Page 1 7750 SERVICE ROUTER 7950 EXTENSIBLE ROUTING SYSTEM ROUTER CONFIGURATION GUIDE RELEASE 14.0.R1 Alcatel-Lucent Proprietary This document contains proprietary information of Alcatel-Lucent and is not to be disclosed or used except in accordance with applicable agreements. Copyright 2016 © Alcatel-Lucent. All rights reserved.
Page 2 This document may contain information regarding the use and installation of non-Alcatel-Lucent products. Please note that this information is provided as a courtesy to assist you. While Alcatel-Lucent tries to ensure that this information accurately reflects information provided by the supplier, please refer to the materials provided with any non-Alcatel-Lucent product and contact the supplier for confirmation.
Page 3: Table Of Contents
Table of Contents Getting Started............................11 About This Guide..............................11 In This Chapter ..............................11 Router Configuration Process ..........................11 IP Router Configuration ........................13 In This Chapter ..............................13 Configuring IP Router Parameters ........................13 Interfaces...............................14 Network Interface .............................14 Network Domains .............................14 System Interface ............................15 Unicast Reverse Path Forwarding Check (uRPF)..................16 Creating an IP Address Range ........................17 QoS Policy Propagation Using BGP (QPPB) ...................17...
Page 4 Table of Contents Invalidate Next-Hop Based on ARP/Neighbor Cache State..............56 LDP Shortcut for IGP Route Resolution ....................56 Weighted Load-Balancing over Interface Next-hops ..................61 Process Overview...............................61 Configuration Notes............................62 Configuring an IP Router with CLI ........................63 Router Configuration Overview ..........................63 System Interface ............................64 Network Interface ............................64 Basic Configuration ............................64 Common Configuration Tasks ..........................65...
Page 5 Table of Contents Debug Commands ..........................234 Tools Commands ...........................235 Command Descriptions ..........................236 Show Commands ...........................236 Clear Commands ...........................352 Debug Commands ..........................357 VRRP ..............................369 In This Chapter ..............................369 VRRP Overview..............................370 VRRP Components ............................370 Virtual Router ..............................371 IP Address Owner ............................371 Primary and Secondary IP Addresses ......................372 Virtual Router Master ..........................372 Virtual Router Backup ..........................372...
Page 6 Table of Contents Configuring VRRP with CLI ..........................391 VRRP Configuration Overview .........................391 Preconfiguration Requirements ........................391 Basic VRRP Configurations..........................392 VRRP Policy ..............................392 VRRP IES Service Parameters ........................393 Configure VRRP for IPv6 ........................394 VRRP Router Interface Parameters ......................395 Common Configuration Tasks ..........................396 Creating Interface Parameters ........................397 Configuring VRRP Policy Components ......................397 Configuring Service VRRP Parameters ......................398...
Page 7 Table of Contents Filter Policies ............................467 In This Chapter ..............................467 ACL Filter Policy Overview ..........................468 Filter Policy Basics ............................469 Filter Policy Packet Match Criteria ......................469 IPv4/IPv6 Filter Policy Entry Match Criteria ...................470 MAC Filter Policy Entry Match Criteria ....................473 Filter Policy Actions ..........................474 Filter Policy Statistics ..........................478 Filter Policy Logging ..........................479...
Page 8 Table of Contents Redirect Policy Commands ........................574 Configuring Filter Policies with CLI ........................581 Common Configuration Tasks ..........................581 Creating an IPv4 Filter Policy ........................582 IPv4 Filter Entry............................582 Creating an IPv6 Filter Policy ........................584 Creating a MAC Filter Policy ........................584 MAC Filter Policy............................585 MAC ISID Filter Policy..........................585 MAC VID Filter Policy..........................585 MAC Filter Entry .............................586...
Page 9 Table of Contents Redirect to GRT Instance or VRF Instance....................671 Redirect to Next-hop and VRF/GRT Instance ..................671 Redirect to LSP ............................671 Redirect to SAP............................672 Redirect to SDP .............................673 Forward action ............................673 Drop action .............................674 Default no-match Action .........................674 Configuration Notes............................674 OpenFlow Command Reference ........................677 Command Hierarchies..........................677 OpenFlow Commands ...........................678...
Page 10 Table of Contents Cflowd Configuration Management Tasks......................729 Modifying Global Cflowd Components ......................730 Modifying Cflowd Collector Parameters ......................730 Cflowd Configuration Command Reference .....................733 Command Hierarchies..........................733 Command Descriptions ..........................734 Global Commands ..........................734 Show, Tools, and Clear Command Reference ....................743 Command Hierarchies..........................743 Show Commands ...........................743 Tools Commands ...........................743 Clear Commands ...........................743 Command Descriptions ..........................743...
Page 11: Getting Started
• 7950 XRS 7450 ESS applicability statements refer to the 7450 ESS when it is not running in mixed mode. 7750 SR applicability statements refer to the 7750 SR-7/12, 7750 SR-12e, 7750 SRa4/ a8 and 7750 SR-e1/e2/e3 platforms unless otherwise specified.
Page 12 Router Configuration Process This guide is presented in an overall logical configuration flow. Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area. Table 1: Configuration Process Area Task Chapter Supported Platfrom Router configuration...
Page 13: Ip Router Configuration
• Configuration Notes Configuring IP Router Parameters In order to provision services on an Alcatel-Lucent router, logical IP routing interfaces must be configured to associate attributes such as an IP address, port or the system with the IP interface. A special type of IP interface is the system interface. A system interface must have an IP address with a 32-bit subnet mask.
Page 14: Interfaces
7750 SR and 7450 ESS. Interfaces Alcatel-Lucent routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (network and system) and address. A port is not associated with a system interface. An interface can be associated with the system (loopback address).
Page 15: System Interface
IP Router Configuration The implementation supports four network-domains within any given VPLS. Network-domain configuration at the SDP level is ignored when the given SDP is used for Epipe, Ipipe, or Apipe bindings. Network-domain configuration is irrelevant for Layer 3 services (Layer 3 VPN and/or IES service).
Page 16: Unicast Reverse Path Forwarding Check (Urpf)
Configuring IP Router Parameters The system interface is used to preserve connectivity (when routing reconvergence is possible) when an interface fails or is removed. The system interface is also referred to as the loopback address and is used as the router identifier. A system interface must have an IP address with a 32-bit subnet mask.
Page 17: Creating An Ip Address Range
IP Router Configuration • A loose mode uRPF check always succeeds. • A strict mode uRPF check only succeeds if the SA matches any route (including the default route) where the next-hop is on the incoming interface for the packet. Otherwise the uRPF check fails.
Page 18 Configuring IP Router Parameters While SAP ingress and network QoS policies can achieve the same end result as QPPB (for example, by assigning a packet arriving on a particular IP interface to a specific forwarding- class and priority/profile based on the source IP address or destination IP address of the packet) the effort involved in creating the QoS policies, keeping them up-to-date, and applying them across many nodes is much greater than with QPPB.
Page 19: Qppb
IP Router Configuration Traffic Differentiation Based on Route Characteristics There may be times when a network operator wants to provide differentiated service to certain traffic flows within its network, and these traffic flows can be identified with known routes. For example, the operator of an ISP network may want to give priority to traffic originating in a particular ASN (the ASN of a content provider offering over-the-top services to the ISP’s customers), following a certain AS_PATH, or destined for a particular next-hop (remaining on-net vs.
Page 20 Configuring IP Router Parameters Associating an FC and Priority with a Route This feature uses a command in the route-policy hierarchy to set the forwarding class and optionally the priority associated with routes accepted by a route-policy entry. The command has the following structure: fc fc-name [priority {low | high}] The use of this command is illustrated by the following example:...
Page 21 IP Router Configuration → config>router>rip>group>import → config>router>rip>group>neighbor>import → config>service>vprn>rip>import → config>service>vprn>rip>group>import → config>service>vprn>rip>group>neighbor>import As evident from above, QPPB route policies support routes learned from RIP and BGP neighbors of a VPRN as well as for routes learned from RIP and BGP neighbors of the base/ global routing instance.
Page 22 Configuring IP Router Parameters This feature uses a qos keyword to the show>router>route-table command. When this option is specified the output includes an additional line per route entry that displays the forwarding class and priority of the route. If a route has no fc and priority information then the third line is blank.
Page 23 IP Router Configuration When the qos-route-lookup command with the destination parameter is applied to an IP interface and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface (see section 5.7 for further details).
Page 24: Qppb And Grt Lookup
Configuring IP Router Parameters QPPB and Multiple Paths to a Destination When ECMP is enabled some routes may have multiple equal-cost next-hops in the forwarding table. When an IP packet matches such a route the next-hop selection is typically based on a hash algorithm that tries to load balance traffic across all the next-hops while keeping all packets of a given flow on the same path.
Page 25 IP Router Configuration QPPB Interaction with SAP Ingress QoS Policy When QPPB is enabled on a SAP IP interface the forwarding class of a packet may change from fc1, the original fc determined by the SAP ingress QoS policy to fc2, the new fc determined by QPPB.
Page 26 Configuring IP Router Parameters Table 2: QPPB Interactions with SAP Ingress QoS (Continued) Original FC New FC Profile Priority (drop DE=1 In/out of profile object object preference) override marking mapping mapping Priority Priority Ignored If DE=1 override then From new From original FC mode queue mode queue...
Page 27: Router Id
IP Router Configuration Table 2: QPPB Interactions with SAP Ingress QoS (Continued) Original FC New FC Profile Priority (drop DE=1 In/out of profile object object preference) override marking mapping mapping Priority Profile mode From new From QPPB, unless From new From original FC mode queue queue...
Page 28: Autonomous Systems (As)
Configuring IP Router Parameters Autonomous Systems (AS) Networks can be grouped into areas. An area is a collection of network segments within an AS that have been administratively assigned to the same group. An area’s topology is concealed from the rest of the AS, which results in a significant reduction in routing traffic. Routing in the AS takes place on two levels, depending on whether the source and destination of a packet reside in the same area (intra-area routing) or different areas (inter-area routing).
Page 29: Proxy Arp
IP Router Configuration • Each sub-confederation (member) of the confederation has a different AS number. The AS numbers used are typically in the private AS range of 64512 — 65535. To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router.
Page 30: Exporting An Inactive Bgp Route From A Vprn
Static ARP is used when an Alcatel-Lucent router needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 31 IP Router Configuration • Expanded addressing capabilities — IPv6 increases the IP address size from 32 bits (IPv4) to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. The scalability of multicast routing is improved by adding a scope field to multicast addresses.
Page 32: Ipv6 Address Format
Configuring IP Router Parameters Table 3: IPv6 Header Field Descriptions (Continued) Field Description Flow Label 24-bit flow label. Payload Length 16-bit unsigned integer. The length of payload, for example, the rest of the packet following the IPv6 header, in octets. If the value is zero, the payload length is carried in a jumbo payload hop-by-hop option.
Page 33: Ipv6 Applications
IP Router Configuration Note: In SR OS 12.0.R4 and later, any function that displays an IPv6 address or prefix changes to reflect rules described in RFC 5952, A Recommendation for IPv6 Address Text Representation. Specifically, hexadecimal letters in IPv6 addresses are now represented in lowercase, and the correct compression of all leading zeros is displayed.
Page 34 IPv6 over IPv4 relay services — IPv6 over IPv4 tunnels are one of many IPv6 transition methods to support IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. Alcatel-Lucent router supports dynamic IPv6 over IPv4 tunneling. The ipv4 source and destination address are taken from configuration, the source address is the ipv4 system address and the ipv4 destination is the next hop from the configured 6over4 tunnel.
Page 35: Dns
IP Router Configuration The DNS client is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address since IPv6 addresses are more difficult to remember than IPv4 addresses.
Page 36: Send Persistent Cgas
Configuring IP Router Parameters Figure 8: Neighbor discovery with and without SeND Neighbor Solicitation FF02:0000:0000:0000:0000:0000:FF01:0002 Neighbor Advertisement S-MAC, D-MAC (PE-A), S-ADDR, D-ADDR (PE-A) PE-A PE-B 2001:DB8:A1CA:7E1:DA24:1FF:FE01:2/64 2001:DB8:A1CA:7E1:DA25:1FF:FE01:2/64 Neighbor Solicitation w/ RSA_SIG FF02:0000:0000:0000:0000:0000:FF01:0002 Neighbor Advertisement S-MAC, D-MAC (PE-A), S-ADDR, D-ADDR (PE-A), RSA_SIG, PUB_KEY PE-A PE-B 2001:DB8:A1CA:7E1:DA24:1FF:FE01:2/64...
Page 37 IP Router Configuration 1. Save the RSA key pair used for SeND. 2. Save the modifiers used during the CGA generation. To make the CGAs persistent: 1. Import an online or offline generated RSA key pair for SeND. 2. Make sure that the CompactFlash (CF) file(s) containing an RSA key pair that is used for SeND, is (are) synchronized to the standby CPM by making use of the HA infrastructure used for certificates.
Page 38 Configuring IP Router Parameters • key-rollover keyword: see the RSA key pair rollover mechanism section that follows. • Creates the file cfx:\system-pki\secureNdKey (fixed directory and file name) and saves the imported key in that file in encrypted der format (same as the admin certificate import command).
Page 39 IP Router Configuration See the section Making non-persistent CGAs persistent for more information on the procedure to make non-persistent CGAs persistent, For the synchronization of the RSA key pair file in cfx:\system-pki\ used by SeND, the following commands for automatic and manual certificate synchronization are used: •...
Page 40 Configuring IP Router Parameters Example 2: Configure a SeND interface with modifiers. configure router interface itf2 address 10.10.10.2 port 1/1/2 ipv6 secure-nd link-local-modifier 0xABCD => The offline generated modifier is used to generate the link-local CGA. no shutdown exit address 3000:1::/64 =>...
Page 41 IP Router Configuration • The system was booted from a configuration file generated by a software version not having persistent CGAs. Key rollover You can import a new RSA key pair for SeND with the key-rollover keyword. This will result in the regeneration of all CGAs on all interfaces. Exporting the SeND RSA key pair Another method that does not result in the regeneration of the CGAs, is to export the RSA key pair that is currently in use by SeND to the system-pki directory via an admin command:...
Page 42: Ipv6 Provider Edge Router Over Mpls (6Pe)
Configuring IP Router Parameters IPv6 Provider Edge Router over MPLS (6PE) 6PE allows IPv6 domains to communicate with each other over an IPv4 MPLS core network. This architecture requires no backbone infrastructure upgrades and no re-configuration of core routers, because forwarding is purely based on MPLS labels. 6PE is a cost effective solution for IPv6 deployment.
Page 43: Static Route Resolution Using Tunnels
6PE router is from a vendor other than Alcatel-Lucent. The egress 6PE router pops the top LDP tunnel label. It sees the IPv6 explicit null label, which indicates an IPv6 packet is encapsulated.
Page 44 Configuring IP Router Parameters If tunnel-next-hop context is configured and resolution is set to disabled, the binding to tunnel is removed and resolution resumes in RTM to IP next-hops. If resolution is set to any, any supported tunnel type in static route context will be selected following TTM preference.
Page 45: Static Route Ecmp Support
IP Router Configuration The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter. If disallow-igp is enabled, the static route will not be activated using IP next-hops in RTM if no tunnel next-hops are found in TTM. Static Route ECMP Support The following is the ECMP behavior of a static route: •...
Page 46: Weighted Load Balancing Igp, Bgp, And Static Route Prefix Packets Over Igp Shortcut
Weighted Load-Balancing over MPLS LSP • IGP prefix resolved to IGP shortcuts in RTM (rsvp-shortcut or advertise-tunnel- link enabled in the IGP instance). • BGP prefix with the BGP next-hop resolved to IGP shortcuts in RTM (rsvp-shortcut enabled in the IGP instance). •...
Page 47: Feature Behavior
IP Router Configuration configure>router>mpls>lsp>no igp-shortcut The user enables the weighted load balancing feature using the following new router level command: configure>router>weighted-ecmp When this command is enabled, packets of IGP, BGP, and static route prefixes resolved to a set of ECMP tunnel next-hops are sprayed proportionally to the weights configured for each MPLS LSP in the ECMP set.
Page 48: Ecmp Considerations
Weighted Load-Balancing over MPLS LSP 2. IGP computes the normalized weight for each prefix tunnel next-hop. The minimum value of the normalized weight is 1 and the maximum if 64. IGP updates the route in RTM with the set of tunnel next-hops and normalized weights. RTM downloads the information to IOM for inclusion in the FIB.
Page 49: Weighted Load Balancing Static Route Packets Over Mpls Lsp
IP Router Configuration Weighted Load Balancing Static Route Packets over MPLS LSP Feature Configuration The configuration of the resolution of a static route prefix to set of MPLS LSPs is covered in detail in Static Route Resolution Using Tunnels which also provides the selection rules among multiple LSP types: RSVP-TE, SR-TE, LDP, SR-ISIS, and SR-OSPF.
Page 50: Bi-Directional Forwarding Detection
Weighted Load-Balancing over MPLS LSP If one or more LSP in the ECMP set of a prefix static route does not have a weight configured, the regular ECMP spraying for the prefix will be performed. ECMP is also supported when resolving in TTM the same static route with multiple user- entered indirect next-hops each binding to the same or different tunnel types.
Page 51: Bfd Control Packet
IP Router Configuration BFD Control Packet The base BFD specification does not specify the encapsulation type to be used for sending BFD control packets. Instead it is left to the implementers to use the appropriate encapsulation type for the medium and network. The encapsulation for BFD over IPv4 and IPv6 networks is specified in draft-ietf-bfd-v4v6-1hop-04.txt, BFD for IPv4 and IPv6 (Single Hop).
Page 52 Weighted Load-Balancing over MPLS LSP Table 4: BFD Control Packet Field Descriptions (Continued) Field Description Diag A diagnostic code specifying the local system’s reason for the last transition of the session from Up to some other state. Possible values are: 0-No diagnostic 1-Control detection time expired 2-Echo function failed...
Page 53: Bfd For Rsvp-Te
• Ethernet (Null, Dot1Q & QinQ) • Spoke SDPs • LAG interfaces The following interfaces are supported only on the 7750 SR and 7450 ESS: • VSM interfaces • POS interfaces (including APS) • Channelized interfaces (PPP, HDLC, FR and ATM) on ASAP (priority 1) and...
Page 54: Bfd Support For Bgp
Weighted Load-Balancing over MPLS LSP BFD Support for BGP This feature enhancement allows BGP peers to be associated with the BFD session. If the BFD session failed, then BGP peering will also be torn down. Centralized BFD The following applications of centralized BFD require BFD to run on the SF/CPM. •...
Page 55: Aggregate Next Hop
IP Router Configuration BFD Over LAG and VSM Interfaces A second application for a central BFD implementation is so BFD can be supported over LAG or VSM interface. This is useful where BFD is not used for link failure detection but instead for node failure detection.
Page 56: Invalidate Next-Hop Based On Arp/Neighbor Cache State
Weighted Load-Balancing over MPLS LSP Invalidate Next-Hop Based on ARP/Neighbor Cache State This feature invalidates next-hop entries for static routes when the next-hop is no longer reachable on directly connected interfaces. This invalidation is based on ARP and Neighbor Cache state information. When a next-hop is detected as no longer reachable due to ARP/Neighbor Cache expiry, the route’s next-hop is set as unreachable to prevent the SR from sending continuous ARPs/ Neighbor Solicitations triggered by traffic destined for the static route prefix.
Page 57 IP Router Configuration config>router>ldp-shortcut [ipv4] [ipv6] IGP Route Resolution When LDP shortcut is enabled, LDP populates the RTM with next-hop entries corresponding to all prefixes for which it activated an LDP FEC. For a given prefix, two route entries are populated in RTM.
Page 58 Weighted Load-Balancing over MPLS LSP Assume now the aggregate-prefix-match was enabled and that LDP found a /16 prefix in RTM to activate the FEC for the /24 FEC prefix. In this case, RTM adds a new more specific route entry of /24 and has the next-hop as the LDP LSP but it will still not have a specific /24 IP route entry.
Page 59 IP Router Configuration ECMP Considerations When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM or linecard will spray the packets for this route based on hashing routine currently supported for IPv4 packets. When the preferred RTM entry corresponds to an LDP shortcut route, spraying will be performed across the multiple next-hops for the LDP FEC.
Page 60 Weighted Load-Balancing over MPLS LSP Interaction with BGP Route Resolution to an LDP FEC There is no interaction between an LDP shortcut for BGP next-hop resolution and the LDP shortcut for IGP route resolution. BGP will continue to resolve a BGP next-hop to an LDP shortcut if the user enabled the following option in BGP: config>router>bgp>next-hop-resolution>shortcut-tunnel family ipv4...
Page 61: Weighted Load-Balancing Over Interface Next-Hops
IP Router Configuration Weighted Load-Balancing over Interface Next-hops When the weighted-ecmp command is configured in the base router context (config>router) or a VPRN (config>service>vprn), the associated IS-IS instances are allowed to program IPv4 and IPv6 ECMP routes to use weighted load-balancing across interface next-hops. The following conditions must be true: •...
Page 62: Configuration Notes
→ 7750 SR chassis systems in chassis mode c or d. → 7750 SR-a chassis systems. → 7750 SR-e chassis systems. → 7450 ESS systems running in mixed-mode with IPv6 functionality limited to those interfaces on slots with 7750 IOM3-XPs/IMMs (or later) line cards. → 7750 SR-c4/12.
Page 63: Configuring An Ip Router With Cli
Deleting a Logical IP Interface Router Configuration Overview In an Alcatel-Lucent router, an interface is a logical named entity. An interface is created by specifying an interface name under the configure>router context. This is the global router configuration context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters long, must start with a letter, and is case-sensitive;...
Page 64: System Interface
A system interface and network interface should be configured. System Interface The system interface is associated with the network entity (such as a specific Alcatel-Lucent router), not a specific interface. The system interface is also referred to as the loopback address.
Page 65: Common Configuration Tasks
IP Router Configuration The following example displays a router configuration for the 7750 SR and 7450 ESS: A:ALA-A> config# info . . . #------------------------------------------ # Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1...
Page 66: Configuring A System Name
Common Configuration Tasks Configuring a System Name Use the system command to configure a name for the device. The name is used in the prompt string. Only one system name can be configured. If multiple system names are configured, the last one configured will overwrite the previous entry. If special characters are included in the system name string, such as spaces, #, or ?, the entire string must be enclosed in double quotes.
Page 67: Configuring A Network Interface
[netmask]} [broadcast {all-ones | host-ones] secondary {[address/mask | ip-address] [netmask]} [broadcast {all-ones | host- ones}] [igp-inhibit] Configuring a Network Interface To configure a network interface for the 7450 ESS: CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all-ones | host-ones}]...
Page 68: Configuring Ipv6 Parameters
7750 SR chassis systems in chassis mode c or d. • 7750 SR-a chassis systems. • 7750 SR-e chassis systems. • 7450 ESS chassis running in mixed-mode, with IPv6 functionality limited to those interfaces on slots with 7750 IOM3-XPs/IMMs (or later) line card. • 7750 SR-c4/12. Router Configuration Guide...
Page 69: Configuring Ipv6 Over Ipv4 Parameters
IP Router Configuration The following displays the interface configuration showing the IPv6 default configuration when IPv6 is enabled on the interface. A:ALA-49>config>router>if>ipv6# info detail ---------------------------------------------- ‘ port 1/2/37 ipv6 packet-too-big 100 10 param-problem 100 10 redirects 100 10 time-exceeded 100 10 unreachables 100 10 exit ----------------------------------------------...
Page 70: Tunnel Ingress Node
Common Configuration Tasks → Configuring an IPv4 BGP Peer → An Example of a IPv6 Over IPv4 Tunnel Configuration • Tunnel Egress Node → Learning the Tunnel Endpoint IPv4 System Address → Configuring an IPv4 BGP Peer → An Example of a IPv6 Over IPv4 Tunnel Configuration Tunnel Ingress Node This configuration shows how the interface through which the IPv6 over IPv4 traffic leaves the node.
Page 71 IP Router Configuration The following displays configuration output showing interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "system" address 200.200.200.1/32 ipv6 address 3FFE::C8C8:C801/128 exit exit ---------------------------------------------- A:ALA-49>configure>router# Learning the Tunnel Endpoint IPv4 System Address This configuration displays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint.
Page 72 Common Configuration Tasks router-id ip-address group name family [ipv4] [vpn-ipv4] [ipv6] [mcast-ipv4] type {internal | external} neighbor ip-address local-as as-number [private] peer-as as-number The following displays a configuration showing BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.1 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.2...
Page 73: Tunnel Egress Node
IP Router Configuration A:ALA-49>configure>router# info ---------------------------------------------- policy-options policy-statement "ospf3" description "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Tunnel Egress Node This configuration shows how the interface through which the IPv6 over IPv4 traffic leaves...
Page 74 Common Configuration Tasks address 200.200.200.2/32 ipv6 address 3FFE::C8C8:C802/128 exit exit ---------------------------------------------- Learning the Tunnel Endpoint IPv4 System Address This configuration displays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint. CLI Syntax: config>router ospf area area-id interface ip-int-name The following displays OSPF configuration information.
Page 75 IP Router Configuration peer-as as-number The following displays the IPv4 BGP peer configuration example. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.2 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.1 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next-hop as it is received through BGP.
Page 76: Router Advertisement
Common Configuration Tasks description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Router Advertisement To configure the router to originate router advertisement messages on an interface, the interface must be configured under the router-advertisement context and be enabled (no shutdown).
Page 77 IP Router Configuration retransmit-time milliseconds router-lifetime seconds no shutdown use-virtual-mac To configure router advertisement for the 7450 ESS: CLI Syntax: config>router# router-advertisement dns-options rdnss-lifetime seconds interface ip-int-name current-hop-limit number dns-options rdnss-lifetime {seconds | infinite} include-dns managed-configuration max-advertisement-interval seconds min-advertisement-interval seconds...
Page 78: Configuring Ipv6 Parameters
Common Configuration Tasks Configuring IPv6 Parameters The following displays the interface configuration showing the IPv6 default configuration when IPv6 is enabled on the interface. A:ALA-49>config>router>if>ipv6# info detail ---------------------------------------------- port 1/3/37 ipv6 packet-too-big 100 10 param-problem 100 10 redirects 100 10 time-exceeded 100 10 unreachables 100 10 exit...
Page 79: Configuring Proxy Arp
IP Router Configuration A:ALA-49>configure>router# info ---------------------------------------------- policy-options policy-statement "ospf3" description "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Configuring Proxy ARP To configure proxy ARP, you can configure:...
Page 80 Common Configuration Tasks CLI Syntax: config>router# policy-options begin commit policy-statement name default-action {accept | next-entry | next-policy | reject} entry entry-id action {accept | next-entry | next-policy | reject} prefix-list name [name...(upto 5 max)] from prefix-list name [name...(upto 5 max)] The following displays prefix list and policy statement configuration examples: A:ALA-49>config>router>policy-options# info ----------------------------------------------...
Page 81: Creating An Ip Address Range
IP Router Configuration A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# Creating an IP Address Range An IP address range can be reserved for exclusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified as a service prefix.
Page 82: Configuring A Confederation
Common Configuration Tasks Use the following CLI syntax to configure the router ID: CLI Syntax: config>router router-id router-id interface ip-int-name address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system"...
Page 83: Configuring An Autonomous System
IP Router Configuration A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# Configuring an Autonomous System Configuring an autonomous system is optional. Use the following CLI syntax to configure an autonomous system: CLI Syntax: config>router...
Page 84: Configuring Overload State On A Single Sfm
Configuring Overload State on a Single SFM A 7450 ESS or 7750 SR with a single SFM installed has a system multicast throughput that is only a half of a system with dual SFMs installed. For example, in a mixed environment in which IOM1s, IOM2s, and IOM3s are installed in the same system (chassis mode B or C), system multicast throughput doubles when redundant SFMs are used instead of a single SFM.
Page 85: Modifying Interface Parameters
IP Router Configuration CLI Syntax: config# system name system-name The following example displays the command usage to change the system name: Example: A:ALA-A>config>system# name tgif A:TGIF>config>system# The following example displays the system name change: A:ALA-A>config>system# name TGIF A:TGIF>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "TGIF"...
Page 86: Deleting A Logical Ip Interface
Service Management Tasks The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# Deleting a Logical IP Interface The no form of the interface command typically removes the entry, but all entity associations must be shut down and/or deleted before an interface can be deleted.
Page 87: Ip Router Configuration Command Reference
IP Router Configuration IP Router Configuration Command Reference Command Hierarchies • Router Commands • Router BFD commands • Router L2TP Commands • Router Interface Commands • Router Interface IPv6 Commands • Router Advertisement Commands Router Configuration Guide...
Page 88: Router Commands
IP Router Configuration Command Reference Router Commands config — router [router-name] — aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip- address] [black-hole] [community comm-id] [description description] — aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip- address] [community comm-id] [indirect ip-address] [description description] — no aggregate ip-prefix/ip-prefix-length —...
Page 89 IP Router Configuration — service-prefix {ip-prefix/mask | ip-prefix netmask} [exclusive] — no service-prefix {ip-prefix/mask | ip-prefix netmask} — sgt-qos — application dscp-app-name dscp {dscp-value | dscp-name} — application dot1p-app-name dot1p dot1p-priority — no application {dscp-app-name | dot1p-app-name} — dscp dscp-name fc fc-name —...
Page 90: Router Bfd Commands
IP Router Configuration Command Reference — [no] interval seconds — [no] — [no] padding-size padding-size — [no] description description-string — [no] destination-class dest-index — [no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc} —...
Page 91: Router L2Tp Commands
IP Router Configuration — multiplier multiplier — no multiplier — [no] type cpm-np Router L2TP Commands The router L2TP commands apply only to the 7750 SR and 7450 ESS. config — router [router-name] — l2tp — calling-number-format ascii-spec — no calling-number-format —...
Page 92 IP Router Configuration Command Reference — — authentication {chap | pap | pref-chap} — authentication-policy auth-policy-name — no authentication-policy — default-group-interface ip-int-name service-id service-id — no default-group-interface — keepalive seconds [hold-up-multiplier multiplier] — no keepalive — mtu-bytes — no — [no] proxy-authentication —...
Page 93: Router Interface Commands
IP Router Configuration — no remote-name — session-limit session-limit — no session-limit — [no] shutdown — next-attempt {same-preference-level | next-preference-level} — no next-attempt — replace-result-code code [code...(upto 3 max)] — no replace-result-code — peer-address-change-policy {accept | ignore | reject} — receive-window-size —...
Page 94 IP Router Configuration Command Reference — no cflowd-parameters — sampling {unicast | multicast} type {acl | interface} [direction {ingress- only | egress-only | both}] — no sampling {unicast | multicast} — cpu-protection policy-id — no cpu-protection — description description-string — no description —...
Page 95 IP Router Configuration — no redirects — ttl-expired [number seconds] — no ttl-expired — unreachables [number seconds] — no unreachables — if-attribute — [no] admin-group group-name [group-name...(up to 5 max)] — no admin-group — [no] srlg-group group-name [group-name...(up to 5 max)] —...
Page 96: Router Interface Ipv6 Commands
IP Router Configuration Command Reference — [no] strip-label — tcp-mss mss-value — no tcp-mss — tos-marking-state {trusted | untrusted} — no tos-marking-state — unnumbered [ip-addr | ip-int-name] — no unnumbered — [no] urpf-check — mode {strict | loose | strict-no-ecmp} —...
Page 97: Router Advertisement Commands
IP Router Configuration — [no] dad-disable — icmp6 — packet-too-big [number seconds] — no packet-too-big — param-problem [number seconds] — no param-problem — redirects [number seconds] — no redirects — time-exceeded [number seconds] — no time-exceeded — unreachables [number seconds] —...
Page 98 IP Router Configuration Command Reference — no rdnss-lifetime — [no] interface ip-int-name — current-hop-limit number — no current-hop-limit — [no] dns-options — dns-servers ipv6-address — no dns-servers — rdnss-lifetime {seconds | infinite} — no rdnss-lifetime — [no] include-dns — [no] managed-configuration —...
Page 99: Command Descriptions
IP Router Configuration Command Descriptions Generic Commands shutdown Syntax [no] shutdown Context config>router>interface Description The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.
Page 100: Router Global Commands
IP Router Configuration Command Reference Router Global Commands router Syntax router router-name Context config Description This command enables the context to configure router parameters, and interfaces, route policies, and protocols. Parameters router-name — Specify the router-name. Values router-name: Base, management Default Base aggregate...
Page 101 [0 to FFFF]H [0 to 255]D ipv6-prefix-length 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 to 32 ip-prefix-length — The mask associated with the network address expressed as a mask length.
Page 102 [0 to FFFF]H d: [0 to 255]D Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d description description-text — Specifies a text description stored in the configuration file for a configuration context. autonomous-system Syntax...
Page 103 IP Router Configuration confederation Syntax confederation confed-as-num members as-number [as-number...up to 15 max] no confederation [confed-as-num members as-number...up to 15 max] Context config>router Description This command creates confederation autonomous systems within an AS. This technique is used to reduce the number of IBGP sessions required within an AS. Route reflection is another technique that is commonly deployed to reduce the number of IBGP sessions.
Page 104 IP Router Configuration Command Reference Parameters max-ecmp-routes — The maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp. Values 0 to 32 flowspec Syntax...
Page 105 IP Router Configuration Context config>router>flowspec Description This command configures the maximum number of IPv6 flowspec routes or rules that can be embedded into the auto-created embedded filter (fSpec-X). Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between “embedding offset + 1” and “embedding offset + ip-filter-max-size”.
Page 106 IP Router Configuration Command Reference BGP prefix with a BGP next-hop resolved to a static route which itself resolves to set of tunnel next- hops towards an indirect next-hop in RTM or TTM. BGP prefix resolving to another BGP prefix which next-hop is resolved to set of ECMP tunnel next- hops with a static route in RTM or TTM or to IGP shortcuts in RTM.
Page 107 IP Router Configuration The source address of the ICMP reply packet is determined as follows. The LSR uses the address of the outgoing interface for the MPLS LSP. With LDP LSP or BGP LSP multiple ECMP next-hops can exist and in such a case the first outgoing interface is selected. If that interface does not have an address of the same family (IPv4 or IPv6) as the ICMP packet, then the system address of the same family is selected.
Page 108 IP Router Configuration Command Reference ip-fast-reroute Syntax [no] ip-fast-reroute Context config>router Description This command enables IP Fast-Reroute (FRR) feature on the system. This feature provides for the use of a Loop-Free Alternate (LFA) backup next-hop for forwarding in- transit and CPM generated IP packets when the primary next-hop is not available. IP FRR is supported on IPv4 and IPv6 OSPF/IS-IS prefixes forwarded in the base router instance to a network IP interface or to an IES SAP interface or spoke interface.
Page 109 IP Router Configuration Parameters number — Specifies the maximum number of routes to be held in a VRF context. Values 1 to 2147483647 log-only — Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
Page 110 IP Router Configuration Command Reference Parameters seconds — Specifies the seconds Values 0 to 255 sr-labels Syntax sr-labels start start-value end end-value no sr-labels Context config>router>mpls-labels Description This command configures the range of the Segment Routing Global Block (SRGB). It is a label block which is used for assigning labels to segment routing prefix SIDs originated by this router.
Page 111 IP Router Configuration multicast-info Syntax multicast-info-policy policy-name no multicast-info-policy Context configure>router Description This command configures multicast information policy. Parameters policy-name — Specifies the policy name. Values 32 chars max network-domains Syntax network-domains Context config>router Description This command opens context for defining network-domains. This command is applicable only in the base routing context.
Page 112 IP Router Configuration Command Reference Parameters network-domain-name — Network domain name character string. rpki-session Syntax rpki-session ip-address no rpki-session ip-address Context config>router>origin-validation Description This command configures a session with an RPKI local cache server by using the RPKI-Router protocol. It is over these sessions that the router learns dynamic VRP entries expressing valid origin AS and prefix associations.
Page 113 IP Router Configuration local-address Syntax local-address ip-address no local-address Context config>router>origin-validation>rpki-session Description This command configures the local address to use for setting up the TCP connection used by an RPKI- Router session. The default local-address is the outgoing interface IPv4 or IPv6 address. The local- address cannot be changed without first shutting down the session.
Page 114 IP Router Configuration Command Reference Default no refresh-time Parameters seconds1 — Specifies a time in seconds. Values 30 to 32767 seconds2 — Specifies a time in seconds. Values 60 to 65535 shutdown Syntax shutdown no shutdown Context config>router>origin-validation>rpki-session Description This command administratively disables an RPKI-Router session. The no form of the command enables the RPKI-Router session.
Page 115 IP Router Configuration Description This command configures a static VRP entry indicating that a particular origin AS is either valid or invalid for a particular IP prefix range. Static VRP entries are stored along with dynamic VRP entries (learned from local cache servers using the RPKI-Router protocol) in the origin validation database of the router.
Page 116 IP Router Configuration Command Reference Default The system uses the system interface address (which is also the loopback address). If a system interface address is not configured, use the last 32 bits of the chassis MAC address. Parameters router-id — The 32 bit router ID expressed in dotted decimal notation or as a decimal value. service-prefix Syntax service-prefix ip-prefix/mask | ip-prefix netmask [exclusive]...
Page 117 IP Router Configuration ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32 ipv6-prefix: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 to FFFF]H [0 to 255]D ipv6-prefix-length: 0 to 128 Values exclusive When this option is specified, the addresses configured are exclusively used for services and cannot be assigned to network ports.
Page 118 IP Router Configuration Command Reference none, be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63 dot1p-priority —...
Page 119 IP Router Configuration Parameters name — Specifies a text string name for the template up to 32 characters in printable 7-bit ASCII, enclosed in double quotes. transmit-interval Syntax transmit-interval transmit-interval no transmit-interval Context config>router>bfd>bfd-template Description This command specifies the transmit timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets.
Page 120 IP Router Configuration Command Reference Default no cv-tx Parameters transmit-interval — Specifies the transmit interval. This parameter is only used if a BFD session is enabled with CV on an MPLS-TP LSP. Values 1 sec to 30 sec in 1 second increments Default 1 second echo-receive...
Page 121 The conditions to set overload are as follows: • 7750 SR-12/SR-7/SR-c12 and 7450 ESS-12/ESS-7/ESS-6 platforms: protocol sets overload if one of the SF/CPMs fails • 7950 XRS and 7750 SR-12e platforms: protocol sets overload if two SFMs fail The no form of this command configures the router to not set overload if an SFM fails.
Page 122 IP Router Configuration Command Reference IPv6 static routes are not supported on the 7450 ESS except in mixed mode. Default No static routes are defined. Parameters ip-prefix/prefix-length — The destination address of the static route. Values The following values apply to the 7750 SR and 7950 XRS: ipv4-prefix a.b.c.d (host bits must be 0)
Page 123 If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int- name of the unnumbered or point-to-point interface (on this node) can be configured. If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.
Page 124 IP Router Configuration Command Reference Parameters ip-address — The IP address of the IP interface. Values ipv4-address a.b.c.d ipv6-address x:x:x:x:x:x:x:x-[interface] black-hole Syntax [no] black-hole Context config>router>static-route-entry Description This command specifies that the route is a black hole route. If the destination address on a packet matches this static route, it will be silently discarded.
Page 125 IP Router Configuration Parameters comm-id — Speifies the community identifier. Values comm-id asn:comm-val, well-known-comm 0 to 65535 comm-val 0 to 65535 well-known-comm no-advertise, no-export, no-export- subconfed cpe-check Syntax [no] cpe-check cpe-ip-address Context config>router>static-route-entry>next-hop config>router>static-route-entry>indirect Description This command enables CPE-check and specifies the IP address of the target CPE device. This option initiates a background ICMP ping test to the configured target IP address.
Page 126 IP Router Configuration Command Reference interval Syntax [no] interval seconds Context config>router>static-route-entry>next-hop>cpe-check config>router>static-route-entry>indirect>cpe-check Description This optional parameter specifies the interval between ICMP pings to the target IP address. Default Parameters seconds — An integer interval value. Values 1 to 255 padding-size Syntax [no] padding-size padding-size...
Page 127 IP Router Configuration config>router>static-route-entry>indirect config>router>static-route-entry>black-hole Description This command creates a text description stored in the configuration file for a configuration context. The no form of the command removes the description string from the context Default no description Parameters description-string — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters.
Page 128 IP Router Configuration Command Reference generate-icmp Syntax [no] generate-icmp Context config>router>static-route-entry>black-hole Description This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.
Page 129 IP Router Configuration This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired Default no ldp-sync metric Syntax [no] metric metric-value Context config>router>static-route-entry>next-hop config>router>static-route-entry>indirect...
Page 130 IP Router Configuration Command Reference Table 5: Default Route Preference (Continued) Label Preference Configurable OSPF Internal routes IS-IS level 1 internal IS-IS level 2 internal OSPF external IS-IS level 1 external IS-IS level 2 external The no form of this command returns the returns the associated static route preference to its default value.
Page 131 IP Router Configuration priority Syntax [no] priority {low | high} Context config>router>static-route-entry>next-hop>forwarding-class config>router>static-route-entry>indirect>forwarding-class Description This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.
Page 132 IP Router Configuration Command Reference If source route policy accounting is enabled and a source-class index is configured, traffic with a source IP address matches the associated static route, the source accounting statistics for the specified class will be incremented. The no form of the command removes the associated destination-class from the associated static route nexthop.
Page 133 IP Router Configuration Context config>router>static-route-entry>indirect>tunnel-next-hop Description This optional command determines if the associated static route can be resolved via an IGP next-hop in the RTM if no tunnel next-hops are found in TTM. When configured, the associated static route will not be resolved to an available IGP route in the RTM. The no form of the command returns the behavior to the default, which does allow for the static route to be resolved via an IGP route in the RTM if no tunnel next-hop can be found in the TTM.
Page 134 IP Router Configuration Command Reference Syntax [no] ldp Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of LDP sourced tunnel entries in the TTM to resolve the associated static route next-hop. Default no ldp rsvp-te Syntax [no] rsvp-te Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of RSVP-TE sourced tunnel entries in the TTM to resolve the associated static route next-hop.
Page 135 IP Router Configuration sr-ospf Syntax [no] sr-ospf Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of sr-ospf sourced tunnel entries in the TTM to resolve the associated static route next-hop. Default no sr-ospf sr-isis Syntax [no] sr-isis Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of sr-isis sourced tunnel entries in the TTM to resolve the associated static route next-hop.
Page 136 IP Router Configuration Command Reference When the next-hop is reachable again and present in the ARP/Neighbor Cache, the static route will be considered valid and is subject to being placed into the active route-table. Default no validate-next-hop disallow-igp Syntax disallow-igp no disallow-igp Context config>router>static-route-entry>tunnel-next-hop...
Page 137 IP Router Configuration label-route-local Syntax label-route-local [all | none] Context config>router>ttl-propagate Description This command configures the TTL propagation for locally generated packets which are forwarded over a BGP label route in the Global Routing Table (GRT) context. For IPv4 and IPv6 packets forwarded using a RFC 3107 label route in the global routing instance, including 6PE, the all value of the command enables TTL propagation from the IP header into all labels in the transport label stack.
Page 138 IP Router Configuration Command Reference For IPv4 and IPv6 packets forwarded using a RFC 3107 label route in the global routing instance, including 6PE, the all value of the command enables TTL propagation from the IP header into all labels in the transport label stack.
Page 139 IP Router Configuration The none value reverts to the default mode which disables TTL propagation. This changes the existing default behavior which propagates the TTL to the transport label stack. When a customer upgrades, the new default becomes in effect. This command does not have a no version. This feature also controls the TTL propagation at an LDP-BGP stitching LSR in the LDP to BGP stitching direction.
Page 140 IP Router Configuration Command Reference When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route.
Page 141: Router L2Tp Commands
— The TTL of the IP packet is propagated into the VC label and all labels in the transport label stack. Router L2TP Commands Router L2TP commands only apply to the 7750 SR and 7450 ESS. l2tp Syntax l2tp Context config>router...
Page 142 IP Router Configuration Command Reference ascii-spec char-specification ascii-spec char-specification ascii-char | char-origin ascii-char a printable ASCII character char-origin %origin origin S | c | r | s | l system name, the value of TIMETRA-CHASSIS- MIB::tmnxChassisName Agent Circuit Id Agent Remote Id SAP ID, formatted as a character string Logical Line ID...
Page 143 IP Router Configuration next-preference-level — In case that the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a blacklist) then the selection algorithm will try to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.
Page 144 IP Router Configuration Command Reference Description This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of preconfigured time. Peers are always forced to the black list in case that they time out (failure to receive response to control packets).
Page 145 IP Router Configuration Table 6: Return codes (Continued) Return code Tunnels added to blacklist stop-ccn-other A tunnel will be forced to the blacklist in case that StopCCN message with the following Result Codes is received: (1) General request to clear control connection (4) Requester is not authorized to establish a control channel (5) Protocol version not supported (6) Requester is being shutdown...
Page 146 IP Router Configuration Command Reference configure>service>vprn>l2tp>tunnel-selection-blacklist Description This command configured the maximum length of the peer/tunnel blacklist. This command specifies how many items (tunnels or peers) can be in the tunnel-selection-blacklist. If a tunnel or peer needs to be added to the tunnel-selection-blacklist and the tunnel-selection-blacklist is full, the system will remove the item (tunnel or peer) from the blacklist that was in this blacklist for the longest time.
Page 147 IP Router Configuration Parameters action — Specifies the Action to be taken when a tunnel or peer has been in the blacklist for the max-period of time. Values remove-from-blacklist — The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max-time expires.
Page 148 IP Router Configuration Command Reference Description This command configures the L2TP receive window size. session-limit Syntax session-limit session-limit no session-limit Context config>router>l2tp Description This command configures the L2TP session limit of this router. Parameters session-limit — Specifies the session limit. Values 1 to 131071 group...
Page 149 IP Router Configuration avp-hiding Syntax avp-hiding sensitive | always no avp-hiding Context config>router>l2tp>group Description This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP. The no form of the command returns the value to never allow AVP hiding.
Page 150 IP Router Configuration Command Reference Default df-bit-lac always Parameters always — Specifies that the LAC will send all L2TP packets with the DF bit set to 1. never — Specifies that the LAC will send all L2TP packets with the DF bit set to 0. df-bit-lac Syntax df-bit-lac {always | never | default}...
Page 151 IP Router Configuration hello-interval Syntax hello-interval hello-interval no hello-interval Context config>router>l2tp>group Description This command configures the time interval between two consecutive tunnel Hello messages. The Hello message is an L2TP control message sent by either peer of a LAC-LNS control connection. This control message is used as a keepalive for the tunnel.
Page 152 IP Router Configuration Command Reference Description This command configures the ISA LNS group. Parameters lns-group-id — Specifies the LNS group ID. Values 1 to 4 load-balance-method Syntax load-balance-method {per-session | per-tunnel} no load-balance-method Context config>router>l2tp>group config>router>l2tp>group>tunnel Description This command describes how new sessions are assigned to an L2TP ISA MDA. Parameters per-session —...
Page 153 IP Router Configuration The no form of the command removes the name from the configuration. Default local-name Parameters host-name — Specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication. Default no local-name max-retries-estab...
Page 154 IP Router Configuration Command Reference password Syntax password password [hash | hash2] no password Context config>router>l2tp>group config>router>l2tp>group>tunnel Description This command configures the password between L2TP LAC and LNS The no form of the command removes the password. Default no password Parameters password —...
Page 155 IP Router Configuration no authentication-policy Context config>router>l2tp>group>ppp Description This command configures the authentication policy. Parameters auth-policy-name — Specifies the authentication policy name. Values 32 chars max default-group-interface Syntax default-group-interface ip-int-name service-id service-id no default-group-interface Context config>router>l2tp>group>ppp Description This command configures the default group interface. Parameters ip-int-name —...
Page 156 IP Router Configuration Command Reference no mtu Context config>router>l2tp>group>ppp Description This command configures the maximum PPP MTU size. Parameters mtu-bytes — Specifies, in bytes, the maximum PPP MTU size. Values 512 to 9212 proxy-authentication Syntax [no] proxy-authentication Context config>router>l2tp>group>ppp Description This command configures the use of the authentication AVPs received from the LAC.
Page 157 — Specifies the allowed number of sessions within the given context. Values 1 to 131071 Router L2TP Tunnel Commands Router L2TP tunnel commands only apply to the 7750 SR and 7450 ESS. tunnel Syntax tunnel tunnel-name [create] no tunnel tunnel-name Context config>router>l2tp>group...
Page 158 IP Router Configuration Command Reference Parameters tunnel-name — Specifies a valid string to identify a L2TP up to 32 characters in length. create — mandatory while creating a new tunnel auto-establish Syntax [no] auto-establish Context config>router>l2tp>group>tunnel Description This command specifies if this tunnel is to be automatically set up by the system. no auto-establish avp-hiding Syntax...
Page 159 IP Router Configuration The no form of the command removes the parameter from the configuration and indicates that the value on group level will be taken. Default no challenge Parameters challenge-mode — Specifies when challenge-response is to be used for the authentication of the tunnel.
Page 160 IP Router Configuration Command Reference peer Syntax peer ip-address no peer Context config>router>l2tp>group>tunnel Description This command configures the peer address. The no form of the command removes the IP address from the tunnel configuration. Default no peer Parameters ip-address — Sets the LNS IP address for the tunnel. preference Syntax preference preference...
Page 161 IP Router Configuration tunnel-selection-blacklist Syntax tunnel-selection-blacklist Context config>router>l2tp Description This command enables the context to configure L2TP Tunnel Selection Blacklist parameters. add-tunnel Syntax add-tunnel never add-tunnel on reason [reason...(upto 8 max)] no add-tunnel Context configure>router>l2tp>tunnel-selection-blacklist configure>service>vprn>l2tp>tunnel-selection-blacklist Description This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of preconfigured time.
Page 162 IP Router Configuration Command Reference stop-ccn-other A tunnel will be forced to the blacklist in case that StopCCN message with the following Result Codes is received: (1) General request to clear control connection (4) Requester is not authorized to establish a control channel (5) Protocol version not supported (6) Requester is being shutdown Or in the case that the StopCCN with the following result codes is transmitted:...
Page 163 IP Router Configuration Default unlimited Parameters unlimited — Specifies there is no limit. count — Specifies how many items (tunnels or peers) can be in the tunnel-selection-blacklist. Values 1 to 65635 max-time Syntax max-time minutes no max-time Context configure>router>l2tp>tunnel-selection-blacklist configure>service>vprn>l2tp>tunnel-selection-blacklist Description This command configures time for which an entity (peer or a tunnel) are kept in the blacklist.
Page 164: Router Interface Commands
IP Router Configuration Command Reference try-one-session — Once the max-time expired, the peer or tunnel in the blacklist is made available for selection only to a single new session request. Only upon successful tunnel establishment will the incoming new sessions be eligible to be mapped into this tunnel.
Page 165 IP Router Configuration Default No interfaces or names are defined within the system. Parameters ip-int-name — The name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address.
Page 166 IP Router Configuration Command Reference By default, no IP address or subnet association exists on an IP interface until it is explicitly created. The no form of the command removes the IP address assignment from the IP interface. Interface specific configurations for MPLS/RSVP are also removed. This will operationally stop any MPLS LSPs that explicitly reference that IP address.
Page 167 IP Router Configuration The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-addr and the mask- length or mask with all the host bits set to binary 1.
Page 168 IP Router Configuration Command Reference arp-limit Syntax arp-limit limit [log-only] [threshold percent] no arp-limit Context config>router>interface Description This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface. When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent.
Page 169 IP Router Configuration Syntax bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo- interval] [type cpm-np] no bfd Context config>router>interface config>router>interface>ipv6 Description This command specifies the bi-directional forwarding detection (BFD) parameters for the associated IP interface. If no parameters are defined the default values are used. The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault.
Page 170 IP Router Configuration Command Reference type cpm-np — Selects the CPM network processor as the local termination point for the BFD session for the 7750 SR and 7950 XRS. See Important Notes, above. cflowd-parameters Syntax cflowd-parameters no cflowd-parameters Context config>router>interface Description This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.
Page 171 IP Router Configuration type — Specifies whether the traffic sampling is based on an acl match, or all traffic entering or exiting the associated interface. Values acl — Specifies that the sampled traffic is controlled via an IP traffic filter entry with the action “filter-sample” configured. interface —...
Page 172 IP Router Configuration Command Reference config>service>vprn>sub-if>grp-if Description This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics. If enabled, then the following statistics are collected: • IPv4 offered packets •...
Page 173 IP Router Configuration Description This command configures interface SRLG Group memberships for this interface local-proxy-arp Syntax [no] local-proxy-arp Context config>router>interface Description This command enables local proxy ARP on the interface. Default no local-proxy-arp ip-mtu Syntax ip-mtu octets no ip-mtu Context config>router>if Description This command configures the IP maximum transmit unit (packet) for the associated router IP interface.
Page 174 IP Router Configuration Command Reference The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG. Default no lag-link-map-profile Parameters link-map-profile-id — An integer from 1 to 32 that defines a unique lag link map profile on which the LAG the SAP/network interface exist.
Page 175 IP Router Configuration When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM, IMMM, or XMA will spray the packets for this route based on hashing routine currently supported for IPv4 packets. When the preferred RTM entry corresponds to an LDP shortcut route, spraying will be performed across the multiple next-hops for the LDP FEC.
Page 176 IP Router Configuration Command Reference If the user changes the value of the LDP synchronization timer parameter, the new value will take effect at the next synchronization event. If the timer is still running, it will continue to use the previous value.
Page 177 IP Router Configuration Context config>router>interface>load-balancing Description This command specifies whether to include source address or destination address or both in LAG/ ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs. The no form of this command includes both source and destination parameters.
Page 178 IP Router Configuration Command Reference Description This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting. The no form disables the SPI function. Default disabled teid-load-balancing Syntax [no] teid-load-balancing Context config>router>interface>load-balancing Description This command enables inclusion of TEID in hashing for GTP-U/C encapsulates traffic for GTPv1/...
Page 179 IP Router Configuration Parameters ieee-mac-addr — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
Page 180 IP Router Configuration Command Reference ntp-broadcast Syntax [no] ntp-broadcast Context config>router>interface Description This command enables SNTP broadcasts received on the IP interface. This parameter is only valid when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface. Default no ntp-broadcast port...
Page 181 IP Router Configuration 0..4094.* for qinq port-id slot/mda/port[.channel] eth-sat-id esat-id/slot/port esat keyword 1 to 20 pxc-id pxc-id.sub-port keyword 1 to 64 sub-port a, b bundle-id - bundle-type-slot/mda.bundle-num bundle keyword type ima, fr, ppp bundle-num 1..336 bpgrp-id bpgrp-type-bpgrp-num bpgrp keyword type ima, ppp bpgrp-num 1 to 2000...
Page 182 1 to 8 path-id a, b cc-type .sap-net, .net-sap lag-id lag-id keyword 1 to 200 gtg-id gmpls-tun-grp-id gmpls-tun-grp keyword 1 to 1024 Values The following values apply to the 7450 ESS: port-id slot/mda/port[.channel] eth-sat-id esat-id/slot/port esat keyword Router Configuration Guide...
Page 183 IP Router Configuration 1 to 20 pxc-id pxc-id.sub-port keyword 1 to 64 sub-port a, b ccag-id ccag-id.path-id[cc-type] ccag keyword 1 to 8 path-id a, b cc-type .sap-net, .net-sap lag-id lag-id keyword 1 to 800 gtg-id gmpls-tun-grp-id gmpls-tun-grp keyword 1 to 200 proxy-arp-policy Syntax [no] proxy-arp-policy policy-name [policy-name...(up to 5 max)]...
Page 184 IP Router Configuration Command Reference Context config>router>interface Description This command configures the 1588 port based timestamping assist function for the interface. Various checks are performed to ensure that this feature can be enabled. If a check fails: • The command is blocked/rejected with an appropriate error message. •...
Page 185 (applies to IPv4) or the interface>ipv6 context (applies to IPv6). Subscriber management group interfaces for the 7750 SR and 7450 ESS also do not support the source QPPB option. The no form of the command reverts to the default.
Page 186 IP Router Configuration Command Reference egress-port-redirect-group queue-group-name — This optional parameter specifies the egress queue-group used for all egress forwarding-class redirections specified within the network QoS policy ID. The specified queue-group-name must exist as an egress queue group applied to the egress context of the port associated with the IP interface. egress-instance instance-id —...
Page 187 IP Router Configuration / — The forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-addr, the “/” and the mask-length parameter. If a forward slash does not immediately follow the ip-addr, a dotted decimal mask must follow the prefix.
Page 188 IPv4 packets that arrive without any labels are supported on an interface with strip-label enabled, but labeled or unlabeled IPv6 packets are dropped. This command is only supported on: • Optical ports for the 7750 SR and 7450 ESS Router Configuration Guide...
Page 189 IP Router Configuration • IOM3-XP cards for the 7750 SR and 7450 ESS • Null/Dot1q encaps • Network ports • IPv4 The no form of the command removes the strip-label command. In order to associate an interface that is configured with the strip-label parameter with a port, the port must be configured as single-fiber for the command to be valid.
Page 190 IP Router Configuration Command Reference Parameters trusted — The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set untrusted — Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.
Page 191 IP Router Configuration If the optional destination parameter is specified and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface.
Page 192 IP Router Configuration Command Reference Description This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default. The no form of the command disables accepting unsecured messages. link-local-modifier Syntax link-local-modifier modifier [no] link-local-modifier Context...
Page 193 IP Router Configuration shutdown Syntax [no] shutdown Context config>router>if>ipv6>secure-nd Description This command enables or disables Secure Neighbor Discovery (SeND) on the interface. stale-time Syntax stale-time seconds no stale-time Context config>router>ipv6 config>router>if>ipv6 Description This command configures the time a neighbor discovery cache entry can remain stale before being removed.
Page 194 IP Router Configuration Command Reference 9158 = max-IP_MTU (9198)-40 Values 536 to 9158 (IPv4) 1220 to 9138 (IPv6) urpf-check Syntax [no] urpf-check Context config>router>if config>router>if>ipv6 Description This command enables unicast RPF (uRPF) Check on this interface. The no form of the command disables unicast RPF (uRPF) Check on this interface. Default disabled vas-if-type...
Page 195 IP Router Configuration mode Syntax mode {strict | loose | strict-no-ecmp} no mode Context config>router>if>urpf-check config>router>if>>ipv6>urpf-check Description This command specifies the mode of unicast RPF check. The no form of the command reverts to the default (strict) mode. Default strict Parameters strict —...
Page 196 IP Router Configuration Command Reference config>router>mh-secondary-interface Description This command assigns an IP address, IP subnet and broadcast address format to an IP interface. Only one IP address can be associated with an IP interface. An IP address must be assigned to each IP interface for the interface to be active.
Page 197 IP Router Configuration mask — The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-addr from a traditional dotted decimal mask. The mask parameters indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address.
Page 198 IP Router Configuration Command Reference if-attribute Syntax if-attribute Context config>router config>router>interface config>service>ies>interface config>service>vprn>interface Description This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG). admin-group Syntax admin-group group-name value group-value no admin-group group-name Context config>router>if-attribute...
Page 199 IP Router Configuration Parameters group-name — Specifies the name of the group with up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. value group-value — Specifies the integer value associated with the group. The association of group name and value should be unique within an IP/MPLS domain.
Page 200 IP Router Configuration Command Reference SRLG is used to tag IP or MPLS interfaces which share a specific fate with the same identifier. For example, an SRLG group identifier could represent all links which use separate fibers but are carried in the same fiber conduit.
Page 201 IP Router Configuration srlg-group Syntax srlg-group group-name [group-name...(up to 5 max)] no srlg-group group-name [group-name...(up to 5 max)] no srlg-group Context config>router>interface>if-attribute config>service>ies>interface>if-attribute config>service>vprn>interface>if-attribute config>router>mpls>interface Description This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.
Page 202 IP Router Configuration Command Reference Description This command creates a template to configure the attributes of a Loop-Free Alternate (LFA) Shortest Path First (SPF) policy. An LFA SPF policy allows the user to apply specific criteria, such as admin group and SRLG constraints, to the selection of an LFA backup next-hop for a subset of prefixes that resolve to a specific primary next-hop.
Page 203 IP Router Configuration Each group is entered individually. The include-group statement instructs the LFA SPF selection algorithm to pick up a subset of LFA next-hops among the links which belong to one or more of the specified admin groups. A link which does not belong to at least one of the admin-groups is excluded. However, a link can still be selected if it belongs to one of the groups in a include-group statement but also belongs to other groups which are not part of any include-group statement in the route next-hop policy.
Page 204 IP Router Configuration Command Reference The pref option is used to provide a relative preference for the admin group to select. A lower preference value means that LFA SPF will first attempt to select an LFA backup next-hop that is a member of the corresponding admin group.
Page 205 IP Router Configuration The user can select if link protection or node protection is preferred in the selection of an LFA next- hop for all IP prefixes and LDP FEC prefixes to which a route next-hop policy template is applied. The default in SR OS implementation is node protection.
Page 206 IP Router Configuration Command Reference Default no mh-secondary-interface hold-time Syntax hold-time holdover-time no hold-time Context config>router>mh-secondary-interface Description The optional hold-time parameter is only applicable for the secondary context and specifies how long label information learned about the secondary anycast address should be kept after that peer is declared down.
Page 207 IP Router Configuration filter Syntax filter ip ip-filter-id filter ipv6 ipv6-filter-id no filter [ip ip-filter-ip] [ipv6 ipv6-filter-id] Context config>router>if>ingress config>router>if>egress Description This command associates an IP filter policy with an IP interface. Filter policies control packet forwarding and dropping based on IP match criteria. The ip-filter-id must have been preconfigured before this filter command is executed.
Page 208 IP Router Configuration Command Reference Description This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface. The up timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the deactivation of the associated interface for the specified amount of time.
Page 209 IP Router Configuration Config>service>ies>redundant-interface>hold-time Config>service>vprn>interface>hold-time Config>service>vprn>network-interface>hold-time Config>service>vprn>subscriber-interface>hold-time Config>service>vprn>redundant-interface>hold-time Config>service>vpls>interface>hold-time Description This command will cause a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured.
Page 210 IP Router Configuration Command Reference redirects Syntax redirects [number seconds] no redirects Context config>router>if>icmp Description This command enables and configures the rate for ICMP redirect messages issued on the router interface. When routes are not optimal on this router, and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.
Page 211 IP Router Configuration Parameters number — The maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. The seconds parameter must also be specified. Values 10 to 1000 seconds — The time frame, in seconds, used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer.
Page 212 IP Router Configuration Command Reference Description This command configures IPv6 for a router interface. The no form of the command disables IPv6 on the interface. Default not enabled address Syntax address {ipv6-address/prefix-length} [eui-64] no address {ipv6-address/prefix-length} Context config>router>if>ipv6 Description This command assigns an IPv6 address to the interface. Default none Parameters...
Page 213 IP Router Configuration icmp6 Syntax icmp6 Context config>router>if>ipv6 Description This command enables the context to configure ICMPv6 parameters for the interface. packet-too-big Syntax packet-too-big [number seconds] no packet-too-big Context config>router>if>ipv6>icmp6 Description This command configures the rate for ICMPv6 packet-too-big messages. Parameters number —...
Page 214 IP Router Configuration Command Reference no redirects Context config>router>if>ipv6>icmp6 Description This command configures the rate for ICMPv6 redirect messages. When configured, ICMPv6 redirects are generated when routes are not optimal on the router and another router on the same subnetwork has a better route to alert that node that a better route is available.
Page 215 IP Router Configuration The no form of the command disables the generation of ICMPv6 host and network unreachable messages by this interface. Default 100 10 (when IPv6 is enabled on the interface) Parameters number — Determines the number destination unreachable ICMPv6 messages to issue in the time frame specified in seconds parameter.
Page 216 IP Router Configuration Command Reference no neighbor [ipv6-address] Context config>router>if>ipv6 Description This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a directly attached IPv6 node does not support ICMPv6 neighbor discovery, or for some reason, a static address must be used.
Page 217 IP Router Configuration limit — The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned. Values 0 to 102400 proxy-nd-policy...
Page 218 IP Router Configuration Command Reference option Syntax [no] option Context config>router>if>dhcp Description This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 sub-options. The no form of this command returns the system to the default. Default no option action...
Page 219 IP Router Configuration no circuit-id Context config>router>if>dhcp>option Description When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>interface>detail. This option specifies data that must be unique to the router that is relaying the circuit.
Page 220 This command enables the sending of the MAC address in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet. The no form of the command disables the sending of the MAC address in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet.
Page 221 IP Router Configuration The no form of the command disables the sending of the service ID in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet. string Syntax [no] string text Context config>router>if>dhcp>option>vendor-specific-option Description This command specifies the vendor specific suboption string of the DHCP relay packet.
Page 222 IP Router Configuration Command Reference Description This command specifies a list of servers where requests will be forwarded. The list of servers can entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work.
Page 223: Router Advertisement Commands
IP Router Configuration Router Advertisement Commands router-advertisement Syntax [no] router-advertisement Context config>router Description This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces. The no form of the command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.
Page 224 IP Router Configuration Command Reference Default none Parameters ipv6-address — Specify the IPv6 address of the DNS server(s), up to 4 max. Specified as eight 16- bit hexadecimal pieces. include-dns Syntax [no] include-dns Context config>router>router-advertisement>interface>dns-options Description This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.
Page 225 IP Router Configuration Default No interfaces are configured by default. Parameters ip-int-name — Specify the interface name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. current-hop-limit Syntax current-hop-limit number no current-hop-limit Context config>router>router-advert>if...
Page 226 IP Router Configuration Command Reference min-advertisement-interval Syntax [no] min-advertisement-interval seconds Context config>router>router-advert>if Description This command configures the minimum interval between sending ICMPv6 neighbor discovery router advertisement messages. Default Parameters seconds — Specify the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages.
Page 227 IP Router Configuration Description This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements. Default none Parameters ip-prefix — The IP prefix for prefix list entry in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0)
Page 228 IP Router Configuration Command Reference preferred-lifetime Syntax [no] preferred-lifetime {seconds | infinite} Context config>router>router-advert>if Description This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.
Page 229 IP Router Configuration Parameters milli-seconds — Specifies the length of time the router should be considered reachable. Values 0 to 3600000 retransmit-time Syntax retransmit-timer milli-seconds no retransmit-timer Context config>router>router-advert>if Description This command configures the retransmission frequency of neighbor solicitation messages. Default no retransmit-time Parameters...
Page 230 IP Router Configuration Command Reference Default no use-virtual-mac Router Configuration Guide...
Page 231: Show, Clear, And Debug Command Reference
IP Router Configuration Show, Clear, and Debug Command Reference Command Hierarchies • Show Commands • Clear Commands • Debug Commands • Tools Commands Router Configuration Guide...
Page 232: Show Commands
Show, Clear, and Debug Command Reference Show Commands The show L2TP commands apply only to the 7750 SR and 7450 ESS. show — router router-instance — router service-name service-name — aggregate [family] [active] — [ip-int-name | ip-address/mask | mac ieee-mac-address | summary] [local | dynamic | static | managed] —...
Page 233: Clear Commands
IP Router Configuration — l2tp — group [tunnel-group-name [statistics]] — group connection-id connection-id [detail] — group [detail] [session-id session-id (v2)] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host- name] [remote-name remote-host-name] [tunnel-id tunnel-id (v2)] — session [detail] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [control-connection-id connection-id (v3)] —...
Page 234: Debug Commands
Show, Clear, and Debug Command Reference — dhcp — statistics [ip-int-name | ip-address] — dhcp6 — statistics [ip-int-name | ip-address] — forwarding-table [slot-number] — grt-lookup — icmp-redirect-route {all | ip-address} — icmp6 — icmp6 global — icmp6 interface interface-name — interface [ip-int-name | ip-addr] [icmp] [urpf-stats] [statistics] —...
Page 235: Tools Commands
IP Router Configuration Tools Commands tools — dump — router — segment-routing — tunnel Router Configuration Guide...
Page 236: Command Descriptions
Show, Clear, and Debug Command Reference Command Descriptions Show Commands The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. aggregate Syntax aggregate [family] [active] Context show>router Description This command displays aggregate routes. Parameters family —...
Page 237 IP Router Configuration Description This command displays the router ARP table sorted by IP address. If no command line options are specified, all ARP entries are displayed. Parameters ip-address/mask — Only displays ARP entries associated with the specified IP address and mask. ip-int-name —...
Page 238 Show, Clear, and Debug Command Reference 10.20.1.24 00:16:4d:23:91:b8 00h00m00s Oth system 10.10.4.11 00:03:fa:00:d0:c9 00h57m03s Dyn[I] to-core-sr1 10.10.4.24 00:03:fa:41:8d:20 00h00m00s Oth[I] to-core-sr1 ------------------------------------------------------------------------------- No. of ARP Entries: 3 =============================================================================== A:ALA-A# show router ARP 10.10.0.3 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface -------------------------------------------------------------------------------...
Page 239 IP Router Configuration Output Authentication Statistics Output — The following table describes the show authentication statistics output fields: Table 8: Authentication Statistics Field Descriptions Label Description Client Packets The number of packets that failed authentication. Authenticate Fail Client Packets The number of packets that were authenticated. Authenticate Ok Sample Output A:ALU-3>show>router>auth# statistics...
Page 240 Show, Clear, and Debug Command Reference *A:Dut-C# show router bfd session src 11.120.1.4 dest 11.120.1.3 =============================================================================== BFD Session =============================================================================== Remote Address : 11.120.1.3 Admin State : Up Oper State : Up (3) Protocols : static Rx Interval : 10 Tx Interval : 10 Multiplier Echo Interval...
Page 241 IP Router Configuration =============================================================================== BFD Session =============================================================================== Interface/Lsp Name State Tx Intvl Rx Intvl Multipl Remote Address/Info Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- wp::lsp-32 Down (1) 1000 1000 0::0.0.0.0 mplsTp cpm-np wp::lsp-33 Down (1) 1000 1000 0::0.0.0.0 mplsTp cpm-np wp::lsp-34 Down (1) 1000...
Page 242 Show, Clear, and Debug Command Reference interface Syntax interface [interface-name] Context show>router>bfd Description This command displays interface information. Output BFD interface Output — The following table describes the show BFD interface output fields: Table 9: BFD Interface Field Descriptions Label Description TX Interval Displays the interval, in milliseconds, between the transmitted BFD...
Page 243 IP Router Configuration rsvp {head | tail} tunnel-id tunnel-id lsp-id lsp-id session mpls-tp session lsp-name Lsp Name [link-type {cc-only | cc-cv}] detail session p2mp-interface interface-name detail session src ip-address/link-local address detail lsp-rsvp {head | tail} rsvp-session-name rsvp-session-name session [src ip-address/link-local address] [ipv4 | ipv6] session src ip-address/link-local address dest ip-address | link-local address session src ip-address/link-local address detail session summary...
Page 244 Show, Clear, and Debug Command Reference ------------------------------------------------------------------------------- port-1-1 Up (3) 10.1.1.3 pim isis 50971 50718 port-1-1 Up (3) 3FFE::A01:103 static bgp cpm-np port-1-1 Up (3) FE80::A0A:A03 pim isis ospf3 cpm-np port-1-2 Up (3) 10.2.1.3 pim isis 50968 50718 port-1-2 Up (3) 3FFE::A02:103 static bgp cpm-np...
Page 245 IP Router Configuration Local Min Tx : 10 Local Mult Last Sent (ms) : 6 Local Min Rx : 10 Type : cpm-np Remote Discr : 270 Remote State : Up (3) Remote Diag : 0 (None) Remote Mode : Async Remote Min Tx : 10 Remote Mult...
Page 246 Show, Clear, and Debug Command Reference =============================================================================== *A:Dut-B# *A:Dut-D# show router bfd session summary ============================= BFD Session Summary ============================= Termination Session Count ----------------------------- central cpm-np iom, slot 1 iom, slot 2 iom, slot 3 iom, slot 4 iom, slot 5 Total ============================= *A:Dut-D#...
Page 247 IP Router Configuration dhcp Syntax dhcp Context show>router Description This command enables the context to display DHCP related information. dhcp6 Syntax dhcp6 Context show>router Description This command enables the context to display DHCP6 related information. statistics Syntax statistics [ip-int-name | ip-address] Context show>router>dhcp show>router>dhcp6...
Page 248 Show, Clear, and Debug Command Reference Table 11: DHCP Statistics Field Descriptions (Continued) Label Description Client Packets The number of packets received from the DHCP clients that were Discarded discarded. Client Packets Relayed The number of packets received from the DHCP clients that were forwarded.
Page 249 IP Router Configuration 11 Subscr. Mgmt. Update failed 12 Received Relay Forw Message 13 Packet too small to contain valid dhcp6 msg 14 Server cannot respond to this message 15 No Server Id option in msg from server 16 Missing or illegal Client Id option in client msg 17 Server Id option in client msg 18 Server DUID in client msg does not match our own 19 Client sent message to unicast while not allowed...
Page 250 Show, Clear, and Debug Command Reference sap:1/2/12:1 0/8000 interfaceService Down Down sap:1/2/1 0/8000 Down Down interfaceServiceNonDefault NoServerCo* sap:1/2/12:2 0/8000 Down Down ip-61.4.113.4 575/8000 sap:1/1/1:1 580/8000 ============================================================================= A:ALA-1# ecmp Syntax ecmp Context show>router Description This command displays the ECMP settings for the router. Output ECMP Settings Output —...
Page 251 — Displays the peers that are IPv6-capable. ip-prefix/prefix-length — Displays FIB entries only matching the specified ip-prefix and length. Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32...
Page 252 Show, Clear, and Debug Command Reference nh-table-usage — Displays next-hop table usage. Output Sample Output show router fib 1 131.132.133.134/32 ======================================================================== FIB Display ======================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------ 131.132.133.134/32 OSPF 66.66.66.66 (loop7) Next-hop type: tunneled, Owner: RSVP, Tunnel-ID: <out-ifindex-from-route> ------------------------------------------------------------------------ Total Entries : 1 ------------------------------------------------------------------------ ========================================================================...
Page 253 IP Router Configuration 10.20.1.3/32 LOCAL 10.20.1.3 (system) 20.12.0.43/32 STATIC vprn1:mda-1-1 20.12.0.44/32 STATIC vprn1:mda-2-1 20.12.0.45/32 STATIC vprn1:mda-2-2 20.12.0.46/32 STATIC vprn1:mda-3-1 100.0.0.1/32 vprn1:mda-1-1 vprn1:mda-3-1 138.203.71.202/32 STATIC 10.12.0.2 (itfToArborCP_02) ------------------------------------------------------------------------------- Total Entries : 15 ------------------------------------------------------------------------------- =============================================================================== *A:Dut-C>config>router>mpls>lsp# show router fib 1 5.3.0.1/32 extensive =============================================================================== FIB Display (Router: Base) ===============================================================================...
Page 254 Show, Clear, and Debug Command Reference ECMP-Weight : 20 Next-Hop : 1.0.0.3 (RSVP tunnel:61442) : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight =============================================================================== Total Entries : 1 =============================================================================== *A:Dut-C> show router route-table 10.1.0.5/32 extensive =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix : 10.1.0.5/32 Protocol : STATIC...
Page 255 IP Router Configuration FIB Display =============================================================================== Prefix [Flags] Protocol NextHop ------------------------------------------------------------------------------- 10.15.1.0/24 10.20.1.3 (Transport:SR) ------------------------------------------------------------------------------- Total Entries : 1 ------------------------------------------------------------------------------- =============================================================================== *A:Dut-B# show router fib 1 10.15.1.0/24 extensive =============================================================================== FIB Display (Router: Base) =============================================================================== Dest Prefix : 10.15.1.0/24 Protocol : BGP Installed Indirect Next-Hop : 10.20.1.3...
Page 256 Show, Clear, and Debug Command Reference ip-prefix[/prefix-length] — Displays routes only matching the specified ip-address and length. Values ipv4-prefix: a.b.c.d (host bits must be set to 0) ipv4-prefix-length: 0 to 32 ipv6 ipv6-prefix[/pref*: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D prefix-length: 1 to 128...
Page 257 IP Router Configuration 10.20.1.2/32 SR-ISIS-0 21002 1.2.3.2 1/1/2 21002/21005 1.3.4.4(B) 2/1/3:1 10.20.1.4/32 SR-ISIS-0 21004 1.3.4.4 2/1/3:1 21004/21005 1.2.3.2(B) 1/1/2 10.20.1.5/32 SR-ISIS-0 21005 1.2.3.2 1/1/2 21005 1.3.4.4(B) 2/1/3:1 ------------------------------------------------------------------------------- Total Entries : 4 ------------------------------------------------------------------------------- =============================================================================== *A:Dut-C# *A:Dut-C# show router fp-tunnel-table 1 =============================================================================== Tunnel Table Display Legend:...
Page 258 Show, Clear, and Debug Command Reference *A:Dut-F# show router fp-tunnel-table 1 =============================================================================== Tunnel Table Display Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 1.0.11.1/32 SR-OSPF-0 30004 1.0.26.2 1/1/3:1 40004 1.0.36.3(B) 1/1/4:1 1.0.22.2/32 SR-OSPF-0 30005 1.0.26.2 1/1/3:1 20005/40004 1.0.36.3(B) 1/1/4:1...
Page 259 IP Router Configuration Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 10.20.1.5/32 262135 10.10.5.5 2/1/1 10.20.1.5(B) 10.20.1.5/32 SR-ISIS-0 474390 10.10.5.5 2/1/1 474390/474389 10.10.12.2(B) lag-1 ------------------------------------------------------------------------------- Total Entries : 2 ------------------------------------------------------------------------------- =============================================================================== icmp6 Syntax icmp6 Context show>router Description This command displays Internet Control Message Protocol Version 6 (ICMPv6) statistics.
Page 260 Show, Clear, and Debug Command Reference Table 14: ICMP6 Field Descriptions (Continued) Label Description Router Advertisements The number of times the router advertised its location. Neighbor The number of times the neighbor router advertised its location. Advertisements Sample Output A:SR-3>show>router>auth# show router icmp6 =============================================================================== Global ICMPv6 Stats ===============================================================================...
Page 261 IP Router Configuration Table 15: SRLG Field Descriptions Label Description Group Name The name of the SRLG. Group Value The integer value of the SRLG. Penalty Weight The penalty weight that is assigned to the SRLG. No. of Groups The total number of displayed SRLGs. Sample Output B:CORE2# show router if-attribute srlg-group ==================================================...
Page 262 Show, Clear, and Debug Command Reference Table 16: ICMP6 Interface Field Descriptions (Continued) Label Description Echo Request The number of echo requests. Router Solicits The number of times the local router was solicited. Neighbor Solicits The number of times the neighbor router was solicited. Errors The number of error messages.
Page 263 IP Router Configuration interface {ip-address | ip-int-name} statistics interface dist-cpu-protection [detail] interface policy-accounting [class [index]] Context show>router Description This command displays the router IP interface table sorted by interface index. Parameters ip-address — Only displays the interface information associated with the specified IP address. Values ipv4-address a.b.c.d (host bits must be 0)
Page 264 Show, Clear, and Debug Command Reference Table 17: Standard IP Interface Field Descriptions Label Description Interface-Name The IP interface name. Type n/a — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri —...
Page 265 IP Router Configuration If Index Virt. If Index Last Oper Chg : 01/14/2014 14:33:04 Global If Index : 30 Lag Link Map Prof: none Port Id : 1/1/2:1 TOS Marking : Trusted If Type : Network Egress Filter : none Ingress Filter : none Egr IPv6 Flt...
Page 266 Show, Clear, and Debug Command Reference ---------------------------------------------------------------------- "group1" "group2" ---------------------------------------------------------------------- ---------------------------------------------------------------------- Srlg Groups ---------------------------------------------------------------------- "group3" "group4" ---------------------------------------------------------------------- -----------------------------------------------------------------------Qos Details ----------------------------------------------------------------------- Ing Qos Policy : (none) Egr Qos Policy : (none) Ingress FP QGrp : (none) Egress Port QGrp : (none) Ing FP QGrp Inst : (none) Egr Port QGrp Inst: (none) =======================================================================...
Page 267 IP Router Configuration FE80::200:FF:FE00:4/64 PREFERRED ip-11.4.114.4 Up/Up Up/Up Network 6/1/2 11.4.114.4/24 3FFE::B04:7204/120 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-12.2.4.4 Up/Up Down/Down Network 3/1/2 12.2.4.4/24 3FFE::C02:404/120 ip-13.2.4.4 Up/Up Down/Down Network 3/1/3 13.2.4.4/24 3FFE::D02:404/120 ip-14.2.4.4 Up/Up Down/Down Network 3/1/4 14.2.4.4/24 3FFE::E02:404/120 ip-15.2.4.4 Up/Up Down/Down Network 3/1/5 15.2.4.4/24 3FFE::F02:404/120 ip-21.2.4.4...
Page 268 Show, Clear, and Debug Command Reference mda-1-1 Up/Down 20.12.0.43/32 mda-2-1 Up/Down 20.12.0.44/32 mda-2-2 Up/Down 20.12.0.45/32 mda-3-1 Up/Down 20.12.0.46/32 ------------------------------------------------------------------------------- Interfaces : 4 =============================================================================== A:ALA-A# show router interface to-ser1 =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode ------------------------------------------------------------------------------- to-ser1 10.10.13.3/24 Network =============================================================================== A:ALA-A# A:ALA-A# show router interface exclude-services...
Page 269 IP Router Configuration Table 18: Detailed IP Interface Field Descriptions (Continued) Label Description If Index The interface index of the IP router interface. Virt If Index The virtual interface index of the IP router interface. Last Oper Change The last change in operational status. Global If Index The global interface index of the IP router interface.
Page 270 Show, Clear, and Debug Command Reference Sample Output B:bksim1619# show router interface "to-sim1621" detail =============================================================================== Interface Table (Router: Base) =============================================================================== ------------------------------------------------------------------------------- Interface ------------------------------------------------------------------------------- If Name : to-sim1621 Admin State : Up Oper (v4/v6) : Up/-- Protocols : None IP Addr/mask : 1.1.1.2/24 Address Type : Primary...
Page 271 IP Router Configuration Peer Sec DNS Addr: Not configured Network Domains Associated default ------------------------------------------------------------------------------- Qos Details ------------------------------------------------------------------------------- Ing Qos Policy : (none) Egr Qos Policy : (none) Ingress FP QGrp : (none) Egress Port QGrp : (none) Ing FP QGrp Inst : (none) Egr Port QGrp Inst: (none) =============================================================================== * indicates that the corresponding row element may have been truncated.
Page 272 Show, Clear, and Debug Command Reference Admin State : Up Oper (v4/v6) : Up/Down Protocols : None IP Addr/mask : 20.12.0.44/32 Address Type : Primary IGP Inhibit : Disabled Broadcast Address : Host-ones HoldUp-Time Track Srrp Inst ------------------------------------------------------------------------------- Details ------------------------------------------------------------------------------- Description : tms-2-1 If Index...
Page 273 IP Router Configuration If Name : to_Ixia Admin State : Up Oper (v4/v6) : Up/Up Rx Pkts : 6244 Rx Bytes : 599424 Rx V4 Pkts : 3122 Rx V4 Bytes : 299712 Rx V6 Pkts : 3122 Rx V6 Bytes : 299712 Tx Pkts Tx Bytes...
Page 274 Show, Clear, and Debug Command Reference TEID Load Balance: Disabled uRPF Chk : enabled uRPF Chk Mode : strict uRPF Ipv6 Chk : enabled uRPF Ipv6 Chk Mode: strict PTP HW Assist : Disabled Rx Pkts : 6244 Rx Bytes : 599424 Rx V4 Pkts : 3122...
Page 275 IP Router Configuration The following displays output if enable-interface-statistics is not enabled for a given interface. =============================================================================== Interface Statistics =============================================================================== If Name : to_Ixia Admin State : Up Oper (v4/v6) : Up/Up Rx Pkts : N/A Rx Bytes : N/A Rx V4 Pkts : N/A Rx V4 Bytes...
Page 276 Show, Clear, and Debug Command Reference Summary IP Interface Output — The following table describes the summary output fields for the router IP interfaces. Table 20: Summary IP Interface Field Descriptions Label Description Instance The router instance number. Router Name The name of the router instance.
Page 277 IP Router Configuration TOS Marking : Trusted If Type : Network Egress Filter : none Ingress Filter : none Egr IPv6 Flt : none Ingr IPv6 Flt : none SNTP B.Cast : False Network QoS Policy: 1 MAC Address : d8:5d:01:01:00:01 Mac Accounting : Disabled Ingress stats...
Page 278 Show, Clear, and Debug Command Reference No. of Routes: 1 Flags: LFA = Loop-Free Alternate nexthop =============================================================================== *A:SRR# *A:Dut-B# show router isis routes ============================================================================ Route Table ============================================================================ Prefix [Flags] Metric Lvl/Typ Ver. SysID/Hostname NextHop AdminTag ---------------------------------------------------------------------------- 10.20.1.2/32 1/Int. Dut-B 0.0.0.0 10.20.1.3/32 [L] 2/Int.
Page 279 IP Router Configuration 10.20.4.4 10.20.3.0/24 1/Int. Dut-B 0.0.0.0 10.20.4.0/24 1/Int. Dut-B 0.0.0.0 10.20.5.0/24 2/Int. Dut-C 10.20.3.3 10.20.6.0/24 2/Int. Dut-D 10.20.4.4 10.20.9.0/24 2/Int. Dut-D 10.20.4.4 10.20.10.0/24 2/Int. Dut-C 10.20.3.3 ---------------------------------------------------------------------------- Routes : 11 Flags: LFA = Loop-Free Alternate nexthop ============================================================================ *A:Dut-B# bindings Syntax bindings active...
Page 280 Show, Clear, and Debug Command Reference 10.20.1.4/32 Push 262140BU 1/1/2 10.10.2.3 10.20.1.4/32 Swap 131068 262140BU 1/1/2 10.10.2.3 10.20.1.5/32 Push 131067BU 1/1/1 10.10.1.2 10.20.1.5/32 Swap 131067 131067BU 1/1/1 10.10.1.2 10.20.1.5/32 Push 262139 1/1/2 10.10.2.3 10.20.1.5/32 Swap 131067 262139 1/1/2 10.10.2.3 10.20.1.6/32 Push 131066 1/1/1...
Page 281 IP Router Configuration Source Group Interface RootAddr IngLbl EgrLbl EgrNH EgrIf/LspId ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== =============================================================================== LDP In-Band-VPN-SSM IPv4 P2MP Bindings (Active) =============================================================================== Source Group RootAddr Interface IngLbl EgrLbl EgrNH EgrIf/LspId ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== =============================================================================== LDP In-Band-VPN-SSM IPv6 P2MP Bindings (Active) =============================================================================== Source...
Page 282 Show, Clear, and Debug Command Reference 10.20.1.6/32 10.20.1.2 131066N 131066 1/1/1 10.10.1.2 10.20.1.6/32 10.20.1.3 131066BU 262138 1/1/2 10.10.2.3 ------------------------------------------------------------------------ No. of IPv4 Prefix Bindings: 12 ======================================================================== =============================================================================== LDP IPv6 Prefix Bindings =============================================================================== Prefix IngLbl EgrLbl Peer EgrIntf/LspId EgrNextHop ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== =============================================================================== LDP Generic IPv4 P2MP Bindings...
Page 283 IP Router Configuration 6.6.6.6 Unknw 131044 90.90.90.2 1/1/6 2.2.2.2:0 6.6.6.6 Unknw 131043 90.90.90.2 1/1/6 2.2.2.2:0 ------------------------------------------------------------------------------- No. of Generic IPv4 P2MP Bindings: 9 =============================================================================== =============================================================================== LDP Generic IPv6 P2MP Bindings =============================================================================== P2MP-Id RootAddr Interface IngLbl EgrLbl EgrNH EgrIf/LspId Peer ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== ===============================================================================...
Page 284 Show, Clear, and Debug Command Reference 225.0.0.1 1.1.1.1:100 3.3.3.3 Unknwn 60.60.60.1 1/1/1 2.2.2.2:100 1.1.1.1 225.0.0.1 1.1.1.1:100 3.3.3.3 Unknwn 60.60.60.1 1/1/1 2.2.2.2:100 1.1.1.1 225.0.0.1 1.1.1.1:100 3.3.3.3 Unknwn 60.60.60.1 1/1/1 2.2.2.2:100 ------------------------------------------------------------------------------- No. of In-Band-VPN-SSM IPv4 P2MP Bindings: 3 =============================================================================== =============================================================================== LDP In-Band-VPN-SSM IPv6 P2MP Bindings =============================================================================== =============================================================================== Source...
Page 285 IP Router Configuration ?-Eth R. Src None 2.2.2.2:0 Ukwn 131023D 986 ?-Eth R. Src None 2.2.2.2:0 Ukwn 131022D 1386 ?-Eth 2001 R. Src None 2.2.2.2:0 Ukwn 131019D 986 ?-Eth 2003 R. Src None 2.2.2.2:0 Ukwn 131017D 986 ?-Ipipe 1800 R. Src None 2.2.2.2:0 Ukwn...
Page 286 Show, Clear, and Debug Command Reference admin status : Up three-way-hello : N/A hello-interval : N/A hello-multiplier : 35 * 0.1 tracking support : Disabled Improved Assert : N/A spmsi : pim-ssm 225.0.0.0/32 join-tlv-packing : N/A data-delay-interval: 3 seconds data-threshold : 224.0.0.0/4 -->...
Page 287 IP Router Configuration =============================================================================== Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface MAC Address State Expiry Type ------------------------------------------------------------------------------- FE80::203:FAFF:FE78:5C88 net1_1_2 00:16:4d:50:17:a3 STALE 03h52m08s Dynamic FE80::203:FAFF:FE81:6888 net1_2_3 00:03:fa:1a:79:22 STALE 03h29m28s Dynamic ------------------------------------------------------------------------------- No. of Neighbor Entries: 2 =============================================================================== B:CORE2# network-domains Syntax network-domains [detail] [network-domain-name] Context show>router...
Page 288 Show, Clear, and Debug Command Reference ------------------------------------------------------------------------------- Network Domain : default ------------------------------------------------------------------------------- Description : Default Network Domain No. Of Ifs Associated No. Of SDPs Associated =============================================================================== *A:Dut-T>config>router# *A:Dut-T>config>router# show router network-domains "net1" interface-association =============================================================================== Interface Network Domain Association Table =============================================================================== Interface Name Port Network Domain...
Page 289 IP Router Configuration admin — Specify the admin keyword to display the entities configured in the config>router>policy-options context. Output Policy Output — The following table describes policy output fields. Table 22: Policy Field Descriptions Label Description Policy The policy name. Description Displays the description of the policy.
Page 290 [0 to FFFF]H d: [0 to 255]D prefix-length: 1 to 128ipv6 Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be set to 0) ipv4-prefix-length: 0 to 32 longer — Displays routes matching the ip-prefix/mask and routes with longer masks.
Page 291 IP Router Configuration Table 23: Standard Route Table Field Descriptions (Continued) Label Description Next Hop The next hop IP address for the route destination. Type Local The route is a local route. Remote The route is a remote route. Protocol The protocol through which the route was learned.
Page 292 Show, Clear, and Debug Command Reference Alt-NextHop Alt- Metric ------------------------------------------------------------------------------- 10.0.0.0/30 Local Local 02h17m23s to_4007 10.0.0.8/30 Remote BGP VPN 00h14m37s 1.1.1.9 (tunneled) 11.0.0.8/30 Remote BGP VPN 00h14m37s 1.1.1.9 (tunneled) 192.168.0.0/16 Remote BGP VPN 00h14m37s 1.1.1.9 (tunneled) 192.168.0.0/16 (Backup) Remote BGP VPN 00h14m37s 2.1.1.9 (tunneled) 192.168.0.0/16 (Best-ext)
Page 293 IP Router Configuration 10.20.1.6/32 [L] Remote ISIS 00h00m58s 15 10.10.4.4 20 ---------------------------------------------------------------------------- No. of Routes: 16 Flags: L = LFA nexthop available B = BGP backup route available ============================================================================ *A:Dut-B# show router route-table alternative ============================================================================ Route Table (Router: Base) ============================================================================ Dest Prefix[Flags] Type Proto Age Pref Next Hop[Interface Name] Metric Alt-NextHop Alt-Metric...
Page 294 Show, Clear, and Debug Command Reference No. of Routes: 16 Flags: Backup = BGP backup routeLFA = Loop-Free Alternate nexthop ============================================================================ *A:Dut-C# show router route-table 1.1.1.1/32 =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 1.1.1.1/32...
Page 295 IP Router Configuration ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== B:ALA-B# A:ALA-A# show router route-table 10.10.0.4 =============================================================================== Route Table =============================================================================== Dest Address Next Hop Type Protocol Metric Pref ------------------------------------------------------------------------------- 10.10.0.4/32 10.10.34.4 Remote OSPF 3523 1001 ------------------------------------------------------------------------------- A:ALA-A# A:ALA-A# show router route-table 10.10.0.4/32 longer =============================================================================== Route Table ===============================================================================...
Page 296 Show, Clear, and Debug Command Reference vprn1:mda-1-1 20.12.0.44/32 Remote Static 00h44m31s vprn1:mda-2-1 20.12.0.45/32 Remote Static 00h44m31s vprn1:mda-2-2 20.12.0.46/32 Remote Static 00h44m30s vprn1:mda-3-1 100.0.0.1/32 Remote 00h34m39s vprn1:mda-1-1 100.0.0.1/32 Remote 00h34m39s vprn1:mda-3-1 138.203.71.202/32 Remote Static 00h44m29s 10.12.0.2 ------------------------------------------------------------------------------- No. of Routes: 17 Flags: L = LFA nexthop available B = BGP backup route available n = Number of times nexthop is repeated...
Page 297 IP Router Configuration 10.10.10.0/24 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 10.20.1.5/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 10.20.1.6/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 ------------------------------------------------------------------------------- No. of Routes: 4 =============================================================================== *A:Dut-B# show router route-table 10.20.1.5/32 next-hop-type tunneled =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type...
Page 298 Show, Clear, and Debug Command Reference Sub Mgmt Managed ------------------------------------------------------------------------------- Total =============================================================================== NOTE: ISIS LFA routes and BGP Backup routes are not counted towards the total. Summary Route Table Output — Summary output for the route table displays the number of active routes and the number of routes learned by the router by protocol.
Page 299 IP Router Configuration Total 5006 9570 =============================================================================== NOTE: ISIS LFA routes and BGP Backup routes are not counted towards the total. *A:SRR# *A:Dut-C>config>router>mpls>lsp# show router route-table 10.0.0.2/32 extensive =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix : 10.0.0.2/32 Protocol : OSPF (1) : 00h02m40s Preference : 150...
Page 300 Show, Clear, and Debug Command Reference Dest-Class Metric ECMP-Weight ------------------------------------------------------------------------------- No. of Destinations: 1 =============================================================================== rtr-advertisement Syntax rtr-advertisement [interface interface-name] [prefix ipv6-prefix[/prefix-length]] rtr-advertisement [conflicts] Context show>router Description This command displays router advertisement information. If no command line arguments are specified, all routes are displayed, sorted by prefix. Parameters interface-name —...
Page 301 IP Router Configuration Table 24: Router Advertisement Table Field Descriptions (Continued) Label Description Nbr Advertisement Rx The number of neighbor advertisements received and time since they were received. Max Advert Interval The maximum interval between sending router advertisement messages. Managed Config True Indicates that DHCPv6 has been configured.
Page 302 Show, Clear, and Debug Command Reference Nbr Advertisement Tx : 74 Last Sent : 00h00m25s Rtr Advertisement Rx : 8 Rtr Solicitation Rx Nbr Advertisement Rx : 83 Nbr Solicitation Rx : 74 ------------------------------------------------------------------------------- Server1 : 2001:db8::1 Server2 : N/A Server3 : N/A Server4...
Page 303 IP Router Configuration Prefix: 25::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m ------------------------------------------------------------------------------- Advertisement from: FE80::200:FF:FE00:2 Managed Config : FALSE Other Config : FALSE Reachable Time : 00h00m00s0ms Router Lifetime : 00h30m00s Retransmit Time : 00h00m00s0ms Hop Limit...
Page 304 Show, Clear, and Debug Command Reference Sample Output A:Dut-A# show>router# rtr-advertisement conflicts =============================================================================== Router Advertisement =============================================================================== Interface: interfaceNetworkNonDefault ------------------------------------------------------------------------------- Advertisement from: FE80::200:FF:FE00:2 Managed Config : FALSE [TRUE] Other Config : FALSE [TRUE] Reachable Time : 00h00m00s0ms [00h00m00s400ms] Router Lifetime : 00h30m00s [00h30m01s] Retransmit Time : 00h00m00s0ms [00h00m00s400ms] Hop Limit...
Page 305 IP Router Configuration Prefix not present in own router advertisement Prefix: 24::/119 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix not present in neighbor router advertisement Prefix: 24::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime...
Page 306 Show, Clear, and Debug Command Reference Table 26: Static ARP Table Field Descriptions (Continued) Label Description Interface The IP interface name associated with the ARP entry. No. of ARP Entries The number of ARP entries displayed in the list. Sample Output A:ALA-A# show router static-arp =============================================================================== ARP Table...
Page 307 [0 to FFFF]H [0 to 255]D ipv6-prefix-length: 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32 preference preference — Only displays static routes with the specified route preference.
Page 308 [0 to 255]D Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) tag tag — Displays the tag used to add a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.
Page 309 IP Router Configuration Table 27: Static Router Field Descriptions (Continued) Label Description Active The static route is inactive; for example, the static route is disabled or the next hop IP interface is down. The static route is active. No. of Routes The number of routes displayed in the list.
Page 310 Show, Clear, and Debug Command Reference IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.253.0/24 10.10.0.254 =============================================================================== A:ALA-A# The following is a sample output for the 7750 SR and 7950 XRS: *A:sim1# show router static-route 10.10.0.0/16 detail =============================================================================== Static Route Table (Router: Base) Family : [IPv4|MCast-IPv4|IPv6] =============================================================================== Network : 3FFD:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFE3/120...
Page 311 IP Router Configuration Indirect : Type Interface : n/a Active Prefix List : n/a Prefix List Type : n/a Metric Preference Source Class Dest Class Admin State : Up Creation Origin : manual : disabled Community CPE-check : disabled Tunnel Resolution: filter Disallow-IGP : disabled RSVP-TE Tunnels...
Page 312 Show, Clear, and Debug Command Reference A:ALA-A# sgt-qos Syntax sgt-qos Context show>router Description This command displays self-generated traffic QoS related information. application Syntax application [app-name] [dscp | dot1p] Context show>router>sgt-qos Description This command displays application QoS settings. Parameters app-name — The specific application. Values arp, bgp, cflowd, dhcp, dns, ftp, icmp, igmp, isis, ldp, mld, msdp, ndis, ntp, ospf, pimradius, rip, rsvpsnmp, snmp-notification, srrp,...
Page 313 IP Router Configuration Description This command displays the router status. Output Router Status Output — The following table describes the output fields for router status information. Table 29: Router Status Field Descriptions Label Description Router The administrative and operational states for the router. OSPF The administrative and operational states for the OSPF protocol.
Page 314 Show, Clear, and Debug Command Reference Table 29: Router Status Field Descriptions (Continued) Label Description VPRN Local TTL inherit — VPRN instance is to inherit the global configuration Propagate none — TTL of IP packet is not propagated into the VC or transport label stack vc-only —...
Page 315 IP Router Configuration OSPFv2-0 ISIS MPLS Not configured Not configured RSVP Not configured Not configured Not configured Not configured IGMP Not configured Not configured Not configured Not configured OSPFv3 Not configured Not configured MSDP Not configured Not configured Max Routes No Limit Total IPv4 Routes 244285...
Page 316 Not configured Ipv6 Nbr Reachab. time Not configured Triggered Policies ================================================================ *A:Performance# The following is a sample output for the 7450 ESS: *A:Performance# configure router ospf [1..31] shutdown *A:Performance# show router status ================================================================ Router Status (Router: Base) ================================================================ Admin State...
Page 317 IP Router Configuration OSPFv2-16 Down Down OSPFv2-17 Down Down OSPFv2-18 Down Down OSPFv2-19 Down Down OSPFv2-20 Down Down OSPFv2-21 Down Down OSPFv2-22 Down Down OSPFv2-23 Down Down OSPFv2-24 Down Down OSPFv2-25 Down Down OSPFv2-26 Down Down OSPFv2-27 Down Down OSPFv2-28 Down Down OSPFv2-29...
Page 318 Show, Clear, and Debug Command Reference ISIS-0 ISIS-1024 Down Down MPLS Down Down RSVP Down Down Down Down IGMP PIMv4 PIMv6 OSPFv3 MSDP Max IPv4 Routes No Limit Max IPv6 Routes No Limit Total IPv4 Routes Total IPv6 Routes Max Multicast Routes No Limit Total IPv4 Mcast Routes PIM not configured...
Page 319 IP Router Configuration MPLS Not configured Not configured RSVP Not configured Not configured Not configured Not configured Not configured Not configured IGMP Not configured Not configured Not configured Not configured Not configured Not configured PIMv4 Not configured Not configured PIMv6 Not configured Not configured OSPFv3...
Page 320 Show, Clear, and Debug Command Reference =============================================================================== Status Network Next Hop[Interface Name] ------------------------------------------------------------------------------- Active 100.0.0.1/32 mda-2-1 Inactive 101.0.0.1/32 mda-2-1 Inactive 102.0.0.1/32 mda-2-1 Inactive 103.0.0.1/32 mda-2-1 Inactive 104.0.0.1/32 mda-2-1 Inactive 105.0.0.1/32 mda-2-1 Inactive 106.0.0.1/32 mda-2-1 Inactive 107.0.0.1/32 mda-2-1 Inactive 108.0.0.1/32 mda-2-1 Inactive 109.0.0.1/32 mda-2-1...
Page 321 IP Router Configuration Table 30: Tunnel Table Field Descriptions Label Description Destination The route’s destination address and mask. Owner Specifies the tunnel owner. Encap Specifies the tunnel’s encapsulation type. Tunnel ID Specifies the tunnel (SDP) identifier. Pref Specifies the route preference for routes learned from the configured peer(s).
Page 322 Show, Clear, and Debug Command Reference Last Mgmt Change : 12/14/2012 12:42:19 Force Vlan-Vc : Disabled Endpoint : N/A Precedence PW Status Sig : Enabled Class Fwding State : Down Flags : None Time to RetryReset : never Retries Left Mac Move : Blockable Blockable Level...
Page 323 IP Router Configuration Associated LSP List : No LSPs Associated ----------------------------------------------------------------------- Class-based forwarding : ----------------------------------------------------------------------- Class forwarding : Disabled EnforceDSTELspFc : Disabled Default LSP : Uknwn Multicast LSP : None ======================================================================= FC Mapping Table ======================================================================= FC Name LSP Name ----------------------------------------------------------------------- No FC Mappings ----------------------------------------------------------------------- Stp Service Destination Point specifics...
Page 324 Show, Clear, and Debug Command Reference Tunnel Table ================================================================== DestinationOwnerEncapTunnel IdPrefNexthopMetric ------------------------------------------------------------------------------- 10.0.0.1/32 sdp GRE 10 5 10.0.0.1 0 10.0.0.1/32 sdp GRE 21 5 10.0.0.1 0 10.0.0.1/32 sdp GRE 31 5 10.0.0.1 0 10.0.0.1/32 sdp GRE 41 5 10.0.0.1 0 =============================================================================== A:ALA-A>config>service# A:ALA-A>config>service#...
Page 325 IP Router Configuration A:Dut-C# show router tunnel-table detail =============================================================================== Tunnel Table (Router: Base) =============================================================================== Destination : 7.1.126.2/32 NextHop : 110.20.1.5 Tunnel Flags : is-over-tunnel : 01h27m59s CBF Classes : (Not Specified) Owner : ldp Encap : MPLS Tunnel ID : 66389 Preference Tunnel Label : 243909...
Page 326 Show, Clear, and Debug Command Reference Owner : rsvp Encap : MPLS Tunnel ID : 245 Preference Tunnel Label : 250063 Tunnel Metric : 2000 Tunnel MTU : 9190 LSP ID : 39936 Bypass Label LSP Bandwidth LSP Weight ------------------------------------------------------------------------------- Destination : 10.20.1.22/32 NextHop...
Page 327 IP Router Configuration group Syntax group [tunnel-group-name [statistics]] Context show>router>l2tp Description This command displays L2TP group operational information. Parameters tunnel-group-name — Displays information for the specified tunnel group. statistics — Displays statistics for the specified tunnel group. Output Sample Output *A:Dut-C# show router l2tp group =============================================================================== L2TP Groups...
Page 328 Show, Clear, and Debug Command Reference *A:Dut-C# show router l2tp group isp1.group-2 statistics Group Name: isp1.group-2 ------------------------------------------------------------------------------- Attempts Failed Failed-Aut Active Total ------------------------------------------------------------------------------- Tunnels Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Pkt-Ctl Pkt-Err Octets ------------------------------------------------------------------------------- 1224 2796 ------------------------------------------------------------------------------- *A:Dut-C# peer Syntax peer ip-address peer ip-address statistics peer [draining] [unreachable] Context show>router>l2tp...
Page 329 IP Router Configuration =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp peer unreachable =============================================================================== L2TP Peers =============================================================================== Peer IP Tun Active Ses Active Drain Unreach Role Tun Total Ses Total ------------------------------------------------------------------------------- 10.10.20.101 unreach LAC ------------------------------------------------------------------------------- No. of peers: 1 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp peer 10.10.20.101 =============================================================================== Peer IP: 10.10.20.101 ===============================================================================...
Page 330 Show, Clear, and Debug Command Reference =============================================================================== tunnels tunnels active sessions sessions active rx ctrl octets : 541 rx ctrl packets tx ctrl octets : 272 tx ctrl packets tx error packets rx error packets rx accepted msg rx duplicate msg rx out of window msg acceptedMsgType StartControlConnectionRequest...
Page 331 32 characters maximum, mandatory for link local addresses Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) group group-name — Specifies a string to identify a Layer Two Tunneling Protocol Tunnel group.
Page 332 Show, Clear, and Debug Command Reference 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 379407426 379387904 5789 19522 established 658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established ------------------------------------------------------------------------------- No. of sessions: 9 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp session state established...
Page 333 IP Router Configuration Time Started : 04/17/2009 18:41:55 Time Established : 04/17/2009 18:41:55 Time Closed : 04/17/2009 18:43:20 CDN Result : generalError General Error : noError ------------------------------------------------------------------------------- =============================================================================== L2TP Session Status =============================================================================== Connection ID : 236927915 State : closed Tunnel Group : isp1.group-2 Assignment ID : isp1.tunnel-2 Error Message : tunnel was closed...
Page 334 Show, Clear, and Debug Command Reference Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 143524786 143523840 2190 established 143526923 143523840 2190 3083 established 143531662 143523840 2190 7822 closed 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 658187773 658178048 10043 9725 established 658198275...
Page 335 IP Router Configuration Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established ------------------------------------------------------------------------------- No. of sessions: 3 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp session control-connection-id 658178048 =============================================================================== L2TP Session Summary =============================================================================== Control Conn ID...
Page 336 Show, Clear, and Debug Command Reference ------------------------------------------------------------------------------- =============================================================================== L2TP Session Status =============================================================================== Connection ID : 236927915 State : closed Tunnel Group : isp1.group-2 Assignment ID : isp1.tunnel-2 Error Message : tunnel was closed Control Conn ID : 236912640 Remote Conn ID : 3861317210 Tunnel ID : 3615...
Page 337 IP Router Configuration L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 600407016 600375296 9161 31720 established simon@base.lac.base.lns interface: gi_base_lns_base_lac service-id: 100 ip-address: 10.100.2.1 =============================================================================== *A:Fden-Dut2-BSA2# show router l2tp session connection-id 600407016 detail =============================================================================== L2TP Session Status =============================================================================== Connection ID: 600407016 State : established...
Page 338 Show, Clear, and Debug Command Reference Secondary NBNS : N/A Address-Pool : N/A IPv6 Prefix : N/A IPv6 Del.Pfx. : N/A Primary IPv6 DNS : N/A Secondary IPv6 DNS : N/A Circuit-Id : (Not Specified) Remote-Id : (Not Specified) Session-Timeout : N/A Radius Class : (Not Specified)
Page 339 (host bits must be 0) ipv6-address x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x: [0 to FFFF]H d: [0 to 255]D interface: 32 characters maximum, mandatory for link local addresses Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) Router Configuration Guide...
Page 340 Show, Clear, and Debug Command Reference tunnel-id tunnel-id (v2) — Displays information for the specified ID of a L2TP tunnel. In L2TP version 2, it is the 16-bit tunnel ID. Values 1 to 65535 control-connection-id connection-id (v3) — Displays information for the specified ID of a L2TP tunnel.
Page 341 IP Router Configuration Max Retr Estab Max Retr Not Estab: 5 Session Limit : 1000 AVP Hiding : never Transport Type : udpIp Challenge : never Time Started : 04/17/2009 18:41:03 Time Idle : 04/17/2009 18:43:20 Time Established : 04/17/2009 18:41:03 Time Closed : 04/17/2009 18:43:20 Stop CCN Result : generalReq...
Page 342 Show, Clear, and Debug Command Reference ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Ctrl Packets Ctrl Octets 1450 Error Packets 0 ------------------------------------------------------------------------------- *A:Dut-C# *A:Dut-C# show router l2tp tunnel remote-tunnel-id 17525 detail =============================================================================== L2TP Tunnel Status =============================================================================== Connection ID : 143523840 State : established : 10.20.1.3 Peer IP : 10.10.20.101 Name...
Page 343 IP Router Configuration ------------------------------------------------------------------------------- No. of tunnels: 1 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp tunnel peer 10.10.20.100 state closed-by-peer detail =============================================================================== L2TP Tunnel Status =============================================================================== Connection ID : 236912640 State : closedByPeer : 10.20.1.3 Peer IP : 10.10.20.100 Name : lac1.wholesaler.com Remote Name : lns2.retailer1.net Assignment ID : isp1.tunnel-2...
Page 344 Show, Clear, and Debug Command Reference *A:Dut-C# show router l2tp tunnel assignment-id isp1.tunnel-3 state established statistics =============================================================================== L2TP Tunnel Statistics =============================================================================== Connection ID: 143523840 ------------------------------------------------------------------------------- Attempts Failed Active Total ------------------------------------------------------------------------------- Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Ctrl Packets Ctrl Octets 1310 1690 Error Packets 0 ------------------------------------------------------------------------------- No.
Page 345 IP Router Configuration ------------------------------------------------------------------------------- Accepted Duplicate Out-Of-Wnd ------------------------------------------------------------------------------- Fsm Messages 4 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Unsent Max Unsent Cur Ack Max Ack Cur ------------------------------------------------------------------------------- Q Length ------------------------------------------------------------------------------- Window Size Cur acceptedMsgType StartControlConnectionRequest StartControlConnectionConnected IncomingCallRequest IncomingCallConnected ZeroLengthBody originalTransmittedMsgType StartControlConnectionReply Hello IncomingCallReply ZeroLengthBody last cleared time : N/A =============================================================================== On LAC (master node after switchover)
Page 346 Show, Clear, and Debug Command Reference Max Retr Estab Max Retr Not Estab: 5 Session Limit : 32767 AVP Hiding : never Transport Type : udpIp Challenge : never Time Started : 02/19/2015 13:00:36 Time Idle : N/A Time Established : 02/19/2015 13:00:36 Time Closed : N/A Stop CCN Result...
Page 347 IP Router Configuration Blacklist-state : not-blacklisted Set Dont Fragment : true Failover State : recoverable Recovery Conn ID : N/A Recovery state : not-applicable Recovered Conn ID : N/A Recovery method : mcs Track SRRP : 124 Ctrl msg behavior : forward-to-mcs-peer ------------------------------------------------------------------------------- No.
Page 348 Show, Clear, and Debug Command Reference Recovery state : not-applicable Recovered Conn ID : N/A Recovery method : mcs Track SRRP : (Not specified) Ctrl msg behavior : handle ------------------------------------------------------------------------------- No. of tunnels: 1 =============================================================================== On LAC (master node after switchover; 7536640 is the recovered tunnel, 1865089024 is the recovery tunnel) =============================================================================== L2TP Tunnel Status...
Page 349 IP Router Configuration Connection ID: 1865089024 State : closed : 10.124.0.9 : 1701 Peer IP : 10.124.0.3 Peer UDP : 1701 Tx dst-IP : 10.124.0.3 Tx dst-UDP : 1701 Rx src-IP : 10.124.0.3 Rx src-UDP : 1701 Name : mc-lac Remote Name : mc-lns Assignment ID: t1...
Page 350 Show, Clear, and Debug Command Reference Peer UDP : 1701 Tx dst-IP : 10.124.0.3 Tx dst-UDP : 1701 Rx src-IP : 10.124.0.3 Rx src-UDP : 1701 Name : mc-lac Remote Name : mc-lns Assignment ID: t1 Group Name : mc-lac Acct.
Page 351 IP Router Configuration Assignment ID: t1 Group Name : mc-lns Acct. Policy : N/A Error Message: N/A Remote Conn ID : 7536640 Tunnel ID : 6612 Remote Tunnel ID : 115 Preference : 50 Receive Window : 64 Hello Interval (s): 300 Idle TO (s) : infinite Destruct TO (s)
Page 352: Clear Commands
Show, Clear, and Debug Command Reference Set Dont Fragment : true Failover State : not-applicable Recovery Conn ID : N/A Recovery state : recovery-tunnel Recovered Conn ID : 433324032 Recovery method : default Track SRRP : (Not specified) Ctrl msg behavior : handle ------------------------------------------------------------------------------- No.
Page 353 IP Router Configuration interface ip-int-name — Clears all ARP cache entries for the IP interface with the specified name. interface ip-addr — Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router...
Page 354 Show, Clear, and Debug Command Reference dhcp6 Syntax dhcp6 Context clear>router Description This command enables the context to clear DHCP6 related information. forwarding-table Syntax forwarding-table [slot-number] Context clear>router Description This command clears entries in the forwarding table (maintained by the IOMs). If the slot number is not specified, the command forces the route table to be recalculated.
Page 355 IP Router Configuration icmp6 Syntax icmp6 all icmp6 global icmp6 interface interface-name Context clear>router Description This command clears ICMPv6 statistics. Parameters all — Clears all statistics. global — Clears global router statistics. interface-name — Clears ICMPv6 statistics for the specified interface. interface Syntax interface [ip-int-name | ip-addr] [icmp] [urpf-stats] [statistics]...
Page 356 Show, Clear, and Debug Command Reference Description This command clears L2PT data and only applies to the 7750 SR and 7950 XRS. Parameters tunnel-group-name — Specifies a Layer Two Tunneling Protocol Tunnel Group name. tunnel Syntax tunnel tunnel-id Context clear>router>l2tp Description This command clears L2PT data and only applies to the 7750 SR and 7950 XRS.
Page 357: Debug Commands
IP Router Configuration Context clear>router Description This command clears IPv6 neighbor information and only applies to the 7750 SR and 7950 XRS. Parameters all — Clears IPv6 neighbors. ip-int-name — Clears the specified neighbor interface information. Values 32 characters maximum ip-address —...
Page 358 Show, Clear, and Debug Command Reference enable Syntax [no] enable Context debug>trace Description This command enables the trace. The no form of the command disables the trace. trace-point Syntax [no] trace-point [module module-name] [type event-type] [class event-class] [task task- name] [function function-name] Context debug>trace Description...
Page 359 (host bits must be 0) ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) Router Configuration Guide...
Page 360 Show, Clear, and Debug Command Reference ip-int-name — Only displays the interface information associated with the specified IP interface name. Values 32 characters maximum packet Syntax packet [ip-int-name | ip-address] [headers] [protocol-id] no packet [ip-int-name | ip-address] Context debug>router>ip Description This command enables debugging for IP packets.
Page 361 [0 to FFFF]H [0 to 255]D ipv6-prefix-length 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 to 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and prefix mask length values greater than the specified mask.
Page 362 Show, Clear, and Debug Command Reference misc Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. tunnel Syntax tunnel Context...
Page 363 IP Router Configuration 1.0.26.2 30001 DUTF_TO _DUTB.1.0 (B)1.0.56.5 60001 DUTF_TO _DUTE.1.0 1.0.55.5 Node Orig/Transit 70002 OSPF-0 1.0.56.5 60002 DUTF_TO _DUTE.1.0 (B)1.0.26.2 30995 DUTF_TO _DUTB.1.0 Node Terminating 70003 OSPF-0 1.0.11.1 Node Orig/Transit 70004 OSPF-0 1.0.26.2 30004 DUTF_TO _DUTB.1.0 (B)1.0.36.3 40004 DUTF_TO _DUTC.1.0 1.0.22.2 Node...
Page 364 Show, Clear, and Debug Command Reference 50011 Backup Node Transit 70994 OSPF-0 1.0.56.5 60994 DUTF_TO _DUTE.1.0 Backup Node Transit 70995 OSPF-0 1.0.26.2 30995 DUTF_TO _DUTB.1.0 Backup Node Transit 70996 OSPF-0 1.0.26.2 30005 DUTF_TO _DUTB.1.0 Backup Node Transit 70998 OSPF-0 1.0.26.2 30998 DUTF_TO _DUTB.1.0...
Page 365 IP Router Configuration ------------------------------------------------------------------------------------ Adjacency Transit 262136 ISIS-0 10.10.2.3 10.10.2.1 Adjacency Transit 262137 ISIS-0 10.10.2.3 10.10.2.1 Adjacency Transit 262138 ISIS-0 10.10.1.2 10.10.1.1 Adjacency Transit 262139 ISIS-0 10.10.1.2 10.10.1.1 Node Terminating 474387 ISIS-0 10.20.1.2 Node Orig/Transit 474388 ISIS-0 10.10.1.2 474388 10.10.1.1 10.20.1.3 Node Orig/Transit...
Page 366 Show, Clear, and Debug Command Reference --------------+ Adjacency Transit 262129 ISIS-0 10.10.12.2 10.10.12.3 (B)10.10.3.2 10.10.3.3 Adjacency Transit 262130 ISIS-0 10.10.12.2 10.10.12.3 (B)10.10.3.2 10.10.3.3 Adjacency Transit 262133 ISIS-0 10.10.5.5 10.10.5.3 (B)10.10.12.2 474389 10.10.12.3 474390 Adjacency Transit 262134 ISIS-0 10.10.5.5 10.10.5.3 (B)10.10.12.2 474389 10.10.12.3 474390...
Page 367 IP Router Configuration 474390 10.20.1.6 Node Orig/Transit 474391 ISIS-0 10.10.5.5 474391 10.10.5.3 (B)10.10.12.2 474391 10.10.12.3 10.20.1.2 Node Orig/Transit 474392 ISIS-0 10.10.12.2 474392 10.10.12.3 (B)10.10.3.2 474392 10.10.3.3 Node Terminating 474393 ISIS-0 *A:Dut-C# *A:Dut-C# tools dump router segment-routing tunnel ==================================================================================== Legend: (B) - Backup Next-hop for Fast Re- Route Duplicate ====================================================================================...
Page 368 Show, Clear, and Debug Command Reference 10.10.3.2 10.10.3.3 (B)10.10.12.2 10.10.12.3 Adjacency Transit 262136 ISIS-0 10.10.3.2 10.10.3.3 (B)10.10.12.2 10.10.12.3 Adjacency Transit 262137 ISIS-0 10.10.2.1 10.10.2.3 Adjacency Transit 262138 ISIS-0 10.10.2.1 10.10.2.3 10.20.1.4 Node Orig/Transit 474389 ISIS-0 10.10.12.2 474389 10.10.12.3 (B)10.10.5.5 474389 10.10.5.3 10.20.1.5 Node...
Page 369: Vrrp
VRRP In This Chapter This chapter provides information about configuring Virtual Router Redundancy Protocol (VRRP) parameters. Topics in this chapter include: • VRRP Overview → Virtual Router → IP Address Owner → Primary and Secondary IP Addresses → Virtual Router Master →...
Page 370: Vrrp Overview
VRRP Overview VRRP Overview The Virtual Router Redundancy Protocol (VRRP) for IPv4 is defined in the IETF RFC 3768, Virtual Router Redundancy Protocol. VRRP for IPv6 is specified in draft-ietf-vrrp-unified- spec-02.txt and only applies to the 7750 SR and 7950 XRS. VRRP describes a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router.
Page 371: Virtual Router
This is a common mechanism that allows multiple local subnet attachment on a single routing interface. Up to four virtual routers are possible on a single Alcatel-Lucent IP interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine and messaging instance.
Page 372: Primary And Secondary Ip Addresses
An IP interface must always have a primary IP address assigned for VRRP to be active on the interface. Alcatel-Lucent routers supports both primary and secondary IP addresses (multi- netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 373: Owner And Non-Owner Vrrp
VRRP Owner and Non-Owner VRRP The owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router. Only one virtual router in the domain can be configured as owner. All other virtual router instances participating in this message domain must have the same VRID configured.
Page 374: Virtual Router Id (Vrid)
VRRP Components • Virtual MAC Address • Inherit Master VRRP Router’s Advertisement Interval Timer • Policies Virtual Router ID (VRID) The VRID must be configured with the same value on each virtual router associated with the redundant IP address (IP addresses). It is placed in all VRRP advertisement messages sent by each virtual router.
Page 375: Ip Addresses
VRRP The priority is also used to determine when to preempt the existing master. If the preempt mode value is true, VRRP advertisement messages from inferior (lower priority) masters are discarded, causing the master down timer to expire and the transition to master state. The priority value also dictates the skew time added to the master timeout period.
Page 376: Skew Time
VRRP Components Skew Time The skew time is used to add a time period to the master down interval. This is not a configurable parameter. It is derived from the current local priority of the virtual router’s VRID. To calculate the skew time, the virtual router evaluates the following formula: For IPv4: Skew Time = ((256 - priority) / 256) seconds For IPv6: Skew Time = (((256 - priority) * Master_Adver_Interval) / 256) centiseconds The higher priority value, the smaller the skew time will be.
Page 377: Vrrp Message Authentication
VRRP • Greater than the virtual router in-use priority value • Equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address A backup router will only attempt to become the master router if the preempt mode is true and the received VRRP advertisement priority field is less than the virtual router in-use priority value.
Page 378 VRRP Components → IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops → IP header protocol field – must be 112 (decimal) • VRRP message checks → Version field – Must be set to the value 2 →...
Page 379: Authentication Data
IP addresses listed in the sequential IP address fields at the end of the message. The Alcatel-Lucent routers implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 380: Inherit Master Vrrp Router's Advertisement Interval Timer
VRRP Components To facilitate the sending of mismatch log messages, each virtual router instance keeps the mismatch state associated with each source IP address in the VRRP master table. Whenever the state changes, a mismatch log message is generated indicating the source IP address within the message, the mismatch or match event and the time of the event.
Page 381: Vrrp Priority Control Policies
VRRP VRRP Priority Control Policies This implementation of VRRP supports control policies to manipulate virtual router participation in the VRRP master election process and master self-deprecation. The local priority value for the virtual router instance is used to control the election process and master state.
Page 382: Vrrp Priority Control Policy Priority Events
VRRP Priority Control Policies A delta priority event is a conditional event defined in the priority control policy that subtracts a given amount from the current, in-use priority for all VRRP virtual router instances to which the policy is applied. Multiple delta priority events can apply simultaneously, creating a dynamic priority value.
Page 383: Priority Event Hold-Set Timers
The port down priority event is tied to either a physical port or a SONET/SDH channel for the 7750 SR and 7450 ESS. The port or channel operational state is evaluated to determine a port down priority event or event clear.
Page 384 VRRP Priority Control Policies • User-defined thresholds: 2 ports down 4 ports down 6 ports down • LAG configured ports: 8 ports • Hold set timer (hold-set): 5 seconds Table 32: LAG Events Time LAG Port State Parameter State Comments All ports down Event State Set - 8 ports down...
Page 385: Host Unreachable Priority Event
VRRP Table 32: LAG Events (Continued) Time LAG Port State Parameter State Comments Two ports down Event State Set - 5 ports down Event Threshold 4 ports down Hold Set Timer 1 second Current threshold is 5, so 2 down has no effect Two ports down Event State...
Page 386: Route Unknown Priority Event
VRRP Non-Owner Accessibility When the host is unreachable, the host unreachable priority event is considered true or set. When the host is reachable, the host unreachable priority event is considered false or cleared. Route Unknown Priority Event The route unknown priority event defines a task that monitors the existence of a given route prefix in the system’s routing table.
Page 387: Non-Owner Access Telnet
VRRP Non-Owner Access Telnet When non-owner access Telnet is enabled on a virtual router instance, authorized Telnet sessions may be established that are destined to the virtual router instance IP addresses when operating in master mode. Telnet sessions are always discarded at the IP interface when destined to a virtual router IP address operating in backup mode.
Page 388 VRRP Configuration Process Overview Figure 14: VRRP Configuration and Implementation Flow - Part 1 START CONFIGURE VRRP PRIORITY CONTROL POLICIES (optional) CONFIGURE IES/VPRN SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional)
Page 389: Configuration Notes
VRRP Figure 15: VRRP Configuration and Implementation Flow START CONFIGURE VRRP PRIORITY CONTROL POLICIES (optional) CONFIGURE IES SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) ENABLE...
Page 390 Configuration Notes → In the owner mode, the backup IP address must be identical to one of the interface’s IP addresses. The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list. → For IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance.
Page 391: Configuring Vrrp With Cli
VRRP Configuring VRRP with CLI This section provides information to configure VRRP using the command line interface. Topics in this section include: • VRRP Configuration Overview • Basic VRRP Configurations • Common Configuration Tasks • Configuring VRRP Policy Components • VRRP Configuration Management Tasks •...
Page 392: Basic Vrrp Configurations
Define at least one of the following priority events: → Port down → LAG port down → Host unreachable → Route unknown The following example displays a sample configuration of a VRRP policy for the 7450 ESS: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event...
Page 393: Vrrp Ies Service Parameters
VRRP priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta exit exit ---------------------------------------------- The following example displays a sample configuration of a VRRP policy for the 7750 SR and 7950 XRS: A:SR2>config>vrrp>policy# info ----------------------------------------------...
Page 394: Configure Vrrp For Ipv6
Basic VRRP Configurations For IPv4, up to 4 virtual routers IDs (vrid) can be configured on an IES service interface. Each virtual router instance can manage up to 16 backup IP addresses. For IPv6, only one virtual router instance can be configured on an IES service interface. VRRP parameters configured within an IES service must include the following: •...
Page 395: Vrrp Router Interface Parameters
VRRP *A:nlt7750-3>config>service>ies# info ---------------------------------------------- description "VLAN 921 for DSC-101 Application" interface "DSC-101-Application" create address 10.152.2.220/28 vrrp 217 backup 10.152.2.222 priority 254 ping-reply exit ipv6 address FD10:D68F:1:221::FFFD/64 link-local-address FE80::D68F:1:221:FFFD preferred vrrp 219 backup FE80::D68F:1:221:FFFF priority 254 ping-reply exit exit sap ccag-1.a:921 create description "cross connect to VPLS 921"...
Page 396: Common Configuration Tasks
Common Configuration Tasks echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.4/32 exit interface "test1" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Common Configuration Tasks This section provides a brief overview of the tasks that must be performed to configure VRRP and provides the CLI commands.
Page 397: Creating Interface Parameters
VRRP • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply (IPv4 only) • [no] shutdown Creating Interface Parameters If you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet. The following displays an IP interface configuration example: A:SR1>config>router# info #------------------------------------------...
Page 398: Configuring Service Vrrp Parameters
Configuring VRRP Policy Components priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# Configuring Service VRRP Parameters VRRP parameters can be configured on an interface in a service to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure.
Page 399: Configuring Router Interface Vrrp Parameters
VRRP A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Configuring Router Interface VRRP Parameters VRRP parameters can be configured on an interface in an interface to provide virtual default router support which allows traffic to be routed without relying on a single router in case of failure.
Page 400: Router Interface Vrrp Owner
VRRP Configuration Management Tasks Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# VRRP Configuration Management Tasks This section discusses the following VRRP configuration management tasks: •...
Page 401: Deleting A Vrrp Policy
VRRP priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# Deleting a VRRP Policy Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an interface or to an IES service. Each instance in which the policy is applied must be deleted.
Page 402: Modifying Owner Parameters
VRRP Configuration Management Tasks Modifying Owner Parameters Once a VRRP instance is created as owner, it cannot be modified to the non-owner state. The vrid must be deleted and then recreated without the owner keyword to remove IP address ownership. Entering the owner keyword is optional when entering the vrid for modification purposes.
Page 403: Vrrp Configuration Command Reference
VRRP VRRP Configuration Command Reference Command Hierarchies • IPv4 Interface Commands • Router Interface Commands • IPv6 Interface Commands • Priority Control Event Policy Commands IPv4 Interface Commands config — router — [no] interface interface-name — vrrp virtual-router-id [owner] * —...
Page 404: Router Interface Commands
VRRP Configuration Command Reference Router Interface Commands config — router [router-name] — [no] interface ip-int-name — [no] ipv6 — address ipv6-address/prefix-length [eui-64] — no address ipv6-address/prefix-length — icmp6 — packet-too-big [number seconds] — no packet-too-big — param-problem [number seconds] — no param-problem —...
Page 405: Priority Control Event Policy Commands
VRRP — [no] preempt — priority priority — no priority — [no] shutdown — [no] standby-forwarding — [no] telnet-reply — [no] traceroute-reply Priority Control Event Policy Commands config — vrrp — [no] policy policy-id [context service-id] — delta-in-use-limit limit — no delta-in-use-limit —...
Page 406: Command Descriptions
VRRP Configuration Command Reference — no priority — [no] route-unknown ip-prefix/mask — hold-clear seconds — no hold-clear — hold-set seconds — no hold-set — less-specific [allow-default] — no less-specific — [no] next-hop ip-address — priority priority-level [delta | explicit] — no priority —...
Page 407 VRRP If the command is re-executed with a different password key defined, the new key is used immediately. The authentication-key command can be executed at anytime. To change the current in-use password key on multiple virtual router instances: Identify the current master. Shutdown the virtual router instance on all backups.
Page 408 VRRP Configuration Command Reference Non-owner virtual router instances actually create a routable IP interface address that is operationally dependent on the virtual router instance mode (master or backup). The backup command in owner virtual router instances does not create a routable IP interface address; it simply defines the existing parental IP interface IP addresses that are advertised by the virtual router instance.
Page 409 VRRP Special Cases Assigning the Virtual Router ID IP Address — Once the vrid is created on the parent IP interface, IP addresses need to be assigned to the virtual router instance. If the vrid was created with the keyword owner, the virtual router instance IP addresses must have one or more of the parent IP interface defined IP addresses (primary and secondary).
Page 410 VRRP Configuration Command Reference The same virtual router IP address may not be assigned to two separate virtual router instances. If the virtual router IP address already exists on another virtual router instance, the virtual router IP address assignment will fail. Table 34: Example - Non-Owner Virtual Router Instance Parent IP addresses: 10.10.10.10/24...
Page 411 VRRP Context config>router>if>ipv6>vrrp Description This command associates router IPv6 addresses with the parental IP interface IP addresses and only applies to the 7750 SR and 7950 XRS. The backup command has two distinct functions when used in an owner or a non-owner context of the virtual router instance.
Page 412 VRRP Configuration Command Reference The no form of the command removes the specified virtual router IP address from the virtual router instance. For non-owner virtual router instances, this causes all routing and local access associated with the ipv6-addr to cease. For owner virtual router instances, the no backup command only removes ipv6-addr from the list of advertised IP addresses.
Page 413 VRRP One exception to this rule is for the IPv6 link-local address that is configured as a backup address. The same link-local address can be configured in all virtual routers that use the same vrid. Table 36: Example - Non-Owner Virtual Router Instance Parent IP addresses: 10.10.10.10/24 11.11.11.11/24...
Page 414 VRRP Configuration Command Reference Description This commands assigns a bi-directional forwarding detect (BFD) session to a given VRRP/SRRP instance. This BFD sessions provided a heartbeat mechanism that can be used to speed up the transition of the standby VRRP router to an active state. If the associated BFD session fails, the VRRP routers will immediately send a VRRP Advertisement message.
Page 415 VRRP Description This command sets an explicit MAC address used by the virtual router instance overriding the VRRP default derived from the VRID. Changing the default MAC address is useful when an existing HSRP or other non-VRRP default MAC is in use by the IP hosts using the virtual router IP address. Many hosts do not monitor unessential ARPs and continue to use the cached non-VRRP MAC address after the virtual router becomes master of the host’s gateway address.
Page 416 VRRP Configuration Command Reference Default no master-int-inherit — The virtual router instance does not inherit the master VRRP router’s advertisement interval timer and uses the locally configured message interval. message-interval Syntax message-interval {[seconds] [milliseconds milliseconds]} no message-interval Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command configures the administrative advertisement message timer used by the master virtual router instance to send VRRP advertisement messages and to derive the master down timer as backup.
Page 417 Values IPv4: 1 to 255 IPv6: 1 to 40 milliseconds milliseconds — Specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on the 7450 ESS-1 chassis. Values 100 to 900 IPv6: 10 to 990...
Page 418 VRRP Configuration Command Reference Context config>router>if>vrrp config>router>if>ipv6>vrrp Description The preempt mode value controls whether a specific backup virtual router preempts a lower priority master. When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use" message priority value less than the virtual router instance in-use priority value.
Page 419 VRRP ping-reply Syntax [no] ping-reply Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses.
Page 420 VRRP Configuration Command Reference The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. The no form of this command administratively enables an entity. Special Cases Non-Owner Virtual Router —...
Page 421 VRRP By default, SSH requests to the virtual router instance IP addresses are silently discarded. The no form of the command discards all SSH request messages destined to the non-owner virtual router instance IP addresses. Default no ssh-reply — SSH requests to the virtual router instance IP addresses are discarded. standby-forwarding Syntax [no] standby-forwarding...
Page 422 VRRP Configuration Command Reference The telnet-reply command is only available in non-owner vrrp nodal context. By default, Telnet requests to the virtual router instance IP addresses will be silently discarded. The no form of the command configures discarding all Telnet request messages destined to the non- owner virtual router instance IP addresses.
Page 423 VRRP For IPv4, up to four vrrp vrid nodes can be configured on a router interface. Each virtual router instance can manage up to 16 backup IP addresses. For IPv6, only one virtual router ID can be configured on a router interface. The no form of the command removes the specified vrid from the IP interface.
Page 424: Priority Policy Commands
VRRP Configuration Command Reference Priority Policy Commands delta-in-use-limit Syntax delta-in-use-limit in-use-priority-limit no delta-in-use-limit Context config>vrrp>policy vrrp-policy-id Description This command sets a lower limit on the virtual router in-use priority that can be derived from the delta priority control events. Each vrrp-priority-id places limits on the delta priority control events to define the in-use priority of the virtual router instance.
Page 425 VRRP description Syntax description string no description Context config>vrrp>policy vrrp-policy-id Description This command creates a text description stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the content in the configuration file.
Page 426: Priority Policy Event Commands
VRRP Configuration Command Reference Parameters vrrp-policy-id — The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control policy defined on the system. Up to 1000 policies can be defined. Values 1 to 9999 context service-id —...
Page 427 VRRP Parameters seconds — Specifies the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed. Values 0 to 86400 hold-set Syntax hold-set seconds no hold-set Context config>vrrp>policy>priority-event>host-unreachable config>vrrp>policy>priority-event>lag-port-down config>vrrp>policy>priority-event>port-down config>vrrp>policy>priority-event>route-unknown Description...
Page 428 VRRP Configuration Command Reference priority Syntax priority priority-level [{delta | explicit}] no priority Context config>vrrp>policy>priority-event>host-unreachable ip-addr config>vrrp>policy>priority-event>lag-port-down lag-id>number-down number-of-lag-ports- down config>vrrp>policy>priority-event>port-down port-id[.channel-id] config>vrrp>policy>priority-event>route-unknown prefix/mask-length Description This command controls the effect the set event has on the virtual router instance in-use priority. When the event is set, the priority-level is either subtracted from the base priority of each virtual router instance or it defines the explicit in-use priority value of the virtual router instance depending on whether the delta or explicit keywords are specified.
Page 429 VRRP When explicit is specified, the priority-level value is used to override the base priority of the virtual router instance if the priority event is set and no other explicit priority event is set with a lower priority-level. The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy.
Page 430: Priority Policy Port Down Event Commands
VRRP Configuration Command Reference Description This command configures an instance of a multi-chassis IPsec tunnel-group Priority Event used to override the base priority value of a VRRP virtual router instance depending on the operational state of the event. Parameters tunnel-grp-id — Identifies the multi-chassis IPsec tunnel group whose non-forwarding state is monitored by this priority control event.
Page 431 1 to 256 ccag-id ccag-id. path-id[cc-type] ccag keyword 1 to 8 path-id a, b cc-type .sap-net, .net-sap Values The following values apply to the 7450 ESS: port-id slot/mda/port[.channel] eth-sat-id esat-id/slot/port esat keyword 1 to 20 Router Configuration Guide...
Page 432: Priority Policy Lag Events Commands
VRRP Configuration Command Reference pxc-id pxc-id.sub-port keyword 1 to 64 sub-port a, b ccag-id ccag-id. path-id[cc-type] ccag keyword 1 to 8 path-id a, b cc-type .sap-net, .net-sap The POS channel on the port monitored by the VRRP priority control event. The port-id.channel-id can only be monitored by a single event in this policy.
Page 433 VRRP Multiple unique lag-port-down event nodes can be configured within the priority-event node up to the maximum of 32 events. The lag-port-down command can reference an arbitrary LAG. The lag-id does have to already exist within the system. The operational state of the lag-port-down event will indicate: •...
Page 434 Values 1 to 800 (apply to the 7750 SR and 7950 XRS) 1 to 200 (apply to the 7450 ESS) number-down Syntax...
Page 435: Priority Policy Host Unreachable Event Commands
VRRP Priority Policy Host Unreachable Event Commands drop-count Syntax drop-count consecutive-failures no drop-count Context config>vrrp vrrp-policy-id>priority-event>host-unreachable ip-addr Description This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set. The drop-count command is used to define the number of consecutive message send attempts that must fail for the host-unreachable priority event to enter the set state.
Page 436 VRRP Configuration Command Reference Multiple unique (different ip-address) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events. The host-unreachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure.
Page 437 ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d Values The following values apply to the 7750 SR and 7950 XRS: ipv4-address: a.b.c.d...
Page 438 VRRP Configuration Command Reference Default Parameters seconds — The number of seconds between the ICMP echo request messages sent to the host IP address for the host unreachable priority event. Values 1 to 60 padding-size Syntax padding-size size no padding-size Context config>vrrp>priority-event>host-unreachable Description...
Page 439: Priority Policy Route Unknown Event Commands
VRRP It is possible for a required ARP request to succeed or timeout after the message timeout timer expires. In this case, the message request is unsuccessful. If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request, that request is considered to be dropped and increments the consecutive message drop counter for the priority event.
Page 440 — The IP address for an acceptable next hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix. Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d Values The following values apply to the 7750 SR and 7950 XRS: ipv4-address: a.b.c.d...
Page 441 VRRP interface: 32 chars maximum, mandatory for link local addresses The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified. protocol Syntax protocol {bgp | bgp-vpn | ospf | is-is | rip | static} no protocol Context config>vrrp>policy>priority-event>route-unknown prefix/mask-length...
Page 442 VRRP Configuration Command Reference ospf — This parameter defines OSPF as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The ospf parameter is not exclusive from the other available protocol parameters. If protocol is executed without the ospf parameter, a returned route prefix with a source of OSPF will not be considered a match and will cause the event to enter the set state.
Page 443 VRRP Table 38: Route-unknown Operational States route-unknown Description Operational State Set – non-existent The route does not exist in the route table. Set – inactive The route exists in the route table but is not being used. Set – wrong next hop The route exists in the route table but does not meet the next-hop requirements.
Page 444 ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values The following values apply to the 7450 ESS: ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0) mask...
Page 445: Show, Monitor, Clear, And Debug Command Reference
VRRP Show, Monitor, Clear, and Debug Command Reference The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. Command Hierarchies • Show Commands • Monitor Commands • Clear Commands • Debug Commands Router Configuration Guide...
Page 446: Show Commands
Show, Monitor, Clear, and Debug Command Reference Show Commands show — vrrp — policy [policy-id [event event-type specific-qualifier]] — router — vrrp — instance — instance [interface interface-name [vrid virtual-router-id]] — instance interface interface-name vrid virtual-router-id ipv6 — statistics Monitor Commands monitor —...
Page 447 VRRP — packets — packets interface ip-int-name [vrid virtual-router-id] — packets interface ip-int-name vrid virtual-router-id ipv6 — no packets — no packets interface ip-int-name [vrid virtual-router-id] — no packets interface ip-int-name vrid virtual-router-id ipv6 Router Configuration Guide...
Page 448: Command Descriptions
Show, Monitor, Clear, and Debug Command Reference Command Descriptions Show Commands instance Syntax instance instance [interface interface-name [vrid virtual-router-id]] instance interface interface-name vrid virtual-router-id ipv6 Context show>vrrp Description This command displays information for VRRP instances. If no command line options are specified, summary information for all VRRP instances displays. Parameters interface ip-int-name —...
Page 449 VRRP Table 39: VRRP Instance Output Field Descriptions (Continued) Label Description Indicates that the administrative state of the VRRP instance is up. Down Indicates that the administrative state of the VRRP instance is down. Indicates that the operational state of the VRRP instance is up. Down Indicates that the operational state of the VRRP instance is down.
Page 450 Show, Monitor, Clear, and Debug Command Reference Table 39: VRRP Instance Output Field Descriptions (Continued) Label Description Indicates BFD is enabled. VRRP State Specifies whether the VRRP instance is operating in a master or backup state. Policy ID The VRRP priority control policy associated with the VRRP virtual router instance.
Page 451 For a backup virtual router, this value specifies the date and time when it received the first VRRP advertisement message from the virtual router which is the current master. Sample Output The following is an output example for the 7450 ESS: *A:ALA-A# show router vrrp instance =============================================================================== VRRP Instances...
Page 452 Show, Monitor, Clear, and Debug Command Reference Primary IP of Master: 5.1.1.2 (Self) Primary IP : 5.1.1.2 Standby-Forwarding: Disabled VRRP Backup Addr : 5.1.1.10 Admin State : Up Oper State : Up Up Time : 09/23/2004 06:53:45 Virt MAC Addr : 00:00:5e:00:01:01 Auth Type : None...
Page 453 VRRP Owner : No VRRP State : Master Primary IP of Master: FE80::1 (Self) Primary IP : FE80::1 Standby-Forwarding: Disabled VRRP Backup Addr : 5::10 : FE80::10 Admin State : Up Oper State : Up Up Time : 09/23/2004 06:55:12 Virt MAC Addr : 00:00:5e:00:02:0a Config Mesg Intvl : 1.0...
Page 454 Show, Monitor, Clear, and Debug Command Reference Parameters vrrp-policy-id — Displays information on the specified priority control policy ID. Default All VRRP policies IDs Values 1 to 9999 event event-type — Displays information on the specified VRRP priority control event within the policy ID.
Page 455 VRRP Table 40: VRRP Policy Output Fields Descriptions (Continued) Label Description Current Priority The configured delta-in-use-limit priority for a VRRP priority control policy or the configured delta or explicit priority for a priority control event. Applied The number of virtual router instances to which the policy has been applied.
Page 456 Show, Monitor, Clear, and Debug Command Reference Sample Output A:ALA-A# show vrrp policy =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- None None None None None None =============================================================================== A:ALA-A# A:ALA-A# show vrrp policy 1 =============================================================================== VRRP Policy 1 ===============================================================================...
Page 457 VRRP Table 41: VRRP Policy Event Output Fields Descriptions (Continued) Label Description Current Priority The base router priority for the virtual router instance used in the master election process. Current Explicit When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the current explicit priorities will be used as the in-use priority for the virtual router.
Page 458 Show, Monitor, Clear, and Debug Command Reference Table 41: VRRP Policy Event Output Fields Descriptions (Continued) Label Description Priority Effect Delta A delta priority event is a conditional event defined in a priority control policy that subtracts a given amount from the base priority to give the current in-use priority for the VRRP virtual router instances to which the policy is applied.
Page 459 VRRP Table 41: VRRP Policy Event Output Fields Descriptions (Continued) Label Description Value In Use The event is currently affecting the in-use priority of some virtual router. The event is not affecting the in-use priority of some virtual router. # trans to Set The number of times the event has transitioned to one of the 'set' states.
Page 460 Show, Monitor, Clear, and Debug Command Reference None ------------------------------------------------------------------------------- Priority Control Event Host Unreachable 10.10.200.252 ------------------------------------------------------------------------------- Priority : 20 Priority Effect : Delta Interval : 1 sec Timeout : 1 sec Drop Count Hold Set Config : 0 sec Hold Set Remaining: Expired Value In Use : No Current State...
Page 461: Monitor Commands
VRRP Table 42: Show VRRP Statistics Output Label Description VR Id Errors Displays the number of virtual router ID errors. Version Errors Displays the number of version errors. Checksum Errors Displays the number of checksum errors. Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics ===============================================================================...
Page 462 Show, Monitor, Clear, and Debug Command Reference absolute — When the absolute keyword is specified, the raw statistics are displayed, without processing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta.
Page 463: Clear Commands
VRRP Clear Commands The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. interface Syntax interface ip-int-name [vrid virtual-router-id] interface ip-int-name vrid virtual-router-id ipv6 Context clear>router>vrrp Description This command resets VRRP protocol instances on an IP interface. Parameters ip-int-name —...
Page 464: Debug Commands
Show, Monitor, Clear, and Debug Command Reference Parameters interface ip-int-name — Clears the VRRP statistics for all VRRP instances on the specified IP interface. vrid virtual-router-id — Clears the VRRP statistics for the specified VRRP instance on the IP interface. Default All VRRP instances on the IP interface.
Page 465 VRRP no packets interface ip-int-name [vrid virtual-router-id] [ipv6] no packets Context debug>router>vrrp Description This command enables debugging for VRRP packets. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id — Displays the specified VRID. Router Configuration Guide...
Page 466 Show, Monitor, Clear, and Debug Command Reference Router Configuration Guide...
Page 467: Filter Policies
Filter Policies In This Chapter The SR OS supports filter policies for services and network interfaces (described in this chapter), subscriber management (integrated with subscriber management filter policies defined in the Triple Play Guide), and CPM security and Management Interface (described in the System Management Guide).
Page 468: Acl Filter Policy Overview
ACL Filter Policy Overview Filter Policies and Dynamic Policy-Driven Interfaces Filter Policy-based ESM Service Chaining Policy-Based Forwarding for Deep Packet Inspection in VPLS ACL Filter Policy Overview ACL Filter policies, also referred to as Access Control Lists (ACLs) or filters for short, are sets of ordered rule entries specifying packet match criteria and actions to be performed to a packet upon a match.
Page 469: Filter Policy Basics
IP filter policy, so the default action in the IP filter policy will not apply to these packets. IPv6 filters do not apply to the 7450 ESS except when it is in mixed mode. IPv6 filters do not apply to the 7450 ESS (except in mixed mode).
Page 470: Ipv4/Ipv6 Filter Policy Entry Match Criteria
ACL Filter Policy Overview • An ACL filter policy entry with match criteria defined but no action configured, is considered incomplete and inactive (an entry is not downloaded to the line card). A filter policy must have at least single entry active for the policy to be considered active.
Page 471 Filter Policies • packet-length/payload-length — Match for the specified length value/range against the Total Length field in IPv4 packet header or Payload Length field in IPv6 packet header. (The IPv6 payload-length field does not account for the size of the fixed IP header, which is 40 bytes.) This match condition is supported for drop action only and is part of action evaluation –...
Page 472 ACL Filter Policy Overview • multiple-option — Match for the presence of multiple IP options in the IPv4 packet. • src-route-option — Match for the presence of IP Option 3 or 9 (Loose or Strict Source Route) in the first 3 IP Options of the IPv4 packet. A packet will also match this rule if the packet has more than 3 IP Options.
Page 473: Mac Filter Policy Entry Match Criteria
Filter Policies • src-port/dst-port/port – Match for the specified port value, port list, or port range against the Source Port Number/Destination Port Number of the UDP/TCP/SCTP packet header. An option to match either source or destination (Logical OR) using a single filter policy entry is supported by using a directionless “port”...
Page 474: Filter Policy Actions
ACL Filter Policy Overview • ssap— Entering an Ethernet 802.2 LLC SSAP value allows the filter to search for matching frames with a source access point on the network node designated in the source field of the packet. Operator can optionally configure a mask to be used in a match.
Page 475 Filter Policies If multiple interfaces (including LAG interfaces) use the same rate-limit filter policy on the same FP, the system will allocate a single rate limiter resource to the FP; a common aggregate rate limit is applied to those interfaces. The rate-limit filter policy is supported on ingress only, and requires minimum FP-2 base line cards and chassis mode D.
Page 476 ACL Filter Policy Overview For IES/VPRN, the outgoing R-VPLS interface can be in any VPRN service. The outgoing interface and VPRN service for BGP EVPN control plane resolution must again be configured as part of ESI PBR entry configuration. The functionality is supported in filter policies deployed on ingress IES/VPRN interfaces and in filter policies deployed on ingress and egress for ESM subscribers.
Page 477 Filter Policies → sdp — forwards the incoming traffic onto the specified VPLS SDP. Supported for ingress IPv4/IPv6 and MAC filter policies deployed in VPLS service. The SDP traffic is to egress on must be in the same VPLS service as the incoming interface.
Page 478: Filter Policy Statistics
ACL Filter Policy Overview Table 43: Default behavior when a PBR/PBF target is down PBR/PBF action Default behavior when down forward esi (any type) Forward forward lsp Forward forward next-hop (any type) Drop forward redirect-policy Forward when redirect policy is shutdown forward redirect-policy Forward - when destination tests are enabled and the best destination is not reachable...
Page 479: Filter Policy Logging
• Two consecutive bulk requests for one entry will return the same values if the cache has not been refreshed between the two requests. The refresh interval is platform/ release dependent. Please contact your Alcatel-Lucent representative for further details. •...
Page 480: Filter Policy Cflowd Sampling
ACL Filter Policy Overview • If source or destination address of the log messages does not match an entry already present in the table, the source/destination address is stored in a free entry in the mini- table. • In case the mini-table has no more free entries, only total counter is incremented. •...
Page 481 Filter Policies A filter policy can be modified directly – by changing/adding/deleting the existing entry in that filter policy or indirectly. Examples of indirect change to filter policy include, among others, changing embedded filter entry this policy embeds (see the Embedded Filters section), changing redirect policy this filter policy uses.
Page 482: Filter Policy Advanced Topics
ACL Filter Policy Overview Filter Policy Advanced Topics Match-list for Filter Policies Figure 16 depicts an approach to implement logical OR on a list of matching criterion (IPv4 address prefixes in this example) in one or more filter policies prior to introduction of match list.
Page 483 Filter Policies Figure 17 depicts how the IOM/CPM filter policy illustrated at the top of this section changes with a filter match list usage (using IPv4 address prefix list in this example). Figure 17: IOM/CPM Filter Policy Using an Address Prefix Match List Entry K IPv4 Prefix 1 match: IPv4 Prefix List A...
Page 484 ACL Filter Policy Overview Auto-generation of Filter-policy Address Prefix Match Lists It is often desired to automatically update a filter policy when the configuration on a router changes. To allow such a touch-less filter policy management, SR OS allows auto-generation of address prefixes for IPv4 or IPv6 address prefix match lists based on operator-configured criteria.
Page 485: Primary And Secondary Filter Policy Action For Pbf Redundancy
Filter Policies Primary and Secondary Filter Policy Action for PBF Redundancy In some deployments, operators may want to specify a backup Policy-Based Forwarding (PBF) target if the primary target is down. The SR OS allows the configuration of a primary action (config>filter>{ip-filter | ipv6-filter | mac-filter}>entry>action) and a secondary action (config>filter>{ip-filter | ipv6-filter | mac-filter}>entry>action secondary) as part of a single filter policy entry.
Page 486: Destination Mac Rewrite When Deploying Policy-Based Forwarding
ACL Filter Policy Overview Destination MAC Rewrite when Deploying Policy-Based Forwarding For Layer 2 Policy Based-Forwarding (PBF) redirect actions, a far-end router may discard redirected packets when the PBF changes the destination IP interface the packet arrives on. This happens when a far-end IP interface uses a different MAC address than the IP interface reachable via normal forwarding (for example one of the routers does not support a configurable MAC address per IP interface).
Page 487: Embedded Filters
Filter Policies Caveats: • Is mutually exclusive with SAP MAC ingress and egress loopback feature: tools perform service id service-id loopback eth sap sap-id {ingress | egress} mac-swap ieee-address. • Requires FP2-based hardware. Embedded Filters When a large number of standard filter policies are configured in a system, a set of policies will often contain one or more common blocks of entries that define, for example, system- wide and/or service-wide security rules.
Page 488 ACL Filter Policy Overview For example: If embedded filter 99 has entry 20 that drops packets that match IP source address src_address, and filter 200 embeds filter 99 at offset 100, then to deactivate the embedded entry 20, an operator could define an entry 120 (embedded entry number 20 + offset 100) in filter policy 200, that has the same match criteria and has either no action defined (this will deactivate the embedded entry and allow continued evaluation of filter policy 200), or has action forward defined (packets will...
Page 489: System-Level Ipv4/Ipv6 Line Card Filter Policy
Filter Policies Note: Embedded filter policies are supported for line card IP(v4) and IPv6 filter policies only. System-level IPv4/IPv6 Line Card Filter Policy A system filter policy allows the definition of a common set of policy rules that can then be activated within other exclusive/template filters.
Page 490: Network-Port Vprn Filter Policy
ACL Filter Policy Overview exit action drop exit exit # Activate it system-filter ip 1 exit # Use it in another filter: ip-filter 10 create chain-to-system-filter filter-name "test-name" embed-filter open-flow "test" offset 100 exit exit Network-port VPRN Filter Policy Network-port L3 service-aware filter feature allows operators to deploy VPRN service aware ingress filtering on network ports.
Page 491: Vid Mac Filters
Filter Policies The MMRP usage of the mrp-policy ensures automatically that traffic using Group BMAC is not flooded between domains. However; there could be a small transitory periods when traffic originated from PBB BEB with unicast BMAC destination may be flooded in the BVPLS context as unknown unicast in the BVPLS context for both IVPLS and PBB Epipe.
Page 492 ACL Filter Policy Overview • SAP such as 1/1/1, 1/1/1:* or 1/1/1:*.* can have as many as 2 tags for VID MAC filter to match on • For the remaining tags, the left (outermost) tag is what is used as the outer-tag in the MAC VID Filter.
Page 493 Filter Policies Figure 20: VID Filtering Examples Service 1 SAP 1/1/1:10.* SAP 2/1/1:* MAC 10 20 ...Payload MAC 20 ...Payload MAC 20 ...Payload qinq dot1q Ingress: outer Egress: outer Port Port Encap Encap Service 2 SAP 1/1/2 SAP 2/1/2 MAC 10 20 30 ...Payload MAC 10 20 30 ...Payload MAC 10 20 30 ...Payload null...
Page 494 ACL Filter Policy Overview configure>system>ethernet>new-qinq-untagged-sap is a special QinQ function for single tagged QinQ frames with a null second tag. Using this in combination with VID filters is not recommended. The outer-tag is the only tag available for filtering on egress for frames arriving from MPLS SDPs or from PBB services even though additional tags may be carried transparently.
Page 495: Redirect Policies
Filter Policies Redirect Policies SR OS-based routers support configuring of IPv4 and IPv6 redirect policies. Redirect policies allow specifying multiple redirect target destinations and defining health check test methods used to validate the ability for a given destination to receive redirected traffic. This destination monitoring allows router to react to target destination failures.
Page 496 SNMP and URL tests are not supported for IPv6. • Different platforms support different scale for redirect policies. Please contact your local Alcatel-Lucent representative to ensure the planned deployment does not exceed recommended scale. Router Instance Support for Redirect Policies There are two modes of deploying redirect policies on VPRN interfaces.
Page 497: Http-Redirect (Captive Portal)
Filter Policies → When all PBR destinations are down, action forward is programmed and the PBR lookup is performed in the routing instance of the incoming interface where the filter policy using the given redirect policy is deployed. → Any destination tests configured are always executed in the "Base" router instance regardless of the router instance of the incoming interface where the filter policy using the given redirect policy is deployed.
Page 498 ACL Filter Policy Overview Figure 22: Web Redirect Traffic Flow Customer’s SR OS Portal Original Computer Router/Switch Website Website X>HTTP TCP SYN X>HTTP TCP SYN ACK* X>HTTP TCP ACK HTTP GET HTTP>X TCP ACK* HTTP 302 (moved)* X>HTTP TCP FIN ACK HTTP>X TCP FIN ACK* NORMAL HTTP WITH PORTAL UPDATE POLICY...
Page 499: Filter Policies And Dynamic Policy-Driven Interfaces
Filter Policies The subscriber identification string is available only when used with subscriber management. Refer to the subscriber management section of the Triple Play Guide and the Router Configuration Guide. Since most web sites are accessed using the domain name the router allows either DNS queries or responds to DNS with the portal’s IP address.
Page 500: Filter Policy-Based Esm Service Chaining
ACL Filter Policy Overview Filter Policy-based ESM Service Chaining In some deployments, operators may select to redirect ESM subscribers to Value Added Services (VAS). Various deployment models can be used but often subscribers are assigned to a particular residential tier-of-service, which also defines the VAS available to subscribers of the given tier.
Page 501 Filter Policies Figure 23: ACL filter modeling for ESM Service Chaining ACL for Service Gold ip(v6)-filter “ACL Gold” ••• # VSD service chaining ACL for Service Gold ip(v6)-filter “ACL Gold” embed-filter “VAS 1” offset 1001 ••• # VSD service chaining embed-filter “VAS 2”...
Page 502 ACL Filter Policy Overview Figure 24: Upstream ESM ACL-policy based service chaining DC VAS Service - SFC rules for upstream service chains embedded into per residential service ACLs Upstream VAS-processed Traffic subscribers are assigned to via - Traffic enters Res-GW from VAS on Radius based on tier-of-service.
Page 503 Filter Policies Figure 25: Downstream ESM ACL-policy based service chaining DC VAS Service - SFC rules for downstream chains embedded into per Downstream VAS-processed Traffic residential service ACLs - Traffic enters Res-GW on dedicated subscribers are assigned to via to-from-access interface (required tp Radius based on tier-of-service.
Page 504 ACL Filter Policy Overview • deployments that use a single interface for VAS connectivity (optional, no local subscriber-to-subscriber VAS traffic support) → to-from-both both upstream traffic arriving from access interfaces and downstream traffic arriving from the network is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing after VAS processing, traffic must arrive on this interface (optional for upstream), so that the traffic is subject to regular routing but is not subject to...
Page 505: Policy-Based Forwarding For Deep Packet Inspection In Vpls
Filter Policies • Downstream traffic steered towards a VAS on the subscriber-facing IOM is reclassified (FC and profile) based on the subscriber egress QoS policy, and is queued towards the VAS based on the network egress QoS configuration. Packets sent toward VAS will not have DSCP remarked (since they are not yet forwarded to a subscriber).
Page 506 ACL Filter Policy Overview SAP 1/1/23:5 is configured to see if the VPLS service is flooding all the traffic. If flooding is performed by the router then traffic would also be sent to SAP 1/1/23:5 (which it should not). Figure 26 shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service.
Page 507 Filter Policies disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit no shutdown exit ---------------------------------------------- *A:ALA-48>config>service# The following displays a MAC filter configuration example: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1...
Page 508 ACL Filter Policy Overview sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# Router Configuration Guide...
Page 509: Filter Configuration Command Reference
Filter Policies Filter Configuration Command Reference Command Hierarchies • DHCP Filter Policy Commands • Match Filter List Commands • IP Filter Policy Commands • IPv6 Filter Policy Commands • System Filter Policy Commands • Log Filter Commands • MAC Filter Commands •...
Page 510: Dhcp Filter Policy Commands
Filter Configuration Command Reference DHCP Filter Policy Commands config — filter — dhcp-filter filter-id [create] — no dhcp-filter filter-id — description description-string — no description — entry entry-id [create] — no entry entry-id — action bypass-host-creation — action drop — no action —...
Page 511 Filter Policies — forward esi esi sf-ip ip-address vas-interface interface-name router {router-instance | service-name service-name} — forward esi esi service-id vpls-service-id — forward lsp lsp-name — forward next-hop [indirect] ip-address — forward next-hop [indirect] ip-address router {router-instance | service-name service-name} —...
Page 512: Ipv6 Filter Policy Commands
— no sub-insert-shared-radius — sub-insert-wmark low low-watermark high high-watermark — no sub-insert-wmark IPv6 Filter Policy Commands These commands do not apply to the 7450 ESS (except in mixed mode). config — filter — ipv6-filter filter-id [create] — ipv6-filter {filter-id | filter-name} —...
Page 513 Filter Policies — embed-filter flowspec [router {router-instance | service-name vprn-service-name}] [offset offset] [{active | inactive}] — embed-filter open-flow ofs-name [{system | service {service-id | service-name} | sap sap-id}] [offset offset] [{active | inactive}] — no embed-filter filter-id — no embed-filter flowspec —...
Page 514 Filter Configuration Command Reference — flow-label flow-label [mask] — no flow-label — fragment {true | false | first-only | non-first-only} — no fragment — hop-by-hop-opt {true | false} — no hop-by-hop-opt — icmp-code icmp-code — no icmp-code — icmp-type icmp-type —...
Page 515: System Filter Policy Commands
Filter Policies System Filter Policy Commands config — filter — system-filter — ip-filter-id — no ip-filter-id — ipv6 ipv6-filter-id — no ipv6 ipv6-filter-id Log Filter Commands config — filter — log-id [create] — no log-id — description description-string — no description —...
Page 516: Match Filter List Commands
Filter Configuration Command Reference — description description-string — no description — log-id — no — match [frame-type {802dot3 | 802dot2-llc | 802dot2-snap | ethernet_II}] — no match — dot1p dot1p-value [dot1p-mask] — no dot1p — dsap dsap-value [dsap-mask] — no dsap —...
Page 517: Redirect Policy Configuration Commands
Filter Policies — no description — [no] prefix ip-prefix/prefix-length — ipv6-prefix-list ipv6-prefix-list-name [create] — no ipv6-prefix-list ipv6-prefix-list-name — [no] apply-path — bgp-peers index group reg-exp neighbor reg-exp — no bgp-peers index — description description-string — no description — [no] prefix ipv6-prefix/prefix-length —...
Page 518: Copy Filter Commands
Filter Configuration Command Reference — timeout seconds — no timeout — [no] unicast-rt-test — url-test test-name [create] — no url-test test-name — drop-count consecutive-failures [hold-down seconds] — no drop-count — interval seconds — no interval — return-code return-code-1 [return-code-2] [disable | lower-priority priority | raise-priority priority] —...
Page 519: Command Descriptions
Filter Policies Command Descriptions • Generic Commands • Global Filter Commands • DHCP Filter Commands • Filter Log Commands • ACL Filter Policy Commands • General Filter Entry Commands • IP (v4/v6) Filter Entry Commands • Match List Configuration Commands •...
Page 520: Global Filter Commands
Filter Configuration Command Reference The no form of the command removes any description string from the context. Default no description Parameters description-string — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
Page 521 Filter Policies create — Keyword required to create the configuration context. ip-filter Syntax ip-filter filter-id [create] ip-filter {filter-id | filter-name} no ip-filter {filter-id | filter-name} Context config>filter Description This command creates a configuration context for the specified IPv4 filter policy if it does not exist, and enables the context to configure the specified IPv4 filter policy.
Page 522 Filter Configuration Command Reference system-filter Syntax system-filter Context config>filter Description This command enables the context to activate system filter policies. mac-filter Syntax mac-filter filter-id [create] [no] mac-filter {filter-id | filter-name} Context config>filter Description This command, creates a configuration context for the specified MAC filter policy if it does not exist, and enables the context to configure the specified MAC filter policy.
Page 523: Dhcp Filter Commands
Filter Policies Parameters redirect-policy-name — Specifies the redirect policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured.
Page 524: Filter Log Commands
Filter Configuration Command Reference The no form of the command reverts to the default wherein the host creation proceeds as normal. Default no action Parameters bypass-host-creation — Specifies that the host creation is bypassed. drop — Specifies that the DHCP message is dropped. option Syntax option dhcp-option-number {present | absent}...
Page 525 Filter Policies Context config>filter>log Description This command configures the destination for filter log entries for the filter log ID. Filter logs can be sent to either memory (memory) or to an existing Syslog server definition (syslog). If the filter log destination is memory, the maximum number of entries in the log must be specified. The no form of the command deletes the filter log association.
Page 526 Filter Configuration Command Reference Description This command enables the context to configure log summarization. These settings will only be taken into account when syslog is the log destination. summary-crit Syntax summary-crit dst-addr summary-crit src-addr no summary-crit Context config>filter>log>summary Description This command defines the key of the index of the minitable. If key information is changed while summary is administratively enabled (no shutdown), the filter summary minitable is flushed and recreated with different key information.
Page 527: Acl Filter Policy Commands
Filter Policies ACL Filter Policy Commands default-action Syntax default-action {drop | forward} Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command defines the default action to be applied to packets not matching any entry in this ACL filter policy or to packets for that match a PBF/PBR filter entry for which the PBF/PBR target is down and pbr-down-action-override per-entry is set to filter-default-action.
Page 528 Filter Configuration Command Reference Context config>filter>system-filter Description This command activates an IPv4 system filter policy. Once activated, all IPv4 ACL filter policies that chain to the system filter (config>filter>ip-filter chain-to-system-filter) will automatically execute system filter policy rules first. The no form of the command deactivates the system filter policy. Default None of the IPv4 system filters is available by default.
Page 529 Filter Policies Context config>filter>ip-filter config>filter>ipv6-filter Description This command embeds a previously defined IPv4 or IPv6 embedded filter policy or Hybrid OpenFlow switch instance into this exclusive, template or system filter policy at the specified offset value. Rules derived from BGP flowspec can also be embedded into template filter policies only. The embed-filter open-flow ofs-name form of this command enables OpenFlow (OF) in GRT either by embedding the specified OpenFlow switch (OFS) instance with switch-defined-cookie disabled, or by embedding rules with sros-cookie:type “grt-cookie”, value 0 from the specified OFS instance...
Page 530 Filter Configuration Command Reference The no embed-filter vsd vsd-filter-id form of this command removes the VSD filter embedding from this filter policy. The no embed-filter filter-id form of this command removes the embedding from this filter policy. Please see the description of embedded filter policies in this guide for further operational details. Default No embedded filter policies are included in a filter policy by default Parameters...
Page 531 Filter Policies active — Specifies that embedded filter entries are to be included in this embedding filter policy and activated on applicable line cards – default if no keyword is specified and omitted in info command (but not info detail), or when saving configuration. inactive —...
Page 532 Filter Configuration Command Reference The no form of the command sets the scope of the policy to the default of template. Default template Parameters exclusive — When the scope of a policy is defined as exclusive, the policy can only be applied to a single entity.
Page 533 Filter Policies Description This command inserts point information for credit control for the filter. The no form of the command reverts to the default. Default no sub-insert-credit-control Parameters entry entry-id — Identifies a filter on this system. Values 1 to 65535 count count —...
Page 534 Filter Configuration Command Reference Parameters start-entry entry-id — Specifies the lowest entry in the range. Values 1 to 65535 count count — Specifies the number of entries in the range. Values 1 to 65535 sub-insert-shared-radius Syntax sub-insert-shared-radius start-entry entry-id count count no sub-insert-shared-radius Context config>filter>ip-filter...
Page 535: General Filter Entry Commands
Filter Policies type Syntax type filter-type Context config>filter>mac-filter Description This command configures the MAC Filter Policy sub-type as being either normal, ISID or VID. Default normal Parameters filter-type — Specifies which type of entry this MAC filter can contain. Values normal —...
Page 536 Filter Configuration Command Reference Parameters entry-id — An entry-id uniquely identifies a match criteria and the corresponding action. It is recommended that multiple entries be given entry-id in staggered increments. This allows users to insert a new entry in an existing policy without requiring to renumber all the existing entries.
Page 537 Filter Policies Default no log Parameters log-id — The filter log ID expressed as a decimal integer. Values 101 to 199 pbr-down-action-override Syntax pbr-down-action-override {drop | forward | filter-default-action} no pbr-down-action-override Context config>filter>ip-filter>entry config>filter>ipv6-filter>entry config>filter>mac-filter>entry Description This command allows overriding the default action that is applied for entries with PBR/PBF action defined, when the PBR/PBF target is down.
Page 538: Ip (V4/V6) Filter Entry Commands
Filter Configuration Command Reference The no form of the command disables sticky destination behavior. Default no sticky-dest Parameters hold-time-up — Initial delay in seconds. Zero is equivalent to no-hold-time-up (no delay). Values 0 to 65535 seconds IP (v4/v6) Filter Entry Commands action Syntax drop...
Page 539 Filter Policies • drop packet-length A packet matching the entry will be dropped only if “Total Length” field in the packet’s IPv4 header meets the configured condition. • drop ttl A packet matching the entry will be dropped only if “Time-to-live” field in the packet’s IPv4 header meets the configured condition.
Page 540 Filter Configuration Command Reference An HTTP GET packet matching an entry is forwarded to CPM for HTTP captive portal processing. • A packet matching the entry will be forwarded to NAT; when configured with allow-radius- override, the system overwrites the configured rdr-url-string with the URL returned from Radius.
Page 541 Filter Policies value — Specifies the rate-limit value in Kbits per second. A rate of 0 results in all traffic being dropped. A rate of max results in all traffic being forwarded. Values 0 to 2000000000 | max vpls-service-id — Specifies an existing VPLS service ID or service name. lt —...
Page 542 Filter Configuration Command Reference A packet matching the entry will be dropped. • drop hop-limit A packet matching the entry will be dropped only if the “Hop Limit” field in the packet’s IPv6 header matches the configured condition. • drop payload-length drop payload-length –...
Page 543 Filter Policies nat – A packet matching the entry will be forwarded to NAT. • rate-limit rate-limit – Enables ACL rate limiting for packets matching the entry of this ACL filter policy. Rate limiters are configured by default with MBS = CBS = 10-ms-of-the-rate and high-prio-only = 0.
Page 544 Filter Configuration Command Reference range — Specifies an inclusive range. When range is used, the start of the range (first value entered) must be smaller than the end of the range (second value entered). egress-pbr Syntax egress-pbr {default-load-balancing | l4-load-balancing} no egress-pbr Context config>filter>ip-filter>entry...
Page 545 Filter Policies Description This command disables cflowd sampling for packets matching this filter entry for the IP interface is set to cflowd interface mode. This allows the option to not sample specific types of traffic when interface sampling is enabled. If the cflowd is either not enabled or set to cflowd acl mode, this command is ignored.
Page 546 Filter Configuration Command Reference Table 44: Protocol ID Descriptions (Continued) Protocol Protocol ID Description igmp Internet Group Management IP in IP (encapsulation) Transmission Control Exterior Gateway Protocol Any private interior gateway (used by Cisco for IGRP) User Datagram Reliable Data Protocol ipv6 IPv6 ipv6-route...
Page 547 Filter Policies Table 44: Protocol ID Descriptions (Continued) Protocol Protocol ID Description isis ISIS over IPv4 crtp Combat Radio Transport Protocol crudp Combat Radio User Datagram sctp Stream Control Transmission Protocol match Syntax match [next-header next-header] no match Context config>filter>ipv6-filter>entry Description This command enables the context to enter match criteria for the filter entry.
Page 548 Filter Configuration Command Reference The no form of the command removes the DSCP match criterion. Default no dscp Parameters dscp-name — Configures a DSCP name. The DiffServ code point may only be specified by its name. Values be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44,...
Page 549 Filter Policies [0..FFFF]H [0..255]D prefix-length — The IPv6 prefix length for the specified ipv6-address expressed as a decimal integer. Values 1 to 128 ipv6-address-mask — Eight 16-bit hexadecimal pieces representing bit match criteria. Values x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H [0..255]D dst-port Syntax...
Page 550 Filter Configuration Command Reference port-list port-list-name — Specifies to use a list of ports referred to by port-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes. range dst-port-number dst-port-number —...
Page 551 Filter Policies Parameters true — Specifies to match on all fragmented IP packets. false — Specifies to match on all non-fragmented IP packets. first-only — For IPv6: Matches if a packet is an initial fragment of a fragmented IPv6 packet. non-first-only —...
Page 552 Filter Configuration Command Reference Context config>filter>ipv6-filter>entry>match Description This command enables match on existence of Hop-by-Hop Options Extension Header in the IPv6 filter policy. The no form of this command ignores Hop-by-Hop Options Extension Header presence/absence in a packet when evaluating match criteria of a given filter policy entry. Default no hop-by-hop-opt Parameters...
Page 553 Filter Policies Description This command configures matching on the ICMP/ICMPv6 type field in the ICMP/ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.
Page 554 Filter Configuration Command Reference Table 45: ip-option-mask Formats Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0x14 Binary 0bBBBBBBBB 0b0010100 Default 255 (decimal) (exact match) Values 1 to 255 (decimal) multiple-option Syntax multiple-option {true | false} no multiple-option Context config>filter>ip-filter>entry>match Description This command configures matching packets that contain one or more than one option fields in the IP header as an IP filter match criterion.
Page 555 Filter Policies Parameters true — Specifies matching on all IP packets that contain any IP options in the IP header. A match will occur for all packets that have any IP option present. An option field of zero is considered as no option present.
Page 556 Filter Configuration Command Reference routing-type0 Syntax routing-type0 {true | false} no routing-type0 Context config>filter>ipv6-filter>entry>match Description This command enables match on existence of Routing Type Extension Header type 0 in the IPv6 filter policy. The no form of this command ignores Routing Type Extension Header type 0 presence/absence in a packet when evaluating match criteria of a given filter policy entry.
Page 557 Filter Policies ipv6-address — The IPv6 prefix for the IP match criterion in hex digits. Values x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H [0..255]D prefix-length — The IPv6 prefix length for the specified ipv6-address expressed as a decimal integer. Values 1 to 128 ipv6-address-mask —...
Page 558 Filter Configuration Command Reference port-list port-list-name — Specifies to use a list of ports referred to by port-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes. range src-port-number src-port-number —...
Page 559: Match List Configuration Commands
Filter Policies tcp-syn Syntax tcp-syn {true | false} no tcp-syn Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match Description This command configures matching on the SYN bit being set or reset in the control bits of the TCP header of an IP packet as an IP filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer 4 information.
Page 560 Filter Configuration Command Reference Operational Notes: An ip-prefix-list must contain only IPv4 address prefixes. An IPv4 prefix match list cannot be deleted if it is referenced by a filter policy. Please see general description related to match-list usage in filter policies. Default none Parameters...
Page 561 Filter Policies Default no apply path bgp-peers Syntax bgp-peers index group reg-exp neighbor reg-exp no bgp-peers index Context config>filter>match-list>ip-prefix-list>apply-path config>filter>match-list>ipv6-prefix-list>apply-path Description This command configures auto-generation of IPv4 or IPv6 address prefixes (as required by the context the command is executed within) based on the base router BGP instance configuration. The no form of this command removes the bgp-peers configuration for auto-generation of address prefixes for the specified index value.
Page 562 Filter Configuration Command Reference Please see general description related to match-list usage in filter policies. Default By default no port list is created. Parameters port-list-name — A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes. port Syntax [no] port port-number...
Page 563 Filter Policies The no form of this command deletes the specified prefix from the list. Operational Notes: To add set of different prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space. An IPv6 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of filter policies that use this IPv6 address prefix list.
Page 564: Mac Filter Entry Commands
Filter Configuration Command Reference prefix-length — Length of the entered IPv4 prefix. Values 0 to 32 MAC Filter Entry Commands action Syntax drop forward forward esi esi service-id vpls-service-id forward sap sap-id forward sdp sdp-id:vc-id http-redirect url rate-limit value Context config>filter>mac-filter>entry config>filter>mac-filter>entry>action Description...
Page 565: Mac Filter Match Criteria
Filter Policies value — Specifies the rate-limit value in Kbits per second. A rate of 0 results in all traffic being dropped. A rate of max results in all traffic being forwarded. Values 0 to 2000000000 | max vpls-service-id — Specifies an existing VPLS service ID or service name. match Syntax match [frame-type {802dot3 | 802dot2-llc | 802dot2-snap | ethernet_II}]...
Page 566 Filter Configuration Command Reference The no form of the command removes the criterion from the match entry. Egress dot1p value matching will only match if the customer payload contains the 802.1p bits. For example, if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802.1Q or 802.1p tagged, the 802.1p bits will be present for a match evaluation.
Page 567 Filter Policies Default no dsap Parameters dsap-value — The 8-bit dsap match criteria value. Can be expressed in decimal integer, hexadecimal or binary format.. Values 0 to 255 dsap-mask — This is optional and may be used when specifying a range of dsap values to use as the match criteria.
Page 568 Filter Configuration Command Reference To configure so that all packets with a destination MAC OUI value of 00:03:FA are subject to a match condition then the entry should be specified as: 00:03:FA:00:00:00 FF:FF:FF:00:00:00 Default ff:ff:ff:ff:ff:ff (exact match) Values HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit.
Page 569 Filter Policies Default no isid Parameters value — Specifies the ISID value, 24 bits as a decimal integer. When just one present identifies a particular ISID to be used for matching. Values 0 to 16777215 to higher-value — Identifies a range of ISIDs to be used as matching criteria. inner-tag Syntax inner-tag value [vid-mask]...
Page 570 Filter Configuration Command Reference On dot1Q SAPs outer-tag is the only tag that can be matched. On dot1Q SAPs with exact match (sap 2/1/1:50) the outer-tag will be populated with the next tag that is carried transparently through the service or 0 if there is no additional VLAN tags on the frame. On QinQ SAPs that strip a single service delimiting tag, outer-tag will contain the next tag (which is still the first tag carried transparently through the service.) On SAPs with two service delimiting tags (two tags stripped) outer-tag will contain 0 even if there are more than 2 tags on the frame.
Page 571 Filter Policies The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. The snap-pid match criterion is independent of the OUI field within the SNAP header. Two packets with different three-byte OUI fields but the same PID field will both match the same filter entry based on a snap-pid match criteria.
Page 572: Policy And Entry Maintenance Commands
Filter Configuration Command Reference Description This command configures an Ethernet 802.2 LLC SSAP value or range for a MAC filter match criterion. This is a one-byte field that is part of the 802.2 LLC header of the IEEE 802.3 Ethernet Frame. The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria.
Page 573 Filter Policies Description This command copies existing filter list entries for a specific filter ID to another filter ID. The copy command is a configuration level maintenance tool used to create new filters using existing filters. It also allows bulk modifications to an existing policy with the use of the overwrite keyword. If overwrite is not specified, an error will occur if the destination policy ID exists.
Page 574: Redirect Policy Commands
Filter Configuration Command Reference Redirect Policy Commands destination Syntax destination ip-address [create] no destination ip-address Context config>filter>redirect-policy Description This command defines a destination in a redirect policy. More than one destination can be configured. Whether a destination IPv4/IPv6 address will receive redirected packets depends on the effective priority value after evaluation.
Page 575 Filter Policies The hold-time-up parameter allows the operator to delay programming of the PBR to the most- preferred destination for a specified amount of time when the first destination comes up (action forward remains in place). When the first destination comes up, the timer is started and upon the expiry, the current most-preferred destination is selected (which may differ from the one that triggered the timer to start) and programmed as a sticky PBR destination.
Page 576 Filter Configuration Command Reference interval Syntax interval seconds no interval Context config>filter>redirect-policy>dest>ping-test config>filter>redirect-policy>dest>snmp-test config>filter>redirect-policy>dest>url-test Description This command specifies the amount of time, in seconds, between consecutive requests sent to the far end host. Default Parameters seconds — Specifies the amount of time, in seconds, between consecutive requests sent to the far end host.
Page 577 Filter Policies Parameters priority — The priority, expressed as a decimal integer, used to weigh the destination’s relative importance within the policy. Values 1 to 255 snmp-test Syntax snmp-test test-name no snmp-test test-name Context config>filter>redirect-policy>dest Description This command enables the context to configure SNMP test parameters. Default none Parameters...
Page 578 Filter Configuration Command Reference Default none Parameters return-value — Specifies the SNMP value against which the test result is matched. Values A maximum of 256 characters. type return-type — Specifies the SNMP object type against which the test result is matched. Values integer, unsigned, string, ip-address, counter, time-ticks, opaque disable —...
Page 579 Filter Policies Parameters test-name — The name of the URL test. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. return-code Syntax return-code return-code-1 [return-code-2] [disable | lower-priority priority | raise-priority...
Page 580 Filter Configuration Command Reference router Syntax router router-instance router service-name service-name no router Context config>filter>redirect-policy Description This command enhances VRF support in redirect policies. When a router instance is specified, the configured destination tests are run in the specified router instance, and the PBR action is executed in the specified router instance.
Page 581: Configuring Filter Policies With Cli
Filter Policies Configuring Filter Policies with CLI This section provides information to configure filter policies using the command line interface. Topics in this section include: • Common Configuration Tasks → Creating an IPv4 Filter Policy → Creating an IPv6 Filter Policy →...
Page 582: Creating An Ipv4 Filter Policy
Common Configuration Tasks Creating an IPv4 Filter Policy Configuring and applying filter policies is optional. Each filter policy must have the following: • The filter type specified (IP) • A filter policy ID • A default action, either drop or forward •...
Page 583 Filter Policies Configuring the HTTP-Redirect Option If http-redirect is specified as an action, a corresponding forward entry must be specified before the redirect. Http-redirect is not supported on the 7450 ESS-1 model. The following displays an http-redirect configuration example: A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "Captive Portal Filter"...
Page 584: Creating An Ipv6 Filter Policy
Common Configuration Tasks match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Within a filter entry, you can also specify that traffic matching the associated IPv4 filter entry is not sampled by cflowd if the IPv4 interface is set to cflowd interface mode. The following displays an IPv4 filter entry configuration example: A:ALA-7>config>filter>ip-filter# info ----------------------------------------------...
Page 585: Mac Filter Policy
Filter Policies MAC Filter Policy The following example displays a MAC filter policy configuration: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive type normal exit ---------------------------------------------- A:ALA-7>config>filter# MAC ISID Filter Policy The following example displays an ISID filter configuration: A;ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create...
Page 586: Mac Filter Entry
Common Configuration Tasks ouiter-tag 85 4095 exit action drop exit entry 2 create match frame-type ethernet_II ouiter-tag 43 4095 exit action drop exit ---------------------------------------------- A:TOP_NODE>config>filter>mac-filter# MAC Filter Entry Within a filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched.
Page 587: Applying Filter Policies
Filter Policies Optionally a description can also be defined. The following example displays an IPv4 address prefix list configuration and its usage in an IPv4 filter policy: *A:ala-48>config>filter# info ---------------------------------------------- match-list ip-prefix-list "IPv4PrefixBlacklist" description "default IPv4 prefix blacklist" prefix 10.0.0.0/21 prefix 10.254.0.0/24 exit exit...
Page 588: Apply Ip (V4/V6) And Mac Filter Policies To A Service
Common Configuration Tasks Apply IP (v4/v6) and MAC Filter Policies to a Service IP and MAC filter policies are applied by associating them with a SAP and/or spoke-sdp in ingress and/or egress direction as desired. Filter ID is used to associate an existing filter policy, or if defined, a Filter Name for that Filter ID policy can be used in the CLI.
Page 589: Applying (Ipv4/V6) Filter Policies To A Network Port
Filter Policies Applying (IPv4/v6) Filter Policies to a Network Port IP filter policies can be applied to network IP (v4/v6) interfaces. MAC filters cannot be applied to network IP interfaces or to routable IES services. Similarly to applying filter policies to service, IP (v4/v6) filter policies are applied to network interfaces by associating a policy with ingress and/or egress direction as desired.
Page 590: Creating A Redirect Policy
Common Configuration Tasks Creating a Redirect Policy Configuring and applying redirect policies is optional. Each redirect policy must have the following: • A destination IP address • A priority (default is 100) • At least one of the following tests must be enabled: →...
Page 591: Filter Management Tasks
Filter Policies Filter Management Tasks This section discusses the following filter policy management tasks: • Renumbering Filter Policy Entries • Modifying a Filter Policy • Deleting a Filter Policy • Modifying a Redirect Policy • Deleting a Redirect Policy • Copying Filter Policies Renumbering Filter Policy Entries The system exits the matching process when the first match is found and then executes the...
Page 592 Filter Management Tasks exit action drop exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit entry 40 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 11 create description "filter-main"...
Page 593: Modifying A Filter Policy
Filter Policies exit exit ---------------------------------------------- A:ALA-7>config>filter# Modifying a Filter Policy There are several ways to modify an existing filter policy. A filter policy can be modified dynamically as part of subscriber management dynamic insertion/removal of filter policy entries (see the Triple Play Guide for details). A filter policy can be modified indirectly by configuration change to a match list the filter policy uses (as described earlier in this guide).
Page 594: Deleting A Filter Policy
Filter Management Tasks exit entry 10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ----------------------------------------------...
Page 595: Modifying A Redirect Policy
Filter Policies Modifying a Redirect Policy To access a specific redirect policy, you must specify the policy name. Use the no form of the command to remove the command parameters or return the parameter to the default setting. Example: config>filter# redirect-policy redirect1 config>filter>redirect-policy# description "New redirect info"...
Page 596: Deleting A Redirect Policy
Filter Management Tasks no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# Deleting a Redirect Policy Before you can delete a redirect policy from the filter configuration, you must remove the policy association from the IP filter. The following example shows the command usage to replace the configured redirect policy (redirect1) with a different redirect policy (redirect2) and then removing the redirect1 policy from the filter configuration.
Page 597: Copying Filter Policies
Filter Policies Copying Filter Policies When changes are to be made to an existing filter policy applied to a one or more SAPs/ network interfaces, it is recommended to first copy the applied filter policy, then modify the copy and then overwrite the applied policy with the modified copy. This ensures that a policy being modified is not applied when partial changes are done as any filter policy edits are applied immediately to all services where the policy is applied.
Page 598 Filter Management Tasks Router Configuration Guide...
Page 599: Show, Clear, Monitor, And Debug Command Reference
Filter Policies Show, Clear, Monitor, and Debug Command Reference Command Hierarchies • Show Commands • Clear Commands • Monitor Commands • Debug Commands • Tools Commands Router Configuration Guide...
Page 600: Show Commands
Show, Clear, Monitor, and Debug Command Reference Show Commands show — filter — dhcp [filter-id] — dhcp6 [filter-id] — [filter-type filter-type] — embedded [inactive] — ip-filter-id embedded [inactive] — ip-filter-id [detail] — ip-filter-id associations — ip-filter-id type entry-type — ip-filter-id counters [type entry-type][detail] —...
Page 601: Debug Commands
Filter Policies — filter — filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — ipv6 ipv6-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Debug Commands tools —...
Page 602: Command Descriptions
Show, Clear, Monitor, and Debug Command Reference Command Descriptions • Show Commands • Clear Commands • Monitor Commands • Debug Commands Show Commands The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. dhcp Syntax dhcp [filter-id]...
Page 603 Filter Policies Description : test-dhcp-filter ------------------------------------------------------------------------------- Filter Match Criteria ------------------------------------------------------------------------------- No Match Criteria Found =============================================================================== *B:TechPubs>config# dhcp6 Syntax dhcp6 [filter-id] Context show>filter Description This command displays DHCP6 filter information. Parameters filter-id — Displays detailed information for the specified filter ID and its filter entries. Values 1 —...
Page 604 Show, Clear, Monitor, and Debug Command Reference counters — Displays counter information for the specified filter ID. Egress counters count the packets without Layer 2 encapsulation. Ingress counters count the packets with Layer 2 encapsulation. type entry-type — Specifies type of filter entry to display: Values fixed, radius-insert, credit-control-insert, flow-spec, embedded, radius-shared, pcc rule (applies only to the 7750 SR)
Page 605 Filter Policies =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- Template Template =============================================================================== Host Common IP Filters Total: =============================================================================== Filter-Id Description ------------------------------------------------------------------------------- 5:P4 Auto-created PCC-Rule Ingress Filter 6:P5 Auto-created PCC-Rule Egress Filter =============================================================================== Num IP filters: 4 =============================================================================== A:ALA-49# *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total:...
Page 606 Show, Clear, Monitor, and Debug Command Reference ------------------------------------------------------------------------------- Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry : 40000 - inserted on ingress by PCC-Rule Description : Inserted (ingress) entry for pcc-rule RULE_ingress_DROP Log Id : n/a Src. IP : 0.0.0.0/0 Src. Port : n/a Dest.
Page 607 Filter Policies Ing. Matches : 0 pkts Egr. Matches : 0 pkts … =============================================================================== show filter ip "5:P4" associations =============================================================================== IP Filter =============================================================================== Filter Id : 5:P4 Applied : Yes Scope : Template Def. Action : Forward System filter: Unchained Radius Ins Pt: n/a CrCtl.
Page 608 Show, Clear, Monitor, and Debug Command Reference Table 51: Filter IP with Filter-ID Specified Output Field Descriptions (Continued) Label Description Applied The filter policy ID has not been applied. The filter policy ID is applied. Def. Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward.
Page 609 Filter Policies Table 51: Filter IP with Filter-ID Specified Output Field Descriptions (Continued) Label Description IP-Option Specifies matching packets with a specific IP option or a range of IP options in the IP header for IP filter match criteria. TCP-syn False Configures a match on packets with the SYN flag set to false.
Page 610 Show, Clear, Monitor, and Debug Command Reference Table 51: Filter IP with Filter-ID Specified Output Field Descriptions (Continued) Label Description Int. Sampling Interface traffic sampling is disabled. Interface traffic sampling is enabled. Multiple Option The option fields are not checked. Packets containing one or more option fields in the IP header will be used as IP filter match criteria.
Page 611 Filter Policies *A:Dut-C>config>filter# show filter ip 10001 =============================================================================== IP Filter =============================================================================== Filter Id : 10001 Applied : Yes Scope : Template Def. Action : Drop Radius Ins Pt: n/a CrCtl. Ins Pt: n/a Entries BGP Entries Description : (Not Specified) ------------------------------------------------------------------------------- Filter Match Criteria : IP -------------------------------------------------------------------------------...
Page 612 Show, Clear, Monitor, and Debug Command Reference RadSh. Ins Pt: n/a Entries Description : of-switch 'test' embedded filter ------------------------------------------------------------------------------- Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry : 1000 Description : (Not Specified) Log Id : n/a Src. IP : 0.0.0.0/0 Src.
Page 613 Filter Policies Table 52: Filter IP Associations Output Field Descriptions (Continued) Label Description Def. Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward. Drop The default action for the filter ID for packets that do not match the filter entries is to drop.
Page 614 Show, Clear, Monitor, and Debug Command Reference Table 52: Filter IP Associations Output Field Descriptions (Continued) Label Description Sampling Specifies that traffic sampling is disabled. Specifies that traffic matching the associated IP filter entry is sampled. IP-Option Specifies matching packets with a specific IP option or a range of IP options in the IP header for IP filter match criteria.
Page 615 Filter Policies Table 52: Filter IP Associations Output Field Descriptions (Continued) Label Description Option-present Specifies not to search for packets that contain the option field or have an option field of zero. Matches packets that contain the option field or have an option field of zero be used as IP filter match criteria.
Page 616 Show, Clear, Monitor, and Debug Command Reference =============================================================================== Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry : 10 Log Id : n/a Src. IP : 10.1.1.1/24 Src. Port : None Dest. IP : 0.0.0.0/0 Dest. Port : None Protocol Dscp : Undefined ICMP Type : Undefined ICMP Code...
Page 617 Filter Policies Table 53: Filter IP Counters Output Field Descriptions (Continued) Label Description Entry The filter ID filter entry ID. If the filter entry ID indicates the entry is (Inactive), then the filter entry is incomplete as no action has been specified.
Page 618 Show, Clear, Monitor, and Debug Command Reference Parameters ipv6-filter-id — Specifies the IPv6 filter policy for which to display information. Values can be expressed in different formats. The following only shows decimal integer format. Values 1 to 65535 entry entry-id — Specifies the filter policy entry (of the specified filter policy) for which only to display information..
Page 619 Filter Policies Table 54: Filter IPv6 Output Field Descriptions (Continued) Label Description Inserted Shows embedded/total number of entries from embedded filter Status: OK—embedding operation successful, if any entries are overwritten this will also be indicated. Failed—embedding failed, the reason is displayed (out of resources). Shows embedding filter index Sample Output A:ALA-48# show filter ipv6...
Page 620 Show, Clear, Monitor, and Debug Command Reference Show Filter (with filter-id specified) — The following table describes the command output for the command when a filter ID is specified. Table 55: Filter IPv6 with Filter-ID Specified Output Field Descriptions Label Description Filter Id The IP filter policy ID.
Page 621 Filter Policies Table 55: Filter IPv6 with Filter-ID Specified Output Field Descriptions (Continued) Label Description ICMP Type The ICMP type match criterion. Undefined indicates no ICMP type specified. Fragment False Configures a match on all non-fragmented IP packets. True Configures a match on all fragmented IP packets. Fragments are not a matching criteria.
Page 622 Show, Clear, Monitor, and Debug Command Reference Table 55: Filter IPv6 with Filter-ID Specified Output Field Descriptions (Continued) Label Description Src. Port The source TCP, UDP, or SCTP port number, port range, or port match list. Dest. Port The destination TCP, UDP, or SCTP port number, port range, or port match list.
Page 623 Filter Policies A:ALA-48# show filter ipv6 100 =============================================================================== IPv6 Filter =============================================================================== Filter Id : 100 Applied : Yes Scope : Template Def. Action : Forward Entries Description : test ------------------------------------------------------------------------------- Filter Match Criteria : IPv6 ------------------------------------------------------------------------------- Entry : 10 Log Id : 101 Src.
Page 624 Show, Clear, Monitor, and Debug Command Reference Table 56: Filter IPv6 Associations Output Field Descriptions (Continued) Label Description Service Id The service ID on which the filter policy ID is applied. The Service Access Point on which the filter policy ID is applied. (Ingress) The filter policy ID is applied as an ingress filter policy on the interface.
Page 625 Filter Policies Table 56: Filter IPv6 Associations Output Field Descriptions (Continued) Label Description TCP-syn False Configures a match on packets with the SYN flag set to false. True Configures a match on packets with the SYN flag set to true. The state of the TCP SYN flag is not considered as part of the match criteria.
Page 626 Show, Clear, Monitor, and Debug Command Reference Table 56: Filter IPv6 Associations Output Field Descriptions (Continued) Label Description Int. Sampling Interface traffic sampling is disabled. Interface traffic sampling is enabled. Multiple Option The option fields are not checked. Packets containing one or more option fields in the IP header will be used as IP filter match criteria.
Page 627 Filter Policies Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-48# Show Filter Counters — The following table describes the output fields when the counters keyword is specified. Table 57: Filter IPv6 Counters Output Field Descriptions Label Description IP Filter The IP filter policy ID. Filter Id Scope Template...
Page 628 Show, Clear, Monitor, and Debug Command Reference A:ALA-48# show filter ipv6 8 counters =============================================================================== IPv6 Filter =============================================================================== Filter Id Applied : Yes Scope : Template Def. Action : Forward Entries Description : Description for Ipv6 Filter Policy id # 8 ------------------------------------------------------------------------------- Filter Match Criteria : IPv6 -------------------------------------------------------------------------------...
Page 629 Filter Policies Table 58: Filter Log Output Field Descriptions Label Description yyyy/mm/dd hh:mm:ss The date and timestamp for the log filter entry where yyyy is the year, mm is the month, dd is the day, hh is the hour, mm is the minute and ss is the second.
Page 630 Show, Clear, Monitor, and Debug Command Reference Table 58: Filter Log Output Field Descriptions (Continued) Label Description Total Log Instances Specifies the maximum allowed instances of filter logs allowed on the (Allowed) system. Total Log Instances (In Specifies the instances of filter logs presently existing on the system. Use) Total Log Bindings Specifies the count of the filter log bindings presently existing on the...
Page 631 Filter Policies Src MAC: 04-5b-01-01-00-02 Dst MAC: 04-5d-01-01-00-02 EtherType: 0800 Src IP: 10.10.0.1:646 Dst IP: 10.10.0.4:49509 Flags: TOS: c0 Protocol: TCP Flags: ACK 2007/04/13 16:23:10 Filter: 100:100 Desc: Entry-100 Interface: to-ser1 Action: Forward Src MAC: 04-5b-01-01-00-02 Dst MAC: 04-5d-01-01-00-02 EtherType: 0800 Src IP: 10.10.0.1:646 Dst IP: 10.10.0.3:646 Flags:...
Page 632 ] Context show>filter Description This command displays MAC filter information and only applies to the 7750 SR and 7450 ESS. Parameters mac-filter-id — Displays detailed information for the specified filter ID and its filter entries. Values 1 to 65535 associations —...
Page 633 Filter Policies Filter ID Specified — When the filter ID is specified, detailed filter information for the filter ID and its entries is produced. The following table describes the command output for the command. Table 61: Filter MAC with Filter-ID Specified Output Field Descriptions Label Description MAC Filter...
Page 634 Show, Clear, Monitor, and Debug Command Reference Table 61: Filter MAC with Filter-ID Specified Output Field Descriptions (Continued) Label Description Dest MAC The destination MAC address and mask match criterion. When both the MAC address and mask are all zeros, no criterion specified for the filter entry.
Page 635 Filter Policies ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 200 FrameType : 802.2SNAP Description : Not Available Src Mac : 00:00:5a:00:00:00 ff:ff:ff:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : 802.2SNAP DSAP : Undefined SSAP : Undefined Snap-pid : Undefined ESnap-oui-zero : Undefined...
Page 636 Show, Clear, Monitor, and Debug Command Reference ------------------------------------------------------------------------------- Filter Association : Mac ------------------------------------------------------------------------------- Service Id : 1001 Type : VPLS - SAP 1/1/1:1001 (Egress) =============================================================================== A:ALA-49# Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information.
Page 637 Filter Policies Table 63: Filter MAC Counters Output Field Descriptions (Continued) Label Description FrameType Ethernet The entry ID match frame type is Ethernet IEEE 802.3. 802.2LLC The entry ID match frame type is Ethernet IEEE 802.2 LLC. 802.2SNAP The entry ID match frame type is Ethernet IEEE 802.2 SNAP. Ethernet II The entry ID match frame type is Ethernet Type II.
Page 638 Show, Clear, Monitor, and Debug Command Reference Output Redirect Policy Output — The following table describes the fields in the redirect policy command output. Table 64: Filter Redirect-Policy Output Field Descriptions Label Description Redirect Policy Specifies a specific redirect policy. Applied Specifies whether the redirect policy is applied to a filter policy entry.
Page 639 Filter Policies Table 64: Filter Redirect-Policy Output Field Descriptions (Continued) Label Description SNMP Test Specifies the name of the SNMP test. URL Test Specifies the name of the URL test. Sample Output A:ALA-A>config>filter# show filter redirect-policy =============================================================================== Redirect Policies =============================================================================== Redirect Policy Applied Description -------------------------------------------------------------------------------...
Page 640 Show, Clear, Monitor, and Debug Command Reference Admin Priority : 90 Oper Priority: 90 Admin State : Up Oper State : Down URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2007 05:04:15 Action Taken : Disable Priority Change: 0 Return Code...
Page 641 Filter Policies =============================================================================== Filter-Id Active ------------------------------------------------------------------------------- 65535 ------------------------------------------------------------------------------- No. of IP system filters (total / active): 2 / 1 =============================================================================== =============================================================================== IPv6 system filters =============================================================================== Filter-Id Active ------------------------------------------------------------------------------- No Matching Entries ------------------------------------------------------------------------------- No. of IPv6 system filters (total / active): 0 / 0 =============================================================================== With Option (chained-to) Specified —...
Page 642: Clear Commands
Show, Clear, Monitor, and Debug Command Reference ip-prefix-list Syntax ip-prefix-list [prefix-list-name] ip-prefix-list prefix-list-name references Context show>filter>match-list Description This command displays IPv4 prefixes information for match criteria in IPv4 ACL and CPM filter policies. Parameters prefix-list-name — A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.
Page 643 Filter Policies Context clear>filter Description Clears the counters associated with the entries of the specified IPv4 filter policy. By default, the counters associated with each entry of the specified filter policy are all cleared. The scope of which counters are cleared can be narrowed using the command line parameters. Default Clears all counters associated with each entry of the specified IPv4 filter policy.
Page 644: Monitor Commands
Show, Clear, Monitor, and Debug Command Reference Context clear>filter Description Clears the contents of a memory or file based filter log. This command has no effect on a syslog based filter log. Parameters log-id — The filter log ID expressed as a decimal integer. Values 101 to 199 Syntax...
Page 645 Filter Policies Description This command monitors the counters associated with the specified entry of the specified IP filter policy. Parameters filter-id — The IPv4 filter policy ID. Values can be expressed in different formats. The following only shows decimal integer format values. Values 1 to 65535 entry entry-id —...
Page 646 Show, Clear, Monitor, and Debug Command Reference repeat repeat — Configures how many times the command is repeated. Default Values 1 to 999 absolute — When the absolute keyword is specified, the raw statistics are displayed, without processing. No calculations are performed on the delta or rate statistics. rate —...
Page 647: Debug Commands
Filter Policies Debug Commands The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. Syntax Context tools>dump>filter>resources Description This command displays information about filter resource utilization on the CPM, consumption by filter-using services like TMS, OpenFlow, and the filters that use the most resources. Output Sample Output *A:Dut-C>tools>dump>filter>resources># cpm...
Page 648 Show, Clear, Monitor, and Debug Command Reference Other ----------------------------------------------------------------------------- Total ============================================================================= Available subentries (except openflow): 262120 Available openflow subentries: 262144 =============================================================================== Filters utilizing most resources (ordered by CPM entries) =============================================================================== Type Id Entries Subentries TCAM entries (per FlexPath) ------------------------------------------------------------------------------- No Mac filters found ------------------------------------------------------------------------------- 65535 5:23...
Page 649 Filter Policies Context tools>dump>filter>resources Description This command displays the number of allocated unique egress PBR destinations. Parameters detail — Displays number of allocated unique egress PBR destinations together with a list of destinations and their ref counts. Output Sample Output *A:Dut-C>tools dump filter resources egress-pbr =============================== Egress PBR destinations...
Page 650 Show, Clear, Monitor, and Debug Command Reference Description This command shows information about filter resource utilization on all IOMs or a specified IOM. Resource utilization per filter type is available, as well as filters using most resources on a given line card.
Page 651 Filter Policies Ipv6 fSpec-2345 No more Ipv6 filters =============================================================================== Syntax ip <filter-id> Context tools>dump>filter>resources Description This command displays information about the specified IP filter including resource utilization on CPM and IOM, the IOMs on which the filter is used, and the entries using the most resources. Parameters filter-id —...
Page 652 Show, Clear, Monitor, and Debug Command Reference Context tools>dump>filter>resources Description This command displays information about the specified IPv6 filter including resource utilization on CPM and IOM, the IOMs on which the filter is used, and the entries using the most resources. Parameters filter-id —...
Page 653 Filter Policies *A:Dut-C>tools>dump>filter>resources># mac 1 =============================================================================== Resource utilization details for Mac filter 1 =============================================================================== CPM entries used CPM subentries used TCAM entries used (per FlexPath) Associated with IOMs --------------------------------------------------------------------------- Largest 5 entries --------------------------------------------------------------------------- Entry ID Active TCAM entries (per FlexPath) --------------------------------------------------------------------------- No more entries defined ---------------------------------------------------------------------------...
Page 654 Show, Clear, Monitor, and Debug Command Reference Router Configuration Guide...
Page 655: Hybrid Openflow Switch
Hybrid OpenFlow Switch In This Chapter Alcatel-Lucent supports Hybrid OpenFlow Switch (H-OFS) functionality. The hybrid model allows operators to deploy Software Defined Network (SDN) traffic steering using OpenFlow (OF) atop of the existing routing/switching infrastructure. Topics in this chapter include: •...
Page 656 Hybrid OpenFlow Switching The OF controller(s) and router exchange OpenFlow messages using the OpenFlow protocol (version 1.3.1) over the TCP/IPv4 control channel. Both out-of-band (default) and in-band management is supported for connectivity to the controller. An OpenFlow message is processed by the OpenFlow switch instance on the router that installs all supported H-OFS traffic steering rules in a flow table for the H-OFS instance.
Page 657: Redundant Controllers And Multiple Switch Instances
Hybrid OpenFlow Switch • L3 IES service interfaces • L3 Network interfaces in base router context • L3 VPRN service interfaces • L2 VPLS service interfaces • System ACL filters OpenFlow functionality is supported in addition to all existing functionality on a given interface and can be enabled with no impact on forwarding performance.
Page 658: Grt-Only And Multi-Service H-Ofs Mode Of Operations
Hybrid OpenFlow Switching Figure 27: SR OS Router/Switch OF Controller/Switch Architecture Overview OF Controllers OF Channels OF Switch OF Switch Instance 1 Instance N al_0438 GRT-only and Multi-Service H-OFS Mode of Operations SR OS supports two modes of operations for an H-OFS instance: GRT-only and multi- service.
Page 659 Hybrid OpenFlow Switch Table 65: Multi-Service Mode — Higher Order Bit Flow Table Cookie Encoding sros-cookie Name sros-cookie Type sros-cookie Value FlowTable Entry Interpretation Based (Bits 63...60) (Bits 59...32) on the sros-cookie 0000 FlowTable rule is applicable to GRT instance (IES and router interfaces) system 1000 FlowTable rule is applicable to system...
Page 660 Hybrid OpenFlow Switching Table 66: Differences Between GRT Mode and Multi-service Mode (Continued) Function GRT Mode Multi-service Mode (no switch-defined-cookie) (switch-defined-cookie) Support OF on VPLS access and No (lack of native OF service network interfaces virtualization) Support port and VLAN in flowtable match (see the following section) Support OF control of System ACL policies...
Page 661: Port And Vlan Id Match In Flow Table Entries
Hybrid OpenFlow Switch → H-OFS with switch-define-cookie enabled — filter entry ID = 65535 – flow_priority + embedding offset • When multiple H-OFS instances are embedded into a single ACL filter, no two H- OFS instances can program the same filter entry ID. Port and VLAN ID Match in Flow Table Entries When operating in multi-service mode, SR OS H-OFS supports matching on port and VLAN IDs as part of Flow Table match criteria.
Page 662: Hybrid Openflow Switch Steering Using Filter Policies
Hybrid OpenFlow Switching Hybrid OpenFlow Switch Steering using Filter Policies A router H-OFS instance is embedded into line card IPv4 and IPv6 filter policies to achieve OF-controlled Policy Based Routing (PBR). When H-OFS instance is created, embedded filters (IP and IPv6) required for that instance are automatically created. The filters are created with names, as follows: “_tmnx_ofs_<ofs_name>”, with the same name for IPv4 and IPv6 filters used.
Page 663 Hybrid OpenFlow Switch The auto-created embedded filters can be viewed through CLI but cannot be modified and/or deleted through filter policy CLI/SNMP. Operator can see the above embedded filters under show filter context, including the details on the filters themselves, entries programmed, interface association, statistics, etc.
Page 664: Hybrid Openflow Switch Statistics
Hybrid OpenFlow Switching The router allows mixing H-OFS rules from one or more H-OFS instances in a single filter policy. Co-existence of H-OFS rules in a single policy with CLI/SNMP programmed rules and/or BGP flowspec programmed rules in a single line card filter policy is also supported. When a management interface and an OF controller flow entry have the same filter policy entry, the management interface-created entry overrides the OF controller-created entry;...
Page 665: Openflow Switch Auxiliary Channels
Hybrid OpenFlow Switch A mix of the two methods can be used to retrieve some flow table statistics from hardware in real-time while retrieving other statistics from the cache. See the Filter Policy Statistics section of this guide for more details on ACL cache and ACL statistics.
Page 666: Hybrid Openflow Switch Traffic Steering Details
Hybrid OpenFlow Switching Hybrid OpenFlow Switch Traffic Steering Details As described in the previous section, an update to an OpenFlow Switch’s flow table, results in the embedded filter update(s), which triggers update to all filter policies embedding those filters. The router automatically downloads the new set of rules to the line cards as defined through service configuration.
Page 667: Sr Os H-Ofs Port And Vlan Encoding
Hybrid OpenFlow Switch The supported range in OF is limited to a 24-bit service ID value range (a subset of VPRN IDs supported by the SR OS system). Logical port values other than RSVP-TE LSP and MPLS-TP LSP require H-OFS with switch-defined-cookie enabled.
Page 668 Hybrid OpenFlow Switching Table 69: Translation of OF Programmed Values to SR OS SAPs (Continued) OXM_OF_IN_P OXM_OF_VLAN OFL_OUT_VLA Matching Supporte Supporte Comme _VID N_ID SAP SR OS d in d in Encoding flow_add flow_mod flow_del mp_req TmnxPortId for Value: 0x1FFF Must be absent port-id:* Mask...
Page 669 Hybrid OpenFlow Switch Table 69: Translation of OF Programmed Values to SR OS SAPs (Continued) OXM_OF_IN_P OXM_OF_VLAN OFL_OUT_VLA Matching Supporte Supporte Comme _VID N_ID SAP SR OS d in d in Encoding flow_add flow_mod flow_del mp_req TmnxPortId for Value: 0x1000 Value: 0x1zzz, port-id: Mask...
Page 670: Redirect To Ip Next-Hop
Hybrid OpenFlow Switching Redirect to IP next-hop A router supports redirection of IPv4 or IPv6 next-hop for traffic arriving on a L3 interface. An OF controller can rely on this functionality and program PBR next-hop steering actions for H-OFS instances with switched-defined-cookie enabled using the following OF encoding: ALU_IPD_EXPERIMENTER_ID: 0x000025BA ALU_AXN_REDIRECT_TO_NEXTHOP: 2...
Page 671: Redirect To Grt Instance Or Vrf Instance
Hybrid OpenFlow Switch Redirect to GRT Instance or VRF Instance A router supports redirection of IPv4 or IPv6 traffic arriving on an L3 interface to a different routing instance (GRT or VRF). An OF controller can rely on this functionality and program PBR actions for GRT/VRF steering for H-OFS instances with switched-defined-cookie enabled using the following OF encoding: flow_mod:...
Page 672: Redirect To Sap
Hybrid OpenFlow Switching flow_mod: instruction type: OFPIT_WRITE_ACTIONS or OFPIT_APPLY_ACTION, action type: OFPAT_OUTPUT, port= SR OS LOGICAL port encoding RSVP-TE or MPLS-TP LSP as outlined in SR OS H- OFS Logical Port section A received LSP in a flow rule is compared against those in the H-OFS logical port table, if the table does not contain the LSP the rule programming fails.
Page 673: Redirect To Sdp
Hybrid OpenFlow Switch - OFL_OUT_VLAN_ID (optional) Redirect to SDP For traffic arriving on a VPLS interface, a router supports PBF to steer traffic over a VPLS SDP in the same service. An OF controller can rely on this functionality and program PBF steering action for H-OFS instances with switched-defined-cookie enabled using the following OF encoding: ALU_IPD_EXPERIMENTER_ID:...
Page 674: Drop Action
Configuration Notes flow_mod: instruction type: OFPIT_WRITE_ACTIONS or OFPIT_APPLY_ACTION, action type: OFPAT_OUTPUT, port= NORMAL where NORMAL is a OF reserved value. Drop action An OF controller can program a drop action, when packets of a specific flow are to be dropped. To implement drop action, the following OF encoding is used: •...
Page 675 Hybrid OpenFlow Switch • The SR OS Hybrid OpenFlow Switch requires a software upgrade only and can be enabled on any SR OS router or switch running IOM-2 (with restrictions) or newer line cards. For full functionality, performance, and future scale IOM3-XP or newer line cards and CPM4 or newer control cards are recommended.
Page 676 Configuration Notes Router Configuration Guide...
Page 677: Openflow Command Reference
Hybrid OpenFlow Switch OpenFlow Command Reference Command Hierarchies • OpenFlow Commands • Show Commands • Tools Commands Router Configuration Guide...
Page 678: Openflow Commands
OpenFlow Command Reference OpenFlow Commands config — open-flow filter-id [create] — [no] of-switch ofs-name — [no] aux-channel-enable — [no] controller ip-address:port — description description-string — no description — echo-interval seconds — no echo-interval — echo-multiple value — no echo-multiple — [no] flowtable of-table-id —...
Page 679: Command Descriptions
Hybrid OpenFlow Switch Command Descriptions • Generic Commands • Show Commands • Debug Commands Generic Commands open-flow Syntax open-flow Context config Description This command enables configuration content for OpenFlow Hybrid Switch compatibility. The no form of the command removes the OpenFlow configuration from the context. of-switch Syntax [no] of-switch ofs-name...
Page 680 OpenFlow Command Reference Default no aux-channel-enable controller Syntax [no] controller ip-address:port Context config>open-flow>of-switch Description This command configures the OpenFlow controller for this OpenFlow switch. Up to two controllers can be configured per OpenFlow switch instance. The no form of this command deletes the controller for this OpenFlow switch instance. Default no controller Parameters...
Page 681 Hybrid OpenFlow Switch Parameters seconds — Specifies an interval, in seconds. Values 1 to 3600 echo-multiple Syntax echo-multiple value no echo-multiple Context config>open-flow>of-switch Description This command configures the number of consecutive Echo Reply messages that must be lost to declare OF control channel down.
Page 682 OpenFlow Command Reference Default shutdown flowtable Syntax [no] flowtable of-table-id Context config>open-flow>of-switch Description This command configures the flow table parameters for this OpenFlow switch instance. The no form of this command restores flow table configuration default settings. Default no flowtable Parameters of-table-id —...
Page 683: Show Commands
Hybrid OpenFlow Switch Default no-match-action fall-through Parameters drop — Packets that do not match entries in the flow table as programmed by the OpenFlow switch will be dropped fall-through — Packets that do not match entries in the flow table as programmed by the OpenFlow switch will be forwarded using regular processing by the router.
Page 684 OpenFlow Command Reference of-switch ofs-name controller ip-address:port detail of-switch ofs-name status controller [ip-address:port] of-switch ofs-name controller of-switch ofs-name flowtable of-switch ofs-name status of-switch ofs-name port Context show>open-flow Description This command displays information related to H-OFS configuration and operations as per the parameters specified.
Page 685 Hybrid OpenFlow Switch 10.20.1.3 6633 ------------------------------------------------------------------------------- Number of Controllers : 2 ------------------------------------------------------------------------------- =============================================================================== *A:Dut-A# show open-flow of-switch "s1" controller 10.20.1.2:6633 detail =============================================================================== Open Flow Controller Information =============================================================================== IP Address : 10.20.1.2 Port : 6633 Role : equal Generation ID ------------------------------------------------------------------------------- Open Flow Channel Information ------------------------------------------------------------------------------- Channel ID...
Page 686 OpenFlow Command Reference Barrier Request Barrier Reply Get Q Cfg Req Get Q Cfg Reply Role Request Role Reply Get Async Req Get Async Reply Set Async Meter Modify ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- =============================================================================== *A:Dut-A# show open-flow of-switch "s1" flowtable =============================================================================== Flow Table Information =============================================================================== Flow Table ID Max-Size...
Page 687 Hybrid OpenFlow Switch (Master or Equal): port-add port-delete port-modify (Slave) : port-add port-delete port-modify Async Fltr Flow Rem (Master or Equal): idle-time-out hard-time-out flow-mod-delete group-delete (Slave) : (Not Specified) Echo Time Expiry : 0d 00:00:04 Hold Time Expiry : 0d 00:00:24 Conn.
Page 688 OpenFlow Command Reference Async Fltr Flow Rem (Master or Equal): idle-time-out hard-time-out flow-mod-delete group-delete (Slave) : (Not Specified) Echo Time Expiry : 0d 00:00:02 Hold Time Expiry : 0d 00:00:22 Conn. Uptime : 0d 01:27:47 Conn. Retry : 0d 00:00:00 ------------------------------------------------------------------------------- Open Flow Channel Stats - Channel ID(3) -------------------------------------------------------------------------------...
Page 689: Debug Commands
Hybrid OpenFlow Switch (Slave) : (Not Specified) Echo Time Expiry : 0d 00:00:01 Hold Time Expiry : 0d 00:00:21 Conn. Uptime : 0d 01:27:49 Conn. Retry : 0d 00:00:00 ------------------------------------------------------------------------------- Open Flow Channel Stats - Channel ID(4) ------------------------------------------------------------------------------- Packet Type Transmitted Packets Received Packets Error Packets...
Page 690 OpenFlow Command Reference Context tools>dump Description This command enables dumping of the open-flow information. of-switch Syntax of-switch ofs-name [flowtable of-table-id] [{grt | system | service-id service-id}] [cookie hex-string] [priority priority] of-switch ofs-name [flowtable of-table-id] service-id service-id sap sap-id [cookie hex- string] [priority priority] of-switch ofs-name [flowtable of-table-id] summary Context...
Page 691 Hybrid OpenFlow Switch qinq port-id | bundle-id | bpgrp-id | lag-id | pw-id>:qtag1.qtag2 <port-id | aps-id>[:vpi/vci | vpi | vpi1.vpi2 | cp.conn-prof-id] keyword conn-prof-id 1..8000 frame port-id | aps-id:dlci cisco-hdlc slot/mda/port.channel slot/mda/port.channel ima-grp bundle-id>[:vpi/vci | vpi | vpi1.vpi2 | cp.conn-prof-id] keyword conn-prof-id 1..8000...
Page 692 OpenFlow Command Reference 0..4095 (NNI) 0..255 (UNI) 1, 2, 5..65535 dlci 16..1022 tunnel-id tunnel-id.private | public:tag tunnel keyword 1..16 0..4094 summary — Keyword to summarize output. ip-address:port — ip-address: a.b.c.d port: 1 to 65535 Output Sample Output =============================================================================== Switch: ofs =============================================================================== Table Flow Pri...
Page 693 Hybrid OpenFlow Switch EthType : 0x0800 Src IP Dst IP : 22.22.22.1/32 IP Proto DSCP Src Port Dst Port ICMP Type : * ICMP Code : * Label Action : Forward On Svc 99 Flow Flags: IPv4 Up Time : 0d 00:01:15 Add TS : 696581 Mod TS...
Page 694 OpenFlow Command Reference Up Time : 0d 00:02:13 Add TS : 690788 Mod TS Stats TS : 703820 #Packets #Bytes ------------------------------------------------------------------------------- Table Flow Pri Cookie : 0xC00007E200000000 CookieType: service 2018 Controller: 1.3.8.8:6633 Filter Hnd: 0x830000040000FFFC Filter : _tmnx_ofs_ofs:4 entry 65532 : 1/1/3:4094 In Port : 0x2218000...
Page 695 Hybrid OpenFlow Switch : 2/1/3:1.0 In Port : 0x4218000 : 0x1000 Outer VID : 0x1001 EthType : 0x0800 Src IP Dst IP IP Proto DSCP Src Port Dst Port ICMP Type : * ICMP Code : * Label Action : Forward On Sap Sap 2/1/3:1.0 Flow Flags: IPv4 Up Time...
Page 696 OpenFlow Command Reference ICMP Type : * ICMP Code : * Label Action : Forward On Sap Sap lag-799:4094.4094 Flow Flags: IPv4 Up Time : 0d 00:01:46 Add TS : 693483 Mod TS Stats TS : 703821 #Packets #Bytes ------------------------------------------------------------------------------- Table Flow Pri Cookie...
Page 697 Hybrid OpenFlow Switch ------------------------------------------------------------------------------- Table Flow Pri : 13 Cookie : 0xC00007E400000000 CookieType: service 2020 Controller: 1.3.8.8:6633 Filter Hnd: 0x830000020000FFF2 Filter : _tmnx_ofs_ofs:2 entry 65522 : 2/1/4 In Port : 0x4220000 : 0x0 Outer VID : * EthType : 0x0800 Src IP Dst IP IP Proto...
Page 698 OpenFlow Command Reference : 0x0 Outer VID : * EthType : 0x86dd Src IP Dst IP IP Proto DSCP Src Port Dst Port ICMP Type : * ICMP Code : * Label IPv6ExtHdr: (Not Specified) Action : Forward On Nhop(Indirect) Nhop: 3ffe:1111:1111:2222:2222:3333:3333:4444 Flow Flags: IPv6 Up Time...
Page 699 Hybrid OpenFlow Switch Action : Forward On Nhop(Indirect) Nhop: 3ffe:1111:1111:2222:2222:3333:3333:4444 Flow Flags: IPv6 Up Time : 0d 00:01:01 Add TS : 698121 Mod TS Stats TS : 703822 #Packets #Bytes ------------------------------------------------------------------------------- Table Flow Pri : 18 Cookie : 0x8000000000000000 CookieType: system Controller: 1.3.8.8:6633 Filter Hnd: 0x8300000E0000FFED Filter...
Page 700 OpenFlow Command Reference Router Configuration Guide...
Page 701: Cflowd
Cflowd In This Chapter This chapter provides information to configure Cflowd. Topics in this chapter include: • Cflowd Overview → Operation → Cflowd Filter Matching • Cflowd Configuration Process Overview • Configuration Notes Cflowd Overview Cflowd is a tool used to sample IPv4, IPv6, MPLS, and Ethernet traffic data flows through a router.
Page 702: Operation
For the 7450 ESS-7 and 7450 ESS-12, Cflowd is only supported if mixed mode is enabled. Operation Figure 30 depicts the basic operation of the cflowd feature.
Page 703 Cflowd 4. If a new flow is detected and the maximum number of entries are already in the flow cache, the earliest expiry entry is removed. The earliest expiry entry/flow is the next flow that will expire due to the active or inactive timer expiration. 5.
Page 704: Version 8
Cflowd Overview 1. As flows are expired from the active flow cache, the export format must be determined, either Version 5, Version 8, Version 9, and Version 10. → If the export format is Version 5 or Version 9 and Version 10, no further processing is performed and the flow data is accumulated to be sent to the external collector.
Page 705: Version 9
Cflowd Version 9 The Version 9 format is a more flexible format and allows for different templates or sets of cflowd data to be sent based on the type of traffic being sampled and the template set configured. Version 9 is interoperable with RFC 3954, Cisco Systems NetFlow Services Export Version 9. Version 10 Version 10 is a new format and protocol that inter-operates with the specifications from the IETF as the IP Flow Information Export (IPFIX) standard.
Page 706: Configuration Notes
Configuration Notes Figure 32: Cflowd Configuration and Implementation Flow START ENABLE CFLOWD CONFIGURE COLLECTOR(S) CONFIGURE CFLOWD PARAMETERS ACL OR INTERFACE SPECIFY ROUTER INTERFACE FOR COLLECTION IN AN IP-FILTER ENTRY: FOR CFLOWD ACL MODE: ENABLE ENABLE IP FILTER ENTRY FILTER SAMPLING IN AN IP-FILTER ENTRY: FOR CFLOWD INTERFACE MODE: ENABLE INTERFACE-DISABLE-SAMPLE...
Page 707 Sampling must be enabled on either: → An IP filter which is applied to a port or service. → An interface on a port or service. For the 7450 ESS, Cflowd is only available when mixed-mode is enabled on the system. Router Configuration Guide...
Page 708 Configuration Notes Router Configuration Guide...
Page 709: Configuring Cflowd With Cli
Cflowd Configuring Cflowd with CLI This section provides information to configure cflowd using the command line interface. Topics in this section include: • Cflowd Configuration Overview → Traffic Sampling → Collectors → Aggregation • Basic Cflowd Configuration • Common Configuration Tasks →...
Page 710 Cflowd Configuration Overview The following data is maintained for each individual flow in the raw flow cache: • Source IP address • Destinations IP address • Source port • Destination port • Forwarding status • Input interface • Output interface •...
Page 711: Collectors
Cflowd The SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all IP packets forwarded by the interface are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis.
Page 712: Basic Cflowd Configuration
Basic Cflowd Configuration Basic Cflowd Configuration This section provides information to configure cflowd and configuration examples of common configuration tasks. In order to sample traffic, the minimal cflowd parameters that need to be configured are: • Cflowd must be enabled. •...
Page 713: Configuring Cflowd
Cflowd • Active timeout - Controls the maximum amount of time a flow record can be active before it will be automatically exported to defined collectors. • Inactive timeout - Controls the minimum amount of time before a flow is declared inactive.
Page 714: Enabling Cflowd
Common Configuration Tasks Enabling Cflowd Cflowd is disabled by default. Executing the command configure cflowd will enable cflowd, by default cflowd is not shutdown but must be configured including at least one collector to be active. Use the following CLI syntax to enable cflowd: CLI Syntax: config# cflowd no shutdown...
Page 715: Configuring Cflowd Collectors
Cflowd The following example displays a common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ A:ALA-1>config>cflowd# Configuring Cflowd Collectors To configure cflowd collector parameters, enter the following commands: CLI Syntax: config>cflowd# collector ip-address[:port] [version version] aggregation as-matrix destination-prefix...
Page 716: Version 9 And Version 10 Templates
Common Configuration Tasks exit ----------------------------------------- A:ALA-1>config>cflowd# Version 9 Collector example: collector 10.10.10.9:2000 version 9 description "v9collector" template-set mpls-ip no shutdown exit Version 9 and Version 10 Templates If the collector is configured to use either version 9 or version 10 (IPFIX) formats, the flow data is sent to the designated collector using one of the predefined templates.
Page 717 Cflowd Table 71: Basic IPv4 Template (Continued) Field Name Field ID IPv4 Dest Addr IPv4 Nexthop BGP Nexthop Ingress Interface Egress Interface Packet Count Byte Count Start Time End Time Flow Start Milliseconds Flow End Milliseconds1 Src Port Dest Port Forwarding Status TCP control Bits (Flags) IPv4 Protocol...
Page 718 Common Configuration Tasks Table 72: MPLS-IPv4 Template Field Name Field ID IPv4 Src Addr IPv4 Dest Addr IPv4 Nexthop BGP Nexthop Ingress Interface Egress Interface Packet Count Byte Count Start Time End Time Flow Start Milliseconds Flow End Milliseconds Src Port Dest Port Forwarding Status TCP control Bits (Flags)
Page 719 Cflowd Table 72: MPLS-IPv4 Template (Continued) Field Name Field ID MPLS Top Label IPv4 Addr MPLS Label 1 MPLS Label 2 MPLS Label 3 MPLS Label 4 MPLS Label 5 MPLS Label 6 Note: Only sent to collectors configured for v10 format Table 73: Basic IPv6 Template Field Name Field ID...
Page 720 Common Configuration Tasks Table 73: Basic IPv6 Template (Continued) Field Name Field ID Src Port Dest Port Forwarding Status TCP control Bits (Flags) Protocol IPv6 Extension Hdr IPv6 Next Header IPv6 Flow Label IP version IPv6 ICMP Type & Code Direction BGP Source ASN BGP Dest ASN...
Page 721 Cflowd Table 74: MPLS-IPv6 Template (Continued) Field Name Field ID IPv4 BGP Nexthop Ingress Interface Egress Interface Packet Count Byte Count Start Time End Time Flow Start Milliseconds Flow End Milliseconds1 Src Port Dest Port Forwarding Status TCP control Bits (Flags) Protocol IPv6 Extension Hdr IPv6 Next Header...
Page 722 Common Configuration Tasks Table 74: MPLS-IPv6 Template (Continued) Field Name Field ID MPLS_TOP_LABEL_TY MPLS_TOP_LABEL_A MPLS Top Label Type MPLS Top Label IPv6 Addr MPLS Label 1 MPLS Label 2 MPLS Label 3 MPLS Label 4 MPLS Label 5 MPLS Label 6 MPLS_TOP_LABEL_TY MPLS_TOP_LABEL_A Note:...
Page 723 Cflowd Table 75: Basic MPLS Template (Continued) Field Name Field ID Packet Count Byte Count Direction MPLS_TOP_LABEL_TY MPLS_TOP_LABEL_A MPLS Label 1 MPLS Label 2 MPLS Label 3 MPLS Label 4 MPLS Label 5 MPLS Label 6 Note: Only sent to collectors configured for v10 format Table 76: MPLS-IP Template Field Name Field ID...
Page 724 Common Configuration Tasks Table 76: MPLS-IP Template (Continued) Field Name Field ID Byte Count Start Time End Time Flow Start Milliseconds Flow End Milliseconds1 Src Port Dest Port TCP control Bits (Flags) IPv4 Protocol IPv4 TOS IP version ICMP Type & Code Direction MPLS_TOP_LABEL_TYPE MPLS_TOP_LABEL_ADD...
Page 725 Cflowd Table 77: Ethernet (L2-IP) Flow Template Field ID Field Name MAC Src Addr MAC Dest Addr Ingress Physical Interface Egress Physical Interface Dot1q VLAN ID Dot1q Customer VLAN ID Post Dot1q VLAN ID Post Dot1q Customer VLAN IPv4 Src Addr IPv4 Dest Addr IPv6 Src Addr IPv6 Dest Addr...
Page 726: Enabling Cflowd On Interfaces And Filters
Common Configuration Tasks Table 77: Ethernet (L2-IP) Flow Template (Continued) Field ID Field Name ICMP Type Code Note: Ohe Ethernet (L2-IP) flow template is only supported and exported to IPFIX (v10) collectors Enabling Cflowd on Interfaces and Filters This section discusses the following cflowd configuration management tasks: •...
Page 727: Interface Configurations
Cflowd 4. To omit certain types of traffic from being sampled when the interface sampling is enabled, the config>filter>ip-filter>entry>interface-disable-sample option may be enabled via an ip-filter or ipv6-filter. The filter must be applied to the service or network interface on which the traffic to be omitted is to ingress the system. Interface Configurations CLI Syntax: config>router>if#...
Page 728: Filter Configurations
Common Configuration Tasks Since a filter can be applied to more than one interface (when configured with a scope template), the interface-disable-sample option is intended to enable or disable traffic sampling on an interface-by-interface basis. The command can be enabled or disabled as needed instead creating numerous filter versions.
Page 729: Cflowd Configuration Management Tasks
Cflowd • If a specific collector UDP port is not identified then, by default, flows are sent to port 2055. Cflowd can also be dependent on the following entity configurations: • Interface Configurations • Service Interfaces • Filter Configurations Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs.
Page 730: Modifying Global Cflowd Components
Cflowd Configuration Management Tasks Modifying Global Cflowd Components Cflowd parameter modifications apply to all instances where cflowd or traffic sampling is enabled. Changes are applied immediately. Use the following cflowd commands to modify global cflowd parameters: CLI Syntax: config>cflowd# active-timeout minutes no active-timeout cache-size num-entries no cache-size...
Page 731 Cflowd [no] aggregation [no] as-matrix [no] destination-prefix [no] protocol-port [no] raw [no] source-destination-prefix [no] source-prefix [no] autonomous-system-type [origin | peer] [no] description description-string [no] shutdown template-set {basic | mpls-ip | l2-ip} If a specific collector UDP port is not identified then, by default, flows are sent to port 2055. The following displays basic cflowd modifications: A:ALA-1>config>cflowd# info -----------------------------------------...
Page 732 Cflowd Configuration Management Tasks Router Configuration Guide...
Page 733: Cflowd Configuration Command Reference
Cflowd Cflowd Configuration Command Reference Command Hierarchies config — [no] cflowd — active-timeout minutes — no active-timeout — cache-size num-entries — no cache-size — collector ip-address[:port] [version {5 | 8 | 9 | 10}] — no collector ip-address[:port] — [no] aggregation —...
Page 734: Command Descriptions
Cflowd Configuration Command Reference Command Descriptions Global Commands cflowd Syntax [no] cflowd Context config>cflowd Description This command creates the context to configure cflowd. The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state. Default no cflowd active-timeout...
Page 735 — The maximum number of entries maintained in the cflowd cache. It depends on the CPM version. Values For the 7450 ESS and 7750 SR: 1000 to 128 k (SF/CPM1, SF/CPM2) 1000 to 250000 (cfm-xp, SF/CPM3 or higher) For the 7950 XRS:...
Page 736 Cflowd Configuration Command Reference port — Specifies the UDP port number on the remote Cflowd collector host to receive the exported Cflowd data. Values 1 to 65535 Default 2055 version — Specifies the version of the flow data collector. Values Netflow v5, v8, v9, v10 (IPFIX) format Default aggregation...
Page 737 Cflowd Context config>cflowd>collector>aggregation Description This command specifies that the aggregation data is based on destination prefix information. The no form removes this type of aggregation from the collector configuration. Default none protocol-port Syntax [no] protocol-port Context config>cflowd>collector>aggregation Description This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number.
Page 738 Cflowd Configuration Command Reference source-prefix Syntax [no] source-prefix Context config>cflowd>collector>aggregation Description This command configures cflowd aggregation based on source prefix information. The no form of this command removes this type of aggregation from the collector configuration. Default none autonomous-system-type Syntax autonomous-system-type {origin | peer} no autonomous-system-type Context...
Page 739 Cflowd shutdown Syntax [no] shutdown Context config>cflowd config>cflowd>collector Description This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within.
Page 740 Cflowd Configuration Command Reference Parameters automatic — Cflowd flow data is automatically generated. manual — Cflowd flow data is exported only when manual triggered. inactive-timeout Syntax inactive-timeout seconds no inactive-timeout Context config>cflowd Description This command specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive.
Page 741 Cflowd rate Syntax rate sample-rate no rate Context config>cflowd Description This command specifies the rate (N) at which traffic is sampled and sent for flow analysis. A packet is sampled every N packets; for example, when sample-rate is configured as 1, then all packets are sent to the cache.
Page 742 Cflowd Configuration Command Reference The no form of this command removes the command from the active configuration and causes cflowd to return to the default behavior of populating the ingress and egress interface ID with the global IF index IDs. Default no use-vrtr-if-index Router Configuration Guide...
Page 743: Show, Tools, And Clear Command Reference
Cflowd Show, Tools, and Clear Command Reference Command Hierarchies Show Commands show — cflowd — collector [ip-address[:port]] [detail] — interface [ip-int-name | ip-address] — status Tools Commands tools — dump — cflowd — cache {all | aggregate {src-dst-proto | src-dst-proto-port}} family {ipv4 | ipv6} —...
Page 744 Show, Tools, and Clear Command Reference collector Syntax collector [ip-addr[:port]] [detail] Context show>cflowd Description This command displays administrative and operational status of data collector configuration. Parameters ip-addr — Display only information about the specified collector IP address. Default all collectors :port —...
Page 745 Cflowd A:SR1 # show cflowd collector detail =============================================================================== Cflowd Collectors (detail) =============================================================================== Address : 138.120.135.103 Port : 2055 Description : Test v9 Collector Version : 9 Admin State : up Oper State : up Packets Sent : 51 Last Changed : 09/03/2009 17:24:04 Last Pkt Sent : 09/03/2009 18:07:10 Template Set : Basic -------------------------------------------------------------------------------...
Page 746 Show, Tools, and Clear Command Reference Table 80: Show Cflowd Collector Detailed Output Field Descriptions (Continued) Label Description AS Type The style of AS reporting used in the exported flow data. origin Reflects the endpoints of the AS path which the flow is following. peer Reflects the AS of the previous and next hops for the flow.
Page 747 Cflowd =============================================================================== Address : 138.120.135.103 Port : 2055 Description : Test v5 Collector Version AS Type : peer Admin State : up Oper State : up Records Sent : 1260 Last Changed : 09/03/2009 17:24:04 Last Pkt Sent : 09/03/2009 18:07:10 ------------------------------------------------------------------------------- Sent Open...
Page 748 Show, Tools, and Clear Command Reference interface Syntax interface [ip-addr | ip-int-name] Context show>cflowd Description Displays the administrative and operational status of the interfaces with cflowd enabled. Parameters ip-addr — Display only information for the IP interface with the specified IP address. Default all interfaces with cflowd enabled.
Page 749 Cflowd ------------------------------------------------------------------------------- ipv4ipv6NamedIf Base intf/ing 5.5.5.5/24 55::55/128 ipv4NamedIf acl-egr 10.10.10.10/24 Down ipv6NamedIf Base i/f-both Down 1234:5678::9/128 ------------------------------------------------------------------------------- Interfaces : 3 =============================================================================== B:sr-002# show cflowd interface 11.10.1.2 =============================================================================== Cflowd Interfaces =============================================================================== Interface: To_Sr1 IP address: 11.10.1.2/24 Admin/Oper state: Up/Up Sampling Mode: (ingress | egress | both) Total Flows seen: 1302000 Pkts sampled (ingress/egress) : 60103/70102...
Page 750 Show, Tools, and Clear Command Reference Description This command displays basic information regarding the administrative and operational status of cflowd. Output Table 82 describes the show cflowd status output fields. Table 82: Cflowd Status Output Label Description Cflowd Admin Status The desired administrative state for this Cflowd remote collector host.
Page 751 Cflowd Table 82: Cflowd Status Output (Continued) Label Description Open This counter shows the number of partially filled packets which have some flow data but are not yet filled or have been timed out (60 seconds maximum). Error This counter increments when there was an error during exporting of the collector packet.
Page 752: Tools Commands
Show, Tools, and Clear Command Reference Template Retransmit : 60 seconds Cache Size : 65536 entries Overflow : 1% Sample Rate Active Flows : 34 Total Pkts Rcvd : 801600 Total Pkts Dropped =============================================================================== Version Info =============================================================================== Version Status Sent Open Errors -------------------------------------------------------------------------------...
Page 753 Cflowd Table 83: Tools Dump Cflowd Cache Output Field Descriptions (Continued) Label Description Intf/Egr Displays the egress interface associated with the sampled flow (only displayed with the raw (all) output). S-Port Displays the source protocol port number. D-Port Displays the destination protocol port number. Pkt-Cnt Displays the total number of packets sampled for the associated flow.
Page 754 Show, Tools, and Clear Command Reference ipv6 — Displays the IPv6 flow data. packet-size Syntax packet-size [ipv4 | ipv6] [clear] Context tools>dump>cflowd Description This command displays packet size distribution for sampled IP traffic. Values are displays in decimal format (1.0 = 100%, .500 = 50%). Separate statistics are maintained and shown for IPv4 and IPv6 traffic.
Page 755 Cflowd Table 84: Tools Dump Cflowd Top-flows Out put Fields (Continued) Label Description Displays the Type of Service/DSCP buts filed markings. Flgs Displays the protocol flag markings. Pkts Displays the total number of packets sampled for this flow (since stats were last cleared).
Page 756 Show, Tools, and Clear Command Reference 12345678901234567890123456789012345678901234567890123456789012345678901234567890 Sr1# tools dump cflowd top-flows ipv6 SrcIP (up to IPv6) Ingress i/f Src Port vRtr ID DstIP (upto IPv6) Egress i/f Dst Port Proto Flags Nexthop (uptoIPv6) Total Pkts Avg Pkt Active(sec) 2001:0db8:85a3:0000:0000:8a2e:0370:7334 60005 10020 0x12...
Page 757: Clear Commands
Cflowd Table 85: Tools Dump Cflowd Top-protocols Output Fields (Continued) Label Description Bytes/Pkts Displays the average number of bytes per packet for the associated protocol type. (Total number of bytes for the associated protocol / total number of packets seen for the associated protocol) Packets/Sec Displays the average number of packets seen for the associated protocol type.
Page 758 Show, Tools, and Clear Command Reference Description Clears the raw and aggregation flow caches which are sending flow data to the configured collectors. This action will trigger all the flows to be discarded. The cache restarts flow data collection from a fresh state.
Page 759: Standards And Protocol Support
Standards and Protocol Support Note: The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. ANCP/L2CP draft-ietf-ancp-protocol-02, Protocol for Access Node Control Mechanism in Broadband Networks RFC 5851, Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks AF-ILMI-0065.000, Integrated Local Management Interface (ILMI) Version 4.0...
Page 760 Standards and Protocol Support draft-ietf-idr-bgp-gr-notification-01, Notification Message support for BGP Graceful Restart draft-ietf-idr-error-handling-03, Revised Error Handling for BGP UPDATE Messages RFC 1772, Application of the Border Gateway Protocol in the Internet RFC 1997, BGP Communities Attribute RFC 2385, Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2439, BGP Route Flap Damping RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing RFC 2858, Multiprotocol Extensions for BGP-4...
Page 761 Standards and Protocol Support RFC 5287, Control Protocol Extensions for the Setup of Time-Division Multiplexing (TDM) Pseudowires in MPLS Networks Ethernet IEEE 802.1AB, Station and Media Access Control Connectivity Discovery IEEE 802.1ad, Provider Bridges IEEE 802.1ag, Connectivity Fault Management IEEE 802.1ah, Provider Backbone Bridges IEEE 802.1ak, Multiple Registration Protocol IEEE 802.1aq, Shortest Path Bridging IEEE 802.1ax, Link Aggregation...
Page 762: Frame Relay
Standards and Protocol Support draft-snr-bess-evpn-proxy-arp-nd-00, Proxy-ARP/ND function in EVPN networks RFC 7432, BGP MPLS-Based Ethernet VPN RFC 7623, Provider Backbone Bridging Combined with Ethernet VPN (PBB-EVPN) Frame Relay ANSI T1.617 Annex D, DSS1 - Signalling Specification For Frame Relay Bearer Service FRF.1.2, PVC User-to-Network Interface (UNI) Implementation Agreement FRF.12, Frame Relay Fragmentation Implementation Agreement FRF.16.1, Multilink Frame Relay UNI/NNI Implementation Agreement...
Page 763 Standards and Protocol Support RFC 2349, TFTP Timeout Interval and Transfer Size Options RFC 2428, FTP Extensions for IPv6 and NATs RFC 2865, Remote Authentication Dial In User Service (RADIUS) RFC 2866, RADIUS Accounting RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support RFC 2868, RADIUS Attributes for Tunnel Protocol Support RFC 3046, DHCP Relay Agent Information Option (Option 82) RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
Page 764 Standards and Protocol Support RFC 3590, Source Address Selection for the Multicast Listener Discovery (MLD) Protocol RFC 3618, Multicast Source Discovery Protocol (MSDP) RFC 3810, Multicast Listener Discovery Version 2 (MLDv2) for IPv6 RFC 3956, Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches RFC 4601, Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification...
Page 765 Standards and Protocol Support RFC 2401, Security Architecture for Internet Protocol RFC 3021, Using 31-Bit Prefixes on IPv4 Point-to-Point Links IP — Version 6 RFC 2460, Internet Protocol, Version 6 (IPv6) Specification RFC 2464, Transmission of IPv6 Packets over Ethernet Networks RFC 2529, Transmission of IPv6 over IPv4 Domains without Explicit Tunnels RFC 3587, IPv6 Global Unicast Address Format RFC 3633, IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6...
Page 766 Standards and Protocol Support RFC 3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers RFC 3947, Negotiation of NAT-Traversal in the IKE RFC 3948, UDP Encapsulation of IPsec ESP Packets RFC 4210, Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) RFC 4211, Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
Page 767 Standards and Protocol Support RFC 5308, Routing IPv6 with IS-IS RFC 5309, Point-to-Point Operation over LAN in Link State Routing Protocols RFC 5310, IS-IS Generic Cryptographic Authentication RFC 6213, IS-IS BFD-Enabled TLV RFC 6232, Purge Originator Identification TLV for IS-IS RFC 6233, IS-IS Registry Extension for Purges RFC 6329, IS-IS Extensions Supporting IEEE 802.1aq Shortest Path Bridging Management...
Page 768 Standards and Protocol Support RFC 2494, Definitions of Managed Objects for the DS0 and DS0 Bundle Interface Type RFC 2514, Definitions of Textual Conventions and OBJECT-IDENTITIES for ATM Management RFC 2515, Definitions of Managed Objects for ATM Management RFC 2571, An Architecture for Describing SNMP Management Frameworks RFC 2572, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 2573, SNMP Applications...
Page 769 Standards and Protocol Support RFC 3877, Alarm Management Information Base (MIB) RFC 3895, Definitions of Managed Objects for the DS1, E1, DS2, and E2 Interface Types RFC 3896, Definitions of Managed Objects for the DS3/E3 Interface Type RFC 4001, Textual Conventions for Internet Network Addresses RFC 4022, Management Information Base for the Transmission Control Protocol (TCP) RFC 4113, Management Information Base for the User Datagram Protocol (UDP) RFC 4220, Traffic Engineering Link Management Information Base...
Page 770 Standards and Protocol Support RFC 5332, MPLS Multicast Encapsulations RFC 6790, The Use of Entropy Labels in MPLS Forwarding MPLS — GMPLS draft-ietf-ccamp-rsvp-te-srlg-collect-04, RSVP-TE Extensions for Collecting SRLG Information RFC 3471, Generalized Multi-Protocol Label Switching (GMPLS) Signaling Functional Description RFC 3473, Generalized Multi-Protocol Label Switching (GMPLS) Signaling Resource ReserVation Protocol-Traffic Engineering (RSVP-TE) Extensions RFC 4204, Link Management Protocol (LMP) RFC 4208, Generalized Multiprotocol Label Switching (GMPLS) User-Network Interface...
Page 771 Standards and Protocol Support MPLS — MPLS-TP RFC 5586, MPLS Generic Associated Channel RFC 5921, A Framework for MPLS in Transport Networks RFC 5960, MPLS Transport Profile Data Plane Architecture RFC 6370, MPLS Transport Profile (MPLS-TP) Identifiers RFC 6378, MPLS Transport Profile (MPLS-TP) Linear Protection RFC 6426, MPLS On-Demand Connectivity and Route Tracing RFC 6427, MPLS Fault Management Operations, Administration, and Maintenance (OAM) RFC 6428, Proactive Connectivity Verification, Continuity Check and Remote Defect...
Page 772 Standards and Protocol Support RFC 4875, Extensions to Resource Reservation Protocol - Traffic Engineering (RSVP-TE) for Point-to-Multipoint TE Label Switched Paths (LSPs) RFC 4950, ICMP Extensions for Multiprotocol Label Switching RFC 5151, Inter-Domain MPLS and GMPLS Traffic Engineering -- Resource Reservation Protocol-Traffic Engineering (RSVP-TE) Extensions RFC 5712, MPLS Traffic Engineering Soft Preemption RFC 5817, Graceful Shutdown in MPLS and Generalized MPLS Traffic Engineering...
Page 773 Standards and Protocol Support RFC 4576, Using a Link State Advertisement (LSA) Options Bit to Prevent Looping in BGP/ MPLS IP Virtual Private Networks (VPNs) RFC 4577, OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs) RFC 4970, Extensions to OSPF for Advertising Optional Router Capabilities RFC 5185, OSPF Multi-Area Adjacency RFC 5187, OSPFv3 Graceful Restart (Helper Mode)
Page 774 Standards and Protocol Support RFC 2153, PPP Vendor Extensions RFC 2516, A Method for Transmitting PPP Over Ethernet (PPPoE) RFC 2615, PPP over SONET/SDH RFC 2661, Layer Two Tunneling Protocol "L2TP" RFC 2686, The Multi-Class Extension to Multi-Link PPP RFC 2878, PPP Bridging Control Protocol (BCP) RFC 4951, Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP) "failover"...
Page 775: Quality Of Service
Standards and Protocol Support RFC 6575, Address Resolution Protocol (ARP) Mediation for IP Interworking of Layer 2 VPNs RFC 6718, Pseudowire Redundancy RFC 6829, Label Switched Path (LSP) Ping for Pseudowire Forwarding Equivalence Classes (FECs) Advertised over IPv6 RFC 6870, Pseudowire Preferential Forwarding Status bit RFC 7023, MPLS and Ethernet Operations, Administration, and Maintenance (OAM) Interworking RFC 7267, Dynamic Placement of Multi-Segment Pseudowires...
Page 776 Standards and Protocol Support ITU-T G.813, Timing characteristics of SDH equipment slave clocks (SEC), issued 03/2003 ITU-T G.8261, Timing and synchronization aspects in packet networks, issued 04/2008 ITU-T G.8262, Timing characteristics of synchronous Ethernet equipment slave clock (EEC), issued 08/2007 ITU-T G.8264, Distribution of timing information through packet networks, issued 10/2008 ITU-T G.8265.1, Precision time protocol telecom profile for frequency synchronization, issued 10/2010...
Page 777: Technical Support
Customer documentation and product support Customer documentation http://www.alcatel-lucent.com/myaccess Product manuals and documentation updates are available at alcatel-lucent.com. If you are a new user and require access to this service, please contact your Alcatel-Lucent sales representative. Technical support http://support.alcatel-lucent.com Documentation feedback...

This manual is also suitable for:

7950 7750

Alcatel-Lucent 7450 Configuration Manual

Getting Started

IP Router Configuration

Vrrp

Filter Policies

Hybrid Openflow Switch

Cflowd

Quick Links

Related Manuals for Alcatel-Lucent 7450

Summary of Contents for Alcatel-Lucent 7450