crash while collecting TSI:** Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash. +- **I95-56326 / I95-57000 Potential crash while collecting TSI:** Added protection against unmapped memory access to resolve an issue where, if a TSI is collected at just the wrong time, it can cause a highway crash. ------ - **I95-56455 Zero-byte files when updating conductor hardware using an OTP image:** A check has been added to verify that `api.key` and `router-api.key` are non-zero length and valid. If not, the keys are regenerated. ------ -- **I95-56527 Failure of GUI to validate and commit PCLI executed change:** Resolved an issue where an escape character caused the generation of an invalide JSON document. +- **I95-56527 Failure to validate and commit config; system incorrectly expected escape sequence:** Resolved an issue where capture-filter expected an escape sequence for input when it was not necessary. ------ -- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The `ComponentDiskUtilizationMonitor` checks the disk usage too frequently and is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process. +- **I95-56575 Reduce polling rate of disk monitoring and add optimization:** The disk monitoring agent polling frequently is inefficient. Reduced the frequency that disk usage is checked, and streamlined the process. ------ - **I95-56612 `fib-service-match any-match` missing some FIB entries:** Resolved an issue when a service-address was more specific than the last route update, a search for other less specific services was not performed. Now when the service address update is more specific, additional searches will continue. ------ -- **I95-56682 :** Reintroduced network `reinit` script to reinitialize namespace, KNI, and target-interface after a config change in the `network-interface`, or under abnormal conditions such as the `target-interface` being moved out from the namespace. ------- - **I95-56715 Address validation in migrate feature in conductor UI is not working correctly:** Resolved an isssue between the client and the server during the use of the GUI `migrate` operation, where the conductor address was not read correctly, and returning an irrelevant error message. ------ - **I95-56726 `No Timeout Queue` message logged in cases where a config commit fails, or a conductor fails to load a config on startup:** Resolved an issue with `ThreadPoolWithExternalPoller` that resulted in a stack trace in the logs which starts with message `No TimeoutQueue:`. ------ -- **I95-56727 Allow domain names that begin with numerically:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`. +- **I95-56727 Domain names that begin with numbers are not allowed to be configured:** Warnings are no longer generated for domain-name elements of service configurations which have labels beginning with a number, for example `123.abc.com`. ------ -- **I95-56822 Router stuck in a continuous upgrade/failure state:** Resolved an issue when DNS name servers were changed on the conductor, in certain cases the conductor software proxy would not correctly load these changes. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests. +- **I95-56822 Router stuck in a continuous upgrade/failure state:** DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure. ------ - **I95-56843 Error logs filled with irrelevant KNI network script info:** The log output has been reduced to provide related information. ------ @@ -75,18 +67,15 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor. ------ -- **I95-57000 Hub crash while generating TSI log:** Resolved an issue where unmapped memory access during packet buffer location walk caused a hub crash. Protections against unmapped memory access have been added. ------- - **I95-57017 Application ID failed to block some domains:** Resolved an issue where DPI failed to identify the domain-name from SNI if the `client-hello` is split up into multiple TCP packet segments. ------ -- **I95-57082 Unable to delete a capture-filter using an escape character (/):** This issue has been resolved. +- **I95-57082 Unable to delete a capture-filter that contains a forward slash (/):** This issue has been resolved. ------ - **I95-57110 Crash seen during add and delete peers while sending traffic:** A race condition has been fixed that could cause a crash in the packet-processing highway process if a peer-path is removed from configuration. ------ - **I95-57114 Unable to upgrade AWS Conductor:** Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade. ------ -- **I95-57205 Repeated core dumps:** Resolved a race condition where a thread tries to call a function before the object is fully made. In this case the object was for DHCP, LTE, and PPPoE interfaces. - +- **I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash:** This issue has been resolved. ## Release 5.6.15-1 From 386364a0faa522afa68127bffb78167952de2efd Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 2 Aug 2024 16:09:26 -0400 Subject: [PATCH 07/13] typo --- docs/release_notes_128t_5.6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index b97422fe2f..e01248d114 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -63,7 +63,7 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-56843 Error logs filled with irrelevant KNI network script info:** The log output has been reduced to provide related information. ------ -- **I95-56843 lte / pppoe default-route check incorrectly reporting warnings:** Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without `default-route` or `management-vector` configured. +- **I95-56847 lte / pppoe default-route check incorrectly reporting warnings:** Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without `default-route` or `management-vector` configured. ------ - **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor. ------ From 6f6eba65a69ad2dc99544d605d2837a3b9927b2c Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 18 Nov 2024 09:26:32 -0500 Subject: [PATCH 08/13] updated with new jira ids, dates, buiild number. --- docs/about_releases.mdx | 2 +- docs/release_notes_128t_5.6.md | 26 +++++++++++++++++++++++--- docs/releases.table.js | 4 ++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/docs/about_releases.mdx b/docs/about_releases.mdx index 0208e9e23d..133d05914e 100644 --- a/docs/about_releases.mdx +++ b/docs/about_releases.mdx @@ -26,7 +26,7 @@ Version `6.1.0` introduces changes to the SSR software release model. Every six | --| -- | -- | -- | -- | -- | | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39) | November 16, 2023 | [6.2.5](release_notes_128t_6.2.md#release-625-5r2) | November 16, 2025 | May 16, 2026 | | Release 6.1 | [6.1.0](release_notes_128t_6.1.md#release-610-55) | April 14, 2023 | [6.1.9](release_notes_128t_6.1.md#release-619-2) | September 22, 2025 | June 22, 2026 | -| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.15](release_notes_128t_5.6.md#release-5616-3) | June 16, 2024 | December 16, 2024 | +| Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.16](release_notes_128t_5.6.md#release-5616-16) | June 16, 2024 | December 16, 2024 | ## Out of Support diff --git a/docs/release_notes_128t_5.6.md b/docs/release_notes_128t_5.6.md index e01248d114..31341341bc 100644 --- a/docs/release_notes_128t_5.6.md +++ b/docs/release_notes_128t_5.6.md @@ -24,14 +24,14 @@ Before upgrading please review the [**Upgrade Considerations**](intro_upgrade_co ------ - **Plugin Upgrades:** If you are running with plugins, updates are required for some plugins **before** upgrading the conductor to SSR version 5.4.0 or higher. Please review the [Plugin Configuration Generation Changes](intro_upgrade_considerations.md#plugin-configuration-generation-changes) for additional information. -## Release 5.6.16-3 +## Release 5.6.16-16 -**Release Date:** July 26, 2024 +**Release Date:** November 20, 2024 ### Resolved Issues - **The following CVE's have been identified and addressed in this release:** -CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868 +CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, CVE-2019-13631, CVE-2019-15505, CVE-2019-25162, CVE-2020-25656, CVE-2020-36777, CVE-2021-3753, CVE-2021-4204, CVE-2021-46934, CVE-2021-47013, CVE-2021-47055, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47185, CVE-2022-0500, CVE-2022-23222, CVE-2022-3565, CVE-2022-45934, CVE-2022-48627, CVE-2022-48669, CVE-2023-1513, CVE-2023-24023, CVE-2023-25775, CVE-2023-28464, CVE-2023-31083, CVE-2023-3567, CVE-2023-37453, CVE-2023-38409, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-4133, CVE-2023-4244, CVE-2023-42754, CVE-2023-42755, CVE-2023-45863, CVE-2023-51779, CVE-2023-51780, CVE-2023-52340, CVE-2023-52434, CVE-2023-52439, CVE-2023-52445, CVE-2023-52448, CVE-2023-52477, CVE-2023-52489, CVE-2023-52513, CVE-2023-52520, CVE-2023-52528, CVE-2023-52565, CVE-2023-52574, CVE-2023-52578, CVE-2023-52580, CVE-2023-52581, CVE-2023-52594, CVE-2023-52595, CVE-2023-52598, CVE-2023-52606, CVE-2023-52607, CVE-2023-52610, CVE-2023-52620, CVE-2023-6121, CVE-2023-6176, CVE-2023-6240, CVE-2023-6622, CVE-2023-6915, CVE-2023-6932, CVE-2024-0340, CVE-2024-0841, CVE-2024-23307, CVE-2024-25742, CVE-2024-25743, CVE-2024-25744, CVE-2024-26593, CVE-2024-26602, CVE-2024-26603, CVE-2024-26609, CVE-2024-26610, CVE-2024-26615, CVE-2024-26642, CVE-2024-26643, CVE-2024-26659, CVE-2024-26664, CVE-2024-26671, CVE-2024-26693, CVE-2024-26694, CVE-2024-26743, CVE-2024-26744, CVE-2024-26779, CVE-2024-26872, CVE-2024-26892, CVE-2024-26897, CVE-2024-26901, CVE-2024-26919, CVE-2024-26933, CVE-2024-26934, CVE-2024-26964, CVE-2024-26973, CVE-2024-26993, CVE-2024-27014, CVE-2024-27048, CVE-2024-27052, CVE-2024-27056, CVE-2024-27059, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-32487, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2024-3596. ------ - **I95-47195, I95-47196, I95-49015, I95-49599, I95-56682 Forwarding plane crash, causing stranded network namespaces when LTE/PPPoE network-interface name is changed:** Implemented reinit script to reiniatilize namespace, KNI and target-interface after a configuration change in the network-interface. ------ @@ -39,6 +39,8 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-49218 Filter OSPF routes using RIB Policy routes:** Use the `configure authority router routing rib-policy` command from either the routing default-instance (`configure authority router routing`) or inside `configure authority router routing vrf` to provide addtional filtering for OSPF routes. For more information see [`configure authority router routing rib-policy`](config_command_guide.md#configure-authority-router-routing-rib-policy) and [`configure authority router routing vrf rib-policy`](config_command_guide.md#configure-authority-router-routing-vrf-rib-policy). ------ +- **I95-49712 Configuration validation error uniformative:** Resolved an issue that when configuring an SSR, invalid configuration parameters were returning errors that were not specific enough to allow the user to locate the invalid configuration. Now when invalid configuration elements are identified during validation, the messages include relevant information for the invalid element, such as an IP address, node name, router name, interface names, etc. +------ - **I95-56203 The First Article Inspection (FAI) scan archive is empty:** Resolved an issue with `logrotate` clearing all the FAI scan archives. This was due to each archive having a unique name using a timestamp. A different service is now used to rotate the FAI scan files. ------ - **I95-56236 Routers unable to onboard after upgrading the Conductor:** Resolved an issue where the automated provisioner and the Quickstart processes overlapped, preventing the device state from being reviewed for errors, which stopped the onboarding process. @@ -61,12 +63,18 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, ------ - **I95-56822 Router stuck in a continuous upgrade/failure state:** DNS name servers changes on the conductor are not honored. In cases where the DNS configuration changed post boot, the conductor software proxy would not reload the config. In this scenario the proxied router software requests would use an out of date DNS configuration for the proxied requests, resulting in failure. ------ +- **I95-56827 NTP Auth key only permits keys of 20 or 40 characters:** Loosened restrictions on NTP server key length to allow plaintext keys. +------ - **I95-56843 Error logs filled with irrelevant KNI network script info:** The log output has been reduced to provide related information. ------ - **I95-56847 lte / pppoe default-route check incorrectly reporting warnings:** Resolved an issue where warnings were incorrectly shown on the conductor for interfaces without `default-route` or `management-vector` configured. ------ - **I95-56850 Overlap warning on router not present on conductor:** Resolved a case where a service on a router is configured with `applies-to`, and the same service is configured on the conductor (overlap) but does not have `applies-to` configured, the validation process will generate a warning on the router but not the conductor. ------ +- **I95-56879 PPPoE stopped working:** Resolved an issue where the system configuration for the PPPoE interface was missing LCP_FAILURE and LCP_INTERVAL fileds. These fields are now set correctly. +------ +- **I95-56973 Child services do not inherit the service-path configurations from the parent service:** Resolved an issue where child service routes for peers were not inheriting vectors and the `enable-failover` field. +------ - **I95-57017 Application ID failed to block some domains:** Resolved an issue where DPI failed to identify the domain-name from SNI if the `client-hello` is split up into multiple TCP packet segments. ------ - **I95-57082 Unable to delete a capture-filter that contains a forward slash (/):** This issue has been resolved. @@ -76,6 +84,18 @@ CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094, - **I95-57114 Unable to upgrade AWS Conductor:** Resolved an issue where an incorrect package version was installed, triggering a downgrade and preventing the upgrade. ------ - **I95-57205 Race condition on startup with DHCP configured on LTE or PPPoE interface, causing system to crash:** This issue has been resolved. +------ +- **I95-57538 WayPoint exception - failing to allocate waypoint ports on mesh peer re-establishment:** Resolved an issue where a configuration change may cause existing waypoint ports to become invalidated, creating an exhaustion scenario. +------ +- **I95-57578 Candidate configuration values not showing in GUI:** Resolved an issue that caused configuration drop-downs in the GUI for tenants and services to only display values from the running configuration, not the candidate configuration. +------ +- **I95-57593 No option to require password change on first login:** Added a Require Password Change On First Login checkbox to the Create User dialog. Previously this feature was only available in the create-user command. +------ +- **I95-58201 Increase AMD performance:** Throughput performance on AMD processors has been improved through the tuning of some kernel parameters. +------ +- **I95-58528 SSR OS renaming:** The SSR OS has been renamed/rebranded from CentOS7 to SSR OS to acknowledge CentOS 7 is no longer supported. All internal naming has been updated. +------ +- **I95-58682 Adjust the inactivity timer range to allow for Azure policy limits:** Updated the `inactivity-timer` range to allow for values as low as 30 seconds. Resoved an issue that would have used an incorrect default setting of 3600 instead of 900 seconds in certain scenarios. ## Release 5.6.15-1 diff --git a/docs/releases.table.js b/docs/releases.table.js index df6481a4fa..d6a62b78f3 100644 --- a/docs/releases.table.js +++ b/docs/releases.table.js @@ -7,8 +7,8 @@ import React from "react"; export const releases = [ { version: '5.6.16', - url:'release_notes_128t_5.6#release-5616-3', - releaseDate: 'July 26, 2024', + url:'release_notes_128t_5.6#release-5616-16', + releaseDate: 'November 20, 2024', }, { version: '5.6.15', From 898e043b5dfc2665c2ea48d6ac61af8667a8713a Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 18 Nov 2024 09:30:14 -0500 Subject: [PATCH 09/13] copy master version to resolve many conflicts. --- docs/config_command_guide.md | 18296 +++++++++++++++++++++++++++++++-- 1 file changed, 17576 insertions(+), 720 deletions(-) diff --git a/docs/config_command_guide.md b/docs/config_command_guide.md index 8cdc0695dc..0f7b9b2793 100755 --- a/docs/config_command_guide.md +++ b/docs/config_command_guide.md @@ -12,6 +12,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy | command | description | | ------- | ----------- | | [`access-management`](#configure-authority-access-management) | Role Based Access Control (RBAC) configuration. | +| [`alarm-shelving`](#configure-authority-alarm-shelving) | Configuration to control alarm shelving behavior. | | [`asset-connection-resiliency`](#configure-authority-asset-connection-resiliency) | Configure Asset Connection Resiliency | | [`backwards-compatible-vrf-bgp-tenants`](#configure-authority-backwards-compatible-vrf-bgp-tenants) | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 | | [`bgp-service-generation`](#configure-authority-bgp-service-generation) | Configure Bgp Service Generation | @@ -23,7 +24,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy | `delete` | Delete configuration data | | [`district`](#configure-authority-district) | Districts in the authority. | | [`dscp-map`](#configure-authority-dscp-map) | Configure Dscp Map | -| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: \{interface-id\} for Network Interface Global Identifier \{router-name\} for Router Name \{authority-name\} for Authority Name For example, 'interface-\{interface-id\}.\{router-name\}.\{authority-name\}'. | +| [`dynamic-hostname`](#configure-authority-dynamic-hostname) | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-\{interface-id\}.\{router-name\}.\{authority-name\}`. | | [`fib-service-match`](#configure-authority-fib-service-match) | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. | | [`forward-error-correction-profile`](#configure-authority-forward-error-correction-profile) | A profile for Forward Error Correection parameters, describing how often to send parity packets. | | [`icmp-control`](#configure-authority-icmp-control) | Settings for ICMP packet handling | @@ -52,6 +53,7 @@ Authority configuration is the top-most level in the SSR configuration hierarchy | [`session-recovery-detection`](#configure-authority-session-recovery-detection) | Configure Session Recovery Detection | | [`session-type`](#configure-authority-session-type) | Type of session classification based on protocol and port, and associates it with a default class of service. | | `show` | Show configuration data for 'authority' | +| [`software-access`](#configure-authority-software-access) | Configuration for SSR software access for the authority. Supported on managed assets only. | | [`software-update`](#configure-authority-software-update) | Configure Software Update | | [`step`](#configure-authority-step) | Configure Step | | [`step-repo`](#configure-authority-step-repo) | List of Service and Topology Exchange Protocol repositories. | @@ -123,6 +125,18 @@ configure authority access-management role capability [] | ---- | ----------- | | identityref | Value to add to this list | +#### Description + +##### identityref + +A value from a set of predefined names. + +Options: + +- config-read: Configuration Read Capability +- config-write: Configuration Write Capability +- provisioning: Asset Provisioning Capability + ## `configure authority access-management role description` A description about the role. @@ -139,6 +153,12 @@ configure authority access-management role description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority access-management role exclude-resource` Exclude a resource from being associated with this role. @@ -165,7 +185,7 @@ configure authority access-management role exclude-resource ## `configure authority access-management role exclude-resource id` -Configure Id +Configure ID #### Usage @@ -179,6 +199,20 @@ configure authority access-management role exclude-resource id [] | ---- | ----------- | | resource-id | The value to set for this field | +#### Description + +##### resource-id (string) + +The identifier of the resource. + +Must be either just a `*` asterisk or an identifier +followed by a colon which is then followed by either +an asterisk, or a path that contains only valid yang +names and list-keys separated by forward-slashes and +optionally followed by a forward-slash and an asterisk. + +Example: SSR:/authority/router/MyRouter/* + ## `configure authority access-management role name` A unique name that identifies this role. @@ -195,6 +229,15 @@ configure authority access-management role name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority access-management role resource` Associate this role with a resource. @@ -237,9 +280,17 @@ configure authority access-management role resource generated [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority access-management role resource id` -Configure Id +Configure ID #### Usage @@ -253,6 +304,20 @@ configure authority access-management role resource id [] | ---- | ----------- | | resource-id | The value to set for this field | +#### Description + +##### resource-id (string) + +The identifier of the resource. + +Must be either just a `*` asterisk or an identifier +followed by a colon which is then followed by either +an asterisk, or a path that contains only valid yang +names and list-keys separated by forward-slashes and +optionally followed by a forward-slash and an asterisk. + +Example: SSR:/authority/router/MyRouter/* + ## `configure authority access-management role resource-group` Associate this role with a top-level resource-group. @@ -269,6 +334,12 @@ configure authority access-management role resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority access-management token` Configuration for HTTP authentication token generation. @@ -302,6 +373,459 @@ configure authority access-management token expiration [] Units: minutes +Default: never + +##### union + +A value that corresponds to one of its member types. + +Must be one of the following types: + +##### (0) uint64 + +An unsigned 64-bit integer. + +Range: 1-18446744073709551615 + +##### (1) enumeration + +A value from a set of predefined names. + +Options: +never Never expire + +## `configure authority alarm-shelving` + +Configuration to control alarm shelving behavior. + +##### Subcommands + +| command | description | +| ------- | ----------- | +| `clone` | Clone a list item | +| `delete` | Delete configuration data | +| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | +| [`shelf`](#configure-authority-alarm-shelving-shelf) | Shelf configuration and criteria for classifying alarms as shelved. | +| `show` | Show configuration data for 'alarm-shelving' | + +## `configure authority alarm-shelving shelf` + +Shelf configuration and criteria for classifying alarms as shelved. + +#### Usage + +``` +configure authority alarm-shelving shelf +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| name | An arbitrary name for the alarm shelf. | + +##### Subcommands + +| command | description | +| ------- | ----------- | +| [`applies-to`](#configure-authority-alarm-shelving-shelf-applies-to) | Logical group to which a configuration element applies | +| [`category`](#configure-authority-alarm-shelving-shelf-category) | Shelve alarms for this category. | +| `clone` | Clone a list item | +| `delete` | Delete configuration data | +| [`generated`](#configure-authority-alarm-shelving-shelf-generated) | Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation. | +| [`match-type`](#configure-authority-alarm-shelving-shelf-match-type) | How the individual items in the shelf should be matched in order to trigger the shelving | +| [`message-regex`](#configure-authority-alarm-shelving-shelf-message-regex) | Shelve alarms with messages that match this regex. | +| [`name`](#configure-authority-alarm-shelving-shelf-name) | An arbitrary name for the alarm shelf. | +| [`node-name`](#configure-authority-alarm-shelving-shelf-node-name) | Shelve alarms from this node. | +| [`node-name-regex`](#configure-authority-alarm-shelving-shelf-node-name-regex) | Shelve alarms from nodes that match this regex. | +| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | +| [`router-name`](#configure-authority-alarm-shelving-shelf-router-name) | Shelve alarms from this router. | +| [`router-name-regex`](#configure-authority-alarm-shelving-shelf-router-name-regex) | Shelve alarms from routers that match this regex. | +| [`severity`](#configure-authority-alarm-shelving-shelf-severity) | Shelve alarms for this severity. | +| `show` | Show configuration data for 'shelf' | + +## `configure authority alarm-shelving shelf applies-to` + +Logical group to which a configuration element applies + +#### Usage + +``` +configure authority alarm-shelving shelf applies-to +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| type | Type of group to which the configuration applies. | + +##### Subcommands + +| command | description | +| ------- | ----------- | +| `delete` | Delete configuration data | +| [`group-name`](#configure-authority-alarm-shelving-shelf-applies-to-group-name) | Name of the router-group to which this configuration applies. | +| `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | +| [`resource-group`](#configure-authority-alarm-shelving-shelf-applies-to-resource-group) | Name of the resource-group to which this configuration applies. | +| [`router-name`](#configure-authority-alarm-shelving-shelf-applies-to-router-name) | Name of the router to which this configuration applies. | +| `show` | Show configuration data for 'applies-to' | +| [`type`](#configure-authority-alarm-shelving-shelf-applies-to-type) | Type of group to which the configuration applies. | + +## `configure authority alarm-shelving shelf applies-to group-name` + +Name of the router-group to which this configuration applies. + +#### Usage + +``` +configure authority alarm-shelving shelf applies-to group-name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| leafref | Value to add to this list | + +#### Description + +##### leafref + +A reference to an existing value in the instance data. + +## `configure authority alarm-shelving shelf applies-to resource-group` + +Name of the resource-group to which this configuration applies. + +#### Usage + +``` +configure authority alarm-shelving shelf applies-to resource-group [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| resource-group-ref | Value to add to this list | + +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + +## `configure authority alarm-shelving shelf applies-to router-name` + +Name of the router to which this configuration applies. + +#### Usage + +``` +configure authority alarm-shelving shelf applies-to router-name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| leafref | Value to add to this list | + +#### Description + +##### leafref + +A reference to an existing value in the instance data. + +## `configure authority alarm-shelving shelf applies-to type` + +Type of group to which the configuration applies. + +#### Usage + +``` +configure authority alarm-shelving shelf applies-to type [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| enumeration | The value to set for this field | + +#### Description + +##### enumeration + +A value from a set of predefined names. + +Options: +authority Applies to all routers in the authority. +router Router(s) to which the configuration applies. +router-group Logical group of router(s) to which the configuration applies. +resource-group An RBAC management group to which the configuration applies + +## `configure authority alarm-shelving shelf category` + +Shelve alarms for this category. + +#### Usage + +``` +configure authority alarm-shelving shelf category [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| enumeration | The value to set for this field | + +#### Description + +Default: none + +##### enumeration + +A value from a set of predefined names. + +Options: +none A Category of "none" indicates that Category will not be considered when evaluating alarms against this shelf +extensible-alarm Shelve alarms with a category of "extensible-alarm" +system Shelve alarms with a category of "system" +process Shelve alarms with a category of "process" +interface Shelve alarms with a category of "interface" +platform Shelve alarms with a category of "platform" +peer Shelve alarms with a category of "peer" +base Shelve alarms with a category of "base" +node-base Shelve alarms with a category of "node-base" +global-base Shelve alarms with a category of "global-base" +network-interface Shelve alarms with a category of "network-interface" +platform-stat Shelve alarms with a category of "platform-stat" +redundancy Shelve alarms with a category of "redundancy" +giid Shelve alarms with a category of "giid" +asset Shelve alarms with a category of "asset" +prefix-delegation Shelve alarms with a category of "prefix-delegation" +service Shelve alarms with a category of "service" +bgp-neighbor Shelve alarms with a category of "bgp-neighbor" +msdp-neighbor Shelve alarms with a category of "msdp-neighbor" + +## `configure authority alarm-shelving shelf generated` + +Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation. + +#### Usage + +``` +configure authority alarm-shelving shelf generated [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| boolean | The value to set for this field | + +#### Description + +##### boolean + +A true or false value. + +Options: true or false + +## `configure authority alarm-shelving shelf match-type` + +How the individual items in the shelf should be matched in order to trigger the shelving + +#### Usage + +``` +configure authority alarm-shelving shelf match-type [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| enumeration | The value to set for this field | + +#### Description + +Default: all + +##### enumeration + +A value from a set of predefined names. + +Options: +all All items in the shelf must match an alarm in order to trigger the shelving. +any At least one item in the shelf must match an alarm in order to trigger the shelving + +## `configure authority alarm-shelving shelf message-regex` + +Shelve alarms with messages that match this regex. + +#### Usage + +``` +configure authority alarm-shelving shelf message-regex [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| regex | The value to set for this field | + +#### Description + +##### regex (string) + +A regular expression (regex) type. + +## `configure authority alarm-shelving shelf name` + +An arbitrary name for the alarm shelf. + +#### Usage + +``` +configure authority alarm-shelving shelf name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| string | The value to set for this field | + +#### Description + +##### string + +A text value. + +## `configure authority alarm-shelving shelf node-name` + +Shelve alarms from this node. + +#### Usage + +``` +configure authority alarm-shelving shelf node-name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| string | The value to set for this field | + +#### Description + +##### string + +A text value. + +## `configure authority alarm-shelving shelf node-name-regex` + +Shelve alarms from nodes that match this regex. + +#### Usage + +``` +configure authority alarm-shelving shelf node-name-regex [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| regex | The value to set for this field | + +#### Description + +##### regex (string) + +A regular expression (regex) type. + +## `configure authority alarm-shelving shelf router-name` + +Shelve alarms from this router. + +#### Usage + +``` +configure authority alarm-shelving shelf router-name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| string | The value to set for this field | + +#### Description + +##### string + +A text value. + +## `configure authority alarm-shelving shelf router-name-regex` + +Shelve alarms from routers that match this regex. + +#### Usage + +``` +configure authority alarm-shelving shelf router-name-regex [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| regex | The value to set for this field | + +#### Description + +##### regex (string) + +A regular expression (regex) type. + +## `configure authority alarm-shelving shelf severity` + +Shelve alarms for this severity. + +#### Usage + +``` +configure authority alarm-shelving shelf severity [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| enumeration | The value to set for this field | + +#### Description + +Default: none + +##### enumeration + +A value from a set of predefined names. + +Options: +info Shelve alarms with a severity level of "info" +minor Shelve alarms with a severity level of "minor" +major Shelve alarms with a severity level of "major" +critical Shelve alarms with a severity level of "critical" +none A Severity of "none" indicates that Severity will not be considered when evaluating alarms against this shelf + ## `configure authority asset-connection-resiliency` Configure Asset Connection Resiliency @@ -314,6 +838,7 @@ Configure Asset Connection Resiliency | [`enabled`](#configure-authority-asset-connection-resiliency-enabled) | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'asset-connection-resiliency' | +| [`ssh-only`](#configure-authority-asset-connection-resiliency-ssh-only) | Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels. | ## `configure authority asset-connection-resiliency enabled` @@ -331,6 +856,42 @@ configure authority asset-connection-resiliency enabled [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + +## `configure authority asset-connection-resiliency ssh-only` + +Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels. + +#### Usage + +``` +configure authority asset-connection-resiliency ssh-only [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| boolean | The value to set for this field | + +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority backwards-compatible-vrf-bgp-tenants` When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 @@ -347,6 +908,16 @@ configure authority backwards-compatible-vrf-bgp-tenants [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority bgp-service-generation` Configure Bgp Service Generation @@ -378,6 +949,16 @@ configure authority bgp-service-generation route-reflector-client-mesh [] | ---- | ----------- | | security-ref | The value to set for this field | +#### Description + +##### security-ref (leafref) + +This type is used by other entities that need to reference configured security policies. + ## `configure authority bgp-service-generation service-policy` Service policy to be used for generated BGP services. @@ -410,6 +997,12 @@ configure authority bgp-service-generation service-policy [] | ---- | ----------- | | service-policy-ref | The value to set for this field | +#### Description + +##### service-policy-ref (leafref) + +This type is used by other entities that need to reference configured service policies. + ## `configure authority cli-messages` Configure Cli Messages @@ -440,6 +1033,12 @@ configure authority cli-messages login-message [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority cli-messages welcome-message` The message displayed after a successful login through console. @@ -456,6 +1055,12 @@ configure authority cli-messages welcome-message [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority client-certificate` The client-certificate configuration contains client certificate content. @@ -481,6 +1086,7 @@ configure authority client-certificate | [`name`](#configure-authority-client-certificate-name) | An identifier for the client certificate. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'client-certificate' | +| [`validation-mode`](#configure-authority-client-certificate-validation-mode) | Client certificate validation mode. | ## `configure authority client-certificate content` @@ -498,6 +1104,12 @@ configure authority client-certificate content [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string (required) + +A text value. + ## `configure authority client-certificate name` An identifier for the client certificate. @@ -514,6 +1126,41 @@ configure authority client-certificate name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + +## `configure authority client-certificate validation-mode` + +Client certificate validation mode. + +#### Usage + +``` +configure authority client-certificate validation-mode [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| certificate-validation-mode | The value to set for this field | + +#### Description + +##### certificate-validation-mode (enumeration) + +Sets the mode of certificate validation + +Options: +strict Reject insecure certificates during import. +warn Warn when importing insecure certificates + ## `configure authority conductor-address` IP address or FQDN of the conductor @@ -530,6 +1177,60 @@ configure authority conductor-address [] | ---- | ----------- | | hostv4 | Value to add to this list | +#### Description + +##### hostv4 (union) + +The host type represents either an IPv4 address or a DNS domain name. + +Must be one of the following types: + +##### (0) ipv4-address (string) + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) domain-name (string) + +The domain-name type represents a DNS domain name. The +name SHOULD be fully qualified whenever possible. + +Internet domain names are only loosely specified. Section +3.5 of RFC 1034 recommends a syntax (modified in Section +2.1 of RFC 1123). The pattern above is intended to allow +for current practice in domain name use, and some possible +future expansion. It is designed to hold various types of +domain names, including names used for A or AAAA records +(host names) and other records, such as SRV records. Note +that Internet host names have a stricter syntax (described +in RFC 952) than the DNS recommendations in RFCs 1034 and +1123, and that systems that want to store host names in +schema nodes using the domain-name type are recommended to +adhere to this stricter standard to ensure interoperability. + +The encoding of DNS names in the DNS protocol is limited +to 255 characters. Since the encoding consists of labels +prefixed by a length bytes and there is a trailing NULL +byte, only 253 characters can appear in the textual dotted +notation. + +The description clause of schema nodes using the domain-name +type MUST describe when and how these names are resolved to +IP addresses. Note that the resolution of a domain-name value +may require to query multiple DNS records (e.g., A for IPv4 +and AAAA for IPv6). The order of the resolution process and +which DNS record takes precedence can either be defined +explicitely or it may depend on the configuration of the +resolver. + +Domain-name values use the US-ASCII encoding. Their canonical +format uses lowercase US-ASCII characters. Internationalized +domain names MUST be encoded in punycode as described in RFC +3492 + +Length: 1-253 + ## `configure authority currency` Local monetary unit. @@ -546,6 +1247,14 @@ configure authority currency [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +Default: USD + +##### string + +A text value. + ## `configure authority district` Districts in the authority. @@ -589,6 +1298,15 @@ configure authority district name [] | ---- | ----------- | | non-default-district-name | The value to set for this field | +#### Description + +##### non-default-district-name (string) + +A text value. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority district neighborhood` Neighborhoods which belong to this district. @@ -605,6 +1323,15 @@ configure authority district neighborhood [] | ---- | ----------- | | neighborhood-id | Value to add to this list | +#### Description + +##### neighborhood-id (string) + +A string identifier for network neighborhood. + +Must contain only alphanumeric characters or any of the following: . _ - +Length: 0-63 + ## `configure authority district resource-group` Associate this district with a top-level resource-group. @@ -621,6 +1348,12 @@ configure authority district resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority dscp-map` Configure Dscp Map @@ -719,6 +1452,14 @@ configure authority dscp-map dscp-prioritization dscp-range end-value [] | ---- | ----------- | | dscp | The value to set for this field | +#### Description + +##### dscp (uint8) (required) + +A DSCP value (0-63) + +Range: 0-63 + ## `configure authority dscp-map dscp-prioritization priority` The priority assigned to the incoming DSCP value. @@ -751,6 +1500,14 @@ configure authority dscp-map dscp-prioritization priority [] | ---- | ----------- | | priority-id | The value to set for this field | +#### Description + +##### priority-id (uint8) + +An unsigned 8-bit integer. + +Range: 0-3 + ## `configure authority dscp-map dscp-traffic-class` Mapping from incoming DSCP value to a traffic-class. These values are used when in DSCP trust mode. @@ -820,6 +1577,14 @@ configure authority dscp-map dscp-traffic-class dscp-range end-value [] | ---- | ----------- | | dscp | The value to set for this field | +#### Description + +##### dscp (uint8) (required) + +A DSCP value (0-63) + +Range: 0-63 + ## `configure authority dscp-map dscp-traffic-class traffic-class` The traffic-class assigned to the incoming DSCP value. @@ -852,6 +1625,19 @@ configure authority dscp-map dscp-traffic-class traffic-class [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority dscp-map resource-group` Associate this DSCP map with a top-level resource-group. @@ -884,9 +1679,15 @@ configure authority dscp-map resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority dynamic-hostname` -Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: \{interface-id\} for Network Interface Global Identifier \{router-name\} for Router Name \{authority-name\} for Authority Name For example, 'interface-\{interface-id\}.\{router-name\}.\{authority-name\}'. +Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: `{interface-id}` for Network Interface Global Identifier, `{router-name}` for Router Name, `{authority-name}` for Authority Name. For example, `interface-{interface-id}.{router-name}.{authority-name}`. #### Usage @@ -900,6 +1701,22 @@ configure authority dynamic-hostname [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +Default: `interface-{interface-id}.{router-name}.{authority-name}` + +##### string + +A text value. + +Must contain substitution variables: +`{interface-id}` for Network Interface Global Identifier +`{router-name}` for Router Name +`{authority-name}` for Authority Name +For example, `interface-{interface-id}.{router-name}.{authority-name}`. +Any other characters must be alphanumeric or any of the +following: - _ . + ## `configure authority fib-service-match` When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. @@ -917,6 +1734,19 @@ configure authority fib-service-match [ best-match-only | any-match ] | best-match-only | This is the default value, and legacy behavior. When comparing prefixes from a route update to addresses configured in services, only addresses with the longest prefix match for a particular route are considered. In cases of transport overlap, services are visited in alphabetical order. | | any-match | All service addresses that match the route update are considered when creating the FIB entries, including those with prefixes shorter than the update or those that do not have the best match service address. The transports from the service with the longest prefix are considered first. This minimizes missed entries, but may result in a higher FIB usage. | +#### Description + +Default: best-match-only + +##### enumeration + +A value from a set of predefined names. + +Options: + +- best-match-only: Longest matching service prefix only. +- any-match: All service prefixes are considered. + ## `configure authority forward-error-correction-profile` A profile for Forward Error Correection parameters, describing how often to send parity packets. @@ -960,6 +1790,19 @@ configure authority forward-error-correction-profile mode [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: dynamic + +##### enumeration + +A value from a set of predefined names. + +Options: + +- dynamic: Alter ratio of packets to parity based on loss observed. +- static: Use a consistent ratio of packets to parity regardless of loss. + ## `configure authority forward-error-correction-profile name` The name of the Forward Error Correction profile @@ -976,6 +1819,15 @@ configure authority forward-error-correction-profile name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority forward-error-correction-profile ratio` The ratio (expressed as x:1) which will dictate the number of data packets to transmit before a parity packet will be transmitted. @@ -992,6 +1844,16 @@ configure authority forward-error-correction-profile ratio [] | ---- | ----------- | | uint8 | The value to set for this field | +#### Description + +Default: 10 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 2-50 + ## `configure authority icmp-control` Settings for ICMP packet handling @@ -1022,6 +1884,19 @@ configure authority icmp-control icmp-async-reply [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: allow + +##### enumeration + +A value from a set of predefined names. + +Options: + +- drop: ICMP replies without matching requests are dropped. +- allow: ICMP replies without matching requests are forwarded. + ## `configure authority icmp-control icmp-session-match` How to differentiate ICMP sessions. @@ -1038,6 +1913,19 @@ configure authority icmp-control icmp-session-match [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: identifier-only + +##### enumeration + +A value from a set of predefined names. + +Options: + +- identifier-only: ICMP sessions are based on identifier. +- identifier-and-type: ICMP sessions are based on identifier and type. + ## `configure authority idp-profile` User defined IDP profiles. @@ -1082,6 +1970,18 @@ configure authority idp-profile base-policy [] | ---- | ----------- | | idp-policy | The value to set for this field | +#### Description + +##### idp-policy (enumeration) (required) + +Predefined policies for intrusion detection actions. + +Options: + +- alert: A policy that only alerts. +- standard: The standard blocking and alerting policy. +- strict: A strict blocking and alerting policy. + ## `configure authority idp-profile name` Name of the profile. @@ -1098,6 +1998,16 @@ configure authority idp-profile name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +IDP profile name (alert|strict|standard|none) is reserved. +Length: 0-63 + ## `configure authority idp-profile rule` Configure Rule @@ -1142,6 +2052,12 @@ configure authority idp-profile rule description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority idp-profile rule match` The options to use for matching. @@ -1175,6 +2091,53 @@ configure authority idp-profile rule match client-address [] | ---- | ----------- | | ip-prefix | Value to add to this list | +#### Description + +##### ip-prefix (union) + +The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +##### (0) ipv4-prefix (string) + +The ipv4-prefix type represents an IPv4 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal to 32. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The canonical format of an IPv4 prefix has all bits of +the IPv4 address set to zero that are not part of the +IPv4 prefix. + +##### (1) ipv6-prefix (string) + +The ipv6-prefix type represents an IPv6 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal 128. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The IPv6 address should have all bits that do not belong +to the prefix set to zero. + +The canonical format of an IPv6 prefix has all bits of +the IPv6 address set to zero that are not part of the +IPv6 prefix. Furthermore, IPv6 address is represented +in the compressed format described in RFC 4291, Section +2.2, item 2 with the following additional rules: the :: +substitution must be applied to the longest sequence of +all-zero 16-bit chunks in an IPv6 address. If there is +a tie, the first sequence of all-zero 16-bit chunks is +replaced by ::. Single all-zero 16-bit chunks are not +compressed. The canonical format uses lowercase +characters and leading zeros are not allowed. + ## `configure authority idp-profile rule match destination-address` Destination address prefix to match in the rule. @@ -1191,6 +2154,53 @@ configure authority idp-profile rule match destination-address [] | ---- | ----------- | | ip-prefix | Value to add to this list | +#### Description + +##### ip-prefix (union) + +The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +##### (0) ipv4-prefix (string) + +The ipv4-prefix type represents an IPv4 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal to 32. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The canonical format of an IPv4 prefix has all bits of +the IPv4 address set to zero that are not part of the +IPv4 prefix. + +##### (1) ipv6-prefix (string) + +The ipv6-prefix type represents an IPv6 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal 128. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The IPv6 address should have all bits that do not belong +to the prefix set to zero. + +The canonical format of an IPv6 prefix has all bits of +the IPv6 address set to zero that are not part of the +IPv6 prefix. Furthermore, IPv6 address is represented +in the compressed format described in RFC 4291, Section +2.2, item 2 with the following additional rules: the :: +substitution must be applied to the longest sequence of +all-zero 16-bit chunks in an IPv6 address. If there is +a tie, the first sequence of all-zero 16-bit chunks is +replaced by ::. Single all-zero 16-bit chunks are not +compressed. The canonical format uses lowercase +characters and leading zeros are not allowed. + ## `configure authority idp-profile rule match severities` List of severity to match in the rule. @@ -1207,6 +2217,18 @@ configure authority idp-profile rule match severities [] | ---- | ----------- | | idp-severity | Value to add to this list | +#### Description + +##### idp-severity (enumeration) + +Severity levels for IDP rules. + +Options: + +- minor: Filter minor or higher vulnerabilities. +- major: Filter major or higher vulnerabilities. +- critical: Filter only critical vulnerabilities. + ## `configure authority idp-profile rule match severity` Match vulnerabilities only with severity mentioned or above. @@ -1223,6 +2245,18 @@ configure authority idp-profile rule match severity [] | ---- | ----------- | | idp-severity | The value to set for this field | +#### Description + +##### idp-severity (enumeration) + +Severity levels for IDP rules. + +Options: + +- minor: Filter minor or higher vulnerabilities. +- major: Filter major or higher vulnerabilities. +- critical: Filter only critical vulnerabilities. + ## `configure authority idp-profile rule match vulnerability` List of custom vulnerabilities to match in the rule. @@ -1239,6 +2273,12 @@ configure authority idp-profile rule match vulnerability [] | ---- | ----------- | | string | Value to add to this list | +#### Description + +##### string + +A text value. + ## `configure authority idp-profile rule name` Name of the rule. @@ -1255,6 +2295,15 @@ configure authority idp-profile rule name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority idp-profile rule outcome` The outcome applied to the match @@ -1285,6 +2334,18 @@ configure authority idp-profile rule outcome action [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +##### enumeration (required) + +A value from a set of predefined names. + +Options: + +- alert: Alert only. +- drop: Drop session. +- close-tcp-connection: Close TCP Connection. + ## `configure authority idp-profile rule outcome severity` Modify a vulnerability severity level of the match. @@ -1301,6 +2362,18 @@ configure authority idp-profile rule outcome severity [] | ---- | ----------- | | idp-severity | The value to set for this field | +#### Description + +##### idp-severity (enumeration) + +Severity levels for IDP rules. + +Options: + +- minor: Filter minor or higher vulnerabilities. +- major: Filter major or higher vulnerabilities. +- critical: Filter only critical vulnerabilities. + ## `configure authority ipfix-collector` Configuration for IPFIX record export. @@ -1354,6 +2427,14 @@ configure authority ipfix-collector interim-record-interval [] Units: seconds +Default: 120 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 60-1800 + ## `configure authority ipfix-collector ip-address` The IP address or hostname of the collector. @@ -1370,6 +2451,83 @@ configure authority ipfix-collector ip-address [] | ---- | ----------- | | host | The value to set for this field | +#### Description + +##### host (union) (required) + +The host type represents either an IP address or a DNS domain name. + +Must be one of the following types: + +##### (0) ip-address (union) (required) + +The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +###### (0) ipv4-address (string) (required): + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +###### (1) ipv6-address (string) (required): + +The ipv6-address type represents an IPv6 address in full, +mixed, shortened, and shortened-mixed notation. + +The canonical format of IPv6 addresses uses the compressed +format described in RFC 4291, Section 2.2, item 2 with the +following additional rules: the :: substitution must be +applied to the longest sequence of all-zero 16-bit chunks +in an IPv6 address. If there is a tie, the first sequence +of all-zero 16-bit chunks is replaced by ::. Single +all-zero 16-bit chunks are not compressed. The canonical +format uses lowercase characters and leading zeros are +not allowed. + +Must be a valid IPv6 address. + +##### (1) domain-name (string) (required) + +The domain-name type represents a DNS domain name. The +name SHOULD be fully qualified whenever possible. + +Internet domain names are only loosely specified. Section +3.5 of RFC 1034 recommends a syntax (modified in Section +2.1 of RFC 1123). The pattern above is intended to allow +for current practice in domain name use, and some possible +future expansion. It is designed to hold various types of +domain names, including names used for A or AAAA records +(host names) and other records, such as SRV records. Note +that Internet host names have a stricter syntax (described +in RFC 952) than the DNS recommendations in RFCs 1034 and +1123, and that systems that want to store host names in +schema nodes using the domain-name type are recommended to +adhere to this stricter standard to ensure interoperability. + +The encoding of DNS names in the DNS protocol is limited +to 255 characters. Since the encoding consists of labels +prefixed by a length bytes and there is a trailing NULL +byte, only 253 characters can appear in the textual dotted +notation. + +The description clause of schema nodes using the domain-name +type MUST describe when and how these names are resolved to +IP addresses. Note that the resolution of a domain-name value +may require to query multiple DNS records (e.g., A for IPv4 +and AAAA for IPv6). The order of the resolution process and +which DNS record takes precedence can either be defined +explicitely or it may depend on the configuration of the +resolver. + +Domain-name values use the US-ASCII encoding. Their canonical +format uses lowercase US-ASCII characters. Internationalized +domain names MUST be encoded in punycode as described in RFC +3492 + +Length: 1-253 + ## `configure authority ipfix-collector name` A unique name for the collector. @@ -1386,6 +2544,15 @@ configure authority ipfix-collector name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority ipfix-collector port` The port of the collector. @@ -1402,6 +2569,16 @@ configure authority ipfix-collector port [] | ---- | ----------- | | l4-port | The value to set for this field | +#### Description + +Default: 4739 + +##### l4-port (uint16) + +Transport (layer 4) port number. + +Range: 0-65535 + ## `configure authority ipfix-collector protocol` The transport protocol to be used when communicating with the collector. @@ -1418,6 +2595,19 @@ configure authority ipfix-collector protocol [] | ---- | ----------- | | ipfix-protocol | The value to set for this field | +#### Description + +Default: tcp + +##### ipfix-protocol (enumeration) + +Transport (Layer 4) protocol. + +Options: + +- tcp: Transmission Control Protocol. +- udp: User Datagram Protocol. + ## `configure authority ipfix-collector resource-group` Associate this IPFIX collector with a top-level resource-group. @@ -1434,6 +2624,12 @@ configure authority ipfix-collector resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority ipfix-collector sampling-percentage` The percentage of flows to be selected for export OR 'dynamic'. When set to 'dynamic', the system will select a percentage based on the current data volume as follows: || < 100 Mb/s : 1 in 256 || < 1 Gb/s : 1 in 512 || < 10 Gb/s : 1 in 1024 || < 25 Gb/s : 1 in 2048 || > 25 Gb/s : 1 in 8192 || @@ -1450,6 +2646,31 @@ configure authority ipfix-collector sampling-percentage [] | ---- | ----------- | | union | The value to set for this field | +#### Description + +Default: dynamic + +##### union + +A value that corresponds to one of its member types. + +Must be one of the following types: + +##### (0) decimal64 + +A 64-bit decimal value. + +Range: 0-100 +Fraction digits: 16 + +##### (1) enumeration + +A value from a set of predefined names. + +Options: + +- dynamic: Dynamically determine sampling based on data volume. + ## `configure authority ipfix-collector template-refresh-interval` The time between template retransmissions when using the UDP protocol. @@ -1470,6 +2691,14 @@ configure authority ipfix-collector template-refresh-interval [] Units: seconds +Default: 60 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 60-1800 + ## `configure authority ipfix-collector tenant` The tenants whose records this collector should receive. An empty list indicates all tenants. @@ -1486,6 +2715,12 @@ configure authority ipfix-collector tenant [] | ---- | ----------- | | tenant-ref | Value to add to this list | +#### Description + +##### tenant-ref (leafref) + +This type is used by other entities that need to reference configured tenants. + ## `configure authority ipv4-option-filter` Configure Ipv 4 Option Filter @@ -1516,6 +2751,19 @@ configure authority ipv4-option-filter action [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: allow-all + +##### enumeration + +A value from a set of predefined names. + +Options: + +- allow-all: Allow all packets that contain options headers. +- drop-all: Drop all packets that contain options headers except for those defined in the exclusion list. + ## `configure authority ipv4-option-filter drop-exclusion` Option headers that will not cause the packet to be dropped when present. @@ -1532,6 +2780,14 @@ configure authority ipv4-option-filter drop-exclusion [] | ---- | ----------- | | uint8 | Value to add to this list | +#### Description + +##### uint8 + +An unsigned 8-bit integer. + +Range: 0-255 + ## `configure authority ldap-server` LDAP Servers against which to authenticate user credentials. @@ -1585,6 +2841,83 @@ configure authority ldap-server address [] | ---- | ----------- | | host | The value to set for this field | +#### Description + +##### host (union) (required) + +The host type represents either an IP address or a DNS domain name. + +Must be one of the following types: + +###### (0) ip-address (union) (required) + +The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +###### (0) ipv4-address (string) (required): + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) ipv6-address (string) (required) + +The ipv6-address type represents an IPv6 address in full, +mixed, shortened, and shortened-mixed notation. + +The canonical format of IPv6 addresses uses the compressed +format described in RFC 4291, Section 2.2, item 2 with the +following additional rules: the :: substitution must be +applied to the longest sequence of all-zero 16-bit chunks +in an IPv6 address. If there is a tie, the first sequence +of all-zero 16-bit chunks is replaced by ::. Single +all-zero 16-bit chunks are not compressed. The canonical +format uses lowercase characters and leading zeros are +not allowed. + +Must be a valid IPv6 address. + +##### (2) domain-name (string) (required) + +The domain-name type represents a DNS domain name. The +name SHOULD be fully qualified whenever possible. + +Internet domain names are only loosely specified. Section +3.5 of RFC 1034 recommends a syntax (modified in Section +2.1 of RFC 1123). The pattern above is intended to allow +for current practice in domain name use, and some possible +future expansion. It is designed to hold various types of +domain names, including names used for A or AAAA records +(host names) and other records, such as SRV records. Note +that Internet host names have a stricter syntax (described +in RFC 952) than the DNS recommendations in RFCs 1034 and +1123, and that systems that want to store host names in +schema nodes using the domain-name type are recommended to +adhere to this stricter standard to ensure interoperability. + +The encoding of DNS names in the DNS protocol is limited +to 255 characters. Since the encoding consists of labels +prefixed by a length bytes and there is a trailing NULL +byte, only 253 characters can appear in the textual dotted +notation. + +The description clause of schema nodes using the domain-name +type MUST describe when and how these names are resolved to +IP addresses. Note that the resolution of a domain-name value +may require to query multiple DNS records (e.g., A for IPv4 +and AAAA for IPv6). The order of the resolution process and +which DNS record takes precedence can either be defined +explicitely or it may depend on the configuration of the +resolver. + +Domain-name values use the US-ASCII encoding. Their canonical +format uses lowercase US-ASCII characters. Internationalized +domain names MUST be encoded in punycode as described in RFC +3492 + +Length: 1-253 + ## `configure authority ldap-server auto-generate-filter` When enabled, the SSR will generate user-search-base and group-search-base LDAP filters. @@ -1601,6 +2934,16 @@ configure authority ldap-server auto-generate-filter [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority ldap-server bind-type` The type of binding to the LDAP server. @@ -1617,6 +2960,20 @@ configure authority ldap-server bind-type [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: anonymous + +##### enumeration + +A value from a set of predefined names. + +Options: + +- anonymous: Bind to this server anonymously. +- unauthenticated: Bind to this server with a distinguished name only. +- password: Bind to this server with a distinguished name and password. + ## `configure authority ldap-server certificate-assurance` LDAP assurance level to apply on server certificates in a TLS session. @@ -1633,6 +2990,21 @@ configure authority ldap-server certificate-assurance [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: strong + +##### enumeration + +A value from a set of predefined names. + +Options: + +- weak: Do not request or check any server certificates. +- mild: Ignore invalid or missing certificates but check for hostname +- moderate: Terminate on invalid certificate but ignore missing certificates. +- strong: Terminate on invalid and missing certificates. + ## `configure authority ldap-server distinguished-name` The distinguished name to use for binding to the server. @@ -1649,6 +3021,14 @@ configure authority ldap-server distinguished-name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority ldap-server group-search-base` An optional group search LDAP filter to restrict searches for this attribute type. @@ -1665,6 +3045,14 @@ configure authority ldap-server group-search-base [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority ldap-server name` The name of the LDAP server. @@ -1681,6 +3069,15 @@ configure authority ldap-server name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority ldap-server password` The password to use for binding to the server. @@ -1697,6 +3094,14 @@ configure authority ldap-server password [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority ldap-server port` Port to connect to LDAP server. @@ -1713,6 +3118,30 @@ configure authority ldap-server port [] | ---- | ----------- | | union | The value to set for this field | +#### Description + +Default: server-type-default + +##### union + +A value that corresponds to one of its member types. + +Must be one of the following types: + +##### (0) l4-port (uint16) + +Transport (layer 4) port number. + +Range: 0-65535 + +##### (1) enumeration + +A value from a set of predefined names. + +Options: + +- server-type-default: Use the default based on server-type. + ## `configure authority ldap-server resource-group` Associate this LDAP server with a top-level resource-group. @@ -1729,6 +3158,12 @@ configure authority ldap-server resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority ldap-server search-base` The LDAP search base string. @@ -1745,6 +3180,14 @@ configure authority ldap-server search-base [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string (required) + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority ldap-server server-type` The type of LDAP server. @@ -1761,6 +3204,20 @@ configure authority ldap-server server-type [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: ldaps + +##### enumeration + +A value from a set of predefined names. + +Options: + +- starttls: Connect to this server using STARTTLS. Default port is 389. +- ldaps: Connect to this server via LDAPS. Default port is 636. +- global-catalog: Connect to this server as an Active Directory Global Catalog. Default port is 3269. + ## `configure authority ldap-server user-search-base` An optional user search LDAP filter to restrict searches for this attribute type. @@ -1777,6 +3234,14 @@ configure authority ldap-server user-search-base [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority management-service-generation` Configure Management Service Generation @@ -1807,6 +3272,12 @@ configure authority management-service-generation service-policy [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority metrics-profile filter value` The values that should be included if matched @@ -1909,6 +3402,12 @@ configure authority metrics-profile filter value [] | ---- | ----------- | | string | Value to add to this list | +#### Description + +##### string + +A text value. + ## `configure authority metrics-profile metric` The ID of the metric as it exists in the REST API @@ -1951,6 +3450,12 @@ configure authority metrics-profile metric description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority metrics-profile metric id` The ID of the metric as it exists in the REST API @@ -1967,6 +3472,14 @@ configure authority metrics-profile metric id [] | ---- | ----------- | | metric-id | The value to set for this field | +#### Description + +##### metric-id (string) + +A string metric identifier based on the stats YANG path which only uses alphanumerics, dashes, and forward slashes. + +Must contain only alphanumeric characters or any of the following: - / + ## `configure authority metrics-profile name` The name of the profile @@ -1983,6 +3496,15 @@ configure authority metrics-profile name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority name` The identifier for the Authority. @@ -1999,6 +3521,15 @@ configure authority name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) (required) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority password-policy` Password policy for user's passwords. @@ -2031,6 +3562,16 @@ configure authority password-policy deny [] | ---- | ----------- | | uint32 | The value to set for this field | +#### Description + +Default: 6 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-65535 + ## `configure authority password-policy lifetime` The lifetime of a user's password in days @@ -2051,6 +3592,14 @@ configure authority password-policy lifetime [] Units: days +Default: 99999 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-99999 + ## `configure authority password-policy minimum-length` The minimum length of user's password. @@ -2067,6 +3616,16 @@ configure authority password-policy minimum-length [] | ---- | ----------- | | uint32 | The value to set for this field | +#### Description + +Default: 9 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 8-65535 + ## `configure authority password-policy unlock-time` The time a user account will remained locked after failing login attempts @@ -2087,6 +3646,12 @@ configure authority password-policy unlock-time [] Units: seconds +Default: 1800 + +##### uint32 + +An unsigned 32-bit integer. + ## `configure authority pcli` Configure the PCLI. @@ -2172,6 +3737,14 @@ configure authority pcli alias command path [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority pcli alias command table-filter` Filter the output table to only include the specified columns. This is a case-insensitive match (and also excludes special characters such as dashes.) @@ -2188,6 +3761,14 @@ configure authority pcli alias command table-filter [] | ---- | ----------- | | string | Value to add to this list | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority pcli alias description` A short, one line, description of the alias. This will be displayed in the PCLI as part of the command's help text. @@ -2204,6 +3785,14 @@ configure authority pcli alias description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority pcli alias path` The space-delimited path to the alias. This will be the text that a user must enter to run the alias. @@ -2220,6 +3809,14 @@ configure authority pcli alias path [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Length: 1-18446744073709551615 + ## `configure authority pcli alias resource-group` Associate this PCLI alias with a top-level resource-group. @@ -2236,6 +3833,12 @@ configure authority pcli alias resource-group [] | ---- | ----------- | | resource-group-ref | Value to add to this list | +#### Description + +##### resource-group-ref (leafref) + +This type is used by other entities that need to reference configured resource groups. + ## `configure authority performance-monitoring-profile` A performance monitoring profile used to determine how often packets should be marked. @@ -2285,6 +3888,14 @@ configure authority performance-monitoring-profile interval-duration [] Units: milliseconds +Default: 10000 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 100-3600000 + ## `configure authority performance-monitoring-profile marking-count` The number of packets to mark within a given interval. @@ -2305,6 +3916,14 @@ configure authority performance-monitoring-profile marking-count [] Units: packets +Default: 100 + +##### uint16 + +An unsigned 16-bit integer. + +Range: 1-32767 + ## `configure authority performance-monitoring-profile monitor-only` Collect statistics without influencing packet processing features. @@ -2321,6 +3940,16 @@ configure authority performance-monitoring-profile monitor-only [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority performance-monitoring-profile name` The name of the performance monitoring profile. @@ -2337,6 +3966,15 @@ configure authority performance-monitoring-profile name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority performance-monitoring-profile resource-group` Associate this performance monitoring profile with a top-level resource-group. @@ -2353,6 +3991,12 @@ configure authority performance-monitoring-profile resource-group [ | command | description | | ------- | ----------- | +| [`account-creation`](#configure-authority-radius-server-account-creation) | Control account creation behavior. | | [`address`](#configure-authority-radius-server-address) | The IP address or FQDN of the Radius server. | | `delete` | Delete configuration data | | [`name`](#configure-authority-radius-server-name) | The name of the Radius server. | +| [`ocsp`](#configure-authority-radius-server-ocsp) | Whether to check the revocation status of the Radius server's certificate. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | [`port`](#configure-authority-radius-server-port) | The port number Radius server listens on. | +| [`protocol`](#configure-authority-radius-server-protocol) | Use TLS or UDP protocol to communicate with Radius server. | | [`secret`](#configure-authority-radius-server-secret) | The secret key to bind to the Radius server. | +| [`server-name`](#configure-authority-radius-server-server-name) | Hostname of the Radius server. | | `show` | Show configuration data for 'radius-server' | | [`timeout`](#configure-authority-radius-server-timeout) | Radius Request Timeout. | @@ -2396,7 +4044,20 @@ configure authority radius-server account-creation [] | name | description | | ---- | ----------- | -| manual or automatic | Manual is the default value, requires the user to be created using `create-user`. Automatic allows remote users that exist only in Radius to connect to the device without needing a local account. | +| enumeration | The value to set for this field | + +#### Description + +Default: manual + +##### enumeration + +A value from a set of predefined names. + +Options: + +- manual: Accounts must be created locally on the Router or Conductor before a user can log in. +- automatic: Create accounts automatically on first time login. The Radius server must contain the Vendor Specific Attribute (VSA) 'Juniper-Local-User-Name' set to the role that the user will be assigned. The role must be prefixed with 'SSR-', so to assign the user the admin role the VSA key would be set to 'SSR-admin'. ## `configure authority radius-server address` @@ -2414,6 +4075,83 @@ configure authority radius-server address [] | ---- | ----------- | | host | The value to set for this field | +#### Description + +##### host (union) (required) + +The host type represents either an IP address or a DNS domain name. + +Must be one of the following types: + +##### (0) ip-address (union) (required) + +The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +###### (0) ipv4-address (string) (required): + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) ipv6-address (string) (required) + +The ipv6-address type represents an IPv6 address in full, +mixed, shortened, and shortened-mixed notation. + +The canonical format of IPv6 addresses uses the compressed +format described in RFC 4291, Section 2.2, item 2 with the +following additional rules: the :: substitution must be +applied to the longest sequence of all-zero 16-bit chunks +in an IPv6 address. If there is a tie, the first sequence +of all-zero 16-bit chunks is replaced by ::. Single +all-zero 16-bit chunks are not compressed. The canonical +format uses lowercase characters and leading zeros are +not allowed. + +Must be a valid IPv6 address. + +##### (2) domain-name (string) (required) + +The domain-name type represents a DNS domain name. The +name SHOULD be fully qualified whenever possible. + +Internet domain names are only loosely specified. Section +3.5 of RFC 1034 recommends a syntax (modified in Section +2.1 of RFC 1123). The pattern above is intended to allow +for current practice in domain name use, and some possible +future expansion. It is designed to hold various types of +domain names, including names used for A or AAAA records +(host names) and other records, such as SRV records. Note +that Internet host names have a stricter syntax (described +in RFC 952) than the DNS recommendations in RFCs 1034 and +1123, and that systems that want to store host names in +schema nodes using the domain-name type are recommended to +adhere to this stricter standard to ensure interoperability. + +The encoding of DNS names in the DNS protocol is limited +to 255 characters. Since the encoding consists of labels +prefixed by a length bytes and there is a trailing NULL +byte, only 253 characters can appear in the textual dotted +notation. + +The description clause of schema nodes using the domain-name +type MUST describe when and how these names are resolved to +IP addresses. Note that the resolution of a domain-name value +may require to query multiple DNS records (e.g., A for IPv4 +and AAAA for IPv6). The order of the resolution process and +which DNS record takes precedence can either be defined +explicitely or it may depend on the configuration of the +resolver. + +Domain-name values use the US-ASCII encoding. Their canonical +format uses lowercase US-ASCII characters. Internationalized +domain names MUST be encoded in punycode as described in RFC +3492 + +Length: 1-253 + ## `configure authority radius-server name` The name of the Radius server. @@ -2430,6 +4168,41 @@ configure authority radius-server name [] | ---- | ----------- | | name-id | The value to set for this field | +#### Description + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + +## `configure authority radius-server ocsp` + +Whether to check the revocation status of the Radius server's certificate. + +#### Usage + +``` +configure authority radius-server ocsp [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| ocsp | The value to set for this field | + +#### Description + +##### ocsp (enumeration) + +Whether to check the revocation status of a server's certificate. + +Options: +strict Require a successful OCSP check in order to establish a connection. +off Do not check revocation status of the server certificate. + ## `configure authority radius-server port` The port number Radius server listens on. @@ -2446,6 +4219,54 @@ configure authority radius-server port [] | ---- | ----------- | | port-number | The value to set for this field | +#### Description + +Default: 1812 + +##### port-number (uint16) + +The port-number type represents a 16-bit port number of an +Internet transport layer protocol such as UDP, TCP, DCCP, or +SCTP. Port numbers are assigned by IANA. A current list of +all assignments is available from <http://www.iana.org/>. + +Note that the port number value zero is reserved by IANA. In +situations where the value zero does not make sense, it can +be excluded by subtyping the port-number type. + +In the value set and its semantics, this type is equivalent +to the InetPortNumber textual convention of the SMIv2. + +Range: 0-65535 + +## `configure authority radius-server protocol` + +Use TLS or UDP protocol to communicate with Radius server. + +#### Usage + +``` +configure authority radius-server protocol [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| enumeration | The value to set for this field | + +#### Description + +Default: udp + +##### enumeration + +A value from a set of predefined names. + +Options: +udp Use UDP protocol to communicate with Radius server. +tls Use TLS over TCP protocol to communicate with Radius server. + ## `configure authority radius-server secret` The secret key to bind to the Radius server. @@ -2462,6 +4283,36 @@ configure authority radius-server secret [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string (required) + +A text value. + +Length: 1-16 + +## `configure authority radius-server server-name` + +Hostname of the Radius server. + +#### Usage + +``` +configure authority radius-server server-name [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| string | The value to set for this field | + +#### Description + +##### string + +A text value. + ## `configure authority radius-server timeout` Radius Request Timeout. @@ -2482,6 +4333,14 @@ configure authority radius-server timeout [] Units: seconds +Default: 3 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-86400 + ## `configure authority rekey-interval` Hours between security key regeneration. Recommended value 24 hours. @@ -2502,6 +4361,28 @@ configure authority rekey-interval [] Units: hours +Default: never + +##### union + +A value that corresponds to one of its member types. + +Must be one of the following types: + +##### (0) uint32 + +An unsigned 32-bit integer. + +Range: 1-720 + +##### (1) enumeration + +A value from a set of predefined names. + +Options: + +- never: Never regenerate security keys + ## `configure authority remote-login` Configure Remote Login @@ -2531,6 +4412,16 @@ configure authority remote-login enabled [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority resource-group` Collect objects into a management group. @@ -2573,6 +4464,12 @@ configure authority resource-group description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority resource-group name` The name of the resource group. @@ -2589,6 +4486,15 @@ configure authority resource-group name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Must be the single character '*' OR Must contain only alphanumeric characters or any of the following: _ - +Length: 1-63 + ## `configure authority router` The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. @@ -2668,7 +4574,16 @@ configure authority router administrative-group [] #### Description -Warning: 'administrative-group' is deprecated and will be removed in a future software version +:::warning +`administrative-group` is deprecated and will be removed in a future software version +::: + +##### name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 ## `configure authority router application-identification` @@ -2708,6 +4623,14 @@ configure authority router application-identification application-director-cache | ---- | ----------- | | uint64 | The value to set for this field | +#### Description + +Default: 10000 + +##### uint64 + +An unsigned 64-bit integer. + ## `configure authority router application-identification auto-update` Automatic updating of application data @@ -2741,6 +4664,22 @@ configure authority router application-identification auto-update day-of-week [< | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +##### enumeration + +A value from a set of predefined names. + +Options: + +- sun: Download each Sunday +- mon: Download each Monday +- tue: Download each Tuesday +- wed: Download each Wednesday +- thu: Download each Thursday +- fri: Download each Friday +- sat: Download each Saturday + ## `configure authority router application-identification auto-update enabled` Enable updates @@ -2757,6 +4696,16 @@ configure authority router application-identification auto-update enabled [] | ---- | ----------- | | uint64 | The value to set for this field | +#### Description + +Default: 10000 + +##### uint64 + +An unsigned 64-bit integer. + ## `configure authority router application-identification mode` Application learning modes. @@ -2837,6 +4828,19 @@ configure authority router application-identification mode [] | ---- | ----------- | | enumeration | Value to add to this list | +#### Description + +##### enumeration + +A value from a set of predefined names. + +Options: + +- module: Learn application via modules. +- tls: Learn application via TLS server name parsing. +- http: Learn application via HTTP host name parsing. +- all: Learn application via any available techniques. + ## `configure authority router application-identification per-app-metrics` Enable per app classification metrics @@ -2853,6 +4857,16 @@ configure authority router application-identification per-app-metrics [ | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router application-identification summary-retention` Configure Summary Retention @@ -2883,6 +4897,16 @@ configure authority router application-identification summary-retention duration | ---- | ----------- | | duration | The value to set for this field | +#### Description + +Default: 24h + +##### duration (string) + +A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d + +Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d + ## `configure authority router application-identification summary-retention enabled` Enable persistence of app summary to the DB for UI and other uses @@ -2899,6 +4923,16 @@ configure authority router application-identification summary-retention enabled | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router application-identification summary-tracking` Enable session stats tracking by applications @@ -2915,6 +4949,16 @@ configure authority router application-identification summary-tracking [ | ---- | ----------- | | duration | The value to set for this field | +#### Description + +Default: 1m + +##### duration (string) + +A simple time duration. Valid units are s - seconds, m - minutes, h - hours, and d - days: 5s, 10m, 24h, 15d + +Must be a duration with units of seconds, minutes, hours, or days. e.g. 5s, 10m, 23h, 5d + ## `configure authority router bfd` BFD parameters for sessions between nodes within the router. @@ -3104,6 +5214,19 @@ configure authority router bfd authentication-type [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: sha256 + +##### enumeration + +A value from a set of predefined names. + +Options: + +- simple: Simple Password. +- sha256: SHA256 + ## `configure authority router bfd desired-tx-interval` Represents the frequency with which BFD asynchronous control packets are sent to peer nodes/routers. @@ -3124,6 +5247,14 @@ configure authority router bfd desired-tx-interval [] Units: milliseconds +Default: 1000 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 50-600000 + ## `configure authority router bfd dscp` The DSCP value to use with BFD packets. @@ -3140,6 +5271,16 @@ configure authority router bfd dscp [] | ---- | ----------- | | dscp | The value to set for this field | +#### Description + +Default: 0 + +##### dscp (uint8) + +A DSCP value (0-63) + +Range: 0-63 + ## `configure authority router bfd dynamic-damping` When enabled, extend the hold-down time if additional link flaps occur during the hold-down period. @@ -3156,6 +5297,19 @@ configure authority router bfd dynamic-damping [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: disabled + +##### enumeration + +A value from a set of predefined names. + +Options: + +- enabled: Extend hold-down time exponentially if link flaps occur during hold-down time. +- disabled: Use simple hold-down timer for every link up event. + ## `configure authority router bfd hold-down-time` Represents the hold-down time. If dynamic-damping is enabled, this is the initial hold-down time. @@ -3176,6 +5330,14 @@ configure authority router bfd hold-down-time [] Units: seconds +Default: 5 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-300 + ## `configure authority router bfd link-test-interval` This represents the interval between BFD echo tests sent to the peer node/router. @@ -3196,6 +5358,14 @@ configure authority router bfd link-test-interval [] Units: seconds +Default: 10 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-86400 + ## `configure authority router bfd link-test-length` This is the number of packets sent during one test cycle. A value of 0 disables BFD echo tests. @@ -3216,6 +5386,14 @@ configure authority router bfd link-test-length [] Units: packets +Default: 10 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 0-255 + ## `configure authority router bfd maximum-hold-down-time` Represents the maximum hold-down time of dynamic-damping exponential backoff. If the hold-down-time hits the maximum three times in a row, it will reset back to the original value. @@ -3236,6 +5414,14 @@ configure authority router bfd maximum-hold-down-time [] Units: seconds +Default: 3600 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-86400 + ## `configure authority router bfd multiplier` Number of consecutive missed messages from a peer before deciding that the link between them is unusable. Valid range is (3,20). @@ -3252,6 +5438,16 @@ configure authority router bfd multiplier [] | ---- | ----------- | | uint8 | The value to set for this field | +#### Description + +Default: 3 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 3-20 + ## `configure authority router bfd required-min-rx-interval` Represents the minimum interval between BFD asynchronous control packets that this router is capable of supporting. @@ -3272,6 +5468,12 @@ configure authority router bfd required-min-rx-interval [] Units: milliseconds +Default: 1000 + +##### uint32 + +An unsigned 32-bit integer. + ## `configure authority router bfd state` When enabled, run BFD between all nodes within the router. @@ -3288,6 +5490,19 @@ configure authority router bfd state [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: enabled + +##### enumeration + +A value from a set of predefined names. + +Options: + +- enabled: BFD is enabled on all nodes of this router. +- disabled: BFD is disabled on all nodes of this router. + ## `configure authority router conductor-address` IP address or FQDN of the conductor @@ -3304,6 +5519,60 @@ configure authority router conductor-address [] | ---- | ----------- | | hostv4 | Value to add to this list | +#### Description + +##### hostv4 (union) + +The host type represents either an IPv4 address or a DNS domain name. + +Must be one of the following types: + +##### (0) ipv4-address (string) + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) domain-name (string) + +The domain-name type represents a DNS domain name. The +name SHOULD be fully qualified whenever possible. + +Internet domain names are only loosely specified. Section +3.5 of RFC 1034 recommends a syntax (modified in Section +2.1 of RFC 1123). The pattern above is intended to allow +for current practice in domain name use, and some possible +future expansion. It is designed to hold various types of +domain names, including names used for A or AAAA records +(host names) and other records, such as SRV records. Note +that Internet host names have a stricter syntax (described +in RFC 952) than the DNS recommendations in RFCs 1034 and +1123, and that systems that want to store host names in +schema nodes using the domain-name type are recommended to +adhere to this stricter standard to ensure interoperability. + +The encoding of DNS names in the DNS protocol is limited +to 255 characters. Since the encoding consists of labels +prefixed by a length bytes and there is a trailing NULL +byte, only 253 characters can appear in the textual dotted +notation. + +The description clause of schema nodes using the domain-name +type MUST describe when and how these names are resolved to +IP addresses. Note that the resolution of a domain-name value +may require to query multiple DNS records (e.g., A for IPv4 +and AAAA for IPv6). The order of the resolution process and +which DNS record takes precedence can either be defined +explicitely or it may depend on the configuration of the +resolver. + +Domain-name values use the US-ASCII encoding. Their canonical +format uses lowercase US-ASCII characters. Internationalized +domain names MUST be encoded in punycode as described in RFC +3492 + +Length: 1-253 + ## `configure authority router description` A human-readable string that allows administrators to describe this configuration. @@ -3320,6 +5589,12 @@ configure authority router description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router dhcp-server-generated-address-pool` The address pool for KNI network-interfaces generated for dhcp-servers. @@ -3336,6 +5611,24 @@ configure authority router dhcp-server-generated-address-pool [] | ---- | ----------- | | ipv4-prefix | The value to set for this field | +#### Description + +Default: 169.254.130.0/24 + +##### ipv4-prefix (string) + +The ipv4-prefix type represents an IPv4 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal to 32. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The canonical format of an IPv4 prefix has all bits of +the IPv4 address set to zero that are not part of the +IPv4 prefix. + ## `configure authority router district-settings` Per-district settings for the router. @@ -3378,6 +5671,15 @@ configure authority router district-settings district-name [] | ---- | ----------- | | district-name | The value to set for this field | +#### Description + +##### district-name (string) + +A text value. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority router district-settings step-peer-path-sla-metrics-advertisement` STEP advertisement settings for peer path SLA metrics. @@ -3413,6 +5715,14 @@ configure authority router district-settings step-peer-path-sla-metrics-advertis Units: seconds +Default: 30 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 0-86400 + ## `configure authority router district-settings step-peer-path-sla-metrics-advertisement update-burst-size` Limit on the number of peer path SLA metric value updates advertised in STEP at the minimum (burst) update interval. @@ -3429,6 +5739,16 @@ configure authority router district-settings step-peer-path-sla-metrics-advertis | ---- | ----------- | | uint8 | The value to set for this field | +#### Description + +Default: 2 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 1-100 + ## `configure authority router district-settings step-peer-path-sla-metrics-advertisement update-rate-limit` Rate limit interval in between updating peer path SLA metric values advertised in STEP @@ -3449,6 +5769,14 @@ configure authority router district-settings step-peer-path-sla-metrics-advertis Units: seconds +Default: 180 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-86400 + ## `configure authority router dns-config` Configure Dns Config @@ -3472,7 +5800,7 @@ configure authority router dns-config | [`address`](#configure-authority-router-dns-config-address) | Address of servers to use for DNS queries. | | `delete` | Delete configuration data | | [`mode`](#configure-authority-router-dns-config-mode) | Mode of DNS server configuration. | -| [`move`](#configure-authority-router-dns-config) | Move list items | +| `move` | Move list items | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'dns-config' | @@ -3492,6 +5820,39 @@ configure authority router dns-config address [] | ---- | ----------- | | ip-address | Value to add to this list | +#### Description + +The order of elements matters. + +##### ip-address (union) + +The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +##### (0) ipv4-address (string) + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) ipv6-address (string) + +The ipv6-address type represents an IPv6 address in full, +mixed, shortened, and shortened-mixed notation. + +The canonical format of IPv6 addresses uses the compressed +format described in RFC 4291, Section 2.2, item 2 with the +following additional rules: the :: substitution must be +applied to the longest sequence of all-zero 16-bit chunks +in an IPv6 address. If there is a tie, the first sequence +of all-zero 16-bit chunks is replaced by ::. Single +all-zero 16-bit chunks are not compressed. The canonical +format uses lowercase characters and leading zeros are +not allowed. + +Must be a valid IPv6 address. + ## `configure authority router dns-config mode` Mode of DNS server configuration. @@ -3508,29 +5869,16 @@ configure authority router dns-config mode [] | ---- | ----------- | | enumeration | The value to set for this field | -## `configure authority router dns-config move address` - -Address of servers to use for DNS queries. - -#### Usage - -``` -configure authority router dns-config move address [force] [] -``` +#### Description -##### Keyword Arguments +##### enumeration -| name | description | -| ---- | ----------- | -| force | Skip confirmation prompt | +A value from a set of predefined names. -##### Positional Arguments +Options: -| name | description | -| ---- | ----------- | -| value | Value to move | -| position | first \| last \| before \| after | -| relative-to | Value before or after which to move | +- static: Static list of DNS nameservers +- automatic: Populate DNS nameservers from learned sources ## `configure authority router entitlement` @@ -3563,6 +5911,12 @@ configure authority router entitlement description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router entitlement id` Project identifier. @@ -3579,6 +5933,14 @@ configure authority router entitlement id [] | ---- | ----------- | | entitlement-project-id | The value to set for this field | +#### Description + +Default: trial + +##### entitlement-project-id (string) + +Indicates that an enclosing leaf represents the project ID for entitlement. + ## `configure authority router entitlement max-bandwidth` Purchased bandwidth for the project. @@ -3599,6 +5961,12 @@ configure authority router entitlement max-bandwidth [] Units: bits/second +Default: 0 + +##### uint64 + +An unsigned 64-bit integer. + ## `configure authority router half-open-connection-limit` A limit on half-open TCP sessions. @@ -3615,6 +5983,30 @@ configure authority router half-open-connection-limit [] | ---- | ----------- | | union | The value to set for this field | +#### Description + +Default: unlimited + +##### union + +A value that corresponds to one of its member types. + +Must be one of the following types: + +##### (0) uint32 + +An unsigned 32-bit integer. + +Range: 100-4294967295 + +##### (1) enumeration + +A value from a set of predefined names. + +Options: + +- unlimited: No limit on this value + ## `configure authority router icmp-probe-profile` Profile for active ICMP probes for reachability-detection enforcement @@ -3662,6 +6054,12 @@ configure authority router icmp-probe-profile name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router icmp-probe-profile number-of-attempts` Number of consecutive ICMP ping requests to be sent within the probe-duration before deciding that destination is unreachable @@ -3678,6 +6076,16 @@ configure authority router icmp-probe-profile number-of-attempts [] | ---- | ----------- | | uint8 | The value to set for this field | +#### Description + +Default: 4 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 1-20 + ## `configure authority router icmp-probe-profile probe-address` Address to send ICMP ping requests to @@ -3694,6 +6102,37 @@ configure authority router icmp-probe-profile probe-address [] | ---- | ----------- | | ip-address | Value to add to this list | +#### Description + +##### ip-address (union) (required) + +The ip-address type represents an IP address and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +##### (0) ipv4-address (string) (required) + +The ipv4-address type represents an IPv4 address in dotted-quad notation. + +Must be a valid IPv4 address. + +##### (1) ipv6-address (string) (required) + +The ipv6-address type represents an IPv6 address in full, +mixed, shortened, and shortened-mixed notation. + +The canonical format of IPv6 addresses uses the compressed +format described in RFC 4291, Section 2.2, item 2 with the +following additional rules: the :: substitution must be +applied to the longest sequence of all-zero 16-bit chunks +in an IPv6 address. If there is a tie, the first sequence +of all-zero 16-bit chunks is replaced by ::. Single +all-zero 16-bit chunks are not compressed. The canonical +format uses lowercase characters and leading zeros are +not allowed. + +Must be a valid IPv6 address. + ## `configure authority router icmp-probe-profile probe-duration` Duration within which to reach the destination. Each attempt will be made in (probe-duration / number-of-attempts) interval @@ -3714,6 +6153,14 @@ configure authority router icmp-probe-profile probe-duration [] Units: seconds +Default: 1 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 1-10 + ## `configure authority router icmp-probe-profile probe-failure-trigger` Control how failure to ping probe-addresses impacts state. @@ -3730,6 +6177,19 @@ configure authority router icmp-probe-profile probe-failure-trigger [] Units: seconds +Default: 10 + +##### uint32 + +An unsigned 32-bit integer. + +Range: 1-3600 + ## `configure authority router icmp-probe-profile sla-metrics` SLA-metrics requirements for ICMP ping @@ -3798,6 +6266,12 @@ configure authority router icmp-probe-profile sla-metrics latency max [] Units: milliseconds +Default: 250 + +##### uint32 + +An unsigned 32-bit integer. + ## `configure authority router icmp-probe-profile sla-metrics latency mean` The maximum acceptable mean latency based on the ping test @@ -3818,6 +6292,12 @@ configure authority router icmp-probe-profile sla-metrics latency mean [ Units: milliseconds +Default: 100 + +##### uint32 + +An unsigned 32-bit integer. + ## `configure authority router icmp-probe-profile sla-metrics max-loss` The amount of acceptable loss on the link. Determined by sending number-of-attempts ICMP requests and waiting probe-duration for response @@ -3838,6 +6318,14 @@ configure authority router icmp-probe-profile sla-metrics max-loss [ Units: percent +Default: 10 + +##### percentage (uint8) + +Integer indicating a percentage value + +Range: 0-100 + ## `configure authority router idp` Advanced IDP configuration. @@ -3868,6 +6356,16 @@ configure authority router idp bypass-enabled [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router idp mode` IDP config management mode @@ -3884,6 +6382,21 @@ configure authority router idp mode [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: auto + +##### enumeration + +A value from a set of predefined names. + +Options: + +- auto: Automatically toggle IDP based on idp-policies +- disabled: Disable IDP +- spoke: Enable spoke mode for IDP +- hub: Enable hub mode for IDP + ## `configure authority router inter-node-security` The name of the security policy used for inter node communication between router interfaces @@ -3900,6 +6413,12 @@ configure authority router inter-node-security [] | ---- | ----------- | | security-ref | The value to set for this field | +#### Description + +##### security-ref (leafref) (required) + +This type is used by other entities that need to reference configured security policies. + ## `configure authority router location` A descriptive location for this SSR. @@ -3916,6 +6435,12 @@ configure authority router location [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router location-coordinates` The geolocation of this router in ISO 6709 format. Some examples: (1) Degrees only: +50.20361-074.00417/ (2) Degrees and minutes: +5012.22-07400.25/ or (3) Degrees, minutes, and seconds: +501213.1-0740015.1/ @@ -3932,6 +6457,14 @@ configure authority router location-coordinates [] | ---- | ----------- | | geolocation | The value to set for this field | +#### Description + +##### geolocation (string) + +Geolocation in ISO 6709 format. + +Must be a geographic coordinate in ISO-6709 format. Example: +50.1-074.1/ + ## `configure authority router maintenance-mode` When enabled, the router will be in maintenance mode and alarms related to this router will be shelved. @@ -3948,6 +6481,14 @@ configure authority router maintenance-mode [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router management-service-generation` Configure Management Service Generation @@ -3979,6 +6520,16 @@ configure authority router management-service-generation proxy [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router management-service-generation service-policy` Service policy to be used instead of auto-generated service policy. @@ -3995,6 +6546,12 @@ configure authority router management-service-generation service-policy [] #### Description -Warning: a restart is required if max-inter-node-way-points is created, modified, or deleted +Default: 50000 + +:::warning +A restart is required if max-inter-node-way-points is created, modified, or deleted +::: + +##### uint32 + +An unsigned 32-bit integer. + +Range: 50000-1000000 ## `configure authority router name` @@ -4049,7 +6629,16 @@ configure authority router name [] #### Description -Warning: a restart is required if name is created or deleted +:::warning +A restart is required if name is created or deleted +::: + +##### reserved-name-id (string) + +A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters, and cannot be the words 'all', 'any', or 'unknown'. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 ## `configure authority router nat-pool` @@ -4074,7 +6663,7 @@ configure authority router nat-pool | [`address-pool`](#configure-authority-router-nat-pool-address-pool) | Defines the NAT prefix and ports in the pool. | | `clone` | Clone a list item | | `delete` | Delete configuration data | -| [`move`](#configure-authority-router-nat-pool) | Move list items | +| `move` | Move list items | | [`name`](#configure-authority-router-nat-pool-name) | An identifier for the NAT Pool. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'nat-pool' | @@ -4106,6 +6695,10 @@ configure authority router nat-pool address-pool
| `show` | Show configuration data for 'address-pool' | | [`tenant-name`](#configure-authority-router-nat-pool-address-pool-tenant-name) | Tenant for which this nat pool is applied | +#### Description + +The order of elements matters. + ## `configure authority router nat-pool address-pool address` IP Prefix for the pool of NAT ports. @@ -4122,6 +6715,53 @@ configure authority router nat-pool address-pool address [] | ---- | ----------- | | ip-prefix | The value to set for this field | +#### Description + +##### ip-prefix (union) + +The ip-prefix type represents an IP prefix and is IP version neutral. The format of the textual representations implies the IP version. + +Must be one of the following types: + +###### (0) ipv4-prefix (string) + +The ipv4-prefix type represents an IPv4 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal to 32. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The canonical format of an IPv4 prefix has all bits of +the IPv4 address set to zero that are not part of the +IPv4 prefix. + +###### (1) ipv6-prefix (string) + +The ipv6-prefix type represents an IPv6 address prefix. +The prefix length is given by the number following the +slash character and must be less than or equal 128. + +A prefix length value of n corresponds to an IP address +mask that has n contiguous 1-bits from the most +significant bit (MSB) and all other bits set to 0. + +The IPv6 address should have all bits that do not belong +to the prefix set to zero. + +The canonical format of an IPv6 prefix has all bits of +the IPv6 address set to zero that are not part of the +IPv6 prefix. Furthermore, IPv6 address is represented +in the compressed format described in RFC 4291, Section +2.2, item 2 with the following additional rules: the :: +substitution must be applied to the longest sequence of +all-zero 16-bit chunks in an IPv6 address. If there is +a tie, the first sequence of all-zero 16-bit chunks is +replaced by ::. Single all-zero 16-bit chunks are not +compressed. The canonical format uses lowercase +characters and leading zeros are not allowed. + ## `configure authority router nat-pool address-pool pool-type` Type of NAT pool @@ -4138,6 +6778,19 @@ configure authority router nat-pool address-pool pool-type [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: static + +##### enumeration + +A value from a set of predefined names. + +Options: + +- static: Static IP assignment per endpoint +- dynamic: Dynamic IP port assignment per session + ## `configure authority router nat-pool address-pool tenant-name` Tenant for which this nat pool is applied @@ -4154,23 +6807,11 @@ configure authority router nat-pool address-pool tenant-name [] | ---- | ----------- | | tenant-ref | Value to add to this list | -## `configure authority router nat-pool move address-pool` - -Defines the NAT prefix and ports in the pool. - -#### Usage +#### Description -``` -configure authority router nat-pool move address-pool
[] -``` +##### tenant-ref (leafref) -##### Positional Arguments - -| name | description | -| ---- | ----------- | -| address | IP Prefix for the pool of NAT ports. | -| position | first \| last \| before \| after | -| relative-to-address | Key of item before or after which to move | +This type is used by other entities that need to reference configured tenants. ## `configure authority router nat-pool name` @@ -4188,6 +6829,15 @@ configure authority router nat-pool name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + +Must contain only alphanumeric characters or any of the following: _ - +Length: 0-63 + ## `configure authority router node` List of one or two SSR software instances, comprising an SSR. @@ -4231,7 +6881,8 @@ configure authority router node | [`session-processor-mode`](#configure-authority-router-node-session-processor-mode) | The method by which the number of threads used for session processing should be determined. | | [`session-setup-scaling`](#configure-authority-router-node-session-setup-scaling) | Whether or not to enable session setup scaling. | | `show` | Show configuration data for 'node' | -| [`ssh-keepalive`](#configure-authority-router-node-ssh-keepalive) | Configure Ssh Keepalive | +| [`ssh-keepalive`](#configure-authority-router-node-ssh-keepalive) | Configure SSH Keepalive | +| [`ssh-settings`](#configure-authority-router-node-ssh-settings) | Configure SSH Settings | | [`top-sessions`](#configure-authority-router-node-top-sessions) | Views of top sessions by an ordering criteria. | ## `configure authority router node asset-id` @@ -4250,6 +6901,14 @@ configure authority router node asset-id [] | ---- | ----------- | | asset-id | The value to set for this field | +#### Description + +##### asset-id (string) + +A unique identifier of an SSR node. + +Must not contain repeating, leading, or ending '_' character + ## `configure authority router node asset-validation-enabled` Validate that the asset is suitable to run SSR. @@ -4266,6 +6925,16 @@ configure authority router node asset-validation-enabled [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router node description` A description about the node. @@ -4282,6 +6951,12 @@ configure authority router node description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router node device-interface` List of physical or virtual interfaces in the node. @@ -4334,7 +7009,7 @@ configure authority router node device-interface | [`traffic-engineering`](#configure-authority-router-node-device-interface-traffic-engineering) | Configure Traffic Engineering | | [`type`](#configure-authority-router-node-device-interface-type) | Type of interface. | | [`vmbus-uuid`](#configure-authority-router-node-device-interface-vmbus-uuid) | The VMBus UUID of the network device. Hyper-V Environment only. Only relevant if type is ethernet. | -| [`vrrp`](#configure-authority-router-node-device-interface-vrrp) | Parameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP) like protocol. | +| [`vrrp`](#configure-authority-router-node-device-interface-vrrp) | Parameters for Interface Redundancy using Virtual Router Redundancy Protocol (VRRP). | ## `configure authority router node device-interface bond-settings` @@ -4345,10 +7020,66 @@ Configure Bond Settings | command | description | | ------- | ----------- | | `delete` | Delete configuration data | +| [`force-up`](#configure-authority-router-node-device-interface-bond-settings-force-up) | Force up when not receiving partner LACP PDUs. | +| [`force-up-timeout`](#configure-authority-router-node-device-interface-bond-settings-force-up-timeout) | Number of seconds before switching to force-up LACP mode. | | [`lacp-enable`](#configure-authority-router-node-device-interface-bond-settings-lacp-enable) | Use 802.3ad LACP protocol for the Bond. | | `override-generated` | Force auto-generated configuration and any modifications to it to persist on commit | | `show` | Show configuration data for 'bond-settings' | +## `configure authority router node device-interface bond-settings force-up` + +Force up when not receiving partner LACP PDUs. + +#### Usage + +``` +configure authority router node device-interface bond-settings force-up [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| boolean | The value to set for this field | + +#### Description + +Default: false + +##### boolean + +A true or false value. + +Options: true or false + +## `configure authority router node device-interface bond-settings force-up-timeout` + +Number of seconds before switching to force-up LACP mode. + +#### Usage + +``` +configure authority router node device-interface bond-settings force-up-timeout [] +``` + +##### Positional Arguments + +| name | description | +| ---- | ----------- | +| uint8 | The value to set for this field | + +#### Description + +Units: seconds + +Default: 90 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 1-100 + ## `configure authority router node device-interface bond-settings lacp-enable` Use 802.3ad LACP protocol for the Bond. @@ -4365,6 +7096,16 @@ configure authority router node device-interface bond-settings lacp-enable [] | ---- | ----------- | | bridge-name | The value to set for this field | +#### Description + +##### bridge-name (string) + +A string identifier for bridge-name which only uses alphanumerics, underscores, or dashes, and cannot exceed 15 characters. + +Must contain only alphanumeric characters, start with a alphabet and can contain any of the following: _ - +Length: 0-15 + ## `configure authority router node device-interface capture-filter` Filter to be used when matching packets on this device interface. Uses Berkeley Packet Filter (BPF) syntax. @@ -4397,6 +7147,12 @@ configure authority router node device-interface capture-filter [] | ---- | ----------- | | string | Value to add to this list | +#### Description + +##### string + +A text value. + ## `configure authority router node device-interface description` A description of the device-interface. @@ -4413,6 +7169,12 @@ configure authority router node device-interface description [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router node device-interface enabled` Whether this interface is administratively enabled. @@ -4429,6 +7191,16 @@ configure authority router node device-interface enabled [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router node device-interface forwarding` Whether this interface is used for forwarding traffic. @@ -4445,6 +7217,16 @@ configure authority router node device-interface forwarding [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router node device-interface interface-name` The interface name associated with the OS network device. @@ -4461,6 +7243,12 @@ configure authority router node device-interface interface-name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string + +A text value. + ## `configure authority router node device-interface link-settings` Ethernet link settings on the interface @@ -4477,6 +7265,22 @@ configure authority router node device-interface link-settings [] | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +Default: auto + +##### enumeration + +A value from a set of predefined names. + +Options: + +- auto: Use auto-negotation for the Ethernet link +- 10Mbps-half: Force the Ethernet link to 10 Mbps half duplex +- 10Mbps-full: Force the Ethernet link to 10 Mbps full duplex +- 100Mbps-half: Force the Ethernet link to 100 Mbps half duplex +- 100Mbps-full: Force the Ethernet link to 100 Mbps full duplex + ## `configure authority router node device-interface lldp` Link Layer Description Protocol settings @@ -4513,6 +7317,14 @@ configure authority router node device-interface lldp advertisement-interval [] | ---- | ----------- | | boolean | The value to set for this field | +#### Description + +Default: true + +##### boolean + +A true or false value. + +Options: true or false + ## `configure authority router node device-interface lldp hold-multiplier` The multiplier to apply to the advertisement-interval when setting the LLDP TTL. @@ -4545,6 +7367,16 @@ configure authority router node device-interface lldp hold-multiplier [] | ---- | ----------- | | uint8 | The value to set for this field | +#### Description + +Default: 4 + +##### uint8 + +An unsigned 8-bit integer. + +Range: 2-10 + ## `configure authority router node device-interface lldp mode` The mode in which LLDP operates on the interface @@ -4563,7 +7395,21 @@ configure authority router node device-interface lldp mode [] #### Description -Warning: 'mode' is deprecated and will be removed in a future software version +Default: disabled + +:::warning +`mode` is deprecated and will be removed in a future software version +::: + +##### enumeration + +A value from a set of predefined names. + +Options: + +- disabled: Disable LLDP +- receive-only: Receive and process incoming LLDP packets +- enabled: Enable sending and receiving LLDP packets ## `configure authority router node device-interface load-balancing` @@ -4599,6 +7445,14 @@ configure authority router node device-interface load-balancing utilization-high Units: percent +Default: 100 + +##### percentage (uint8) + +Integer indicating a percentage value + +Range: 0-100 + ## `configure authority router node device-interface load-balancing utilization-low-water-mark` Percentage of allowed bandwidth utilization below which this interface will be reconsidered for load balancing. @@ -4619,6 +7473,14 @@ configure authority router node device-interface load-balancing utilization-low- Units: percent +Default: 80 + +##### percentage (uint8) + +Integer indicating a percentage value + +Range: 0-100 + ## `configure authority router node device-interface lte` Configure Lte @@ -4650,6 +7512,12 @@ configure authority router node device-interface lte apn-name [] | ---- | ----------- | | string | The value to set for this field | +#### Description + +##### string (required) + +A text value. + ## `configure authority router node device-interface lte authentication` Configure Authentication @@ -4681,6 +7549,17 @@ configure authority router node device-interface lte authentication authenticati | ---- | ----------- | | enumeration | The value to set for this field | +#### Description + +##### enumeration (required) + +A value from a set of predefined names. + +Options: + +- chap: Challenge-Handshake Authentication Protocol. +- pap: Password Authentication Protocol. + ## `configure authority router node device-interface lte authentication password` Password required to connect to the LTE network. @@ -4697,6 +7576,12 @@ configure authority router node device-interface lte authentication password [