Download Print this page
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

Advanced Configuration Guide - Part I Releases Up To 14.0.R7
7450 Ethernet Service Switch
7750 Service Router
7950 Extensible Routing System
Advanced Configuration Guide - Part I
Releases Up To 14.0.R7
3HE 11598 AAAB TQZZA 01
Issue: 01
April 2017
Nokia — Proprietary and confidential.
Use pursuant to applicable agreements.

Advertisement

   Related Manuals for Nokia 7450

   Summary of Contents for Nokia 7450

  • Page 1

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 7450 Ethernet Service Switch 7750 Service Router 7950 Extensible Routing System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01 April 2017 Nokia —...

  • Page 2

    © 2016-2017 Nokia. Contains proprietary/trade secret information which is the property of Nokia and must not be made available to, or copied or used by anyone outside Nokia without its written authorization. Not to be used or disclosed except in accordance with applicable agreements.

  • Page 3: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table of Contents Preface ......................23 About This Guide.........................23 Basic System .................... 27 IEEE 1588 for Frequency, Phase, and Time Distribution .........29 Applicability ........................29 Overview ........................29 Configuration ........................42 Conclusion ........................62 Synchronous Ethernet..................63 Applicability ........................63 Summary...

  • Page 4: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration .........................144 Conclusion .........................161 Port Cross-Connect (PXC).................163 Applicability .........................163 Overview .........................163 Configuration .........................165 Conclusion .........................194 Router Configuration ................195 6PE Next-Hop Resolution ..................197 Applicability .........................197 Overview .........................197 Configuration .........................199 Conclusion .........................218 Aggregate Route Indirect Next-Hop Option .............219 Applicability...

  • Page 5: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Rate Limit Filter Action ..................347 Applicability .........................347 Overview .........................347 Configuration .........................349 Conclusion .........................355 Unicast Routing Protocols ..............357 Associating Communities with Static and Aggregate Routes .......359 Applicability .........................359 Overview .........................360 Configuration .........................361 Conclusion...

  • Page 6: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion .........................520 EBGP Route Resolution to a Static Route ............521 Applicability .........................521 Overview .........................521 Configuration .........................522 Conclusion .........................536 IS-IS Link Bundling ....................537 Applicability .........................537 Overview .........................537 Configuration .........................541 Conclusion .........................553 Policy Chaining and Logical Expressions ............555 Applicability .........................555...

  • Page 7: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Overview .........................699 Configuration .........................711 Conclusion .........................735 Entropy Label .....................737 Applicability .........................737 Overview .........................737 Configuration .........................740 Conclusion .........................751 IGP Shortcuts .....................753 Applicability .........................753 Overview .........................753 Configuration .........................756 Conclusion .........................805 Inter-Area TE Point-to-Point LSPs ..............807 Applicability .........................807 Summary...

  • Page 8: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LDP-SR Stitching for IPv4 Prefixes (IS-IS) ............925 Applicability .........................925 Overview .........................925 Configuration .........................926 Conclusion .........................940 MPLS LDP FRR using ISIS as IGP ..............941 Applicability .........................941 Overview .........................941 Configuration .........................942 Conclusion .........................965 MPLS Transport Profile ..................967 Applicability...

  • Page 9: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Segment Routing – Traffic Engineered Tunnels ...........1153 Applicability .......................1153 Overview .......................1153 Configuration .......................1155 Conclusion .......................1172 Segment Routing with IS-IS Control Plane ............1173 Applicability .......................1173 Overview .......................1173 Configuration .......................1175 Conclusion .......................1195 Shared Risk Link Groups for RSVP-Based LSP ..........1197 Applicability .......................1197...

  • Page 10

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 11

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 List of tables Synchronous Ethernet..................63 Table 1 Revertive, Non-Revertive Timing Reference Switching Operation ..68 Hybrid OpenFlow Switch ...................271 Table 2 OpenFlow Messages ................274 Table 3 FLOW_MOD Cookie Value ..............277 Table 4 FLOW_MOD Flags ................287 Table 5 Supported Redirect Actions..............297...

  • Page 12

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 22 MTU Values for Ethernet Frames............1026 Segment Routing with IS-IS Control Plane ............1173 Table 23 Mode Comparison .................1177 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 13

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 List of figures IEEE 1588 for Frequency, Phase, and Time Distribution .........29 Figure 1 PTP Messages and Timestamp Exchange ..........31 Figure 2 1588 Topology for Frequency Distribution..........33 Figure 3 1588 Topology for Time Distribution............33 Figure 4 Frequency Distribution with 1588 as Last Mile ..........34 Figure 5...

  • Page 14

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 34 ICB Spoke SDPs and Their Association with the Endpoints ....155 Figure 35 Additional Setup Example 1 ..............158 Figure 36 Additional Setup Example 2 ..............159 Port Cross-Connect (PXC).................163 Figure 37 Example Topology...................165 Figure 38 Non-Redundant PXC................168...

  • Page 15

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PBR/PBF Redundancy ..................321 Figure 69 PBF in VPLS 1 on PE-1................323 Figure 70 Example Topology...................328 Figure 71 PBR in a VPRN ..................342 Rate Limit Filter Action ..................347 Figure 72 Filter Based Rate Limiting ...............347 Figure 73 Rate Limit Filters and FlexPaths..............349 Figure 74...

  • Page 16

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 99 BGP Multipath Restricted to Exact Same AS. All AS Paths are Different....................469 Figure 100 BGP Multipath Restricted to Exact Same AS. All AS Paths are Identical ....................470 Figure 101 EBGP Equal to IBGP: No EIBGP Load-Balancing ........473 Figure 102...

  • Page 17

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 131 Updates from Unlabeled Sessions Not Propagated to Labeled Sessions (Default) ...................599 Figure 132 RIB Leaking from IPv4 BGP RIB to Labeled-IPv4 BGP RIB ....601 Automatic Bandwidth Adjustment in P2P LSPs..........607 Figure 133 Auto-Bandwidth Adjustment Implementation...........609 Figure 134...

  • Page 18

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Entropy Label .....................737 Figure 166 Load-Balancing of Flows Based on Hash Label or Entropy Label ..738 Figure 167 Label Stack with Hash Label versus Label Stack with EL and ELI..739 Figure 168 Downstream LERs Signal EL Capability to ILER ........739 Figure 169...

  • Page 19

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LDP-SR Stitching for IPv4 Prefixes (IS-IS) ............925 Figure 199 Example Topology...................926 MPLS LDP FRR using ISIS as IGP ..............941 Figure 200 Initial Topology ..................943 Figure 201 Data Verification, Direction PE-1 => PE-5 Using VLL Service ....953 Figure 202 LFA Computation, Inequality 1 for Prefix PE-5 (D) on PE-1 (S) ....960 Figure 203...

  • Page 20

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 RSVP Signaled Point-to-Multipoint LSPs............1087 Figure 233 P2MP Network Topology...............1088 Figure 234 P2MP LSP LSP-p2mp-1................1093 Figure 235 P2MP LSP p-to-mp-1 with Metric Change..........1111 Figure 236 P2MP LSP LSP-p2mp-1 with Strict S2L Path toward PE-7....1114 Figure 237 Intelligent Remerge, Case 1 ..............1116 Figure 238...

  • Page 21

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 268 MPLS Label Stack Object..............1238 Figure 269 ICMP Extension Header ................1238 Figure 270 ICMP Extension Object: Object Header and Payload ......1239 Figure 271 Example Configuration ................1240 Figure 272 Tunnel from iLER PE-3 to eLER PE-6 via LSR PE-2 ......1243 Figure 273 UDP Traceroute in VPRN with iLER in Uniform Mode ......1245 Figure 274...

  • Page 22

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 23: Preface

    It is assumed that the network administrators have a detailed understanding of networking principles and configurations. List of Technical Publications The 7x50 series documentation set also includes the following guides: • 7450 ESS, 7750 SR, and 7950 XRS Basic System Configuration Guide Issue: 01 3HE 11598 AAAB TQZZA 01...

  • Page 24

    Points (SAPs), Service Distribution Points (SDPs), customer information, and user services. • 7450 ESS, 7750 SR, and 7950 XRS Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN This guide describes Layer 2 service and Ethernet Virtual Private Network...

  • Page 25

    Advanced Configuration Guide - Part I Preface Releases Up To 14.0.R7 • 7450 ESS, 7750 SR, and 7950 XRS Layer 3 Services Guide: Internet Enhanced Services and Virtual Private Routed Network Services This guide describes Layer 3 service functionality and provides examples to configure and implement Internet Enhanced Services (IES) and Virtual Private Routed Network (VPRN) services.

  • Page 26

    Preface Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 27: Basic System

    Advanced Configuration Guide - Part I Basic System Releases Up To 14.0.R7 Basic System In this section This section provides configuration information for the following topics: • IEEE 1588 for Frequency, Phase, and Time Distribution • Synchronous Ethernet Issue: 01 3HE 11598 AAAB TQZZA 01...

  • Page 28

    Basic System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 29: Ieee 1588 For Frequency, Phase, And Time Distribution

    Conclusion Applicability This section is applicable to all of the 7750 SR and 7450 ESS series, except for the SR-1, ESS-1, and ESS-6/6v. It is not applicable to t.he 7710 SR nor the 7950 XRS series. Description and examples are based on release 12.0.R2. The only software pre-requisites are IP reachability between the node and neighboring 1588 clocks.

  • Page 30

    This is useful in environments where the transport network does not provide physical layer synchronization services. The following 1588 capabilities are provided within the 7750 SR and 7450 ESS nodes: • CPM/CFM based 1588 master, boundary, and slave clock functionality •...

  • Page 31

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 1 PTP Messages and Timestamp Exchange Master Slave Data at Slave t1, t2 t1, t2, t3 t1, t2, t3, t4 al_0541 The master sends a PTP Sync message containing a timestamp of when the Sync message is transmitted (t1) to the slave.

  • Page 32

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 These calculations can occur on every message exchange or some initial packet selection can be performed so that only optimal message exchanges are used. The latter is useful if there is variable delay between the master and slave ports.

  • Page 33

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 2 1588 Topology for Frequency Distribution Master Slave Synchronous Ethernet Input Port 5/1/3 Int-PE-1-PE-2 Int-PE-2-PE-1 Port 1/1/1 Port 1/1/1 192.168.1.1 192.168.1.2 PE-1 PE-2 192.0.2.183...

  • Page 34

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 The 1588 standard itself includes a default profile that can be used for either time or frequency distribution. The default profile was defined principally for multicast operation.

  • Page 35

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Note: SSM stands for Synchronization Status Messages and ESMC stands for Ethernet Synchronization Messaging Channel. These are two capabilities in SDH/SONET and Synchronous Ethernet respectively for the relaying of source clock quality information.

  • Page 36

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Figure 5 Unicast Message Negotiation Master_1 Slave Clock Master_2 Execution of the BMCA selects Master_1 as the Grandmaster Clock al_0545 A slave clock initiates unicast discovery by sending a Signaling message to one of its configured master clocks requesting the master send unicast Announce messages to the slave.

  • Page 37: Packet Delay Variation

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Network Limits A common concern around 1588 is whether it will work on or over a specific customer network. For time distribution using full OPS as shown in Figure 3, there are well defined limits on the number of network elements allowed in the distribution chain...

  • Page 38

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 QoS prioritization of packets helps reduce PDV significantly during congestion periods, but does not remove the PDV effects during lighter loading. This is due to the fact that a timing packet may be delivered to the egress queue for an interface while the interface is busy transmitting a packet.

  • Page 39

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution • Floor Delay is a value that is as close as possible to the absolute minimum transit delay across the network. Every actual delay measurement must be equal to or larger than this value.

  • Page 40

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 ITU-T Budget for Frequency The network limit on PDV for frequency distribution is defined in G.8271.1 using the FPP metrics defined above. In general most carrier grade networks with spans of up to 10 nodes and which do not exceed 80% load on their internode links should meet the requirement.

  • Page 41

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 7 G.8271.1 Time Error Budget ±100ns (PRTC/ T-GM) ±500ns cTE (node asymmetry, ±50ns per node) ±200ns dTE (random network variation) ±300ns cTE (uncompensated link asymmetry) ±250ns...

  • Page 42: Configuration

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Note there is discussion that some of these elements could be traded-off against each other. For example, if the link asymmetry needs a higher budget then the holdover budget would have to be less –...

  • Page 43

    The 7750 SR and the 7450 ESS can be configured as a 1588 slave clock for frequency recovery. In real deployments, it is more likely for the slave devices to be smaller cell site routers or basestations instead of another 7750 SR or 7450 ESS.

  • Page 44

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Ordinary Master Configuration The steps to configure PE-1 as a PTP ordinary-clock master for frequency distribution using the G.8265.1 Telecom profile are outlined below: Configure a /32 IPv4 system address on PE-1 and an interface to reach PE-2.

  • Page 45

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution The default clock type is set to ordinary slave so that must be changed to ordinary master. The only other relevant configuration parameter for the master clock running the G.8265.1 profile is the network-type.

  • Page 46

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 exit no shutdown exit exit Usually a 1588 slave has at least two peers configured in order to provide redundant sources. Configure PTP as the reference for the central clock on PE-2. *A:PE-2# configure system...

  • Page 47

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Router IP Address Dir Type Rate Duration State Time ------------------------------------------------------------------------------- Base 192.0.2.183 Announce 1 pkt/2 s Granted 05/30/2014 09:08:38 192.0.2.183 Sync 64 pkt/s Granted 05/30/2014 09:08:43 192.0.2.183...

  • Page 48

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 =============================================================================== In addition PTP packet statistics can be checked to verify reception of the PTP messages and the execution of the frequency slave: *A:PE-2# show system ptp statistics =============================================================================== IEEE 1588/PTP Packet Statistics...

  • Page 49

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Hold-over =============================================================================== =============================================================================== IEEE 1588/PTP Event Statistics =============================================================================== Event Sync Flow Delay Flow ------------------------------------------------------------------------------- Packet Loss Excessive Packet Loss Excessive Phase Shift Detected Too Much Packet Delay Variation =============================================================================== Secondly, the central clock status on the system can be checked:...

  • Page 50

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Rx Quality Level : failed Quality Level Override : none Qualified For Use : No Not Qualified Due To disabled Selected For Use : No Not Selected Due To disabled...

  • Page 51

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution When using the system as a 1588 slave for frequency distribution, it is strongly recommended to use the default message rate of 64 pps for Sync and Delay_Resp messages.

  • Page 52

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Boundary Clock With the increase interest in high accuracy time distribution across networks, the system most likely takes on the role of a 1588 boundary clock. In this role, the system requests time from a GNSS driven grandmaster clock or from a neighboring boundary clock.

  • Page 53

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution On PE-2, configure a /32 IPv4 system address and an interface to reach PE-1. *A:PE-2# configure router interface "system" address 192.0.2.182/32 no shutdown exit interface "int-PE-2-PE-1"...

  • Page 54

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 no shutdown exit commit exit Next configure PE-1 as a boundary clock requesting service from GM-1 using the default profile. In this example, the interface address of GM-1 is used for the PTP communication.

  • Page 55

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution exit On PE-1, validate the status of the PTP topology by checking the unicast sessions. Also validate the PTP process has elected GM-1 as both the parentClock and the grandmaster clock.

  • Page 56

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Frequency Traceable : yes Time Traceable : yes Time Source : GPS On PE-2, validate the PTP process has elected PE-1 as its parentClock and that the grandmaster clock is GM-1.

  • Page 57

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 10 Boundary Clocks with Edge VPRN Access GNSS Antenna Boundary Boundary Clock Clock GNSS Driven Grandmaster Clock Int-PE-1-GM-1 Int-PE-1-PE-2 BASE Port 1/1/10 Port 1/1/1 Int-PE-2-PE-1 GM-1...

  • Page 58

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 *A:PE-2# show system ptp unicast router 10 *A:PE-2# show service id 10 ptp unicast These two commands provide the same information as shown below. *A:PE-2# show system ptp unicast router 10 =============================================================================== IEEE 1588/PTP Unicast Negotiation Information...

  • Page 59

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution *A:PE-2# configure router interface "int-PE-2-PE-1" ptp-hw-assist exit exit exit configure service vprn 10 customer 1 interface "int-PE-2-CE-1" ptp-hw-assist exit exit To verify 1588 PBT is active on the 1588 messages to the peers, check the timestamp point for the specific peer.

  • Page 60

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 In order to configure the system loopback address for PTP, enter the following on PE-1: *A:PE-1# configure system security source-address application ptp "system" exit exit Now the timestamp point on PE-1 will be the port.

  • Page 61

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution On PE-2, a loopback address must assigned for PTP communication as follows: *A:PE-2# configure service vprn 10 interface "ptp_loopback" address 172.16.1.1/32 loopback exit source-address application ptp "ptp_loopback"...

  • Page 62: Conclusion

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 State Reference ID St Type Poll Reach Offset(ms) Remote ------------------------------------------------------------------------------- chosen srvr ..YY 0.000 =============================================================================== =============================================================================== NTP Clients =============================================================================== vRouter Time Last Request Rx Address ------------------------------------------------------------------------------- ===============================================================================...

  • Page 63: Synchronous Ethernet

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Synchronous Ethernet This chapter provides information about Synchronous Ethernet (SyncE). Topics in this chapter include: • Applicability • Summary • Overview • Configuration • Conclusion Applicability This chapter was initially written for SR OS release 8.0.R7. The CLI in the current edition is based on SR OS release 14.0.R6.

  • Page 64: Overview

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Overview Synchronous Ethernet Traditionally, Ethernet based networks employ the physical layer transmitter clock to be derived from an inexpensive +/-100ppm crystal oscillator and the receiver locks onto it. There is no need for long term frequency stability because the data is packetized and can be buffered.

  • Page 65

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Figure 11 SyncE Hypothetical Reference Network Architecture S SDH E Eth H Hybrid 25994 Many Tier 1 carriers are looking to migrate their synchronization infrastructure to a familiar and manageable model. In order to enable rapid migration of these networks, SyncE may be the easiest to deploy in order to ensure robust frequency synchronization.

  • Page 66

    Telcordia GR-1244 and ITU-T G.781. The system can select from up to three (7950 XRS) or four (7450 ESS and 7750 SR) timing inputs to train the local oscillator. The priority order of these references must be specified.

  • Page 67

    • BITS port on the CPM, CFM, or CCM module • 10GE ports in WAN PHY mode • IEEE 1588v2 slave port (PTP) (7450 ESS and 7750 SR only) On 7750 SR-12 and 7750 SR-7 systems with redundant CPMs, the system has two BITS input ports (one per CPM).

  • Page 68

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 All settings of the signal characteristics for the BITS input apply to both ports. When the active CPM considers the BITS input as a possible reference, it will consider first the BITS input port on the active CPM followed the BITS input port on the standby CPM in that relative priority order.

  • Page 69

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Table 1 Revertive, Non-Revertive Timing Reference Switching Operation (Continued) Status of Reference Status of Reference Active Reference Active Reference Non-revertive Case Revertive Case Failed Failed Failed holdover holdover Failed Failed Failed...

  • Page 70

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 14 Network Considerations for Ethernet Timing Distribution Acceptable for clock distribution Not acceptable for clock distribution 25997 Configuration Configuration 1 - QL-Selection Mode Disabled The following example shows the configuration options for SyncE when ql-selection mode is disabled.

  • Page 71

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 *A:PE-1# configure card 1 mda 1 sync-e After syncE is enabled, the configuration of MDA 1 is as follows *A:PE-1# configure card 1 mda 1 *A:PE-1>config>card>mda# info detail ---------------------------------------------- mda-type m4-10gb-xp-xfp sync-e...

  • Page 72

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The synchronous interface timing can be configured with the following parameters: *A:PE-1# configure system sync-if-timing - sync-if-timing abort - Discard the changes that have been made to sync interface timing during a session begin - Switch to edit mode for sync interface timing - use commit to...

  • Page 73

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 *A:PE-1>config>system>sync-if-timing# info detail ---------------------------------------------- no ql-minimum no ql-selection ref-order bits ref1 ref2 ptp ref1 source-port 1/1/2 no shutdown no ql-override exit ref2 shutdown no source-port no ql-override exit bits interface-type ds1 esf no ql-override...

  • Page 74

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Not Qualified Due To Selected For Use : No Not Selected Due To not qualified Reference Input 1 Admin Status : up Rx Quality Level : unknown Quality Level Override : none Qualified For Use : Yes...

  • Page 75

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Configuration 2 - QL Selection Mode Enabled The following example shows the configuration options for SyncE when ql-selection mode is enabled. This is the normal case for European SDH networks. SyncE is enabled as follows: *A:PE-1# configure card 1 mda 1 sync-e On port 1/1/2, the Synchronization Status Message (SSM) channel is configured to...

  • Page 76

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1>config>system>sync-if-timing# info detail ---------------------------------------------- no ql-minimum ql-selection ref-order bits ref1 ref2 ptp ref1 source-port 1/1/2 no shutdown no ql-override exit ref2 shutdown no source-port no ql-override exit bits interface-type e1 pcm31crc ssm-bit 8 ql-override prc...

  • Page 77

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Selected For Use : No Not Selected Due To not qualified Reference Input 1 Admin Status : up Rx Quality Level : failed Quality Level Override : none Qualified For Use : Yes Selected For Use...

  • Page 78

    SONET/SDH-like frequency synchronization capability in the inherently asynchronous Ethernet network. SyncE, natively supported on the Nokia SR OS routers, is an ITU-T standardized PHY-level way of transmitting frequency synchronization across Ethernet packet networks that fulfills that need in a reliable, secure, scalable, efficient, and cost- effective manner.

  • Page 79: System Management

    Advanced Configuration Guide - Part I System Management Releases Up To 14.0.R7 System Management In This Section This section provides configuration information for the following topics: • Distributed CPU Protection • Event Handling System Issue: 01 3HE 11598 AAAB TQZZA 01...

  • Page 80

    System Management Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 81: Distributed Cpu Protection

    This Distributed CPU Protection (DCP) configuration example was created using the 7750 SR-c12 platform but is equally applicable to the following platforms: 7750 SR- 7/12, 7450 ESS-6/7/12, 7750 SR-c4/c12 and 7950 XRS. DCP is not supported on the 7750 SR-1, 7450 ESS-1 or 7710 SR platforms.

  • Page 82

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The goal of this example is to familiarize the reader with the configuration and use of Distributed CPU Protection. A simple and controlled setup is used to illustrate how the protection behaves and how to use the tools provided for the feature.

  • Page 83

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 *A:PE-1# configure router interface "int-pe1-to-tester" *A:PE-1>config>router>if# info ---------------------------------------------- address 192.168.10.1/24 port 1/1/4 no shutdown ---------------------------------------------- *A:PE-1>config>router>if# exit all *A:PE-1# configure log log-id 15 *A:PE-1>config>log>log-id# info ---------------------------------------------- from security to memory 1024 ---------------------------------------------- This example was developed on a 7750 SR-c12 platform but it is equally...

  • Page 84

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit protocol icmp create enforcement static "sp-icmp" exit protocol igmp create enforcement static "sp-igmp" exit exit For the dcp-policy-count policy configuration: − The policy contains three static policers: sp-arp, sp-icmp and sp-igmp. These policers are then used by the three configured protocols that are part of the policy: arp, icmp and igmp.

  • Page 85

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Step 4. Examine some log and status on the router to get a baseline (no traffic is flowing from the tester to the router at this point). Notice that the cpu utilization is fairly low with an overall Idle of 96% and no task groups at more than 5% capacity usage.

  • Page 86

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# tools dump security dist-cpu-protection violators enforcement interface card =============================================================================== Distributed Cpu Protection Current Interface Enforcer Policer Violators =============================================================================== Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor...

  • Page 87

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No entries found ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Dynamic-Policer (Protocol) ------------------------------------------------------------------------------- No entries found ------------------------------------------------------------------------------- =============================================================================== Step 5. Configure the tester to send ARP, ICMP and IGMP traffic to the router using the following rates: −...

  • Page 88

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 16 Count Traffic with DCP Policy Count 7750 SR-c12 (PE-1) ICMP Configured Rate = 0 pps IGMP Tester Tester Sending: • 2 pps ARP • 4 pps ICMP •...

  • Page 89

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 *A:PE-1# show router interface "int-pe1-to-tester" dist-cpu-protection =============================================================================== Interface "int-pe1-to-tester" (Router: Base) =============================================================================== Distributed CPU Protection Policy : dcp-policy-count ------------------------------------------------------------------------------- Statistics/Policer-State Information =============================================================================== ------------------------------------------------------------------------------- Static Policer ------------------------------------------------------------------------------- Policer-Name : sp-arp Card/FP : 1/1...

  • Page 90

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 protocol igmp create enforcement static "sp-igmp" exit exit For the dcp-static-policy-1 policy configuration, note that a few parameters are different than in the previously created dcp-policy-count policy: −...

  • Page 91

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Figure 17 Limit Traffic with dcp-static-policy-1 7750 SR-c12 (PE-1) Rate = 10 pps ICMP Rate = 20 pps IGMP Tester Rate = 10 pps Tester Sending: • 2 pps ARP •...

  • Page 92

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 "Non conformant network_if "int-pe1-to-tester" on fp 1/1 detected at 04/18/2013 17:31:33. Policy "dcp-static-policy-1". Policer="sp-igmp"(static). Excd count=135" … [snip] … The status of DCP on the interface also shows the igmp policer as being in an Exceed state: *A:PE-1# show router interface "int-pe1-to-tester"...

  • Page 93

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 ~0.00% 0.04% …[snip]… WEB Redirect ~0.00% ~0.00% ------------------------------------------------------------------------------- Total 8,965,427 100.00% Idle 8,605,657 95.98% Usage 359,770 4.01% Busiest Core Utilization 134,481 13.49% =============================================================================== Step 10. Remove the DCP policy from the interface and see the CPU utilization goes up for the IGMP task group.

  • Page 94

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 133,029 1.48% 2.92% IP Stack 935,491 10.43% 93.45% IS-IS 1,343 0.01% 0.06% 12,350 0.13% 0.45% ~0.00% 0.03% …[snip]… WEB Redirect ~0.00% 0.01% ------------------------------------------------------------------------------- Total 8,966,128 100.00% Idle 6,972,962 77.77% Usage...

  • Page 95

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor ------------------------------------------------------------------------------- =============================================================================== The IGMP policer is indicated as conformant in the log events. *A:PE-1# show log log-id 15 =============================================================================== Event Log 15...

  • Page 96

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- …[snip]… An optional hold-down can be used in the configuration of the exceed- action of the policers in order to apply the exceed-action for a defined period (even if the policer goes conformant again during that period).

  • Page 97

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 If the dynamic-enforcement-policer-pool is too small then when a local- monitoring-policer detects violating traffic, the dynamic enforcement policers will not be able to be instantiated. A log event will warn the operator when the pool is nearly exhausted.

  • Page 98

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 − Four protocols are configured and they are all associated with the local- monitoring-policer. The all-unspecified protocol will include all other extracted control packets on the interface. −...

  • Page 99

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Figure 19 Dynamic Policers Instantiated 7750 SR-c12 (PE-1) Rate = 20 Tester Packets within 10 Seconds Tester Sending: ICMP • 1 pps ARP IGMP • 4 pps ICMP Rate = 100 •...

  • Page 100

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Policer-Name : local-mon Card/FP : 1/1 Policer-State : Exceed Protocols Mapped : arp, icmp, igmp, all-unspecified Exceed-Count : 1097 All Dyn-Plcr Alloc. : True ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Dynamic-Policer (Protocol) ------------------------------------------------------------------------------- Protocol(Dyn-Plcr)

  • Page 101

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Step 17. Stop the tester. The dynamic policer detection timers will start counting down since they are no longer seeing violating packets. *A:PE-1# show router interface "int-pe1-to-tester" dist-cpu-protection =============================================================================== Interface "int-pe1-to-tester"...

  • Page 102

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# tools dump security dist-cpu-protection violators enforcement interface card =============================================================================== Distributed Cpu Protection Current Interface Enforcer Policer Violators =============================================================================== Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor...

  • Page 103

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Conclusion Distributed CPU Protection (DCP) offers a powerful rate limiting function for control protocol traffic that is extracted from the data path and sent to the CPM. This example has demonstrated how to configure DCP on an interface and what indications SR OS provides to the operator during a potential attack or misconfiguration.

  • Page 104

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 105: Event Handling System

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 Event Handling System This chapter provides information about Event Handling Systems (EHS). Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter was initially written for SR OS release 13.0.R3. The CLI in the current edition is based on SR OS release 14.0.R5.

  • Page 106

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration The topology shown in Figure 20 provides an example of an EHS configuration. All routers within the example topology participate in the same IS-IS Level-2 area and run LDP.

  • Page 107

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 exit no shutdown exit The objective of this configuration example is to ensure that both upstream and downstream traffic are always routed through the same PE router. That is, if PE-3 is VRRP Master, it will attract upstream traffic from CE-1 using the VRRP virtual IP/ MAC, but PE-3 should also be the transit PE for downstream traffic destined toward CE-1.

  • Page 108

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Script Control The first step in configuring event handling is to configure a script containing the CLI commands to be executed when the event is triggered. This script can be stored locally on the compact flash, or it can be stored off-node at a defined remote URL, where it can be accessed using FTP or TFTP.

  • Page 109

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 with the name specified for results, followed by an underscore and the date and time that the script was run. A results file must be specified in order for the script to successfully run.

  • Page 110

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Max lifetime allowed : 248d 13:13:56 (21474836 seconds) Completed run histories Executing run histories Initializing run histories Max time run history saved : 0d 01:00:00 (3600 seconds) Script start error : N/A Last change...

  • Page 111

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 no shutdown exit exit no shutdown exit exit Event Trigger The final step in configuring event handling is to configure the event-trigger. The event-trigger defines the event that triggers the running of the script. The event- trigger is based on any event generated by the event-control framework, and can match against the application and event number (event_id).

  • Page 112

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Therefore, the event-trigger configuration is based on an application of VRRP and an event number of 2001 (vrrptrapNewMaster). In the following output, vrrp 2001 is configured as the event. The trigger-entry is defined as 1, and in this example, there is only one trigger event.

  • Page 113

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 • The second indicates that EHS handler event-handler-1 was invoked by a CLI user. • The third indicates that a script file has initiated an attempt to execute CLI commands contained in script file vrrp-master.txt.

  • Page 114

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-3# show router vrrp instance =============================================================================== VRRP Instances =============================================================================== Interface Name VR Id Own Adm State Base Pri Msg Int Pol Id InUse Pri Inh Int ------------------------------------------------------------------------------- redundant-interface Master IPv4...

  • Page 115

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 Min Delay Last Exec : 10/27/2016 15:41:52 ------------------------------------------------------------------------------- Handler Action-List Entry Execution Statistics Enqueued : 11 Err Launch Err Adm Status : 0 Total : 11 =============================================================================== The example includes an event-trigger and script to meet the requirements of a fail- forward where PE-3 becomes VRRP master.

  • Page 116

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The event-handler acts as the interface between the configured script-policy and event-trigger. Therefore, a second event-handler is configured with an action-list consisting of a single entry referencing the newly configured vrrp-backup-policy. configure event-handling handler "event-handler-2"...

  • Page 117

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 The configuration of the example event handling for the revertive failure event (PE-3 transitions to VRRP backup) is now complete. By re-enabling the spoke-SDP between PE-1 and PE-2, the VRRP message path is restored, and PE-2 again becomes the VRRP master.

  • Page 118

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion EHS allows operators to configure user-defined actions on the router when an event occurs. The event trigger can be anything that is generated by the event-control framework, and explicit filtering is possible using regular expressions.

  • Page 119: Interface Configuration

    Advanced Configuration Guide - Part I Interface Configuration Releases Up To 14.0.R7 Interface Configuration In This Section This section provides interface configuration information for the following topics: • Multi-Chassis APS and Pseudowire Redundancy Interworking • Multi-Chassis LAG and Pseudowire Redundancy Interworking •...

  • Page 120

    Interface Configuration Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 121: Multi-chassis Aps And Pseudowire Redundancy Interworking

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Multi-Chassis APS and Pseudowire Redundancy Interworking This chapter describes multi-chassis APS and pseudowire redundancy interworking. Topics in this chapter include: • Applicability • Overview •...

  • Page 122

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Signaling functionality includes support for: • APS group matching between service routers. • Verification that one side is configured as a working circuit and the other side is configured as the protect circuit.

  • Page 123

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 21 MC-APS Network Topology System IP System IP 192.168.13.0/30 192.0.2.1 192.0.2.3 Active Standby PE-1 PE-3 MSAN MSAN 1+1 APS 1+1 APS 192.168.12.0/30 192.168.34.0/30 System IP System IP Standby...

  • Page 124

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 23 Access Node and Network Resilience (Part 2) TLDP Aggregation Aggregation Node Node Active Standby PE-1 PE-3 Inter-chassis Inter-chassis MSAN MSAN 1+1 APS 1+1 APS PW for VLL PW for VLL...

  • Page 125

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking 192.168.12.2 192.0.2.3/32 Remote OSPF 00h01m05s 192.168.13.2 192.0.2.4/32 Remote OSPF 00h01m08s 192.168.12.2 192.168.12.0/30 Local Local 00h02m13s int-PE-1-PE-2 192.168.13.0/30 Local Local 00h02m12s int-PE-1-PE-3 192.168.24.0/30 Remote OSPF 00h01m17s 192.168.12.2 192.168.34.0/30...

  • Page 126

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Wait-To-Restore Timer : 5 minute(s) Step 2. MC-APS configuration on PE-1 and PE-2 Assuming the link between MSAN and PE-1 is working circuit and the link between MSAN and PE-2 is protection circuit.

  • Page 127

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking − advertise-interval — This command specifies the time interval, in 100s of milliseconds, between 'I am operational' messages sent by both protect and working circuits to their neighbor for multi-chassis APS. −...

  • Page 128

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Step 4. Verify the MC-APS status and parameters on PE-1 and PE-2 Detailed parameters of the APS configuration on PE-1 can be verified, as follows.

  • Page 129

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Working Circuit : N/A Protection Circuit : 1/2/1 Switching-mode : Bi-directional Switching-arch : 1+1(sig-only) Annex B : No Revertive-mode : Non-revertive Revert-time (min) Rx K1/K2 byte : 0x00/0x05 (No-Req on Protect) Tx K1/K2 byte : 0x00/0x05 (No-Req on Protect)

  • Page 130

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 24 Association of SAPs/SDPs and Endpoints PE-1 PE-3 Apipe Apipe Active Standby MSAN MSAN 1+1 APS 1+1 APS Active Standby Apipe Apipe PE-2 PE-4 OSSG631 *A:PE-1# configure...

  • Page 131

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking 2147483649 intVpls Down 1 _tmnx_InternalVplsService ------------------------------------------------------------------------------- Matching Services : 3 ------------------------------------------------------------------------------- =============================================================================== *A:PE-1# The Apipe service is down in PE-2 (MC-APS protect circuit), as follows: *A:PE-2# show service service-using =============================================================================== Services...

  • Page 132

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Note: After configuring ICB spoke-SDPs, the Apipe will be up on all PEs. Step 8. Verify SDP status The status of SDP 23:1 on PE-2 can be verified as follows. Peer Pw Bits shows the status of the pseudowire on the peer node.

  • Page 133

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking ---snip--- ------------------------------------------------------------------------------- Number of SDPs : 1 ------------------------------------------------------------------------------- =============================================================================== *A:PE-2# In case of failure, the access link can be protected by MC-APS. An MPLS network failure can be protected by pseudowire redundancy.

  • Page 134

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Two ICB spoke SDPs must be configured in the Apipe service on each PE router, one in each endpoint. The same SDP IDs can be used for the ICBs since the far-end will be the same.

  • Page 135

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking *A:PE-1# show service id 1 endpoint =============================================================================== Service 1 endpoints =============================================================================== Endpoint name Description : (Not Specified) Creation Origin : manual Revert time Act Hold Delay Tx Active : aps-1:0/32 Tx Active Up Time...

  • Page 136

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 26 Additional Setup Example 1 (Part 1) PE-1 Apipe 1+1 APS MSAN MSAN MC-APS ICB Spoke-SDP Apipe PE-2 OSSG634 Figure 27 Additional Setup Example 1 (Part 2) PE-1 Apipe SDP SDP...

  • Page 137

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 28 Additional Setup Example 2 (Part 1a) PE-1 PE-3 Apipe Apipe 1+1 APS Spoke-SDP MSAN Active MSAN MC-APS ICB Spoke-SDP Spoke-SDP Standby Apipe PE-2 OSSG636 Figure 29...

  • Page 138

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 30 Additional Setup Example 2 (Part 2) PE-3 Apipe Spoke-SDP MSAN MC-APS ICB Spoke-SDP PE-1 Spoke-SDP Apipe Spoke-SDP Apipe Spoke-SDP PE-4 MSAN MC-APS Spoke-SDP PE-5 Apipe...

  • Page 139

    It supports ATM VLL and Ethernet VLL with ATM SAP. Access links and PE nodes are protected by APS and the MPLS network is protected by pseudowire redundancy/FRR. With this feature, Nokia can provide resilient end-to-end solutions. Issue: 01 3HE 11598 AAAB TQZZA 01...

  • Page 140

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 141: Multi-chassis Lag And Pseudowire Redundancy Interworking

    MC-LAG MC-LAG is an extension to the LAG feature to provide not only link redundancy but also node-level redundancy. This feature provides a Nokia added value solution which is not defined in any IEEE standard. A proprietary messaging system between redundant-pair nodes supports coordinating the LAG switchover.

  • Page 142

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Pseudowire Redundancy Pseudowire (PW) redundancy provides the ability to protect a pseudowire with a pre- provisioned pseudowire and to switch traffic over to the secondary standby pseudowire in case of a SAP and/or network failure condition.

  • Page 143

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 32 shows the use of both MC-LAG in the access network and pseudowire redundancy in the core network to provide a resilient end-to-end VLL service between CE-5 and CE-6.

  • Page 144

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Configuration It is assumed that the following base configuration has been implemented on the PEs: • Cards, MDAs and ports • Interfaces • IGP configured and converged •...

  • Page 145

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking =============================================================================== *A:PE-1# The following command shows that the SDPs are up: *A:PE-1# show service sdp ============================================================================ Services: Service Destination Points ============================================================================ SdpId AdmMTU OprMTU Far End ---------------------------------------------------------------------------- 1556...

  • Page 146

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 The LAG encapsulation type (null | dot1q | qinq) must match the port encapsulation type of the LAG members. Auto-negotiation must be switched off or configured to limited. Configure LACP on the LAG.

  • Page 147

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking no shutdown exit no shutdown exit exit Step 4. MC-LAG verification. Verify MC peers showing that the authentication and admin state are enabled. *A:PE-1# show redundancy multi-chassis sync =============================================================================== Multi-chassis Peer Table ===============================================================================...

  • Page 148

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 There is a fixed keepalive timer of 1 second. The hold-on-neighbor- failure multiplier command indicates the interval that the standby node will wait for packets from the active node before assuming a redundant- neighbor failure.

  • Page 149

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking The selection criteria by default is highest number of links and priority. In this example, the number of links and the priority of the links is the same on both redundant PEs.

  • Page 150

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Subgrp hold time : 0.0 sec Remaining time : 0.0 sec Subgrp selected Subgrp candidate Subgrp count System Id : 4a:c4:ff:00:00:00 System Priority : 32768 Admin Key : 32768 Oper Key...

  • Page 151

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 33 Association of SAPs/SDPs and Endpoints PE-3 PE-1 epipe epipe MC-LAG MC-LAG CE-6 CE-5 PE-4 PE-2 epipe epipe OSSG382 *A:PE-1# configure service epipe 1 customer 1 create endpoint "X"...

  • Page 152

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 2147483649 intVpls Down 1 _tmnx_InternalVplsService ------------------------------------------------------------------------------- Matching Services : 3 ------------------------------------------------------------------------------- =============================================================================== *A:PE-1# *A:PE-2# show service service-using =============================================================================== Services =============================================================================== ServiceId Type CustomerId Service Name ------------------------------------------------------------------------------- Epipe Down 1...

  • Page 153

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Step 11. Verify SDP status Local pseudowire bits indicate the status of the pseudowire on the PE node. These pseudowire bits will be sent to the peer. Peer pseudowire bits indicate the status of the pseudowire on the peer, as sent by the peer.

  • Page 154

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 In this example, the remote side of the SDP is sending lacIngressFault lacEgressFault pwFwdingStandby flags. This is because the Epipe service on PE-3 is down because the MC-LAG is in standby/down status. Link and node protection can be tested.

  • Page 155

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 34 ICB Spoke SDPs and Their Association with the Endpoints PE-3 PE-1 epipe epipe SDP SDP SDP MC-LAG MC-LAG ICB Spoke-SDP ICB Spoke-SDP CE-5 CE-6 SDP SDP SDP...

  • Page 156

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 spoke-sdp 21:1 endpoint "Y" icb create exit spoke-sdp 21:2 endpoint "X" icb create exit *A:PE-3# configure service epipe 1 spoke-sdp 34:1 endpoint "X" icb create exit spoke-sdp 34:2 endpoint "Y"...

  • Page 157

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Last Tx Active Change : 10/25/2016 07:45:31 ------------------------------------------------------------------------------- Members ------------------------------------------------------------------------------- Spoke-sdp: 12:2 Prec:4 (icb) Oper Status: Up Spoke-sdp: 13:1 Prec:4 Oper Status: Up Spoke-sdp: 14:1 Prec:4 Oper Status: Up =============================================================================== ===============================================================================...

  • Page 158

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 35 Additional Setup Example 1 PE-1 epipe MC-LAG MC-LAG ICB Spoke-SDP ICB Spoke-SDP CE-1 CE-2 epipe = SDP PE-2 = SAP PE-1 epipe CE-2 MC-LAG ICB Spoke-SDP...

  • Page 159

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 36 Additional Setup Example 2 PE-1 PE-3 epipe epipe Spoke- MC-LAG CE-2 ICB Spoke-SDP ICB Spoke-SDP CE-1 Spoke-SDP epipe = SDP PE-2 = SAP PE-1 PE-3 epipe...

  • Page 160

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 MC-LAG in VPLS Services MC-LAG can also be configured in VPLS services. When the MC-LAG converges, the PE that transitions to standby state for the MC-LAG will send out an LDP address withdrawal message to all peers configured in the VPLS service.

  • Page 161

    *A:PE-1# tools perform lag clear-force lag-id 1 Conclusion MC-LAG is a Nokia added value redundancy feature that offers fast access link convergence in Epipe and VPLS services for CE devices that support standard LACP. PE node convergence for VPLS services is enhanced by using LDP address withdrawal messages to flush the FDB on the PE peers.

  • Page 162

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 163: Port Cross-connect (pxc)

    • 7750 SR-7/12/12e in chassis mode D with SFM5 using FP3-based 10GE and 100GE ports • 7450 ESS-7/12 in mixed-mode with SFM5 using FP3-based 10GE and 100GE ports The information and configuration in this chapter is based on SR OS Release 14.0.R5.

  • Page 164

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When traffic is passed through the egress data path of the PXC, it can be used for additional packet processing that cannot be supported on the ingress data path, such as the removal of an encapsulation header.

  • Page 165

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 Figure 37 Example Topology PE-2 PE-4 192.0.2.2 192.0.2.4 AS 64496 Test Port A CE-2 CE-4 Test Port B 172.31.102.2/24 172.31.104.2/24 PE-7 192.0.2.7 Test Port C 172.31.107.2/24 26223 PE-7 will host the PXC and is equipped with an FP3-based 20 x 10GE IMM in slot 1 for this purpose, as shown in the following output: *A:PE-7# show card 1...

  • Page 166

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Non-Redundant PXC The non-redundant PXC is created within the port-xc context and can be numbered from 1 to 64. A port must be assigned to the PXC before it is put into a no shutdown state, and that port must be in a shutdown state when it is assigned.

  • Page 167

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 *A:PE-7# configure port pxc-1.b no shutdown The physical port assigned to the PXC must also now be put into a no shutdown state in order for the PXC to become operational: *A:PE-7# configure port 1/2/1 no shutdown The command in the following output can then be used to verify the operational state of the PXC:...

  • Page 168

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 38 Non-Redundant PXC Port FP3 complex Switch Fabric PXC-1.a Upstream PXC-1.b Downstream 26224 When using a PXC, the physical port effectively simulates two (sub-)ports, which creates two egress traffic paths: one upstream and one downstream. When the receive side of the PXC port receives those paths, it needs to distinguish between them, and this is where the internal additional VLAN tag is used.

  • Page 169

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit As with the non-redundant PXC, when the PXC has been put into a no shutdown state, two PXC sub-ports with .a and .b suffixes are automatically created by the system for each PXC port: *A:PE-7# show port pxc [2..3] ===============================================================================...

  • Page 170

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Admin Oper Port Description State State ------------------------------------------------------------------------------- 1/2/3 PXC redundant =============================================================================== The PXC sub-ports are then associated with two LAGs to essentially form an internal back-to-back LAG. To do this, both sub-ports with the .a suffix belong to one LAG instance, and both sub-ports with the .b suffix belong to the other LAG instance.

  • Page 171

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 When the LAGs are configured and the associated PXC sub-ports assigned as member links, the operational status can be verified. Note that at the LAG level, each of the configured LAG instances is not aware that it is internally connected to another LAG instance, even though the member sub-ports are logically looped.

  • Page 172

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 DVSM Mode DVSM mode enables the creation of a back-to-back cross-connect. This back-to- back connection can be network-to-network, access-to-access, or a combination such as network-to-access. To provide an example of using DVSM mode, PE-4 in Figure 1 functions as a Layer 2 backhaul device, and PE-7 housing the PXC functions as the Layer 3 service edge.

  • Page 173

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 service sdp 2004 mpls create far-end 192.0.2.4 no shutdown exit epipe 11 customer 1 create sap pxc-1.a:100 create no shutdown exit spoke-sdp 2004:11 create no shutdown exit no shutdown exit The VPRN configuration at the corresponding side of the PXC port is shown in the...

  • Page 174

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PXC Port Dimensioning When the VPRN service at PE-7 is put into a no shutdown state, the EBGP session to CE-4 is established. The relevant routes are exchanged between CE-4 and PE-7 and traffic can be exchanged between test ports B (connected to CE-4) and C (connected to PE-7).

  • Page 175

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 However, the PXC sub-ports are subtly different. Consider SAP ingress traffic entering the VPRN at PE-7 from the locally connected test port C destined toward test port B at CE-4. At the ingress to PE-7, this traffic is mapped to FC Expedited Forwarding (EF) and forwarded into the PXC port through SAP pxc-1.b:100.

  • Page 176

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The configuration of the Tier 1 scheduler "aggregate-rate" referenced by the child queues in the preceding SAP-egress QoS policy is shown in the following output. The scheduler in turn references a port-scheduler-policy using the command port- parent.

  • Page 177

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit exit On the opposing side of the PXC loop, the dot1p markings imposed by the VPRN SAP egress are used to reclassify traffic back to its original FC mapping. The following output shows the SAP-ingress QoS policy applied at the Epipe PXC sub- port SAP (pxc-1.a:100).

  • Page 178

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 AS Mode AS mode creates an FPE context that is used to provide information to the system about which PXC ports or LAGs are paired, so that the configuration process can be simplified by automatic provisioning of cross-connects.

  • Page 179

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 After the sdp-id-range is configured, the fpe instance is created and the user enters the fpe context. The path command is used to assign redundant or non-redundant PXC objects to the FPE.

  • Page 180

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The next step is to configure a pseudowire-port (pw-port) that will be used for terminating services. The creation of the pw-port creates a new context in which the only required configuration is to define the encapsulation type as dot1q or qinq.

  • Page 181

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 The following output shows the SDPs belonging to the preceding vc-switched Epipe service configured. The first SDP with identifier 2004:13 is the pseudowire toward PE-4 with VC-ID 13. The second SDP has identifier 17280:1 allocated from the preconfigured sdp-id-range, and has a type of Fpe.

  • Page 182

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In SR OS, the combination of SDP ID and VC-ID is always associated with a service. When using AS mode, the system automatically creates an internal VPLS service with ID 2147383649 and a name of _tmns_InternalVplsService.

  • Page 183

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit exit group "EBGP" ---snip--- no shutdown exit exit FPE Port Dimensioning After the VPRN service at PE-7 is put into a no shutdown state, the EBGP session to CE-4 is established.

  • Page 184

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Totals 54200 54200 % Util ~0.00 ~0.00 ! indicates that the port is assigned to a port-xc. Traffic is then generated unidirectionally upstream from test port B (connected to CE4) toward port C (connected to PE7) at a rate of 100 packets/s.

  • Page 185

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 The internal cross-connects also use the default network-queue policy named "default". While this policy also cannot be modified, it is possible to configure and apply a non-default network-queue policy (including a port-scheduler policy, if required) at PXC sub-port level.

  • Page 186

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 queue 3 expedite create parent "aggregate-rate" cir-level 3 rate 2000 cir 2000 exit fc af create queue 2 exit fc be create queue 1 exit fc ef create queue 3 exit exit...

  • Page 187

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 vprn 12 customer 1 create interface "to-CE-4" create sap pw-1:100.1024 create egress scheduler-policy "egress-hqos-scheduler" scheduler-override scheduler "aggregate-rate" create rate 25000 exit exit qos 12 exit exit exit When traffic is generated downstream toward CE-4 in FC EF at a rate of 100 packets/ s, the first point of verification is the VPRN pw-port SAP egress.

  • Page 188

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The last point of verification is the network egress interface toward PE-4. Again, a check at the physical port level shows that packets are incrementing in egress queue 6.

  • Page 189

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 correct FC by the SAP-ingress QoS policy. The following output shows the SAP- ingress QoS policy applied to the pw-port SAP within the VPRN. Because the EXP- to-FC mapping could not be completed, FC reclassification is required in order to map traffic to its original FC before transiting the FPE.

  • Page 190

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The SAP-ingress QoS policy is applied to the pw-port SAP within the VPRN, together with the ingress H-QoS scheduler. An override of the scheduler rate is also applied. PE-7 configure service...

  • Page 191

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 OAM Continuity The FPE pw-port functionality may be used by redundant routers to provide resilient service termination for a Layer 2 backhaul node implementing a mechanism such as active/standby pseudowire.

  • Page 192

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE- 4# show service id 13 sdp 2007:13 detail | match expression "Local Pw Bits|Peer Pw B its|Admin State" Admin State : Up Oper State : Up Local Pw Bits : pwFwdingStandby Peer Pw Bits...

  • Page 193

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 VC-Id : 100001 Admin Status : up Encap : qinq Oper Status : down VC Type : ether Admin Ingress label : 262127 Admin Egress label : 262128 Oper Flags : stitchingSvcTxDown Monitor Oper-Group...

  • Page 194

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This example in the AS mode section illustrated how notification of a downstream failure is propagated through the components of the PXC in AS mode and reflected in the status of the pw-port (and its associated services).

  • Page 195: Router Configuration

    Advanced Configuration Guide - Part I Router Configuration Releases Up To 14.0.R7 Router Configuration In This Section This section provides configuration information for the following topics: • 6PE Next-Hop Resolution • Aggregate Route Indirect Next-Hop Option • Bi-Directional Forwarding Detection •...

  • Page 196

    Router Configuration Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 197: Pe Next-hop Resolution

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next-Hop Resolution This chapter provides information about 6PE Next-Hop Resolution. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.

  • Page 198

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 41 IPv6 Provider Edge (6PE) RR-3 MPLS 2001::10:10:1:0/120 2001::10:10:4:0/120 MPLS tunnel CE-1 CE-4 PE-1 PE-4 Dual stack Dual stack 6PE router 6PE router IPv6 IPv4 IPv6 26333 The 6PE route next-hop resolution is configured using the following command: *A:PE-1# configure router bgp next-hop-resolution label-route-transport-...

  • Page 199

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 With 6PE next-hop resolution set to filter, a subset of protocols is required, and LDP is automatically added to the protocol list in the resolution filter. The following example shows that when one tries to create a resolution filter that includes the BGP protocol only, the resolution filter includes LDP and BGP.

  • Page 200: Bgp Configuration

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 42 Example Topology RR-3 192.0.2.3 MPLS 192.168.23.0/30 2001::10:10:1:0/120 2001::10:10:4:0/120 192.168.12.0/30 192.168.24.0/30 CE-1 CE-4 PE-1 PE-4 192.0.2.1 192.0.2.2 192.0.2.4 IPv6 IPv4 IPv6 26334 The initial configuration on the nodes is as follows: •...

  • Page 201

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 sr-isis exit resolution filter exit exit exit group "iBGP" export "export-6pe" peer-as 64496 neighbor 192.0.2.3 family label-ipv6 exit exit The export policy "export-6pe" exports the IPv6 prefixes that are local to the PE, for example, on PE-1: 2001::10:10:1:0/120, and is defined as follows: configure router...

  • Page 202

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 IES Configuration On PE-1, an IES is configured with IPv6 addresses on the interface toward CE-1, as follows: configure service ies 1 customer 1 create description "6PE" interface "int-PE-1-CE-1"...

  • Page 203

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next Hop Resolved to an LDP Tunnel On PE-1, the route for prefix 2001::10:10:4:0/120 uses a tunnel to 6PE next hop 192.0.2.4, as follows: *A:PE-1# show router route-table 2001::10:10:4:0/120 =============================================================================== IPv6 Route Table (Router: Base) ===============================================================================...

  • Page 204

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Total Entries : 1 The extended route information for IPv6 prefix 2001::10:10:4:0/120 shows that the 6PE next hop 192.0.2.4 is resolved to an LDP tunnel: *A:PE-1# show router route-table 2001::10:10:4:0/120 extensive =============================================================================== Route Table (Router: Base) ===============================================================================...

  • Page 205

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next Hop Resolved to an RSVP-TE Tunnel MPLS and RSVP are enabled on the interfaces between the PEs and P-2. On both PEs, an RSVP-TE LSP is configured toward the peer PE; for example, on PE-1: configure router mpls...

  • Page 206

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Indirect Next-Hop : 192.0.2.4 Label : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight : N/A Resolving Next-Hop : 192.0.2.4 (RSVP tunnel:1) Metric : 20 ECMP-Weight : N/A ------------------------------------------------------------------------------- No. of Destinations: 1 Figure 44 shows that the 6PE next hop 192.0.2.4 is resolved to an RSVP-TE tunnel, even though an LDP tunnel is available too.

  • Page 207

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 segment-routing prefix-sid-range start-label 20000 max-index 99 no shutdown exit exit For more information about SR-ISIS, see chapter Segment Routing with IS-IS Control Plane. The following output shows that three tunnels are available toward 6PE next hop 192.0.2.4/32: *A:PE-1# show router fp-tunnel-table 1 192.0.2.4/32 ===============================================================================...

  • Page 208

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 To verify that LDP tunnels are preferred over SR-ISIS tunnels, the RSVP-TE LSPs are put in a shutdown state, as follows: *A:PE-1# configure router mpls lsp "LSP-PE-1-PE-4" shutdown *A:PE-4# configure router mpls lsp "LSP-PE-4-PE-1"...

  • Page 209

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 *A:PE-1# show router fp-tunnel-table 1 192.0.2.4/32 =============================================================================== Tunnel Table Display Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 192.0.2.4/32 SR-ISIS-0 20004 192.168.12.2 1/1/1 ------------------------------------------------------------------------------- Total Entries : 1 The 6PE next hop 192.0.2.4 is resolved to an SR-ISIS tunnel, as follows:...

  • Page 210

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 45 6PE Next Hop Resolved to an SR-ISIS Tunnel RR-3 SR-ISIS 2001::10:10:1:0/120 2001::10:10:4:0/120 SR-ISIS tunnel CE-1 CE-4 PE-1 PE-4 Dual stack Dual stack 6PE router 6PE router IPv6 IPv4 IPv6...

  • Page 211

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 Figure 46 Example Topology for Seamless MPLS 192.168.12.0/30 192.168.23.0/30 192.168.34.0/30 2001::10:10:1:0/120 2001::10:10:4:0/120 CE-1 CE-4 PE-1 ABR-2 ABR-3 PE-4 Dual stack 192.0.2.2/32 192.0.2.3/32 Dual stack 6PE router 6PE router 192.0.2.1/32 192.0.2.4/32 IPv6...

  • Page 212

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 47 shows the configured protocols for this example: IS-IS instances, LDP, BGP labeled IPv4 with the ABRs as route reflector with next-hop-self (NHS) option, and BGP labeled IPv6 peering between PE-1 and PE-4. Figure 47 Configured Protocols for Seamless MPLS Aggregation...

  • Page 213

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 interface "system" exit interface "int-ABR-2-ABR-3" interface-type point-to-point exit exit interface-parameters interface "int-ABR-2-PE-1" exit interface "int-ABR-2-ABR-3" exit exit exit The configuration is similar on the other nodes. Only the ABRs have two IS-IS instances configured;...

  • Page 214

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 neighbor 192.0.2.4 family label-ipv6 exit exit The configuration is similar on PE-4, but the neighbor IP addresses are different. The resolution filter will include LDP as well as BGP, because it is added automatically.

  • Page 215

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 The BGP configuration on ABR-2 has two different groups for BGP labeled IPv4 peering: one toward the aggregation network-with the ABR as RR-and one toward the core, as follows: configure router autonomous-system 64496...

  • Page 216

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Legend : D - Dynamic Neighbor =============================================================================== Neighbor Description ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family) PktSent OutQ ------------------------------------------------------------------------------- 192.0.2.2 Def. Instance 64496 0 00h00m08s 1/1/1 (Lbl-IPv4) 192.0.2.4 Def.

  • Page 217

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 ------------------------------------------------------------------------------- 192.0.2.4/32 262135 192.0.2.2 ------------------------------------------------------------------------------- Total Entries : 1 On ABR-2, the BGP labeled route to 192.0.2.4/32 has next hop 192.0.2.3 and uses an LDP tunnel in the core network to reach ABR-3, as follows: *A:ABR-2# show router fp-tunnel-table 1 192.0.2.4/32 =============================================================================== Tunnel Table Display...

  • Page 218

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 48 BGP Labeled IPv4 Tunnel for 192.0.2.4/32 Using LDP Tunnels Aggregation Core Aggregation 2001::10:10:1:0/120 2001::10:10:4:0/120 CE-1 CE-4 PE-1 ABR-2 ABR-3 PE-4 Dual stack Dual stack 6PE router 6PE router Legend: LDP tunnel...

  • Page 219: Aggregate Route Indirect Next-hop Option

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 Aggregate Route Indirect Next-Hop Option This chapter provides information about aggregate route indirect next-hop option configurations. Topics in this chapter include: • Applicability • Overview •...

  • Page 220

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 49 Aggregate Routes 10.16.12.0/24 10.16.13.0/24 10.16.14.0/24 10.16.12.0/22 Router A Router B Routing Table Routing Table 10.16.15.0/24 10.16.12.0/24 10.16.12.0/22 10.16.13.0/24 10.16.14.0/24 10.16.15.0/24 al_0294 Figure 49, Router A could choose to advertise all the four routes or one aggregate route.

  • Page 221

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 Figure 50 Example topology Aggregate Route with Indirect Next Hop Resolved Indirect Next Hop PE-1 PE-2 192.168.12.0/30 192.0.2.1/32 192.0.2.1/32 192.0.2.2/32 192.168.14.0/30 192.168.23.0/30 al_0295 Initial Configuration The nodes have the following basic configuration: •...

  • Page 222

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Aggregate Route with Indirect Next Hop Option This feature adds a keyword indirect and an associated IP address parameter to the aggregate command in these configuration contexts: —...

  • Page 223

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 • <ip-address> — Installing an aggregate route with an indirect next-hop is supported for both IPv4 and IPv6 prefixes. However if the aggregate prefix is IPv6 the indirect next-hop must be an IPv6 address and if the aggregate prefix is IPv4 the indirect next-hop must be an IPv4 address.

  • Page 224

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Aggregates: 1 =============================================================================== *A:PE-1# The inactive aggregate route does not appear in the routing table: *A:PE-1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type...

  • Page 225

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 *A:PE-1# show router aggregate =============================================================================== Legend: G - generate-icmp enabled =============================================================================== Aggregates (Router: Base) =============================================================================== Prefix Aggr IP-Address Aggr AS Summary AS Set State NextHop Community NextHopType -------------------------------------------------------------------------------...

  • Page 226

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# configure router static-route-entry 192.168.11.0/24 next-hop 192.168.12.2 no shutdown exit exit In the route table, the aggregate route is no longer black-holed. The next hop for the indirect next hop is 192.168.12.2 (PE-2).

  • Page 227

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 ------------------------------------------------------------------------------- 10.16.12.0/22 Remote Static 00h00m00s 192.168.23.2 192.0.2.2/32 Local Local 00h13m44s system 192.168.12.0/30 Local Local 00h13m44s int-PE-2-PE-1 192.168.23.0/30 Local Local 00h13m44s int-PE-2-PE-3 ------------------------------------------------------------------------------- No. of Routes: 4 Conclusion Aggregate routes offer several advantages, the key being reduction in the routing table size and overcoming routing loops, among other things.

  • Page 228

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 229: Bi-directional Forwarding Detection

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Bi-Directional Forwarding Detection This chapter provides information about bi-directional forwarding (BFD) detection. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to the 7x50 series. BFD timing differences among platforms will be indicated.

  • Page 230

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD protocol provides rapid link continuity checking between network devices, and the state of BFD can be propagated to IP routing protocols to drastically reduce convergence time in cases where a physical network error occurs in a transport network.

  • Page 231

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 51 BFD Multi-Scenarios BFD Session Transport Transport Netw or IES Netw or IES Device Device Supported Protocols: • OSPF • IS-IS System i/f • BGP • PIM •...

  • Page 232

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 − Minimum 300 ms in 7x50 SR-1 and ESS-1 − Minimum 100 ms in 7x50 equipped with SF/CPM 1 and in every 7x50 up to Release 7.0 −...

  • Page 233

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 On the other end, when the two peers are directly connected, the BFD session is local by default, but in a 7x50 equipped with SF/CPM 2 or higher, the user can choose what session type (local or centralized) to implement.

  • Page 234

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit On PE2: configure router interface "int-PE-2-PE-1" address 192.168.1.2/30 port 1/1/2 bfd 100 receive 100 multiplier 3 no shutdown exit exit exit The following show commands are used to verify the BFD configuration on the router interfaces on PE1 and PE2.

  • Page 235

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 bfd <transmit-interval> [receive <receive-interval>] [multiplier <multiplier>] [echo-receive <echo-interval>] [type <cpm-np>] no bfd <transmit-interval> : [10..100000] in milliseconds <receive-interval> : [10..100000] in milliseconds <multiplier> : [3..20] <echo-interval> : [100..100000] in milliseconds <cpm-np>...

  • Page 236

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 int-PE-1-PE-2 192.168.1.2 ospf2 ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-1# If the command gives a negative output, troubleshoot it by firstly checking that the protocol that is bound to it is up: for instance, check the OSPF neighbor adjacency as shown in following example.

  • Page 237

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Rx Interval : 100 Tx Interval : 100 Multiplier Echo Interval Recd Msgs : 996 Sent Msgs : 1031 Up Time : 0d 00:00:07 Up Transitions Down Time : None Down Transitions : 1 Version Mismatch : 0...

  • Page 238

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit On PE2: configure router isis interface "int-PE-2-PE-1" bfd-enable ipv4 exit exit exit exit Finally, verify that the BFD session is operational between PE1 and PE2. On PE1: *A:PE-1# show router bfd session ===============================================================================...

  • Page 239

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 BFD for OSPF The goal of this section is to configure BFD on a network interlink between two 7750 nodes that are OSPF peers. For this scenario, the topology is shown in Figure Figure 55 BFD for OSPF...

  • Page 240

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Verify that the BFD session is operational between PE1 and PE2. On PE1: *A:PE-1# show router bfd session =============================================================================== Legend: wp = Working path pp = Protecting path =============================================================================== BFD Session ===============================================================================...

  • Page 241

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 56 BFD for OSPF and PIM Same BFD Session Bound To Both OSPF and PIM Transport Transport int-PE-1-PE-2 int-PE-2-PE-1 Device Device port 1/1/1 port 1/1/2 192.168.1.1 192.168.1.2 OSPF and PIM OSSG558...

  • Page 242

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LAG port LAG ID ------------------------------------------------------------------------------- int-PE-1-PE-2 192.168.1.2 ospf2 pim ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-1# On PE2: *A:PE-2# show router bfd session =============================================================================== Legend: wp = Working path pp = Protecting path =============================================================================== BFD Session...

  • Page 243

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router static-route 10.1.2.0/24 next-hop 192.168.1.2 exit exit On PE2: configure router static-route 10.1.1.0/24 next-hop 192.168.1.1 exit exit Next, verify that static routes are populated in the routing table. On PE1: *A:PE-1# show router route-table protocol static ===============================================================================...

  • Page 244

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The next step is to configure the base level BFD on PE1 and PE2. Refer to paragraph BFD Base Parameter Configuration and Troubleshooting. Then apply BFD to the static routing entries using the BFD interfaces as next-hop. On PE1: configure router...

  • Page 245

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 If/Lsp Name/Svc-Id/RSVP-sess State Tx Intvl Rx Intvl Multipl Rem Addr/Info/SdpId:VcId Protocols Tx Pkts Rx Pkts Type LAG port LAG ID ------------------------------------------------------------------------------- int-PE-2-PE-1 192.168.1.1 static ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-2# BFD for IES...

  • Page 246

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 On PE-2: configure service ies 2 customer 1 create interface int-IES-PE-2-PE-1 create address 192.168.3.2/30 spoke-sdp 2010:1 create exit exit no shutdown exit exit exit The next step is to add the IES interfaces to the OSPF area domain. On PE-1: configure router...

  • Page 247

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Service Basic Information =============================================================================== Service Id Vpn Id Service Type : IES Name : (Not Specified) Description : (Not Specified) Customer Id Creation Origin : manual Last Status Change: 12/09/2015 10:25:21 Last Mgmt Change : 12/09/2015 10:25:08 Admin State...

  • Page 248

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== *A:PE-2# *A:PE-2# show router ospf neighbor =============================================================================== Rtr Base OSPFv2 Instance 0 Neighbors =============================================================================== Interface-Name Rtr Id State RetxQ Area-Id ------------------------------------------------------------------------------- int-PE-2-PE-1 192.0.2.1 Full 0.0.0.0 int-IES-PE-2-PE-1 192.0.2.1 Full 0.0.0.0...

  • Page 249

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Note that in case of BFD over spoke SDP, a centralized BFD session is created even if a physical link exists between the two nodes. In fact, the next output shows that BFD session type is cpm-np.

  • Page 250

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 59 BFD for RSVP BFD Session for RSVP RSVP RSVP int-PE-2-PE-1 int-PE-1-PE-2 LSP-PE-1-PE-2 LSP-PE-2-PE-1 RSVP-TE OSSG561 To enable the BFD session between the two RSVP peers, the user should follow these steps: First, configure BFD on interfaces between PE-1 and PE-2 as described in BFD Base...

  • Page 251

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 no shutdown exit exit exit On PE-2: configure router mpls interface "system" no shutdown exit interface "int-PE-2-PE-1" no shutdown exit exit rsvp interface "system" no shutdown exit interface "int-PE-2-PE-1"...

  • Page 252

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Then, apply BFD on the RSVP Interfaces. On PE1: configure router rsvp interface "int-PE-1-PE-2" bfd-enable exit exit exit exit On PE2: configure router rsvp interface "int-PE-2-PE-1" bfd-enable exit exit exit...

  • Page 253

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 If/Lsp Name/Svc-Id/RSVP-sess State Tx Intvl Rx Intvl Multipl Rem Addr/Info/SdpId:VcId Protocols Tx Pkts Rx Pkts Type LAG port LAG ID ------------------------------------------------------------------------------- int-PE-2-PE-1 192.168.1.1 rsvp ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-2# BFD for T-LDP...

  • Page 254

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When using BFD over other links with the ability to reroute, such as spoke-SDPs, the interval and multiplier values configuring BFD should be set to allow sufficient time for the underlying network to re-converge before the associated BFD session expires.

  • Page 255

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router targeted-session peer 192.0.2.2 bfd-enable exit exit exit exit exit Note that the loopback interface can be used to source BFD sessions to many peers in the network. Finally, check that the BFD session is up.

  • Page 256

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When the T-LDP session comes up, a centralized BFD session is always created (cpm-np) even if the local interface has a direct link to the peer. BFD for OSPF PE-CE Adjacencies This feature extends BFD support to OSPF within a VPRN context when OSPF is used as the PE-CE protocol.

  • Page 257

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router interface "int-CE-1-PE-1" address 172.16.0.2/24 port 1/1/1:1 bfd 100 receive 100 multiplier 3 no shutdown exit ospf area 0 interface int-CE-1-PE-1 exit exit exit exit exit Then, ensure that OSPF adjacency is up.

  • Page 258

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Enable BFD on the CE-1-PE-1 interface on CE-1. configure router ospf area 0 interface int-CE-1-PE-1 bfd-enable Finally, check that the BFD sessions are up in both PE-1 and CE-1. *A:PE-1# show router 1 bfd session =============================================================================== Legend:...

  • Page 259

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 62 BFD Sessions within IPSec Tunnels Interface Private-ipsec 192.168.2.254/24 Interface Public-ipsec ISA-IPsec 192.168.2.1/24 Interface to Internet SAP ipsec-1.public:1 SAP ipsec-1.private:1 192.168.1.1/24 VPRN 2 BFD Session Loopback i/f 172.16.2.1/32 10.1.1.0/24 172.16.1.1...

  • Page 260

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 interface "public-ipsec" create address 192.168.2.1/24 sap tunnel-1.public:1 create exit exit no shutdown exit exit exit configure service vprn 2 customer 1 create ipsec security-policy 1 create entry 10 create local-ip 192.168.3.1/32 remote-ip any exit...

  • Page 261

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 static-route 10.1.2.0/24 ipsec-tunnel "t2" metric 1 static-route 10.1.2.0/24 ipsec-tunnel "t3" metric 5 no shutdown exit exit exit Then configure the BFD parameters within loopback interface loop (refer to Base Parameter Configuration and Troubleshooting).

  • Page 262

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • BFD over IPSec sessions are centralized, managed by the hardware on the CPM. • Only BFD over static lan-to-lan tunnel is supported in Release 8.0 (not dynamic). •...

  • Page 263

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 BFD for VRRP This feature assigns a BFD session to provide a heart-beat mechanism for the given VRRP instance. It should be noted that there can be only one BFD session assigned to any given VRRP instance, but there can be multiple VRRP sessions using the same BFD session.

  • Page 264

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 On PE-2: configure service ies 10 customer 1 create interface "int-vrrp-ies-PE-2" create address 192.168.1.2/24 sap 1/1/3:10 create exit exit no shutdown exit exit exit Verify that the IES services are operational (show service service-using) and verify that you can ping the remote interface IP address.

  • Page 265

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 no shutdown exit exit exit On PE-2: configure service ies 10 customer 1 create interface "int-vrrp-ies-PE-2" create vrrp 10 backup 192.168.1.1 ping-reply telnet-reply ssh-reply exit vrrp 30 owner backup 192.168.1.2 exit exit...

  • Page 266

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit no shutdown exit exit exit The parameters used for the BFD are set by the BFD command under the IP interface. Note that unlike the previous scenarios, the user can enter the commands above, enabling the BFD session, even if the specified interface (vrrp_ies_PE1) has not been configured with BFD parameters.

  • Page 267

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 =============================================================================== =============================================================================== *A:PE-1# This session is shared by all the VRRP instances configured between the specified interfaces. When BFD is configured in a VRRP instance, the following command gives details of BFD related to every instance: *A:PE-1# show router vrrp instance interface "int-vrrp-ies-PE-1"...

  • Page 268

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type...

  • Page 269

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0...

  • Page 270

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD is linked to a protocol state. For BFD session to be established, the prerequisite condition is that the protocol to which the BFD is linked must be operationally active. Once the BFD session is established, the state of the protocol to which BFD is tied to is then determined based on the BFD session’s state.

  • Page 271: Hybrid Openflow Switch

    • Conclusion Applicability This feature is applicable to 7750 SR-7/12 and 7450 ESS-7/12, both running IOM-2 and above. It is also applicable to 7750 SR-a4/8, SR-1e/2e/3e, 7750 SR-12E, and XRS-20/16c. The information and configuration in this chapter is based on SR OS Release 14.0.R5.

  • Page 272

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 An OpenFlow switch may have one or more flow tables, each of which contains one or more flow entries. A flow is a sequence of packets that matches a specific entry in a flow table.

  • Page 273

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The Datapath ID is an 8-byte value used to uniquely identify the switch. To construct it, SR OS uses a concatenation of the OpenFlow switch instance ID (2 bytes) and the chassis MAC (6 bytes).

  • Page 274

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 2 OpenFlow Messages Message Type Message Description Controller-to-switch Feature [OFPT_FEATURES_REQUEST/REPLY] Used by controller to query capabilities of the switch. Typically used on session establishment. Configuration [OFPT_GET_CONFIG_REQUEST/ REPLY, OFPT_SET_CONFIG] Used to set and query configuration parameters in the switch.

  • Page 275

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Table 2 OpenFlow Messages (Continued) Message Type Message Description Asynchronous Packet-In [OFPT_PACKET_IN] Used to transfer a packet to the controller (for example, a table-miss flow entry). Flow-Removed [OFPT_FLOW_REMOVED] Used to notify the controller that a flow entry has been removed from the flow table.

  • Page 276

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration Figure 65 shows an example topology to demonstrate the use of OpenFlow. PE routers PE-1 through PE-8 form part of AS 65545 and run IS-IS and RSVP. All PE routers are IBGP clients of a Route Reflector situated at PE-2 for the IPv4 and VPN- IPv4 address families.

  • Page 277

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 OpenFlow Switch Configuration OpenFlow specification 1.3.1 allows for multiple flow tables within an OpenFlow switch that are sequentially numbered starting at zero. A function referred to as pipeline processing subsequently matches packets, first against flow entries of flow table 0, but allows for instructions to optionally direct a packet to another flow table, where the process is repeated.

  • Page 278

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 of-switch "ofs-1" aux-channel-enable controller 192.0.2.224:6653 flowtable 0 switch-defined-cookie max-size 4096 exit logical-port-status rsvp-te no shutdown exit exit The of-switch command allows for the creation of a switch instance and requires a name of 1 to 32 characters.

  • Page 279

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 =============================================================================== Open Flow Switch Information =============================================================================== Switch Name : ofs-1 Data Path ID : 00030ca40202d401 Admin Status : Up Echo Interval : 10 seconds Echo Multiple Logical Port Type : rsvp-te Buffer Size Num.

  • Page 280

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Async Fltr Packet In (Master or Equal): table-miss apply-action (Slave) : (Not Specified) Async Fltr Port Status (Master or Equal): port-add port-delete port-modify (Slave) : port-add port-delete port-modify Async Fltr Flow Rem (Master or Equal): idle-time-out hard-time-out flow-mod-delete group-delete (Slave)

  • Page 281

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The version, connection type, and Auxiliary ID have been previously described. The output shows asynchronous filters (Async Fltr), dependent on the role that the controller is playing. A controller may use Asynchronous Configuration (OFPT_SET_ASYNC) messages to set a filter on the asynchronous messages that it receives from the switch.

  • Page 282

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 66 OpenFlow Operation in Base Routing Context OpenFlow Controller 192.0.2.224 PE-1 PE-2 AS 65545 192.0.2.43 192.0.2.13 PE-3 PE-4 192.168.1.0/30 IES 1 192.0.2.45 192.0.2.19 EBGP Test Port B IES 1 172.31.100.0/24 172.31.200.0/24...

  • Page 283

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 configure service ies 1 customer 1 create interface "Test-Port-A" create address 172.16.48.1/24 sap 3/1/4:10 create ingress filter ip 10 exit exit Before any flow entries are initiated from the controller, a single entry with ID 65535 (maximum) is automatically populated in the embedding filter.

  • Page 284

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 TCP-syn : Off TCP-ack : Off Option-pres : Off Egress PBR : Disabled Primary Action : Forward Ing. Matches : 0 pkts Egr. Matches : 0 pkts =============================================================================== An OpenFlow IP filter is also automatically created by the system with a filter ID of _tmnx_ofs_<name>:<number>, where <name>...

  • Page 285

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 *B:PE-4# show router bgp routes 172.31.0.0/16 longer =============================================================================== BGP Router ID:192.0.2.19 AS:65545 Local AS:65545 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...

  • Page 286

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Util. Egress Queue 1 For. In/InplusProf ~0.00 For. Out/ExcProf : 2000 1023907 0.08 Dro. In/InplusProf 0.00 Dro. Out/ExcProf 0.00 The controller initiates an OFPT_FLOW_MOD message containing an OFPFC_ADD command to the switch to create a new flow entry.

  • Page 287

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Flow Flags: IPv4 [FR] Up Time : 0d 00:01:57 Add TS : 405858646 Mod TS Stats TS : 405870241 #Packets : 115951 #Bytes : 59366912 ------------------------------------------------------------------------------- Number of flows: 2 =============================================================================== The first flow entry shown is the table-miss entry with an action of fall-through (or forward).

  • Page 288

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 4 FLOW_MOD Flags (Continued) Flag Meaning Description Default SEND_FLOW_REM If set, the switch must send a Flow-Removed message when the flow entry is deleted. CHECK_OVERLAP If set, the switch must check that there are no conflicting entries with the same priority before inserting it into the flow entry table.

  • Page 289

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Dro. Out/ExcProf 0.00 FLOW_MOD messages allow for flow entries to be associated with hard and idle timeouts, which are not currently used by SR OS. Although timeout values can be passed by a controller in a FLOW_MOD message, they are effectively ignored.

  • Page 290

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 67 Example Topology for OpenFlow within a Service Routing Context OpenFlow Controller 192.0.2.224 PE-1 PE-2 AS 65545 192.0.2.43 192.0.2.13 PE-3 PE-4 192.168.5.0/30 VPRN 5 192.0.2.45 192.0.2.19 EBGP 192.168.5.8/30 Test Port B...

  • Page 291

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The filter is applied at PE-4 on the SAP connecting test port A, as follows: configure service vprn 5 customer 1 create interface "Test-Port-A" create address 192.168.5.9/30 sap 3/1/4:5 create ingress filter ip 20...

  • Page 292

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== An OpenFlow IP filter, _tmnx_ofs_ofs-1:16, is also automatically created by the system and contains all of the flow entries dynamically created by the OpenFlow switch ofs-1 for service ID 5. This filter acts as a repository for active flow entries specific to that service context and its purpose has been previously described.

  • Page 293

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 PE-1 is egressing traffic at a rate of 2000 packets/s toward test port B, representing the sum of the two 1000 packets/s test streams, as follows: B:PE-1# monitor service id 1 sap 5/1/3:10 rate =============================================================================== Monitor statistics for Service 1 SAP 5/1/3:10 ===============================================================================...

  • Page 294

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In Port Outer VID : * EthType : 0x0800 Src IP : 172.16.2.128/25 Dst IP IP Proto DSCP Src Port Dst Port ICMP Type : * ICMP Code : * Label Action : Forward On Nhop(Indirect)

  • Page 295

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The preferred next-hop for traffic destined to prefix 172.16.1.0/24 is PE-1. The indirect next-hop address of 192.168.5.6 represents the (simulated) CE WAN address of test port C, and is known in the routing table of VPRN 5 with a next-hop of PE-5 (192.0.2.46), as follows: B:PE-4# show router 5 route-table 192.168.5.6 ===============================================================================...

  • Page 296

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Monitor statistics for Service 5 SAP lag-1:5 =============================================================================== ---snip--- Packets Octets % Port Util. Egress Queue 1 For. In/InplusProf 0.00 For. Out/ExcProf : 1000 512000 0.04 Dro.

  • Page 297

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Table 5 Supported Redirect Actions Action Applicability Action Type Remarks Redirect to IP IPv4/IPv6 traffic OFPAT_EXPERIMENTER Next-hop can be direct or Next-Hop ingressing an IP interface (ALU_AXN_REDIRECT_TO_N indirect EXTHOP) Redirect to...

  • Page 298

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 5 Supported Redirect Actions Action Applicability Action Type Remarks Redirect to SAP Traffic ingressing a VPLS Action 1: OFPAT_OUTPUT TmnxPortId encoding in interface <port> TIMETRA-CHASSIS-MIB (port) or LAG TIMETRA-TC- <port>...

  • Page 299

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 B:PE-4# tools dump system-resources 3 Resource Manager info at 049 d 12/01/16 09:10:18.148: Hardware Resource Usage for Slot #3, CardType imm12-10gb-sf+, Cmplx #0: Total | Allocated | Free -------------------------------|-----------|-----------|------------ ---snip---...

  • Page 300

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 301: Lfa Policies Using Ospf As Igp

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 LFA Policies Using OSPF as IGP This chapter provides information about LFA policies using OSPF as IGP. Topics in this chapter include: • Applicability •...

  • Page 302

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Implementation The SROS LFA policy implementation is built around the concept of route-next-hop (NH) templates which are applied to IP interfaces. A route-next-hop template specifies criteria which influence the selection of an LFA backup NH for either: •...

  • Page 303

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Figure 68 Example Topology PE-1 PE-2 PE-3 192.0.2.1/32 192.0.2.2/32 192.0.2.3/32 1/1/1 1/1/2 1/1/1 1/1/2 192.168.12.0/30 192.168.23.0/30 1/1/3 1/2/1 1/1/2 1/1/1 1/1/4 1/1/3 1/1/3 1/1/3 1/1/1 1/1/4 1/1/2...

  • Page 304

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------------- 192.0.2.1/32 MPLS 65537 192.168.12.1 192.0.2.3/32 MPLS 65538 192.168.23.2 192.0.2.4/32 MPLS 65539 192.168.24.2 192.0.2.5/32 MPLS 65540 192.168.12.1 192.0.2.6/32 MPLS...

  • Page 305

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Alt-NextHop Alt- Metric ------------------------------------------------------------------------------- 192.0.2.1/32 Remote OSPF 00h11m32s 192.168.12.1 192.168.26.2 (LFA) 192.0.2.2/32 Local Local 00h11m44s system 192.0.2.3/32 Remote OSPF 00h11m18s 192.168.23.2 192.168.24.2 (LFA) 192.0.2.4/32 Remote OSPF 00h11m12s...

  • Page 306

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== LDP Bindings (IPv4 LSR ID 192.0.2.2) (IPv6 LSR ID ::) =============================================================================== Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route LF - Lower FEC, UF - Upper FEC (S) - Static...

  • Page 307

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 192.0.2.5/32 Push 262139BU 192.168.24.2 1/2/1 192.0.2.5/32 Swap 262139 262139 192.168.12.1 1/1/2 192.0.2.5/32 Swap 262139 262139BU 192.168.24.2 1/2/1 192.0.2.6/32 Push 262143 192.168.26.2 1/1/3 192.0.2.6/32 Push 262138BU 192.168.12.1 1/1/2...

  • Page 308

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Commands within a route-next-hop policy template follow the begin- abort-commit model. After a commit, the IGP re-evaluates the template and schedules a new LFA SPF to re-compute the LFA NH for the prefixes associated with this template.

  • Page 309

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 *A:PE-x# configure router route-next-hop-policy template <template-name> exclude- group <group-name> *A:PE-x# configure router route-next-hop-policy template <template-name> include- group <group-name> [pref <preference>] Step 4. Configure SRLG constraints in route-next-hop policy. This is an optional step in the context of LFA policies.

  • Page 310

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This is an optional step in the context of LFA policies. With the use of LFA policies, the user can also select if tunnel backup NH or IP backup NH is preferred for IP prefixes and LDP FEC prefixes protected by a backup LFA NH.

  • Page 311

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 =============================================================================== Prefix IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 Push 262143 192.168.12.1 1/1/2 192.0.2.1/32 Push 262142BU 192.168.26.2 1/1/3 192.0.2.1/32 Swap 262142 262143 192.168.12.1 1/1/2 192.0.2.1/32 Swap 262142 262142BU...

  • Page 312

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This default LFA NH can be changed by adding specific selection criteria inside a route-next-hop policy template. Example 1: LFA Policy with Admin Group Constraint The objective is to force the LFA NH for both LDP FEC prefixes to use the path between PE-2 and PE-5.

  • Page 313

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) =============================================================================== Prefix IngLbl EgrLbl EgrNextHop...

  • Page 314

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-2# Example 2: LFA Policy with SRLG Constraint The objective is to force the LFA NH for both LDP FEC prefixes to use the path from PE-2 to PE-5.

  • Page 315

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 (B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) ===============================================================================...

  • Page 316

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The LFA policy mapping is removed from the OSPF interfaces as follows: *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-1" no lfa-policy-map *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-6" no lfa-policy-map Example 3: LFA Policy with NH-type Constraint The objective is to force the LFA NH for IP prefix 192.0.2.6/32 to use an RSVP tunnel.

  • Page 317

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 *A:PE-2# show router tunnel-table 192.0.2.6 =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------------- 192.0.2.6/32 rsvp MPLS 192.168.24.2 16777215 192.0.2.6/32 MPLS...

  • Page 318

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Define a route-next-hop policy template “LFA_NH_Tunnel”, where nh-type is set to tunnel. *A:PE-2# configure router route-next-hop-policy begin template "LFA_NH_Tunnel" nh-type tunnel exit commit Apply the policy template to the interface toward PE-6, as follows: *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-6"...

  • Page 319

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Example 4: Exclude Prefix from LFA Policy The objective is to force no LFA NH for LDP FEC prefix 192.0.2.1/32 where PE-2 is the PLR. The IP/LDP FRR implementation in SR OS allows to exclude an IGP interface, IGP area (OSPF), or IGP level (IS-IS) from the LFA SPF computation.

  • Page 320

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Prefix IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 Push 262143 192.168.12.1 1/1/2 192.0.2.1/32 Swap 262142 262143 192.168.12.1 1/1/2 ------------------------------------------------------------------------------- No. of IPv4 Prefix Active Bindings: 2 =============================================================================== *A:PE-2# Conclusion...

  • Page 321: Pbr/pbf Redundancy

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 PBR/PBF Redundancy This chapter provides information about PBR/PBF Redundancy. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.

  • Page 322

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • Different QoS treatment can be provided, based on additional criteria • Cost saving: time-sensitive traffic can be sent over higher-speed links at a higher cost, while bulk file transfers are sent over lower-speed links at a lower cost •...

  • Page 323

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Figure 69 PBF in VPLS 1 on PE-1 PE-1 PE-2 CE-10 172.16.10.1/24 1/1/3:1 1/1/1:1 1/1/2:1 VPLS 1 VPLS 1 1/1/2:1 1/1/1:1 Ingress filter 1/1/1:1 1/1/2:1 1/1/2:1 1/1/1:1 1/1/3:1 VPLS 1 VPLS 1 CE-40...

  • Page 324

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 [no] log - Configure log for the filter entry [no] match + Configure match criteria for this mac filter entry [no] pbr-down-actio* - Configure action that overrides default PBR/PBF down action. 'no pbr-down-action-override' preserves default PBR/PBF down action, which varies for different actions.

  • Page 325

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 exit This IPv4 filter only affects packets with IPv4 SA 172.16.10.1/24 and IPv4 DA 172.16.10.4/24. When the primary action SAP 1/1/1:1 is operationally up, the primary action is executed; when SAP 1/1/1:1 is operationally down, the secondary action is executed, until SAP 1/1/1:1 is operationally up again.

  • Page 326

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When the primary action SAP 1/1/1:1 is operationally up (PBR Target Status: Up), the primary action is executed (Downloaded Action: Primary), as follows: *A:PE-1# show filter ip 10 =============================================================================== IP Filter ===============================================================================...

  • Page 327

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 *A:PE-1# configure filter ip-filter 10 entry 10 sticky-dest - no sticky-dest - sticky-dest <hold-time-up> - sticky-dest no-hold-time-up <hold-time-up> : 0..65535 seconds When both the primary action SAP 1/1/1:1 and the secondary action SAP 1/1/2:1 are down, the default action is drop, unless the pbr-down-action-override <filter- action>...

  • Page 328

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 70 Example Topology PE-1 PE-2 192.168.0.1/32 192.168.0.2/32 CE-10 1/1/3 1/1/1 192.168.12.0/30 1/1/2 1/1/2 1/1/1 192.168.13.0/30 192.168.24.0/30 1/1/1 1/1/2 1/1/2 192.168.34.0/30 1/1/1 1/1/3 CE-40 PE-3 PE-4 192.168.0.3/32 192.168.0.4/32 26308 The initial configuration is as follows: •...

  • Page 329

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 6. The primary action SAP 1/1/1:1 is put in a no shutdown state. The primary action is executed. 7. Stickiness is configured with a hold timer of 60 seconds. At timer expiry, stickiness takes effect.

  • Page 330

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 filter ip 10 exit exit spoke-sdp 12:1 create exit spoke-sdp 13:1 create exit no shutdown exit When all SAPs are up, all packets from CE-10 enter SAP 1/1/3:1 and are forwarded to primary action SAP 1/1/1:1.

  • Page 331

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 All traffic is forwarded from ingress SAP 1/1/3:1 to SAP 1/1/1:1 and the reply messages from SAP 1/1/1:1 to SAP 1/1/3:1. No packets are forwarded via SAP 1/1/ 2:1.

  • Page 332

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Next Hop : 1/1/1:1 Service Id PBR Target Status : Down Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Up PBR Down Action : Drop (entry-default) Downloaded Action : Secondary...

  • Page 333

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Egr. Matches : 0 pkts =============================================================================== PBR Down Action Override Both SAPs remain in a shutdown state. The default PBR down action is drop, but that can be overruled by configuring the pbr-down-action-override parameter, as follows: *A:PE-1# configure filter ip-filter 10 entry 10 pbr-down-action-override forward With this configuration added in entry 10 of IPv4 filter 10, the PBR down action will...

  • Page 334

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Down PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Forward Dest. Stickiness : None Hold Remain Ing.

  • Page 335

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Primary Action Up - Revertive Behavior As well as the secondary action SAP, also the primary action SAP 1/1/1:1 is re- enabled, as follows: *A:PE-1# configure service vpls 1 sap 1/1/1:1 no shutdown The default PBR/PBF behavior is revertive;...

  • Page 336

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The hold remain timer starts counting down when stickiness is configured and at least one PBR target is up. If the primary action SAP 1/1/1:1 remains operationally up for the configured 60 seconds, the primary action will be active, and at timer expiry, stickiness applies.

  • Page 337

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Up PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Secondary Dest. Stickiness : 60 Hold Remain : 29...

  • Page 338

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Force Primary Action Stickiness can be enabled without any delay, as follows: *A:PE-1# configure filter ip-filter 10 entry 10 sticky-dest no-hold-time-up *A:PE-1# configure filter *A:PE-1>config>filter# info ---------------------------------------------- ip-filter 10 create entry 10 create action forward sap 1/1/1:1...

  • Page 339

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 The secondary action is active and will remain active as long as the secondary action SAP 1/1/2:1 is up. The hold remain timer is not enabled (== value 0). When the primary action SAP 1/1/1:1 is operationally up again, the secondary action remains active, as follows: *A:PE-1# configure service vpls 1 sap 1/1/1:1 no shutdown...

  • Page 340

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PBR Target Status : Up PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Primary Dest. Stickiness Hold Remain Ing. Matches : 11000 pkts (1166000 bytes) Egr. Matches : 0 pkts =============================================================================== This tools command can also be used in combination with a running sticky-...

  • Page 341

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 *A:PE-1# show filter mac 20 =============================================================================== Mac Filter =============================================================================== Filter Id : 20 Applied : Yes Scope : Template Def. Action : Drop Entries Type : normal Description : (Not Specified) ------------------------------------------------------------------------------- Filter Match Criteria : Mac...

  • Page 342

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 71 PBR in a VPRN PE-1 PE-2 CE-11 172.16.111.2/30 1/1/3:2 1/1/1:2 172.16.12.0/30 VPRN 2 VPRN 2 1/1/2:2 Ingress filter 172.16.13.0/30 172.16.24.0/30 172.16.34.0/30 VPRN 2 VPRN 2 CE-41 172.16.114.2/30 PE-3 PE-4...

  • Page 343

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 exit action secondary forward next-hop 172.16.13.2 router 2 exit exit configure service vprn 2 interface "int-PE-1-CE-11_VPRN2" sap 1/1/3:2 ingress filter ip 30 The primary action forwards packets from CE-11 to next-hop 172.16.12.2, which is an interface in VPRN 2 on PE-2;...

  • Page 344

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# configure service vprn 2 interface "int-PE-1-PE-2_VPRN2" sap 1/1/1:2 shutdown *A:PE-1# show filter ip 30 =============================================================================== IP Filter =============================================================================== Filter Id : 30 Applied : Yes Scope : Template Def.

  • Page 345

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Conclusion Operators can define two targets for L2 and L3 traffic steering (PBF and PBR): primary and secondary. The primary target is used when both targets are up; the secondary target is used when the primary is down.

  • Page 346

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 347: Rate Limit Filter Action

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Rate Limit Filter Action This chapter provides information about Rate Limit Filter Action. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to SR OS routers and is based on SR OS Release 14.0.R7.

  • Page 348

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 QoS Interaction On ingress, if the MAC or IPv4/IPv6 filter action indicates that traffic must be rate limited, this traffic is redirected to a rate-limiting filter policer before delivery to the switching fabric.

  • Page 349

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Figure 73 Rate Limit Filters and FlexPaths Rate Limit int-1 int-1 Policer-1 filter-1 filter-1 Rate Limit Policer-1 Rate int-2 int-2 Limit filter-1 filter-2 Policer-2 26369 Use caution when applying filter-based rate limiting to SAPs on group interfaces, because group interfaces can host many ESM subscribers, which could defeat per- subscriber and per-ESM host rate limiting.

  • Page 350

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 74 Example Configuration VPRN-1 10.10.1.1 10.10.2.1 3/2/13 3/2/14 Tester T1 PE-1 Tester T2 traffic source 192.0.2.1 traffic sink 26370 The configuration of VPRN-1 on PE-1 is as follows: # R1 configure service...

  • Page 351

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 exit exit exit exit A stream of UDP packets with a fixed size of 128 bytes is sent out of Tester T1 at a rate of 1000 packets/sec, accounting for a data rate of 128 x 8 x 1000 = 1.024 Mbit/ s.

  • Page 352

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Ing. Rate-limiter Offered : 3222046 pkts (412421888 bytes) Forwarded : 2147991 pkts (274942848 bytes) Dropped : 1074055 pkts (137479040 bytes) Egr. Rate-limiter Offered : 0 pkts Forwarded : 0 pkts Dropped...

  • Page 353

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 At time t = 20 sec (Mode: Delta) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Sap Statistics ------------------------------------------------------------------------------- Last Cleared Time : N/A Packets Octets CPM Ingress Forwarding Engine Stats Dropped Received Valid : 19901 5094656...

  • Page 354

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Dropped Received Valid : 312516277 20001041728 Off. HiPrio Off. LowPrio : 312516277 20001041728 Off. Uncolor Off. Managed Queueing Stats(Ingress QoS Policy 1) Dro. HiPrio Dro. LowPrio For.

  • Page 355

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Packets Octets CPM Ingress --- snipped --- Queueing Stats(Egress QoS Policy 1) Dro. In/InplusProf Dro. Out/ExcProf For. In/InplusProf : 10005 2561280 For. Out/ExcProf --- snipped --- *A:PE1# Conclusion Rate-limiting filter actions can be used by network operators for security purposes to...

  • Page 356

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 357: Unicast Routing Protocols

    Advanced Configuration Guide - Part I Unicast Routing Protocols Releases Up To 14.0.R7 Unicast Routing Protocols In This Section This section provides configuration information for the following topics: • Associating Communities with Static and Aggregate Routes • BGP Add-Path • BGP Fast Reroute •...

  • Page 358

    Unicast Routing Protocols Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 359: Associating Communities With Static And Aggregate Routes

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Associating Communities with Static and Aggregate Routes This chapter provides information about associating communities with static and aggregate routes configurations. Topics in this chapter include: •...

  • Page 360

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Overview Figure 75 Example Topology PE-2 PE-1 CE-7 192.0.2.7 192.168.12.0/30 192.0.2.2 192.0.2.1 192.168.25.0/30 192.0.2.8 CE-8 192.0.2.5 AS 64496 RR-5 .2 .2 192.168.34.0/30 AS 64497 192.0.2.3 192.0.2.4 192.0.2.6...

  • Page 361

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Associating Communities with Static and Aggregate Routes It is possible to add a single community value to a static and aggregate route without using a route policy.

  • Page 362

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 group “RR-clients" family vpn-ipv4 peer-as 64496 neighbor 192.0.2.1 exit neighbor 192.0.2.2 exit neighbor 192.0.2.3 exit neighbor 192.0.2.4 exit exit On RR-5, show that BGP sessions with each PE are established, and have correctly negotiated the VPN IPv4 address family capability.

  • Page 363

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family) PktSent OutQ ------------------------------------------------------------------------------- 192.0.2.1 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.2 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.3 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.4...

  • Page 364

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 interface "loop1" create address 192.0.2.100/32 loopback exit interface "int-PE-1-CE-8" create unnumbered "loop1" sap 1/2/2:1.0 create exit exit no shutdown For unnumbered interfaces, an IP address is borrowed from a loopback interface, for example from the system interface, see MPLS chapter Unnumbered Interfaces in RSVP-TE and...

  • Page 365

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes group "VPRN1-external" export "BGP-VPN-accept" peer-as 64497 neighbor 172.16.46.2 exit exit exit no shutdown Static Routes with Communities A static route has a number of next-hop options: direct connected IP address, black- hole, indirect IP address, and interface-name.

  • Page 366

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 • 10.100.101.0/24 must be advertised with a community of 64496:101 configure service vprn 1 static-route-entry 10.100.101.0/24 next-hop 172.16.17.2 community 64496:101 no shutdown exit •...

  • Page 367

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes configure service vprn 1 static-route-entry 10.100.105.0/24 next-hop "int-PE-1-CE-8" community 64496:105 no shutdown exit exit On PE-1, configure static routes that match the static routes from Figure 76, and the preceding conditions.

  • Page 368

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Routes : 7 =============================================================================== *A:PE-1# There are only seven exported routes. The route prefixes associated with the no- advertise community are not present, as expected. Examining the BGP table of PE-4 shows the presence of the expected routes, with the correct community values.

  • Page 369

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes VPRN Imported ---snip--- The following command shows all members of the community no-report: *A:PE-4# show router bgp routes vpn-ipv4 community no-export =============================================================================== BGP Router ID:192.0.2.4 AS:64496 Local AS:64496 ===============================================================================...

  • Page 370

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 *A:PE-4# show router bgp routes 10.100.101.0/24 vpn-ipv4 detail =============================================================================== BGP Router ID:192.0.2.4 AS:64496 Local AS:64496 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...

  • Page 371

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Network : 10.100.103.0/24 Nexthop : 192.0.2.1 Route Dist. : 64496:1 VPN Label : 262139 Path Id : None From : 192.0.2.5 Res. Nexthop : n/a Local Pref.

  • Page 372

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5 Fwd Class : None Priority : None Flags : Used Valid Best Route Source : Internal AS-Path : No As-Path...

  • Page 373

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Examine the route table of VPRN 1 on PE-4 – looking specifically at the BGP-learned routes, the same seven routes are present as valid routes. *A:PE-4# show router 1 route-table protocol bgp-vpn =============================================================================== Route Table (Service: 1)

  • Page 374

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Routes: 6 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested =============================================================================== *A:CE-6#...

  • Page 375

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes *A:CE-6# show router bgp routes community 64496:103 =============================================================================== BGP Router ID:192.0.2.6 AS:64497 Local AS:64497 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...

  • Page 376

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid Legend - l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...

  • Page 377

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes • 10.101.0.0/24 to 10.101.7.0/24 • 10.102.0.0/24 to 10.102.7.0/24 Instead of advertising all of these prefixes out of the VPRN towards an external CE individually, an aggregate route can be configured that summarizes each set of eight prefixes and a community can be directly associated with each aggregate route.

  • Page 378

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 State : Established Last State : Established Last Event : recvKeepAlive Last Error : Cease (Connection Collision Resolution) Local Family : IPv4 Remote Family : IPv4 Hold Time : 90...

  • Page 379

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Routes Resolve To St*: Disabled Local AddPath Capabi*: Disabled Remote AddPath Capab*: Send - None : Receive - None Import Policy : None Specified / Inherited Export Policy : None Specified / Inherited Origin Validation...

  • Page 380

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 u*>i 10.101.6.0/24 None None 172.16.117.2 None 64498 u*>i 10.101.7.0/24 None None 172.16.117.2 None 64498 u*>i 10.102.0.0/24 None None 172.16.117.2 None 64498 u*>i 10.102.1.0/24 None None 172.16.117.2...

  • Page 381

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes neighbor 172.16.146.2 exit exit no shutdown exit no shutdown exit Figure 78 shows the connectivity between PE-4 and CE-6. PE-4 will only forward a summarizing aggregate route toward CE-6.

  • Page 382

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 192.0.2.1 (tunneled) 10.102.2.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.3.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.4.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.5.0/24 Remote BGP VPN...

  • Page 383

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes =============================================================================== ------------------------------------------------------------------------------- Peer : 172.16.146.2 Description : (Not Specified) Group : VPRN2-external ------------------------------------------------------------------------------- Peer AS : 64497 Peer Port : 51154 Peer Address : 172.16.146.2 Local AS : 64496...

  • Page 384

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Advertise Label : None Auth key chain : n/a Disable Cap Nego : Disabled Bfd Enabled : Disabled Flowspec Validate : Disabled Default Route Tgt : Disabled Aigp Metric : Disabled...

  • Page 385

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes policy-statement "PE-4-VPN-Agg" entry 10 from protocol aggregate exit action accept exit exit commit exit This is applied as an export policy within the group context of the BGP configuration of the VPRN.

  • Page 386

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Fwd Class : None Priority : None Flags : Used Valid Best Route Source : External AS-Path : 64496 Route Tag Neighbor-AS : 64496 Orig Validation: NotFound Source Class Dest Class...

  • Page 387: Bgp Add-path

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 BGP Add-Path This chapter provides information about BGP Add-Path. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.

  • Page 388

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Faster Convergence after Failure Figure 79 shows a network that does not support add-path. CE-4 advertises two paths for prefix 10.0.0.0/8 to its eBGP neighbors: PE-1 and PE-2. PE-1 has an import policy that sets the local preference (LP) of path A to 200;...

  • Page 389

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Step 5. PE-1 and PE-3 rerun their BGP decision process and determine that path B is the best path. Traffic can flow from CE-6 to CE-4 via PE-3 and PE-2. Figure 80 shows the BGP updates sent to withdraw path A and advertise path B.

  • Page 390

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • When BGP FRR is enabled as described in chapter BGP Fast Reroute, path A is the best path and path B is the second-best path. The FIB entry for destination 10.0.0.0/8 points to path {A,B}.

  • Page 391

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Step 3. PE-2 and PE-3 receive the withdrawal, rerun the BGP decision process, and update the forwarding entry for destination 10.0.0.0/8: path B is best. Figure 82 Reconvergence after Path Failure when BGP Add-path is Enabled AS 64496 AS 64500 CE-4...

  • Page 392

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Enhanced Load-Sharing When paths A and B are equal in cost or preference, and ECMP and BGP multipath are enabled on all PEs, load-sharing can be done for traffic with destination 10.0.0.0/ 8.

  • Page 393

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-path Implementation BGP add-path is configured in the base routing instance, for iBGP or eBGP, per address family at different levels: in the global BGP context, per group, and per neighbor.

  • Page 394

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 " 58 2017/02/21 09:57:36.11 UTC MINOR: DEBUG #2001 Base BGP "BGP: OPEN Peer 1: 192.0.2.5 - Received BGP OPEN: Version 4 AS Num 64496: Holdtime 90: BGP_ID 192.0.2.5: Opt Length 22 Opt Para: Type CAPABILITY: Length = 20: Data: Cap_Code MP-BGP: Length 4 Bytes: 0x0 0x1 0x0 0x1...

  • Page 395

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag...

  • Page 396

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 83 Example Topology AS 64496 PE-1 AS 64500 172.16.14.0/30 192.168.13.0/30 CE-4 192.0.2.1/32 10.0.0.0/8 192.168.12.0/30 192.168.15.0/30 192.168.25.0/30 RR-5 172.16.24.0/30 AS 64501 192.0.2.5/32 PE-3 CE-6 PE-2 192.0.2.2/32 192.0.2.3/32 192.168.23.0/30 172.16.36.0/30 eBGP iBGP...

  • Page 397

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 min-route-advertisement 1 rapid-withdrawal split-horizon group "eBGP" export "export-bgp" peer-as 64496 neighbor 172.16.14.1 exit neighbor 172.16.24.1 exit exit exit policy-options begin prefix-list "10.0.0.0/8" prefix 10.0.0.0/8 longer exit policy-statement "export-bgp" entry 10 from prefix-list "10.0.0.0/8"...

  • Page 398

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit commit The BGP configuration on PE-2 and PE-3 is similar, but there is no import policy. The BGP configuration on RR-5 is as follows: configure router autonomous-system 64496 min-route-advertisement 1 rapid-withdrawal...

  • Page 399

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Reconvergence without Add-path A failure of the link between CE-4 and PE-1 is simulated as follows: *A:CE-4# configure router interface "int-CE-4-PE-1" shutdown The following four BGP update messages are received or sent by RR-5. RR-5 receives the following withdrawal message from PE-1: 14 2017/02/21 12:26:44.56 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1 "Peer 1: 192.0.2.1: UPDATE...

  • Page 400

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Withdrawn Length = 0 Total Path Attr Length = 41 Flag: 0x40 Type: 1 Len: 1 Origin: 0 Flag: 0x40 Type: 2 Len: 6 AS Path: Type: 2 Len: 1 < 64500 > Flag: 0x40 Type: 3 Len: 4 Nexthop: 192.0.2.2 Flag: 0x40 Type: 5 Len: 4 Local Preference: 100 Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.2...

  • Page 401

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-path is enabled on PE-1 and PE-2 with a send path limit of two for groups "eBGP" and "iBGP" and no limit on the receive path limit, which is the default setting, as follows: configure router bgp group "eBGP"...

  • Page 402

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 : Receive - IPv4 Remote AddPath Capab*: Send - IPv4 : Receive - None With BGP add-path enabled, PE-2 will advertise its second-best route for prefix 10.0.0.0/8 with LP 100 to RR-5. PE-1, PE-2, and RR-5 will have two routes for prefix 10.0.0.0/8 in their RIB-IN, but only the route with LP 200 will be used.

  • Page 403

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 192.0.2.1 None 64500 ------------------------------------------------------------------------------- Routes : 1 When add-path is enabled on the session between PE-3 and RR-5, the second route will also be advertised, as follows: *A:PE-3# configure router bgp group "iBGP" add-paths ipv4 send 2 *A:RR-5# configure router bgp group "iBGP"...

  • Page 404

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Reconverge with Add-Path: No BGP FRR, No ECMP A link failure between CE-4 and PE-1 is simulated as follows: *A:CE-4# configure router interface "int-CE-4-PE-1" shutdown PE-1 sends a withdrawal message for route 10.0.0.0/8 with LP 200 to RR-5 and reruns the BGP decision process.

  • Page 405

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 The convergence with add-path enabled is twice as fast as without BGP add-path. With BGP add-path disabled, four sequential messages are sent: 1. PE-1 sends a withdrawal to RR-5. 2.

  • Page 406

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The following routing table on PE-3 shows the active route for 10.0.0.0/8 and adds an indication "B", indicating that a backup route is available: *A:PE-3# show router route-table 10.0.0.0/8 =============================================================================== Route Table (Router: Base) ===============================================================================...

  • Page 407

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-Path and ECMP On PE-1, the import policy is removed to have paths with equal cost: *A:PE-1# configure router bgp group "eBGP" no import ECMP is enabled on all PEs with a value of two, as follows: configure router ecmp 2 On all PEs, BGP multipath is configured with a value of two in the BGP context, as follows:...

  • Page 408

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 10.0.0.0/8 Remote 00h02m40s 192.168.13.1 10.0.0.0/8 Remote 00h02m40s 192.168.23.1 ------------------------------------------------------------------------------- No. of Routes: 2 Traffic flows with destination 10.0.0.0/8 will be sprayed over the two active paths. Add-path for Family VPN-IPv4 with BGP FRR Figure 84 shows the example topology with VPRN1 configured on the PEs in AS 64496.

  • Page 409

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 vprn 1 customer 1 create autonomous-system 64496 route-distinguisher 64496:1 auto-bind-tunnel resolution any exit enable-bgp-vpn-backup ipv4 vrf-target target:64496:1 interface "int-PE-1-CE-4_VPRN1" create address 172.16.114.1/30 sap 1/1/3:1 create exit exit split-horizon group "eBGP_1"...

  • Page 410

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 address 172.31.0.1/16 loopback exit split-horizon group "eBGP_1" export "export_172.31.0.0/16" peer-as 64496 neighbor 172.16.114.1 exit neighbor 172.16.124.1 exit exit exit no shutdown The export policy to export prefix 172.31.0.0/16 is defined as follows: configure router policy-options...

  • Page 411

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 The BGP configuration for group "iBGP" on PE-1 is as follows: *A:PE-1# configure router bgp group "iBGP" *A:PE-1>config>router>bgp>group# info ---------------------------------------------- family ipv4 vpn-ipv4 next-hop-self peer-as 64496 add-paths ipv4 send 2 receive vpn-ipv4 send 2 receive exit neighbor 192.0.2.5...

  • Page 412

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Route Table (Service: 1) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 172.31.0.0/16 [B] Remote BGP VPN 00h00m27s 192.0.2.1 (tunneled) ------------------------------------------------------------------------------- No. of Routes: 1 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available...

  • Page 413

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 configure service vprn 1 ecmp 2 BGP multipath needs to be enabled in the base routing context, but that already happened. With ECMP enabled, the two routes that are received on PE-3 from RR-5 are both active, as follows: *A:PE-3# show router bgp routes 172.31.0.0/16 vpn-ipv4 ===============================================================================...

  • Page 414

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion BGP add-path allows BGP speakers to advertise multiple distinct paths for the same prefix. The potential benefits of BGP add-path include reduced routing churn, faster convergence, and better load-sharing. 3HE 11598 AAAB TQZZA 01 Issue: 01...

  • Page 415: Bgp Fast Reroute

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 BGP Fast Reroute This chapter provides information about BGP Fast Reroute. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to SR OS routers and is based on SR OS Release 14.0.R7 Overview Border Gateway Protocol (BGP) is a key protocol for ISPs, supporting inter- Autonomous System (inter-AS) and intra-Autonomous System (intra-AS)

  • Page 416

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Within SR OS, two BGP FRR functions are supported: Core PIC and Edge PIC. Core PIC describes a scenario where a link or node on the path to the BGP next-hop fails, but the BGP next-hop remains reachable;...

  • Page 417

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 The following SR OS supported features can be used to allow BGP to maintain multiple paths through an autonomous system: • BGP Best External • BGP Add-Paths Convergence goes through several phases, which also apply to BGP: •...

  • Page 418

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 87 BGP FRR Topology 192.0.2.2/32 10.0.12.0/30 192.168.24.0/30 AS 65537 AS 65536 192.0.2.4/32 192.0.2.5/32 192.168.45.0/30 10.0.13.0/30 172.20.1.0/24 192.168.34.0/30 172.20.1.0/24 192.168.46.0/30 192.0.2.1/32 192.0.2.3/32 = eBGP 192.0.2.6/32 = iBGP 26257 These characteristics enforce traffic for destination 172.10.1.0/24 to leave AS 65537 via R2.

  • Page 419

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 BGP Best External R3 is configured with the BGP Best External feature, as follows: # on R3 configure router loop-detect discard-route split-horizon advertise-external ipv4 group "eBGP_AS65536" export "AS65537_Export_External_Networks" peer-as 65536 neighbor 192.168.13.1 exit...

  • Page 420

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 192.0.2.3 None 65536 ------------------------------------------------------------------------------- Routes : 1 =============================================================================== *A:R3# The BGP Best External feature is sufficient for providing alternate paths in a fully meshed autonomous system, and could be used in conjunction with the BGP Add- Paths feature.

  • Page 421

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 # on RR6 configure router loop-detect discard-route split-horizon group "iBGP_AS65537" cluster 6.6.6.6 peer-as 65537 add-paths ipv4 send 2 receive exit neighbor 192.0.2.2 exit neighbor 192.0.2.3 exit neighbor 192.0.2.4 exit neighbor 192.0.2.5 exit...

  • Page 422

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...

  • Page 423

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 =============================================================================== BGP Router ID:192.0.2.4 AS:65537 Local AS:65537 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...

  • Page 424

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 172.10.1.0/24 None 192.0.2.2 65536 ub*i 172.10.1.0/24 None 192.0.2.3 65536 ------------------------------------------------------------------------------- Routes : 2 =============================================================================== *A:R4# Now the routing table is as follows.

  • Page 425

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 Backup = BGP backup route LFA = Loop-Free Alternate nexthop S = Sticky ECMP requested =============================================================================== *A:R4# The currently active next-hop in the forwarding path is 192.168.24.1, as follows: *A:R4# show router fib 1 172.10.1.0/24 all =============================================================================== FIB Display...

  • Page 426

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In summary, two paths are available out of R4 and leading to 172.10.1.0/24 in the remote AS, but only one is installed in the forwarding plane. The active route is R4- R2-R1;...

  • Page 427

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 exit neighbor 192.168.13.2 exit exit no shutdown exit exit exit Because the BFD configuration for R2 and R3 is very similar, it is only shown for R2, as follows: # for R2 configure...

  • Page 428

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD for IS-IS is enabled at the IS-IS interface level, and is enabled for IPv4 only, as follows. configure router isis area-id 48.0001 interface "system" no shutdown exit interface "int-R2-R4"...

  • Page 429

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 192.168.45.1 0.698 ms 0.695 ms 0.698 ms 192.168.34.1 1.21 ms 1.21 ms 1.15 ms 172.10.1.1 1.73 ms 1.71 ms 1.70 ms *A:R5# On R4, traffic is now diverted to R3, and the BGP routes are as follows: *A:R4# show router bgp routes =============================================================================== BGP Router ID:192.0.2.4...

  • Page 430

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Dest Prefix : 172.10.1.0/24 Protocol : BGP Installed Indirect Next-Hop : 192.0.2.3 : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight Resolving Next-Hop : 192.168.34.1 Interface : int-R4-R3 ECMP-Weight =============================================================================== Total Entries : 1 ===============================================================================...

  • Page 431: Bgp Flowspec For Ipv4 And Ipv6

    Applicability This chapter is applicable to 7750 SR-7/12, 7750 SRc4/c12, 7750 SR-12E, 7750 SR- a, 7750 SR-e, XRS-20/40/16c, and 7450 ESS-7/12 in mixed-mode. Only interfaces supported on IOM3-XP, IOM4-e, XMA/C-XMA, IOM-a, and IMM cards can be configured for FlowSpec filtering. Also, all network interfaces must be on IOM3-XP, IOM4-e, XMA/C-XMA, IOM-a, or IMM cards in order to enable FlowSpec on any spoke-SDP interface.

  • Page 432

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Initially, the primary use for FlowSpec was to dynamically distribute traffic filtering rules for mitigating distributed denial of service (DDoS) attacks. A router receiving a FlowSpec update can dynamically create IP filters to prevent both intra-AS and inter- AS DDoS attacks.

  • Page 433

    Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 Table 7 FlowSpec Component Types Type Value Component Type SR OS Support Fragment Yes (non-first only, first-only, fragment true, fragment false. Last fragment matching is not supported).

  • Page 434

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 To allow for tunneling of IPv4 traffic in MPLS, all PE routers are configured for BGP next-hop-resolution using LDP shortcut-tunnels. To allow for tunneling of IPv6 traffic in MPLS, all PE routers are configured to run 6PE, with peering sessions configured to advertise labels for the IPv6 address family.

  • Page 435

    Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 − A "dirty" interface for forwarding of mitigated traffic toward the scrubbing center for cleansing. This interface is connected to an off-ramp VPRN configured on PE-5 and PE-2. PE-5 has static IPv4/IPv6 default routes toward the scrubbing center, which are subsequently advertised into the off- ramp VPRN.

  • Page 436

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PE-2 uses an IES to externally peer with AS 64511. The peering is for the IPv4 and IPv6 address families, and a separate IPv4/IPv6 BGP session is maintained for each address family.

  • Page 437

    Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 An IPv4 FlowSpec route is subsequently established to black-hole/drop traffic with a source address of 172.16.15.148 (Tester T1) and a destination address of 172.31.100.232 (Tester T2), for any destination ports in the range 4190-4199. The following output shows the route as received at PE-2.