Cisco IOS XR Virtual Firewall Command Reference, Release 3.8
High Availability Commands
Download this chapter
High Availability CommandsHigh Availability Commands
Download the complete book
Cisco Virtual Firewall Command ReferenceCisco Virtual Firewall Command Reference (PDF - 6 MB)
give_us_feedback

Table Of Contents

High Availability Commands on the Virtual Firewall

associate-context

clear ft

ft auto-sync

ft group

ft interface

ft-interface

ft peer

heartbeat

inservice

peer

peer ip

show ft group

show ft history

show ft idmap

show ft memory

show ft peer

show ft stats


High Availability Commands on the Virtual Firewall

This module describes the commands necessary to configure redundant Multi-Service Blade (MSB) modules to provide high-availability (HA) capability for the VFW feature.

Note The commands described in this module are SanOS (Linux) commands used on the VFW application. Before you can access any of these commands, you must attach from the route processor to the VFW application using the service firewall attach location command. For more information, see the "Attaching to the VFW Application" section in Cisco IOS XR Virtual Firewall Configuration Guide.

associate-context

To associate a context with a fault-tolerant (FT) group, use the associate-context command in FT group configuration mode. To remove a context from an FT group, use the no form of this command.

associate-context name

no associate-context name

Syntax Description

name

Identifier of the context that you want to associate with the FT group. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Defaults

No default behavior or values

Command Modes

FT group configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The associate-context command can be used in the Admin context only.

Use the associate-context command to associate a context with an FT group. You need to make this association for each of the two redundant contexts in an FT group.

Before you can remove a context from an FT group, you must first take the group out of service using the no inservice command.

Examples

The following example shows how to associate a context with an FT group: 

firewall/Admin(config-ft-group)# associate-context C1

Related Commands

Command
Description

context

Creates a context.

show ft group

Displays the FT or redundancy statistics per context.


clear ft

To clear the fault-tolerant (FT) statistics or history, use the clear ft command in EXEC mode.

clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]}

Syntax Description

all

Clears all redundancy statistics, including all TL, heartbeat, and tracking counters. This option is available in Admin context only.

ha-stats

Clears all transport layer-related counters that the VFW application displays as part of the show ft peer detail command output. This option is available in Admin context only.

hb-stats

Clears all heartbeat-related statistics. When you enter this command for the first time, the VFW application sets the heartbeat statistics counters to zero and stores a copy of the latest statistics locally. From that point on, when you enter the show ft hb-stats command, the VFW application displays the difference between the statistics that are stored locally and the current statistics. This option is available in Admin context only.

history

Clears the fault-tolerant history. This option is available in Admin context only.

cgf_cntrl

Clears the configuration controller debug history.

ha_dp_mgr

Clears the HA DP manager debug history.

ha_mgr

Clears the HA manager debug history.

track-stats

Clears tracking-related statistics for the Admin FT group only, a user context FT group only, or for all FT groups that are configured in the VFW application.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

The stats keyword was replaced by the ha-stats, hb-stats, and track-stats keywords.


Usage Guidelines

This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to clear the fault-tolerant statistics: 

firewall/Admin# clear ft ha-stats

Related Commands

Command
Description

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.

show ft group

Displays the FT or redundancy statistics per context.


ft auto-sync

To enable automatic synchronization of the running-configuration and the startup-configuration files in a redundancy configuration, use the ft auto-sync command in configuration mode. To disable the automatic synchronization of the running-configuration file or the startup-configuration file, use the no form of this command.

ft auto-sync {running-config | startup-config}

no ft auto-sync {running-config | startup-config}

Syntax Description

running-config

Enables autosynchronization of the running-configuration file. The default is enabled.

startup-config

Enables autosynchronization of the startup-configuration file. The default is enabled.


Defaults

The VFW application automatically updates the running configuration and startup configuration on the standby context of an FT group with any changes that occur to the running configuration or startup configuration, respectively, of the active context.

Command Modes

Configuration

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the fault-tolerant feature in your user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

By default, the VFW application automatically updates the running configuration and startup configuration on the standby context of an FT group with any changes that occur to the configuration of the active context. If you disable the ft auto-sync command, you need to update the configuration of the standby context manually. For more information about configuration synchronization and configuring redundancy, see Cisco IOS XR Firtual Firewall Configuration Guide.

Caution Toggling the ft auto-sync running-config command in the Admin context may have undesirable side effects if the same command is also disabled in an active user context. If the ft auto-sync running-config command is disabled in the active Admin context and in an active user context, and you subsequently enable the ft auto-sync running-config command in the active Admin context first, the entire configuration of the standby user context is lost. Always enable the ft auto-sync running-config command in the active user context first, then enable the command in the active Admin context.

Examples

The following example shows how to enable autosynchronization of the running-configuration file in the C1 context: 

firewall/C1(config)# ft auto-sync running-config

Related Commands

Command
Description

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft interface

Creates an FT interface and enters FT interface configuration mode.

ft peer

Configures an FT peer and enters FT peer configuration mode.


ft group

To create a fault-tolerant (FT) group for redundancy, use the ft group command in configuration mode. To remove an FT group from the configuration, use the no form of this command.

ft group group_id

no ft group group_id

Syntax Description

group-id

Unique identifier of the FT group. Enter an integer from 1 to 255.


Defaults

No default behavior or values

Command Modes

Configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The ft group command can be used in the Admin context only.

You must configure the same group ID on both peer modules.

On each VFW application, you can create multiple FT groups, up to a maximum of 256 groups. Each group consists of a maximum of two members (contexts): one active context on one module and one standby context on the peer module.

Examples

The following example shows how to configure a fault-tolerant group: 

firewall/Admin(config)# ft group 1

firewall/Admin(config-ft-group)#

Related Commands

Command
Description

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft interface

Creates an FT interface and enters FT interface configuration mode.

ft peer

Configures an FT peer and enters FT peer configuration mode.

inservice

Places an FT group in service.

peer

Associates a peer VFW application with an FT group.


ft interface

To create a fault-tolerant (FT) interface and access FT interface configuration mode, use the ft interface command in configuration mode. To remove an FT interface from the redundancy configuration, use the no form of this command.

ft interface interface_name

no ft interface interface_name

Syntax Description

interface_name

Identifier of an existing interface that you want to use as the FT interface.


Defaults

No default behavior or values

Command Modes

Configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the System feature in your user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The ft interface command can be used in the Admin context only.

To remove an FT interface from the redundancy configuration, first dissociate it from the FT peer using the no form of the ft-interface command. Then, use the no ft interface command in configuration mode.

Examples

The following example shows how to configure an FT interface and access FT group configuration mode: 

firewall/Admin(config)# ft interface xyz

firewall/Admin(config-ft-intf)#

The following example shows how to delete the FT interface configuration: 

firewall/Admin(config)# no ft interface xyz

Related Commands

Command
Description

show ft group

Displays the FT or redundancy statistics per context.

show interface

Displays the interface information.

show running-config

Displays the running configuration information associated with the current context.


ft-interface

To associate an existing fault-tolerant (FT) interface with a peer, use the ft-interface command in FT peer configuration mode. To remove the FT interface from the peer configuration, use the no form of this command.

ft-interface interface_name

no ft-interface interface_name

Syntax Description

interface_name

Identifier of an existing interface.


Defaults

No default behavior or values

Command Modes

FT peer configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The ft-interface command can be used in the Admin context only.

Examples

The following example shows how to associate an existing FT interface with a peer: 

firewall/Admin(config)# ft peer 1

firewall/Admin(config-ft-peer)# ft-interface xyz

Related Commands

Command
Description

ft peer

Configures an FT peer and enters FT peer configuration mode.

show ft group

Displays the FT or redundancy statistics per context.


ft peer

To configure a fault-tolerant (FT) peer and access FT peer configuration mode, use the ft peer command in configuration mode. To remove an FT group from the configuration, use the no form of this command.

ft peer peer_id

no ft peer peer_id

Syntax Description

peer_id

Unique identifier of the FT peer. Enter 1.


Defaults

No default behavior or values

Command Modes

Configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The ft peer command can be used in the Admin context only.

Examples

The following example shows how to configure an FT peer and access FT peer configuration mode: 

firewall/Admin(config)# ft peer 1

firewall/Admin(config-ft-peer)#

Related Commands

Command
Description

ft-interface

Associates an existing FT interface with a peer.

heartbeat

Configures the heartbeat interval and count for verification timing between active and standby FT peers.

show ft group

Displays the FT or redundancy statistics per context.

show running-config

Displays the running configuration information associated with the current context.


heartbeat

To configure the heartbeat interval and count for verification timing between active and standby fault-tolerant (FT) peers, use the heartbeat command in FT peer configuration mode. To remove the FT interface from the peer configuration, use the no form of this command.

heartbeat {count number | interval frequency}

no heartbeat {count number | interval frequency}

Syntax Description

count number

Specifies the number of heartbeat intervals that must transpire with no heartbeat packet received by the standby member, before the standby member determines that the active member is not available. Enter an integer from 10 to 50. The default is 10 heartbeat intervals.

interval frequency

Specifies the time period between heartbeats in milliseconds (ms). Enter an integer from 100 to 1000 ms. The default is 300 ms.


Defaults

No default behavior or values

Command Modes

FT peer configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The heartbeat command can be used in the Admin context only.

If the standby member of the FT group does not receive a heartbeat packet from the active member, a time period equal to count number times interval frequency must elapse before a switchover can occur.

Examples

The following example shows how to set a heartbeat count of 20: 

firewall/Admin(config)# ft peer 1

firewall/Admin(config-ft-peer)# heartbeat count 20

The following example shows how to set a heartbeat interval of 200 milliseconds: 

firewall/Admin(config-ft-peer)# heartbeat interval 200

Related Commands

Command
Description

ft peer

Configures an FT peer and enters FT peer configuration mode.

show ft group

Displays the FT or redundancy statistics per context.


inservice

To place a fault-tolerant (FT) group in service, use the inservice command in FT group configuration mode. To take the FT group out of service, use the no form of this command.

inservice

no inservice

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

FT group configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The inservice command can be used in the Admin context only.

Before you place an FT group in service, be sure that you have associated one or two contexts with the FT group and have properly configured the two peers.

Examples

The following example shows how to place an FT group in service: 

firewall/Admin(config)# ft group 1

firewall/Admin(config-ft-group)# inservice

Related Commands

Command
Description

ft group

Creates a fault-tolerant (FT) group for redundancy.


peer

To associate a peer VFW application with a fault-tolerant (FT) group, use the peer command in FT group configuration mode. To remove the peer association with the FT group, use the no form of this command.

peer peer_id

no peer peer_id

Syntax Description

peer_id

Identifier of an existing peer module. Enter 1 for the peer ID.


Defaults

No default behavior or values

Command Modes

FT group configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The peer designation is used to denote the remote standby member of the FT group. A context in a redundant configuration can have only one peer context.

The peer command can be used in the Admin context only.

Examples

The following example shows how to associate a peer module with an FT group: 

firewall/Admin(config)# ft group 1

firewall/Admin(config-ft-group)# peer 1

Related Commands

Command
Description

ft group

Creates a fault-tolerant (FT) group for redundancy.

show ft group

Displays the FT or redundancy statistics per context.


peer ip

To configure an IP address for the remote peer to allow the local member of the fault-tolerant (FT) group to communicate with the remote peer, use the peer ip command in FT interface configuration mode. To remove the IP address from the peer configuration, use the no form of this command.

peer ip address ip_address netmask

no peer ip address ip_address netmask

Syntax Description

address ip_address

Specifies the IP address of the remote peer. Enter an IP address in dotted-decimal notation.

netmask

Subnet mask of the remote peer. Enter a subnet mask in dotted-decimal notation.


Defaults

No default behavior or values

Command Modes

FT interface configuration

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

This command is available in the Admin context only.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the system feature in your user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

The peer ip command can be used in the Admin context only.

Examples

The following example shows how to configure an IP address for the remote peer: 

firewall/Admin(config-ft-intf)# peer ip address 192.168.12.15 255.255.255.0

Related Commands

Command
Description

ip address

Assigns an IP address on a VFW management or fault-tolerant (FT) interface.

show interface

Displays the interface information.


show ft group

To display the fault-tolerant (FT) or redundancy peer statistics, use the show ft group command in EXEC mode.

show ft group {[group_id] {detail | status | summary} | brief}

Syntax Description

group-id

(Optional) Unique identifier of the FT group. Enter an integer from 1 to 255.

brief

Displays summary information for all peers.

detail

Displays detailed information for the specified FT group or peer.

status

Displays the current operating status for the specified FT group or peer.

summary

Displays summary information for the specified FT group or peer.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

In the Admin context, the show ft group command displays statistics for all FT groups in the VFW application. Also, in the Admin context, you can specify an FT group number to display statistics for an individual group. In a user context, this command displays statistics only for the FT group to which the user context belongs.

Examples

The following example shows sample output from the show ft group command with the status keyword: 

firewall/Admin# show ft group status 


FT Group                     : 1

Configured Status            : in-service

Maintenance mode             : MAINT_MODE_OFF

My State                     : FSM_FT_STATE_ACTIVE

Peer State                   : FSM_FT_STATE_STANDBY_HOT

Peer Id                      : 1

No. of Contexts              : 1


FT Group                     : 2

Configured Status            : in-service

Maintenance mode             : MAINT_MODE_OFF

My State                     : FSM_FT_STATE_ACTIVE

Peer State                   : FSM_FT_STATE_STANDBY_HOT

Peer Id                      : 1

.

.

.

The following example shows sample output from the show ft group command for a specific group: 

firewall/Admin# show ft group 2 status 


FT Group                     : 2

Configured Status            : in-service

Maintenance mode             : MAINT_MODE_OFF

My State                     : FSM_FT_STATE_ACTIVE

Peer State                   : FSM_FT_STATE_STANDBY_HOT

Peer Id                      : 1

No. of Contexts              : 1

The following example shows sample output from the show ft group command with the summary keyword: 

firewall/Admin# show ft group summary 


FT Group                     : 1

Configured Status            : in-service

Maintenance mode             : MAINT_MODE_OFF

My State                     : FSM_FT_STATE_ACTIVE

My Config Priority           : 100

My Net Priority              : 100

My Preempt                   : Disabled

Peer State                   : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority         : 100

Peer Net Priority            : 100

Peer Preempt                 : Disabled

Peer Id                      : 1

No. of Contexts              : 1


FT Group                     : 2

Configured Status            : in-service

Maintenance mode             : MAINT_MODE_OFF

My State                     : FSM_FT_STATE_ACTIVE

My Config Priority           : 100

My Net Priority              : 100

My Preempt                   : Disabled

Peer State                   : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority         : 100

Peer Net Priority            : 100

Peer Preempt                 : Disabled

Peer Id                      : 1

No. of Contexts              : 1

.

.

.

The following example shows sample output from the show ft group command with the brief keyword: 

firewall/Admin# show ft group brief 


FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: ctx1      Context Id: 1

FT Group ID: 2  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: ctx2      Context Id: 451

FT Group ID: 3  My State:FSM_FT_STATE_INIT      Peer State:FSM_FT_STATE_INIT

                Context Name: ctx3      Context Id: 223

FT Group ID: 4  My State:FSM_FT_STATE_INIT      Peer State:FSM_FT_STATE_INIT

                Context Name: ctx4      Context Id: 334

FT Group ID: 5  My State:FSM_FT_STATE_INIT      Peer State:FSM_FT_STATE_INIT

                Context Name: ctx5      Context Id: 396

FT Group ID: 6  My State:FSM_FT_STATE_INIT      Peer State:FSM_FT_STATE_INIT

                Context Name: ctx6      Context Id: 407

FT Group ID: 7  My State:FSM_FT_STATE_INIT      Peer State:FSM_FT_STATE_INIT

                Context Name: ctx7      Context Id: 418

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.


show ft history

To display a history of internal redundancy software statistics, use the show ft history command in EXEC mode.

show ft history {cfg_cntlr | ha_dp_mgr | ha_mgr}

Syntax Description

cfg_cntlr

Displays the configuration controller debug log.

ha_dp_mgr

Displays the high-availability (HA) dataplane manager debug log.

ha_mgr

Displays the HA manager debug log.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to display the configuration controller debug log: 

firewall/Admin# show ft group history cfg_cntlr

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.


show ft idmap

To display the IDMAP table, use the show ft idmap command in EXEC mode.

show ft idmap

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to display the IDMAP table: 

firewall/Admin# show ft idmap

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.


show ft memory

To display the high-availability (HA) manager memory statistics, use the show ft memory command in EXEC mode.

show ft memory [detail]

Syntax Description

detail

(Optional) Displays detailed HA manager memory statistics (Admin context only).


Defaults

No default behavior or values

Command Modes

EXEC

Admin context only

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command requires the Admin user role. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to display the detailed HA manager memory statistics: 

firewall/Admin# show ft group memory detail

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.


show ft peer

To display the fault-tolerant (FT) peer information, use the show ft command in EXEC mode.

show ft peer [peer_id] {detail | status | summary}

Syntax Description

peer_id

(Optional) Identifier of the remote standby member of the FT group.

detail

Displays detailed information for the specified FT group or peer.

status

Displays the current operating status for the specified FT group or peer.

summary

Displays summary information for the specified FT group or peer.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to display the detailed statistics for all peers: 

firewall/Admin# show ft peer detail

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.


show ft stats

To display the fault-tolerant (FT) or redundancy statistics per context, use the show ft command in EXEC mode.

show ft stats [group_id]

Syntax Description

group-id

Unique identifier of the FT group. Enter an integer from 1 to 255.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.5.0

This command was introduced on the Multi-Service Blade (MSB) for the Cisco XR 12000 Series Router.

Release 3.6.0

No modification.

Release 3.7.0

No modification.

Release 3.8.0

No modification.


Usage Guidelines

This command has no user role feature restrictions. For details about role-based access control (RBAC) and user roles, see the Configuring Virtualization on the Virtual Firewall module in Cisco IOS XR Virtual Firewall Configuration Guide.

Examples

The following example shows how to display statistics for FT group 1: 

firewall/Admin# show ft stats 1

Related Commands

Command
Description

clear ft

Clears the fault-tolerant (FT) statistics or history.

ft auto-sync

Enables automatic synchronization of the running-configuration and startup-configuration files in a redundancy configuration.

ft group

Creates a fault-tolerant (FT) group for redundancy.

ft peer

Configures an FT peer and enters FT peer configuration mode.