NVIDIA User Experience (NVUE) Cheat Sheet
NVUE is an object-oriented, schema-driven model of a complete Cumulus Linux system providing a robust API that allows multiple interfaces to view and configure any element within a system.
You can use NVUE through its CLI or API. Because NVUE is an object model, both CLI and REST API interfaces have equivalent functionality and can work in parallel while keeping all management operations consistent; for example, the CLI show
commands reflect any PATCH
operation you run through the REST API.
NVUE follows a declarative model, removing context-specific commands and settings. It is structured as a big tree (like a filesystem path) representing the entire system state. At the base of the tree are high-level branches representing objects, such as router and interface. Under each branch, there are additional branches, and as you navigate through the tree, you gain a more specific context of the objects. The leaves of the tree are actual attributes, represented as key-value pairs.
This cheat sheet helps you get up to speed using Cumulus Linux and the NVUE CLI.
This cheat sheet covers the most common and useful commands for certain Cumulus Linux elements, features, and protocols. Refer to the Cumulus Linux User Guide for more information, and additional and specific configurations.
For information about using the NVUE REST API, refer to the NVUE API documentation.
NVUE CLI Command Syntax
All NVUE commands begin with nv
and fall into one of four syntax categories:
- Configuration (
nv set
andnv unset
) - Monitoring (
nv show
) - Configuration management (
nv config
) - Action (
nv action
)
Like all industry-standard CLIs, the NVUE CLI includes command completion with the TAB key, use of the question mark (?
) to display command information, and command abbreviation to speed up CLI interaction. In addition, you can get help with command syntax by using the -h
or --help
option, and list all commands by running nv list-commands
.
Getting Started
After you rack and power on your NVIDIA Spectrum switch with Cumulus Linux, connect a serial console cable so that you can begin configuration. All switches are manufactured with an RJ45 serial port for console connectivity and set to 115200 baud rate. If your switch does not have a pre-installed NOS, you can install a new Cumulus Linux image.
System Management and Services
Use the following commands to configure the management network and system services on the switch.
Command Syntax |
Description and Example |
---|---|
nv set system hostname <name> |
Configures the system hostname. The default hostname is cumulus .$ nv set system hostname leaf01 |
nv set interface eth0 ip address <ip-address/mask> nv set interface eth0 ip gateway <ip-address> |
Configures a static IP address and default gateway on the OOB management interface (eth0). By default the OOB management interface is set to use DHCPv4 to obtain an IP address.$ nv set interface eth0 ip address 192.168.200.2/24$ nv set interface eth0 ip gateway 192.168.200.1 |
nv set service ntp <vrf-name> server <url> iburst on |
Adds an NTP server. Cumulus Linux boots with the NTP service enabled and uses default servers. Refer to the NTP documentation for more information.The VRF name in the example is default . You must specify a VRF.$ nv set service ntp default server 4.cumulusnetworks.pool.ntp.org iburst onIf you do not use NTP, set the system time and date with the Linux date command. |
nv set system timezone <timezone> |
Configures the system time zone. By default, Cumulus Linux uses the UTC time zone.$ nv set system timezone US/Eastern |
nv set service dns <vrf-name> server <ip-address) |
Configures the DNS lookup server. The VRF name in the example is mgmt . You can use this command with or without the VRF.$ nv set service dns mgmt server 198.51.100.31 |
nv set service syslog <vrf-name> server <ip-address> port <port> nv set service syslog <vrf-name> server <ip-address> protocol <protocol> |
Configures a remote Syslog server for the switch to send syslog messages. The VRF name in the example is default . You must specify a VRF.You can specify udp or tcp for the protocol.$ nv set service syslog default server 192.168.0.254 port 514$ nv set service syslog default server 192.168.0.254 protocol udp |
Working with Interfaces
Use the following commands to configure the physical, breakout, loopback, and logical layer 2 and layer 3 interfaces.
Physical Interfaces
Command Syntax |
Description and Example |
---|---|
nv set interface <interface> nv set interface <interface-range> |
Administratively enables physical interfaces on the switch.All physical interfaces except eth0 are disabled by default; you must enable them for them to become operational.To disable an interface, use the nv unset command.You can also enable or disable all or a range of interfaces at the same time. $ nv set interface swp1$ nv set interface swp1,20-32 |
nv set interface <interface> link state <state> |
Configures the interface link state: up or down . After you enable an interface, the link state is set automatically to up .Note: Setting the link state to down does not disable the interface from the system like the nv unset interface <interface> command. $ nv set interface swp1 link state down$ nv set interface swp8-15 link state up |
nv set interface <interface> link speed <speed> |
Configures the interface speed. If auto-negotiation is enabled (the default setting), it takes precedence over the link speed setting.$ nv set interface swp1 link speed 50G |
nv set interface <interface> link mtu <mtu> |
Configures the interface MTU. All interfaces in Cumulus Linux are set to 9216B MTU by default.$ nv set interface swp1 link mtu 1500 |
Breakout Interfaces
To increase the number of ports on the NVIDIA Spectrum switch, you can break out physical interfaces into two or four lower speed ports.Breakout configurations differ between platforms, refer to the breakout ports section of the switch port attributes documentation for more information.
Command Syntax |
Description and Example |
---|---|
nv set interface <interface> link breakout <breakout-mode> nv set interface <interface> link breakout disabled |
Configures the breakout mode on a physical interface.Some platforms require you to disable the adjacent port to break out an interface. Refer to this knowledge base article for more information.$ nv set interface swp1 link breakout 4x25G$ nv set interface swp2 link breakout disabled |
nv unset interface <breakout-interface> nv unset interface <interface> link breakout |
Administratively disables the breakout port from the system. When you break out a physical port, Cumulus Linux creates new logical ports in the system; for example, when you break out interface swp1 into four new ports, Cumulus Linux creates swp1s0, swp1s1, swp1s2, and swp1s3. To remove the breakout configuration from an interface, you must administratively disable all the breakout ports and then unset the breakout configuration from the physical interface.$ nv unset interface swp1s0$ nv unset interface swp1s1$ nv unset interface swp1s2$ nv unset interface swp1s3$ nv unset interface swp1 link breakout |
Loopback Interface
Cumulus Linux has a preconfigured loopback interface. When the switch boots up, the loopback interface, called lo
, is up
and assigned an IP address of 127.0.0.1
.
Command Syntax |
Description and Example |
---|---|
nv set interface lo ip address <ip-address> |
Configures an IP address on the loopback interface (lo). The loopback interface must always exist and be up . lo does not require a subnet mask; it is automaticaly set with a /32 prefix. You can configure multiple IP addresses for the loopback interface.$ nv set interface lo ip address 10.10.10.1 |
Layer 2 Interfaces
After you enable a physical interface in Cumulus Linux, the interface is routed (layer 3). To set an interface as a switch port (layer 2), you must add it to a bridge.
Bridge and VLANs
Cumulus Linux supports two bridge configuration modes:
- VLAN-aware bridge
- Traditional bridge
The default bridge br_default
is a VLAN-aware bridge. Refer to the Ethernet Bridging - VLANs documentation for more information.
Command Syntax |
Description and Example |
---|---|
nv set interface <interface> bridge domain br_default |
Adds a physical interface into the default br_default bridge. You can add a range of interfaces to a bridge.When you add an interface to a bridge, Cumulus Linux sets the interface automatically to trunk mode (tagged-dot1Q) with all bridge VLANs allowed.$ nv set interface swp1 bridge domain br_default$ nv set interface swp1-5,7-22 bridge domain br_default |
nv set interface <interface> bridge domain br_default untagged none |
Configures an interface (not the bridge) to drop all untagged traffic. The untagged none command removes the PVID from the interface.$ nv set interface swp2 bridge domain br_default untagged none |
nv set bridge domain br_default vlan <vlan-id> |
Configures VLANs on the default bridge (br_default ). All new VLANs you add to the bridge are automatically added to all its trunk ports. You can also add VLANs in a range or a list.$ nv set bridge domain br_default vlan 10,20 |
nv set interface <interface> bridge domain br_default access <vlan-id> |
Configures an interface as an access (untagged) port in a specific VLAN.$ nv set interface swp1 bridge domain br_default access 10 |
nv set bridge domain br_default untagged <vlan-id> |
Configures the PVID of the default br_default bridge. The default PVID is 1. Use this command only to change (or reset) the default PVID.$ nv set bridge domain br_default untagged 100 |
Spanning-Tree Protocol (STP)
The VLAN-aware bridge (br_default
) operates only in RSTP mode.
Traditional bridges operate in both PVST and RPVST mode. The default mode is PVRST. Each traditional bridge has its own separate STP instance.
Command Syntax |
Description and Example |
---|---|
nv set bridge domain br_default stp priority <priority> |
Sets the spanning-tree priority of the default bridge (br_default ). The default STP priority is 32768.$ nv set bridge domain br_default stp priority 8192 |
nv set interface <interface> bridge domain br_default stp admin-edge on nv set interface <interface> bridge domain br_default stp bpdu-guard on nv set interface <interface> bridge domain br_default stp auto-edge on |
Sets an interface to Edge (PortFast) mode. NVIDIA recommends you set BPDU-guard on edge ports to eliminate loops.Cumulus Linux enables automatic edge auto-edge port detection by default. You can disable auto-edge with the off option.$ nv set interface swp5 bridge domain br_default stp admin-edge on$ nv set interface swp5 bridge domain br_default stp bpdu-guard on$ nv set interface swp5 bridge domain br_default stp auto-edge off |
Refer to the Spanning Tree and Rapid Spanning Tree - STP documentation for more information.
Layer 3 Interfaces
After you enable a Cumulus Linux interface administratively, it is a routed port (layer 3).
Command Syntax |
Description and Example |
---|---|
nv set interface <interface> ip address <ip-address> |
Configures an IPv4 or IPv6 address on the physical interface (swp).$ nv set interface swp10 ip address 10.1.0.5/24$ nv set interface swp10 ip address 2001:db8::10/64 |
nv set interface <svi> ip address <ip-address> |
Configures an IPv4 or IPv6 address on an SVI (VLAN interface).The SVI operates only if its VLAN exists and an interface is assigned to it (either tagged or untagged).$ nv set interface vlan100 ip address 100.1.0.2/24$ nv set interface vlan100 ip address 2001:db8::1/32 |
Link Aggregation Interfaces
The Link Aggregation (LAG) interface in Cumulus Linux is called a bond. You can configure a bond as a layer 2 or layer 3 interface.
Command Syntax |
Description and Example |
---|---|
nv set interface <bond-name> bond member <bonded-interface> nv set interface <bond-name> type bond |
Configures a bond interface and sets the physical ports. If you use a bond name that starts with bond , the type is automatically set to bond . Otherwise, you have to manually set the interface type to bond .$ nv set interface bond1 bond members swp1-4$ nv set interface lag1 bond members swp5-6$ nv set interface lag1 type bond |
nv set interface <bond-name> bond mode <mode> |
Configures the bond interface operation mode.By default, bonds in Cumulus Linux are set to LACP (802.3ad) mode.You can change the mode to Balance-xor with the static option. To reset the bond mode to LACP, use the lacp option.$ nv set interface bond1 bond mode static$ nv set interface bond1 bond mode lacp |
nv set interface <bond-name> bond lacp-rate <rate> |
Configures the bond interface LACP PDU transmit rate.By default, bonds in Cumulus Linux are set to fast mode (transmitting every 3 seconds). To set the rate to 30 seconds, use slow mode.$ nv set interface bond1 bond lacp-rate slow$ nv set interface bond1 bond lacp-rate fast |
Working with Network Protocols
This cheat sheet includes some of the basic commands to configure the main data center protocols. To configure other protocols, see additional configuration commands, examples, and more detailed information, refer to the Cumulus Linux User Guide.
Layer 2 Protocols
Multi-Chassis Link Aggregation - MLAG
MLAG provides layer 2 redundancy and greater system throughput. To configure MLAG, you must fulfill these requirements:
- Only two switches can share MLAG configuration. However, you can have multiple (different) MLAG pairs in the network.
- Both MLAG peer switches must be directly connected. This is typically a bond for increased reliability and bandwidth.
- Both switches in the MLAG pair must be of the same Spectrum model and run the same Cumulus Linux version.
- The dual-connected devices (servers or switches) can use LACP or static bond modes. MLAG switches must be set accordingly.
This cheat sheet includes the basic MLAG configuration commands. Refer to the Multi-Chassis Link Aggregation - MLAG documentation for more information.
Command Syntax |
Description and Example |
---|---|
nv set interface <bond-name> bond member <bonded-interface> |
Configures a bond interface and sets its physical ports. You must create a bond interface so that it is set as an MLAG port.$ nv set interface bond1 bond members swp1 |
nv set interface <bond-name> bond mlag id <mlag-id> |
Sets the MLAG ID of the bond interface. You must specify a unique MLAG ID for every dual-connected bond on each peer switch. The value must be identical on both MLAG peers.$ nv set interface bond1 bond mlag id 1 |
nv set interface <bond-name> bridge domain br_default |
Sets the MLAG port into the default bridge br_default .$ nv set interface bond1 bridge domain br_default |
nv set interface peerlink bond member bonded-interface> |
Configures the inter-chassis bond for MLAG operation. peerlink is a reserved name for the inter-chassis link. When you create the peer link, Cumulus Linux creates a layer 3 sub-interface called peerlink.4094 automatically to ensure VLAN-independent operation on this link.$ nv set interface peerlink bond member swp31-32 |
nv set mlag mac-address <address> |
Configures the MLAG system MAC address, which is set in the PDU for all control protocols to represent the MLAG pair as a single switch. The MLAG MAC address must be identical on both MLAG peers but unique in the network and different between MLAG pairs (Cumulus Linux provides a special reserved range).$ nv set mlag mac-address 44:38:39:BE:EF:AA |
nv set mlag peer-ip linklocal |
Configures the MLAG peer IP address. The peer IP address is based on the peerlink.4094 link-local addresses (point-to-point).$ nv set mlag peer-ip linklocal |
nv set mlag backup <ip-address> |
Configures the MLAG backup IP address, which is used to communicate between MLAG peers in case the peer link goes down.nv set mlag backup 10.10.10.2You can specify the backup IP in a specific VRF if needed. $ nv set mlag backup 10.10.10.2 vrf mgmt |
Virtual Router Redundancy - VRR
VRR enables an active-active gateway for the layer 2 MLAG domain. Both MLAG peers must have an SVI with unique IP addresses for each VLAN. Then, you must set identical VRR instances (one instance per subnet) on both MLAG peers. The VRR instance is configured on the SVIs and holds the virtual IP and MAC addresses. Both peers respond to ARP requests from the host but if one fails, the second still serves as the gateway.
Command Syntax |
Description and Example |
---|---|
nv set interface <svi> ip vrr address <ip-address> |
Configures the virtual IP address of the VRR instance. This address must be within the SVI subnet.$ nv set interface vlan10 ip vrr address 10.1.10.1/24 |
nv set system global fabric-mac <mac-address> nv set system global fabric-id <id> |
Configures the global fabric MAC address to ensure fabric-wide MAC consistency across VRR switches. The MAC address is used primarily for multi-fabric EVPN environments. Cumulus Linux uses the default VRR MAC address 00:00:5E:00:01:01; you can either change this MAC address globally or change the default fabric ID (fabric_id=1 ), which is added to the MAC address.$ nv set system global fabric-mac 00:00:5E:00:01:FF$ nv set system global fabric-id 255 |
nv set interface <svi> ip vrr mac-address <mac-address> |
Configures the VRR instance virtual MAC address for a specific VLAN (in case you want to override the global default settings).$ nv set interface vlan10 ip vrr mac-address 00:00:5E:00:01:00 |
Refer to the Virtual Router Redundancy - VRR and VRRP documentation for more information.
Layer 3 Protocols
Virtual Routing and Forwarding - VRF
VRF (also called VRF-Lite) enables you to use multiple independent routing tables that work simultaneously on the same switch. VRFs are useful in multi-tenant environments.
This cheat sheet includes basic VRF commands. For more information about using custom and mgmt
VRFs with different protocols, refer to the Virtual Routing and Forwarding - VRF and Management VRF documentation.
Command Syntax |
Description and Example |
---|---|
nv set vrf <vrf-name> table <id> |
Configures a new VRF and assigns a table ID. You can use the auto table assignment or set the ID manually (the ID must be between 1001-1255).$ nv set vrf BLUE table auto$ nv set vrf RED table 1016 |
nv set interface <interface> ip vrf <vrf-name> |
Adds a layer 3 interface into a VRF.$ nv set interface swp1 ip vrf BLUE |
Static Routing
You can use static routing if you do not require the complexity of a dynamic routing protocol (such as BGP or OSPF), if you have routes that do not change frequently and for which the destination is only one or two paths away.
Command Syntax | Description and Example |
---|---|
nv set vrf <vrf-name> router static <ip-address> via <ip-address> |
Configures a static route to a destination network through a specified next hop within a VRF. You must have a local IP address within the next hop subnet.$ nv set vrf default router static 10.10.10.101/32 via 10.0.1.1 |
Border Gateway Protocol - BGP
BGP is the routing protocol that runs the Internet. BGP manages how packets get routed from network to network by exchanging routing and reachability information.
Cumulus Linux makes BGP configuration in the data center easier with Auto BGP and BGP Unnumbered. NVIDIA recommends using these features to eliminate the need for ASN and point-to-point IP addressing assignments, and to reduce human errors.
This cheat sheet includes basic BGP configuration commands. Refer to the Border Gateway Protocol - BGP documentation for more information.
Command Syntax |
Description and Example |
---|---|
nv set router bgp autonomous-system <asn> |
Configures BGP with an ASN. You can use the auto BGP leaf or spine keywords to let Cumulus Linux set the ASN automatically, or set a number manually.$ nv set router bgp autonomous-system 65101$ nv set router bgp autonomous-system leaf |
nv set router bgp router-id <ip-address> nv set vrf <vrf-name> router bgp router-id <ip-address> |
Configures the BGP router ID. By default, BGP assigns the loopback IP address as the router ID. If you do not have a loopback set or you want to override this setting, you need to set it manually. You can set the router ID globally or per VRF.$ nv set router bgp router-id 10.10.10.1$ nv set vrf RED router bgp router-id 10.10.10.1 |
nv set vrf <vrf-name> router bgp neighbor <neighbor> remote-as <remote-as> |
Configures BGP neighbor peering. You can set the neighbor as internal for iBGP or external for eBGP. The default VRF name is default . You must set the neighbors in this VRF.$ nv set vrf default router bgp neighbor 10.0.1.1 remote-as internal$ nv set vrf default router bgp neighbor swp2 remote-as external$ nv set vrf default router bgp neighbor 2001:db8:0002::0a00:0002 remote-as external |
nv set vrf <vrf-name> router bgp neighbor <neighbor> address-family ipv6-unicast enable on |
Enables IPv6 prefix advertisement. Cumulus Linux enables the IPv4 address family by default. To advertise IPv6 routes, you need to enable the IPv6 address family. To advertise IPv4 prefixes with IPv6 next hops, see Advertise IPv4 Prefixes with IPv6 Next Hops.$ nv set vrf default router bgp neighbor 2001:db8:0002::0a00:0002 address-family ipv6-unicast enable on |
nv set vrf <vrf-name> router bgp address-family <address-family> network <prefix> |
Specifies which prefixes to originate.$ nv set vrf default router bgp address-family ipv4-unicast network 10.1.10.0/24$ nv set vrf default router bgp address-family ipv6-unicast network 2001:db8::1/128 |
nv set vrf <vrf-name> router bgp address-family <address-family> redistribute <value> enable on |
Redistributes prefixes into the IPv4 or IPv6 address family. You can specify connected , static , or ospf . You can also use route redistribution with route maps and the BGP metric options. See Route Filtering and Redistribution for more information.$ nv set vrf default router bgp address-family ipv4-unicast redistribute static enable on$ nv set vrf default router bgp address-family ipv6-unicast redistribute connected route-map routemap1 |
Network Virtualization
VXLAN is a standard overlay protocol for logical virtual networks. It uses a VLAN-like encapsulation technique to encapsulate layer 2 Ethernet segments over layer 3 networks. The encapsulation happens on the VTEP, which establishes an overlay UDP tunnel to the remote VTEP device. Unlike VLANs, VXLAN scales to 16 million segments (a 24-bit VXLAN network identifier (VNI ID) in the VXLAN header) for multi-tenancy. Refer to the Network Virtualization documentation for more information.
VXLAN Devices and Static Tunnels
Cumulus Linux supports single and traditional VXLAN devices. NVUE allows you to work only with a single VXLAN device (single VTEP) in a VLAN-aware bridge. With a single VXLAN device (NVE interface), you specify the VLAN to VNI mapping.
Cumulus Linux supports multiple single VXLAN devices when set with multiple VLAN-aware bridges. Make sure not to duplicate VNIs across devices.
This cheat sheet includes some of the basic configuration commands for static VXLAN tunnels. For more information and for additional configuration, refer to the Network Virtualization documentation.
Command Syntax |
Description and Example |
---|---|
nv set bridge domain br_default vlan <vlan-id> vni <vni-id> |
Maps the VLAN to the VNI, and creates and adds the VXLAN device (NVE) to the bridge. The single VXLAN device name in Cumulus Linux is vxlan48 .$ nv set bridge domain br_default vlan 10 vni 10 |
nv set bridge domain br_default vlan <vlan-id> vni auto |
Automatically maps the VLAN to the VNI to simplify configuration. You can also configure auto VNI mapping on a VLAN range or list. Automatic VLAN to VNI mapping works only on EVPN fabrics.$ nv set bridge domain br_default vlan 10,20,30,40,50 vni auto |
nv set bridge domain br_default vlan-vni-offset <value> |
Automatically maps the VLAN to the VNI with a value offset.$ nv set bridge domain br_default vlan-vni-offset 10000 |
nv set nve vxlan mac-learning on |
Enables MAC learning on the NVE device. You must set this command for non-EVPN fabrics. You can set MAC learning globally for all VNIs or per VNI (using the bridge command).$ nv set nve vxlan mac-learning on$ nv set bridge domain br_default vlan 10 vni 10 mac-learning on |
nv set nve vxlan arp-nd-suppress on |
Enables the NVE to reply to local ARP requests if it has the remote MAC already. This prevents unnecessary broadcast traffic to all remote VTEPs.$ nv set nve vxlan arp-nd-suppress on |
nv set nve vxlan source address <ip-address> |
Configures the VTEP (NVE) source IP address to form the overlay tunnel. Cumulus Linux uses the loopback IP address for the tunnel source. $ nv set nve vxlan source address 10.10.10.1 |
nv set nve vxlan mlag shared-address <ip-address> |
Configures the MLAG anycast virtual IP address as the VXLAN tunnel destination. Both MLAG peers must have the same address.$ nv set nve vxlan mlag shared-address 10.0.1.34 |
nv set bridge domain br_default vlan <vlan-id> vni <vni-id> flooding head-end-replication <ip-address> nv set nve vxlan flooding head-end-replication <ip-address> |
Configures the remote VTEPs for HER to handle BUM traffic. You must configure the remote VTEPs in non-EVPN fabrics. You can set the remote VTEP per VNI or globally for all VNIs.$ nv set bridge domain br_default vlan 10 vni 10 flooding head-end-replication 10.10.10.2$ nv set nve vxlan flooding head-end-replication 10.10.10.2 |
nv set bridge domain br_default vlan <vlan-id> vni <vni-id> flooding multicast-group <ip-address> nv set nve vxlan flooding multicast-group <ip-address> |
Configures the multicast group for BUM traffic handling for EVPN fabrics (HER is the default). You can set the flooding group per VNI or globally. NVIDIA recommends setting a unique multicast group per VNI. This configuration requires using PIM-SM on the underlay network.Refer to EVPN BUM Traffic with PIM-SM for more information.$ nv set bridge domain br_default vlan 10 vni 10 flooding multicast-group 239.1.1.110$ nv set nve vxlan flooding multicast-group 224.0.0.10 |
Ethernet Virtual Private Network - EVPN
EVPN is a standards-based control plane that relies on multi-protocol BGP (MP-BGP) and allows for building and deploying VXLANs at scale. EVPN enables intra-subnet bridging and inter-subnet routing, including multi-tenancy support.
This cheat sheet includes the basic EVPN configuration commands. For more information and additional configuration, refer to the Ethernet Virtual Private Network - EVPN documentation.
Command Syntax |
Description and Example |
---|---|
nv set evpn enable on |
Enables EVPN capabilities globally on the switch. You do not have to enable EVPN per VRF, it is set automatically.$ nv set evpn enable on |
nv set vrf <vrf-name> router bgp neighbor <neighbor> address-family l2vpn-evpn enable on |
Activates the EVPN address family between BGP neighbors. You need to set the EVPN neighbors in the default VRF.$ nv set vrf default router bgp neighbor swp51 address-family l2vpn-evpn enable on |
nv set evpn route-advertise default-gateway on |
Enables default gateway advertisement into EVPN when using EVPN Centralized Routing. You can set this per VNI, but NVIDIA recommends setting it globally.$ nv set evpn route-advertise default-gateway on |
nv set vrf <vrf-name> evpn vni <vni-id> |
Creates the layer 3 VNI for a tenant VRF when using EVPN Symmetric Routing. First, make sure to create the tenant VRF and add an SVI to it.$ nv set vrf RED vni 4001 |
nv set vrf <vrf-name> router bgp address-family ipv4-unicast route-export to-evpn enable on |
Enables the switch to install EVPN type-5 routes from the VRF BGP RIB. First, make sure to create the tenant VRF and set the layer 3 VNI to it.$ nv set vrf RED router bgp address-family ipv4-unicast route-export to-evpn enable on |
nv set evpn multihoming enable on |
Enables EVPN Multihoming (EVPN-MH) on the switch.$ nv set evpn multihoming enable on |
nv set interface <bond-name> evpn multihoming segment local-id <id> |
Configures the EVPN-MH ESI on the bond interface. Each ES must have the same ESI accross the fabric. You must set a unique ESI per bond interface on the switch.$ nv set interface bond2 evpn multihoming segment local-id 2 |
nv set interface <bond-name> evpn multihoming segment mac-address <mac-address> |
Configures the EVPN-MH ES MAC address per bond interface. The ES MAC and the ESI generates a unique EVPN type-3 route. The ES MAC must be the same on all interfaces toward the same server.$ nv set interface bond1 evpn multihoming segment mac-address 44:38:39:BE:EF:AA |
nv set interface <bond-name> evpn multihoming segment df-preference <value> |
Configures the EVPN-MH ES DF. The DF handles flooded traffic received through the VXLAN tunnels to the local ES. The default DF value is 32767. NVIDIA recommends setting the DF preference to avoid unpredictable failure scenarios.$ nv set interface bond1 evpn multihoming segment df-preference 50000 |
nv set interface <interface> evpn multihoming uplink on |
Configures the EVPN-MH uplink ports. When all ES uplink ports go down, all bonds enter an error-disabled state to prevent active MH bonds without VXLAN overlay tunnels.$ nv set interface swp51-54 evpn multihoming uplink on |
The Configuration Examples section of the Cumulus Linux user guide provides examples of EVPN layer 2 routing, centralized routing, symmetric routing, and EVPN-MH.
You can also examine and try the EVPN best practices using these pre-built simulations in Air Marketplace:
Access Control List - ACL
ACLs in Cumulus Linux are based on Linux iptables and ebtables with the following default behaviors:
- There is no implicit deny. ACLs must end in a
match any
andaction deny
rule to drop all unmatched traffic. - There is no support for wildcard masks. You must list subnets individually.
In addition to NVUE commands, you can configure ACLs by setting ebtable and iptable rules. You can also use the built-in ACL management tool cl-acltool
. For more information, refer to the Netfilter - ACLs documentation.
Command Syntax |
Description and Example |
---|---|
nv set acl <acl-name> type <type> |
Creates an IPv4, IPv6, or MAC access list. You must set the ACL type.$ nv set acl DENY_TCP_HTTP type ipv4 |
nv set acl <cl-name> rule <rule-id> match <match> |
Sets the ACL rule to match certain parameters. You must set the parameters according to the ACL type. For example, you cannot set match mac X:X:X:X:X:X to an IPv4 ACL type.$ nv set acl DENY_TCP_HTTP rule 10 match ip protocol tcp$ nv set acl DENY_TCP_HTTP rule 10 match ip source-ip ANY$ nv set acl DENY_TCP_HTTP rule 10 match ip source-port ANY$ nv set acl DENY_TCP_HTTP rule 10 match ip dest-ip 10.0.15.8/32$ nv set acl DENY_TCP_HTTP rule 10 match ip dest-port 80 |
nv set acl <acl-name> rule <rule-id> action <action> |
Sets the ACL rule action (permit , deny , set , span , erspan , police , or log ) for the matched traffic. In addition to the basic permit and deny actions, you can modify and manipulate the matched traffic using the ACL.$ nv set acl DENY_TCP_HTTP rule 10 action drop |
nv set interface <interface> acl <acl-name> <direction> |
Applies the ACL on an interface. You need to choose the ACL bind direction, inbound for ingress traffic or outbound for egress.$ nv set interface swp1 acl DENY_TCP_HTTP inbound |
nv set interface <interface> acl <acl-name> <direction> control-plane |
Applies the ACL on the control plane and binds to an interface (in an inbound or outbound direction).$ nv set interface swp1 acl deny_icmp inbound control-plane |
Monitoring Commands
The NVUE monitoring commands show how your network is configured. The monitoring commands are divided into categories (objects), which include subcommands. The general command syntax is nv show <category> <subcommand> <subcommand> <...>
. You can use TAB completion to navigate through the commands.
Command Syntax |
Description |
---|---|
nv show acl <name> |
Shows an access list configuration. |
nv show action |
Shows information about the action commands that reset counters and remove conflicts. |
nv show bridge |
Shows bridge domain configuration. |
nv show evpn |
Shows EVPN configuration. |
nv show interface |
Shows interface configuration. |
nv show mlag |
Shows MLAG configuration. |
nv show nve |
Shows network virtualization configuration, such as VXLAN-specific MLAG configuration and VXLAN flooding. |
nv show platform |
Shows platform configuration, such as hardware and software components. |
nv show qos |
Shows QoS RoCE configuration. |
nv show router |
Shows router configuration, such as router policies, global BGP and OSPF configuration, PBR, PIM, IGMP, VRR, and VRRP configuration. |
nv show service |
Shows DHCP relays and server, NTP, PTP, LLDP, and Syslog configuration. |
nv show system |
Shows global system settings, such as the reserved routing table range for PBR and the reserved VLAN range for layer 3 VNIs. You can also see system login messages and switch reboot history. |
nv show vrf |
Shows VRF configuration. |
NVUE provides additional options for the nv show
commands. These options are available using command flags.
Command Syntax |
Description |
---|---|
--applied |
Shows the applied configuration for the shown object. |
--operational |
Shows the running configuration for the shown object. The applied and operational configuration must be identical. |
--color |
Shows the output with or without colors. |
--help |
Shows help for the command. This option also applies to nv set and nv unset commands. |
--output |
Shows the output in json or yaml format. |
--paginate |
Paginates the output. |
--pending |
Shows the pending configuration of the object. The configuration that is set and unset but not yet applied or saved. |
--rev <revision> |
Shows a detached pending configuration (with the nv detach command). |
--startup |
Shows the switch startup configuration (with the nv config save command). |
--view |
Shows these different views: brief , lldp , mac , pluggables , and small . This option is available for the nv show interface command only. For example, the nv show interface --view=small command shows a list of the interfaces on the switch and the nv show interface --view=brief command shows information about each interface on the switch, such as the interface type, speed, remote host, and port. |
Here are some useful show commands:
Command Syntax |
Description |
---|---|
nv show interface |
Shows the status of all interfaces. You can specify an interface to show its configuration and operational state. For each specific interface information, use the interface name in the command. |
nv show platform hardware |
Shows switch hardware-related information such as the ASIC model, CPU, memory, serial numbers, and so on. |
nv show platform environment |
Shows switch fans, LEDs, PSU and sensor information. |
nv show platform software |
Shows the installed system software packages and their versions. |
nv show system cpu |
Shows system CPU information and utilization. |
nv show system memory |
Shows system memory information and utilization. |
nv show service ntp |
Shows NTP service configuration and status. |
nv show system wjh packet-buffer |
Shows the What Just Happened (WJH) configuration and drop events on the switch. |
nv show bridge domain br_default mac-table |
Shows the bridge MAC address table. |
nv show bridge domain br_default stp |
Shows the bridge spanning-tree status. |
nv show bridge domain br_default vlan |
Shows the bridge VLAN list and VNI mapping (if configured). |
nv show interface swp1 bridge domain br_default |
Shows the VLAN and spanning-tree status of an interface. |
nv show interface swp1 bridge domain br_default |
Shows the VLAN and spanning-tree status of an interface. |
nv show mlag |
Shows MLAG configuration and operational state. |
nv show mlag consistency-checker |
Shows configuration consistency and conflicts between MLAG peers. |
nv show mlag vni |
Shows VNI configuration on both MLAG peers. |
nv show nve |
Shows NVE interface (VTEP) configuration and operational state. |
nv show acl |
Shows access list configuration. |
Action Commands
The NVUE action commands reset counters for interfaces and remove conflicts from protodown MLAG bonds.
Command Syntax |
Description |
---|---|
nv action clear interface <interface> qos roce counters |
Resets interface RoCE counters.$ nv action clear interface swp1 qos roce counters |
nv action clear interface <bond-name> bond mlag lacp-conflict |
Removes duplicate partner MAC address or partner MAC address mismatch conflicts from protodown MLAG bonds.$ nv action clear interface bond1 bond mlag lacp-conflict |
Configuration Management
NVUE leverages the Git engine to manage configuration so that you can treat your configuration as you would code.
Command Syntax | Description |
---|---|
nv config apply |
Applies the pending configuration. The -y or --assume-yes flag automatically replies yes to all prompts (use the --assume-no flag for no ).Configuration apply does not save the configuration as the startup configuration, you need to run nv config save .You can use the --confirm flag to leverage the commit-confim capability (--confirm-status shows the time left to confirm). |
nv config detach |
Deletes the current pending configuration. |
nv config diff <revision-a> <revision-b> nv config diff <revision> <revision> -o commands |
Shows differences between two configuration revisions, such as the pending and applied configuration or the detached and pending configurations. If you use -o commands , the show command presents the information in NVUE command syntax. |
nv config history <nvue-file> |
Shows the apply history for the configuration revision (file). |
nv config patch <nvue-file> |
Updates the pending configuration with the specified YAML configuration file. For more information, refer to NVUE Snippets. |
nv config replace <nvue-file> |
Replaces the pending configuration with the specified YAML configuration file. |
nv config save |
Overwrites the startup configuration with the applied configuration (writes to /etc/nvue.d/startup.yaml ). This configuration persists after a reboot. |
nv config show nv config show -o commands |
Shows the currently applied configuration in yaml format. If you use -o commands , the show command presents the information in NVUE command syntax. |