Purpose	The ARX sends periodic heartbeats to check the health of the RON-tunnel connection. Use this command to determine the number of consecutive failures before declaring the tunnel OFFLINE.
Mode	cfg-if-vlan-ron-tnl
Security Role(s)	network-engineer or crypto-officer
Syntax	heartbeat failure max-failures   max-failures (2-10) is the number of consecutive dropped heartbeats to tolerate before declaring a failure.
Default(s)	4
Guidelines	Use the heartbeat interval command to set the number of seconds between heartbeats. Use the show ron command to see the current connection state for all RON tunnels.
Sample	bstnA(cfg-if-vlan-ron-tnl[25~toPortland])# heartbeat failure 6 sets the threshold to 6 consecutive heartbeat failures. This interface declares the tunnel OFFLINE if 7 heartbeats fail in a row.
Related Commands	ron tunnel heartbeat interval show ron

Purpose	The ARX sends periodic heartbeats to check the RON-tunnel connection. Use this command to determine the number of seconds between heartbeats.
Mode	cfg-if-vlan-ron-tnl
Security Role(s)	network-engineer or crypto-officer
Syntax	heartbeat interval seconds   seconds (1-30) is the number of seconds between heartbeats.
Default(s)	3
Guidelines	Use the heartbeat failure command to set the number of dropped heartbeats to tolerate before declaring the tunnel OFFLINE. Use the show ron command to see the current connection state for all RON tunnels.
Sample	bstnA(cfg-if-vlan-ron-tnl[25~toPortland])# heartbeat interval 15 sets a 15-second interval between RON heartbeats.
Related Commands	ron tunnel heartbeat failure show ron

Purpose	** Deprecated ** Use this command to edit a legacy RON interface, one that was created before Software Release 2.0. Use the no form of the command to remove a legacy RON interface. See the Guidelines, below.
Mode	cfg
Security Role(s)	network-engineer or crypto-officer
Syntax	interface ron if-name no interface ron if-name   if-name (1-32 characters) identifies the legacy RON interface.
Default(s)	None
Guidelines	This command is deprecated, and exists only to edit the configuration of legacy RON interfaces and tunnels. Use ron tunnel to create a new RON tunnel, which terminates at an in-band (VLAN) management IP instead of an additional RON IP address. If possible, use ron tunnel to duplicate all legacy RON tunnels, go to the remote switch(es) and run the peer address command with the new RON-tunnel address, then use no interface ron to remove the legacy tunnels. This command places you in cfg-ron mode. From there, use the ip address (cfg-ron) command to edit the local IP address, and the peer address command to change the peers address. You can optionally tune the tunnels health-check parameters by setting the heartbeat interval and the threshold for consecutive heartbeat failure events before declaring the link OFFLINE. Use shutdown to disable the interface. To view the current state and configuration of all tunnels, use show ron. For a full view of Link-State Advertisements from all switches connected via RON, use show ron database.
	If the tunnel is connected and you use no interface ron, the CLI prompts you before disconnecting it. Enter yes to continue.
Samples	bstnA(cfg)# interface ron haPeer bstnA(cfg-ron[haPeer])# edits the RON interface, haPeer.   bstnA(cfg)# no interface ron toPhilidelphia Tunnel ''toPhilidelphia'' is currently connected.   Delete tunnel ''toPhilidelphia''? [yes/no] yes bstnA(cfg)# removes the legacy toPhilidelphia interface.
Related Commands	ron tunnel show ron tunnel

Purpose	** Deprecated ** Use this command to provide a local IP address for the current (legacy) RON interface.
Mode	cfg-ron
Security Role(s)	network-engineer or crypto-officer
Syntax	ip address address mask [vlan vlan-id]   address is the IP address you choose for the RON interface (for example, 10.1.99.78). mask defines the network part of the address (for example, 255.255.255.0). vlan vlan-id (optional; 1-4096) specifies a VLAN to carry the tunnel.
Default(s)	vlan-id: 1
Guidelines
Note: This command is unique to a legacy RON interface, which is deprecated in favor of the new ron tunnel. Whenever possible, duplicate all legacy RON interfaces as RON tunnels, go to the remote switch(es) and run the peer address command with the new RON-tunnel address, then return to the local switch to delete the RON interfaces. (RON tunnels re-use an in-band-management IP, whereas RON interfaces require an additional IP address.)
	This address must also be configured at the other end of the RON tunnel as the peer address; the tunnel is not functional until the configurations match at both switches. This address must be unique from all proxy IPs, VIPs and management IPs.
Samples	bstnA(cfg-ron[toProv])# ip address 192.168.25.50 255.255.255.0 sets an IP address of 192.168.25.50 for the toProv interface. prtlndB(cfg-ron[test])# ip address 192.168.74.73 255.255.255.0 vlan 96 sets the IP address for the test interface. This address is on VLAN 96.
Related Commands	interface ron ron tunnel peer address

Purpose	Two switches in a RON are said to have a conflict if their private IP subnets are the same. Use this command to reassign a private subnet to the current switch and reboot it.
Mode	cfg
Security Role(s)	network-engineer or crypto-officer
Syntax	ip private subnet reassign
Default(s)	None
Guidelines	Use the show ron or show ron conflicts command to confirm that this switch has a private subnet that conflicts with another. Note that this command reboots the current chassis. The CLI prompts for confirmation before rebooting; enter yes to continue.
Sample	bstnA(cfg)# ip private subnet reassign Reassign a new, unused, private subnet and reboot the chassis? [yes/no] yes ...
Related Commands	ron tunnel show ron show ron conflicts

Purpose	Use this command to provide the IP address for the remote end of the RON tunnel.
Mode	cfg-if-vlan-ron-tnl
Security Role(s)	network-engineer or crypto-officer
Syntax	peer address remote-address   remote-address is the remote IP address (for example, 10.1.33.8) for the in-band (VLAN) interface at the other end of the tunnel.
Default(s)	None
Guidelines	Each end of the RON tunnel terminates at an in-band (VLAN) management interface, created with the interface vlan command. This command identifies the management interfaces ip address (cfg-if-vlan) at the other end of the tunnel. At the other end of the tunnel, the peer address points back to the local in-band-management IP.
Sample	prtlndA(cfg-if-vlan-ron-tnl[74~toBoston])# peer address 192.168.25.5 sets an IP address of 192.168.25.5 for the remote end of the toBoston tunnel.
Related Commands	ron tunnel ip address (cfg-if-vlan)

Purpose	Use the rconsole command to start a new CLI session on an ARX at the other end of a RON tunnel.
Mode	priv-exec
Security Role(s)	network-technician, network-engineer, storage-engineer, or crypto-officer
Syntax	rconsole hostname [username]   hostname (1-128 characters) is the remote switch name. username (optional, 1-32 characters) is a valid administrative user account on the remote ARX. If you omit this, the command uses the name you used to log into the current CLI session. Note that this administrative account may not exist at the remote ARX, or may have a different password.
Default(s)	username - the administrative account you used to log into the local CLI.
Guidelines	The rconsole command starts a new CLI session on a remote ARX. This occurs through a Secure Shell (SSH). The other switch must be reachable using a RON tunnel, and the name of the switch must be known to RON. To see the current switch names available through RON, use the show ron command. Those switches showing the connection status ONLINE are available through the rconsole command. The remote CLI prompts you for a password. This is the password for the username account on the remote switch; administrative accounts are configured independently at every switch in the RON (see user). Passwords are not guaranteed to be consistent throughout a RON.
Sample	bstnA# rconsole prtlndA admin Password: myP@55w0RD prtlndA> starts a CLI session on the switch, prtlndA connected through the RON. This login uses admin as a user name.
Related Commands	ron tunnel show ron user

Purpose	Use this command to remove an offline ARX from the RON.
Mode	priv-exec
Security Role(s)	network-technician, network-engineer, storage-engineer, or crypto-officer
Syntax	ron evict host-name   host-name (1-128 characters) is the name of the switch to remove from the RON.
Default(s)	None
Guidelines	If the switch is to be replaced, we recommend that you avoid this command. The show ron command shows the UUID for the former RON member, and this number is very important for a smooth switch replacement. The switch must be offline to be evicted. This means that there can be no working RON tunnels to the switch. The show ron command shows whether or not the switch is offline.
Sample	bstnA# ron evict pawtucket removes the switch, pawtucket, from the RON.
Related Commands	ron tunnel show ron

Purpose	Use this command to create one end of a resilient overlay network (RON) tunnel. RON tunnels are used for communication between two or more ARXes. Use the no form of the command to remove a RON-tunnel interface (see Guidelines below).
Mode	cfg-if-vlan
Security Role(s)	network-engineer or crypto-officer
Syntax	ron tunnel name no ron tunnel name   name (1-32 characters) is a name you choose for the RON tunnel.
Default(s)	None
Guidelines	Use this command to begin the configuration at one end of a RON tunnel. A RON tunnel terminates at an in-band (VLAN) management interface; use interface vlan to create such an interface. The in-band-management IP is the IP address of the RON tunnels local end. This command places you in cfg-if-vlan-ron-tnl mode. From there, use the peer address command to identify the peers address (that is, the IP address of the peers in-band management interface). You can optionally tune the tunnels health-check parameters by setting the heartbeat interval and the threshold for consecutive heartbeat failure events before declaring the tunnel OFFLINE. Then use no shutdown (cfg-if-vlan-ron-tnl) to enable the tunnel interface. To start traffic on the tunnel, repeat this process (reversing the IP addresses) at the other end. Multiple RON tunnels can terminate in a single in-band management interface. After you connect two switches with a RON tunnel, you can access the peer switchs CLI through the rconsole command. The show ron command shows a high-level status for the entire RON. To view the current state and configuration of a tunnel, use show ron tunnel. For a full view of Link-State Advertisements from all switches connected via RON, use show ron database. Use show ron conflicts to see which switches (if any) have a private-subnet conflict; to resolve a conflict, use ip private subnet reassign.
Samples	bstnA(cfg)# interface vlan 89 bstnA(cfg-if-vlan[89])# ron tunnel toEllesworth bstnA(cfg-if-vlan-ron-tnl[toEllesworth])# creates the tunnel, toEllesworth.   bstnA(cfg-if-vlan[89])# no ron tunnel toPhilidelphia Tunnel ''toPhilidelphia'' is currently connected. Delete tunnel ''toPhilidelphia''? [yes/no] yes bstnA(cfg-if-vlan[89])# removes the tunnel, toPhilidelphia.
Related Commands	interface vlan show ron tunnel

Purpose	Use this command to display the current RON configuration and status.
Mode	(any)
Security Role(s)	crypto-officer, storage-engineer, network-engineer, network-technician, and operator
Syntax	show ron [member]   member (optional, 1-128 characters) specifies the hostname for one member of the RON. If you omit this, the command shows all RON members.
Default(s)	None
Guidelines	This command displays a two-line entry for each member of the RON. The first line identifies the switch and its high-level status. Switch Name identifies the member switch. HA Peer Switch for the switch, if there is one. This is the switchs redundant peer. Uptime is the time since the switchs last reboot. The second line has information about the RON (and possibly the redundant pair). Status is ONLINE, OFFLINE, SUBNET CONFLICT, or unknown. The SUBNET CONFLICT status indicates that the private subnet is the same as some other switch in the RON; use show ron conflicts to find which switches conflict with which. UUID is the Universally-Unique ID for the switch. All of the shares owned by this switch are marked with this UUID. In a redundant pair, a share is owned by a switch when its volumes volume-group is set at the switch. You set a switchs UUID during installation. Management Addr is the Out-of-band MGMT interface, if configured. Otherwise, it is the address of the in-band (VLAN) management interface of the lowest-numbered VLAN.
	If you choose one member, the output focuses on that host only. The fields are the same, presented in a different format. Use ron tunnel to create one end of a RON tunnel.
Samples	prtlndA# show ron displays all hosts in the RON. Figure 14.1 shows a sample.   prtlndA# show ron prtlndB displays the RON status for one redundant peer. Figure 14.2 shows a sample.
Related Commands	ron tunnel rconsole show ron conflicts show ron database show ron route volume-group

Purpose	Two switches in a RON are said to have a conflict if their private IP subnets are the same. The show ron conflicts command shows all conflicting switches in the current RON.
Mode	(any)
Security Role(s)	crypto-officer, storage-engineer, network-engineer, network-technician, and operator
Syntax	show ron conflicts
Default(s)	None
Guidelines	This shows a table of RON conflicts, one row per conflicting switch. The Accessible Switch is available from the local switch, and the Conflicting Switch is not; some other switch in the RON might show the same conflict with the switch roles reversed. Each of these switches can only communicate with a limited number of peers in the RON, if any. To correct the problem and bring conflicting switches fully into the RON, go to one conflicting switch and use ip private subnet reassign.
Sample	prtlndA> show ron conflicts   Accessible Switch Conflicting Switch ------------------------------------------------- BIG6000-WEST ARX-500-SJC   displays all private-subnet conflicts in the RON.
Related Commands	ip private subnet reassign ron tunnel

Purpose	Use this command to display the RON-routing database.
Mode	(any)
Security Role(s)	crypto-officer, storage-engineer, network-engineer, network-technician, and operator
Syntax	show ron database
Default(s)	None
Guidelines	You can connect one ARX to another with a RON tunnel: use this command to show routing information and statistics for each ARX connected to the current switch. The output displays one table per host switch. Each table contains the following information: Hostname Status is Current, Stale, or ERROR. This represents the status of the peers Link-State Advertisement (LSA). Peers exchange periodic LSAs with information about the tunnel state(s); this table expresses the latest LSA received from the Hostname. Stale indicates that the peer is unreachable, so at least one LSA was missed since the one shown. ERROR indicates that this peer has the same private subnet as another peer in the RON. This is an unsupportable configuration. An ERROR message at the bottom of the output shows which peers have the conflict. Go to either switchs CLI and use ip private subnet reassign to change its subnet. Serial # is the serial number for the peers latest LSA. This number increments whenever the switch receives a new LSA from this peer. Age is the number of seconds since the last LSA was received from the remote peer.
	Private Subnet(s) is the hosts private subnet. If the host is part of a redundant pair, this also shows the private subnet for the hosts peer. A sub table shows all tunnels configured for the host. Each tunnel appears in one row with the following information: Tunnel is the name of the tunnel, set with the ron tunnel command. Peer is the host switch at the other end of the tunnel. You can change this with the cfg-if-vlan-ron-tnl peer address command. State is Down, Connecting, Connected, Shutdown, or Unknown. A new tunnel transitions from Shutdown to Connecting to Connected. Down indicates link failure: too many consecutive heartbeats were dropped (see heartbeat failure and heartbeat interval). Shutdown indicates that the tunnel was disabled with the shutdown (cfg-if-vlan-ron-tnl) command. RTT(ms) is the average Round-Trip Time (RTT) through the tunnel, in milliseconds. Loss(%) is the percentage of packets lost in the tunnel. TCP (Kb/s) is the estimated TCP throughput (in Kilobits per second) on the tunnel. Loss*RTT is reserved for future use.
Sample	prtlndA# show ron database displays the full RON database at the switch named prtlndA. See Figure 14.3 on page 14-16 for sample output.
Related Commands	ron tunnel show ron tunnel show ron rconsole

Purpose	This command shows the IP-routing table used by the RON process.
Mode	(any)
Security Role(s)	crypto-officer, storage-engineer, network-engineer, network-technician, and operator
Syntax	show ron route
Default(s)	None
Guidelines	This shows a table of RON routes, one row per tunnel. Each row contains four fields: Destination is the host name of the peer switch at the other end of the tunnel. Subnet is the private-IP subnet of the peer switch. Via Tunnel is tunnel for sending packets to the Subnet. Milliseconds is average round-trip time, through the tunnel and back.
Sample	prtlndA> show ron route displays the RON routing table. See Figure 14.4 for sample output.
Related Commands	ron tunnel

Purpose	Use this command to display RON-tunnel configuration.
Mode	(any)
Security Role(s)	crypto-officer, storage-engineer, network-engineer, network-technician, and operator
Syntax	show ron tunnel [name | redundancy | all]   name (optional, 1-32 characters) identifies a particular RON tunnel to display. If you omit this, the command shows a summary of all RON tunnels. redundancy (optional) is the name of an automatically-generated tunnel. This only appears on an ARX-1500 or ARX-2500 with a redundant peer. This tunnel carries redundancy-related traffic over the redundancy link that connects the redundant pair. The ARX creates this tunnel when you enter the redundancy command to join a redundant pair. all shows details for all RON tunnels on the ARX.
Default(s)	None.
Guidelines	A Resilient Overlay Network (RON) connects multiple ARX devices. One RON tunnel connects two of them; use the ron tunnel command to create a RON tunnel. This command shows the configuration and state of RON tunnels.
Guidelines: Summary Output	The show ron tunnel command (without a specific tunnel or the all keyword) shows a table of all RON tunnels. Each row summarizes the tunnel configuration and state: Name is the tunnel name, set by the ron tunnel command. State is Shutdown, Connecting, Connected, Unreachable, No Response, Mismatch, Error, or Unknown. A new tunnel transitions from Shutdown to Connecting to Connected. The error states are listed here. Unreachable means there is no local route to the tunnels remote endpoint. Use ip route to create a static route. No response indicates that the remote peer is not responding to standard RON packets (such as RON heartbeats), nor is it responding to lower-level ICMP pings. Either the network is down or the remote switch is down. Mismatch means that ICMP pings worked but the standard RON heartbeats did not. This implies the local configuration of the remote IP address is wrong (see peer address), or that the remote switch does not have a tunnel coming back to the local switch. When the tunnel is first coming up, it is in this state between the time that the lower layers are connected and RON processes start. This is normal. Shutdown indicates that the tunnel was disabled with the shutdown (cfg-if-vlan-ron-tnl) command. Error should never appear. Contact F5 if you see this.
Guidelines: Summary Output (Cont.)	Interface shows the in-band management interface that serves as the local end of the tunnel (created with interface vlan). Remote Addr is the IP address of the peers end of the tunnel. Use the peer address command to change this. (The local address is the address of the tunnels in-band management interface, set with ip address (cfg-if-vlan).) Up Time is the amount of time that the RON tunnel has been Connected.
Guidelines: Detailed Output	Include the interface name (or all) to display details for the tunnel(s): Name is the tunnel name. Peer is the host name of the remote peer. Tunnel State is the same as State in the summary version. Uptime shows how long the tunnels state has been Connected. Interface shows the in-band management interface that serves as the local end of the tunnel (created with interface vlan). Remote Address is the IP addresses at the other end of the tunnel. Use peer address to change the remote address. Security Policy is reserved for future use. Ping Fail Limit is the number of consecutive heartbeat failures to tolerate before declaring the Tunnel State No response. Use heartbeat failure to change this threshold. Ping Interval is the number of seconds between heartbeats. Use heartbeat interval to change it. Round Trip Time is the average number of milliseconds for a packet to go through the tunnel and back. Packet Lost Rate is the percentage of packets lost in the tunnel. TCP Throughput is the tunnels estimated throughput in bytes per second. Loss RTT Product is reserved for future use. RON Packets In and RON Packets Out counts the packets that are directly-related to RON, such as heartbeats and Link-State Advertisements (LSAs). Data Packets In and Data Packets Out counts all other packets, including shadow-copy data. Data Bytes In and Data Bytes Out is the total bytes (of Data Packets) exchanged. Local Processor is the CPU where the tunnel terminates, in slot.processor format. Use show processors to see a list of all processors and their roles. This does not appear for the ARX-1500 or ARX-2500; all RON tunnels terminate at processor 1.1 on those platforms.
	Last Error Code is 0 (zero), an error number, Network Unreachable, or Host Unreachable. If an error number appears here, contact F5 for interpretation. Control Errors is the number of errors from RON control packets, such as RON heartbeats and LSAs. Data Errors is the number of failed data packets. These are packets unrelated to RON control, such as replicated files.
Samples	prtlndA> show ron tunnel displays a summary of all configured RON tunnels. See Figure 14.5 for sample output.   prtlndA> show ron tunnel toBoston displays details for a RON tunnel named, toBoston. See Figure 14.6 on page 14-21.   prtlndA> show ron tunnel all displays details for all RON tunnels.   stoweA> show ron tunnel redundancy displays details for the redundancy tunnel on an ARX-2500, stoweA. See Figure 14.7 on page 14-22.
Related Commands	ron tunnel rconsole show ron show ron database

Purpose	Use the no form of the command to open the local end of the RON tunnel. Use this command to shut down a RON tunnel at the local end.
Mode	cfg-if-vlan-ron-tnl
Security Role(s)	network-engineer or crypto-officer
Syntax	no shutdown shutdown
Default(s)	shutdown
Guidelines	Use the show ron tunnel command to view RON-tunnel status.
Samples	bstnA(cfg-if-vlan-ron-tnl[testTunnel])# shutdown shuts down the current RON tunnel, testTunnel.   bstnA(cfg-if-vlan-ron-tnl[toLA])# no shutdown activates the current RON tunnel.
Related Commands	ron tunnel show ron tunnel