NetQ Command Line Overview
The NetQ CLI provides access to all network state and event information collected by NetQ Agents. It behaves similarly to typical CLIs, with groups of commands that display related information, and help commands that provide additional information. There are four command categories: check, show, config, and trace.
The NetQ command line interface only runs on switches and server hosts implemented with Intel x86 or ARM-based architectures. If you are unsure what architecture your switch or server employs, check the Hardware Compatibility List and verify the value in the Platforms tab > CPU column.
When you install or upgrade NetQ, you can also install and enable the CLI on your NetQ server or appliance and hosts.
To access the CLI from a switch or server:
Log in to the device. The following example uses the default username of cumulus and a hostname of switch:
<computer>:~<username>$ ssh cumulus@switch
Enter your password to reach the command prompt. The default password is CumulusLinux!
Enter passphrase for key '/Users/<username>/.ssh/id_rsa': <enter CumulusLinux! here> Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-112-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Last login: Tue Sep 15 09:28:12 2019 from 10.0.0.14 cumulus@switch:~$
You can now run commands:
cumulus@switch:~$ netq show agents cumulus@switch:~$ netq check bgp
Command Line Basics
This section describes the core structure and behavior of the NetQ CLI. It includes the following:
- Command Line Structure
- Command Syntax
- Command Output
- Command Prompts
- Command Completion
- Command Help
- Command History
Command Line Structure
The NetQ command line has a flat structure as opposed to a modal structure: you can run all commands from the standard command prompt instead of only in a specific mode, at the same level.
All NetQ CLI commands begin with
netq. NetQ commands fall into one of four syntax categories: validation (check), monitoring (show), configuration, and trace.
netq check <network-protocol-or-service> [options] netq show <network-protocol-or-service> [options] netq config <action> <object> [options] netq trace <destination> from <source> [options]
|Parentheses ( )||Grouping of required parameters. Choose one.|
|Square brackets [ ]||Single or group of optional parameters. If more than one object or keyword is available, choose one.|
|Angle brackets < >||Required variable. Value for a keyword or option; enter according to your deployment nomenclature.|
|Pipe |||Separates object and keyword options, also separates value options; enter one object or keyword and zero or one value.|
For example, in the
netq check command:
- [<hostname>] is an optional parameter with a variable value named hostname
<network-protocol-or-service> represents a number of possible key words, such as agents, bgp, evpn, and so forth
<options> represents a number of possible conditions for the given object, such as around, vrf, or json
Examples of valid commands include:
netq leaf02 check agents json
netq show bgp
netq config restart cli
netq trace 10.0.0.5 from 10.0.0.35
The command output presents results in color for many commands. Results with errors appear in red, and warnings appear in yellow. Results without errors or warnings appear in either black or green. VTEPs appear in blue. A node in the pretty output appears in bold, and angle brackets (< >) wrap around a router interface. To view the output with only black text, run the
netq config del color command. You can view output with colors again by running
netq config add color.
All check and show commands have a default timeframe of now to one hour ago, unless you specify an approximate time using the
around keyword or a range using the
between keyword. For example, running
netq check bgp shows the status of BGP over the last hour. Running
netq show bgp around 3h shows the status of BGP three hours ago.
When entering a time value, you must include a numeric value and the unit of measure:
- w: weeks
- d: days
- h: hours
- m: minutes
- s: seconds
When using the
between option, you can enter the start time (
text-time) and end time (
text-endtime) values as most recent first and least recent second, or vice versa. The values do not have to have the same unit of measure. Use the
around option to view information for a particular time.
NetQ code examples use the following prompts:
cumulus@switch:~$Indicates the user cumulus is logged in to a switch to run the example command
cumulus@host:~$Indicates the user cumulus is logged in to a host to run the example command
cumulus@netq-appliance:~$Indicates the user cumulus is logged in to either the NetQ Appliance or NetQ Cloud Appliance to run the command
cumulus@hostname:~$Indicates the user cumulus is logged in to a switch, host or appliance to run the example command
To use the NetQ CLI, the switches must be running the Cumulus Linux or SONiC operating system (OS), NetQ Platform or NetQ Collector software, the NetQ Agent, and the NetQ CLI. The hosts must be running CentOS, RHEL, or Ubuntu OS, the NetQ Agent, and the NetQ CLI. Refer to Install NetQ for additional information.
As you enter commands, you can get help with the valid keywords or options using the tab key. For example, using tab completion with
netq check displays the possible objects for the command, and returns you to the command prompt to complete the command:
cumulus@switch:~$ netq check <<press Tab>> agents : Netq agent bgp : BGP info cl-version : Cumulus Linux version clag : Cumulus Multi-chassis LAG evpn : EVPN interfaces : network interface port mlag : Multi-chassis LAG (alias of clag) mtu : Link MTU ntp : NTP ospf : OSPF info sensors : Temperature/Fan/PSU sensors vlan : VLAN vxlan : VXLAN data path cumulus@switch:~$ netq check
As you enter commands, you can get help with command syntax by entering
help at various points within a command entry. For example, to find out what options are available for a BGP check, enter
help after entering some of the
netq check command. In the following example, you can see that there are no additional required parameters and you can use three optional parameters —
around — with a BGP check:
cumulus@switch:~$ netq check bgp help Commands: netq check bgp [label <text-label-name> | hostnames <text-list-hostnames>] [vrf <vrf>] [check_filter_id <text-check-filter-id>] [include <bgp-number-range-list> | exclude <bgp-number-range-list>] [around <text-time>] [json | summary] netq show unit-tests bgp [check_filter_id <text-check-filter-id>] [json]
To see an exhaustive list of commands, run:
cumulus@switch:~$ netq help list
To get usage information for NetQ, run:
cumulus@switch:~$ netq help verbose
The CLI stores commands issued within a session, which lets you review and rerun commands that you already ran. At the command prompt, press the Up Arrow and Down Arrow keys to move back and forth through the list of commands previously entered. When you have found a given command, you can run the command by pressing Enter, just as you would if you had entered it manually. You can also modify the command before you run it.
While the CLI has a flat structure, NetQ commands are conceptually grouped into the following functional categories:
netq check commands validate the current or historical state of the network by looking for errors and misconfigurations in the network. The commands run fabric-wide validations against various configured protocols and services to determine how well the network is operating. You can perform validation checks for the following:
- agents: NetQ Agents operation on all switches and hosts
- bgp: BGP (Border Gateway Protocol) operation across the network fabric
- clag: Cumulus Linux MLAG (multi-chassis LAG/link aggregation) operation
- cl-version: Cumulus Linux version
- evpn: EVPN (Ethernet Virtual Private Network) operation
- interfaces: network interface port operation
- mlag: Cumulus MLAG (multi-chassis LAG/link aggregation) operation
- mtu: Link MTU (maximum transmission unit) consistency across paths
- ntp: NTP (Network Time Protocol) operation
- ospf: OSPF (Open Shortest Path First) operation
- sensors: Temperature/Fan/PSU sensor operation
- vlan: VLAN (Virtual Local Area Network) operation
- vxlan: VXLAN (Virtual Extensible LAN) data path operation
The commands take the form of
netq check <network-protocol-or-service> [options], where the options vary according to the protocol or service.
netq show commands let you view details about the current or historical configuration and status of various protocols and services. You can view the configuration and status for the following:
- address-history: Address history info for a IP address/prefix
- agents: NetQ Agents status on switches and hosts
- bgp: BGP status across the network fabric
- cl-btrfs-info: BTRFS file system data for monitored Cumulus Linux switches
- cl-manifest: Information about the versions of Cumulus Linux available on monitored switches
- cl-pkg-info: Information about software packages installed on monitored switches
- cl-resource: ACL and forwarding information
- cl-ssd-util: SSD utilization information
- clag: CLAG/MLAG status
- dom: Digital Optical Monitoring
- ethtool-stats: Interface statistics
- events: Display changes over time
- events-config: Event suppression configuration
- evpn: EVPN status
- interface-stats: Interface statistics
- interface-utilization: Interface statistics plus utilization
- interfaces: network interface port status
- inventory: hardware component information
- ip: IPv4 status
- ipv6: IPv6 status
- job-status: status of upgrade jobs running on the appliance or VM
- kubernetes: Kubernetes cluster, daemon, pod, node, service and replication status
- lldp: LLDP status
- mac-commentary: MAC commentary info for a MAC address
- mac-history: Historical information for a MAC address
- macs: MAC table or address information
- mlag: MLAG status (an alias for CLAG)
- neighbor-history: Neighbor history info for an IP address
- notification: Notifications sent to various channels
- ntp: NTP status
- opta-health: Display health of apps on the OPTA
- opta-platform: NetQ Appliance version information and uptime
- ospf: OSPF status
- recommended-pkg-version: Current host information to be considered
- resource-util: Display usage of memory, CPU and disk resources
- roce-config: Display RoCE configuration
- roce-counters: Displays RDMA over Converged Ethernet counters for a given switch
- sensors: Temperature/Fan/PSU sensor status
- services: System services status
- tca: Threshold crossing alerts
- trace: Control plane trace path across fabric
- unit-tests: Show list of unit tests for
- validation: Scheduled validation check
- vlan: VLAN status
- vxlan: VXLAN data path status
- wjh-drop: dropped packet data from NVIDIA® Mellanox® What Just Happened®
The commands take the form of
netq [<hostname>] show <network-protocol-or-service> [options], where the options vary according to the protocol or service. You can restrict the commands from showing the information for all devices to showing information only for a selected device using the
netq notification, and
netq install—allow you to manage NetQ Agent and CLI server configurations, configure lifecycle management, set up container monitoring, and manage notifications.
NetQ Agent Configuration
The agent commands configure individual NetQ Agents.
The agent configuration commands can add and remove agents from switches and hosts, start and stop agent operations, debug the agent, specify default commands, and enable or disable a variety of monitoring features (including Kubernetes, sensors, FRR (FRRouting), CPU usage limit, and What Just Happened).
Commands apply to one agent at a time. Run them from the switch or host where the NetQ Agent resides.
The agent configuration commands include:
netq config (add|del|show) agent netq config (start|stop|status|restart) agent
The following example shows how to configure the agent to send sensor data:
cumulus@switch~:$ netq config add agent sensors
The following example shows how to start monitoring with Kubernetes:
cumulus@switch:~$ netq config add agent kubernetes-monitor poll-period 15
The following example shows how to view the NetQ Agent configuration:
cumulus@switch:~$ netq config show agent netq-agent value default --------------------- --------- --------- enable-opta-discovery True True exhibitport agenturl server 127.0.0.1 127.0.0.1 exhibiturl vrf default default agentport 8981 8981 port 31980 31980
After making configuration changes to your agents, you must restart the agent for the changes to take effect. Use the
netq config restart agent command.
netq config cli configures and manages the CLI component. You can add or remove the CLI (essentially enabling/disabling the service), start and restart it, and view the configuration of the service.
Commands apply to one device at a time, and you run them from the switch or host where you run the CLI.
The CLI configuration commands include:
netq config add cli server netq config del cli server netq config show cli premises [json] netq config show (cli|all) [json] netq config (status|restart) cli netq config select cli premise
The following example shows how to restart the CLI instance:
cumulus@switch~:$ netq config restart cli
The following example shows how to enable the CLI on a NetQ on-premises appliance or virtual machine (VM):
cumulus@switch~:$ netq config add cli server 10.1.3.101
The following example shows how to enable the CLI on a NetQ Cloud Appliance or VM for the Chicago premises and the default port:
netq config add cli server api.netq.cumulusnetworks.com access-key <user-access-key> secret-key <user-secret-key> premises chicago port 443
NetQ System Configuration Commands
Use the following commands to manage the NetQ system itself:
- bootstrap: Loads the installation program onto the network switches and hosts in either a single server or server cluster arrangement.
- decommission: Decommissions a switch or host.
- install: Installs NetQ in standalone or cluster deployments; also used to install patch software.
- upgrade bundle: Upgrades NetQ on NetQ On-premises Appliances or VMs.
The following example shows how to bootstrap a single server or master server in a server cluster:
cumulus@switch:~$ netq bootstrap master interface eth0 tarball /mnt/installables/netq-bootstrap-4.1.0.tgz
The following example shows how to decommission a switch named leaf01:
cumulus@netq-appliance:~$ netq decommission leaf01
Event Notification Commands
The notification configuration commands can add, remove, and show notification application integrations. These commands create the channels, filters, and rules needed to control event messaging. The commands include:
netq (add|del|show) notification channel netq (add|del|show) notification rule netq (add|del|show) notification filter netq (add|del|show) notification proxy
An integration includes at least one channel (PagerDuty, Slack, or syslog), at least one filter (defined by rules you create), and at least one rule.
The following example shows how to configure a PagerDuty channel:
cumulus@switch:~$ netq add notification channel pagerduty pd-netq-events integration-key c6d666e210a8425298ef7abde0d1998 Successfully added/updated channel pd-netq-events
Refer to Configure System Event Notifications for additional examples.
Threshold-based Event Notification Commands
NetQ supports TCA events, a set of events that are triggered by crossing a user-defined threshold. Configure and manage TCA events using the following commands:
netq add tca [event_id <text-event-id-anchor>] [tca_id <text-tca-id-anchor>] [scope <text-scope-anchor>] [severity info | severity error] [is_active true | is_active false] [suppress_until <text-suppress-ts>] [threshold_type user_set | threshold_type vendor_set] [ threshold <text-threshold-value> ] [channel <text-channel-name-anchor> | channel drop <text-drop-channel-name>] netq del tca tca_id <text-tca-id-anchor> netq show tca [tca_id <text-tca-id-anchor>] [json]
Lifecycle Management Commands
netq lcm lifecycle management commands help you efficiently manage the deployment of NVIDIA product software onto your network devices (servers, appliances, and switches).
LCM commands allow you to:
- Manage network OS and NetQ images in a local repository
- Configure switch access credentials for installations and upgrades
- Manage switch inventory and roles
- Upgrade NetQ (Agents and CLI) on switches with NetQ Agents
- Install or upgrade NetQ Agents and CLI on switches with or without NetQ Agents
- Upgrade the network OS on switches with NetQ Agents
- View a result history of upgrade attempts
The following example shows the NetQ configuration profiles:
cumulus@switch:~$ netq lcm show netq-config ID Name Default Profile VRF WJH CPU Limit Log Level Last Changed ------------------------- --------------- ------------------------------ --------------- --------- --------- --------- ------------------------- config_profile_3289efda36 NetQ default co Yes mgmt Disable Disable info Tue Apr 27 22:42:05 2021 db4065d56f91ebbd34a523b45 nfig 944fbfd10c5d75f9134d42023 eb2b
The following example shows how to add a Cumulus Linux installation image to the NetQ repository on the switch:
netq lcm add cl-image /path/to/download/cumulus-linux-4.3.0-mlnx-amd64.bin
trace commands lets you view the available paths between two nodes on the network currently and at a time in the past. You can perform a layer 2 or layer 3 trace, and view the output in one of three formats: JSON, pretty, and detail. JSON output provides the output in a JSON file format for ease of importing to other applications or software. Pretty output lines up the paths in a pseudo-graphical manner to help visualize multiple paths. Detail output is useful for traces with higher hop counts where the pretty output wraps lines, making it harder to interpret the results. The detail output displays a table with a row for each path.
The trace command syntax is:
netq trace <mac> [vlan <1-4096>] from (<src-hostname>|<ip-src>) [vrf <vrf>] [around <text-time>] [json|detail|pretty] [debug] netq trace <ip> from (<src-hostname>|<ip-src>) [vrf <vrf>] [around <text-time>] [json|detail|pretty] [debug]