-
Notifications
You must be signed in to change notification settings - Fork 2
cli
Pre-Alpha. This page describes behavior that may change.
The CLI is a network OS shell, not a Unix wrapper. You connect over SSH, you get tab completion driven by the YANG schema, and the workflow is the one operators of JunOS or Cisco IOS already know: edit, diff, commit, rollback. This is the long version of the CLI tour.
ze cli # Interactive shell
ze cli -c "peer list" # One-shot command, exits after
ze show peer upstream detail # Read-only query, safe in scriptsze cli is the interactive path. ze cli -c runs a single command and exits, with a non-zero exit code on error so it composes with shell pipelines. ze show is the read-only subset: it cannot mutate state, which is exactly what you want in a monitoring script.
A handful of ze show subcommands run locally without touching the daemon at all (version, bgp decode, bgp encode, env, schema, yang, data (ls, cat, registered), config (dump, diff, history, ls, cat, fmt), interface). The rest go through the SSH server built into the Ze process.
The SSH server is part of the daemon. ze init walks you through username, password, host, and port the first time. Defaults are 127.0.0.1:2222 with an auto-generated ED25519 host key. Credentials live in the Ze database (database.zefs) with bcrypt-hashed passwords.
Override the host or port from the environment when you talk to a remote daemon:
export ZE_SSH_HOST=10.0.0.1
export ZE_SSH_PORT=2222
ze cliThe full list lives in reference/command-reference.md. The most-used groups are these.
peer list
peer * show
peer <selector> teardown <code>
peer <selector> capabilities
peer <selector> pause
peer <selector> resume
set bgp peer <name> with <config>
del bgp peer <name>
bgp summary
The peer selector takes * (all peers), an exact IP, a peer name, an ASN (as65001), an IP exclusion (!<IP>), or a comma-separated list of IPs.
peer <sel> update text <attrs> nlri <family> <op> <prefix>
peer <sel> update hex <hex>
rib routes received [peer] [family]
rib routes sent [peer] [family]
rib clear-in [peer] [family]
rib clear-out [peer] [family]
rib inject <peer> <family> <prefix> [attrs...]
rib withdraw <peer> <family> <prefix>
rib inject takes a peer label, not a live session, so you can prime the Adj-RIB-In without anyone connected.
The commit workflow lets you batch multiple route operations into one named transaction.
commit start <name>
commit end <name>
commit eor <name>
commit rollback <name>
commit show <name>
commit withdraw <name>
commit list
rpki status
rpki cache
rpki roa
bgp monitor # Live event stream (see Monitoring)
bgp monitor peer <addr> event update direction received
daemon shutdown
route-refresh <family>
help
command-list
command-help <name>
The shell understands a small set of network OS pipe operators. They are not Unix pipes.
| Pipe | Effect |
|---|---|
| json |
Render the structured response as JSON. |
| table |
Render as a table. |
| match <regex> |
Drop rows that do not match. |
| count |
Just the row count. |
| no-more |
Disable paging on long output. |
| json is the one that matters most for scripting. The output is the same JSON envelope every other Ze surface produces, so you can pipe it through jq and get the same fields you would see from the REST API.
In ze cli, tab completion works on every position: command verbs, peer names, address families, log levels. History is persisted across sessions. Ctrl-C cancels the current command, Ctrl-D exits. The prompt reflects your current edit context (ze[bgp peer upstream]#).
ze signal is the SSH-based control surface for the daemon process itself, separate from the in-shell commands above.
| Command | Effect |
|---|---|
ze signal reload |
Reload the on-disk config. |
ze signal stop |
Graceful shutdown without the GR marker. |
ze signal restart |
Graceful restart with the GR marker. |
ze signal status |
Dump daemon status. |
ze signal quit |
Goroutine dump and exit. |
The same actions are available as Unix signals: SIGHUP reloads, SIGTERM and SIGINT shut down gracefully, SIGUSR1 triggers a status callback logged at Warn level via the structured logger, SIGQUIT dumps goroutines (mapped to ze signal quit).
- CLI tour for the five-minute version.
- Show commands for the operator's day-2 quick reference.
- Command reference for the long list.
- Web UI for the same operations through a browser.
Adapted from main/docs/guide/cli.md, main/docs/features/api-commands.md, and main/docs/guide/operations.md.
Unreviewed draft. This wiki was authored in bulk and has not been reviewed. File corrections on the issue tracker.
- Overview
- YANG Model
- Editor Workflow
- Archive and Rollback
- System
- Interfaces
- BFD
- FIB
- Firewall
- Traffic Control
- L2TP/PPP
- VPP Data Plane
- RPKI
- TACACS+ AAA
- Fleet
- BGP
- Starting and Stopping
- Show Commands
- Monitoring
- Logging
- Operational Reports
- Healthcheck
- MRT Analysis
- Upgrade and Restart
- Storage
- Policy
- Core
- Resilience
- Validation
- Capabilities
- Address Families
- Protocol
- Subsystems
- Infrastructure
- Route Server at an IXP
- Transit Edge with RPKI
- Public Looking Glass
- ExaBGP Migration Walkthrough
- FlowSpec Injection
- Chaos-Tested Peering
- AS Path Topology