# UPF 命令行操作手册 通过 vppctl 连接到 UPF 进行命令行操作 ``` $ vppctl ``` **尖括号、中括号和花括说明** []:内的内容意思是可写可不写; {}:那就必须要在{}内给出的选择里选一个; <>:表示必选。 ## UPF Hashtable ### 查看 Hashtable ``` show upf hashtable [verbose] ``` - [verbose] 可填项,输出详细信息 ## MTU ### MTU 设置 设置 GTPU 隧道最大传输单元,参数为设置的值。 ``` $ upf gtpu-tunnel-mtu ``` ## HA ### 查询 HA 状态 ``` $ show upf ha status ``` ### HA 接口 添加/删除/查询 upf ha interface,操作的是 upf 全局 ha_interfaces 数据。 #### 查询 HA 接口 ``` $ show upf ha interface ``` #### 增加 HA 接口 ``` $ upf ha interface add ``` #### 删除 HA 接口 ``` $ upf ha interface del ``` ## Interface ### Interface 使能 ``` $ upf enable-disable ``` ### Interface 去使能 ``` $ upf enable-disable disable ``` ## GTP_req_enable ### gtp_req_enable 使能 ``` $ upf gtp_req_enable enable ``` ### gtp_req_enable 去使能 ``` $ upf gtp_req_enable disable ``` ## PDR_search_perf ### pdr_search_perf 使能 ``` $ upf pdr_search_perf enable ``` ### upf pdr_search_perf 去使能 ``` $ upf pdr_search_perf disable ``` ## Heartbeat ### heartbeat 使能 ``` $ upf heartbeat enable ``` ### heartbeat 去使能 ``` $ upf heartbeat disable ``` ### 查看 heartbeat 状态 ``` $ show upf heartbeat ``` ## PFD Package Flow Description ### 查询 PFD - 查询指定 app 的 pfd ``` $ show upf pfd-list app-id ``` - 查询所有的 pfd ``` $ show upf pfd-list ``` ### 增加 PFD ``` $ upf pfd-list [appid ] [fd {xxx}] [ url {xxx}] [dn{xxx}] [ct {xxx}] [no-hs] [precedence <>] ``` upf pfd-list - appid 必填项,app id - fd {xxx} 选填项,flow description;填写时有格式要求:"permit out 17 from 192.168.96.0/24 1024-65535 to any" - url {xxx} 选填项,url - dn {xxx} 选填项,domain_name - ct {xxx} 选填项,custom - no-hs 选填,no hash database - precedence <> 选填,默认值为 0 ### 删除 PFD ``` $ upf pfd-list appid del ``` ## Flowtable 对流表的操作,流表采用RCU机制实现数据同步。 ### 打开 Cache ``` $ upf flowtable cache enable ``` ### 关闭 Cache ``` $ upf flowtable cache disable ``` ### 重置 ``` $ upf flowtable reset ``` ### 查看 flowtable ``` $ show upf flowtable [verbose] ``` - [verbose] 可填项,打印详细信息 ### 查看 flowtable session ``` $ show upf flowtable sessions [verbose] ``` - [verbose] 可填项,打印详细信息 ## PFCP Endpoint PFCP 端点 IP 设置,为 UPF N4 Port。 ### 增加 PFCP Endpoint 端点 IP ``` $ upf pfcp endpoint ip
[vrf ] ``` address:UPF N4 IP vrf:table-id ### 查看 PFCP Endpoint 端点信息 ``` $ show upf pfcp endpoint ``` ## PFCP Retry ### 设置 PFCP Retry ``` $ upf pfcp_retry timeout X retry_n1 X ``` upf pfcp_retry - timeout X 可填项,设置超时时间 - retry_n1 X 可填项,设置 retry 次数 ### 查看 PFCP Retry 设置 ``` $ show upf pfcp_retry ``` ## PFCP Heartbeat PFCP Heartbeat 间隔时间,默认为 10。 ### 设置 PFCP Heartbeat 间隔时间 ``` $ upf pfcp heartbeat interval X ``` upf pfcp heartbeat - interval X 必填项,设置 pfcp 心跳间隔时间 ### 查看 PFCP Heartbeat 间隔时间 ``` show upf pfcp heartbeat interval ``` ## GTPU Endpoint ### 创建 GTPU Endpoint GTPU 端口设置,为 UPF N3 Port。 ``` $ upf gtpu endpoint [ip ] [ip6 ] [nwi ] [intf access | core | sgi | cp] [TEID-Range-Indication ] ``` upf gtpu endpoint - ip - ip6 选填项,但至少填一个,接口地址 - nwi 选填项 - intf access | core | sgi | cp 选填可选项;access,core,sgi,cp INTF_ACCESS,INTF_CORE,INTF_SGI_LAN,INTF_CP - TEID-Range-Indication 选填项,teid 不大于 7 ### 查看GTPU Endpoint ``` $ show upf gtpu endpoint ``` ## NWI Network Interface ### 增加 NWI ``` $ upf nwi [vrf ] ``` upf nwi - name 必填项,nwi name - vrf 选填项,vrf 选择 ### 删除 NWI ``` $ upf nwi [vrf ] del ``` ### 查看 NWI ``` $ show upf nwi ``` ## UE-IP-Pool 增加/删除 UE 端的 IP 池,需要设置 IP 池范围大小。 ### 创建 ue-ip-pool ``` $ upf ue-ip-pool start [ipv4 | ipv6
] size [ipv4 | ipv6 ] pool_id [nwi ] ``` upf ue-ip-pool start - ipv4 | ipv6
选填,ipv4 和 ipv6 选择,且需要输入 IP - size ipv4 | ipv6 选填,ipv4 和 ipv6 选择,且需要输入 size - pool_id 必填项,pool id - nwi 选填,nwi name ### 删除 ue-ip-pool ``` $ upf ue-ip-pool start [ipv4 | ipv6
] size [ipv4 | ipv6 ] pool_id [nwi ] del ``` ### 查询 ue-ip-pool ``` $ show upf ue-ip-pool [fib_index ] ``` show upf ue-ip-pool - fib_index 选填项,根据 fib_index 查询,未填返回所有 ## DNN ### 删除 DNN Rule ``` $ upf dnn [name ] [rule_id ] del_rule ``` upf dnn - name 必填项,操作的 DNN name - rule_id 必填项,删除指定的 Rule ### 删除 DNN ``` $ upf dnn [name ] del_dnn ``` upf dnn - name 必填项,删除的 DNN ### 查看 DNN ``` $ show upf dnn [name] ``` - name 选填项,查询指定 name 的 DNN,不填查询所有 ## PRE-DEF upf 预定义规则的操作。 ### 创建 PRE-DEF rule ``` upf pre-def rule [rule_name ] [app_id ][far_id <>] [qer_ids <1,2,...>] [urr_ids <1,2,...>] ``` upf pre-def rule - rule_name 必填项:rule name - 选填项,app_id - far_id <> 选填项,Forward action rule ID - qer_ids <1,2,...> 选填项,QoS Enforcement Rule ID,可以多选,以“,”分割 - urr_ids <1,2,...> 选填项,Usage Reporting Rule ID,可以多选,以“,”分割 ### 删除 PRE-DEF rule ``` $ upf pre-def rule [rule_name ] [app_id ][far_id <>] [qer_ids <1,2,...>] [urr_ids <1,2,...>] del ``` ### 创建 QER ``` $ upf pre-def qer [id <>] [gate-ul <0|1>] [gate-dl <0|1>] [mbr-ul ] [mbr-dl ] [qfi <>] ``` upf pre-def qer - id <> 必填项,qer 标识符 - gate-ul <0|1> 必填可选项,0/1,up 方向 - gate-dl <0|1> 必填可选项,0/1,down 方向 - mbr-ul 选填项,上行速率 - mbr-dl 选填项,下行速率 - qfi <> 选填项,QoS flow ID ### 创建 FAR ``` $ upf pre-def far [id <>] [action <1|2|4|8>] [nwi <>] [dst-if <0|1|2|3>] [out-header-desc <1|2|4|8>] [out-header-teid <>] [out-header-ip ] ``` upf pre-def far - id <> 必填项,标识符 - action <1|2|4|8> 选填可选项,1,2,4,8; 1:FAR_DROP 2:FAR-FORWARD 4:FAR_BUFFER 8:FAR_NOTIFY_CP - nwi <> 选填项,network interface,填写时,需要 upf 已存在 - dst-if <0|1|2|3> 选填可选项,Forward Parameters 0:DST_INTF_ACCESS 1:DST_INTF_CORE 2:DST_INTF_SGI_LAN 3:DST_INTF_CP 4:DST_INTF_LI - out-header-desc <1|2|4|8> 选填可选项,outer_header description 1:OUTER_HEADER_CREATION_GTP_IP4 2:OUTER_HEADER_CREATION_GTP_IP6 4:OUTER_HEADER_CREATION_UDP_IP4 8:OUTER_HEADER_CREATION_UDP_IP6 - out-header-teid <> 选填项 - out-header-ip 选填项,out ip ### 创建 URR ``` $ upf pre-def urr [id <>] [method <1|2|4>] [trigers <>] [period <>] [vol-th-ul <>] [vol-th-dl <>] [vol-th-total <>] [vol-quota-ul <>] [vol-quota-dl <>] [vol-quota-total <>] [time-threashold <>] [time-quota <>] [time-idt <>] [monitor-time <>] [linked-urr-ids <1,2,...>] ``` upf pre-def urr - id <> 必填,urr 标识符 - method <1|2|4> 选填可选项 1:SX_URR_TIME 2:SX_URR_VOLUME 3:SX_URR_EVENT - trigers <> 选填项 - period <> 选填项 - vol-th-ul <> 选填项,volume threshold ul - vol-th-dl <> 选填项,volume threshold dl - vol-quota-total <> 选填项,volume threshold total - time-threashold <> 选填项 - time-quota <> 选填项 - time-idt <> 选填项 - monitor-time <> 选填项 - linked-urr-ids <1,2,...> 选填选择项 ### 查看 PRE-DEF ``` $ show upf pre-def [urr | qer | far | rules] [urr-id ] [rule-name ] ``` show upf pre-def - urr | qer | far | rules 可填项,选择查看 urr,qer,far,rules - urr-id 可填项,选择 urr ID - rule-name 可填项,选择 rule name ## DPI Deep Packet Inspection 深度包检测 ### 创建 DPI ``` $ upf dpi name [id ] ``` upf dpi - name 必填项,用户 app name - id 选填项,默认为 0 ### 删除 DPI ``` $ upf dpi name [id ] del ``` ### 查看 DPI ``` $ show upf dpi [name ] ``` show upf dpi - [name ] 选填项,按 appid 查询,不输入查询所有 ## Load_control ### load_control 设置 ``` $ upf load_control [max_pps ] [change_threshold ] ``` upf load_control - max_pps 选填项 - change_threshold 选填项 ### 查看 load_control ``` $ show upf load_control ``` ## Forward-policy ### 创建 forward-policy ``` $ upf forward-policy name [vrf ] ``` upf forward-policy - name 必填项,标识符 - vrf 选填项,默认为 0 ### 删除 forward-policy ``` $ upf forward-policy name [vrf ] del ``` ### 查看 forward-policy ``` $ show upf forward-policy ``` ## Feature ### 设置 upf feature ``` $ upf features [ BUCP support | not support] [ DDND support | not support] [ DLBD support | not support] [ TRST support | not support][ FTUP support | not support][ PFDM support | not support] [ HEEU support | not support][ TREU support | not EMPU support | not support] [ PDIU support | not support][ UDBC support | not support][ QUOAC support | not support] [ TRACE support | not support][ FRRT support | not support][ PFDE support | not support] ``` upf features - 全部为可填项,选择具体指标的是否 support ### 查看所有的 features 状态 ``` $ show upf features ``` ## Session 会话 ### 查看 UPF Session ``` $ show upf session [cp_ip] [up_seid | table_id ue_ip | start_index | limit] ``` show upf session - cp_ip 可填项,ip 格式 - [up_seid | table_id ue_ip | start_index | limit] 可填项,根据不同资源获取 Session 根据 up_seid,ue_ip,index 查询 Session ## ACL ### 查看 ACL ``` $ show upf acl [up_seid | table_id ue_ip] ``` show upf acl - [up_seid | table_id ue_ip] 可选项,根据不同资源获取 acl 根据 up_seid 或者 ue_ip 获取 acl ## Association 偶联 ### 查看 association ``` $ show upf association ``` ### association 偶联请求 ``` $ upf association request [cp-ip ] [dp-ip ] vrf ``` upf association request - [cp-ip ] 可填项,源 ip - [dp-ip ] 可填项,目的 ip - vrf 必填项,vrf_id ### association 偶联更新 ``` $ upf association update [node_index X] [graceful_release_unit 2_seconds | 1_minute | 10_minutes | 1_hour | 10_hours | infinite graceful_release_value X] ``` upf association update - [node_index X] 可填项,node 索引 - [graceful_release_unit 2_seconds | 1_minute | 10_minutes | 1_hour | 10_hours | infinite graceful_release_value X] 可填项,设置 graceful_release_unit 时间 ## IP reassembly IP 重组 ### 创建 ip reassembly ``` $ ip reassembly [full|virtual] [ip4|ip6] [expire-walk-interval | max-reassembly-length | max-reassemblies | timeout ] ``` ip reassembly - [full|virtual] 可填可选项,默认为 virtual - [ip4|ip6] 可填可选项,ip6 - [expire-walk-interval | max-reassembly-length | max-reassemblies | timeout ] 可填可选项 ### 查看 ip reassembly ``` $ show ip reassembly [full|virtual] [ip4|ip6] ``` show ip reassembly - [full|virtual] 可填可选项,默认为 virtual - [ip4|ip6] 可填可选项,默认为 ip6 ## MSS-Clamping ### 设置 mss-clamping ``` $ upf mss-clamping |disable ``` upf mss-clamping - |disable 必填项,设置 mss 值或者关闭 ### 查看 mss-clamping ``` $ show upf mss-clamping ``` ## Trace ### 开启 upf trace ``` $ upf trace imsi [range ] ``` upf trace - imsi 必填项 - range 可填项,默认为 0-0 ### 关闭 upf trace ``` $ upf trace imsi off [range ] ``` upf trace - imsi 可填项 - range 可填项 ## PCAP ### 开启 PCAP ``` $ upf pcap [imsi |up_seid ] [rx|tx] [intfc ] [max ] [file ] [status] [max-bytes-per-pkt ] ``` upf pcap - [imsi |up_seid ] 必填项,通过 imsi 或者 up_seid 查询 - rx|tx 选填项,默认 rx/tx 为 0 - [intfc ] 选填项,sw_if_index - [max ] 选填项,packets_to_capture - [file ] 选填项,filename - [status] 选填项,status,默认为 0 - [max-bytes-per-pkt ] 选填项,max_bytes_per_pkt ### 关闭 PCAP ``` $ upf pcap [imsi |up_seid ] [rx|tx] off [intfc ] [max ] [file ] [status] [max-bytes-per-pkt ] ``` ## DNS cache ### 查看 dns 缓存内容 ```bash $ show dns cache [verbose [nn]] ``` - [verbose [nn]] 选填项, verbose 表示查看 dns 缓存的详细信息,不加 verbose 选项则仅显示 dns cache 总条数。 n 表示详细级别,默认为1,可以看到 dns 缓存配置,包括域名、 IP 、 TLL 、 在 UPF 中的时效等;级别2比级别1有更多的信息,从查询、回复和 dns 缓存当前状态三个维度展开;级别3可以看到客户端连接数等详细内容。 ### 查看 dns server ```bash $ show dns servers ``` ### 增删 dns 缓存 ```bash $ dns cache [add|del|clear] [ip4][ip6] ``` - [add|del|clear] 必填项, add 表示增加一条 dns 缓存, del 表示删除一条 dns 内容, clear 表示清空所有 dns 缓存。当操作为 add 或 del 时,需要带上 name 或 ip 的参数指明所要删除的 dns 缓存。 - 选填项,表示 dns 缓存的域名。 - [ip4] [ip6] 选填项,表示 dns 缓存的 ip 。 ### 设置 dns 超时时间 ```bash $ dns set cache expiration time [seconds] ``` - [seconds] 必填项,表示修改超时时间,以秒为单位。该设置全局生效。 ### 格式化测试 dns 连接 该命令将发起一个样例 dns 请求及回复并打印出来。 ```bash $ test dns format [verbose [nn]] ``` - [verbose [nn]] 选填项,参看 `show dns cache [verbose [nn]]` 中的解释。 ### 反格式化测试 dns 连接 该命令将发起一个样例 dns 请求及回复并打印出来。 ```bash $ test dns unformat [ip4][ip6] ``` - 必填项,域名 - [ip4] [ip6] 必填项 ### dns 超时测试 该命令将设置有效时间为0,从而使 dns 缓存失效。 ```bash $ test dns expire ``` - 必填项,指明要测试的域名。