Skip to content
AsterNOS
Ask AI

Geosite/Geoip Configuration

show geosite summary

Section titled “show geosite summary”

[Command] show geosite summary

[Purpose] Display the currently loaded geosite.dat information, including the loaded dat file, country_comde statistics, domain_rule statistics.

[View] System view

[Use Cases]

sonic# show geosite summary
Geosite Statistics:
  Use default geosite data
  Total Country Codes: 1403
  Total Domain Rules : 108358

show geoip summary

Section titled “show geoip summary”

[Command] show geoip summary

[Purpose] Display the currently loaded geoip.dat information, including the loaded dat file, country_comde statistics, and ipv4/v6 statistics.

[View] System view

[Use Cases]

sonic# show geoip summary
Geoip Statistics:
  Use default geoip data
  Total Country Codes: 260
  Total IPv4 counts: 627125
  Total IPv6 counts: 655079

geosite load

Section titled “geosite load”

[Command] geosite loadstring|default

[Purpose] Used to load and update the geosite.dat file. You can choose to load the default dat file or specify a dat file in a specific path as the updated dat file.

[View] System configuration view

[Notes] Please note that after executing this command, you need to reload the device to ensure that the dat file is successfully loaded. If the configuration needs to be saved, please execute write to save the configuration.

[Use Cases]

sonic(config)# geosite load default
please config reload to make load effective
sonic(config)# reload

geoip load

Section titled “geoip load”

[Command] geoip loadstring|default

[Purpose] Used to load and update the geoip.dat file. You can choose to load the default dat file or specify a dat file in a specific path as the updated dat file.

[View] System configuration view

[Notes] Please note that after executing this command, you need to reload the device to ensure that the dat file is successfully loaded. If the configuration needs to be saved, please execute write to save the configuration.

[Use Cases]

sonic(config)# geoip load default
please config reload to make load effective
sonic(config)# reload

geosite lookup

Section titled “geosite lookup”

[Command] geosite lookupstring

[Purpose] Based on domain, query the geosite and find the country code corresponding to the domain name according to the dat file.

[View] System configuration view

[Use Cases]

sonic(config)# geosite lookup www.baidu.com
Matched country: BAIDU
Matched country: CN
Matched country: GEOLOCATION-CN

geoip lookup

Section titled “geoip lookup”

[Command] geoip lookupstring

[Purpose] Based on IP, geoip can be queried, and the country code corresponding to the domain name can be found according to the dat file

[View] System configuration view

[Use Cases]

sonic(config)# geoip lookup 52.62.62.62
IPv4 52.62.62.62 Matched country: AU

rule

Section titled “rule”

[Command] rulerule_id**[{packet-action {deny|permit}}] [src-ip ip-address] [dst-ip ip-address][src-port port] [dst-port port] [ip-type type][geosite string] [geoip string]** no rulerule_id

[Purpose] Add geography/geip ACL rules

[Parameter]

ParameterDescription
rule_idRule ID. Range: 0-500. Also represents rule priority (higher number = higher priority). Values must be unique.
packet-actionPacket action when a rule is matched.
denyDrop.
permitAllow to pass.
src-ip ip-addressSource IP address. Format: A.B.C.D/M.
dst-ip ip-addressDestination IP address. Format: A.B.C.D/M.
geosite stringGeosite matching field. string is the country code to match (e.g., BAIDU). Case-insensitive.
geoip stringGeoip matching field. string is the country code to match (e.g., US). Case-insensitive.

[View] ACL view

[Use Cases]

sonic(config)# access-list L3 test ingress
sonic(config-L3-acl-test)# rule 1 geosite BAIDU packet-action permit

geosite

Section titled “geosite”

[Command] geositestring

[Purpose] Add geosite matching rules

[Parameter]

ParameterDescription
stringgeosite matching field, fill in the country code that needs to be matched, case insensitive

[View] Route policy view

[Notes] Policy-based Routing (PBR) maps cannot consist solely of geosite/geoip match fields; they must be used in combination with quintuple match conditions. For example, you can configure a full source IP match: match src-ip 0.0.0.0/0.

[Use Cases]

sonic(config)# pbr-map test seq 5
sonic(config-pbr-map)# match src-ip 0.0.0.0/0
sonic(config-pbr-map)# geosite BAIDU
sonic(config-pbr-map)# set nexthop 192.168.2.1

geoip

Section titled “geoip”

[Command] geoipstring

[Purpose] Add geoip matching rules

[Parameter]

ParameterDescription
stringgeoip matching field, fill in the country code that needs to be matched, case insensitive

[View] Route policy view

[Notes] Policy-based Routing (PBR) maps cannot consist solely of geosite/geoip match fields; they must be used in combination with quintuple match conditions. For example, you can configure a full source IP match: match src-ip 0.0.0.0/0.

[Use Cases]

sonic(config)# pbr-map test seq 5
sonic(config-pbr-map)# match src-ip 0.0.0.0/0
sonic(config-pbr-map)# geoip CN
sonic(config-pbr-map)# set nexthop 192.168.2.1