Non-default vSystems do not support some of the fast forwarding commands. For information about vSystem support for a command, see the usage guidelines on that command. For information about vSystem, see Virtual Technologies Configuration Guide.

display hardware fast-forwarding packet statistics

Use display hardware fast-forwarding packet statistics to display packet rate statistics for fast-forwarding engines.

Syntax

display hardware fast-forwarding packet statistics [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you specify a card, this command displays packet rate statistics for fast-forwarding engines on the specified card. If you do not specify a card, this command displays packet rate statistics for fast-forwarding engines on each card. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command is supported only by Blade IV security modules installed with fast-forwarding engines. It displays the following information for a fast-forwarding engine:

· Packet transmission rate and packet reception rate of the fast-forwarding engine.

· Rate of transmitting packets to the other fast-forwarding engine on the same card.

· Rate of receiving packets from the other fast-forwarding engine on the same card.

· Rate of transmitting packets to the CPU.

· Rate of receiving packets from the CPU.

Examples

# Display packet rate statistics for fast-forwarding engines on each card.

<Sysname> display hardware fast-forwarding packet statistics

The unit of measure for the following rates is packets per second (pps).

Slot Ch. Input Output From ch. To ch. From CPU To CPU

2/0/1 0 14881000 14881000 14881000 14881000 4881000 14881000

3/0/1 0 14881000 14881000 14881000 14881000 4881000 14881000

Table 1 Command output

Field	Description
Slot	Number of the slot on which the fast-forwarding engine resides. Supported format include: · Slot number/CPU number ‌
Ch.	ID of the fast-forwarding engine. Supported values include 0 and 1.
Input	Packet reception rate of the fast-forwarding engine, in pps.
Output	Packet transmission rate of the fast-forwarding engine, in pps.
From ch.	Rate of receiving packets from the other fast-forwarding engine on the same card, in pps.
To ch.	Rate of transmitting packets to the other fast-forwarding engine on the same card, in pps.
From CPU	Rate of receiving packets from the CPU, in pps.
To CPU	Rate of transmitting packets to the CPU, in pps.

‌

display hardware fast-forwarding session statistics

Use display hardware fast-forwarding session statistics to display session statistics for fast-forwarding engines.

NOTE:

Support for this command varies by device model.

‌

Syntax

display hardware fast-forwarding session statistics [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you specify a card, this command displays session statistics for fast-forwarding engines on the specified card. If you do not specify a card, this command displays session statistics for fast-forwarding engines on each card. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command is supported only by Blade IV security modules installed with fast-forwarding engines. It displays the following information for a fast-forwarding engine:

· Number of sessions on the fast-forwarding engine.

· Session creation rate of the fast-forwarding engine.

· Session aging rate of the fast-forwarding engine.

Examples

# Display session statistics for fast-forwarding engines on each card.

<Sysname> display hardware fast-forwarding session statistic

Slot CPU Ch. Sessions Creating Aging

2/0 1 0 0 0/s 0/s

2/0 1 1 0 0/s 0/s

2/3 1 0 0 0/s 0/s

2/4 1 0 0 0/s 0/s

Table 2 Command output

Field	Description
Slot	Information about the slot on which the fast-forwarding engine resides. Supported formats include: · Slot number ‌
CPU	CPU number.
Ch	ID of the fast-forwarding engine. Supported values include 0 and 1.
Sessions	Number of sessions on the fast-forwarding engine.
Creating	Session creation rate of the fast-forwarding engine, which equals the number of sessions created per second.
Aging	Session aging rate of the fast-forwarding engine, which equals the number of sessions aged per second.

‌

display ip fast-forwarding aging-time

Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries.

Syntax

display ip fast-forwarding aging-time

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Examples

# Display the aging time of fast forwarding entries.

<Sysname> display ip fast-forwarding aging-time

Aging time: 30s

Related commands

ip fast-forwarding aging-time

display ip fast-forwarding cache

Use display ip fast-forwarding cache to display fast forwarding entries.

Syntax

display ip fast-forwarding cache [ ip-address ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

ip-address: Specifies an IP address. If you do not specify an IP address, this command displays all fast forwarding entries.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fast forwarding entries for all member devices. ‌‌

Examples

# Display all fast forwarding entries.

<Sysname> display ip fast-forwarding cache

Total number of fast-forwarding entries: 1

SIP SPort DIP DPort Pro Input_If Output_If Flg

7.0.0.13 68 8.0.0.1 67 17 GE1/0/3 GE1/0/1 5

Table 3 Command output

Field	Description
SIP	Source IP address.
SPort	Source port number.
DIP	Destination IP address.
DPort	Destination port number.
Pro	Protocol number.
Input_If	Input interface type and number. If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).
Output_If	Output interface type and number. If no interface is involved in fast forwarding, this field displays N/A. If the output interface does not exist, this field displays a hyphen (-).
Flg	Internal tag, marking internal operation information, such as fragmentation.

Related commands

reset ip fast-forwarding cache

display ip fast-forwarding fragcache

Use display ip fast-forwarding fragcache to display fast forwarding entries for fragmented packets.

Syntax

display ip fast-forwarding fragcache [ ip-address ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

ip-address: Specifies an IP address. If you do not specify an IP address, this command displays fast forwarding entries for all fragmented packets.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fast forwarding entries for fragmented packets on all member devices. ‌‌

Restrictions and guidelines

The system creates fast forwarding entries for fragments only when virtual fragment reassembly (VFR) is enabled. If VFR is disabled, this command does not display fast forwarding entries for fragments.

Examples

# Display fast forwarding entries about all fragmented packets.

<Sysname> display ip fast-forwarding fragcache

Total number of fragment fast-forwarding entries: 1

SIP SPort DIP DPort Pro Input_If ID Relay_flag

7.0.0.13 68 8.0.0.1 67 17 GE1/0/3 2 1

Table 4 Command output

Field	Description
SIP	Source IP address.
SPort	Source port number.
DIP	Destination IP address.
DPort	Destination port number.
Pro	Protocol number.
Input_If	Input interface type and number. If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-).
ID	Fragment ID.
Relay_flag	Fragment pass-through flag: · 0—Not pass through. · 1—Pass through.

Related commands

reset ip fast-forwarding cache

hardware fast-forwarding checksum encap incremental

Use hardware fast-forwarding checksum encap incremental to enable the incremental checksum encapsulation for outgoing packets on hardware fast forwarding chips.

Use undo hardware fast-forwarding checksum encap incremental to restore the default.

Syntax

hardware fast-forwarding checksum encap incremental [ slot slot-number cpu cpu-number ]

undo hardware fast-forwarding checksum encap incremental [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

The incremental checksum is encapsulated into the outgoing packets on hardware fast forwarding chips.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command enables incremental checksum encapsulation for outgoing packets on hardware fast forwarding chips of all cards. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command takes effect only on service modules that support hardware fast forwarding.

This command is supported only by the default context and is not supported on non-default contexts.

Examples

# Enable the incremental checksum encapsulation for outgoing packets on the hardware fast forwarding chip for CPU 1 on the specified slot.

<Sysname> system-view

[Sysname] hardware fast-forwarding checksum encap incremental slot 1 cpu 1

hardware fast-forwarding checksum inspect action

Use hardware fast-forwarding checksum inspect action { drop-err | log } to specify an action for a packet alteration event.

Use undo hardware fast-forwarding checksum inspect action { drop-err | log } to cancel the specified action.

Syntax

hardware fast-forwarding checksum inspect action { drop-err | log } [ slot slot-number cpu cpu-number ]

undo hardware fast-forwarding checksum inspect action { drop-err | log } [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

When the device detects a packet alteration event, it forwards the altered packet and generates a log message.

Views

System view

Predefined user roles

network-admin

Parameters

drop-err: Drops the altered packets.

log: Generates a log message when the device detects a packet alteration event.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command configuration applies to all cards. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command takes effect only on service modules that support hardware fast forwarding.

This command is supported only by the default context and is not supported on non-default contexts.

If you execute this command multiple times, the specified action in each execution takes effect.

Examples

# Disable logging for packet alteration for CPU 1 on the specified slot.

<Sysname> system-view

[Sysname] u ndo hardware fast-forwarding checksum inspect action log slot 1 cpu 1

Related commands

hardware fast-forwarding checksum inspect enable

Use hardware fast-forwarding checksum inspect enable to enable alteration detection for outgoing packets on hardware fast forwarding chips.

Use undo hardware fast-forwarding checksum inspect enable to disable alteration detection for outgoing packets on hardware fast forwarding chips.

Syntax

hardware fast-forwarding checksum inspect [ l3 | l4 [ tcp | udp ] ] enable [ slot slot-number cpu cpu-number ]

undo hardware fast-forwarding checksum inspect [ l3 | l4 [ tcp | udp ] ] enable [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

Alteration detection is enabled for outgoing packets on hardware fast forwarding chips.

Views

System view

Predefined user roles

network-admin

Parameters

l3: Enables the packet alteration detection on the Layer 3 information.

l4: Enables the packet alteration detection on the Layer 4 information.

tcp: Enables the TCP packet alteration detection.

udp: Enables the UDP packet alteration detection.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command enables alteration detection for outgoing packets on hardware fast forwarding chips of all cards. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This command takes effect only on service modules that support hardware fast forwarding.

To enable alteration detection on different types of packets, execute this command multiple times.

To enable TCP or UDP packet alteration detection, specify the l4 keyword before you specify the tcp or udp keyword.

If you do not specify any parameters, the device detects alterations for outgoing packets on both the Layer 3 and Layer 4 information.

If you specify the l4 keyword without specifying the tcp or udp keyword, the device detects alterations for outgoing packets on the Layer 4 information.

This command is supported only by the default context and is not supported on non-default contexts.

Examples

# Disable alteration detection on outgoing TCP packets for CPU 1 on slot 1.

<Sysname> system-view

[Sysname] undo hardware fast-forwarding checksum inspect l4 tcp enable slot 1 cpu 1

hardware fast-forwarding enable

Use hardware fast-forwarding enable to enable hardware fast forwarding.

Use undo hardware fast-forwarding enable to disable hardware fast forwarding.

Syntax

‌

hardware fast-forwarding enable [ slot slot-number ]

undo hardware fast-forwarding enable [ slot slot-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

Hardware fast forwarding is enabled.

Views

System view

Predefined user roles

network-admin

Parameters

Usage guidelines

Non-default vSystems do not support this command.

Hardware fast forwarding stores session information during fast forwarding to speed up subsequent traffic forwarding by comparing the traffic with session information.

Disable hardware fast forwarding when you troubleshoot problems on forwarding chips.

Non-default context does not support this command.

Examples

# Disable hardware fast forwarding on slot 1.

<Sysname> system-view

[Sysname] undo hardware fast-forwarding enable slot 1

hardware fast-forwarding link-aggregation hash-mode crc

Use hardware fast-forwarding link-aggregation hash-mode crc to use the CRC hash algorithm to select a link aggregation member port as the output interface for outgoing traffic.

Use undo hardware fast-forwarding link-aggregation hash-mode crc to restore the default.

Syntax

hardware fast-forwarding link-aggregation hash-mode crc

undo hardware fast-forwarding link-aggregation hash-mode crc

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

The Exclusive-OR algorithm is used for aggregation member port selection.

Views

System view

Predefined user roles

network-admin

Examples

# Use the CRC hash algorithm to select a link aggregation member port as the output interface for outgoing traffic on slot 3.

<Sysname> system-view

[Sysname] hardware fast-forwarding link-aggregation hash-mode crc

hardware fast-forwarding link-aggregation hash-mode crc ip-offset

Use hardware fast-forwarding link-aggregation hash-mode crc ip-offset to set the IPv6 address offset for CRC calculation to select an aggregation member port as the output interface for outgoing traffic.

Use undo hardware fast-forwarding link-aggregation hash-mode crc ip-offset to restore the default.

Syntax

hardware fast-forwarding link-aggregation hash-mode crc ip-offset offset-vlaue

undo hardware fast-forwarding link-aggregation hash-mode crc ip-offset [ offset-vlaue ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

The IPv6 address offset used in CRC calculation is 0.

Views

System view

Predefined user roles

network-admin

Parameters

offset-vlaue: Set the IPv6 address offset in bits. The value range for this argument is 0 to 31.

Usage guidelines

If you use the CRC hash algorithm for aggregation member port selection, you can use this command to set a calculation offset for IPv6 addresses to be calculated. CRC takes the bit where the offset-vlaue argument specifies and the following 32 bits for calculation.

Examples

# Set the IPv6 address offset used in CRC calculation to 10.

<Sysname> system-view

[Sysname] hardware fast-forwarding link-aggregation hash-mode crc ip-offset 10

hardware fast-forwarding malpkt-filter enable

Use hardware fast-forwarding malpkt-filter enable to enable malformed packet detection.

Use undo hardware fast-forwarding malpkt-filter enable to dis able malformed packet detection.

Syntax

hardware fast-forwarding malpkt-filter enable [ slot slot-number cpu cpu-number ]

undo hardware fast-forwarding malpkt-filter enable [ slot slot-number cpu cpu-number ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

Malformed packet detection is enabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by the slot number. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Enable malformed packet detection on slot 1.

<Sysname> system-view

[Sysname] hardware fast-forwarding malpkt-filter enable slot 1

hardware fast-forwarding standalone

Use ip hardware fast-forwarding standalone to enable single-chip hardware forwarding for upstream packets.

Use undo hardware fast-forwarding standalone to restore the default.

Syntax

hardware fast-forwarding standalone [ slot slot-number [ cpu cpu-number ] ]

undo hardware fast-forwarding standalone [ slot slot-number [ cpu cpu-number ] ]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

Dual-chip hardware forwarding is enabled for upstream packets.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by the slot number. ‌

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

This feature applies only to modules that have more than one hardware forwarding chip.

It enables a dual-chip module to forward upstream packets by using only one of the chips. This feature does not apply to downstream packets. The module uses both chips to forward downstream packets.

After you change the hardware forwarding mode for upstream packets, you must restart the module for the change to take effect.

To change the hardware forwarding mode for upstream packets in a security engine group with multiple security engines (multiple modules), perform the following tasks:

1. Execute the hardware fast-forwarding standalone or undo hardware fast-forwarding standalone command on all modules one by one to change their hardware forwarding mode for upstream packets.

2. Restart all modules.

For more information about security engine groups, see context configuration in Virtual Technologies Configuration Guide.

Examples

# Enable single-chip hardware forwarding for upstream packets on slot 1.

<Sysname> system-view

[Sysname] hardware fast-forwarding standalone slot 1

hardware fast-forwarding statistics enable

Use hardware fast-forwarding statistics enable to enable the traffic statistics on hardware fast forwarding.

Syntax

hardware fast-forwarding statistics enable [ slot slot-number [ cpu cpu-number ]]

undo hardware fast-forwarding statistics enable [ slot slot-number [ cpu cpu-number ]]

The following compatibility matrix shows the support of hardware platforms for this command:

Series	Models	Command compatibility
F5000 series	F5000-AI160, F5000-CN160, F5000-AI-160-G, F5000-AI-130-G, F5000-AI-110-G, F5000-CN160-G, F5000-E-G	Yes
F5000 series	F5080, F5030, F5000-CN-G55, F5000-AI-55-G, F5000-AI-15-G, F5000-AI-120-G	No
F1000 series	F1000-AK9130, F1000-AI-90, F1000-AI-25, F1000-AI-90-G, F1000-AI-80-G, F1000-AI-75-G, F1000-AI-65-G, F1000-AI-55-G	No

Default

The traffic statistics on hardware fast forwarding is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by the slot number. If you do not specify a card, this command enables traffic statistics on hardware fast forwarding for all cards. ‌

cpu cpu-number: Specifies a CPU by its number.

Usage guidelines

This feature is applicable only to security service modules with hardware fast forwarding chips.

With this feature enabled, you can use the display interface blade or display interface blade-aggregation command to view the statistics of all traffic forwarded by software or hardware fast forwarding on the corresponding Blade interface. With this feature disabled, you can use the commands to view only statistics of traffic forwarded by software fast forwarding.

This command is supported only by the default context and not supported by non-default contexts.

Examples

# Enable traffic statistics on hardware fast forwarding on the specified CPU and the specified slot.

<Sysname> system-view

[Sysname] hardware fast-forwarding statistics enable slot 3 cpu 1

Related commands

display interface (Layer 2—LAN Switching Command References)

display interface blade (Interface Command References)

ip fast-forwarding aging-time

Use ip fast-forwarding aging-time to configure the aging time for fast forwarding entries.

Use undo ip fast-forwarding aging-time to restore the default.

Syntax

ip fast-forwarding aging-time aging-time

undo ip fast-forwarding aging-time

Default

The aging time is 30 seconds.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

aging-time: Specifies the aging time in the range of 10 to 300 seconds.

Examples

# Set the aging time to 20 seconds for fast forwarding entries.

<Sysname> system-view

[Sysname] ip fast-forwarding aging-time 20

Related commands

display ip fast-forwarding aging-time

ip fast-forwarding dscp

Use ip fast-forwarding dscp to enable DSCP-based fast forwarding for GRE and VXLAN packets.

Use undo ip fast-forwarding dscp to restore the default.

Syntax

ip fast-forwarding dscp

undo ip fast-forwarding dscp

Default

DSCP-based fast forwarding for GRE and VXLAN packets is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command is applicable to GRE packets (with IP as the passenger protocol) and VXLAN packets that are processed by software.

This feature uses the DSCP value in the outer header instead of the source port number among the identification criteria to identify GRE and VXLAN traffic flows.

This command is mutually exclusive with NAT and load balancing.

Examples

# Enable DSCP-based GRE and VXLAN packet fast forwarding.

<Sysname> system-view

[Sysname] ip fast-forwarding dscp

ip fast-forwarding load-sharing

Use ip fast-forwarding load-sharing to enable fast forwarding load sharing.

Use undo ip fast-forwarding load-sharing to disable fast forwarding load sharing.

Syntax

ip fast-forwarding load-sharing

undo ip fast-forwarding load-sharing

Default

Fast forwarding load sharing is enabled.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Fast forwarding load sharing enables the device to load share packets of the same flow. This feature identifies a data flow by using the packet information.

If fast forwarding load sharing is disabled, the device identifies a data flow by the packet information and the input interface. No load sharing is implemented.

Examples

# Enable fast forwarding load sharing.

<Sysname> system-Views

[Sysname] ip fast-forwarding load-sharing

ip fast-forwarding vxlan-port

Use ip fast-forwarding vxlan-port to specify the destination UDP port number for identifying VXLAN packets.

Use undo ip fast-forwarding vxlan-port to restore the default.

Syntax

ip fast-forwarding vxlan-port port-number

undo ip fast-forwarding vxlan-port

Default

The destination UDP port number is 4789.

Views

System view

Predefined use roles

network-admin

context-admin

vsys-admin

Parameters

port-number: Specifies a UDP port number in the range of 1 to 65535.

Usage guidelines

This feature is applicable to only the UDP packets that are processed by software.

In a VXLAN network, configure this command on intermediate devices to identify VXLAN packets.

Examples

# Specify the destination UDP port number to 4900 for identifying VXLAN packets.

<Sysname> system-view

[Sysname] ip fast-forwarding vxlan-port 4900

reset ip fast-forwarding cache

Use reset ip fast-forwarding cache to clear the fast forwarding table.

Syntax

reset ip fast-forwarding cache [ slot slot-number ]

Views

User view

Predefined use roles

network-admin

context-admin

vsys-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears the fast forwarding table for all member devices. ‌‌

Examples

# Clear the fast forwarding table.

<Sysname> reset ip fast-forwarding cache

Related commands

display ip fast-forwarding cache

display ip fast-forwarding fragcache

14-Layer 3—IP Services Command Reference

display ip fast-forwarding fragcache

Restrictions and guidelines

ip fast-forwarding aging-time

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us