gsparams
Required Command-Line Mode = Configure
Use the gsparams command to set options for GigaSMART operations on GigaVUE H Series nodes.
This command does not apply to GigaVUE TA Series nodes.
The gsparams command has the following syntax:
gsparams gsgroup <GigaSMART group alias>
cpu utilization type total rising <20-99%>
dedup-action <count | drop>
dedup-ip-tclass <ignore | include>
dedup-ip-tos <ignore | include>
dedup-tcp-seq <ignore | include>
dedup-timer <10-500000μs>
dedup-vlan <ignore | include>
diameter-s6a-session <limit | timeout>
diameter-packet <timeout>
diameter-whitelist <add <diameter whitelist file alias> | delete>
eng-watchdog-timer <<60-600> | disable>
erspan3-timestamp format <gs | none | x12-ts>
flow-mask <disable | enable <default | offset <0-111> length <1-112>>>
flow-sampling-device-ip-ranges
add ip4addr <IP address> <netmask>
delete <all | <ip-id <1-64>>
flow-sampling-rate <5-95%>
flow-sampling-timeout <1-60 min>
flow-sampling-type <device-ip | device-ip-in-gtp>
generic-session-timeout <5-600 seconds>
gtp-control-sample <disable | enable>
gtp-randomsample <disable | enable>
gtp-randomsample interval <12-48 hours>
gtp-flow timeout <1-6000 in the unit of 10 minutes>
gtp-persistence
disable
enable
file-age-timeout <10-1440>
interval <10-1440>
restart-age-time <10-1440>
gtp-whitelist <add <GTP whitelist file alias> | delete>
hsm-group
add <HSM group alias>
delete
ip-frag
forward <disable | enable>
frag-timeout <5-180 sec>
head-session-timeout <15-240 sec>
lb
failover <disable | enable>
failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500-5000kpps>
replicate-gtp-c <disable | enable>
use-link-spd-wt <disable | enable>
netflow-monitor <add <monitor name> | delete>
node-role
control
disable
user
resource
buffer-asf <<2-5> | disable>
cpu overload-threshold <<50-90> | disable>
hsm-ssl
buffer <<1-3> | disable>
packet-buffer <20-3000>
packet-buffer overload-threshold <<50-80> | disable>
inline-ssl
standalone <enable | disable>
rtp-port range <1~65535 | x..y>
sffp-profile <add | delete> <sffp-profile alias>
sip-portlist <1-65535>
sip-session timeout <30-300>
sip-tcp-idle-timeout <20-600>
sip-whitelist
add <SIP whitelist file>
delete
sip-nat <disable | enable>
ssl-decrypt
decrypt-fail-action <drop | pass-tool>
disable
enable
hsm-pkcs11
dynamic-object <disable | enable>
load-sharing <disable | enable>
hsm-timeout <2-5000>
key-cache-timeout <1-86400>
key-map
add service <service alias> key <key alias>
delete service <<service alias> | all>
non-ssl-traffic <drop | pass>
pending-session-timeout <30-120>
session-timeout <30-3600>
tcp-syn-timeout <20-600>
ticket-cache-timeout <1-86400>
tunnel-health-check
action <drop | pass>
disable
dstport <destination port for UDP>
enable
interval <5-600>
protocol <icmp | udp>
rcvport <receive port on decapsulation side>
retries <1-5>
roundtriptime <1-4>
srcport <source port for UDP>
The following table describes the arguments for the gsparams command:
Argument |
Description |
||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
gsgroup <GigaSMART group alias> |
Specifies the alias for this GigaSMART group. |
||||||||||||||||||||||||||||||||||||
Specifies the TCP load balancing options as follows:
|
|||||||||||||||||||||||||||||||||||||
cpu utilization type total rising <20-99%> |
Specifies GigaSMART CPU utilization options as follows:
This command sets the rising threshold on the GigaSMART engine port(s), as a percentage from 20 to 99. A CPU utilization alarm can be sent when the rising threshold is exceeded. Alarms are reported to all configured SNMP trap destinations and recorded in the log file. For example: (config) # gsparams gsgroup gg1 cpu utilization type total rising 95 Refer to the “GigaSMART CPU Utilization Statistics” section in the GigaVUE-FM User’s Guide for details. |
||||||||||||||||||||||||||||||||||||
dedup-action <count | drop> |
Specifies whether duplicate packets are to be counted or dropped by GigaSMART as follows:
For example: (config) # gsparams gsgroup gs2port1 dedup-action count Refer to the GigaSMART De-Duplication section in the GigaVUE-FM User’s Guide for details. |
||||||||||||||||||||||||||||||||||||
dedup-timer <10-500000μs> |
Configures the time interval within which an identical packet will be considered a duplicate. The greater the interval over which traffic can be checked for duplicates, the higher the accuracy of the de-duplication detection and subsequent elimination. The default is 50000µs. For example, if two of the same packets are seen in the specified time interval, the packets will be detected as duplicates. If one packet is seen in the time interval and another packet is seen in a later time interval, the packets will not be detected as duplicates. Retransmissions are not counted as duplicates. For example: (config) # gsparams gsgroup gs2port1 dedup-timer 55000 Refer to the “GigaSMART De-Duplication” section in the GigaVUE-FM User’s Guide. |
||||||||||||||||||||||||||||||||||||
dedup-ip-tclass <ignore | include> |
Fine-tunes how duplicates are detected. You can configure the packet fields that are used to detect duplicates. Different network implementations can change certain packet header fields (for example, the TCP sequence number). If you want to be able to detect duplicates without requiring that these fields match (ToS field, TCP sequence number, VLAN ID), you can disable the corresponding option. The options are as follows:
Include means the field will be included when GigaSMART compares packets. Ignore means the field will be ignored when GigaSMART compares packets. For example: (config) # gsparams gsgroup gs2port1 dedup-tcp-seq ignore Refer to the “GigaSMART De-Duplication” section in the GigaVUE-FM User’s Guide for details. |
||||||||||||||||||||||||||||||||||||
diameter-s6a-session <limit | timeout> |
Specifies the Diameter S6a session options as follows:
|
||||||||||||||||||||||||||||||||||||
diameter-packet <timeout> |
Specifies the Diameter S6a packet options as follows:
|
||||||||||||||||||||||||||||||||||||
diameter-whitelist <add <diameter whitelist file alias | delete> |
Specifies the alias of the diameter whitelist file to associate with a GigaSMART group (add) or to disassociate from a GigaSMART group (delete). For example: (config) # gsparams gsgroup gg1 diameter-whitelist add wlf1 (config) # gsparams gsgroup gg1 diameter-whitelist delete |
||||||||||||||||||||||||||||||||||||
eng-watchdog-timer <<60-600> | disable> |
Specifies the engine watchdog timer. In rare scenarios, a packet processing core in the CPU of a GigaSMART engine can enter a deadlocked state. The engine watchdog timer detects the issue and reloads the GigaSMART engine after a specified number of seconds. If a core is in a deadlocked state, all packets are dropped. This parameter specifies the engine watchdog timer as follows:
For example, to change the engine watchdog timer from the default, specify a value within the range of values: (config) # gsparams gsgroup gsg1 eng-watchdog-timer 100 For example, to disable the engine watchdog timer: (config) # gsparams gsgroup gsg1 eng-watchdog-timer disable |
||||||||||||||||||||||||||||||||||||
erspan3-timestamp format <gs | none | x12-ts> |
Specifies the ERSPAN Type III timestamp trailer format for tunnel decapsulation as follows:
For example: (config) # gsparams gsgroup gsg_erspan erspan3-timestamp format gs Refer to the “GigaSMART ERSPAN Tunnel Decapsulation” section in the GigaVUE-FM User’s Guide. |
||||||||||||||||||||||||||||||||||||
flow-mask <disable | enable <default | offset <0-111> length <1-112>>> |
Specifies parameters for flow masking to improve GigaSMART packet processing for traffic containing MPLS, L2GRE, or VNTag headers as follows:
Masking bytes are limited to 112 bytes from the beginning of the packet. The offset plus length cannot be greater than 112. Examples: (config) # gsparams gsgroup gg1 flow-mask enable default Refer to the “GigaSMART MPLS Traffic Performance Enhancement” section in the GigaVUE-FM User’s Guide for details. |
||||||||||||||||||||||||||||||||||||
flow-sampling-device-ip-ranges |
Specifies FlowVUE sampling parameters as follows:
For example: (config) # gsparams gsgroup gsg1 flow-sampling-type device-ip-in-gtp Use gsparams to configure these values and show gsparams command to verify these parameters. Refer to the “GigaSMART FlowVUE” section in the GigaVUE-FM User’s Guide for details and examples on FlowVUE. |
||||||||||||||||||||||||||||||||||||
generic-session-timeout <5-600 seconds> |
Specifies the maximum timeout for a session entry in the session table. This is a global session timeout for the specified GigaSMART group. The values are from 5 to 600 seconds. The default is 5 seconds. For example: (config) # gsparams gsgroup gsg1 generic-session-timeout 30 Currently, this timeout only applies to tunnel load balancing for L2GRE tunnel encapsulation. Refer to the “Load Balancing across Tunnel Endpoints” section in the GigaVUE-FM User’s Guide. |
||||||||||||||||||||||||||||||||||||
gtp-control-sample <disable | enable> |
Enables or disables sampling of GTP control plane (GTP-c) traffic as follows:
For example: (config) # gsparams gsgroup gg1 gtp-control-sample disable Refer to the “GTP Flow Sampling” section in the GigaVUE-FM User’s Guide. |
||||||||||||||||||||||||||||||||||||
gtp-randomsample <disable | enable> |
Enables or disables sampling of GTP random sample as follows:
|
||||||||||||||||||||||||||||||||||||
gtp-randomsample interval <12-48 hours> |
Specifies the rotation interval for random sampling. The minimum value is 12 hours and the maximum value of the interval is 48 hours. |
||||||||||||||||||||||||||||||||||||
gtp-flow timeout <1-6000 in the unit of 10 |
Disconnects a GTP session if it has been inactive for the timeout value. The timeout can be configured as an integer from 1 to 6000, in increments of 10 minutes. The default is 48, which is 480 minutes, which is 8 hours. For example: (config) # gsparams gsgroup gg1 gtp-flow timeout 60 |
||||||||||||||||||||||||||||||||||||
gtp-persistence |
Specifies GTP persistence options for recovering sessions from a restart as follows:
Examples: (config) # gsparams gsgroup gsg4 gtp-persistence enable |
||||||||||||||||||||||||||||||||||||
gtp-whitelist <add <GTP whitelist file alias> | |
Specifies the alias of the GTP whitelist file to associate with a GigaSMART group (add) or to disassociate from a GigaSMART group (delete). For example: (config) # gsparams gsgroup gg1 gtp-whitelist add wlf1 |
||||||||||||||||||||||||||||||||||||
hsm-group |
Configures an SSL Hardware Security Module (HSM) group as follows:
Examples: (config) # gsparams gsgroup gg1 hsm-group add hsm-set |
||||||||||||||||||||||||||||||||||||
ip-frag |
Specifies IP fragmentation options as follows:
A session entry is created when a new head fragment packet is received. When subsequent fragment packets arrive, the information in this session will be used to forward the fragmented packets to the same destination as the head fragment packet. For example: (config) # gsparams gsgroup gsg1 ip-frag frag-timeout 30 |
||||||||||||||||||||||||||||||||||||
lb |
Specifies load balancing options as follows:
For example: (config) # gsparams gsgroup gsgrp1 lb replicate-gtp-c enable |
||||||||||||||||||||||||||||||||||||
netflow-monitor <add <monitor name> | |
Specifies NetFlow monitor options as follows:
For example: (config) # gsparams gsgroup gsg netflow-monitor add mon1 |
||||||||||||||||||||||||||||||||||||
node-role |
Specifies the role of Control and User Plane Separation (CUPS) node as follows: control—Specifies a CUPS control node. disable—Specifies a Non-CUPS node . User—Specifies a CUPS user node. For example: (config) # gsparams gsgroup <alias> node-role control |
||||||||||||||||||||||||||||||||||||
resource buffer-asf <<2-5> | disable> |
Allocates application resources for buffering on Application Session Filtering (ASF). This parameter allocates the number of session entries, in millions, as follows:
The configured application resources will only be available after the GigaSMART line card or module is rebooted. Refer to the “Displaying GigaSMART Application Resource Usage” section in the GigaVUE-FM User’s Guide. The resources for buffer ASF on the GigaVUE-HB1 can only be configured to 2 million sessions. Examples: (config) # gsparams gsgroup gsgrp1 resource buffer-asf 3 Configure the resources for buffer ASF before configuring apps asf parameters. Refer to apps asf. |
||||||||||||||||||||||||||||||||||||
resource cpu overload-threshold <<50-90> | disable> |
Specifies an overload threshold for CPU resources for GigaSMART operations as follows:
The default is 90. Examples: (config) # gsparams gsgroup gsg1 resource cpu overload-threshold 70 |
||||||||||||||||||||||||||||||||||||
resource packet-buffer overload-threshold <<50-80> | disable> |
Specifies an overload threshold for packet buffer resources for GigaSMART operations as follows:
Examples: (config) # gsparams gsgroup gsg1 resource packet-buffer overload-threshold 60 |
||||||||||||||||||||||||||||||||||||
inline-ssl standalone <disable | enable> |
Configures the inline SSL to share resources with other GigaSMART operations as follows:
Examples: (config) # gsparams gsgroup gsg1 inline-ssl standalone disable The following notification is displayed when the configuration is changed after resource allocation. |
||||||||||||||||||||||||||||||||||||
resource hsm-ssl buffer <<1-3> | disable> |
Configures resources for the HSM SSL buffer as follows:
Examples: (config) # gsparams gsgroup gsg1 resource hsm-ssl buffer 2 |
||||||||||||||||||||||||||||||||||||
resource hsm-ssl packet-buffer <20-3000> |
Configures resources for the HSM SSL packet buffer as follows:
Packets are buffered while waiting for the session key. For example: (config) # gsparams gsgroup gsg1 resource hsm-ssl packet-buffer 600 |
||||||||||||||||||||||||||||||||||||
rtp-port range <1~65535 | x..y> |
Specifies the RTP port or ports for SIP/RTP. You must specify a port or a range of ports, from 1 to 65535. Examples: (config) # gsparams gsgroup gsg1 rtp-port range 2000 |
||||||||||||||||||||||||||||||||||||
sffp-profile <add | delete> <sffp-profile-alias> |
Add or Delete Transport Agent Profile. To configure the sffp profile, refer to sffp profile. |
||||||||||||||||||||||||||||||||||||
sip-nat <disable | enable> |
Configures SIP-NAT feature as follows:
|
||||||||||||||||||||||||||||||||||||
sip-portlist <1-65535>
|
Specifies the SIP port list for SIP/RTP. You must specify one or more TCP/UDP ports, from 1 to 65535. Use a comma to separate multiple ports. Examples: (config) # gsparams gsgroup gsg1 sip-portlist 5060 |
||||||||||||||||||||||||||||||||||||
sip-session timeout <30-300> |
Specifies the SIP session timer for SIP/RTP. This is a SIP session inactivity timer, used to clean up inactive sessions. The range of values is from 30 to 300 seconds. The default is 30 seconds. For example: (config) # gsparams gsgroup gsg1 sip-session timeout 48 |
||||||||||||||||||||||||||||||||||||
sip-tcp-idle-timeout <20-600> |
Specifies the SIP TCP idle timer for SIP/RTP. The range of values is from 20 to 600 seconds. The default is 20 seconds. For example: (config) # gsparams gsgroup gsg1 sip-tcp-idle-timeout 30 |
||||||||||||||||||||||||||||||||||||
sip-whitelist |
Adds or deletes a SIP whitelist file for SIP/RTP as follows:
Examples: (config) # gsparams gsgroup gsg1 sip-whitelist add whitelist1 |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Specifies out-of-band SSL decryption failover options as follows:
An out-of-band SSL decryption failure occurs when encrypted traffic cannot be decrypted, for example, when an incoming flow exceeds the maximum supported bandwidth. For example: (config) # gsparams gsgroup grp ssl-decrypt decrypt-fail-action pass-tool |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Specifies Secure Sockets Layer (SSL) decryption options as follows:
Disable can be used as debugging aid for traffic to bypass the out-of-band SSL decryption application. For example: (config) # gsparams gsgroup grp ssl-decrypt enable |
||||||||||||||||||||||||||||||||||||
hsm-pkcs11 dynamic-object <disable | enable> |
Enables or disables the dynamic object for the HSM PKCS12 file as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-pkcs11 dynamic-object disable |
||||||||||||||||||||||||||||||||||||
hsm-pkcs11 load-sharing <disable | enable> |
Enables or disables load sharing for the HSM PKCS12 file as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-pkcs11 load-sharing disable |
||||||||||||||||||||||||||||||||||||
hsm-timeout <2-5000> |
Configures the HSM timeout in milliseconds. The HSM timeout specifies a period of time for the communication between the HSM and GigaSMART. The values are from 2 to 5000ms. The default is 1000ms. For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-timeout 3600 |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Configures the following timeouts used when resuming an out-of-band SSL decryption session:
For example: (config) # gsparams gsgroup grp ssl-decrypt key-cache-timeout 3600 These timeouts relate to how the SSL server stores the SSL key material and later, how the client resumes a session using the stored key material. The timeouts refer to the two different ways the session can be resumed: using a session key cache or using a TLS ticket cache. |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Specifies out-of-band SSL decryption and HSM key mappings as follows:
Examples: (config) # gsparams gsgroup grp ssl-decrypt key-map add service service1 key key1 The maximum number of key/service mappings is 2000 on GigaVUE-HC2 and GigaVUE HD Series. The maximum number of key/service mappings is 1000 on GigaVUE-HB1. First create an SSL key alias, then a service alias, and then use key-map to tie them together. Refer to apps ssl for the commands to create keys, and services, including the default service. A service can be mapped to different keys on different GigaSMART groups. |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Specifies how to handle non-SSL traffic as follows:
Use this parameter when out-of-band SSL decryption sessions have both SSL and non-SSL packets after the SSL 3-way handshake. For sessions that have SSL and non-SSL traffic, for example SMTP with StartTLS, this parameter provides an option to pass the non-SSL traffic in addition to the decrypted traffic. For example: (config) # gsparams gsgroup grp ssl-decrypt non-ssl-traffic drop |
||||||||||||||||||||||||||||||||||||
ssl-decrypt |
Specifies out-of-band SSL decryption timeout options as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt session-timeout 90 |
||||||||||||||||||||||||||||||||||||
tunnel-health-check |
Specifies tunnel health check parameters as follows:
For example, use the following commands to configure tunnel health check on the encapsulation device: (config) # gsparams gsgroup grp1 tunnel-health-check enable For example, when the decapsulation device is a GigaVUE node, use the following commands to configure tunnel health check: (config) # gsparams gsgroup grp1 tunnel-health-check enable |
Related Commands
The following table summarizes other commands related to the gsparams command:
Task |
Command |
Displays GigaSMART parameters on all GigaSMART groups. |
show gsparams |
Displays GigaSMART parameters on a specified GigaSMART group. |
show gsparams alias gsg1 |
Displays GigaSMART parameters on all GigaSMART groups. |
show gsparams all |