Page 1 7710 SR OS Router Configuration Guide Software Version: 7710 SR OS 11.0 R5 October 2013 Document Part Number: 93-0082-09-05 *93-0082-09-05*...
Page 2 This document is protected by copyright. Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7710 SR-Series Router Configuration Process ....... . .17 IP Router Configuration Configuring IP Router Parameters .
Page 4 Policies ..............253 Page 4 7710 SR OS Router Configuration Guide...
Page 5 Priority Policy Host Unreachable Event Commands ........320 7710 SR OS Router Configuration Guide...
Page 6 Deleting a Filter Policy .............397 Page 6 7710 SR OS Router Configuration Guide...
Page 7 Cflowd Configuration Management Tasks ..........535 7710 SR OS Router Configuration Guide...
Page 8 ................567 Page 8 7710 SR OS Router Configuration Guide...
Page 9 Tools Dump Cflowd Top-flows Out put Fields ........556 7710 SR OS Router Configuration Guide...
Page 10 List of Tables Page 10 7710 SR OS Router Configuration Guide...
Page 11 Cflowd Configuration and Implementation Flow ........512 7710 SR OS Router Configuration Guide...
Page 12 List of Figures Page 12 7710 SR OS Router Configuration Guide...
Page 13: Ip Router Configuration
It is assumed that the network administrators have an understanding of networking principles and configurations. Protocols, standards, and services described in this manual include the following: • IP router configuration • Virtual routers • IP-based filters • Cflowd 7710 SR OS Router Configuration Guide Page 13...
Page 14: List Of Technical Publications
Preface List of Technical Publications The documentation set is composed of the following books: • 7710 SR OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7710 SR OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.
Page 15: Technical Support
If you purchased a service agreement for your router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center at: Web: http://www.alcatel-lucent.com/wps/portal/support...
Page 16 Preface Page 16 7710 SR OS Router Configuration Guide...
Page 17: Getting Started
VRRP on page 239 tion IP and MAC filters Filter Policies on page 345 Cflowd Cflowd on page 503 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 559 proprietary entities. 7710 SR OS Router Configuration Guide Page 17...
Page 18: Getting Started
Getting Started Page 18 7710 SR OS Router Configuration Guide...
Page 19: Ip Router Configuration
Interfaces on page 20  Autonomous Systems (AS) on page 37  Confederations on page 38  Proxy ARP on page 40  Bi-directional Forwarding Detection on page 49 • Configuration Notes on page 59 7710 SR OS Router Configuration Guide Page 19...
Page 20: Configuring Ip Router Parameters
Confederations on page 38 • Proxy ARP on page 40 Refer to 7710 SR OS Triple Play Guide for information about DHCP and support as well as configuration examples. on page 33 Interfaces Alcatel-Lucent routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (network and system) and address.
Page 21: Network Domains
This means that all SAPs in VPLS will have queue reaching all fwd- complexes serving interfaces that belong to the same network-domains as the SDPs. It is possible to assign/remove network-domain association of the interface/SDP without requiring deletion of the respective object. 7710 SR OS Router Configuration Guide Page 21...
Page 22: System Interface
The system interface is also referred to as the loopback address and is used as the router identifier. A system interface must have an IP address with a 32- bit subnet mask. Page 22 7710 SR OS Router Configuration Guide...
Page 23: Unicast Reverse Path Forwarding Check (Urpf)
Otherwise the uRPF check fails. If the source IP address matches a discard/blackhole route, the packet is treated as if it failed uRPF check. 7710 SR OS Router Configuration Guide Page 23...
Page 24: Creating An Ip Address Range
10.10.0.0/16, and a new service prefix is configured as 10.10.10.0/24, then the 10.10.0.0/16 entry will be removed, provided that no services are configured that use 10.10.x.x addresses other than 10.10.10.x. Page 24 7710 SR OS Router Configuration Guide...
Page 25: Qos Policy Propagation Using Bgp (Qppb)
XYZ into the QoS class implied by the BGP community value. QPPB may also be used to request that traffic sourced from certain networks receive appropriate QoS handling in downstream nodes that may span different administrative domains. This can be 7710 SR OS Router Configuration Guide Page 25...
Page 26 ISP’s network do not need to rely on QPPB to determine the correct forwarding-class to use for the traffic. Note however, that the DSCP or other COS markings could be left unchanged in the ISP’s network and QPPB used on every node. Page 26 7710 SR OS Router Configuration Guide...
Page 27: Ip Router Configuration
Content Provider interface to determine fc AS 300 Provider Peer AS 200 ASBR 2 PE 1 ASBR 1 OSSG639 Figure 1: Use of QPPB to Differentiate Traffic in an ISP Network 7710 SR OS Router Configuration Guide Page 27...
Page 28: Qppb
A route policy that includes the fc command in one or more entries can be used in any import or export policy but the fc command has no effect except in the following types of policies: • VRF import policies:  config>service>vprn>vrf-import Page 28 7710 SR OS Router Configuration Guide...
Page 29 IPv4 and IPv6 static routes. This is achieved using the following modified versions of the static- route commands: • static-route {ip-prefix/prefix-length|ip-prefix netmask} [fc fc-name [priority {low | high}]] next-hop ip-int-name|ip-address • static-route {ip-prefix/prefix-length|ip-prefix netmask} [fc fc-name [priority {low | high}]] indirect ip-address 7710 SR OS Router Configuration Guide Page 29...
Page 30 A:Dut-A# show router route-table 10.1.5.0/24 qos =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 10.1.5.0/24 Remote 15h32m52s PE1_to_PE2 h1, high ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== A:Dut-A# Page 30 7710 SR OS Router Configuration Guide...
Page 31 Currently, QPPB is not supported for ingress MPLS traffic on network interfaces or on CsC PE’- CE’ interfaces (config>service>vprn>nw-if). 7710 SR OS Router Configuration Guide Page 31...
Page 32 QPPB classification is based on the forwarding-class and priority of the route matching IP address Y if the IP filter action redirects the packet to the indirect next-hop IP address Y, even if X is matched by a route with a forwarding-class and priority Page 32 7710 SR OS Router Configuration Guide...
Page 33: Qppb And Grt Lookup
DSCP/IP prec/802.1p and if fc1 mapped to a profile mode queue then it is based on the profile state of fc1). Table 2 summarizes these interactions. 7710 SR OS Router Configuration Guide Page 33...
Page 34: Table 2: Qppb Interactions With Sap Ingress Qos
If DE=1 override then From new From original FC mode queue low otherwise from base FC and sub-class QPPB. If no DEI or QPPB overrides then from original dot1p/ exp/DSCP mapping or policy default. Page 34 7710 SR OS Router Configuration Guide...
Page 35 From new From original FC queue base FC packet is marked in or base FC and sub-class unless out of profile in which overridden case follows profile. by DE=1 Default is high priority 7710 SR OS Router Configuration Guide Page 35...
Page 36: Router Id
If neither the system interface or router ID are implicitly specified, then the router ID is inherited from the last four bytes of the MAC address. • The router can be derived on the protocol level; for example, BGP. Page 36 7710 SR OS Router Configuration Guide...
Page 37: Autonomous Systems (As)
AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. 7710 SR OS Router Configuration Guide Page 37...
Page 38: Confederations
To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router. Setting BGP policies to select an optimal path through a confederation requires other BGP modifications. Page 38 7710 SR OS Router Configuration Guide...
Page 39: Figure 2: Confederation Configuration
AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 Figure 2: Confederation Configuration 7710 SR OS Router Configuration Guide Page 39...
Page 40: Proxy Arp
Static ARP is used when an Alcatel-Lucent router needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 41: Dhcp Relay
IP Router Configuration DHCP Relay Refer to 7710 SROS Triple Play Guide for information about DHCP and support provided by the 7710 SR as well as configuration examples. 7710 SR OS Router Configuration Guide Page 41...
Page 42: Internet Protocol Versions
(optional) data confidentiality are specified for IPv6. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Prio. | Flow Label +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Length Next Header Hop Limit +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: IPv6 Header Format Page 42 7710 SR OS Router Configuration Guide...
Page 43: Table 3: Ipv6 Header Field Descriptions
Source Address 128-bit address of the originator of the packet. Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient if a routing header is present). 7710 SR OS Router Configuration Guide Page 43...
Page 44: Ipv6 Applications
Figure 4: IPv6 Internet Exchange • IPv6 transit services — Figure 5 shows IPv6 transit provided by an ISP. Customer 1 2001:0410:0001:/48 2001:0410::/32 Customer 2 2001:0410:0002:/4 IPIPE_008 Figure 5: IPv6 Transit Services Page 44 7710 SR OS Router Configuration Guide...
Page 45: Figure 6: Ipv6 Services To Enterprise Customers And Home Users
IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. Alcatel-Lucent router supports dynamic IPv6 over IPv4 tunneling. The ipv4 source and destination address are taken from configuration, the source address is the ipv4 system address and the ipv4 destination is the next hop from the configured 6over4 tunnel.
Page 46: Dns
AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address since IPv6 addresses are more difficult to remember than IPv4 addresses. Page 46 7710 SR OS Router Configuration Guide...
Page 47: Ipv6 Provider Edge Router Over Mpls (6Pe)
MPLS labels. 6PE is a cost effective solution for IPv6 deployment. MP-BGP sessions 2001:0620 2001:0420 145:950.0 2001:0421 Dual Stack IPv4-IPv6 routers Dual Stack IPv4-IPv6 routers 2001:0621 IPv4 MPLS Fig_30 Figure 8: Example of a 6PE Topology within One AS 7710 SR OS Router Configuration Guide Page 47...
Page 48 The egress 6PE router pops the top LDP tunnel label. It sees the IPv6 explicit null label, which indicates an IPv6 packet is encapsulated. It also pops the IPv6 explicit null label and performs an IPv6 route lookup to find out the next hop for the IPv6 packet. Page 48 7710 SR OS Router Configuration Guide...
Page 49: Bi-Directional Forwarding Detection
IP TTL should be 255 but can still be processed if it is not (assuming the packet passes the enabled authentication mechanism). If multiple BFD sessions exist between two nodes, the BFD discriminator is used to de-multiplex the BFD control packet to the appropriate BFD session. 7710 SR OS Router Configuration Guide Page 49...
Page 50: Control Packet Format
The final bit. If set, the transmitting system is responding to a received BFD control packet that had the poll (P) bit set. Rsvd Reserved bits. These bits must be zero on transmit and ignored on receipt. Page 50 7710 SR OS Router Configuration Guide...
Page 51 This is the minimum interval, in microseconds, between received BFD echo pack- Interval ets that this system is capable of supporting. If this value is zero, the transmitting system does not support the receipt of BFD echo packets. 7710 SR OS Router Configuration Guide Page 51...
Page 52: Bfd For Rsvp-Te
POS interfaces (including APS) • Channelized interfaces (PPP, HDLC, FR and ATM) on ASAP (priority 1) and channelized MDAs (Priority 2) including link bundles and IMA • Spoke SDPs • LAG interfaces • VSM interfaces Page 52 7710 SR OS Router Configuration Guide...
Page 53: Echo Support
This allows the echo sender to send BFD echo packets at any rate. Note that the SR-OS router does not support the sending of echo requests, only the response to echo requests. 7710 SR OS Router Configuration Guide Page 53...
Page 54: Bfd Support For Bgp
The MPLS LSP associated with the spoke SDP can enter or egress from multiple interfaces on the box. BFD for these types of interfaces can not exist on the IOM itself. Page 54 7710 SR OS Router Configuration Guide...
Page 55: Figure 10: Bfd For Ies/Vprn Over Spoke Sdp
VPRN VPRN In this case BFD is run between the IES/VPRN interfaces Metro Metro independent of the SPD/LSP paths POP 4 POP 3 Fig_31 Figure 10: BFD for IES/VPRN over Spoke SDP 7710 SR OS Router Configuration Guide Page 55...
Page 56: Figure 11: Bfd Over Lag
LAG i/f LAG i/f LAG i/f IES/ Note: VPRN In this case BFD is run between the IES/VPRN interfaces independent of the LAG or its members Fig_32 Figure 11: BFD over LAG Page 56 7710 SR OS Router Configuration Guide...
Page 57: Aggregate Next Hop
This feature adds the ability to configure an indirect next-hop for aggregate routes. The indirect next-hop specifies where packets will be forwarded if they match the aggregate route but not a more-specific route in the IP forwarding table. 7710 SR OS Router Configuration Guide Page 57...
Page 58: Process Overview
Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. • Confederation — (Optional) Creates confederation autonomous systems within an AS to reduce the number of IBGP sessions required within an AS. Page 58 7710 SR OS Router Configuration Guide...
Page 59: Configuration Notes
 Chassis systems running in chassis mode c or d.  Chassis systems running in mixed-mode with IPv6 functionality limited to those interface on slots with IOM3-XPs/IMMs or later line cards.  7710 SR-c4/c12. 7710 SR OS Router Configuration Guide Page 59...
Page 60 Configuration Notes Page 60 7710 SR OS Router Configuration Guide...
Page 61: Configuring An Ip Router With Cli
Service Management Tasks on page 88 • Service Management Tasks on page 88  Changing the System Name on page 88  Modifying Interface Parameters on page 89  Deleting a Logical IP Interface on page 90 7710 SR OS Router Configuration Guide Page 61...
Page 62: Router Configuration Overview
Router Configuration Overview Router Configuration Overview In an Alcatel-Lucent router, an interface is a logical named entity. An interface is created by specifying an interface name under the context. This is the global router configure>router configuration context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters long, must start with a letter, and is case-sensitive;...
Page 63: Basic Configuration
# Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 confederation 1000 members 100 200 300 router-id 10.10.10.103 exit isis exit #------------------------------------------ A:ALA-A> config# 7710 SR OS Router Configuration Guide Page 63...
Page 64: Common Configuration Tasks
The following example displays the system name output. A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit Page 64 7710 SR OS Router Configuration Guide...
Page 65: Configuring Interfaces
CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all- ones | host-ones}] cflowd {acl | interface} egress filter ip ip-filter-id filter ipv6 ipv6-filter-id ingress filter ip ip-filter-id filter ipv6 ipv6-filter-id port port-name 7710 SR OS Router Configuration Guide Page 65...
Page 66 10 exit exit #------------------------------------------ A:ALA-A>config>router# To enable CPU protection: CLI Syntax: config>router interface interface-name cpu-protection policy-id CPU protection policies are configured in the config>sys>security>cpu-protection context. See the OS System Management Guide. Page 66 7710 SR OS Router Configuration Guide...
Page 67: Configuring Ipv6 Parameters
[number seconds] time-exceeded [number seconds] unreachables [number seconds] neighbor ipv6-address mac-address The following displays a configuration example showing interface information. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/2/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# 7710 SR OS Router Configuration Guide Page 67...
Page 68: Configuring Ipv6 Over Ipv4 Parameters
::C8C8:C802/128 indirect 200.200.200.2 interface ip-int-name address {ip-address/mask|ip-address netmask} [broadcast all-ones|host-ones] port port-name The following displays configuration output showing interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.1" address 1.1.1.1/30 port 1/1/1 exit ---------------------------------------------- A:ALA-49>configure>router# Page 68 7710 SR OS Router Configuration Guide...
Page 69 {ip-address/mask|ip-address netmask} [broad- cast all-ones|host-ones] ipv6 address ipv6-address/prefix-length [eui-64] The following displays configuration output showing interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "system" address 200.200.200.1/32 ipv6 address 3FFE::C8C8:C801/128 exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 69...
Page 70 The following displays a configuration showing BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.1 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.2 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 70 7710 SR OS Router Configuration Guide...
Page 71 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 71...
Page 72: Tunnel Egress Node
[eui-64] port port-name The following displays interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.2" address 1.1.1.2/30 port 1/1/1 exit interface "system" address 200.200.200.2/32 ipv6 address 3FFE::C8C8:C802/128 exit exit ---------------------------------------------- Page 72 7710 SR OS Router Configuration Guide...
Page 73 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 73...
Page 74: Router Advertisement
The following displays a router advertisement configuration example. *A:sim131>config>router>router-advert# info ---------------------------------------------- interface "n1" prefix 3::/64 exit use-virtual-mac no shutdown exit ---------------------------------------------- *A:sim131>config>router>router-advert# interface n1 *A:sim131>config>router>router-advert>if# prefix 3::/64 *A:sim131>config>router>router-advert>if>prefix# info detail ---------------------------------------------- autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000 ---------------------------------------------- *A:tahi>config>router>router-advert>if>prefix# Page 74 7710 SR OS Router Configuration Guide...
Page 75: Configuring Ipv6 Parameters
100 10 time-exceeded 100 10 unreachables 100 10 exit ---------------------------------------------- A:ALA-49>config>router>if>ipv6# exit all The following displays an IPv6 configuration example. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/3/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# 7710 SR OS Router Configuration Guide Page 75...
Page 76 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 76 7710 SR OS Router Configuration Guide...
Page 77: Configuring Proxy Arp
For more information about route policies, refer to the OS Routing Protocols Guide. • Apply the policy statement to the proxy-arp configuration in the config>router>interface context. CLI Syntax: config>router# policy-options begin commit prefix-list name prefix ip-prefix/mask [exact|longer|through length|prefix-length-range length1-length2] 7710 SR OS Router Configuration Guide Page 77...
Page 78 10.20.30.0/24 through 32 exit prefix-list "prefixlist2" prefix 10.10.10.0/24 through 32 exit policy-statement "ProxyARPpolicy" entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# Page 78 7710 SR OS Router Configuration Guide...
Page 79 Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [policy-name...(upto 5 max)] remote-proxy-arp The following displays a proxy ARP configuration example: A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# 7710 SR OS Router Configuration Guide Page 79...
Page 80: Creating An Ip Address Range
All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP. The following is an example of the resolution process. Page 80 7710 SR OS Router Configuration Guide...
Page 81 When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM will spray the packets for this route based on hashing routine currently supported for IPv4 packets. 7710 SR OS Router Configuration Guide Page 81...
Page 82 IGP route resolution. BGP will continue to resolve a BGP next-hop to an LDP shortcut if the user enabled the LDP shortcut option in BGP BGP-Shortcut: CLI Syntax: config>router>bgp>igp-shortcut ldp Page 82 7710 SR OS Router Configuration Guide...
Page 83 FEC origination of IGP learned routes and subscriber/host routes statically configured or dynamically learned over subscriber IES interfaces. An LDP LSP used as a shortcut by IPv4 packets may also be tunneled using the LDP-over-RSVP feature. 7710 SR OS Router Configuration Guide Page 83...
Page 84: Deriving The Router Id
{ip-address/mask | ip-address netmask} [broad- cast all-ones | host-ones] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# Page 84 7710 SR OS Router Configuration Guide...
Page 85: Configuring A Confederation
A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# 7710 SR OS Router Configuration Guide Page 85...
Page 86: Configuring An Autonomous System
The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# Page 86 7710 SR OS Router Configuration Guide...
Page 87: Configuring Overload State On A Single Sfm
IGP will cause PIM to join the new path and prune the old path, which effectively reroutes the multicast traffic downstream. When the problem is resolved, the overload condition is cleared, which will cause the traffic to be routed back to the router. 7710 SR OS Router Configuration Guide Page 87...
Page 88: Service Management Tasks
"TGIF" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# Page 88 7710 SR OS Router Configuration Guide...
Page 89: Modifying Interface Parameters
A:ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# 7710 SR OS Router Configuration Guide Page 89...
Page 90: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# Page 90 7710 SR OS Router Configuration Guide...
Page 91: Ip Router Command Reference
Router Interface IPv6 Commands on page 96 • Router Advertisement Commands on page 97 • Show Commands on page 98 • Clear Commands on page 100 • Debug Commands on page 101 7710 SR OS Router Configuration Guide Page 91...
Page 92 [disallow-igp]] [cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]] — [no] {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- static-route ric metric] [tag tag] [community comm-id] [enable | disable] black-hole [mcast-family] — [no] triggered-policy Page 92 7710 SR OS Router Configuration Guide...
Page 93 — no transmit-interval — receive-interval receive-interval — no receive-interval — cv-tx transmit-interval — no cv-tx — echo-receive echo-interval — no echo-receive — multiplier multiplier — no multiplier — [no] type cpm-np 7710 SR OS Router Configuration Guide Page 93...
Page 94 — [no] flowspec — [no] flowspec-ipv6 — lag-link-map-profile lnk-map-profile-id — no lag-link-map-profile — [no] ldp-shortcut — ldp-sync-timer seconds — no ldp-sync-timer — [no] local-proxy-arp — [no] loopback — lsr-load-balancing hashing-algorithm — no lsr-load-balancing Page 94 7710 SR OS Router Configuration Guide...
Page 95 — no hold-time {ip-address/mask | ip-address netmask} — address — no address — description description-string — no description — [no] shutdown For router interface VRRP commands, see VRRP Command Reference on page 279. 7710 SR OS Router Configuration Guide Page 95...
Page 96 [ policy-name...(up to 5 max)] — proxy-nd-policy — no proxy-nd-policy — [no] urpf-check {strict | loose | strict-no-ecmp} — mode — no mode — [no] urpf-check {strict | loose} — mode — no mode Page 96 7710 SR OS Router Configuration Guide...
Page 97 {seconds | infinite} — valid-lifetime — no valid-lifetime — reachable-time milli-seconds — no reachable-time — retransmit-time milli-seconds — no retransmit-time — router-lifetime seconds — no router-lifetime — [no] shutdown — [no] use-virtual-mac 7710 SR OS Router Configuration Guide Page 97...
Page 98 [ip-prefix[/prefix-length]] [longer|exact] [detail] — route-table [interface interface-name] [prefix ipv6-prefix[/prefix-length] [conflicts] — rtr-advertisement — service-prefix — sgt-qos [app-name] [dscp-dot1p] — application [dscp-name] — dscp-map [ip-address | ip-int-name | mac ieee-mac-addr] — static-arp Page 98 7710 SR OS Router Configuration Guide...
Page 99 IP Router Configuration [family] [[ip-prefix /mask]| [preference preference] | [next-hop ip-address] | — static-route [tag tag] [detail] — status — routes [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] — tunnel-table [interface-name] — neighbor 7710 SR OS Router Configuration Guide Page 99...
Page 100 — tunnel tunnel-id — statistics {all | ip-address} — neighbor [interface ip-int-name | ip-address] — neighbor — router-advertisement [interface interface-name] — router-advertisement [slot-number] — forwarding-table [ip-int-name | ip-addr] [icmp] — interface Page 100 7710 SR OS Router Configuration Guide...
Page 101 — no route-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id]| sdp [sdp-id sdp-id]] — tunnel-table — mtrace — [no] misc — [no] [query | request | response] packet [interface tms-interface] api [detail] tms-interface — 7710 SR OS Router Configuration Guide Page 101...
Page 102 IP Router Command Reference Page 102 7710 SR OS Router Configuration Guide...
Page 103: Configuration Commands
— The description character string. Allowed values are any string up to 80 Parameters characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 103...
Page 104: Router Global Commands
IP address as next hop. The no form of the command removes the aggregate. No aggregate routes are defined. Default Page 104 7710 SR OS Router Configuration Guide...
Page 105 FIB with a next-hop taken from the route used to forward packets to ip-address. ipv4-prefix a.b.c.d Values ipv6-prefix x:x:x:x:x:x:x:x x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D autonomous-system Syntax autonomous-system autonomous-system no autonomous-system 7710 SR OS Router Configuration Guide Page 105...
Page 106 — The AS number(s) of members that are part of the confederation, expressed as a decimal integer. Up to 15 members per confed-as-num can be configured. 1 — 65535 Values ecmp Syntax ecmp max-ecmp-routes no ecmp Context config>router Page 106 7710 SR OS Router Configuration Guide...
Page 107 CPM generated IP packets when the primary next-hop is not available. IP FRR is supported on IPv4 and IPv6 OSPF/IS-IS prefixes forwarded in the base router instance to a network 7710 SR OS Router Configuration Guide Page 107...
Page 108 — Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes. threshold threshold — The percentage at which a warning log message and SNMP trap should be sent. 0 — 100 Values Default Page 108 7710 SR OS Router Configuration Guide...
Page 109 0 — 131071 for chassis mode C (128k) Values 0 — 261143 for chassis mode D (256k) Values 16384 Default multicast-info Syntax multicast-info-policy policy-name no multicast-info-policy Context configure>router This command configures multicast information policy. Description 7710 SR OS Router Configuration Guide Page 109...
Page 110 This command creates network-domains that can be associated with individual interfaces and SDPs. Description network-domain “default” Default network-domain-name — Network domain name character string. Parameters router-id Syntax router-id ip-address no router-id Page 110 7710 SR OS Router Configuration Guide...
Page 111 The no form of the command removes all address reservations. A service prefix cannot be removed while one or more service uses an address or addresses in the range. no service-prefix - no IP addresses are reserved for services. Default 7710 SR OS Router Configuration Guide Page 111...
Page 112 Page 112 7710 SR OS Router Configuration Guide...
Page 113 Default name — Specifies a text string name for the template up to 32 characters in printable 7-bit ASCII, Parameters enclosed in double quotes. transmit-interval Syntax transmit-interval transmit-interval no transmit-interval 7710 SR OS Router Configuration Guide Page 113...
Page 114 — Specifies the transmit interval. This parameter is only used if a BFD session is Parameters enabled with CV on an MPLS-TP LSP. 1 sec to 30 sec in 1 second increments Values 1 second Default Page 114 7710 SR OS Router Configuration Guide...
Page 115 Context config>router>bfd>bfd-template This command selects the CPM network processor as the local termination point for the BFD session. Description This is enabled by default. type cpm-np Default triggered-policy Syntax triggered-policy no triggered-policy 7710 SR OS Router Configuration Guide Page 115...
Page 116 No static routes are defined. Default ip-prefix/prefix-length — The destination address of the static route. Parameters ipv4-prefix a.b.c.d (host bits must be 0) Values ipv4-prefix-length 0 — 32 Page 116 7710 SR OS Router Configuration Guide...
Page 117 — The cost metric for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When the metric is configured as 0 then the metric configured in OSPF, default-import-metric, applies. When 7710 SR OS Router Configuration Guide Page 117...
Page 118 — Specifies the route is a black hole route. If the destination address on a packet matches this static route, it will be silently discarded. Page 118 7710 SR OS Router Configuration Guide...
Page 119: Table 5: Default Route Preferences
IP address, mask, and any other parameter that is required to identify the exact static route. The administrative state is maintained in the configuration file. enable Default 7710 SR OS Router Configuration Guide Page 119...
Page 120 CPE connectivity check. Events should be sent to the system log, syslog and SNMP traps. Sample Output *B:Dut-C# configure router "management" *B:Dut-C>config>router# info ---------------------------------------------- static-route 1.1.1.0/24 next-hop 172.31.117.1 static-route 1::/96 next-hop 3000::AC1F:7567 ---------------------------------------------- *B:Dut-C>config>router# *B:Dut-C>config>router# show router "management" route-table =============================================================================== Route Table (Router: management) Page 120 7710 SR OS Router Configuration Guide...
Page 121 Prefix Pref Type Act Next Hop Interface ------------------------------------------------------------------------------- 1.1.1.0/24 172.31.117.1 ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== *B:Dut-C>config>router# *B:Dut-C>config>router# show router "management" static-route ipv6 =============================================================================== Static Route Table (Router: management) Family: IPv6 7710 SR OS Router Configuration Guide Page 121...
Page 122 Router Global Commands =============================================================================== Prefix Pref Type Act Next Hop Interface ------------------------------------------------------------------------------- 1::/96 3000::AC1F:7567 management ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== *B:Dut-C>config>router# Page 122 7710 SR OS Router Configuration Guide...
Page 123: Router Interface Commands
MPLS-TP interface is a special type of interface that is only intended for MPLS-TP LSPs. IP routing protocols are blocked on interfaces of this type. If an interface is configured as 7710 SR OS Router Configuration Guide Page 123...
Page 124 Ethernet port or VLAN, using the port command. Either a unicast, multicast or broadcast remote MAC address may be configured using the static-arp command. Only static ARP is supported. Page 124 7710 SR OS Router Configuration Guide...
Page 125 IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. Note that a mask length of 32 is reserved for system IP addresses. 1 — 32 Values 7710 SR OS Router Configuration Guide Page 125...
Page 126 This command enables the forwarding of directed broadcasts out of the IP interface. Description A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables Page 126 7710 SR OS Router Configuration Guide...
Page 127 BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault. The no form of the command removes BFD from the router interface regardless of the IGP/RSVP. no bfd Default 7710 SR OS Router Configuration Guide Page 127...
Page 128 — Specifies the direction to collect traffic flow samples. ingress-only — Enables ingress sampling only on the associated interface. Values egress-only — Enables egress sampling only on the associated interface. both — Enables both ingress and egress cflowd sampling. Page 128 7710 SR OS Router Configuration Guide...
Page 129 Context config>router>if This command assigns a Distributed CPU protection policy for the interface. Description enable-mac-accounting Syntax [no] enable-mac-accounting Context config>router>interface This command enables MAC Accounting functionality for the interface. Description 7710 SR OS Router Configuration Guide Page 129...
Page 130 This command assigns a pre-configured lag link map profile to a SAP/network interface configured Description on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration. Page 130 7710 SR OS Router Configuration Guide...
Page 131 When the preferred RTM entry corresponds to a regular IP route, spraying will be performed across regular IP next-hops for the prefix.. The no form of this command disables the resolution of IGP routes using LDP shortcuts. no ldp-shortcut Default ldp-sync-timer Syntax ldp-sync-timer seconds no ldp-sync-timer 7710 SR OS Router Configuration Guide Page 131...
Page 132 The no form of this command disables IGP/LDP synchronization and deletes the configuration no ldp-sync-timer Default seconds — Specifies the time interval for the IGP-LDP synchronization timer in seconds. Parameters 1 – 1800 Values Page 132 7710 SR OS Router Configuration Guide...
Page 133 Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses. multihoming Syntax [no] multihoming primary|secondary [hold-time holdover-time] 7710 SR OS Router Configuration Guide Page 133...
Page 134 This command enables SNTP broadcasts received on the IP interface. This parameter is only valid Description when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface. Page 134 7710 SR OS Router Configuration Guide...
Page 135 1 — 336 bpgrp-id bpgrp-type-bpgrp-num bpgrp keyword type ima, ppp bpgrp-num 1 — 256 aps-id aps-group-id[.channel] keyword group-id 1 — 16 lag-id lag-id keyword 1 — 64 7710 SR OS Router Configuration Guide Page 135...
Page 136 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 137 Associating a network QoS policy with a network interface is useful for the following purposes: • To apply classification rules for determining the forwarding-class and profile of ingress packets on the interface. 7710 SR OS Router Configuration Guide Page 137...
Page 138 IP interface. 1 — 16384 Values remote-proxy-arp Context config>router>interface This command enables remote proxy ARP on the interface. Description no remote-proxy-arp Default Page 138 7710 SR OS Router Configuration Guide...
Page 139 The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host- 7710 SR OS Router Configuration Guide Page 139...
Page 140 Static ARP is used when a 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 141 Default trusted — The default prevents the ToS field to not be remarked by egress network IP interfaces Parameters unless the egress network IP interface has the remark-trusted state set 7710 SR OS Router Configuration Guide Page 141...
Page 142 This command enables unicast RPF (uRPF) Check on this interface. Description The no form of the command disables unicast RPF (uRPF) Check on this interface. disabled Default mode Syntax mode {strict | loose | strict-no-ecmp} no mode Context config>router>if>urpf-check Page 142 7710 SR OS Router Configuration Guide...
Page 143 The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interface in the same routing context within the router. 7710 SR OS Router Configuration Guide Page 143...
Page 144 IP address. Note that a mask of 255.255.255.255 is reserved for system IP addresses. 128.0.0.0 - 255.255.255.255 Values netmask — The subnet mask in dotted decimal notation. 0.0.0.0 - 255.255.255.255 (nework bits all 1 and host bits all 0). Values description Syntax description description-string Page 144 7710 SR OS Router Configuration Guide...
Page 145 IGPs and LDP protocols to allow the resolution of BGP routes advertised with this address by the primary multihoming router. The no form of the command disables this setting. no mh-secondary-interface Default 7710 SR OS Router Configuration Guide Page 145...
Page 146 This is to allow the reset of the network to reconverge after a router failure before the anycast based label assignments are flushed from the forwarding plane. 0-65535 Values Default Page 146 7710 SR OS Router Configuration Guide...
Page 147 3.user-defined IPv4 filter default-action The no form of the command removes IPv4 flowspec filtering from the network IP interface. No network interfaces have IPv4 flowspec enabled. Default flowspec-ipv6 Syntax [no] flowspec Context config>router>interface>ingress 7710 SR OS Router Configuration Guide Page 147...
Page 148 — The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ipv6 context. 1— 65535 Values Page 148 7710 SR OS Router Configuration Guide...
Page 149 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. redirects 100 10 — Maximum of 100 redirect messages in 10 seconds. Default 7710 SR OS Router Configuration Guide Page 149...
Page 150 The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval. Page 150 7710 SR OS Router Configuration Guide...
Page 151 The seconds parameter must also be specified. 10 — 1000 Values seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. 7710 SR OS Router Configuration Guide Page 151...
Page 152 Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used. icmp6 Syntax icmp6 Context config>router>if>ipv6 This command enables the context to configure ICMPv6 parameters for the interface. Description Page 152 7710 SR OS Router Configuration Guide...
Page 153 The no form of the command disables ICMPv6 redirects. 100 10 (when IPv6 is enabled on the interface) Default 7710 SR OS Router Configuration Guide Page 153...
Page 154 10 — 1000 Values seconds — Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame. 1 — 60 Values Page 154 7710 SR OS Router Configuration Guide...
Page 155 This command can only be used on Ethernet media. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address. 7710 SR OS Router Configuration Guide Page 155...
Page 156 — The IPv6 address assigned to a router interface. Parameters ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces) Values x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx- xx-xx-xx-xx-xx. Page 156 7710 SR OS Router Configuration Guide...
Page 157: Router Advertisement Commands
IPv6 packets. Default number — Specifies the hop limit. Parameters 0 — 255. A value of zero means there is an unspecified number of hops. Values 7710 SR OS Router Configuration Guide Page 157...
Page 158 This command configures the minimum interval between sending ICMPv6 neighbor discovery router Description advertisement messages. Default seconds — Specify the minimum interval in seconds between sending ICMPv6 neighbor discovery Parameters router advertisement messages. 3 — 1350 Values Syntax [no] mtu mtu-bytes Context config>router>router-advert>if Page 158 7710 SR OS Router Configuration Guide...
Page 159 [0 — 255]D ipv6-prefix-length 0 — 128 prefix-length — Specifies a route must match the most significant bits and have a prefix length. 1 — 128 Values autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix 7710 SR OS Router Configuration Guide Page 159...
Page 160 The address generated from an invalidated prefix should not appear as the destination or source address of a packet. 2592000 Default seconds — Specifies the remaining length of time in seconds that this prefix will continue to be valid. Parameters Page 160 7710 SR OS Router Configuration Guide...
Page 161 — The length of time, in seconds, (relative to the time the packet is sent) that the prefix is Parameters valid for route determination. 0, 4 — 9000 seconds. 0 means that the router is not a default router on this link. Values 7710 SR OS Router Configuration Guide Page 161...
Page 162 If the virtual router is not the master, no router advertisement messages are sent. The no form of the command disables sending router advertisement messages. no use-virtual-mac Default Page 162 7710 SR OS Router Configuration Guide...
Page 163: Show Commands
— Only displays ARP entries associated with the specified IP interface name. mac ieee-mac-addr — Only displays ARP entries associated with the specified MAC address. summary — Displays an abbreviate list of ARP entries. 7710 SR OS Router Configuration Guide Page 163...
Page 164 No. of ARP Entries: 3 =============================================================================== A:ALA-A# show router ARP 10.10.0.3 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.0.3 04:5d:ff:00:00:00 00:00:00 system =============================================================================== A:ALA-A# A:ALA-A# show router ARP to-ser1 =============================================================================== Page 164 7710 SR OS Router Configuration Guide...
Page 165 The number of packets that failed authentication. Client Packets Authenticate Fail The number of packets that were authenticated. Client Packets Authenticate Ok Sample Output A:ALU-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail 7710 SR OS Router Configuration Guide Page 165...
Page 166 Remote State : Up (3) Remote Diag : 0 (None) Remote Mode : Async Remote Min Tx : 1000 Remote Mult Last Recv (ms) : 367 Remote Min Rx : 10 =============================================================================== *A:Dut-C# Page 166 7710 SR OS Router Configuration Guide...
Page 167 0::0.0.0.0 mplsTp cpm-np wp::lsp-41 Down (1) 1000 1000 0::0.0.0.0 mplsTp cpm-np pp::lsp-32 Up (3) 1000 1000 0::0.0.0.0 mplsTp cpm-np pp::lsp-33 Up (3) 1000 1000 0::0.0.0.0 mplsTp cpm-np pp::lsp-34 Up (3) 1000 1000 7710 SR OS Router Configuration Guide Page 167...
Page 168 Displays the integer used by BFD to declare when the neighbor is down. Multiplier Sample Output *A:Dut-B# show router bfd interface =============================================================================== BFD Interface =============================================================================== Interface name Tx Interval Rx Interval Multiplier ------------------------------------------------------------------------------- port-1-1 port-1-1 port-1-2 port-1-2 Page 168 7710 SR OS Router Configuration Guide...
Page 169 Displays the number of received packets. Rx Pkts Displays the integer used by BFD to declare when the neighbor is down. Mult Sample Output A:Dut-B# show router bfd session =============================================================================== BFD Session 7710 SR OS Router Configuration Guide Page 169...
Page 170 Rx Interval : 10 Tx Interval : 10 Multiplier Echo Interval Up Time : 0d 07:10:20 Up Transitions Down Time : None Down Transitions : 2 Version Mismatch : 0 Forwarding Information Page 170 7710 SR OS Router Configuration Guide...
Page 171 Up (3) FE80::A0A:A03 pim isis ospf3 cpm-np port-1-3 Up (3) 3FFE::A03:103 static bgp cpm-np port-1-3 Up (3) FE80::A0A:A03 pim isis ospf3 cpm-np port-1-4 Up (3) 3FFE::A04:103 static bgp cpm-np 7710 SR OS Router Configuration Guide Page 171...
Page 172 [ip-int-name | ip-address] Context show>router>dhcp show>router>dhcp6 This command displays statistics for DHCP relay and DHCP snooping. Description If no IP address or interface name is specified, then all configured interfaces are displayed. Page 172 7710 SR OS Router Configuration Guide...
Page 173 Server Packets Snooped snooped. Sample Output A:ALA-1# show router dhcp6 statistics ========================================================================== DHCP6 statistics (Router: Base) ========================================================================== Msg-type Dropped -------------------------------------------------------------------------- 1 SOLICIT 2 ADVERTISE 3 REQUEST 4 CONFIRM 5 RENEW 6 REBIND 7710 SR OS Router Configuration Guide Page 173...
Page 174 Show DHCP Summary Output — The following table describes the output fields for DHCP Output summary. Label Description Name of the router interface. Interface Name Indicates whether Option 82 processing is enabled on the interface. Info Option Page 174 7710 SR OS Router Configuration Guide...
Page 175 The name of the router instance. Router Name False — ECMP is disabled for the instance. ECMP True — ECMP is enabled for the instance. The number of ECMP routes configured for path sharing. Configured-ECMP-Routes 7710 SR OS Router Configuration Guide Page 175...
Page 176 — Displays secondary VRF ID information. summary — Displays summary FIB information for the specified slot number. nh-table-usage — Displays next-hop table usage. Sample Output show router fib 1 131.132.133.134/32 ======================================================================== FIB Display Page 176 7710 SR OS Router Configuration Guide...
Page 177 1.2.9.0/24 ISIS 1.2.3.2 (to_Dut-B) 10.12.0.0/24 LOCAL 10.12.0.0 (itfToArborCP_02) 10.20.1.1/32 ISIS 1.1.3.1 (to_Dut-A) 10.20.1.2/32 ISIS 1.2.3.2 (to_Dut-B) 10.20.1.3/32 LOCAL 10.20.1.3 (system) 20.12.0.43/32 STATIC vprn1:mda-1-1 20.12.0.44/32 STATIC vprn1:mda-2-1 20.12.0.45/32 STATIC vprn1:mda-2-2 20.12.0.46/32 STATIC vprn1:mda-3-1 7710 SR OS Router Configuration Guide Page 177...
Page 178 Show Commands 100.0.0.1/32 vprn1:mda-1-1 vprn1:mda-3-1 138.203.71.202/32 STATIC 10.12.0.2 (itfToArborCP_02) ------------------------------------------------------------------------------- Total Entries : 15 ------------------------------------------------------------------------------- =============================================================================== Page 178 7710 SR OS Router Configuration Guide...
Page 179 Output — The following table describes the show router icmp6 output fields: Output Label Description The total number of all messages. Total The number of message that did not reach the destination. Destination Unreachable 7710 SR OS Router Configuration Guide Page 179...
Page 180 ------------------------------------------------------------------------------- Sent Total : 10 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 5 =============================================================================== A:SR-3>show>router>auth# Page 180 7710 SR OS Router Configuration Guide...
Page 181 B:CORE2# show router icmp6 interface net1_1_2 =============================================================================== Interface ICMPv6 Stats =============================================================================== Interface "net1_1_2" ------------------------------------------------------------------------------- Received Total : 41 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply 7710 SR OS Router Configuration Guide Page 181...
Page 182 — Displays the peers that are IPv6-capable. Values Standard IP Interface Output — The following table describes the standard output fields for an IP Output interface. Label Description The IP interface name. Interface-Name Page 182 7710 SR OS Router Configuration Guide...
Page 183 A:ALA-A# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm(v4/v6) Opr(v4/v6) Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------- ip-100.0.0.2 Up/Up Up/Up Network lag-1 100.0.0.2/10 3FFE:1::2/64 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-100.128.0.2 Up/Up Up/Up Network lag-2 100.128.0.2/10 7710 SR OS Router Configuration Guide Page 183...
Page 184 24.2.4.4/24 3FFE::1802:404/120 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED system Up/Up Up/Up Network system 200.200.200.4/32 3FFE::C8C8:C804/128 PREFERRED ------------------------------------------------------------------------------- Interfaces : 15 =============================================================================== A:ALA-A# A:ALA-A# show router interface 10.10.0.3/32 =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode Page 184 7710 SR OS Router Configuration Guide...
Page 185 Detailed IP Interface Output — The following table describes the detailed output fields for an IP interface. Label Description The IP interface name. If Name Down — The IP interface is administratively disabled. Admin State Up — The IP interface is administratively enabled. 7710 SR OS Router Configuration Guide Page 185...
Page 186 Specifies the IGP/LDP sync timer value. LdpSyncTimer Specifies whether unicast RPF (uRPF) Check is enabled on this inter- uRPF Chk face. Specifies whether unicast RPF (uRPF) Check IPv6 is enabled on this uRPF Iv6 Chk interface. Page 186 7710 SR OS Router Configuration Guide...
Page 187 Tx V4 Discard Byt*: 0 Tx V6 Pkts Tx V6 Bytes Tx V6 Discard Pk*: 0 Tx V6 Discard Byt*: 0 Proxy ARP Details Rem Proxy ARP : Disabled Local Proxy ARP : Disabled 7710 SR OS Router Configuration Guide Page 187...
Page 188 Global If Index : 95 If Type : TMS Rx Pkts : 14935 Rx Bytes : 955840 Tx Pkts : 14892 Tx Bytes : 953088 Tx Discard Pkts TMS Health Information Status : Up Page 188 7710 SR OS Router Configuration Guide...
Page 189 Statistics IP Interface Output — The following table describes the packet statistics for the router IP interfaces. Label Description The interface name Ifname The administrative status of the router interface. Admin State 7710 SR OS Router Configuration Guide Page 189...
Page 190 : Up Version : Peakflow TMS 5.6 (build BF42) Mitigations Status message : (Unavailable) =============================================================================== Summary IP Interface Output — The following table describes the summary output fields for the router IP interfaces. Page 190 7710 SR OS Router Configuration Guide...
Page 191 AdminTag ------------------------------------------------------------------------------- 1.1.1.0/24 [L] 7540 1/Int. 6109 60.60.1.1 ------------------------------------------------------------------------------- No. of Routes: 1 Flags: L = LFA nexthop available =============================================================================== *A:SRR# *A:SRR# show router isis routes 1.1.1.0/24 alternative =============================================================================== Route Table =============================================================================== 7710 SR OS Router Configuration Guide Page 191...
Page 192 Flags: L = LFA nexthop available ============================================================================ *A:Dut-B# *A:Dut-B# show router isis routes alternative ============================================================================ Route Table ============================================================================ Prefix [Flags] Metric Lvl/Typ Ver. SysID/Hostname NextHop AdminTag Alt-Nexthop Alt-Metric ---------------------------------------------------------------------------- 10.20.1.2/32 1/Int. Dut-B 0.0.0.0 Page 192 7710 SR OS Router Configuration Guide...
Page 193 Push 131071 1/1/1 10.10.1.2 10.20.1.2/32 Swap 131070 131071 1/1/1 10.10.1.2 10.20.1.2/32 Push 262141BU 1/1/2 10.10.2.3 10.20.1.2/32 Swap 131070 262141BU 1/1/2 10.10.2.3 10.20.1.3/32 Push 131069BU 1/1/1 10.10.1.2 10.20.1.3/32 Swap 131069 131069BU 1/1/1 10.10.1.2 7710 SR OS Router Configuration Guide Page 193...
Page 194 131067U 131067 1/1/1 10.10.1.2 10.20.1.5/32 10.20.1.3 131067N 262139 1/1/2 10.10.2.3 10.20.1.6/32 10.20.1.2 131066N 131066 1/1/1 10.10.1.2 10.20.1.6/32 10.20.1.3 131066BU 262138 1/1/2 10.10.2.3 ------------------------------------------------------------------------ No. of Prefix Bindings: 12 ======================================================================== LDP P2MP Bindings Page 194 7710 SR OS Router Configuration Guide...
Page 195 : N/A hello-multiplier : 35 * 0.1 tracking support : Disabled Improved Assert : N/A spmsi : pim-ssm 225.0.0.0/32 join-tlv-packing : N/A data-delay-interval: 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps 7710 SR OS Router Configuration Guide Page 195...
Page 196 Specifies whether a neighbor is a router. Displays the MTU size. Sample Output B:CORE2# show router neighbor =============================================================================== Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface MAC Address State Expiry Type ------------------------------------------------------------------------------- FE80::203:FAFF:FE78:5C88 net1_1_2 00:16:4d:50:17:a3 STALE 03h52m08s Dynamic Page 196 7710 SR OS Router Configuration Guide...
Page 197 : Network domain 1 No. Of Ifs Associated No. Of SDPs Associated ------------------------------------------------------------------------------- Network Domain : default ------------------------------------------------------------------------------- Description : Default Network Domain No. Of Ifs Associated No. Of SDPs Associated =============================================================================== *A:Dut-T>config>router# 7710 SR OS Router Configuration Guide Page 197...
Page 198 — Specify the admin keyword to display the entities configured in the config>router>policy- options context. Policy Output — The following table describes policy output fields. Output Label Description The policy name. Policy Displays the description of the policy. Description Page 198 7710 SR OS Router Configuration Guide...
Page 199 — Displays routes only matching the specified ip-address and length. ipv4-prefix: a.b.c.d (host bits must be set to 0) Values ipv4-prefix-length: 0 — 32 ipv6 ipv6-prefix[/pref*: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H 7710 SR OS Router Configuration Guide Page 199...
Page 200 Next Hop[Interface Name] Metric ---------------------------------------------------------------------------- 10.10.1.0/24 Local Local 00h01m25s 0 ip-10.10.1.2 0 10.10.2.0/24 [L] Remote ISIS 00h00m58s 15 10.10.12.3 13 10.10.3.0/24 Local Local 00h01m25s 0 ip-10.10.3.2 0 10.10.4.0/24 Local Local 00h01m25s 0 ip-10.10.4.2 0 Page 200 7710 SR OS Router Configuration Guide...
Page 201 10.10.6.0/24 Remote ISIS 00h02m01s 15 10.10.4.4 20 10.10.12.3 (LFA) 13 10.10.9.0/24 Remote ISIS 00h02m01s 15 10.10.4.4 20 10.10.12.3 (LFA) 13 10.10.10.0/24 Remote ISIS 00h02m01s 15 10.10.12.3 23 10.10.4.4 (LFA) 20 10.10.11.0/24 Remote ISIS 00h02m01s 15 7710 SR OS Router Configuration Guide Page 201...
Page 202 A:ALA# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 11.2.103.0/24 Remote OSPF 00h59m02s 21.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s 22.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s Page 202 7710 SR OS Router Configuration Guide...
Page 203 =============================================================================== + : indicates that the route matches on a longer prefix A:ALA-A# *A:Dut-C# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric 7710 SR OS Router Configuration Guide Page 203...
Page 204 10.10.15.0/24 10.10.13.1 Remote OSPF 58836 2000 10.10.24.0/24 10.10.34.4 Remote OSPF 3523 2000 10.10.25.0/24 10.10.35.5 Remote OSPF 399059 2000 10.10.45.0/24 10.10.34.4 Remote OSPF 3523 2000 ------------------------------------------------------------------------------- A:ALA-A# show router route-table 131.132.133.134/32 next-hop-type tunneled Page 204 7710 SR OS Router Configuration Guide...
Page 205 =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 100.0.0.1/32 Remote 00h23m07s vprn1:mda-2-1 ------------------------------------------------------------------------------- No. of Routes: 1 Flags: L = LFA nexthop available B = BGP backup route available 7710 SR OS Router Configuration Guide Page 205...
Page 206 Sample Output A:ALA-A# show router route-table summary =============================================================================== Route Table Summary =============================================================================== Active Available ------------------------------------------------------------------------------- Static Direct OSPF ISIS Aggregate ------------------------------------------------------------------------------- Total =============================================================================== A:ALA-A# *A:SRR# show router route-table summary =============================================================================== Page 206 7710 SR OS Router Configuration Guide...
Page 207 Router-Advertisement Table Output — The following table describes the output fields for router- Output advertisement. Label Description The number of router advertisements sent and time since they were Rtr Advertisement sent. Tx/Last Sent 7710 SR OS Router Configuration Guide Page 207...
Page 208 False — Indicates there are no other stateful configurations. Displays the router lifetime in seconds. Router Lifetime Displays the current hop limit. Hop Limit Sample Output A:Dut-A# show router rtr-advertisement ======================================================================= Router Advertisement ======================================================================= ------------------------------------------------------------------------------- Interface: interfaceNetworkNonDefault Page 208 7710 SR OS Router Configuration Guide...
Page 209 Valid Lifetime : infinite Prefix: 24::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 00h00m00s Valid Lifetime : 00h00m00s Prefix: 25::/120 Autonomous Flag : TRUE On-link flag : TRUE 7710 SR OS Router Configuration Guide Page 209...
Page 210 Retransmit Time messages. Displays the current hop limit Hop Limit The MTU number the nodes use for sending packets on the link. Link MTU Sample Output A:Dut-A# show>router# rtr-advertisement conflicts =============================================================================== Router Advertisement Page 210 7710 SR OS Router Configuration Guide...
Page 211 Preferred Lifetime: 07d00h00m [infinite] Valid Lifetime : 30d00h00m [infinite] Prefix not present in own router advertisement Prefix: 24::/119 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m 7710 SR OS Router Configuration Guide Page 211...
Page 212 The IP interface name associated with the ARP entry. Interface The number of ARP entries displayed in the list. No. of ARP Entries Sample Output A:ALA-A# show router static-arp =============================================================================== ARP Table Page 212 7710 SR OS Router Configuration Guide...
Page 213 [family] [[ip-prefix /mask] | [preference preference] | [next-hop ip-address] | tag tag] Context show>router This command displays the static entries in the routing table. If no options are present, all static routes Description are displayed sorted by prefix. 7710 SR OS Router Configuration Guide Page 213...
Page 214 IP address or an Nexthop egress IP interface name. The next hop for the static route destination. Next Hop The protocol through which the route was learned. Protocol Page 214 7710 SR OS Router Configuration Guide...
Page 215 A:ALA-A# show router static-route preference 4 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route next-hop 10.10.0.254 =============================================================================== Route Table =============================================================================== 7710 SR OS Router Configuration Guide Page 215...
Page 216 Community : 100:33 CPE-check : disabled ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== service-prefix Syntax service-prefix This command displays the address ranges reserved by this node for services sorted by prefix. Description Page 216 7710 SR OS Router Configuration Guide...
Page 217 — The specific application. Parameters arp, bgp, cflowd, dhcp, dns, ftp, icmp, igmp, isis, ldp, mld, msdp, ndis, ntp, ospf, Values pimradius, rip, rsvpsnmp, snmp-notification, srrp, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp, pppoe 7710 SR OS Router Configuration Guide Page 217...
Page 218 The maximum number of routes configured for the system. Max Routes The total number of routes in the route table. Total Routes The number of ECMP routes configured for path sharing. ECMP Max Routes Page 218 7710 SR OS Router Configuration Guide...
Page 219 Oper State ---------------------------------------------------------------- Router OSPFv2-0 OSPFv2-1 Down Down OSPFv2-2 Down Down OSPFv2-3 Down Down OSPFv2-4 Down Down OSPFv2-5 Down Down OSPFv2-6 Down Down OSPFv2-7 Down Down OSPFv2-8 Down Down OSPFv2-9 Down Down 7710 SR OS Router Configuration Guide Page 219...
Page 220 Triggered Policies ================================================================ *A:Performance# Syntax tms routes Context show>router router-instance This command displays Threat Management Services related information. The router instance must be Description specified. Sample Output show router <router-instance> tms routes ------------------------------------------- Page 220 7710 SR OS Router Configuration Guide...
Page 221 — Dislays LDP protocol information. sdp sdp-id — Displays information pertaining to the specified SDP. summary — Displays summary tunnel table information. Tunnel Table Output — The following table describes tunnel table output fields. Output 7710 SR OS Router Configuration Guide Page 221...
Page 222 Admin ControlWord : Not Preferred Oper ControlWord : False Last Status Change : 12/14/2012 12:42:22 Signaling : None Last Mgmt Change : 12/14/2012 12:42:19 Force Vlan-Vc : Disabled Endpoint : N/A Precedence Page 222 7710 SR OS Router Configuration Guide...
Page 223 MCAC In use Mand BW: 0 MCAC Avail Mand BW: unlimited MCAC In use Opnl BW: 0 MCAC Avail Opnl BW: unlimited ----------------------------------------------------------------------- RSVP/Static LSPs ----------------------------------------------------------------------- Associated LSP List : No LSPs Associated 7710 SR OS Router Configuration Guide Page 223...
Page 224 *A:Dut-C# show router tunnel-table sdp 17407 ======================================================================== Tunnel Table (Router: Base) ======================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------ 127.0.68.0/32 MPLS 17407 127.0.68.0 ======================================================================== A:ALA-A>config>service# show router tunnel-table =============================================================================== Tunnel Table ================================================================== DestinationOwnerEncapTunnel IdPrefNexthopMetric Page 224 7710 SR OS Router Configuration Guide...
Page 225 Context show>router>l2tp This command displays L2TP statistics. Description Sample Output *A:Dut-C# show router l2tp statistics =============================================================================== L2TP Statistics =============================================================================== Tunnels Sessions ------------------------------------------------------------------------------- Active Active Setup history since 04/17/2009 18:38:41 Total Total 7710 SR OS Router Configuration Guide Page 225...
Page 226 Show Commands Failed Failed Failed Auth =============================================================================== *A:Dut-C# ipv6-address x:x:x:x:x:x:x:x[-interface] Values x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 characters maximum, mandatory for link local addresses Page 226 7710 SR OS Router Configuration Guide...
Page 227: Clear Commands
— Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. Description 7710 SR OS Router Configuration Guide Page 227...
Page 228 Syntax dhcp Context clear>router This command enables the context to clear DHCP related information. Description dhcp6 Syntax dhcp6 Context clear>router This command enables the context to clear DHCP6 related information. Description Page 228 7710 SR OS Router Configuration Guide...
Page 229 This command deletes routes created as a result of ICMP redirects received on the management Description interface. all — Clears all routes. Parameters ip-address — Clears the routes associated with the specified IP address. 7710 SR OS Router Configuration Guide Page 229...
Page 230 — - Resets the statistics associated with uRPF failures. statistics — - Resets the IP interface traffic statistics. l2tp Syntax l2pt Context clear>router This command enables the context to clear L2PT data. Description Page 230 7710 SR OS Router Configuration Guide...
Page 231 If no IP address or interface name is specified, then statistics are cleared for all configured interfaces. If an IP address or interface name is specified, then only data regarding the specified interface is cleared. ip-address | ip-int-name — Displays statistics for the specified IP interface. Parameters 7710 SR OS Router Configuration Guide Page 231...
Page 232 Context clear>router This command clears all router advertisement counters. Description all — Clears all router advertisement counters for all interfaces. Parameters interface interface-name — Clear router advertisement counters for the specified interface. Page 232 7710 SR OS Router Configuration Guide...
Page 233: Debug Commands
Syntax router router-instance Context debug This command configures debugging for a router instance. Description router-instance — Specify the router name or service ID. Parameters Base, management Values router-name: 1 — 2147483647 service-id: 7710 SR OS Router Configuration Guide Page 233...
Page 234 This command enables ICMP6 debugging. Description interface Syntax [no] interface [ip-int-name | ip-address| ipv6-address | ipv6-address] Context debug>router>ip This command displays the router IP interface table sorted by interface index. Description Page 234 7710 SR OS Router Configuration Guide...
Page 235 — The IP prefix for prefix list entry in dotted decimal notation. Parameters ipv4-prefix a.b.c.d (host bits must be 0) Values ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H 7710 SR OS Router Configuration Guide Page 235...
Page 236 Syntax [no] misc Context debug>router>mtrace This command enables debugging for mtrace miscellaneous. Description packet Syntax [no] packet [query | request | response] Context debug>router>mtrace This command enables debugging for mtrace packets. Description Page 236 7710 SR OS Router Configuration Guide...
Page 237 Syntax [no] misc Context debug>router>mtrace This command enables debugging for mtrace miscellaneous. Description packet Syntax [no] packet [query | request | response] Context debug>router>mtrace This command enables debugging for mtrace packets. Description 7710 SR OS Router Configuration Guide Page 237...
Page 238 Debug Commands Page 238 7710 SR OS Router Configuration Guide...
Page 239: Vrrp
 Non-Owner Access SSH on page 260  VRRP Advertisement Message IP Address List Verification on page 250 • VRRP Configuration Process Overview on page 261 • Configuration Notes on page 262 7710 SR OS Router Configuration Guide Page 239...
Page 240: Figure 12: Vrrp Configuration
VRRP configuration. Internet Backup Master Backup Non-Owner Owner Non-Owner ALA-1 ALA-2 ALA-3 vrld 100 vrld 100 vrld 100 Priority 200 Priority 150 Virtual Router ID (VRID) OSRG006 Figure 12: VRRP Configuration Page 240 7710 SR OS Router Configuration Guide...
Page 241: Vrrp Components
This is a common mechanism that allows multiple local subnet attachment on a single routing interface. Up to four virtual routers are possible on a single Alcatel-Lucent IP interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine and messaging instance.
Page 242 An IP interface must always have a primary IP address assigned for VRRP to be active on the interface. Alcatel-Lucent routers supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 243 VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis. For information about non-owner access parameters, refer to VRRP Non-Owner Accessibility on page 259. 7710 SR OS Router Configuration Guide Page 243...
Page 244: Configurable Parameters
Configurable Parameters In addition to backup IP addresses, to facilitate configuration of a virtual router on Alcatel-Lucent routers, the following parameters can be defined in owner configurations: • Virtual Router ID (VRID) on page 244 • Message Interval and Master Inheritance on page 246 •...
Page 245: Ip Addresses
These are the IP addresses being used by hosts on the LAN as gateway addresses. Multi-netting supports 16 IP addresses on the IP interface, up to 16 addresses can be assigned to a specific a virtual router instance. 7710 SR OS Router Configuration Guide Page 245...
Page 246: Message Interval And Master Inheritance
Skew Time = (((256 - priority) * Master_Adver_Interval) / 256) centiseconds The higher priority value, the smaller the skew time will be. This means that virtual routers with a lower priority will transition to master slower than virtual routers with higher priorities. Page 246 7710 SR OS Router Configuration Guide...
Page 247: Master Down Interval
If preempt disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router. 7710 SR OS Router Configuration Guide Page 247...
Page 248: Vrrp Message Authentication
 IP header destination IP address – Must be 224.0.0.18  IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops  IP header protocol field – must be 112 (decimal) Page 248 7710 SR OS Router Configuration Guide...
Page 249  Authentication data fields – Must be equal to the VRID configured simple text password Any VRRP message not meeting the type 0 verification checks with the exceptions above are silently discarded. 7710 SR OS Router Configuration Guide Page 249...
Page 250: Authentication Data
VRRP advertisement messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The Alcatel-Lucent routersimplementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 251: Inherit Master Vrrp Router's Advertisement Interval Timer
Policies can only be configured in the non-owner VRRP context. For non-owner virtual router instances, if policies are not configured, then the base priority is used as the in-use priority. 7710 SR OS Router Configuration Guide Page 251...
Page 252: Vrrp Priority Control Policies
The base priority is the starting priority for the VRRP instance. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy. Page 252 7710 SR OS Router Configuration Guide...
Page 253: Vrrp Priority Control Policy Delta In-Use Priority Limit
The allowed range of the Delta In-Use Priority Limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance. 7710 SR OS Router Configuration Guide Page 253...
Page 254: Vrrp Priority Control Policy Priority Events
This extends the amount of time that must expire before entering the cleared state. For an example of a hold-set timer setting, refer to LAG Degrade Priority Event on page 255. Page 254 7710 SR OS Router Configuration Guide...
Page 255: Port Down Priority Event
Table 6: LAG Events Time LAG Port State Parameter State Comments All ports down Event State Set - 8 ports down Event Threshold 6 ports down Hold Set Timer 5 seconds Set to hold-set parameter 7710 SR OS Router Configuration Guide Page 255...
Page 256 Event Threshold 2 ports down Hold Set Timer Expired Four ports down Event State Set - 2 ports down Event Threshold 4 ports down Hold Set Timer 5 seconds Set to hold-set parameter Page 256 7710 SR OS Router Configuration Guide...
Page 257: Host Unreachable Priority Event
The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next hop parameter can be defined. 7710 SR OS Router Configuration Guide Page 257...
Page 258 When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set. Page 258 7710 SR OS Router Configuration Guide...
Page 259: Vrrp Non-Owner Accessibility
IP address. When non-owner access Telnet is disabled on a virtual router instance, Telnet sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. 7710 SR OS Router Configuration Guide Page 259...
Page 260: Non-Owner Access Ssh
IP address. SSH is applicable to IPv4 VRRP only. When non-owner access SSH is disabled on a virtual router instance, SSH sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. Page 260 7710 SR OS Router Configuration Guide...
Page 261: Vrrp Configuration Process Overview
SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) ENABLE Figure 13: VRRP Configuration and Implementation Flow 7710 SR OS Router Configuration Guide Page 261...
Page 262: Configuration Notes
The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list.  For IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance. Page 262 7710 SR OS Router Configuration Guide...
Page 263: Configuring Vrrp With Cli
Modifying Service and Interface VRRP Parameters on page 278 • Modifying Non-Owner Parameters on page 278 • Modifying Owner Parameters on page 278 • Deleting VRRP on an Interface or Service on page 278 7710 SR OS Router Configuration Guide Page 263...
Page 264: Vrrp Configuration Overview
The service customer account must be created prior to configuring an IES or VPRN VRRP instance. • The interface address must be specified in the both the owner and non-owner IES, VPRN or router interface instances. Page 264 7710 SR OS Router Configuration Guide...
Page 265: Basic Vrrp Configurations
100 delta exit port-down 1/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta protocol bgp exit exit ---------------------------------------------- 7710 SR OS Router Configuration Guide Page 265...
Page 266: Vrrp Ies Service Parameters
10.10.36.2 authentication-type password authentication-key "testabc" exit exit interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 266 7710 SR OS Router Configuration Guide...
Page 267: Configure Vrrp For Ipv6
FD10:D68F:1:221::FFFD/64 link-local-address FE80::D68F:1:221:FFFD preferred vrrp 219 backup FE80::D68F:1:221:FFFF priority 254 ping-reply exit exit sap ccag-1.a:921 create description "cross connect to VPLS 921" exit exit no shutdown ---------------------------------------------- *A:nlt7750-3>config>service>ies# 7710 SR OS Router Configuration Guide Page 267...
Page 268: Vrrp Router Interface Parameters
"system" address 10.10.0.4/32 exit interface "test1" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 268 7710 SR OS Router Configuration Guide...
Page 269: Common Configuration Tasks
In addition to the common parameters, the following non-owner commands can be configured: • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply (IPv4 only) • [no] shutdown 7710 SR OS Router Configuration Guide Page 269...
Page 270: Creating Interface Parameters
A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA" address 123.123.123.123/24 exit interface "testB" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# Page 270 7710 SR OS Router Configuration Guide...
Page 271: Configuring Vrrp Policy Components
The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# 7710 SR OS Router Configuration Guide Page 271...
Page 272: Configuring Service Vrrp Parameters
The following displays a basic non-owner VRRP configuration example: A:SR2>config>service>ies# info ---------------------------------------------- interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 272 7710 SR OS Router Configuration Guide...
Page 273: Owner Service Vrrp
The following displays the owner VRRP configuration example: A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# 7710 SR OS Router Configuration Guide Page 273...
Page 274: Configuring Router Interface Vrrp Parameters
A:SR2>config># info #------------------------------------------ interface "if-test" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply telnet-reply authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config># Page 274 7710 SR OS Router Configuration Guide...
Page 275: Router Interface Vrrp Owner
Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# 7710 SR OS Router Configuration Guide Page 275...
Page 276: Vrrp Configuration Management Tasks
The following example displays the modified VRRP policy configuration: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit port-down 1/1/3 priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# Page 276 7710 SR OS Router Configuration Guide...
Page 277: Deleting A Vrrp Policy
Applied applied to an entity. A:SR2# =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- 200 Explicit None None None None =============================================================================== A:SR2# 7710 SR OS Router Configuration Guide Page 277...
Page 278: Modifying Service And Interface Vrrp Parameters
The following example displays the command usage to delete a VRRP instance from an interface or IES service: Example: config>service#ies 10 config>service>ies# interface “test” config>service>ies>if# vrrp 1 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all Page 278 7710 SR OS Router Configuration Guide...
Page 279: Vrrp Command Reference
Router Interface IPv6 Commands on page 281 • Router Interface IPv6 VRRP Commands on page 282 • VRRP Priority Control Event Policy Commands on page 282 • Show Commands on page 284 • Clear Commands on page 284 7710 SR OS Router Configuration Guide Page 279...
Page 280 — [no] traceroute-reply * Note that VRRP commands are applicable to router interfaces, IES interfaces and VPRN, The authentication-key, authentication-type, bfd-enable, and ssh-reply commands are applicable only to IPv4 contexts, not IPv6. Page 280 7710 SR OS Router Configuration Guide...
Page 281 — no unreachables ipv6-address [preferred] — link-local-address — no link-local-address — [no] local-proxy-nd ipv6-address [mac-address] — neighbor — no neighbor ipv6-address policy-name [ policy-name...(up to 5 max)] — proxy-nd-policy — no proxy-nd-policy 7710 SR OS Router Configuration Guide Page 281...
Page 282 — no hold-clear — hold-set seconds — no hold-set — interval seconds — no interval — padding-size size — no padding-size priority-level [{delta | explicit}] — priority — no priority — timeout seconds Page 282 7710 SR OS Router Configuration Guide...
Page 283 — no priority — protocol protocol — no protocol[protocol] — [no] protocol — [no] protocol bgp -vpn — [no] protocol ospf — [no] protocol isis — [no] protocol — [no] protocol static 7710 SR OS Router Configuration Guide Page 283...
Page 284 [vrid virtual-router-id] — no events — no events interface ip-int-name vrid virtual-router-id ipv6 — packets interface ip-int-name [vrid virtual-router-id] — packets — packets interface ip-int-name vrid virtual-router-id ipv6 — no packets Page 284 7710 SR OS Router Configuration Guide...
Page 285 VRRP interface ip-int-name [vrid virtual-router-id] — no packets — no packets interface ip-int-name vrid virtual-router-id ipv6 7710 SR OS Router Configuration Guide Page 285...
Page 286 Page 286 7710 SR OS Router Configuration Guide...
Page 287: Configuration Commands
— The authentication key. Allowed values are any string up to 8 characters long Parameters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 287...
Page 288 IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. Page 288 7710 SR OS Router Configuration Guide...
Page 289 Parent IP addresses: 10.10.10.10/24 11.11.11.11/24 Virtual router IP addresses: 10.10.10.11 Invalid (not equal to parent IP address) 10.10.10.10 Associated (same as parent IP address 10.10.10.10) 10.10.11.11 Invalid (not equal to parent IP address) 7710 SR OS Router Configuration Guide Page 289...
Page 290 IP interface IP address is attempted and fails. All virtual router IP addresses associated with the parental IP interface IP address must be deleted prior Page 290 7710 SR OS Router Configuration Guide...
Page 291 A single virtual router instance may only have a single virtual router IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. 7710 SR OS Router Configuration Guide Page 291...
Page 292 IP interface assigned IP addresses. The virtual router IP address must be a valid IP address within one of Page 292 7710 SR OS Router Configuration Guide...
Page 293 IP address must be in the same subnet of the parental IP interface IP address or equal to one of the the parent interface addresses for owner virtual router instances. ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) Values x:x:x:x:x:x::d.d.d.d x: [0..FFFF]H d: [0..255]D 7710 SR OS Router Configuration Guide Page 293...
Page 294 Context config>router>if>vrrp config>router>if>ipv6>vrrp This command configures a VRRP initialization delay timer. Description seconds — Specifies the initialization delay timer for VRRP, in seconds. Parameters 1 — 65535 Values Page 294 7710 SR OS Router Configuration Guide...
Page 295 The master-int-inherit command has no effect when the virtual router instance is operating as master. 7710 SR OS Router Configuration Guide Page 295...
Page 296 The skew time portion is used to slow down virtual routers with relatively low priority values when competing in the master election process. The command is available in both non-owner and owner vrrp nodal contexts. Page 296 7710 SR OS Router Configuration Guide...
Page 297 Default policy-id — The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp- Parameters policy-id must already exist for the command to function. 1 — 9999 Values 7710 SR OS Router Configuration Guide Page 297...
Page 298 Syntax priority base-priority no priority Context config>router>if>vrrp config>router>if>ipv6>vrrp This command configures the base router priority for the virtual router instance used in the master Description election process. Page 298 7710 SR OS Router Configuration Guide...
Page 299 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. 7710 SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
Page 300 Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Page 300 7710 SR OS Router Configuration Guide...
Page 301 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. This limitation can be disregarded for certain applications. Ping, SSH and Telnet can each be individually enabled or disabled on a per-virtual-router-instance basis. 7710 SR OS Router Configuration Guide Page 301...
Page 302 The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router. Page 302 7710 SR OS Router Configuration Guide...
Page 303 IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot 7710 SR OS Router Configuration Guide Page 303...
Page 304 The vrid must be deleted and than recreated without the owner keyword to remove ownership. Page 304 7710 SR OS Router Configuration Guide...
Page 305: Priority Policy Commands
Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base- priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. 1 — 254 Values 7710 SR OS Router Configuration Guide Page 305...
Page 306 The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail. none Default Page 306 7710 SR OS Router Configuration Guide...
Page 307 A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance. Up to 32 priority control events can be configured within the priority-event node. The no form of the command clears any configured priority events. 7710 SR OS Router Configuration Guide Page 307...
Page 308: Priority Policy Event Commands
It is possible, on some event types, to have another set action reload the hold-set timer. This extends the amount of time that must expire before entering the cleared state. Page 308 7710 SR OS Router Configuration Guide...
Page 309 If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, thus, there is no impact on the in-use priority. The no form of the command reverts to the default values. 7710 SR OS Router Configuration Guide Page 309...
Page 310 VRRP virtual router instance depending on the operational state of the event. tunnel-grp-id — Identifies the multi-chassis IPSec tunnel group whose non-forwarding state is Parameters monitored by this priority control event. Page 310 7710 SR OS Router Configuration Guide...
Page 311: Priority Policy Port Down Event Commands
The events hold-set timer has no effect on the removal procedure. no port-down — No port down priority control events are defined. Default port-id — The port ID of the port monitored by the VRRP priority control event. Parameters 7710 SR OS Router Configuration Guide Page 311...
Page 312 If the port is not provisioned, the event operational state is Set – non-provisioned. If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port. Page 312 7710 SR OS Router Configuration Guide...
Page 313: Priority Policy Lag Events Commands
If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7710 SR OS Router Configuration Guide Page 313...
Page 314 A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold. Page 314 7710 SR OS Router Configuration Guide...
Page 315 LAG equals or exceeds number-of- lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. 1 — 8 Values 7710 SR OS Router Configuration Guide Page 315...
Page 316: Priority Policy Host Unreachable Event Commands
A host unreachable priority event creates a continuous ICMP echo request (ping) probe to the specified ip-address. If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared. Page 316 7710 SR OS Router Configuration Guide...
Page 317 As the event transitions from clear to set, a hold set timer is loaded with the value configured by the events hold-set command. This timer 7710 SR OS Router Configuration Guide Page 317...
Page 318 The no form of the command reverts to the default value. Default seconds — The number of seconds between the ICMP echo request messages sent to the host IP Parameters address for the host unreachable priority event. 1 — 60 Values Page 318 7710 SR OS Router Configuration Guide...
Page 319 If an ICMP echo reply message with the same sequence number as an outstanding ICMP echo request message is received prior to that message timing out, the request is considered successful. The consecutive message drop counter is cleared and the request message no longer is outstanding. 7710 SR OS Router Configuration Guide Page 319...
Page 320 — The number of seconds before an ICMP echo request message is timed out. Once a Parameters message is timed out, a reply with the same identifier and sequence number is discarded. 1 — 60 Values Page 320 7710 SR OS Router Configuration Guide...
Page 321: Priority Policy Route Unknown Event Commands
The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information. 7710 SR OS Router Configuration Guide Page 321...
Page 322 — This parameter defines BGP as an eligible route source for a returned route prefix from the Parameters RTM when looking up the route-unknown route prefix. The bgp parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp parameter, Page 322 7710 SR OS Router Configuration Guide...
Page 323 If the route prefix is removed, becomes inactive or fails to meet the event criteria, the event is in the set state. The command creates a route-unknown node identified by prefix/mask-length and containing event control commands. 7710 SR OS Router Configuration Guide Page 323...
Page 324 The no form of the command is used to remove the specific prefix/mask-length monitoring event. The event can be removed at anytime. When the event is removed, the in-use priority of all associated Page 324 7710 SR OS Router Configuration Guide...
Page 325 (host bits must be 0) Values ip-prefix/mask: mask 0 — 32 ipv6-address/prefix: ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H prefix-length 1 — 128 7710 SR OS Router Configuration Guide Page 325...
Page 326 Page 326 7710 SR OS Router Configuration Guide...
Page 327: Show Commands
Down — Indicates that the administrative state of the VRRP instance is down. Up — Indicates that the operational state of the VRRP instance is up. Down — Indicates that the operational state of the VRRP instance is down. 7710 SR OS Router Configuration Guide Page 327...
Page 328 VRRP master with a lower priority. No — The preempt mode is disabled and prevents the non-owner vir- tual router instance from preempting another, less desirable virtual router. Page 328 7710 SR OS Router Configuration Guide...
Page 329 Master Since to master. For a backup virtual router, this value specifies the date and time when it received the first VRRP advertisement message from the virtual router which is the current master. 7710 SR OS Router Configuration Guide Page 329...
Page 330 Become Master Master Changes Adv Sent : 103 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Page 330 7710 SR OS Router Configuration Guide...
Page 331 : 23 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors 7710 SR OS Router Configuration Guide Page 331...
Page 332 When multiple explicitly defined events associated with the priority Current Explicit control policy happen simultaneously, the lowest value of all the cur- rent explicit priorities will be used as the in-use priority for the virtual router. Page 332 7710 SR OS Router Configuration Guide...
Page 333 If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation. 7710 SR OS Router Configuration Guide Page 333...
Page 334 Event Type & ID Event Oper State Hold Set Priority In Remaining &Effect ------------------------------------------------------------------------------- Host Unreach 10.10.200.252 Expired 20 Del Host Unreach 10.10.200.253 Expired 10 Del Route Unknown 10.10.100.0/24 Expired 1 Exp =============================================================================== A:ALA-A# Page 334 7710 SR OS Router Configuration Guide...
Page 335 Down — Indicates that the operational state of the VRRP instance is down. The base priority used by the virtual router instance. Base Pri The current in-use priority associated with the VRRP virtual router InUse Priority instance. 7710 SR OS Router Configuration Guide Page 335...
Page 336 Yes — The event is currently affecting the in-use priority of some Value In Use virtual router. Page 336 7710 SR OS Router Configuration Guide...
Page 337 Priority Control Event Host Unreachable 10.10.200.252 ------------------------------------------------------------------------------- Priority : 20 Priority Effect : Delta Interval : 1 sec Timeout : 1 sec Drop Count Hold Set Config : 0 sec Hold Set Remaining: Expired 7710 SR OS Router Configuration Guide Page 337...
Page 338: Table 7: Show Vrrp Statistics Output
Table 7: Show VRRP Statistics Output Label Description Displays the number of virtual router ID errors. VR Id Errors Displays the number of version errors. Version Errors Displays the number of checksum errors. Checksum Errors Page 338 7710 SR OS Router Configuration Guide...
Page 339 VRRP Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# 7710 SR OS Router Configuration Guide Page 339...
Page 340 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Total Discards =============================================================================== Page 340 7710 SR OS Router Configuration Guide...
Page 341 Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors Auth Failures Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 =============================================================================== *A:ALA-A# 7710 SR OS Router Configuration Guide Page 341...
Page 342: Clear Commands
This command clears statistics for VRRP instances on an IP interface or VRRP priority control poli- Description cies. interface ip-int-name — Clears the VRRP statistics for all VRRP instances on the specified IP inter- Parameters face. Page 342 7710 SR OS Router Configuration Guide...
Page 343 [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. All VRRP policies. Default 1 — 9999 Values ipv6 — Clears IPv6 statistics for the specified interface. 7710 SR OS Router Configuration Guide Page 343...
Page 344: Vrrp Debug Commands
This command enables debugging for VRRP packets. Description The no form of the command disables debugging. ip-int-name — Displays the specified interface name. Parameters vrid virtual-router-id — Displays the specified VRID. Page 344 7710 SR OS Router Configuration Guide...
Page 345: Filter Policies
Filter Policy Entities on page 347  Redirect Policies on page 352  Web Redirection (Captive Portal) on page 353 • Creating and Applying ACL Policies on page 355 • Configuration Notes on page 365 7710 SR OS Router Configuration Guide Page 345...
Page 346: Acl Filter Policy Overview
IP header of the packet. Note that non-IP packets are not hitting an IP filter policy, so the default action in the IP filter policy will not apply to these packets. Page 346 7710 SR OS Router Configuration Guide...
Page 347: Filter Policy Entities
 configure log ID to enable filter logging for this entry.  control how cflowd sampling is done for an IP interface based on IP interface cflowd configuration and the filter entry cflowd configuration. 7710 SR OS Router Configuration Guide Page 347...
Page 348: Applying Filter Policies
Epipe SAP, spoke SDP Fpipe SAP, spoke SDP Fpipe SAP, spoke SDP Fpipe SAP, spoke SDP Ipipe SAP, spoke SDP Ipipe SAP, spoke SDP Ipipe SAP, spoke SDP Pseudowire template Pseudowire template Pseudowire template • Page 348 7710 SR OS Router Configuration Guide...
Page 349: Match-List For Filter Policies
Figure 15 depicts how the IOM/CPM filter policy illustrated at the top of this section changes with a filter match list usage (using IPv4 address prefix list in this example). 7710 SR OS Router Configuration Guide Page 349...
Page 350: Auto-Generation Of Filter-Policy Address Prefix Match Lists
IPv4 or IPv6 address prefix match lists based on operator-configured criteria. When the configuration on a router changes, the match lists address prefixes are automatically updated and, in-turn, all filter policies (CPM or IOM) that use these match lists are automatically updated. Page 350 7710 SR OS Router Configuration Guide...
Page 351 An operator must free resources and change filter policy configuration or must change BGP configuration to recover from this failure. 7710 SR OS Router Configuration Guide Page 351...
Page 352: Redirect Policies
IPv4 address as an indirect next hop Policy Based Route (PBR) action. Page 352 7710 SR OS Router Configuration Guide...
Page 353: Web Redirection (Captive Portal)
5. The customer’s web browser will then close the original connection and open a new connec- tion to the web portal. 6. The web portal updates the ACL (directly or through SSC) to remove the redirection policy. 7. The customer connects to the original site. 7710 SR OS Router Configuration Guide Page 353...
Page 354: Figure 16: Web Redirect Traffic Flow
Refer to the subscriber management section of the SROS Triple Play Guide and the SR OS Router Configuration Guide. Since most web sites are accessed using the domain name the router allows either DNS queries or responds to DNS with the portal’s IP address. Page 354 7710 SR OS Router Configuration Guide...
Page 355: Creating And Applying Acl Policies
ASSOCIATE FILTER ID TO SAP SAVE CONFIGURATION Figure 17: Filter Creation and Implementation Flow Figure 18 displays the process to create a filter policy and apply that policy to a service or network port. 7710 SR OS Router Configuration Guide Page 355...
Page 356: Figure 18: Creating And Applying Filter Policies
CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE SELECT NETWORK PORT OR IP INTERFACE ASSOCIATE FILTER ID or FILTER NAME SAVE CONFIGURATION Figure 18: Creating and Applying Filter Policies Page 356 7710 SR OS Router Configuration Guide...
Page 357: Applying Filters
If the packets do not match any filter entries, they are discarded or forwarded based on the default action specified in the policy. 7710 SR OS Router Configuration Guide Page 357...
Page 358: Packet Match Criteria
MAC filters. Type and scale of each criteria supported depends on the platform, please see your Alcatel-Lucent representative for further details. As few or as many match parameters can be specified as required, but all conditions within a single filter policy entry must be met in order for the packet to be considered a match and the specified action performed.
Page 359: Dscp Values
A new mac-filter type attribute is defined to control the use of inner-tag/outer-tag match criteria and must be set to vid to allow the use of inner-tag/outer0-tag match criteria. DSCP Values 7710 SR OS Router Configuration Guide Page 359...
Page 360: Table 9: Dscp Name To Dscp Value Table
DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 af33 cp21 Page 360 7710 SR OS Router Configuration Guide...
Page 361 DSCP Value DSCP Value DSCP Value cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 7710 SR OS Router Configuration Guide Page 361...
Page 362: Ip Option Values
Experimental Access Control [Estrin] IMITD IMI Traffic Descriptor Extended Internet Protocol ADDEXT Address Extension RTRALT Router alert Selective directed broadcast NSAPA NSAP addresses Dynamic packet state Upstream multicast packet FINN Experimental flow control Page 362 7710 SR OS Router Configuration Guide...
Page 363: Ordering Filter Entries
If a packet does not match, the packet continues to the next entry, and so on until a match is found or until all entries are compared. • If a packet does not completely match any entries, then the default action is performed. 7710 SR OS Router Configuration Guide Page 363...
Page 364: Figure 19: Filtering Process Example
Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 19: Filtering Process Example Page 364 7710 SR OS Router Configuration Guide...
Page 365: Configuration Notes
When a large (complex) filter is configured, it may take a few seconds to load and initiate the filter policy configuration. • The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and be inactive. 7710 SR OS Router Configuration Guide Page 365...
Page 366: Mac Filters
Table 11: MAC Match Criteria Exclusivity Rules Frame Format Etype LLC – Header SNAP-OUI SNAP- PID (ssap & dsap) Ethernet – II 802.3 802.3 – snap Note: When snap header is present, this is always set to AA-AA. Page 366 7710 SR OS Router Configuration Guide...
Page 367: Ip Filters
Every received log packet (due to filter hit) is examined for source or destination address. If the log packet (source/destination address) matches a source/destination address entry in the mini-table a packet received previously), the summary counter of the matching address is incremented. 7710 SR OS Router Configuration Guide Page 367...
Page 368 In case the mini-table has no more free entries, only total counter is incremented. • At expiry of the summarization interval, the mini-table for each type is flushed to the syslog destination. Page 368 7710 SR OS Router Configuration Guide...
Page 369: Configuring Filter Policies With Cli
Renumbering Filter Policy Entries on page 389  Modifying a Filter Policy on page 391  Deleting a Filter Policy on page 393  Deleting a Filter Policy on page 393  Copying Filter Policies on page 396 7710 SR OS Router Configuration Guide Page 369...
Page 370: Basic Configuration
20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 20: Applying an IP Filter to an Ingress Interface Page 370 7710 SR OS Router Configuration Guide...
Page 371: Common Configuration Tasks
• Optionally, an existing filter policy can have a Filter Name assigned, that can then be used in CLI to reference that filter policy including assigning it to SAPs and/or network interfaces. 7710 SR OS Router Configuration Guide Page 371...
Page 372: Ip Filter Policy
Common Configuration Tasks IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 372 7710 SR OS Router Configuration Guide...
Page 373: Ip Filter Entry
The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit no action exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 373...
Page 374 20 create match protocol tcp dst-ip 100.0.0.2/32 dst-port eq 80 exit action forward exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# Page 374 7710 SR OS Router Configuration Guide...
Page 375 IP interface is set to cflowd interface mode. The following displays an IP filter entry configuration example: A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" no filter-sample no interface-disable-sample match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 375...
Page 376: Creating An Ipv6 Filter Policy
Configuring and applying IPv6 filter policies is optional. IPv6 Filter Policy must be configured separately from IP (IPv4) filter policy. The configuration mimics IP Filter policy configuration. Please see Creating an IP Filter Policy on page 371. Page 376 7710 SR OS Router Configuration Guide...
Page 377: Creating A Mac Filter Policy
At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive type normal exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 377...
Page 378: Mac Isid Filter Policy
"filter-wan-man" scope template type isid entry 1 create description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids" match isid 150 exit action forward exit Page 378 7710 SR OS Router Configuration Guide...
Page 379: Mac Vid Filter Policy
1 create match frame-type ethernet_II ouiter-tag 85 4095 exit action drop exit entry 2 create match frame-type ethernet_II ouiter-tag 43 4095 exit action drop exit ---------------------------------------------- A:TOP_NODE>config>filter>mac-filter# 7710 SR OS Router Configuration Guide Page 379...
Page 380: Mac Filter Entry
• Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# Page 380 7710 SR OS Router Configuration Guide...
Page 381: Creating A Match List For Filter Policies
"IPv4PrefixBlacklist" description "default IPv4 prefix blacklist" prefix 10.0.0.0/21 prefix 10.254.0.0/24 exit exit ip-filter 10 scope template filter-name "IPv4PrefixBlacklistFilter" entry 10 match src-ip ip-prefix-list IPv4PrefixBlacklist exit action drop exit exit --------------------------------------------- 7710 SR OS Router Configuration Guide Page 381...
Page 382: Apply Ip (V4/V6) And Mac Filter Policies To A Service
10 exit egress filter mac 92 exit exit spoke-sdp 8:8 create ingress filter ip “epipe sap default filter” exit egress filter mac 91 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# Page 382 7710 SR OS Router Configuration Guide...
Page 383: Apply An Ipv6 Filter Policy To An Ies Sap
The following output displays the IPv6 filters assigned to an IES service interface: A:ALA-48>config>service>ies# info ---------------------------------------------- interface "testA" create address 192.22.1.1/24 sap 1/1/3:0 create exit ipv6 ingress filter ipv6 100 egress filter ipv6 100 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# 7710 SR OS Router Configuration Guide Page 383...
Page 384: Applying (Ipv4/V6) Filter Policies To A Network Port
The following displays IPv4 and IPv6 filters applied to an interface at ingress and egress. A:config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 filter ipv6 1 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:config>router>if# Page 384 7710 SR OS Router Configuration Guide...
Page 385: Creating A Redirect Policy
95 ping-test timeout 30 drop-count 5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_106" url "http://aww.alcatel.com/ipd/" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 385...
Page 386: Configuring Policy-Based Forwarding For Deep Packet Inspection In Vpls
SAP 1/1/23:5 (which it should not). Figure shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service. For information about configuring services, refer to the 7710 SR OS Services Guide. DPI Box...
Page 387 The following displays a MAC filter configuration example: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1 exit exit ---------------------------------------------- *A:ALA-48>config>filter# 7710 SR OS Router Configuration Guide Page 387...
Page 388 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# Page 388 7710 SR OS Router Configuration Guide...
Page 389: Filter Management Tasks
10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 The following displays the original filter entry order on the left side and the reordered filter entries on the right side: 7710 SR OS Router Configuration Guide Page 389...
Page 390 40 create exit match entry 30 create dst-ip 10.10.10.91/24 match src-ip 10.10.10.106/24 dst-ip 10.10.10.91/24 exit src-ip 10.10.0.200/24 action drop exit exit action forward exit exit exit ---------------------------------------------- A:ALA-7>config>filter# ---------------------------------------------- A:ALA-7>config>filter# Page 390 7710 SR OS Router Configuration Guide...
Page 391: Modifying A Filter Policy
10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create description "new entry" match dst-ip 10.10.10.104/32 exit action drop exit entry 10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit 7710 SR OS Router Configuration Guide Page 391...
Page 392 Filter Management Tasks entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 392 7710 SR OS Router Configuration Guide...
Page 393: Deleting A Filter Policy
After you have removed the filter from the SAPs network interfaces, you can delete the filter as shown in the following example. Example config>filter# no ip-filter 11 7710 SR OS Router Configuration Guide Page 393...
Page 394: Modifying A Redirect Policy
5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_Proxy" url "http://www.alcatel.com" interval 10 timeout 10 return-code 1 4294967295 raise-priority 255 exit no shutdown exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# Page 394 7710 SR OS Router Configuration Guide...
Page 395: Deleting A Redirect Policy
A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "This is new" scope exclusive entry 1 create filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action forward redirect-policy redirect2 exit entry 2 create description "new entry" ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 395...
Page 396: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# Page 396 7710 SR OS Router Configuration Guide...
Page 397: Filter Command Reference
— no action dhcp-option-number {present | absent} — option dhcp-option-number match hex hex-string [exact] [invert- — option match] dhcp-option-number match string ascii-string [exact] [invert- — option match] — no option 7710 SR OS Router Configuration Guide Page 397...
Page 398 — port port-list port-list-name — port range port-number port-number — no port — src-ip{ip-address/mask | ip-address netmask | ip-prefix-list prefix-list-name} — no src-ip {{lt | gt | eq} src-port-number} — src-port Page 398 7710 SR OS Router Configuration Guide...
Page 399 — no sub-insert-credit-control — sub-insert-radius start-entry entry-id count count — no sub-insert-radius — sub-insert-shared-radius start-entry entry-id count count — no sub-insert-shared-radius — sub-insert-wmark low low-watermark high high-watermark — no sub-insert-wmark 7710 SR OS Router Configuration Guide Page 399...
Page 400 — no port {true|false} — routing-type0 — no routing-type0 — src-ip{ipv6-address/prefix-length | ipv6-address netmask | ipv6-prefix-list prefix-list-name} — no src-ip {lt | gt | eq} src-port-number} — src-port Page 400 7710 SR OS Router Configuration Guide...
Page 401 | syslog syslog-id — destination syslog syslog-id — no destination — [no] shutdown — summary — [no] shutdown — summary-crit dst-addr — summary-crit src-addr — no summary-crit — [no] wrap-around 7710 SR OS Router Configuration Guide Page 401...
Page 402: Mac Filter Commands
— no snap-pid ssap-value [ssap-mask] — ssap — no ssap ieee-address [ieee-address-mask] — src-mac — no src-mac — renum old-entry-id new-entry-id {exclusive | template} — scope — no scope — type filter-type Page 402 7710 SR OS Router Configuration Guide...
Page 403 — no description — [no] prefix ipv6-prefix/prefix-length — port-list port-list-name create — no port-list port-list-name — description description-string — no description — port port number — port range start end — no port 7710 SR OS Router Configuration Guide Page 403...
Page 404 [return-code-2] [disable | lower- — return-code priority priority | raise-priority priority] return-code-1 [return-code-2] — no return-code — timeout seconds — no timeout url-string [http-version version-string] — — no — [no] shutdown Page 404 7710 SR OS Router Configuration Guide...
Page 405 {redirect-policy-name [dest ip-address] [association]} — redirect-policy Clear Commands clear — filter filter-id [entry entry-id] [ingress | egress] — filter-id [entry entry-id] [ingress | egress] — ipv6 — log-id filter-id [entry entry-id] [ingress | egress] — 7710 SR OS Router Configuration Guide Page 405...
Page 406 [interval seconds] [repeat repeat] [absolute | rate] — filter ipv6 ipv6-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter mac mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter Page 406 7710 SR OS Router Configuration Guide...
Page 407: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long Parameters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 407...
Page 408: Global Filter Commands
— Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. filter-name — A string of up to 64 characters uniquely identifying this filter policy. Page 408 7710 SR OS Router Configuration Guide...
Page 409 Use the config filter copy command to maintain policies in this manner. The no form of the command deletes the mac-filter policy. A filter policy cannot be deleted until it is removed from all SAP where it is applied. 7710 SR OS Router Configuration Guide Page 409...
Page 410 1000 entries. The number of entries and wrap-around behavior can be edited. Default log 101 log-id — The filter log ID destination expressed as a decimal integer. Parameters 101 — 199 Values Page 410 7710 SR OS Router Configuration Guide...
Page 411: Dhcp Filter Commands
— The option must (partially) match a specified ASCII string. Up to 127 characters Values exact — This option requires an exact match of a hex or ascii string. invert-match — Requires the option not to (partially) match. 7710 SR OS Router Configuration Guide Page 411...
Page 412: Filter Log Commands
Unlike other commands and parameters where the default state will not be indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files. The no form of the command puts an entity into the administratively enabled state. Page 412 7710 SR OS Router Configuration Guide...
Page 413 Specifying wrap-around configures the memory filter log to store the most recent filter log entries (circular buffer). When the log is full, the oldest filter log entries are overwritten with new entries. 7710 SR OS Router Configuration Guide Page 413...
Page 414 The no form of the command configures the memory filter log to accept filter log entries until full. When the memory filter log is full, filter logging for the log filter ID ceases. wrap-around Default Page 414 7710 SR OS Router Configuration Guide...
Page 415: Acl Filter Policy Commands
Default filter-name — A string of up to 64 characters uniquely identifying this filter policy. Parameters scope Syntax scope {exclusive | template | embedded} no scope Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter 7710 SR OS Router Configuration Guide Page 415...
Page 416 1— 8000 Values sub-insert-credit-control Syntax sub-insert-credit-control start-entry entry-id count count no sub-insert-credit-control Context config>filter>ip-filter config>filter>ipv6-filter This command inserts point information for credit control for the filter. Description Page 416 7710 SR OS Router Configuration Guide...
Page 417 This command configures the insert point for shared host rules from RADIUS. Description entry entry-id — Identifies a filter on this system. 1 — 65535 Values count count — Specifies the count. 1 — 65535 Values 7710 SR OS Router Configuration Guide Page 417...
Page 418 — Regular match criteria are allowed; ISID or VID filter match criteria Values not allowed. isid — Only ISID match criteria are allowed. vid — On.y VID match criteria are allowed on ethernet_II frame types. Page 418 7710 SR OS Router Configuration Guide...
Page 419: General Filter Entry Commands
This command creates the context to enable filter logging for a filter entry and specifies the Description destination filter log ID. The filter log ID must exist before a filter entry can be enabled to use the filter log ID. 7710 SR OS Router Configuration Guide Page 419...
Page 420 The no form of the command disables logging for the filter entry. Default no log log-id — The filter log ID destination expressed as a decimal integer. Parameters 101 — 199 Values Page 420 7710 SR OS Router Configuration Guide...
Page 421: Ip (V4/V6) Filter Entry Commands
— The IP address of the indirect next-hop to which to forward matching packets in dotted decimal notation. The direct next-hop IP address and egress IP interface are determined by a route table lookup. 7710 SR OS Router Configuration Guide Page 421...
Page 422 — specifyies that matching traffic is to be redirected for NAT performed by Integrated Service Adapter(s) running NAT application. reassemble — Packets matching the filter entry are forwarded to the packet reassembly function in the system. Page 422 7710 SR OS Router Configuration Guide...
Page 423 (AND function) before the action associated with the match is executed. A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. The no form of the command removes the match criteria for the entry-id. 7710 SR OS Router Configuration Guide Page 423...
Page 424 ICMP for IPv6 ipv6-no-nxt No Next Header for IPv6 ipv6-opts Destination Options for IPv6 iso-ip ISO Internet Protocol eigrp EIGRP ospf-igp OSPFIGP ether-ip Ethernet-within-IP Encapsulation encap Encapsulation Header pnni PNNI over IP Page 424 7710 SR OS Router Configuration Guide...
Page 425 * — udp/tcp wildcard dscp Syntax dscp dscp-name no dscp Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match 7710 SR OS Router Configuration Guide Page 425...
Page 426 — The subnet mask length expressed as a decimal integer. 1 — 32 Values netmask — Any mask epressed in dotted quad notation. 0.0.0.0 — 255.255.255.255 Values Page 426 7710 SR OS Router Configuration Guide...
Page 427 | gt | eq — Specifies the operator to use relative to dst-port-number for specifying the port number Parameters match criteria. lt specifies all port numbers less than dst-port-number match. 7710 SR OS Router Configuration Guide Page 427...
Page 428 MF bit set to zero and have the Fragment Offset field also set to zero. For IPv6, packet matches if it does not contain IPv6 Fragmentation Extension Header. first-only — For IPv6: Matches if a packet is an initial fragment of the fragmented IPv6 packet. Page 428 7710 SR OS Router Configuration Guide...
Page 429 This command enables match on existence of Hop-by-Hop Options Extension Header in the IPv6 Description filter policy. The no form of this command ignores Hop-by-Hop Options Extension Header presence/absence in a 7710 SR OS Router Configuration Guide Page 429...
Page 430 The no form of the command removes the criterion from the match entry. Default no icmp-type icmp-type — The ICMP/ICMPv6 type values that must be present to match. Parameters 0 — 255 Values Page 430 7710 SR OS Router Configuration Guide...
Page 431 Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0x14 Binary 0bBBBBBBBB 0b0010100 Default 255 (decimal) (exact match) 1 — 255 (decimal) Values multiple-option Syntax multiple-option {true | false} no multiple-option Context config>filter>ip-filter>entry>match 7710 SR OS Router Configuration Guide Page 431...
Page 432 This command configures port match conditions. Description lt|gt|eq — Specifies the lower, greater or equal value for the TCP/UDP port range. Parameters port-number — Specifies the name given to this port list. Page 432 7710 SR OS Router Configuration Guide...
Page 433 — A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes. mask — The subnet mask length expressed as a decimal integer. 1 — 32 Values 7710 SR OS Router Configuration Guide Page 433...
Page 434 This command enables source route option match conditions. When enabled, this filter should match Description if a (strict or loose) source route option is present/not present at any location within the IP header, as Page 434 7710 SR OS Router Configuration Guide...
Page 435 The no form of the command removes the criterion from the match entry. no tcp-syn Default true — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP Parameters header. 7710 SR OS Router Configuration Guide Page 435...
Page 436 IP (v4/v6) Filter Entry Commands false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 436 7710 SR OS Router Configuration Guide...
Page 437: Match List Configuration Commands
The no form of this command deletes the specified list. Operational notes: An ipv6-prefix-list must contain only IPv6 address prefixes. An IPv6 prefix match list cannot be deleted if it is referenced by a filter policy. 7710 SR OS Router Configuration Guide Page 437...
Page 438 No embedded filter policies are included in a filter policy. Default index — An integer from 1 to 255 enumerating bgp-peers auto-generation configuration within this Parameters list. Page 438 7710 SR OS Router Configuration Guide...
Page 439 — A source or destination port to be used as a match criterion specified as a decimal Parameters integer. 1 — 65535 Values range start end — an inclusive range of source or destination port values to be used as match criteria. 7710 SR OS Router Configuration Guide Page 439...
Page 440 This command adds an IPv4 address prefix to an existing IPv4 address prefix match list. Description The no form of this command deletes the specified prefix from the list. Operational notes: Page 440 7710 SR OS Router Configuration Guide...
Page 441 — A valid IPv4 address prefix in dotted decimal notation. Parameters 0.0.0.0 to 255.255.255.255 (host bit must be 0) Values prefix-length — Length of the entered IP prefix. 1 — 32 Values 7710 SR OS Router Configuration Guide Page 441...
Page 442: Mac Filter Entry Commands
0 — 4094 Ethernet QinQ The SAP is identified by two 802.1Q tags on the port. qtag2: 0 — 4094 Note that a 0 qtag1 value also accepts untagged packets on the dot1q port. Page 442 7710 SR OS Router Configuration Guide...
Page 443 802dot3 — Specifies the frame type is Ethernet IEEE 802.3. 802dot2-llc — Specifies the frame type is Ethernet IEEE 802.2 LLC. 802dot2-snap — Specifies the frame type is Ethernet IEEE 802.2 SNAP. 7710 SR OS Router Configuration Guide Page 443...
Page 444 MAC Filter Entry Commands ethernet_II — Specifies the frame type is Ethernet Type II. Page 444 7710 SR OS Router Configuration Guide...
Page 445: Mac Filter Match Criteria
0bBBB 0b100 To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) 1 — 7 (decimal) Values 7710 SR OS Router Configuration Guide Page 445...
Page 446 Configures a destination MAC address or range to be used as a MAC filter match criterion. Description The no form of the command removes the destination mac address as the match criterion. no dst-mac Default Page 446 7710 SR OS Router Configuration Guide...
Page 447 The no form of the command removes the previously entered etype field as the match criteria. no etype Default ethernet-type — The Ethernet type II frame Ethertype value to be used as a match criterion expressed Parameters in hexadecimal. 0x0600 — 0xFFFF Values 7710 SR OS Router Configuration Guide Page 447...
Page 448 — Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero. snap-pid Syntax snap-pid pid-value no snap-pid Context config>filter>mac-filter>entry Configures an IEEE 802.3 LLC SNAP Ethernet Frame PID value to be used as a MAC filter match Description criterion. Page 448 7710 SR OS Router Configuration Guide...
Page 449 To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 0xFFFFFFFFFFFF (exact match) Default 0x00000000000000 — 0xFFFFFFFFFFFF Values 7710 SR OS Router Configuration Guide Page 449...
Page 450 — This is optional and may be used when specifying a range of ssap values to use as the match criteria. This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default none 0x00 — 0xFF Values Page 450 7710 SR OS Router Configuration Guide...
Page 451: Policy And Entry Maintenance Commands
‘break before make’ manner and therefore should be handled with care. filter-name Syntax filter-name filter-name no filter-name Context config>filter>ip-filter config>filter>ipv6-filter This command specifies the name to associate with this filter. Description 7710 SR OS Router Configuration Guide Page 451...
Page 452 — Enter the entry number of an existing entry. Parameters 1 — 65535 Values new-entry-id — Enter the new entry-number to be assigned to the old entry. 1 — 65535 Values Page 452 7710 SR OS Router Configuration Guide...
Page 453: Redirect Policy Commands
This command specifies the number of consecutive requests that must fail for the destination to be Description declared unreachable. drop-count 3 hold-down 0 Default consecutive-failures — Specifies the number of consecutive ping test failures before declaring the Parameters destination down. 1 — 60 Values 7710 SR OS Router Configuration Guide Page 453...
Page 454 — Specifies the amount of time, in seconds, that is allowed for receiving a response from the Parameters far end host. 1 — 60 Values priority Syntax priority priority no priority Context config>filter>destination Page 454 7710 SR OS Router Configuration Guide...
Page 455 This command specifies the criterion to adjust the priority based on the test result. Multiple criteria Description can be specified with the condition that they are not conflicting or overlap. If the returned value is 7710 SR OS Router Configuration Guide Page 455...
Page 456 For example, error code 401 for HTTP is “page not found.” If, while performing this test, the URL is not reachable, you can lower the priority by 10 points so that other means of reaching this destination are prioritized higher than the older one. Page 456 7710 SR OS Router Configuration Guide...
Page 457 This command specifies the URL to be probed by the URL test. Description none Default url-string — Specify a URL up to 255 characters in length. Parameters http-version version-string — Specifies the HTTP version, 80 characters in length. 7710 SR OS Router Configuration Guide Page 457...
Page 458 Redirect Policy Commands Page 458 7710 SR OS Router Configuration Guide...
Page 459: Show Commands
Description : test-dhcp-filter ------------------------------------------------------------------------------- Filter Match Criteria ------------------------------------------------------------------------------- No Match Criteria Found =============================================================================== *B:TechPubs>config# download-failed Syntax download-failed Context show>filter This command shows all filter entries for which the download has failed. Description 7710 SR OS Router Configuration Guide Page 459...
Page 460 ID output. counters — Displays counter information for the specified filter ID. Note that egress counters count the packets without Layer 2 encapsulation. Ingress counters count the packets with Layer 2 encapsulation. Page 460 7710 SR OS Router Configuration Guide...
Page 461 A:ALA-49# show filter ip =============================================================================== IP Filters =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- Template Yes Template Yes Template Yes Template No Template No ------------------------------------------------------------------------------- Num IP filters: 5 =============================================================================== A:ALA-49# *A:Dut-C>config>filter# show filter ip 7710 SR OS Router Configuration Guide Page 461...
Page 462 Entry , then the filter entry is incomplete as no action has been (Inactive) specified. The filter log ID. Log Id The source IPv6 address and prefix length match criterion. Src. IP Page 462 7710 SR OS Router Configuration Guide...
Page 463 The ICMP code field in the ICMP header of an IP packet. ICMP Code Specifies not to search for packets that contain the option field Option-present Off — or have an option field of zero. 7710 SR OS Router Configuration Guide Page 463...
Page 464 =============================================================================== IP Filter =============================================================================== Filter Id : fSpec-1 Applied : Yes Scope : Template Def. Action : Forward Radius Ins Pt: n/a CrCtl. Ins Pt: n/a Entries : 2 (insert By Bgp) Page 464 7710 SR OS Router Configuration Guide...
Page 465 Ing. Matches : 0 pkts Egr. Matches : 0 pkts Entry : fSpec-1-49151 - inserted by BGP FLowSpec Description : (Not Specified) Log Id : n/a Src. IP : 0.0.0.0/0 Src. Port : None 7710 SR OS Router Configuration Guide Page 465...
Page 466 Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Forward Next Hop : 172.22.184.101 Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# Page 466 7710 SR OS Router Configuration Guide...
Page 467 The ICMP type match criterion. indicates no ICMP type ICMP Type Undefined specified. Configures a match on all non-fragmented IP packets. Fragment False — Configures a match on all fragmented IP packets. True — 7710 SR OS Router Configuration Guide Page 467...
Page 468 On — The option fields are not checked. Multiple Option Off — Packets containing one or more option fields in the IP header On — will be used as IP filter match criteria. Page 468 7710 SR OS Router Configuration Guide...
Page 469 Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160 Applied : No Scope : Template Def. Action : Drop 7710 SR OS Router Configuration Guide Page 469...
Page 470 Ingress counters count the packets with Layer 2 encapsulation. Sample Output *A:ALA-48# show filter ipv6 100 counters =============================================================================== IPv6 Filter =============================================================================== Filter Id : 100 Applied : No Scope : Template Def. Action : Forward Page 470 7710 SR OS Router Configuration Guide...
Page 471 [failed] — Shows all embeddings, optionally shows failed embedding only, if filter-id is not specified shows all embedded filters. type entry-type — specifies type of filter entry to display, values: fixed, radius-insert, credit-control-insert, flowspec, embedded, radius-shared Values 7710 SR OS Router Configuration Guide Page 471...
Page 472 ------------------------------------------------------------------------------- Num IPv6 filters: 2 =============================================================================== A:ALA-48# show filter ipv6 embedded ================================================ IP Filter embedding ================================================ From Priority Inserted Status ---------------------------------------------------------------------------------- OK- 1 entry overwritten Failed – out of resources ================================================ A:ALA-48# Page 472 7710 SR OS Router Configuration Guide...
Page 473 Configures a match on all non-fragmented IP packets. Fragment False — Configures a match on all fragmented IP packets. True — Fragments are not a matching criteria. All fragments and non- Off — fragments implicitly match. 7710 SR OS Router Configuration Guide Page 473...
Page 474 On — The option fields are not checked. Multiple Option Off — Packets containing one or more option fields in the IP header On — will be used as IP filter match criteria. Page 474 7710 SR OS Router Configuration Guide...
Page 475 The filter policy is of type Exclusive. Exclusive — The number of entries configured in this filter ID. Entries The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — 7710 SR OS Router Configuration Guide Page 475...
Page 476 IP header for IP filter match criteria. Configures a match on packets with the SYN flag set to TCP-syn False — false. Configures a match on packets with the SYN flag set to true. True — Page 476 7710 SR OS Router Configuration Guide...
Page 477 True — The state of the TCP ACK flag is not considered as part of the Off — match criteria. The number of egress filter matches/hits for the filter entry. Egr. Matches 7710 SR OS Router Configuration Guide Page 477...
Page 478 The default action for the filter ID for packets that do not Drop — match the filter entries is to drop. Indicates the filter is an IP filter policy. Filter Match IP — Criteria Page 478 7710 SR OS Router Configuration Guide...
Page 479 Ing. Matches : 80 pkts (7200 bytes) Egr. Matches : 80 pkts (6880 bytes) ==================================================================================== A:ALA-48# Syntax log log-id [match string] [bindings] Context show>filter This command shows the contents of a memory-based or a file-based filter log. Description 7710 SR OS Router Configuration Guide Page 479...
Page 480 The do not fragment IP flag is set in the logged packet. DF — The TOS byte value in the logged packet. The IP protocol of the logged packet (TCP, UDP, ICMP or a protocol Protocol number in hex). Page 480 7710 SR OS Router Configuration Guide...
Page 481 Crit1 The total count of logs. TotCnt Displays the total number of ARP messages logged for this log ID. ArpCnt The address type indication of the key in the mini-table. Src... Dst... 7710 SR OS Router Configuration Guide Page 481...
Page 482 Note: A summary log will be printed only in case TotCnt is different from 0. Only the address types with at least 1 entry in the minitable will be printed. A:ALA-A>config# show filter log 190 =============================================================================== Summary Log[190] Crit1: SrcAddr TotCnt: 723 ArpCnt: 06-06-06-06-06-06 06-06-06-06-06-05 06-06-06-06-06-04 06-06-06-06-06-03 06-06-06-06-06-02 6.6.6.1 6.6.6.2 Page 482 7710 SR OS Router Configuration Guide...
Page 483 1 — 65535 Values No Parameters Specified — When no parameters are specified, a brief listing of IP filters is Output produced. The following table describes the command output for the command. 7710 SR OS Router Configuration Guide Page 483...
Page 484 The destination MAC address and mask match criterion. When both the Dest MAC MAC address and mask are all zeroes, no criterion specified for the filter entry. Page 484 7710 SR OS Router Configuration Guide...
Page 485 : Forward Ing. Matches Egr. Matches Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : Ethernet 7710 SR OS Router Configuration Guide Page 485...
Page 486 =============================================================================== A:ALA-49# Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. Page 486 7710 SR OS Router Configuration Guide...
Page 487 Def. Action : Forward Entries Description : Description for Mac Filter Policy id # 8 ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts (5440 bytes) 7710 SR OS Router Configuration Guide Page 487...
Page 488 The MAC filter policy description. Description and its entries is produced. The following table describes the command output for the command. Label Description The MAC filter policy ID. MAC Filter Filter Id Page 488 7710 SR OS Router Configuration Guide...
Page 489 Filter entry matches a non-zero value for the Ethernet Esnap-oui-zero Non-Zero — SNAP OUI. Filter entry matches a zero value for the Ethernet SNAP OUI. Zero — No Ethernet SNAP OUI value specified. Undefined — 7710 SR OS Router Configuration Guide Page 489...
Page 490 Egr. Matches: 0 pkts Entry : 50 FrameType : Ethernet Description : entry 50 Src Mac : 00:00:01:66:00:00 00:00:0f:ff:00:00 Dest Mac LI Source : No Ing. Matches: 0 pkts Egr. Matches: 0 pkts Page 490 7710 SR OS Router Configuration Guide...
Page 491 1/1/6:9 (Egress) Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. 7710 SR OS Router Configuration Guide Page 491...
Page 492 LI Mac Filter =============================================================================== Filter Id : testLiMacFilter Associated : Yes Entries Description : test LI Mac filter setup ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 10 Description : entry 10 Page 492 7710 SR OS Router Configuration Guide...
Page 493 Specifies the operational value of the priority for this destination. The Oper Priority highest operational priority across multiple destinations is used as the preferred destination. Specifies the configured base priority for the destination. Admin Priority 7710 SR OS Router Configuration Guide Page 493...
Page 494 Test test test test =============================================================================== ALA-A>config>filter# ALA-A>config>filter# show filter redirect-policy redirect1 =============================================================================== Redirect Policy =============================================================================== Redirect Policy: redirect1 Applied : Yes Description : New redirect info Active Dest : 10.10.10.104 ------------------------------------------------------------------------------- Page 494 7710 SR OS Router Configuration Guide...
Page 495 : Up Oper State : Down URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2007 05:04:15 Action Taken : Disable 7710 SR OS Router Configuration Guide Page 495...
Page 496 This command displays IPv6 prefixes information for match criteria in IPv6 ACL and CPM filter Description policies. ip-prefix-list-name — A string of up to 32 characters of printable ASCII characters. If special Parameters characters are used, the string must be enclosed within double quotes. Page 496 7710 SR OS Router Configuration Guide...
Page 497 This command displays TCP/UDP port values or ranges for match criteria in IPv4 and IPv6 ACL and Description CPM filter policies. port-list-name — A string of up to 32 characters of printable ASCII characters. If special characters Parameters are used, the string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 497...
Page 498: Clear Commands
1 — 65535 Values entry-id — Specifies that only the counters associated with the specified filter policy entry will be cleared. 1 — 65535 Values ingress — Specifies to only clear the ingress counters. Page 498 7710 SR OS Router Configuration Guide...
Page 499 — Specifies that only the counters associated with the specified filter policy entry will be cleared. 1 — 65535 Values ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. 7710 SR OS Router Configuration Guide Page 499...
Page 500: Monitor Commands
[interval seconds] [repeat repeat] [absolute | rate] Context monitor This command monitors the counters associated with the IPv6 filter policy. Description ipv6-filter-id — The IP filter policy ID. Parameters 1 — 65535 Values Page 500 7710 SR OS Router Configuration Guide...
Page 501 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. 7710 SR OS Router Configuration Guide Page 501...
Page 502 Show Commands Page 502 7710 SR OS Router Configuration Guide...
Page 503: Cflowd
• Cflowd Overview on page 504  Operation on page 505  Cflowd Filter Matching on page 509 • Cflowd Configuration Process Overview on page 510 • Configuration Notes on page 511 7710 SR OS Router Configuration Guide Page 503...
Page 504: Cflowd Overview
IP addresses, port numbers, AS numbers, etc. Each subsequent packet matching the same parameters of the flow contribute to the byte and packet count of the flow until the flow is terminated and exported to a collector for storage. Page 504 7710 SR OS Router Configuration Guide...
Page 505: Operation
6. If a flow has been active for a period of time equal to or greater than the active timer (default 30 minutes), then the entry is removed from the flow cache. 7710 SR OS Router Configuration Guide Page 505...
Page 506: Version 9
V8 record format. Figure 23 depicts Version 5, Version 8, Version 9, and Version 10 flow processing. Page 506 7710 SR OS Router Configuration Guide...
Page 507: Figure 23: V5, V8, V9, V10, And Flow Processing
• When the user executes a clear cflowd command. • When other measures are met that apply to aggressively age flows as the cache becomes too full (such as overflow percent). 7710 SR OS Router Configuration Guide Page 507...
Page 508 IPv4, IPv6, and MPLS. Version 10 is interoperable with RFC 5150 and 5102. Page 508 7710 SR OS Router Configuration Guide...
Page 509: Cflowd Filter Matching
Subsequent packets in the same flow are then forwarded without needing to be matched against the complete set of filters. Specific performance varies depending on the number and complexity of the filters. 7710 SR OS Router Configuration Guide Page 509...
Page 510: Cflowd Configuration Process Overview
Cflowd ACL, where IP filters must be created with entries containing the action filter- sampled. In this mode only traffic matching these filter entries will be subject to the cflowd sampling process. Page 510 7710 SR OS Router Configuration Guide...
Page 511: Configuration Notes
A cflowd option must be specified and enabled on a router interface. • Sampling must be enabled on either:  An IP filter which is applied to a port or service.  An interface on a port or service. 7710 SR OS Router Configuration Guide Page 511...
Page 512 Page 512 7710 SR OS Router Configuration Guide...
Page 513: Configuring Cflowd With Cli
Specifying Sampling Options in Filter Entries on page 530 • Cflowd Configuration Management Tasks on page 533  Modifying Global Cflowd Components on page 533  Modifying Cflowd Collector Parameters on page 534 7710 SR OS Router Configuration Guide Page 513...
Page 514: Cflowd Configuration Overview
Cflowd Configuration Overview The 7710 SR OS implementation of cflowd supports the option to analyze traffic flow. The imple- mentation also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed. Traffic Sampling Traffic sampling does not examine all packets received by a router.
Page 515: Collectors
• MPLS labels The 7710 SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all IP packets forwarded by the inter- face are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis.
Page 516 Source-destination prefix — Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress interface and egress interface. • Raw — Flows are not aggregated and are sent to the collector in a V5 record. Page 516 7710 SR OS Router Configuration Guide...
Page 517: Basic Cflowd Configuration
A:ALA-1>config>cflowd# info detail ---------------------------------------------- active-timeout 30 cache-size 65536inactive-timeout 15 overflow 1 rate 1000 collector 10.10.10.103:2055 version 9 no aggregation autonomous-system-type origin description "V9 collector" no shutdown exit template-retransmit 330 exit no shutdown ---------------------------------------------- A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 517...
Page 518: Common Configuration Tasks
Global Cflowd Components The components common (global) to all instances of cflowd include the following parameters: • Active timeout • Inactive timeout • Cache size • Overflow • Rate • Template retransmit Page 518 7710 SR OS Router Configuration Guide...
Page 519: Configuring Cflowd
{version [5 | 8 | 9 |10]} aggregation as-matrix destination-prefix protocol-port source-destination-prefix source-prefix template-set {basic | mpls-ip} autonomous-system-type [origin | peer] description description-string no shutdown no shutdown 7710 SR OS Router Configuration Guide Page 519...
Page 520: Enabling Cflowd
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured. A:ALA-1>config# info detail #------------------------------------------ echo "Cflowd Configuration" #------------------------------------------ cflowd active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 template-retransmit 600 no shutdown exit #------------------------------------------ A:ALA-1>config# Page 520 7710 SR OS Router Configuration Guide...
Page 521: Configuring Global Cflowd Parameters
The following example displays a common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 521...
Page 522: Configuring Cflowd Collectors
"AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation protocol-port source-destination-prefix exit autonomous-system-type peer description "Neighbor collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Version 9 Collector example: collector 10.10.10.9:2000 version 9 description "v9collector" template-set mpls-ip no shutdown Page 522 7710 SR OS Router Configuration Guide...
Page 523: Table 12: Template-Set
IP version (60) ICMP Type & Code (32) BGP Source ASN (16) BGP Dest ASN (17) Source IPv4 Prefix Length (9) Dest IPv4 Prefix Length (13) MPLS-IPv4 Template: IPv4 Src Addr (8) 7710 SR OS Router Configuration Guide Page 523...
Page 524 Protocol (4) IPv6 Options Hdr (64) IPv6 Next Header (193) IPv6 Flow Label (31) TOS (5) IP version (60) IPv6 ICMP Type & Code (139) BGP Source ASN (16) BGP Dest ASN (17) Page 524 7710 SR OS Router Configuration Guide...
Page 525 Egress Interface (14) Packet Count (2) Byte Count (1) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) 7710 SR OS Router Configuration Guide Page 525...
Page 526 IP version (60) ICMP Type & Code (32) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) Page 526 7710 SR OS Router Configuration Guide...
Page 527: Enabling Cflowd On Interfaces And Filters
Specifying Cflowd Options on an IP Interface on page 528  Interface Configurations on page 528  Service Interfaces on page 529 • Specifying Sampling Options in Filter Entries on page 530  Interface Configurations on page 528 7710 SR OS Router Configuration Guide Page 527...
Page 528: Specifying Cflowd Options On An Ip Interface
3. The interface>cflowd interface option must be selected. For configuration information, refer to the Filter Policy Overview section of the 7710 SR OS Router Configuration Guide. 4. To omit certain types of traffic from being sampled when the interface sampling is enabled, the config>filter>ip-filter>entry>interface-disable-sample option may be...
Page 529: Service Interfaces
Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface. 7710 SR OS Router Configuration Guide Page 529...
Page 530: Specifying Sampling Options In Filter Entries
3. On the IP interface being used, the interface>cflowd acl option must be selected. (See Interfcace Configuration) For configuration information, refer to the IP Router Confguration Overview section of the 7710 SR OS Router Configuration Guide. 4. On the IP filter being used, the entry>filter-sample option must be explicitly enabled for the entries matching the traffic that should be sampled.
Page 531: Dependencies
Filter Configurations on page 530 Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 13 displays the expected results when specific features are enabled and disabled. 7710 SR OS Router Configuration Guide Page 531...
Page 532: Table 13: Cflowd Configuration Dependencies
Interface mode All IP traffic ingressing the none interface interface is subject to sampling. Interface mode Filter level action is ignored. All filter sampled interface traffic ingressing the interface is subject to sampling. Page 532 7710 SR OS Router Configuration Guide...
Page 533: Cflowd Configuration Management Tasks
Example: config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10 The following example displays the common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 60 overflow 2 rate 10 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 533...
Page 534: Modifying Cflowd Collector Parameters
The following displays basic cflowd modifications: A:ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 version 5 description "AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation source-prefix exit description "Test collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Page 534 7710 SR OS Router Configuration Guide...
Page 535: Cflowd Command Reference
{basic | mpls-ip} — template-set — inactive-timeout seconds — no inactive-timeout — overflow percent — no overflow — rate sample-rate — no rate — [no] shutdown — template-retransmit seconds — no template-retransmit 7710 SR OS Router Configuration Guide Page 535...
Page 536 — status Tools Commands tools — dump — cflowd [clear] — top-protocols [ipv4 | ipv6 | mpls] [clear] — top-flows [ipv4 | ipv6] [clear] — packet-size Clear Commands clear — cflowd Page 536 7710 SR OS Router Configuration Guide...
Page 537: Cflowd Configuration Commands
The no form of this command resets the inactive timeout back to the default value. Default minutes — The value expressed in minutes before an active flow is exported. Parameters 1 — 600 Values 7710 SR OS Router Configuration Guide Page 537...
Page 538 Values x:x:x:x:x:x:x:x (IPv6) [x:x:x:x:x:x:x:x]:port (IPv6) x - [0..FFFF]H port — Specifies the UDP port number on the remote Cflowd collector host to receive the exported Cflowd data. 1— 65535 Values 2055 Default Page 538 7710 SR OS Router Configuration Guide...
Page 539 [no] destination-prefix Context config>cflowd>collector>aggregation This command specifies that the aggregation data is based on destination prefix information. Description The no form removes this type of aggregation from the collector configuration. none Default 7710 SR OS Router Configuration Guide Page 539...
Page 540 [no] source-prefix Context config>cflowd>collector>aggregation This command configures cflowd aggregation based on source prefix information. Description The no form of this command removes this type of aggregation from the collector configuration. none Default Page 540 7710 SR OS Router Configuration Guide...
Page 541 The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. The no form of this command administratively enables an entity. 7710 SR OS Router Configuration Guide Page 541...
Page 542 — Specifies the amount of time, in seconds, that must elapse without a packet matching a Parameters flow in order for the flow to be considered inactive. 10 — 600 Values Page 542 7710 SR OS Router Configuration Guide...
Page 543 Context config>cflowd This command specifies the interval for sending template definitions. Description Default seconds — The value expressed in seconds before sending template definitions. Parameters 10 — 600 Values 7710 SR OS Router Configuration Guide Page 543...
Page 544 Page 544 7710 SR OS Router Configuration Guide...
Page 545: Show Commands
The current operational status of this Cflowd remote collector host. Oper The number of Cflowd records that have been transmitted to this Recs Sent remote collector host. The total number of collectors using this IP address. Collectors 7710 SR OS Router Configuration Guide Page 545...
Page 546: Table 15: Show Cflowd Collector Detailed Output Fields
The UDP port number on the remote Cflowd collector host to receive Port the exported Cflowd data. A user-provided descriptive string for this Cflowd remote collector Description host. The version of the flow data sent to the collector. Version Page 546 7710 SR OS Router Configuration Guide...
Page 547 A:R51-CfmA# show cflowd collector detail =============================================================================== Cflowd Collectors (detail) =============================================================================== Address : 138.120.135.103 Port : 2055 Description : Test v5 Collector Version AS Type : peer Admin State : up Oper State : up 7710 SR OS Router Configuration Guide Page 547...
Page 548 Displays the administrative and operational status of the interfaces with cflowd enabled. Description ip-addr — Display only information for the IP interface with the specified IP address. Parameters all interfaces with cflowd enabled. Default Page 548 7710 SR OS Router Configuration Guide...
Page 549 IF Index Mode Admin IPv4 Address Oper IPv4 IPv6 Address Oper IPv6 ------------------------------------------------------------------------------- ipv4ipv6NamedIf Base intf/ing 5.5.5.5/24 55::55/128 ipv4NamedIf acl-egr 10.10.10.10/24 Down ipv6NamedIf Base i/f-both Down 1234:5678::9/128 ------------------------------------------------------------------------------- Interfaces : 3 =============================================================================== 7710 SR OS Router Configuration Guide Page 549...
Page 550: Table 16: Cflowd Status Output
Table 16: Cflowd Status Output Label Description The desired administrative state for this Cflowd remote collector host. Cflowd Admin Sta- The current operational status of this Cflowd remote collector host. Cflowd Oper Status Page 550 7710 SR OS Router Configuration Guide...
Page 551 The number of times the active cache overflowed. Overflow events Equal to “total flows trashed” in cflowdStatsTotal. Dropped Flows Sample Output sr1# show cflowd status =============================================================================== Cflowd Status =============================================================================== Cflowd Admin Status : Enabled 7710 SR OS Router Configuration Guide Page 551...
Page 552 Overflow : 1% Sample Rate Active Flows : 34 Total Pkts Rcvd : 801600 Total Pkts Dropped =============================================================================== Version Info =============================================================================== Version Status Sent Open Errors ------------------------------------------------------------------------------- Enabled Enabled Enabled Enabled =============================================================================== Page 552 7710 SR OS Router Configuration Guide...
Page 553: Tools Commands
(Number of seconds since last clear / total flows) Displays the percentage of bandwidth consumed by the associated pro- Bandwidth Total tocol type. (Total protocol bytes / total bytes of all flows) 7710 SR OS Router Configuration Guide Page 553...
Page 554: Table 18: Tools Dump Cflowd Top-Flows Out Put Fields
Displays the protocol flag markings. Flgs Displays the total number of packets sampled for this flow (since stats Pkts were last cleared). Displays the vRouter context the flow was sample in. vRtr-ID Page 554 7710 SR OS Router Configuration Guide...
Page 555 Src Port vRtr ID DstIP (upto IPv6) Egress i/f Dst Port Proto Flags Nexthop (uptoIPv6) Total Pkts Avg Pkt Active(sec) 2001:0db8:85a3:0000:0000:8a2e:0370:7334 60005 10020 0x12 2001:0db8:85a3:0000:0000:8a2e:0280:1234 60325 20010 0x23 2001:0db8:85a3:0000:0000:8a2e:1234:5678 1234567890 1500 13600 …… 7710 SR OS Router Configuration Guide Page 555...
Page 556 .000 .250 .000 .000 .010 .100 .500 .090 .000 .000 .000 .000 .000 .000 .000 576 1024 1536 2048 2560 3072 3584 4096 4608 9000 .000 .000 .000 .050 .000 .000 .000 .000 .000 .000 .000 .000 Page 556 7710 SR OS Router Configuration Guide...
Page 557: Clear Commands
This action will trigger all the flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global stats collector stats listed in the cflowd show commands. 7710 SR OS Router Configuration Guide Page 557...
Page 558 Page 558 7710 SR OS Router Configuration Guide...
Page 559: Standards And Protocol Support
Standards and Protocol Support RFC 3623 Graceful OSPF Restart – GR RFC 4659 BGP-MPLS IP Virtual Private Standards Compliance helper Network (VPN) Extension for IPv6 IEEE 802.1ab-REV/D3 Station and RFC 3630 Traffic Engineering (TE) Media Access Control Connectivity Extensions to OSPF Version 2 RFC 4684 Constrained Route Discovery Distribution for Border Gateway...
Page 560 Standards and Protocols RFC 3719 Recommendations for RFC 2463 Internet Control Message RFC 3446 Anycast Rendevous Point Interoperable Networks using IS-IS Protocol (ICMPv6) for the Internet (RP) mechanism using Protocol Protocol Version 6 Specification Independent Multicast (PIM) and RFC 3784 Intermediate System to Multicast Source Discovery Intermediate System (IS-IS) RFC 2464 Transmission of IPv6 Packets...
Page 561 Standards and Protocols RFC 4124 Protocol Extensions for RFC6426 MPLS On-Demand MPLS — LDP Support of Diffserv-aware MPLS Connectivity and Route Tracing RFC 3037 LDP Applicability Traffic Engineering RFC6478 Pseudowire Status for Static RFC 3478 Graceful Restart Mechanism RFC 4125 Maximum Allocation Pseudowires for LDP –...
Page 562 Standards and Protocols RFC 4619 Encapsulation Methods for ETSI TS 101 329-5 Annex E extensions- VRRP Transport of Frame Relay over QoS Measurement for VoIP - RFC 2787 Definitions of Managed MPLS Networks (draft-ietf-pwe3- Method for determining an Objects for the Virtual Router frame-relay-07.txt) Equipment Impairment Factor using Redundancy Protocol...
Page 563 Standards and Protocols RFC 4251 The Secure Shell (SSH) Management Protocol (SNMP) NETWORK MANAGEMENT Protocol Architecture Management Frameworks ITU-T X.721: Information technology- OSI-Structure of Management RFC 3412 - Message Processing and RFC 4252 The Secure Shell (SSH) Authentication Protocol Information Dispatching for the Simple Network Management Protocol (SNMP) RFC 4253 The Secure Shell (SSH)
Page 564 Standards and Protocols Page 564 Standards and Protocols...
Page 565: Index
IPv6 system name matching criteria DSCP values VRRP IP option values overview components packets IP address owner policies IP addresses policy entries owner and non-owner redirect policies virtual router scope 7710 SR OS Router Configuration Guide Page 565...
Page 566 Index virtual router backup virtual router master VRID configuring basic command reference IES parameters non-owner owner management tasks overview router interface non-owner owner VRRP policy parameters Page 566 7710 SR OS Router Configuration Guide...

This manual is also suitable for:

7710 sr-os series

Alcatel-Lucent 7710 SR OS Configuration Manual

Getting Started

Getting Started

IP Router Configuration

IP Router Configuration

Vrrp

Vrrp

Vrrp

Filter Policies

Filter Policies

Filter Policies

Cflowd

Cflowd

Cflowd

Quick Links

Related Manuals for Alcatel-Lucent 7710 SR OS

Summary of Contents for Alcatel-Lucent 7710 SR OS