Monitor JCNR via CLI
SUMMARY This topic contains instructions to access the JCNR controller (cRPD) CLI and run operational commands.
Accessing the JCNR Controller (cRPD) CLI
You can access the command-line interface (CLI) of the cloud-native router controller by accessing the shell of the running cRPD container.
The commands below are provided as an example. The cRPD pod name must be replaced from your environment. The command outputs may differ based on your environment.
List the K8s Pods Running in the Cluster
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE contrail-deploy contrail-k8s-deployer-7b5dd699b9-nd7xf 1/1 Running 0 41m contrail contrail-vrouter-masters-dfxgm 3/3 Running 0 41m jcnr kube-crpd-worker-ds-8tnf7 1/1 Running 0 41m jcnr syslog-ng-54749b7b77-v24hq 1/1 Running 0 41m kube-system calico-kube-controllers-57b9767bdb-5wbj6 1/1 Running 2 (92d ago) 129d kube-system calico-node-j4m5b 1/1 Running 2 (92d ago) 129d kube-system coredns-8474476ff8-fpw78 1/1 Running 2 (92d ago) 129d kube-system dns-autoscaler-7f76f4dd6-q5vdp 1/1 Running 2 (92d ago) 129d kube-system kube-apiserver-5a5s5-node2 1/1 Running 3 (92d ago) 129d kube-system kube-controller-manager-5a5s5-node2 1/1 Running 4 (92d ago) 129d kube-system kube-multus-ds-amd64-4zm5k 1/1 Running 2 (92d ago) 129d kube-system kube-proxy-l6xm8 1/1 Running 2 (92d ago) 129d kube-system kube-scheduler-5a5s5-node2 1/1 Running 4 (92d ago) 129d kube-system nodelocaldns-6kwg5 1/1 Running 2 (92d ago) 129d
Copy the name of the cRPD pod—kube-crpd-worker-ds-8tnf7 in this
example output . You will use the pod name to connect to the running container's
shell.
Connect to the cRPD CLI
Issue the kubectl exec command to access the running container's
shell:
kubectl exec -n <namespace> -it <pod name> --container <container name> -- bash
where <namespace> identifies the namespace in which the pod is running, <pod name> specificies the name of the pod and the <container name> specifies the name of the container (to be specified if the pod has more than one container).
The cRPD pod has only one running container. Here is an example command:
kubectl exec -n jcnr -it kube-crpd-worker-ds-8tnf7 -- bash
The result of the above command should appear similar to:
Defaulted container "kube-crpd-worker" out of: kube-crpd-worker, jcnr-crpd-config (init), install-cni (init)
===>
Containerized Routing Protocols Daemon (CRPD)
Copyright (C) 2020-2022, Juniper Networks, Inc. All rights reserved.
<===
root@jcnr-01:/#At this point, you have connected to the shell of the cRPD. Just as with other Junos-based shells, you access the operational mode of the cloud-native router the same way as if you were connected to the console of a physical Junos OS device.
root@jcnr-01:/# cli root@jcnr-cni>
Example Show Commands
Here are some example show commands you can execute:
show interfaces terse Interface@link Oper State Addresses __crpd-brd1 UNKNOWN fe80::acbf:beff:fe8a:e046/64 cali1b684d67bd4@if3 UP fe80::ecee:eeff:feee:eeee/64 cali34cf41e29bb@if3 UP fe80::ecee:eeff:feee:eeee/64 docker0 DOWN 172.17.0.1/16 eno1 UP 10.102.70.146/24 fe80::a94:efff:fe79:dcae/64 eno2 UP eno3 UP 10.1.1.1/24 fe80::a94:efff:fe79:dcac/64 eno3v1 UP eno4 DOWN enp0s20f0u1u6 UNKNOWN ens2f0 DOWN ens2f1 DOWN erspan0@NONE DOWN eth0 UNKNOWN 169.254.143.126/32 fe80::b4db:eeff:fe78:9f43/64 gre0@NONE UNKNOWN gretap0@NONE DOWN ip6tnl0@NONE UNKNOWN fe80::74b6:2cff:fea7:d850/64 irb DOWN kube-ipvs0 DOWN 10.233.0.1/32 10.233.0.3/32 10.233.35.229/32 lo UNKNOWN 127.0.0.1/8 ::1/128 lsi UNKNOWN fe80::cc59:6dff:fe9c:4db3/64 nodelocaldns DOWN 169.254.25.10/32 sit0@NONE UNKNOWN ::169.254.143.126/96 ::10.233.91.64/96 ::172.17.0.1/96 ::10.102.70.146/96 ::10.1.1.1/96 ::127.0.0.1/96 tunl0@NONE UNKNOWN vxlan.calico UNKNOWN 10.233.91.64/32 fe80::64c6:34ff:fecd:3522/64
show configuration routing-instances
vswitch {
instance-type virtual-switch;
bridge-domains {
bd100 {
vlan-id 100;
}
bd200 {
vlan-id 200;
}
bd300 {
vlan-id 300;
}
bd700 {
vlan-id 700;
interface enp59s0f1v0;
}
bd701 {
vlan-id 701;
}
bd702 {
vlan-id 702;
}
bd703 {
vlan-id 703;
}
bd704 {
vlan-id 704;
}
bd705 {
vlan-id 705;
}
}
interface bond0;
}show bridge ? Possible completions: mac-table Show media access control table statistics Show bridge statistics information
show bridge mac-table ? Possible completions: <[Enter]> Execute this command count Number of MAC address mac-address MAC address in the format XX:XX:XX:XX:XX:XX vlan-id Display MAC address learned on a specified VLAN or 'all-vlan' | Pipe through a command
show bridge mac-table Routing Instance : default-domain:default-project:ip-fabric:__default__ Bridging domain VLAN id : 3002 MAC MAC Logical address flags interface 00:00:5E:00:53:01 D bond0
show bridge statistics ? Possible completions: <[Enter]> Execute this command vlan-id Display statistics for a particular vlan (1..4094) | Pipe through a command
show bridge statistics
Bridge domain vlan-id: 100
Local interface: bond0
Broadcast packets Tx : 0 Rx : 0
Multicast packets Tx : 0 Rx : 0
Unicast packets Tx : 0 Rx : 0
Broadcast bytes Tx : 0 Rx : 0
Multicast bytes Tx : 0 Rx : 0
Unicast bytes Tx : 0 Rx : 0
Flooded packets : 0
Flooded bytes : 0
Local interface: ens1f0v1
Broadcast packets Tx : 0 Rx : 0
Multicast packets Tx : 0 Rx : 0
Unicast packets Tx : 0 Rx : 0
Broadcast bytes Tx : 0 Rx : 0
Multicast bytes Tx : 0 Rx : 0
Unicast bytes Tx : 0 Rx : 0
Flooded packets : 0
Flooded bytes : 0
Local interface: ens1f3v1
Broadcast packets Tx : 0 Rx : 0
Multicast packets Tx : 0 Rx : 0
Unicast packets Tx : 0 Rx : 0
Broadcast bytes Tx : 0 Rx : 0
Multicast bytes Tx : 0 Rx : 0
Unicast bytes Tx : 0 Rx : 0
Flooded packets : 0show firewall filter filter1 Filter : filter1 vlan-id : 3001 Term Packet t1 0
show configuration firewall:firewall
family {
bridge {
filter filter1 {
term t1 {
from {
destination-mac-address 10:30:30:30:30:31;
source-mac-address 10:30:30:30:30:30;
ether-type oam;
}
then {
discard;
}
}
}
}
}show route 172.68.20.2/32 table nad1.inet
nad1.inet.0: 11 destinations, 15 routes (11 active, 0 holddown, 0 hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
172.68.20.2/32 @[BGP/170] 00:00:23, localpref 100, from 1.1.1.220
AS path: I, validation-state: unverified
> via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.1.220), Push 48
[BGP/170] 00:13:18, localpref 100, from 1.1.24.24
AS path: I, validation-state: unverified
> via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.24.24), Push 16
#[Multipath/255] 00:00:23, metric2 2
via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.1.220), Push 48
> via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.24.24), Push 16show interfaces routing enp216s0f0
Interface State Addresses
enp216s0f0 Up MPLS enabled
ISO enabled
INET 192.168.123.3
INET6 2001:192:168:123::3
INET6 fe80::42a6:b7ff:fe2c:a448show dynamic-tunnels database
*- Signal Tunnels #- PFE-down
Table: inet.3
Destination-network: 1.1.1.220/32
Destination-network: 1.1.24.24/32
Tunnel to: 1.1.24.24/32
Reference count: 4
Next-hop type: UDP (forwarding-nexthop)
Source address: 1.1.1.35
Next hop: v6 mapped, tunnel-composite, 0x557917afc91c, nhid 0
VPN Label: Push 16, Reference count: 2
Ingress Route: [OSPF] 1.1.24.24/32, via metric 2
Traffic Statistics: Packets 0, Bytes 0
State: Up
Aggregate Traffic Statistics:Example Clear Commands
Here are some example clear commands:
clear bridge mac-table ? Possible completions: <[Enter]> Execute this command mac-address Clear specific MAC address vlan-id Clear mac-table for a specified vlan-id (1..4094) | Pipe through a command
clear bridge statistics ? Possible completions: <[Enter]> Execute this command vlan-id Clear L2 interface statistics for a specified vlan-id (1..4094) | Pipe through a command