7. Interfaces

7.1. Overview

On the SR Linux, an interface is any physical or logical port through which packets can be sent to or received from other devices.

7.1.1. Interface types

The SR Linux supports the following interface types:

Loopback
A loopback interface is a virtual interface that is always up, providing a stable source or destination from which packets can always be originated or received. The SR Linux supports up to 256 loopback interfaces system-wide, across all network-instances. Loopback interfaces are named loN, where N is 0 to 255.
Network
Network interfaces carry transit traffic, as well as originate and terminate control plane traffic and in-band management traffic.
The physical ports in line cards installed in the SR Linux are network interfaces. A typical line card has a number of front-panel cages, each accepting a pluggable transceiver. Each transceiver may support a single channel or multiple channels, supporting one Ethernet port or multiple Ethernet ports, depending on the transceiver type and its breakout options.
In the SR Linux CLI, each network interface has a name that indicates its type and its location in the chassis. The location is specified with a combination of slot number and port number, using the following formats:
ethernet-slot/port
For example, interface ethernet-2/1 refers to the line card in slot 2 of the SR Linux chassis, and port 1 on that line card.
Management
Management interfaces are used for out-of-band management traffic. The SR Linux supports a single management interface named mgmt0.
The mgmt0 interface supports the same functionality and defaults as a network interface, except for the following:
1. Packets sent and received on the mgmt0 interface are processed completely in software.
2. The mgmt0 interface does not support multiple output queues, so there is no output traffic differentiation based on forwarding class.
3. The mgmt0 interface does not support pluggable optics. It is a fixed 10/100/1000-BaseT copper port.
Integrated routing and bridging (IRB)
IRB interfaces enable inter-subnet forwarding. Network instances of type mac-vrf are associated with a network instance of type ip-vrf via an IRB interface.
IRB interfaces are named irbN, where N is 0 to 255. See IRB interfaces.

On the SR Linux, each loopback, network, management, and IRB interface can be subdivided into one or more subinterfaces. See Subinterfaces.

7.1.2. Linux interface naming conventions

Every loopback, network, and management interface has an underlying interface in the Linux OS. These interfaces have names that adhere to Linux restrictions (maximum 15 characters and no slashes). The Linux interface name formats are as follows:

Loopback interfaces: loN, where N is 0 to 255; for example, lo0
Network interfaces: eslot-port-subinterface; for example, e4-2-1
Management interface: mgmt0

7.2. Basic interface configuration example

The following example shows a configuration for interface basic parameters, including administratively enabling the interface, specifying a description, and setting the MTU. The settings apply to any subinterfaces on the port, unless overridden in the subinterface configuration.

Example:

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/2

interface ethernet-1/2

description Sample_interface_config

admin-state enable

mtu 1500

7.3. Subinterfaces

7.3.1. Overview

On the SR Linux, each loopback, network, management, and IRB interface can be subdivided into one or more subinterfaces. A subinterface is a logical channel within its parent interface.

Traffic belonging to one subinterface can be distinguished from traffic belonging to other subinterfaces of the same port using encapsulation methods such as 802.1Q VLAN tags.

While each port can be considered a shared resource of the router that is usable by all network-instances, a subinterface can only be associated with one network-instance at a time. To move a subinterface from one network-instance to another, you must disassociate it from the first network-instance before associating it with the second network-instance. See Network-instances.

You can configure ACL policies to filter IPv4 and/or IPv6 packets entering or leaving a subinterface. See Access control lists.

The SR Linux supports policies for assigning traffic on a subinterface to forwarding classes or remarking traffic at egress before it leaves the router. DSCP classifier policies map incoming packets to the appropriate forwarding classes, and DSCP rewrite-rule policies mark outgoing packets with an appropriate DSCP value based on the forwarding class. See Quality of service.

7.3.2. Routed and bridged subinterfaces

SR Linux subinterfaces can be specified as type routed or bridged:

Routed subinterfaces can be assigned to a network-instance of type mgmt, default, or ip-vrf.
Bridged subinterfaces can be assigned to a network-instance of type mac-vrf.

Routed subinterfaces allow for configuration of IPv4 and IPv6 settings, and bridged subinterfaces allow for configuration of bridge table and VLAN ingress/egress mapping.

7.3.3. Subinterface naming conventions

The CLI name of a subinterface is the name of its parent interface followed by a dot (.) and an index number that is unique within the scope of the parent interface. For example, the subinterface named ethernet-2/1.0 is a subinterface of ethernet-2/1, and it has index number 0.

Each loopback interface (loN) can only have one subinterface, and the index number can be in the range 0 to 255.
Each network interface (ethernet-slot/port) where the vlan-tagging parameter is set to false can have one subinterface, and the index number can be in the range 0 to 9999.
Each network interface where the vlan-tagging parameter is set to true can have up to 4096 subinterfaces (up ro 1024 of type routed and 3072 of type bridged) with each subinterface assigned a unique index number in the range 0 to 9999.
The management interface (mgmt0) can only have one subinterface, with an index number of 0.

The Linux name of a subinterface adheres to Linux restrictions (maximum 15 characters and no slashes). For example, the subinterface named ethernet-2/1.0 has the Linux name e2-1.0.

7.3.4. Basic subinterface configuration example

For IPv4 packets to be sourced from a subinterface, the IPv4 address family must be enabled on the subinterface and the subinterface must be configured with an IPv4 address and prefix length that indicates the other IPv4 hosts reachable on the same subnet.

A subinterface can have up to 64 IPv4 prefixes assigned to it. One or more of these can be optionally configured as a primary candidate. Within the set of IPv4 prefixes configured as primary candidates, the lowest IPv4 address that does not fail duplicate address detection is selected as the primary address for the subinterface. The primary address is used by upper layer protocols that need to choose only one IPv4 address from which to source their messages, as well as for information about this interface displayed with the info from state command. If there is no suitable address in the set of IPv4 prefixes configured as primary candidates (or if no IPv4 prefix is configured as primary), a selection is made from the IPv4 prefixes not configured as primary candidates.

For IPv6 packets to be sourced from a subinterface, the IPv6 address family must be enabled on the subinterface, which must be configured with a global unicast IPv6 address and prefix length. The address can be configured statically or obtained from a DHCP server.

A subinterface can have up to 16 global unicast IPv6 addresses and prefixes assigned to it. One or more of these can be optionally configured as a primary candidate. Within the set of IPv6 prefixes configured as primary candidates, the lowest IPv6 address that does not fail duplicate address detection is selected as the primary address for the subinterface. The primary address is used by upper layer protocols that need to choose only one IPv6 address from which to source their messages, as well as for information about this interface displayed with the info from state command. If there is no suitable address in the set of IPv6 prefixes configured as primary candidates (or if no IPv6 prefix is configured as primary), a selection is made from the IPv6 prefixes not configured as primary candidates.

Example:

The following example shows basic parameters for a subinterface configuration, including IPv4 and IPv6 addresses and prefix lengths.

The configuration for subinterface 1 administratively enables the subinterface, specifies an ACL policy for input IPv4 traffic, and specifies a DSCP classifier policy that assigns input IPv4 traffic to a queue based on the 6-bit DSCP value in the IP header.

The configuration for subinterface 2 administratively enables the subinterface, and configures multiple IPv4 and IPv6 addresses and prefix lengths. The primary IPv4 address for the subinterface is selected from among the set of IPv4 prefixes configured as primary candidates; the selected IPv4 address is the numerically lowest address that does not fail duplicate address detection. The global unicast IPv6 address for the subinterface is selected from the IPv6 prefix configured as primary. The selected global unicast IPv6 address is the numerically lowest address that does not fail duplicate address detection.

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/2

interface ethernet-1/2

description Sample_interface_config

admin-state enable

mtu 1500

subinterface 1 {

admin-state enable

ipv4 {

dhcp-client true {

}

ipv6 {

address 2001:1::192:168:12:1/126 {

}

acl {

input {

ipv4-filter 101

}

qos {

input {

classifiers {

ipv4-dscp 1

}

subinterface 2 {

admin-state enable

ipv4 {

address 192.168.12.1/30 {

primary

}

address 192.168.12.2/30 {

primary

}

address 192.168.12.2/30 {

}

ipv6 {

address 2001:1::192:168:12:2/126 {

primary

}

address 2001:1::192:168:12:3/126 {

}

7.3.5. Subinterface VLAN configuration example

When the vlan-tagging parameter is set to true for a network interface, the interface can accept ethertype 0x8100 frames with one or more VLAN tags. The interface can be configured with up to 4096 subinterfaces, each with a separate index number.

Example:

The following example enables VLAN tagging for an interface and configures two subinterfaces. Single-tagged packets received on subinterface ethernet-2/1.1 are encapsulated with VLAN ID 101.

--{ * candidate shared default }--[ ]--

# info interface ethernet-2/1

interface ethernet-2/1

admin-state enable

vlan-tagging true

subinterface 1 {

admin-state enable

ipv4 {

dhcp-client true {

}

subinterface 2 {

admin-state enable

ipv4 {

dhcp-client true {

}

vlan {

encap {

single-tagged {

vlan-id 101

}

7.3.6. Bridged subinterface configuration example

Bridged subinterfaces are associated with a mac-vrf network instance.

Example:

The following example shows the configuration for a bridged subinterface.

--{ candidate shared default }--[ ]--

# info interface ethernet-1/1

interface ethernet-1/1 {

admin-state enable

subinterface 1 {

admin-state enable

type bridged

}

vlan {

encap {

single-tagged {

vlan-id 10

}

7.4. IRB interfaces

Integrated routing and bridging (IRB) interfaces enable inter-subnet forwarding. Network instances of type mac-vrf are associated with a network instance of type ip-vrf via an IRB interface.

On SR Linux, IRB interfaces are named irbN, where N is 0 to 255. Up to 4095 subinterfaces can be defined under an IRB interface. An ip-vrf network instance can have multiple IRB subinterfaces, while a mac-vrf network instance can refer to only one IRB subinterface.

IRB subinterfaces are type routed and cannot be configured as any other type.

IRB subinterfaces operate in the same way as other routed subinterfaces, including support for the following:

IPv4 and IPv6 ACLs
DSCP based QoS (input and output classifiers and rewrite rules)
Static routes and BGP (IPv4 and IPv6 families)
IP MTU (with the same range of valid values as Ethernet subinterfaces)
All settings in the subinterface/ipv4 and subinterface/ipv6 containers. For IPv6, the IRB subinterface also gets an IPv6 link local address
BFD
Subinterface statistics

IRB interfaces do not support sFlow or VLAN tagging.

7.4.1. IRB interface configuration example

The following example configures an IRB interface. The IRB interface is operationally up when its admin-state is enabled, and its IRB subinterfaces are operationally up when associated with mac-vrf and ip-vrf network instances. At least one IPv4 or IPv6 address must be configured for the IRB subinterface to be operationally up.

--{ candidate shared default }--[ ]--

# info interface irb1

interface irb1 {

description IRB_Interface

admin-state enable

subinterface 1 {

admin-state enable

ipv4 {

address 172.16.1.1/24 {

}

7.5. Displaying interface information

7.5.1. Displaying interface status

Use the show interface command to display the operational state of configured interfaces.

Examples:

To display the status of all configured interfaces that have operational state up and their subinterfaces that also have operational state up:

--{ running }--[ ]--

# show interface

===================================================================================

ethernet-1/10 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/10.1 is up

Encapsulation: null

IPv4 addr : 192.35.1.0/31 (static)

IPv6 addr : 2001:192:35:1::/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2ea/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

ethernet-1/21 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/21.1 is up

Encapsulation: null

IPv4 addr : 192.45.1.254/31 (static)

IPv6 addr : 2001:192:45:1::fe/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2f5/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

ethernet-1/22 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/22.1 is up

Encapsulation: null

IPv4 addr : 192.45.3.254/31 (static)

IPv6 addr : 2001:192:45:3::fe/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2f6/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

ethernet-1/3 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/3.1 is up

Encapsulation: null

IPv4 addr : 192.57.1.1/31 (static)

IPv6 addr : 2001:192:57:1::1/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2e3/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

...

===================================================================================

Summary

3 loopback interfaces configured

8 ethernet interfaces are up

1 management interfaces are up

12 subinterfaces are up

===================================================================================

To display summary information about interfaces that have operational state up or down:

--{ running }--[ ]--

# show interface brief

+---------------+-------------+------------+-------+--------------+

+===============+=============+============+=======+==============+

+---------------+-------------+------------+-------+--------------+

To display summary information about a specific interface:

--{ running }--[ ]--

# show interface ethernet-1/1 brief

+---------------+-------------+------------+-------+--------------+

+===============+=============+============+=======+==============+

+---------------+-------------+------------+-------+--------------+

To display summary information about interfaces and subinterfaces that have operational state up or down:

--{ running }--[ ]--

# show interface all

===================================================================================

ethernet-1/1 is down, reason port-admin-disabled

-----------------------------------------------------------------------------------

ethernet-1/10 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/10.1 is up

Encapsulation: null

IPv4 addr : 192.35.1.0/31 (static)

IPv6 addr : 2001:192:35:1::/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2ea/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

ethernet-1/11 is down, reason port-admin-disabled

-----------------------------------------------------------------------------------

ethernet-1/12 is down, reason port-admin-disabled

-----------------------------------------------------------------------------------

...

===================================================================================

Summary

3 loopback interfaces configured

8 ethernet interfaces are up

1 management interfaces are up

12 subinterfaces are up

===================================================================================

To display summary information about a specific interface and its subinterfaces:

--{ running }--[ ]--

# show interface ethernet-1/21

===================================================================================

ethernet-1/21 is up, speed 100G, type 100GBASE-CR4 CA-L

ethernet-1/21.1 is up

Encapsulation: null

IPv4 addr : 192.45.1.254/31 (static)

IPv6 addr : 2001:192:45:1::fe/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2f5/64 (link-layer, preferred)

===================================================================================

To display detailed information about a specific interface and its subinterfaces:

--{ running }--[ ]--

# show interface ethernet-1/3 detail

===================================================================================

Interface: ethernet-1/3

-----------------------------------------------------------------------------------

Description : rifa-difa-1

Oper state : up

Down reason : N/A

Last change : 23m14s ago, No flaps since last clear

Speed : 100G

Flow control : Rx is disabled, Tx is not supported

MTU : 9232

VLAN tagging : false

Queues : 8 output queues supported, 3 used since the last clear

MAC address : 20:E0:9C:78:E2:E3

Last stats clear: never

-----------------------------------------------------------------------------------

Queue Parameter for ethernet-1/3

-----------------------------------------------------------------------------------

Queue-id Scheduling Weight

-----------------------------------------------------------------------------------

Traffic statistics for ethernet-1/3

-----------------------------------------------------------------------------------

counter Rx Tx

Octets 14241 11724

Unicast packets 0 0

Broadcast packets 0 0

Multicast packets 52 56

Errored packets 0 0

FCS error packets 0 N/A

MAC pause frames 0 N/A

Oversize frames 0 N/A

Jabber frames 0 N/A

Fragment frames 0 N/A

CRC errors 0 N/A

-----------------------------------------------------------------------------------

Traffic rate statistics for ethernet-1/3

-----------------------------------------------------------------------------------

units Rx Tx

kbps rate

-----------------------------------------------------------------------------------

Frame length statistics for ethernet-1/3

-----------------------------------------------------------------------------------

Frame length(Octets) Rx Tx

64 bytes 0 0

65-127 bytes 5 8

128-255 bytes 0 48

256-511 bytes 47 0

512-1023 bytes 0 0

1024-1518 bytes 0 0

1519+ bytes 0 0

-----------------------------------------------------------------------------------

Transceiver detail for ethernet-1/3

-----------------------------------------------------------------------------------

Status : Transceiver is present and operational

Form factor : QSFP28

Channels used : 4

Connector type : no-separable-connector

Vendor : Mellanox

Vendor part : MCP1600-C003

PMD type : 100GBASE-CR4 CA-L

Fault condition: false

Temperature : 0

Voltage : 0.0000

-----------------------------------------------------------------------------------

Transceiver channel detail for ethernet-1/3

-----------------------------------------------------------------------------------

Channel No Rx Power (dBm) Tx Power (dBm) Laser Bias current (mA)

1 -40.00 -40.00 0.000

2 -40.00 -40.00 0.000

3 -40.00 -40.00 0.000

4 -40.00 -40.00 0.000

===================================================================================

Subinterface: ethernet-1/3.1

-----------------------------------------------------------------------------------

Oper state : up

Down reason : N/A

Last change : 23m14s ago

Encapsulation : null

IP MTU : 9000

Last stats clear: never

IPv4 addr : 192.57.1.1/31 (static)

IPv6 addr : 2001:192:57:1::1/127 (static, preferred)

IPv6 addr : fe80::22e0:9cff:fe78:e2e3/64 (link-layer, preferred)

-----------------------------------------------------------------------------------

ARP/ND summary for ethernet-1/3.1

-----------------------------------------------------------------------------------

IPv4 ARP entries : 0 static, 0 dynamic

IPv6 ND entries : 0 static, 0 dynamic

-----------------------------------------------------------------------------------

QOS Policies applied to ethernet-1/3.1

-----------------------------------------------------------------------------------

Summary In Out

IPv4 DSCP classifier default

IPv6 DSCP classifier default

IPv4 DSCP rewrite none

IPv6 DSCP rewrite none

-----------------------------------------------------------------------------------

Traffic statistics for ethernet-1/3.1

-----------------------------------------------------------------------------------

Statistics Rx Tx

Packets 52 8

Octets 14241 828

Errored packets 0 0

Discarded packets 2 0

Forwarded packets 0 0

Forwarded octets 0 0

CPM packets 50 8

CPM octets 14033 828

===================================================================================

To display information about egress queues and Virtual Output Queues (VOQs) for a specific interface and its subinterfaces:

# show interface ethernet-1/1 queue-statistics

===================================================================================

Interface: ethernet-1/1

-----------------------------------------------------------------------------------

Description : <None>

Oper state : down

Down reason : lower-layer-down

Last change : 4d14h50m28s ago, No flaps since last clear

Speed : 100G

Flow control : Rx is disabled, Tx is not supported

Loopback mode : false

MTU : 9232

VLAN tagging : false

Queues : 8 output queues supported, 0 used since the last clear

MAC address : 68:AB:09:A2:71:B0

Last stats clear: never

-----------------------------------------------------------------------------------

Queue Parameter for for ethernet-1/1

-----------------------------------------------------------------------------------

Queue-id Scheduling Weight PIR % PIR (kbps)

0 SP - 100 98994140.625

1 SP - 100 98994140.625

2 SP - 100 98994140.625

3 SP - 100 98994140.625

4 SP - 100 98994140.625

5 SP - 100 98994140.625

6 SP - 100 98994140.625

7 SP - 100 98994140.625

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 0 (fc0 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 1 (fc1 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 2 (fc2 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 3 (fc3 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 4 (fc4 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 5 (fc5 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 6 (fc6 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

-----------------------------------------------------------------------------------

Queue statistics for interface ethernet-1/1, Queue 7 (fc7 traffic)

-----------------------------------------------------------------------------------

Name Fwd-Octets Fwd-Pkts Drop-Octets Drop-Pkts

Unicast Egress queue 0 0 0 0

VOQ 1 0 0 0 0

VOQ 2 0 0 0 0

VOQ 3 0 0 0 0

VOQ 4 0 0 0 0

Multicast Egress queue 0 0 0 0

===================================================================================

7.5.2. Displaying interface statistics

To display statistics for a specific interface, use the info from state command in candidate or running mode, or the info command in state mode.

Example:

# info from state interface ethernet-1/1

interface ethernet-1/1 {

admin-state enable

mtu 9232

loopback-mode false

ifindex 54

oper-state down

oper-down-reason lower-layer-down

last-change 2020-06-04T15:06:35.920Z

vlan-tagging false

statistics {

in-octets 0

in-unicast-packets 0

in-broadcast-packets 0

in-multicast-packets 0

in-error-packets 0

in-fcs-error-packets 0

out-octets 0

out-unicast-packets 0

out-broadcast-packets 0

out-multicast-packets 0

out-error-packets 0

carrier-transitions 0

}

traffic-rate {

in-bps 0

out-bps 0

}

transceiver {

admin-state enable

tx-laser true

oper-state up

ddm-events false

forward-error-correction disabled

form-factor QSFP28

ethernet-pmd 100GBASE-SR4

connector-type MPO-1x12

vendor "AVAGO "

vendor-part-number "AFBR-89CDDZ-AL1 "

vendor-revision 01

serial-number "AF1937GN050 "

date-code "190910 "

fault-condition false

temperature {

latest-value 32

}

voltage {

latest-value 3.2809

}

channel 1 {

wavelength 850.00

input-power {

latest-value -33.98

}

output-power {

latest-value 0.26

}

laser-bias-current {

latest-value 7.494

}

channel 2 {

wavelength 850.00

input-power {

latest-value -40.00

}

output-power {

latest-value 0.05

}

laser-bias-current {

latest-value 7.494

}

channel 3 {

wavelength 850.00

input-power {

latest-value -23.28

}

output-power {

latest-value 0.02

}

laser-bias-current {

latest-value 7.494

}

channel 4 {

wavelength 850.00

input-power {

latest-value -40.00

}

output-power {

latest-value 0.24

}

laser-bias-current {

latest-value 7.494

}

ethernet {

port-speed 100G

hw-mac-address 68:AB:09:A2:71:B0

flow-control {

receive false

}

statistics {

in-mac-pause-frames 0

in-oversize-frames 0

in-jabber-frames 0

in-fragment-frames 0

in-crc-error-frames 0

out-mac-pause-frames 0

in-64b-frames 0

in-65b-to-127b-frames 0

in-128b-to-255b-frames 0

in-256b-to-511b-frames 0

in-512b-to-1023b-frames 0

in-1024b-to-1518b-frames 0

in-1519b-or-longer-frames 0

out-64b-frames 0

out-65b-to-127b-frames 0

out-128b-to-255b-frames 0

out-256b-to-511b-frames 0

out-512b-to-1023b-frames 0

out-1024b-to-1518b-frames 0

out-1519b-or-longer-frames 0

}

sflow {

admin-state enable

}

qos {

output {

unicast-queue 0 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 1 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 2 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 3 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 4 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 5 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 6 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

unicast-queue 7 {

queue-parameters {

peak-rate-bps 101370000000

strict-priority true

}

queue-statistics {

unicast-queue 0 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 1 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 2 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 3 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 4 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 5 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 6 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

unicast-queue 7 {

virtual-output-queue 1 {

}

virtual-output-queue 2 {

}

virtual-output-queue 3 {

}

virtual-output-queue 4 {

}

multicast-queue 0 {

}

multicast-queue 1 {

}

multicast-queue 2 {

}

multicast-queue 3 {

}

multicast-queue 4 {

}

multicast-queue 5 {

}

multicast-queue 6 {

}

multicast-queue 7 {

}

7.5.2.1. Clearing interface statistics

You can clear the statistics counters for a specified interface.

Examples:

# tools interface ethernet-1/1 statistics clear

/interface[name=ethernet-1/1]:

interface ethernet-1/1 statistics cleared

To clear queue statistics for an interface:

# tools interface ethernet-1/1 statistics queue-statistics clear

To clear statistics for a specified queue on an interface:

# tools interface ethernet-1/1 statistics queue-statistics multicast-queue 0 clear

7.5.3. Viewing subinterface statistics

To display statistics for a specific subinterface, enter the context for the subinterface and use the info from state command.

Example:

--{ candidate shared default }--[ ]--

# interface ethernet-1/2

--{ candidate shared default }--[ interface ethernet-1/2 ]--

# subinterface 1

--{ candidate shared default }--[ interface ethernet-1/2 subinterface 1 ]--

# info from state

admin-state enable

ip-mtu 1500

ifindex 32769

oper-state up

last-change 2019-09-30T16:39:29.725Z

ipv4 {

allow-directed-broadcast false

address 192.168.12.2/30 {

origin static

}

arp {

timeout 14400

neighbor 192.168.12.1 {

link-layer-address 00:01:01:FF:00:01

origin dynamic

expiration-time 2019-09-30T20:39:30.591Z

}

ipv6 {

address 2001:1::192:168:12:2/126 {

origin static

status preferred

}

address fe80::201:3ff:feff:1/64 {

origin link-layer

status preferred

}

neighbor-discovery {

dup-addr-detect true

reachable-time 30

stale-time 14400

neighbor 2001:1::192:168:12:1 {

link-layer-address 00:01:01:FF:00:01

origin dynamic

is-router true

current-state reachable

next-state-time 2019-09-30T17:26:30.018Z

}

neighbor fe80::201:1ff:feff:1 {

link-layer-address 00:01:01:FF:00:01

origin dynamic

is-router true

current-state stale

next-state-time 2019-09-30T20:40:16.078Z

}

statistics {

in-pkts 564

in-octets 49394

in-error-pkts 0

in-discarded-pkts 0

in-terminated-pkts 560

in-terminated-octets 49054

in-forwarded-pkts 4

in-forwarded-octets 340

out-forwarded-pkts 0

out-forwarded-octets 0

out-error-pkts 0

out-discarded-pkts 0

out-pkts 0

out-octets 0

}

acl {

}

qos {

input {

classifiers {

ipv4-dscp default

ipv6-dscp default

mpls-tc default

}

7.5.3.1. Clearing subinterface statistics

You can clear the statistics counters for a specified subinterface.

Example:

# tools interface ethernet-1/1 subinterface 1 statistics clear

/interface[name=ethernet-1/1]/subinterface[index=1]:

subinterface ethernet-1/1.1 statistics cleared

7.6. LAG

A Link Aggregation Group (LAG), based on the IEEE 802.1ax standard (formerly 802.3ad), increases the bandwidth available between two network devices, depending on the number of links installed. A LAG also provides redundancy in the event that one or more links participating in the LAG fail. All physical links in a given LAG links combine to form one logical interface.

Packet sequencing is maintained for any given session. The hashing algorithm deployed by SR Linux is based on the type of traffic transported to ensure that all traffic in a flow remains in sequence, while providing effective load sharing across the links in the LAG.

LAGs can be either statically configured, or formed dynamically with Link Aggregation Control Protocol (LACP). Load sharing is executed in hardware, which provides line rate forwarding for all port types. A LAG can consist of ports of the same speed, as well as ports of mixed speed; however, the active links would be only those whose port speed matches the configured member-speed parameter for the LAG instance.

7.6.1. Min-link threshold

SR Linux supports configuring a min-link threshold for a LAG, which sets the minimum number of member links that must be active in order for the LAG to be operationally up. If the number of active links falls below this threshold, the entire LAG is brought operationally down.

If the min-link threshold is crossed, the active member links are maintained, including continuing to run LACP on links where it is configured, but the LAG is held out of forwarding state. Once the number of active links reaches or exceeds the min-link threshold, the LAG is brought back up operationally.

7.6.2. LACP

LACP, defined by the IEEE 802.3ad standard, specifies a method for two devices to establish and maintain LAGs. When LACP is enabled, SR Linux can automatically associate LACP-compatible ports into a LAG. All non-failing links in a LAG are active, and traffic is load-balanced across the active links.

When LACP is enabled, LACP changes are visible through traps and log messages logged against the LAG.

7.6.2.1. LACP fallback

LACP fallback allows one or more designated links of an LACP controlled LAG to go into forwarding mode if LACP is not yet operational after a configured timeout period.

SR Linux supports LACP fallback in static mode. In static mode, a single designated LAG member goes into forwarding mode if LACP is not operational after the timeout period.

LACP fallback is configured by selecting the mode and fallback timeout (seconds). If the LAG receives no PDUs and the timeout period expires, the configured fallback mode is enabled. If any member link in the LAG receives a PDU, the fallback mode is immediately disabled.

7.6.3. Configuring LAGs

To configure a LAG, you specify LAG parameters within the context of a LAG interface, then associate Ethernet interfaces with the LAG interface.

The MAC address of the LAG should be a unique value taken from the chassis MAC address pool.

Member links in the LAG can be associated statically or dynamically.

Static links are explicitly associated with the LAG within the configuration of the LAG instance.
Dynamic links are associated with the LAG using LACP.

A LAG instance can consist of static links only or dynamic links only.

If an Ethernet interface is associated with a LAG interface, the following parameters must be the same for all associated Ethernet ports:

flow-control
port-speed
aggregate-id

Example:

The following example shows the configuration for a LAG consisting of three member links.

--{ * candidate shared default }--[ ]--

# info interface *

interface ethernet-1/1 {

admin-state enable

ethernet {

aggregate-id lag1

}

interface ethernet-1/2 {

admin-state enable

ethernet {

aggregate-id lag1

}

interface ethernet-1/3 {

admin-state enable

ethernet {

aggregate-id lag1

}

interface lag1 {

subinterface 1 {

admin-state enable

}

lag {

lag-type static

min-links 2

}

7.6.3.1. Configuring the min-link threshold

The min-link threshold specifies the minimum number of member links that must be active in order for the LAG to be operationally up. If the number of active links falls below this threshold, the entire LAG is brought operationally down.

Example:

The following example configures the min-link threshold for a LAG to be 4. If the number of active links in the LAG drops below 4, the LAG is taken operationally down.

--{ * candidate shared default }--[ ]--

# info interface lag1

interface lag1 {

lag {

min-links 4

}

After the LAG has been taken operationally down due to crossing the min-link threshold, if the number active links in the LAG subsequently reaches 4 or higher, the LAG is brought operationally up. The default for the min-link threshold is 0 (disabled).

7.6.3.2. Configuring LACP and LACP fallback

When LACP is enabled, SR Linux can automatically associate LACP-compatible ports into a LAG. LACP should be configured in ACTIVE mode only if LACP Fallback is also configured.

Example:

The following example configures LACP to run on an interface, which can dynamically become a member of a LAG:

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/1

interface lag1 {

lag {

lag-type lacp

min-links 1

member-speed 100G

lacp-fallback-mode static

lacp-fallback-timeout 4

lacp {

interval FAST

lacp-mode ACTIVE

}

In this example, the LACP interval is set to FAST, which causes LACP messages to be sent every second. The SLOW option for LACP interval causes LACP messages to be sent every 30 seconds.

Example:

The following example enables LACP fallback mode for a LAG, which allows a single designated LAG member to go into forwarding mode if LACP is not operational after the timeout period.

--{ * candidate shared }--[ ]--

interface ethernet-1/1 {

lag {

lacp-fallback-mode static

lacp-fallback-timeout 60

}

The LACP fallback timeout range is 4 to 3600 seconds when the LACP interval is FAST, and 90 to 3600 seconds when LACP interval is SLOW.

Example:

The following example enables LACP port priority. When LACP fallback is triggered in static mode, one of the member-links goes into a forwarding state which can be influenced using LACP port priority.

interface ethernet-1/1 {

ethernet {

aggregate-id lag1

lacp-port-priority 1

port-speed 25G

hw-mac-address 00:01:02:FF:00:01

statistics {

7.6.4. Displaying LAG interface statistics

To display statistics for a LAG interface, use the info from state command in candidate or running mode, or the info command in state mode.

Example:

# info from state interface lag1 statistics

interface lag1 {

statistics {

in-octets 0

in-unicast-packets 0

in-broadcast-packets 0

in-multicast-packets 0

in-error-packets 0

in-fcs-error-packets 0

out-octets 7168

out-unicast-packets 0

out-broadcast-packets 0

out-multicast-packets 56

out-error-packets 0

last-clear 2020-06-09T21:58:40.919Z

}

7.6.4.1. Clearing LAG interface statistics

You can clear the statistics counters for a specified LAG interface.

Examples:

# tools interface lag1 statistics clear

/interface[name=lag1]:

interface lag1 statistics cleared

To clear statistics for a LAG interface and all member links:

# tools interface lag1 statistics clear include-members

/interface[name=lag1]:

interface lag1 and all member interfaces statistics cleared

7.7. DHCP relay

DHCP relay refers to the router’s ability to act as an intermediary between DHCP clients requesting configuration parameters, such as a network address, and DHCP servers when the DHCP clients and DHCP servers are not attached to the same broadcast domain, or do not share the same IPv6 link (in the case of DHCPv6).

SR Linux supports DHCP relay for IRB subinterfaces and Layer 3 subinterfaces. The DHCP servers must reside in the same IP-VRF network instance as the subinterface where the DHCP relay is enabled. SR Linux supports up to 8 DHCP or DHCPv6 servers. The DHCP relay maximum packet size (including option 82 and vendor-specific options) is capped at 1500 bytes to avoid fragmentation on the ethernet segment end attached to the DHCP server.

When DHCP relay is enabled for a subinterface, and a DHCP client initiates a request for configuration parameters, the router accepts the DHCP client’s request and relays it to the remote DHCP server, which sends back the configuration parameters. The router relays the configuration parameters to the client. Figure 1 shows an example of DHCP and DHCPv6 on IRB and Layer 3 subinterfaces.

SR Linux supports DHCP relay for IPv4 and IPv6. This guide refers to DHCP for IPv4 as DHCP, and DHCP for IPv6 as DHCPv6.

Figure 1: DHCP relay for IRB and Layer 3 subinterfaces

7.7.1. DHCP relay for IPv4

When DHCP relay is enabled, the router intercepts DHCP broadcast packets and unicasts them to a specified DHCP server for handling. By default, the source address for DHCP packets relayed to the server (GIADDR) is the IP address of the ingress subinterface where the DHCP relay agent is enabled, although a different GIADDR can be specified if necessary.

SR Linux supports DHCP option 82, the Relay Information Option, specified in RFC 3046, which allows the router to append information to DHCP requests relayed to the DHCP server, identifying where the original DHCP request came from. DHCP option 82 includes two sub-options: circuit-id and remote-id.

When configured to do so, SR Linux includes the following information in the circuit-id and remote-id sub-options of DHCP option 82:

For circuit-id, the system_name/VRF_instance/sub-interface_id:vlan_id of the ingress subinterface where the relay agent is enabled that receives the DHCP Discover message from the DHCP client.
For remote-id, the MAC address of the DHCP client.

Figure 2 shows an example of the discovery, offer, request, and acknowledgment (DORA) message flow that occurs when DHCP relay assigns an address to a DHCP client.

Figure 2: DHCP message flow for IPv4 address allocation

The DORA message flow shown in Figure 2 works as follows:

The DHCP client sends a DHCP Discover (broadcast) message with the following values:
1. DA = FF:FF:FF:FF:FF:FF (broadcast)
2. SA= client MAC
3. SIP = 0.0.0.0
4. DIP = 255.255.255.255
5. Source UDP port = 68
6. Destination UDP port = 67
The DHCP payload has the following values:
1. Broadcast flag = 1 (broadcast) or 0 (unicast)
2. Relay agent IP = 0.0.0.0
3. Client MAC = mac1
4. Parameter request list (option 55) which lists the required items from the DHCP server to be sent along with the IP address like subnet mask, router (gateway), and others
The DHCP relay agent relays the DHCP Discover message towards the DHCP server (unicast). If configured to do so, information is added for the circuit ID and remote ID sub-options in DHCP option 82. The relayed packet is unicasted towards the DHCP server(s) with the following values:
1. SIP = outgoing interface IP address by default.
  If the source-address is configured the relayed packet instead will have SIP = configured source-address
2. UDP source port = 67
3. UDP destination port = 67
The DHCP payload has the following values:
1. Broadcast = 1 (broadcast) or 0 (unicast)
2. Relay agent IP (giaddr) = IP address of the ingress sub-interface where the relay agent is enabled
3. Client MAC = mac1
4. Relay agent information (option 82)
The DHCP server assigns an IP address to the DCHP client, based on information in the GIADDR or in option 82, if configured to do so. The DHCP server sends a DHCP Offer message to the DHCP relay agent (unicast). The DHCP Offer message includes the IP address assigned to the DHCP client based on information in the GIADDR or in option 82.
The DHCP Offer packet is unicasted with the following values:
1. SIP = DHCP IP address
2. DIP = giaddr
3. UDP source port = 67
4. UDP destination port = 67
The DHCP payload has the following values:
1. Broadcast flag = 1 (broadcast) or 0 (unicast).
2. Your (client) IP = IP address assigned by DHCP server
3. Agent IP = giaddr
4. Client MAC = mac1
5. DHCP identifier = DHCP server IP address
6. Option 82 (echoed back, and based on DHCP server configuration)
7. IP address Lease time (option 51)
8. Subnet mask (option 1)
9. Router (gateway) (option 3)
10. Others (DNS, Renewal Time value, Rebinding Time value, and so on)
The DHCP relay agent relays the DHCP Offer message to the DHCP client (either broadcast or unicast, based on the broadcast flag sent by the client).
The DHCP Offer message is relayed from the DHCP server(s) towards the client with the following values:
1. DA = FF:FF:FF:FF:FF:FF (broadcast) OR Client MAC(unicast)
2. SIP = sub-interface IP address towards client where DHCP relay agent is enabled
3. DIP = 255.255.255.255 (broadcast) OR Your (client) IP address (unicast)
4. Source UDP port = 67
5. Destination UDP port = 68.
The relay agent relays the DHCP Offer towards the client without option 82. It strips off option 82 if echoed back from DHCP server.
The DHCP payload has the following values:
1. Broadcast flag = 1 (broadcast) or 0 (unicast).
2. Your (client) IP = IP address assigned by DHCP server
3. Agent IP = giaddr
4. Client MAC = mac1
5. DHCP identifier = DHCP server IP address
6. Option 82 (echoed back, and based on DHCP server configuration)
7. IP address Lease time (option 51)
8. Subnet mask (option 1)
9. Router (gateway) (option 3)
10. Others (DNS, Renewal Time value, Rebinding Time value, and so on.)
The DHCP client sends a DHCP request message (broadcast) with the following values:
1. DA = FF:FF:FF:FF:FF:FF (broadcast)
2. SA = client MAC
3. SIP = 0.0.0.0
4. DIP = 255.255.255.255
5. Source UDP port = 68
6. Destination UDP port = 67
The DHCP payload has the following values:
1. Broadcast flag = 1 (broadcast) or 0 (unicast).
2. Relay agent IP = 0.0.0.0
3. Client MAC = mac1
4. DHCP server identifier = DHCP server IP address
5. Requested IP (option 50)
6. Parameter request list (option 55) that lists the required items from the DHCP server to be sent along with the IP address like subnet mask, router (gateway), and others
The DHCP relay agent relays the DHCP Request message towards the DHCP server (unicast). The relayed packet is unicasted towards the DHCP server(s), with the following values:
1. SIP = outgoing interface IP address by default. If source-address is configured, then the relayed packet will have SIP = configured source-address.
2. UDP source port = 67
3. UDP destination port = 67
The DHCP payload has the following values:
1. Broadcast flag = 1 (broadcast) or 0 (unicast).
2. Relay agent IP = giaddr
3. Client MAC = mac1
4. DHCP identifier = DHCP server IP address
5. Requested IP (option 50)
6. Relay agent Information (option 82) if configured under dhcp-relay
7. Parameter request list (option 55) that lists the required items from the DHCP server to be sent along with the IP address like subnet mask, router (gateway), and others
8. Vendor specific option (if configured)
The DHCP server sends a DHCP Ack message to the DHCP relay agent (unicast). The DHCP Ack packet is unicasted with the following values:
1. SIP = DHCP IP address
2. DIP = giaddr
3. UDP source port = 67
4. UDP destination port = 67
The DHCP payload has the following values:
1. Broadcast flag, either 1 (broadcast), or 0 (unicast)
2. Your (client) IP = IP address assigned by DHCP server
3. Agent IP = giaddr
4. Client MAC = mac1
5. DHCP identifier = DHCP server IP address
6. Option 82 (echoed back and based on DHCP server configuration)
7. IP address Lease time (option 51)
8. Subnet mask (option 1)
9. Router (gateway) (option 3)
10. Others (DNS, Renewal Time value, Rebinding Time value, and so on.)
Based on the broadcast flag sent by client, the DHCP Offer is relayed from the DHCP server(s) towards the client with the following values:
1. DA = FF:FF:FF:FF:FF:FF (broadcast) OR Client MAC(unicast)
2. SIP = sub-interface IP address towards client where DHCP relay agent is enabled
3. DIP = 255.255.255.255 (broadcast) OR Your (client) IP address (unicast)
4. Source UDP port = 67
5. Destination UDP port = 68
The relay agent relays the DHCP Offer towards client without option 82. It strips off option 82 if echoed back from DHCP server.
The DHCP payload has the following values:
1. Broadcast flag can be either 1 (broadcast), or 0 (unicast)
2. Your (client) IP = IP address assigned by DHCP server
3. Agent IP = giaddr
4. Client MAC = mac1
5. DHCP Server identifier (option 54) = DHCP server IP address
6. IP address lease time (option 51)
7. Subnet mask (option 1)
8. Router (gateway) (option 3)
9. Others (DNS, Renewal Time value, Rebinding Time value, and so on.)

When renewing or releasing an address, the DHCP client unicasts the DHCP Request or Release message to the DHCP server without involvement by the DHCP relay agent.

7.7.1.1. Configuring DHCP relay for IPv4

To configure DHCP relay for a subinterface:

Configure the addresses of the DHCP servers.
Optionally configure the source address for DHCP messages sent to the servers
Configure whether information is added to the sub-options for DHCP option 82

Example:

The following example configures the DHCP relay agent on a subinterface. The example configures the IP addresses of the remote DHCP servers and specifies the address to be used as the GIADDR in packets sent to the servers

The circuit-id and remote-id options are configured, which causes the DHCP relay agent to include the system_name/VRF_instance/sub-interface_id:vlan_id in the circuit-id sub-option and the DHCP client MAC address in the remote-id sub-option of DHCP option 82.

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/2

interface ethernet-1/2 {

subinterface 1 {

ipv4 {

address 1.1.4.4/24 {

}

dhcp-relay {

option [

circuit-id

remote-id

]

source-address 1.1.4.4

server [

172.16.32.1

172.16.64.1

192.168.1.1

]

}

7.7.1.2. Using the GIADDR as the source address for DHCP Discover/Request packets

By default, the SR Linux uses the IP address of the outgoing interface as the source address for Discover/Request packets sent to the DHCP server. This is not the desired behavior for some configurations, such as a firewall protecting the DHCP server that allows connections from a limited set of IP addresses. You can use the use-gi-addr-as-src-ip-addr parameter to cause the SR Linux to instead use the GIADDR as the source address for Discover/Request packets sent to the DHCP server.

Table 11 shows the GIADDR and source address combinations.

Table 11: GIADDR and source address combinations

gi-address parameter	use-gi-addr-as-src-ipaddr parameter	GIADDR in relayed packet	Source IP address in relayed packet
Not configured (default)	False (default)	Primary IP addressof interface	IP address ofoutgoing interface
Configured	False (default)	Configured GIADDR	IP address ofoutgoing interface
Configured	True	Configured GIADDR	Configured GIADDR
Not configured (default)	True	Primary IP addressof interface	Primary IP address ofinterface (because it ispicked as the GIADDR)

Example:

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/2

interface ethernet-1/2 {

subinterface 1 {

ipv4 {

address 172.16.1.1/24 {

primary

}

address 172.16.2.1/24 {

}

dhcp-relay {

admin-state enable

gi-address 172.16.2.1

use-gi-addr-as-src-ip-addr true

option [

circuit-id

remote-id

]

server [

1.1.1.1

2.2.2.2

]

}

In this example, the address specified with the gi-address parameter is used as the source address for Discover/Request packets sent to the DHCP server. If the gi-address parameter is not configured, then the default GIADDR (the primary IP address of the interface) is used.

7.7.1.3. Trusted and untrusted DHCP requests

If the DHCP relay agent receives a DHCP request and the downstream node added option 82 information or set the GIADDR to any value other than 0, the DHCP request is considered to be untrusted. By default, the router drops any untrusted DHCP request and discards the DHCP packets, as described in RFC 3046. SR Linux supports untrusted mode only.The DHCP relay agent discards DHCP packets traveling from the client to server side under the following conditions:

The DHCP packet includes option 82.
The DHCP packet has a GIADDR value that is not 0.

The DHCP relay agent discards DHCP packets traveling from the server to client side under the following conditions:

The circuit-id or remote-id are not enabled on the relay interface, but are present in the packet.
the GIADDR value in the DHCP packet does not match the GIADDR value on the relay interface.
There is no matching entry in the cache.

7.7.2. DHCP relay for IPv6

DHCP relay for IPv6 works similarly to IPv4. However, in DHCPv6, the DHCP Discover, Offer, and Ack messages are replaced by Solicit messages sent by clients, and Advertise and Reply messages sent by servers.

The DHCPv6 relay agent relays messages between clients and remote servers using Relay-Forward (client-to-server) and Relay-Reply (server-to-client) message types. DHCP option 82 is replaced in DHCPv6 by Interface-Id (option 18) and Remote Identifier (option 37), appended by relay agents.

Figure 3 shows the DHCPv6 message flow. Figure 4 and Figure 5 show the renew and release flows.

Figure 3: DHCPv6 message flow for IPv6 address allocation

When assigning an address to a DHCP client, DHCP relay for IPv6 works as follows:

The DHCPv6 client uses its link-local address as the source IPv6 address and IPv6 multicast address FF02::1:2 and MAC address 33:33:00:01:00:02 as destination IPv6 address/MAC address respectively for solicit/request messages and with the following UDP values:
1. source UDP port = 546
2. destination UDP port = 547
The DHCPv6 relay agent uses a Relay-Forw message to relay the Solicit message towards the DHCPv6 server, using the outbound IPv6 address of the DHCPv6 relay agent as the source IPv6 address and with the following UDP values:
1. Source UDP port = 547
2. Destination UDP port = 547
The DHCPv6 server replies to the relay agent an IP address to the DCHP client, based on information in the GIADDR or in option 82, if configured to do so, and with the following UDP values:
1. Source UDP port = 547
2. Destination UDP port = 547
The DHCPv6 server replies to the relay agent with destination IPv6 address equal to DHCPv6 (RELAY-FW) source IPv6 address, and the following UDP values:
1. Source UDP port = 547
2. Destination UDP port = 547
The DHCP relay agent relays the DHCP Offer message to the DHCP client (either broadcast or unicast, based on the broadcast flag sent by the client).

Figure 4: DHCPv6 renew message flow

Figure 5: DHCPv6 release message flow

7.7.2.1. Configuring DHCP relay for IPv6

To configure DHCP relay for a subinterface for IPv6:

Configure the addresses of the DHCPv6 servers.
Optionally configure the source IPv6 address for DHCP messages sent to the servers.
Configure whether information is included in the Interface-Id (option 18) and Remote Identifier (option 37).

Example:

The following example configures the DHCPv6 relay agent on a subinterface. The example configures the IP addresses of the remote DHCPv6 servers and specifies the address to be used as the source IPv6 address in packets sent to the servers.

The circuit-id and remote-id options are configured, which causes the DHCP relay agent to include the system_name/VRF_instance/sub-interface_id:vlan_id in Interface-Id (option 18) DHCPv6 client MAC address in the Remote Identifier (option 37).

--{ * candidate shared default }--[ ]--

# info interface ethernet-1/2

interface ethernet-1/2 {

description dut1-dut4-1

subinterface 1 {

ipv6 {

address 2001:db8:101::1/64 {

primary

}

address 2001:db8:202::1/64 {

}

dhcp-relay {

admin-state enable

source-address 2001:db8:101::1

option [

interface-id

remote-id

]

server [

1::1

2::2

]

}

7.7.3. QoS for DHCP relay

Self-generated DHCP/DHCPv6 packets are mapped into forwarding class 4 (fc4), low drop probability level, and DSCP marking 34 (AF41).

7.7.4. DHCP relay operational down reasons

The DHCP relay agent can enter an operationally down state in the following scenarios:

The DHCP relay admin state is down.
The subinterface under which DHCP relay is configured is operationally down.
All DHCP servers configured within the network instance are unreachable.
The configured GIADDR for DHCP, or source-address for DHCPv6, does not match any of the configured IP addresses under the subinterface where DHCP relay is configured
The IP address is deleted under the subinterface.

7.7.5. Displaying DHCP relay statistics

To display DHCP relay statistics, use the info from state command in candidate or running mode, or the info command in state mode.

IPv4 example:

# info from state interface ethernet-1/16 subinterface 1 ipv4 dhcp-relay statistics

interface ethernet-1/16 {

subinterface 1 {

ipv4 {

dhcp-relay {

statistics {

client-packets-received 2

client-packets-relayed 2

client-packets-discarded 0

server-packets-received 2

server-packets-relayed 2

server-packets-discarded 0

}

IPv6 example:

# info from state interface ethernet-1/16 subinterface 1 ipv6 dhcp-relay statistics

interface ethernet-1/16 {

subinterface 1 {

ipv6 {

dhcp-relay {

statistics {

client-packets-received 2

client-packets-relayed 2

client-packets-discarded 0

server-packets-received 2

server-packets-relayed 2

server-packets-discarded 0

}

7.7.5.1. Clearing DHCP relay statistics

You can clear the DHCP relay statistics counters for a specified subinterface.

Example:

# tools interface ethernet-1/2 subinterface 1 ipv4 dhcp-relay statistics clear

/interface[name=ethernet-1/2]/subinterface[index=1]:

subinterface ethernet-1/2.1 statistics cleared