gsparams
Required Command-Line Mode = Configure
Use the gsparams command to set options for GigaSMART operations on GigaVUE H Series nodes.
This command does not apply to GigaVUE TA Series nodes.
The gsparams command has the following syntax:
gsparams gsgroup <GigaSMART group alias>
apptcp-lb <enable | disable>
apptcb-lb <application | control> <broadcast | drop>
cpu utilization type total rising <20-99%>
dedup-action <count | drop>
dedup-ip-tclass <ignore | include>
dedup-ip-tos <ignore | include>
dedup-tcp-seq <ignore | include>
dedup-timer <10-500000μs>
dedup-vlan <ignore | include>
diameter-s6a-session <limit | timeout>
diameter-packet <timeout>
diameter-whitelist <add <diameter whitelist file alias> | delete>
eng-watchdog-timer <<60-600> | disable>
erspan3-timestamp format <gs | none | x12-ts>
flow-mask <disable | enable <default | offset <0-111> length <1-112>>>
flow-sampling-device-ip-ranges
add ip4addr <IP address> <netmask>
delete <all | <ip-id <1-64>>
flow-sampling-rate <5-95%>
flow-sampling-timeout <1-60 min>
flow-sampling-type <device-ip | device-ip-in-gtp>
generic-session-timeout <5-600 seconds>
gtp-control-sample <disable | enable>
gtp-randomsample <disable | enable>
gtp-randomsample interval <12-48 hours>
gtp-flow timeout <1-6000 in the unit of 10 minutes>
gtp-persistence
disable
enable
file-age-timeout <10-1440>
interval <10-1440>
restart-age-time <10-1440>
gtp-whitelist <add <GTP whitelist file alias> | delete>
hsm-group
add <HSM group alias>
delete
ip-frag
forward <disable | enable>
frag-timeout <5-180 sec>
head-session-timeout <15-240 sec>
lb
failover <disable | enable>
failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500-5000kpps>
replicate-gtp-c <disable | enable>
use-link-spd-wt <disable | enable>
netflow-monitor <add <monitor name> | delete>
resource
buffer-asf <<2-5> | disable>
cpu overload-threshold <<50-90> | disable>
hsm-ssl
buffer <<1-3> | disable>
packet-buffer <20-3000>
packet-buffer overload-threshold <<50-80> | disable>
inline-ssl
standalone <enable | disable>
rtp-port range <1~65535 | x..y>
sffp-profile <add | delete> <sffp-profile alias>
sip-portlist <1-65535>
sip-session timeout <30-300>
sip-tcp-idle-timeout <20-600>
sip-whitelist
add <SIP whitelist file>
delete
sip-nat <disable | enable>
ssl-decrypt
decrypt-fail-action <drop | pass-tool>
disable
enable
hsm-pkcs11
dynamic-object <disable | enable>
load-sharing <disable | enable>
hsm-timeout <2-5000>
key-cache-timeout <1-86400>
key-map
add service <service alias> key <key alias>
delete service <<service alias> | all>
non-ssl-traffic <drop | pass>
pending-session-timeout <30-120>
session-timeout <30-3600>
tcp-syn-timeout <20-600>
ticket-cache-timeout <1-86400>
tunnel-health-check
action <drop | pass>
disable
dstport <destination port for UDP>
enable
interval <5-600>
protocol <icmp | udp>
rcvport <receive port on decapsulation side>
retries <1-5>
roundtriptime <1-4>
srcport <source port for UDP>
The following table describes the arguments for the gsparams command:
Argument |
Description |
||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
gsgroup <GigaSMART group alias> |
Specifies the alias for this GigaSMART group. |
||||||||||||||||||||||||||||||||||||
apptcp-lb <enable | disable> <application | control> <broadcast | drop > |
Specifies the TCP load balancing options as follows:
|
||||||||||||||||||||||||||||||||||||
cpu utilization type total rising <20-99%> |
Specifies GigaSMART CPU utilization options as follows:
This command sets the rising threshold on the GigaSMART engine port(s), as a percentage from 20 to 99. A CPU utilization alarm can be sent when the rising threshold is exceeded. Alarms are reported to all configured SNMP trap destinations and recorded in the log file. For example: (config) # gsparams gsgroup gg1 cpu utilization type total rising 95 Refer to the “GigaSMART CPU Utilization Statistics” section in the GigaVUE Fabric Management Guide for details. |
||||||||||||||||||||||||||||||||||||
dedup-action <count | drop> |
Specifies whether duplicate packets are to be counted or dropped by GigaSMART as follows:
For example: (config) # gsparams gsgroup gs2port1 dedup-action count Refer to the GigaSMART De-duplication section in the GigaVUE Fabric Management Guide for details. |
||||||||||||||||||||||||||||||||||||
dedup-timer <10-500000μs> |
Configures the time interval within which an identical packet will be considered a duplicate. The greater the interval over which traffic can be checked for duplicates, the higher the accuracy of the de-duplication detection and subsequent elimination. The default is 50000µs. For example, if two of the same packets are seen in the specified time interval, the packets will be detected as duplicates. If one packet is seen in the time interval and another packet is seen in a later time interval, the packets will not be detected as duplicates. Retransmissions are not counted as duplicates. For example: (config) # gsparams gsgroup gs2port1 dedup-timer 55000 Refer to the “GigaSMART De-duplication” section in the GigaVUE Fabric Management Guide. |
||||||||||||||||||||||||||||||||||||
dedup-ip-tclass <ignore | include>dedup-ip-tos <ignore | include>dedup-tcp-seq <ignore | include>dedup-vlan <ignore | include> |
Fine-tunes how duplicates are detected. You can configure the packet fields that are used to detect duplicates. Different network implementations can change certain packet header fields (for example, the TCP sequence number). If you want to be able to detect duplicates without requiring that these fields match (ToS field, TCP sequence number, VLAN ID), you can disable the corresponding option. The options are as follows:
Include means the field will be included when GigaSMART compares packets. Ignore means the field will be ignored when GigaSMART compares packets. For example: (config) # gsparams gsgroup gs2port1 dedup-tcp-seq ignore Refer to the “GigaSMART De-duplication” section in the GigaVUE Fabric Management Guide for details. |
||||||||||||||||||||||||||||||||||||
diameter-s6a-session <limit | timeout> |
Specifies the Diameter S6a session options as follows:
|
||||||||||||||||||||||||||||||||||||
diameter-packet <timeout> |
Specifies the Diameter S6a packet options as follows:
|
||||||||||||||||||||||||||||||||||||
diameter-whitelist <add <diameter whitelist file alias | delete> |
Specifies the alias of the diameter forward list file to associate with a GigaSMART group (add) or to disassociate from a GigaSMART group (delete). For example: (config) # gsparams gsgroup gg1 diameter-whitelist add wlf1 (config) # gsparams gsgroup gg1 diameter-whitelist delete |
||||||||||||||||||||||||||||||||||||
eng-watchdog-timer <<60-600> | disable> |
Specifies the engine watchdog timer. In rare scenarios, a packet processing core in the CPU of a GigaSMART engine can enter a deadlocked state. The engine watchdog timer detects the issue and reloads the GigaSMART engine after a specified number of seconds. If a core is in a deadlocked state, all packets are dropped. This parameter specifies the engine watchdog timer as follows:
For example, to change the engine watchdog timer from the default, specify a value within the range of values: (config) # gsparams gsgroup gsg1 eng-watchdog-timer 100 For example, to disable the engine watchdog timer: (config) # gsparams gsgroup gsg1 eng-watchdog-timer disable |
||||||||||||||||||||||||||||||||||||
erspan3-timestamp format <gs | none | x12-ts> |
Specifies the ERSPAN Type III timestamp trailer format for tunnel decapsulation as follows:
For example: (config) # gsparams gsgroup gsg_erspan erspan3-timestamp format gs Refer to the “GigaSMART ERSPAN Tunnel Decapsulation” section in the GigaVUE Fabric Management Guide. |
||||||||||||||||||||||||||||||||||||
flow-mask <disable | enable <default | offset <0-111> length <1-112>>> |
Specifies parameters for flow masking to improve GigaSMART packet processing for traffic containing MPLS, L2GRE, or VNTag headers as follows:
Masking bytes are limited to 112 bytes from the beginning of the packet. The offset plus length cannot be greater than 112. Examples: (config) # gsparams gsgroup gg1 flow-mask enable default (config) # gsparams gsgroup gg1 flow-mask enable offset 38 length 8 (config) # gsparams gsgroup gg1 flow-mask disable Refer to the “GigaSMART MPLS Traffic Performance Enhancement” section in the GigaVUE Fabric Management Guide for details. |
||||||||||||||||||||||||||||||||||||
flow-sampling-device-ip-ranges add ip4addr <IP address> <netmask> | delete <all | <ip-id <1-64>>flow-sampling-rate <5-95%> flow-sampling-timeout <1-60 min> flow-sampling-type <device-ip | device-ip-in-gtp> |
Specifies FlowVUE sampling parameters as follows:
For example: (config) # gsparams gsgroup gsg1 flow-sampling-type device-ip-in-gtp Use gsparams to configure these values and show gsparams command to verify these parameters. Refer to the “GigaSMART FlowVUE” section in the GigaVUE Fabric Management Guide for details and examples on FlowVUE. |
||||||||||||||||||||||||||||||||||||
5g-flow timeout <1-6000 in unit of 10 minutes> |
Disconnects a 5G session if it is inactive for the specified timeout value. The timeout can be configured as an integer from 1 to 6000 , with an incremental value of 10 minutes. The default value is 48 (480 minutes). |
||||||||||||||||||||||||||||||||||||
generic-session-timeout <5-600 seconds> |
Specifies the maximum timeout for a session entry in the session table. This is a global session timeout for the specified GigaSMART group. The values are from 5 to 600 seconds. The default is 5 seconds. For example: (config) # gsparams gsgroup gsg1 generic-session-timeout 30 Currently, this timeout only applies to tunnel load balancing for L2GRE tunnel encapsulation. Refer to the “Load Balancing across Tunnel Endpoints” section in the GigaVUE Fabric Management Guide. |
||||||||||||||||||||||||||||||||||||
gtp-control-sample <disable | enable> |
Enables or disables sampling of GTP control plane (GTP-c) traffic as follows:
For example: (config) # gsparams gsgroup gg1 gtp-control-sample disable Refer to the “GTP Flow Sampling” section in the GigaVUE Fabric Management Guide. |
||||||||||||||||||||||||||||||||||||
gtp-randomsample <disable | enable> |
Enables or disables sampling of GTP random sample as follows:
|
||||||||||||||||||||||||||||||||||||
gtp-randomsample interval <12-48 hours> |
Specifies the rotation interval for random sampling. The minimum value is 12 hours and the maximum value of the interval is 48 hours. |
||||||||||||||||||||||||||||||||||||
gtp-flow timeout <1-6000 in the unit of 10 minutes> |
Disconnects a GTP session if it has been inactive for the timeout value. The timeout can be configured as an integer from 1 to 6000, in increments of 10 minutes. The default is 48, which is 480 minutes, which is 8 hours. For example: (config) # gsparams gsgroup gg1 gtp-flow timeout 60 |
||||||||||||||||||||||||||||||||||||
gtp-persistence disable enable file-age-timeout <10-1440> interval <10-1440> restart-age-time <10-1440> |
Specifies GTP persistence options for recovering sessions from a restart as follows:
Examples: (config) # gsparams gsgroup gsg4 gtp-persistence enable (config) # gsparams gsgroup gsg4 gtp-persistence inteval 15 |
||||||||||||||||||||||||||||||||||||
gtp-whitelist <add <GTP whitelist file alias> | delete> |
Specifies the alias of the GTP forward list file to associate with a GigaSMART group (add) or to disassociate from a GigaSMART group (delete). For example: (config) # gsparams gsgroup gg1 gtpwhitelist add wlf1 (config) # gsparams gsgroup gg1 gtp-whitelist delete You can also add multiple alias of the GTP forward list file to associate with a GigaSMART group (add). For example: (config) # gsparams gsgroup gg1 gtp-whitelist add wlf1 (config), add w2f2 (config), add w2f2 (config)# add w3f3 (config)
|
||||||||||||||||||||||||||||||||||||
hsm-group |
Configures an SSL Hardware Security Module (HSM) group as follows:
Examples: (config) # gsparams gsgroup gg1 hsm-group add hsm-set (config) # gsparams gsgroup gg1 hsm-group delete |
||||||||||||||||||||||||||||||||||||
ip-frag forward <disable | enable> frag-timeout <5-180 sec> head-session-timeout <15-240 sec> |
Specifies IP fragmentation options as follows:
A session entry is created when a new head fragment packet is received. When subsequent fragment packets arrive, the information in this session will be used to forward the fragmented packets to the same destination as the head fragment packet. For example: (config) # gsparams gsgroup gsg1 ip-frag frag-timeout 30 |
||||||||||||||||||||||||||||||||||||
lb failover <disable | enable> failover-thres lt-bw <threshold bandwidth 50-90%> | lt-pkt-rate <packet rate 500-5000kpps> replicate-gtp-c <disable | enable> use-link-spd-wt <disable | enable> |
Specifies load balancing options as follows:
For example: (config) # gsparams gsgroup gsgrp1 lb replicate-gtp-c enable |
||||||||||||||||||||||||||||||||||||
netflow-monitor <add <monitor name> | delete> |
Specifies NetFlow monitor options as follows:
For example: (config) # gsparams gsgroup gsg netflow-monitor add mon1 (config) # gsparams gsgroup gsg netflow-monitor delete |
||||||||||||||||||||||||||||||||||||
3gpp-node-role [control | user | disable][ 5G | LTE ] [<1-10000>] | [<1-12000> standalone ] |
Specifies the role for both 5G and LTE traffic as follows:
For example: (config) # gsparams gsgroup <alias> cpn 3gpp-node-role control 5G
|
||||||||||||||||||||||||||||||||||||
resource buffer-asf <<2-5> | disable> |
Allocates application resources for buffering on Application Session Filtering (ASF). This parameter allocates the number of session entries, in millions, as follows:
The configured application resources will only be available after the GigaSMART line card or module is rebooted. Refer to the “Displaying GigaSMART Application Resource Usage” section in the GigaVUE Fabric Management Guide. The resources for buffer ASF on the GigaVUE-HB1 can only be configured to 2 million sessions. Examples: (config) # gsparams gsgroup gsgrp1 resource buffer-asf 3 (config) # gsparams gsgroup gsgrp1 resource buffer-asf disable Configure the resources for buffer ASF before configuring apps asf parameters. Refer to apps asf. |
||||||||||||||||||||||||||||||||||||
resource cpu overload-threshold <<50-90> | disable> |
Specifies an overload threshold for CPU resources for GigaSMART operations as follows:
The default is 90. Examples: (config) # gsparams gsgroup gsg1 resource cpu overload-threshold 70 (config) # gsparams gsgroup gsg1 resource cpu overload-threshold disable |
||||||||||||||||||||||||||||||||||||
resource packet-buffer overload-threshold <<50-80> | disable> |
Specifies an overload threshold for packet buffer resources for GigaSMART operations as follows:
Examples: (config) # gsparams gsgroup gsg1 resource packet-buffer overload-threshold 60 (config) # gsparams gsgroup gsg1 resource packet-buffer overload-threshold disable |
||||||||||||||||||||||||||||||||||||
inline-ssl standalone <disable | enable> |
Configures the inline SSL to share resources with other GigaSMART operations as follows:
Examples: (config) # gsparams gsgroup gsg1 inline-ssl standalone disable (config) # gsparams gsgroup gsg1 inline-ssl standalone enable The following notification is displayed when the configuration is changed after resource allocation.#Changes take effect after card or system reboot |
||||||||||||||||||||||||||||||||||||
resource hsm-ssl buffer <<1-3> | disable> |
Configures resources for the HSM SSL buffer as follows:
Examples: (config) # gsparams gsgroup gsg1 resource hsm-ssl buffer 2 (config) # gsparams gsgroup gsg1 resource hsm-ssl buffer disable |
||||||||||||||||||||||||||||||||||||
resource hsm-ssl packet-buffer <20-3000> |
Configures resources for the HSM SSL packet buffer as follows:
Packets are buffered while waiting for the session key. For example: (config) # gsparams gsgroup gsg1 resource hsm-ssl packet-buffer 600 |
||||||||||||||||||||||||||||||||||||
rtp-port range <1~65535 | x..y> |
Specifies the RTP port or ports for SIP/RTP. You must specify a port or a range of ports, from 1 to 65535. Examples: (config) # gsparams gsgroup gsg1 rtp-port range 2000 (config) # gsparams gsgroup gsg1 rtp-port range 20000..40000 |
||||||||||||||||||||||||||||||||||||
sffp-profile <add | delete> <sffp-profile-alias> |
Add or Delete Transport Agent Profile. To configure the sffp profile, refer to sffp profile. |
||||||||||||||||||||||||||||||||||||
sip-nat <disable | enable> |
Configures SIP-NAT feature as follows:
|
||||||||||||||||||||||||||||||||||||
sip-portlist <1-65535>
|
Specifies the SIP port list for SIP/RTP. You must specify one or more TCP/UDP ports, from 1 to 65535. Use a comma to separate multiple ports. Examples: (config) # gsparams gsgroup gsg1 sip-portlist 5060 (config) # gsparams gsgroup gsg1 sip-portlist 5060,5070,5090 |
||||||||||||||||||||||||||||||||||||
sip-session timeout <30-300> |
Specifies the SIP session timer for SIP/RTP. This is a SIP session inactivity timer, used to clean up inactive sessions. The range of values is from 30 to 300 seconds. The default is 30 seconds. For example: (config) # gsparams gsgroup gsg1 sip-session timeout 48 |
||||||||||||||||||||||||||||||||||||
sip-tcp-idle-timeout <20-600> |
Specifies the SIP TCP idle timer for SIP/RTP. The range of values is from 20 to 600 seconds. The default is 20 seconds. For example: (config) # gsparams gsgroup gsg1 sip-tcp-idle-timeout 30 |
||||||||||||||||||||||||||||||||||||
sip-whitelist add <SIP whitelist file> delete |
Adds or deletes a SIP forward list file for SIP/RTP as follows:
Examples: (config) # gsparams gsgroup gsg1 sip-whitelist add whitelist1 (config) # gsparams gsgroup gsg1 sip-whitelist delete |
||||||||||||||||||||||||||||||||||||
ssl-decrypt decrypt-fail-action <drop | pass-tool> |
Specifies Passive SSL decryption failover options as follows:
An Passive SSL decryption failure occurs when encrypted traffic cannot be decrypted, for example, when an incoming flow exceeds the maximum supported bandwidth. For example: (config) # gsparams gsgroup grp ssl-decrypt decrypt-fail-action pass-tool |
||||||||||||||||||||||||||||||||||||
ssl-decrypt disable enable |
Specifies Secure Sockets Layer (SSL) decryption options as follows:
Disable can be used as debugging aid for traffic to bypass the Passive SSL decryption application. For example: (config) # gsparams gsgroup grp ssl-decrypt enable |
||||||||||||||||||||||||||||||||||||
hsm-pkcs11 dynamic-object <disable | enable> |
Enables or disables the dynamic object for the HSM PKCS12 file as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-pkcs11 dynamic-object disable |
||||||||||||||||||||||||||||||||||||
hsm-pkcs11 load-sharing <disable | enable> |
Enables or disables load sharing for the HSM PKCS12 file as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-pkcs11 load-sharing disable |
||||||||||||||||||||||||||||||||||||
hsm-timeout <2-5000> |
Configures the HSM timeout in milliseconds. The HSM timeout specifies a period of time for the communication between the HSM and GigaSMART. The values are from 2 to 5000ms. The default is 1000ms. For example: (config) # gsparams gsgroup grp ssl-decrypt hsm-timeout 3600 |
||||||||||||||||||||||||||||||||||||
ssl-decrypt key-cache-timeout <1-86400> ticket-cache-timeout <1-86400> |
Configures the following timeouts used when resuming an Passive SSL decryption session:
For example: (config) # gsparams gsgroup grp ssl-decrypt key-cache-timeout 3600 These timeouts relate to how the SSL server stores the SSL key material and later, how the client resumes a session using the stored key material. The timeouts refer to the two different ways the session can be resumed: using a session key cache or using a TLS ticket cache. |
||||||||||||||||||||||||||||||||||||
ssl-decrypt key-map add service <service alias> key <key alias> delete service <<service alias> | all> |
Specifies Passive SSL decryption and HSM key mappings as follows:
Examples: (config) # gsparams gsgroup grp ssl-decrypt key-map add service service1 key key1 (config) # gsparams gsgroup grp ssl-decrypt key-map delete service service1 The maximum number of key/service mappings is 2000 on GigaVUE‑HC2 and GigaVUE HD Series. The maximum number of key/service mappings is 1000 on GigaVUE-HB1. First create an SSL key alias, then a service alias, and then use key-map to tie them together. Refer to apps ssl for the commands to create keys, and services, including the default service. A service can be mapped to different keys on different GigaSMART groups. |
||||||||||||||||||||||||||||||||||||
ssl-decrypt non-ssl-traffic <drop | pass> |
Specifies how to handle non-SSL traffic as follows:
Use this parameter when Passive SSL decryption sessions have both SSL and non-SSL packets after the SSL 3-way handshake. For sessions that have SSL and non-SSL traffic, for example SMTP with StartTLS, this parameter provides an option to pass the non-SSL traffic in addition to the decrypted traffic. For example: (config) # gsparams gsgroup grp ssl-decrypt non-ssl-traffic drop |
||||||||||||||||||||||||||||||||||||
ssl-decrypt pending-session-timeout <30-120> session-timeout <30-3600> tcp-syn-timeout <20-600> |
Specifies Passive SSL decryption timeout options as follows:
For example: (config) # gsparams gsgroup grp ssl-decrypt session-timeout 90 |
||||||||||||||||||||||||||||||||||||
tunnel-health-check action <drop | pass> disable dstport <destination port for UDP> enable interval <5-600> protocol <icmp | udp> rcvport <receive port on decapsulation side> retries <1-5> roundtriptime <1-4> srcport <source port for UDP> |
Specifies tunnel health check parameters as follows:
For example, use the following commands to configure tunnel health check on the encapsulation device: (config) # gsparams gsgroup grp1 tunnel-health-check enable (config) # gsparams gsgroup grp1 tunnel-health-check protocol icmp (config) # gsparams gsgroup grp1 tunnel-health-check interval 300 (config) # gsparams gsgroup grp1 tunnel-health-check retries 3 (config) # gsparams gsgroup grp1 tunnel-health-check action pass (config) # gsparams gsgroup grp1 tunnel-health-check srcport 45500 (config) # gsparams gsgroup grp1 tunnel-health-check dstport 48000 (config) # gsparams gsgroup grp1 tunnel-health-check roundtriptime 2 For example, when the decapsulation device is a GigaVUE node, use the following commands to configure tunnel health check: (config) # gsparams gsgroup grp1 tunnel-health-check enable (config) # gsparams gsgroup grp1 tunnel-health-check rcvport 48000 |
Related Commands
The following table summarizes other commands related to the gsparams command:
Task |
Command |
Displays GigaSMART parameters on all GigaSMART groups. |
show gsparams |
Displays GigaSMART parameters on a specified GigaSMART group. |
show gsparams alias gsg1 |
Displays GigaSMART parameters on all GigaSMART groups. |
show gsparams all |