Download Print this page

Nokia 7450 Advanced Configuration Manual

Hide thumbs

Advertisement

Advanced Configuration Guide - Part I Releases Up To 14.0.R7
7450 Ethernet Service Switch
7750 Service Router
7950 Extensible Routing System
Advanced Configuration Guide - Part I
Releases Up To 14.0.R7
3HE 11598 AAAB TQZZA 01
Issue: 01
April 2017
Nokia — Proprietary and confidential.
Use pursuant to applicable agreements.

Advertisement

loading

  Related Manuals for Nokia 7450

  Summary of Contents for Nokia 7450

  • Page 1 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 7450 Ethernet Service Switch 7750 Service Router 7950 Extensible Routing System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01 April 2017 Nokia —...
  • Page 2 © 2016-2017 Nokia. Contains proprietary/trade secret information which is the property of Nokia and must not be made available to, or copied or used by anyone outside Nokia without its written authorization. Not to be used or disclosed except in accordance with applicable agreements.
  • Page 3: Table Of Contents

    Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table of Contents Preface ......................23 About This Guide.........................23 Basic System .................... 27 IEEE 1588 for Frequency, Phase, and Time Distribution .........29 Applicability ........................29 Overview ........................29 Configuration ........................42 Conclusion ........................62 Synchronous Ethernet..................63 Applicability ........................63 Summary...
  • Page 4 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration .........................144 Conclusion .........................161 Port Cross-Connect (PXC).................163 Applicability .........................163 Overview .........................163 Configuration .........................165 Conclusion .........................194 Router Configuration ................195 6PE Next-Hop Resolution ..................197 Applicability .........................197 Overview .........................197 Configuration .........................199 Conclusion .........................218 Aggregate Route Indirect Next-Hop Option .............219 Applicability...
  • Page 5 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Rate Limit Filter Action ..................347 Applicability .........................347 Overview .........................347 Configuration .........................349 Conclusion .........................355 Unicast Routing Protocols ..............357 Associating Communities with Static and Aggregate Routes .......359 Applicability .........................359 Overview .........................360 Configuration .........................361 Conclusion...
  • Page 6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion .........................520 EBGP Route Resolution to a Static Route ............521 Applicability .........................521 Overview .........................521 Configuration .........................522 Conclusion .........................536 IS-IS Link Bundling ....................537 Applicability .........................537 Overview .........................537 Configuration .........................541 Conclusion .........................553 Policy Chaining and Logical Expressions ............555 Applicability .........................555...
  • Page 7 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Overview .........................699 Configuration .........................711 Conclusion .........................735 Entropy Label .....................737 Applicability .........................737 Overview .........................737 Configuration .........................740 Conclusion .........................751 IGP Shortcuts .....................753 Applicability .........................753 Overview .........................753 Configuration .........................756 Conclusion .........................805 Inter-Area TE Point-to-Point LSPs ..............807 Applicability .........................807 Summary...
  • Page 8 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LDP-SR Stitching for IPv4 Prefixes (IS-IS) ............925 Applicability .........................925 Overview .........................925 Configuration .........................926 Conclusion .........................940 MPLS LDP FRR using ISIS as IGP ..............941 Applicability .........................941 Overview .........................941 Configuration .........................942 Conclusion .........................965 MPLS Transport Profile ..................967 Applicability...
  • Page 9 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Segment Routing – Traffic Engineered Tunnels ...........1153 Applicability .......................1153 Overview .......................1153 Configuration .......................1155 Conclusion .......................1172 Segment Routing with IS-IS Control Plane ............1173 Applicability .......................1173 Overview .......................1173 Configuration .......................1175 Conclusion .......................1195 Shared Risk Link Groups for RSVP-Based LSP ..........1197 Applicability .......................1197...
  • Page 10 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 11 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 List of tables Synchronous Ethernet..................63 Table 1 Revertive, Non-Revertive Timing Reference Switching Operation ..68 Hybrid OpenFlow Switch ...................271 Table 2 OpenFlow Messages ................274 Table 3 FLOW_MOD Cookie Value ..............277 Table 4 FLOW_MOD Flags ................287 Table 5 Supported Redirect Actions..............297...
  • Page 12 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 22 MTU Values for Ethernet Frames............1026 Segment Routing with IS-IS Control Plane ............1173 Table 23 Mode Comparison .................1177 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 13 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 List of figures IEEE 1588 for Frequency, Phase, and Time Distribution .........29 Figure 1 PTP Messages and Timestamp Exchange ..........31 Figure 2 1588 Topology for Frequency Distribution..........33 Figure 3 1588 Topology for Time Distribution............33 Figure 4 Frequency Distribution with 1588 as Last Mile ..........34 Figure 5...
  • Page 14 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 34 ICB Spoke SDPs and Their Association with the Endpoints ....155 Figure 35 Additional Setup Example 1 ..............158 Figure 36 Additional Setup Example 2 ..............159 Port Cross-Connect (PXC).................163 Figure 37 Example Topology...................165 Figure 38 Non-Redundant PXC................168...
  • Page 15 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PBR/PBF Redundancy ..................321 Figure 69 PBF in VPLS 1 on PE-1................323 Figure 70 Example Topology...................328 Figure 71 PBR in a VPRN ..................342 Rate Limit Filter Action ..................347 Figure 72 Filter Based Rate Limiting ...............347 Figure 73 Rate Limit Filters and FlexPaths..............349 Figure 74...
  • Page 16 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 99 BGP Multipath Restricted to Exact Same AS. All AS Paths are Different....................469 Figure 100 BGP Multipath Restricted to Exact Same AS. All AS Paths are Identical ....................470 Figure 101 EBGP Equal to IBGP: No EIBGP Load-Balancing ........473 Figure 102...
  • Page 17 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 131 Updates from Unlabeled Sessions Not Propagated to Labeled Sessions (Default) ...................599 Figure 132 RIB Leaking from IPv4 BGP RIB to Labeled-IPv4 BGP RIB ....601 Automatic Bandwidth Adjustment in P2P LSPs..........607 Figure 133 Auto-Bandwidth Adjustment Implementation...........609 Figure 134...
  • Page 18 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Entropy Label .....................737 Figure 166 Load-Balancing of Flows Based on Hash Label or Entropy Label ..738 Figure 167 Label Stack with Hash Label versus Label Stack with EL and ELI..739 Figure 168 Downstream LERs Signal EL Capability to ILER ........739 Figure 169...
  • Page 19 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LDP-SR Stitching for IPv4 Prefixes (IS-IS) ............925 Figure 199 Example Topology...................926 MPLS LDP FRR using ISIS as IGP ..............941 Figure 200 Initial Topology ..................943 Figure 201 Data Verification, Direction PE-1 => PE-5 Using VLL Service ....953 Figure 202 LFA Computation, Inequality 1 for Prefix PE-5 (D) on PE-1 (S) ....960 Figure 203...
  • Page 20 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 RSVP Signaled Point-to-Multipoint LSPs............1087 Figure 233 P2MP Network Topology...............1088 Figure 234 P2MP LSP LSP-p2mp-1................1093 Figure 235 P2MP LSP p-to-mp-1 with Metric Change..........1111 Figure 236 P2MP LSP LSP-p2mp-1 with Strict S2L Path toward PE-7....1114 Figure 237 Intelligent Remerge, Case 1 ..............1116 Figure 238...
  • Page 21 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 268 MPLS Label Stack Object..............1238 Figure 269 ICMP Extension Header ................1238 Figure 270 ICMP Extension Object: Object Header and Payload ......1239 Figure 271 Example Configuration ................1240 Figure 272 Tunnel from iLER PE-3 to eLER PE-6 via LSR PE-2 ......1243 Figure 273 UDP Traceroute in VPRN with iLER in Uniform Mode ......1245 Figure 274...
  • Page 22 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 23: Preface

    It is assumed that the network administrators have a detailed understanding of networking principles and configurations. List of Technical Publications The 7x50 series documentation set also includes the following guides: • 7450 ESS, 7750 SR, and 7950 XRS Basic System Configuration Guide Issue: 01 3HE 11598 AAAB TQZZA 01...
  • Page 24 Points (SAPs), Service Distribution Points (SDPs), customer information, and user services. • 7450 ESS, 7750 SR, and 7950 XRS Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN This guide describes Layer 2 service and Ethernet Virtual Private Network...
  • Page 25 Advanced Configuration Guide - Part I Preface Releases Up To 14.0.R7 • 7450 ESS, 7750 SR, and 7950 XRS Layer 3 Services Guide: Internet Enhanced Services and Virtual Private Routed Network Services This guide describes Layer 3 service functionality and provides examples to configure and implement Internet Enhanced Services (IES) and Virtual Private Routed Network (VPRN) services.
  • Page 26 Preface Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 27: Basic System

    Advanced Configuration Guide - Part I Basic System Releases Up To 14.0.R7 Basic System In this section This section provides configuration information for the following topics: • IEEE 1588 for Frequency, Phase, and Time Distribution • Synchronous Ethernet Issue: 01 3HE 11598 AAAB TQZZA 01...
  • Page 28 Basic System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 29: Ieee 1588 For Frequency, Phase, And Time Distribution

    Conclusion Applicability This section is applicable to all of the 7750 SR and 7450 ESS series, except for the SR-1, ESS-1, and ESS-6/6v. It is not applicable to t.he 7710 SR nor the 7950 XRS series. Description and examples are based on release 12.0.R2. The only software pre-requisites are IP reachability between the node and neighboring 1588 clocks.
  • Page 30 This is useful in environments where the transport network does not provide physical layer synchronization services. The following 1588 capabilities are provided within the 7750 SR and 7450 ESS nodes: • CPM/CFM based 1588 master, boundary, and slave clock functionality •...
  • Page 31: Figure 1 Ptp Messages And Timestamp Exchange

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 1 PTP Messages and Timestamp Exchange Master Slave Data at Slave t1, t2 t1, t2, t3 t1, t2, t3, t4 al_0541 The master sends a PTP Sync message containing a timestamp of when the Sync message is transmitted (t1) to the slave.
  • Page 32 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 These calculations can occur on every message exchange or some initial packet selection can be performed so that only optimal message exchanges are used. The latter is useful if there is variable delay between the master and slave ports.
  • Page 33: Figure 2 1588 Topology For Frequency Distribution

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 2 1588 Topology for Frequency Distribution Master Slave Synchronous Ethernet Input Port 5/1/3 Int-PE-1-PE-2 Int-PE-2-PE-1 Port 1/1/1 Port 1/1/1 192.168.1.1 192.168.1.2 PE-1 PE-2 192.0.2.183...
  • Page 34: Figure 4 Frequency Distribution With 1588 As Last Mile

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 The 1588 standard itself includes a default profile that can be used for either time or frequency distribution. The default profile was defined principally for multicast operation.
  • Page 35 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Note: SSM stands for Synchronization Status Messages and ESMC stands for Ethernet Synchronization Messaging Channel. These are two capabilities in SDH/SONET and Synchronous Ethernet respectively for the relaying of source clock quality information.
  • Page 36: Figure 5 Unicast Message Negotiation

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Figure 5 Unicast Message Negotiation Master_1 Slave Clock Master_2 Execution of the BMCA selects Master_1 as the Grandmaster Clock al_0545 A slave clock initiates unicast discovery by sending a Signaling message to one of its configured master clocks requesting the master send unicast Announce messages to the slave.
  • Page 37: Packet Delay Variation

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Network Limits A common concern around 1588 is whether it will work on or over a specific customer network. For time distribution using full OPS as shown in Figure 3, there are well defined limits on the number of network elements allowed in the distribution chain...
  • Page 38 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 QoS prioritization of packets helps reduce PDV significantly during congestion periods, but does not remove the PDV effects during lighter loading. This is due to the fact that a timing packet may be delivered to the egress queue for an interface while the interface is busy transmitting a packet.
  • Page 39: Figure 6 Floor Packet Counting For Fpp (N, W, Δ)

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution • Floor Delay is a value that is as close as possible to the absolute minimum transit delay across the network. Every actual delay measurement must be equal to or larger than this value.
  • Page 40 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 ITU-T Budget for Frequency The network limit on PDV for frequency distribution is defined in G.8271.1 using the FPP metrics defined above. In general most carrier grade networks with spans of up to 10 nodes and which do not exceed 80% load on their internode links should meet the requirement.
  • Page 41: Figure 7 G.8271.1 Time Error Budget

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 7 G.8271.1 Time Error Budget ±100ns (PRTC/ T-GM) ±500ns cTE (node asymmetry, ±50ns per node) ±200ns dTE (random network variation) ±300ns cTE (uncompensated link asymmetry) ±250ns...
  • Page 42: Configuration

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Note there is discussion that some of these elements could be traded-off against each other. For example, if the link asymmetry needs a higher budget then the holdover budget would have to be less –...
  • Page 43: Figure 8 Master And Slave Clocks For Frequency

    The 7750 SR and the 7450 ESS can be configured as a 1588 slave clock for frequency recovery. In real deployments, it is more likely for the slave devices to be smaller cell site routers or basestations instead of another 7750 SR or 7450 ESS.
  • Page 44 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Ordinary Master Configuration The steps to configure PE-1 as a PTP ordinary-clock master for frequency distribution using the G.8265.1 Telecom profile are outlined below: Configure a /32 IPv4 system address on PE-1 and an interface to reach PE-2.
  • Page 45 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution The default clock type is set to ordinary slave so that must be changed to ordinary master. The only other relevant configuration parameter for the master clock running the G.8265.1 profile is the network-type.
  • Page 46 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 exit no shutdown exit exit Usually a 1588 slave has at least two peers configured in order to provide redundant sources. Configure PTP as the reference for the central clock on PE-2. *A:PE-2# configure system...
  • Page 47 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Router IP Address Dir Type Rate Duration State Time ------------------------------------------------------------------------------- Base 192.0.2.183 Announce 1 pkt/2 s Granted 05/30/2014 09:08:38 192.0.2.183 Sync 64 pkt/s Granted 05/30/2014 09:08:43 192.0.2.183...
  • Page 48 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 =============================================================================== In addition PTP packet statistics can be checked to verify reception of the PTP messages and the execution of the frequency slave: *A:PE-2# show system ptp statistics =============================================================================== IEEE 1588/PTP Packet Statistics...
  • Page 49 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Hold-over =============================================================================== =============================================================================== IEEE 1588/PTP Event Statistics =============================================================================== Event Sync Flow Delay Flow ------------------------------------------------------------------------------- Packet Loss Excessive Packet Loss Excessive Phase Shift Detected Too Much Packet Delay Variation =============================================================================== Secondly, the central clock status on the system can be checked:...
  • Page 50 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Rx Quality Level : failed Quality Level Override : none Qualified For Use : No Not Qualified Due To disabled Selected For Use : No Not Selected Due To disabled...
  • Page 51 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution When using the system as a 1588 slave for frequency distribution, it is strongly recommended to use the default message rate of 64 pps for Sync and Delay_Resp messages.
  • Page 52: Figure 9 Boundary Clock

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Boundary Clock With the increase interest in high accuracy time distribution across networks, the system most likely takes on the role of a 1588 boundary clock. In this role, the system requests time from a GNSS driven grandmaster clock or from a neighboring boundary clock.
  • Page 53 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution On PE-2, configure a /32 IPv4 system address and an interface to reach PE-1. *A:PE-2# configure router interface "system" address 192.0.2.182/32 no shutdown exit interface "int-PE-2-PE-1"...
  • Page 54 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 no shutdown exit commit exit Next configure PE-1 as a boundary clock requesting service from GM-1 using the default profile. In this example, the interface address of GM-1 is used for the PTP communication.
  • Page 55 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution exit On PE-1, validate the status of the PTP topology by checking the unicast sessions. Also validate the PTP process has elected GM-1 as both the parentClock and the grandmaster clock.
  • Page 56 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 Frequency Traceable : yes Time Traceable : yes Time Source : GPS On PE-2, validate the PTP process has elected PE-1 as its parentClock and that the grandmaster clock is GM-1.
  • Page 57: Figure 10 Boundary Clocks With Edge Vprn Access

    Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution Figure 10 Boundary Clocks with Edge VPRN Access GNSS Antenna Boundary Boundary Clock Clock GNSS Driven Grandmaster Clock Int-PE-1-GM-1 Int-PE-1-PE-2 BASE Port 1/1/10 Port 1/1/1 Int-PE-2-PE-1 GM-1...
  • Page 58 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 *A:PE-2# show system ptp unicast router 10 *A:PE-2# show service id 10 ptp unicast These two commands provide the same information as shown below. *A:PE-2# show system ptp unicast router 10 =============================================================================== IEEE 1588/PTP Unicast Negotiation Information...
  • Page 59 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution *A:PE-2# configure router interface "int-PE-2-PE-1" ptp-hw-assist exit exit exit configure service vprn 10 customer 1 interface "int-PE-2-CE-1" ptp-hw-assist exit exit To verify 1588 PBT is active on the 1588 messages to the peers, check the timestamp point for the specific peer.
  • Page 60 IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 In order to configure the system loopback address for PTP, enter the following on PE-1: *A:PE-1# configure system security source-address application ptp "system" exit exit Now the timestamp point on PE-1 will be the port.
  • Page 61 Advanced Configuration Guide - Part I IEEE 1588 for Frequency, Phase, and Time Releases Up To 14.0.R7 Distribution On PE-2, a loopback address must assigned for PTP communication as follows: *A:PE-2# configure service vprn 10 interface "ptp_loopback" address 172.16.1.1/32 loopback exit source-address application ptp "ptp_loopback"...
  • Page 62: Conclusion

    IEEE 1588 for Frequency, Phase, and Time Advanced Configuration Guide - Part I Distribution Releases Up To 14.0.R7 State Reference ID St Type Poll Reach Offset(ms) Remote ------------------------------------------------------------------------------- chosen srvr ..YY 0.000 =============================================================================== =============================================================================== NTP Clients =============================================================================== vRouter Time Last Request Rx Address ------------------------------------------------------------------------------- ===============================================================================...
  • Page 63: Synchronous Ethernet

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Synchronous Ethernet This chapter provides information about Synchronous Ethernet (SyncE). Topics in this chapter include: • Applicability • Summary • Overview • Configuration • Conclusion Applicability This chapter was initially written for SR OS release 8.0.R7. The CLI in the current edition is based on SR OS release 14.0.R6.
  • Page 64: Overview

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Overview Synchronous Ethernet Traditionally, Ethernet based networks employ the physical layer transmitter clock to be derived from an inexpensive +/-100ppm crystal oscillator and the receiver locks onto it. There is no need for long term frequency stability because the data is packetized and can be buffered.
  • Page 65: Figure 11 Synce Hypothetical Reference Network Architecture

    Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Figure 11 SyncE Hypothetical Reference Network Architecture S SDH E Eth H Hybrid 25994 Many Tier 1 carriers are looking to migrate their synchronization infrastructure to a familiar and manageable model. In order to enable rapid migration of these networks, SyncE may be the easiest to deploy in order to ensure robust frequency synchronization.
  • Page 66: Figure 12 Packet Based Network Timing Infrastructure

    Telcordia GR-1244 and ITU-T G.781. The system can select from up to three (7950 XRS) or four (7450 ESS and 7750 SR) timing inputs to train the local oscillator. The priority order of these references must be specified.
  • Page 67: Figure 13 Cpm Clock Synchronization Reference Selection

    • BITS port on the CPM, CFM, or CCM module • 10GE ports in WAN PHY mode • IEEE 1588v2 slave port (PTP) (7450 ESS and 7750 SR only) On 7750 SR-12 and 7750 SR-7 systems with redundant CPMs, the system has two BITS input ports (one per CPM).
  • Page 68: Table 1 Revertive, Non-Revertive Timing Reference Switching Operation

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 All settings of the signal characteristics for the BITS input apply to both ports. When the active CPM considers the BITS input as a possible reference, it will consider first the BITS input port on the active CPM followed the BITS input port on the standby CPM in that relative priority order.
  • Page 69 Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Table 1 Revertive, Non-Revertive Timing Reference Switching Operation (Continued) Status of Reference Status of Reference Active Reference Active Reference Non-revertive Case Revertive Case Failed Failed Failed holdover holdover Failed Failed Failed...
  • Page 70: Configuration

    Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 14 Network Considerations for Ethernet Timing Distribution Acceptable for clock distribution Not acceptable for clock distribution 25997 Configuration Configuration 1 - QL-Selection Mode Disabled The following example shows the configuration options for SyncE when ql-selection mode is disabled.
  • Page 71 Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 *A:PE-1# configure card 1 mda 1 sync-e After syncE is enabled, the configuration of MDA 1 is as follows *A:PE-1# configure card 1 mda 1 *A:PE-1>config>card>mda# info detail ---------------------------------------------- mda-type m4-10gb-xp-xfp sync-e...
  • Page 72 Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The synchronous interface timing can be configured with the following parameters: *A:PE-1# configure system sync-if-timing - sync-if-timing abort - Discard the changes that have been made to sync interface timing during a session begin - Switch to edit mode for sync interface timing - use commit to...
  • Page 73 Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 *A:PE-1>config>system>sync-if-timing# info detail ---------------------------------------------- no ql-minimum no ql-selection ref-order bits ref1 ref2 ptp ref1 source-port 1/1/2 no shutdown no ql-override exit ref2 shutdown no source-port no ql-override exit bits interface-type ds1 esf no ql-override...
  • Page 74 Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Not Qualified Due To Selected For Use : No Not Selected Due To not qualified Reference Input 1 Admin Status : up Rx Quality Level : unknown Quality Level Override : none Qualified For Use : Yes...
  • Page 75 Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Configuration 2 - QL Selection Mode Enabled The following example shows the configuration options for SyncE when ql-selection mode is enabled. This is the normal case for European SDH networks. SyncE is enabled as follows: *A:PE-1# configure card 1 mda 1 sync-e On port 1/1/2, the Synchronization Status Message (SSM) channel is configured to...
  • Page 76 Synchronous Ethernet Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1>config>system>sync-if-timing# info detail ---------------------------------------------- no ql-minimum ql-selection ref-order bits ref1 ref2 ptp ref1 source-port 1/1/2 no shutdown no ql-override exit ref2 shutdown no source-port no ql-override exit bits interface-type e1 pcm31crc ssm-bit 8 ql-override prc...
  • Page 77 Advanced Configuration Guide - Part I Synchronous Ethernet Releases Up To 14.0.R7 Selected For Use : No Not Selected Due To not qualified Reference Input 1 Admin Status : up Rx Quality Level : failed Quality Level Override : none Qualified For Use : Yes Selected For Use...
  • Page 78: Conclusion

    SONET/SDH-like frequency synchronization capability in the inherently asynchronous Ethernet network. SyncE, natively supported on the Nokia SR OS routers, is an ITU-T standardized PHY-level way of transmitting frequency synchronization across Ethernet packet networks that fulfills that need in a reliable, secure, scalable, efficient, and cost- effective manner.
  • Page 79: System Management

    Advanced Configuration Guide - Part I System Management Releases Up To 14.0.R7 System Management In This Section This section provides configuration information for the following topics: • Distributed CPU Protection • Event Handling System Issue: 01 3HE 11598 AAAB TQZZA 01...
  • Page 80 System Management Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 81: Distributed Cpu Protection

    This Distributed CPU Protection (DCP) configuration example was created using the 7750 SR-c12 platform but is equally applicable to the following platforms: 7750 SR- 7/12, 7450 ESS-6/7/12, 7750 SR-c4/c12 and 7950 XRS. DCP is not supported on the 7750 SR-1, 7450 ESS-1 or 7710 SR platforms.
  • Page 82: Configuration

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The goal of this example is to familiarize the reader with the configuration and use of Distributed CPU Protection. A simple and controlled setup is used to illustrate how the protection behaves and how to use the tools provided for the feature.
  • Page 83 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 *A:PE-1# configure router interface "int-pe1-to-tester" *A:PE-1>config>router>if# info ---------------------------------------------- address 192.168.10.1/24 port 1/1/4 no shutdown ---------------------------------------------- *A:PE-1>config>router>if# exit all *A:PE-1# configure log log-id 15 *A:PE-1>config>log>log-id# info ---------------------------------------------- from security to memory 1024 ---------------------------------------------- This example was developed on a 7750 SR-c12 platform but it is equally...
  • Page 84 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit protocol icmp create enforcement static "sp-icmp" exit protocol igmp create enforcement static "sp-igmp" exit exit For the dcp-policy-count policy configuration: − The policy contains three static policers: sp-arp, sp-icmp and sp-igmp. These policers are then used by the three configured protocols that are part of the policy: arp, icmp and igmp.
  • Page 85 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Step 4. Examine some log and status on the router to get a baseline (no traffic is flowing from the tester to the router at this point). Notice that the cpu utilization is fairly low with an overall Idle of 96% and no task groups at more than 5% capacity usage.
  • Page 86 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# tools dump security dist-cpu-protection violators enforcement interface card =============================================================================== Distributed Cpu Protection Current Interface Enforcer Policer Violators =============================================================================== Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor...
  • Page 87 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No entries found ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Dynamic-Policer (Protocol) ------------------------------------------------------------------------------- No entries found ------------------------------------------------------------------------------- =============================================================================== Step 5. Configure the tester to send ARP, ICMP and IGMP traffic to the router using the following rates: −...
  • Page 88: Figure 16 Count Traffic With Dcp Policy Count

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 16 Count Traffic with DCP Policy Count 7750 SR-c12 (PE-1) ICMP Configured Rate = 0 pps IGMP Tester Tester Sending: • 2 pps ARP • 4 pps ICMP •...
  • Page 89 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 *A:PE-1# show router interface "int-pe1-to-tester" dist-cpu-protection =============================================================================== Interface "int-pe1-to-tester" (Router: Base) =============================================================================== Distributed CPU Protection Policy : dcp-policy-count ------------------------------------------------------------------------------- Statistics/Policer-State Information =============================================================================== ------------------------------------------------------------------------------- Static Policer ------------------------------------------------------------------------------- Policer-Name : sp-arp Card/FP : 1/1...
  • Page 90 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 protocol igmp create enforcement static "sp-igmp" exit exit For the dcp-static-policy-1 policy configuration, note that a few parameters are different than in the previously created dcp-policy-count policy: −...
  • Page 91: Figure 17 Limit Traffic With Dcp-Static-Policy-1

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Figure 17 Limit Traffic with dcp-static-policy-1 7750 SR-c12 (PE-1) Rate = 10 pps ICMP Rate = 20 pps IGMP Tester Rate = 10 pps Tester Sending: • 2 pps ARP •...
  • Page 92 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 "Non conformant network_if "int-pe1-to-tester" on fp 1/1 detected at 04/18/2013 17:31:33. Policy "dcp-static-policy-1". Policer="sp-igmp"(static). Excd count=135" … [snip] … The status of DCP on the interface also shows the igmp policer as being in an Exceed state: *A:PE-1# show router interface "int-pe1-to-tester"...
  • Page 93 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 ~0.00% 0.04% …[snip]… WEB Redirect ~0.00% ~0.00% ------------------------------------------------------------------------------- Total 8,965,427 100.00% Idle 8,605,657 95.98% Usage 359,770 4.01% Busiest Core Utilization 134,481 13.49% =============================================================================== Step 10. Remove the DCP policy from the interface and see the CPU utilization goes up for the IGMP task group.
  • Page 94 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 133,029 1.48% 2.92% IP Stack 935,491 10.43% 93.45% IS-IS 1,343 0.01% 0.06% 12,350 0.13% 0.45% ~0.00% 0.03% …[snip]… WEB Redirect ~0.00% 0.01% ------------------------------------------------------------------------------- Total 8,966,128 100.00% Idle 6,972,962 77.77% Usage...
  • Page 95 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor ------------------------------------------------------------------------------- =============================================================================== The IGMP policer is indicated as conformant in the log events. *A:PE-1# show log log-id 15 =============================================================================== Event Log 15...
  • Page 96 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- …[snip]… An optional hold-down can be used in the configuration of the exceed- action of the policers in order to apply the exceed-action for a defined period (even if the policer goes conformant again during that period).
  • Page 97 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 If the dynamic-enforcement-policer-pool is too small then when a local- monitoring-policer detects violating traffic, the dynamic enforcement policers will not be able to be instantiated. A log event will warn the operator when the pool is nearly exhausted.
  • Page 98: Figure 18 Dynamic Policing - Local Monitor

    Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 − Four protocols are configured and they are all associated with the local- monitoring-policer. The all-unspecified protocol will include all other extracted control packets on the interface. −...
  • Page 99: Figure 19 Dynamic Policers Instantiated

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Figure 19 Dynamic Policers Instantiated 7750 SR-c12 (PE-1) Rate = 20 Tester Packets within 10 Seconds Tester Sending: ICMP • 1 pps ARP IGMP • 4 pps ICMP Rate = 100 •...
  • Page 100 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Policer-Name : local-mon Card/FP : 1/1 Policer-State : Exceed Protocols Mapped : arp, icmp, igmp, all-unspecified Exceed-Count : 1097 All Dyn-Plcr Alloc. : True ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Dynamic-Policer (Protocol) ------------------------------------------------------------------------------- Protocol(Dyn-Plcr)
  • Page 101 Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Step 17. Stop the tester. The dynamic policer detection timers will start counting down since they are no longer seeing violating packets. *A:PE-1# show router interface "int-pe1-to-tester" dist-cpu-protection =============================================================================== Interface "int-pe1-to-tester"...
  • Page 102 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# tools dump security dist-cpu-protection violators enforcement interface card =============================================================================== Distributed Cpu Protection Current Interface Enforcer Policer Violators =============================================================================== Interface Policer/Protocol Hld Rem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Violators on Slot-1 Fp-1 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- [S]-Static [D]-Dynamic [M]-Monitor...
  • Page 103: Conclusion

    Advanced Configuration Guide - Part I Distributed CPU Protection Releases Up To 14.0.R7 Conclusion Distributed CPU Protection (DCP) offers a powerful rate limiting function for control protocol traffic that is extracted from the data path and sent to the CPM. This example has demonstrated how to configure DCP on an interface and what indications SR OS provides to the operator during a potential attack or misconfiguration.
  • Page 104 Distributed CPU Protection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 105: Event Handling System

    Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 Event Handling System This chapter provides information about Event Handling Systems (EHS). Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter was initially written for SR OS release 13.0.R3. The CLI in the current edition is based on SR OS release 14.0.R5.
  • Page 106: Configuration

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration The topology shown in Figure 20 provides an example of an EHS configuration. All routers within the example topology participate in the same IS-IS Level-2 area and run LDP.
  • Page 107 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 exit no shutdown exit The objective of this configuration example is to ensure that both upstream and downstream traffic are always routed through the same PE router. That is, if PE-3 is VRRP Master, it will attract upstream traffic from CE-1 using the VRRP virtual IP/ MAC, but PE-3 should also be the transit PE for downstream traffic destined toward CE-1.
  • Page 108 Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Script Control The first step in configuring event handling is to configure a script containing the CLI commands to be executed when the event is triggered. This script can be stored locally on the compact flash, or it can be stored off-node at a defined remote URL, where it can be accessed using FTP or TFTP.
  • Page 109 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 with the name specified for results, followed by an underscore and the date and time that the script was run. A results file must be specified in order for the script to successfully run.
  • Page 110 Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Max lifetime allowed : 248d 13:13:56 (21474836 seconds) Completed run histories Executing run histories Initializing run histories Max time run history saved : 0d 01:00:00 (3600 seconds) Script start error : N/A Last change...
  • Page 111 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 no shutdown exit exit no shutdown exit exit Event Trigger The final step in configuring event handling is to configure the event-trigger. The event-trigger defines the event that triggers the running of the script. The event- trigger is based on any event generated by the event-control framework, and can match against the application and event number (event_id).
  • Page 112 Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Therefore, the event-trigger configuration is based on an application of VRRP and an event number of 2001 (vrrptrapNewMaster). In the following output, vrrp 2001 is configured as the event. The trigger-entry is defined as 1, and in this example, there is only one trigger event.
  • Page 113 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 • The second indicates that EHS handler event-handler-1 was invoked by a CLI user. • The third indicates that a script file has initiated an attempt to execute CLI commands contained in script file vrrp-master.txt.
  • Page 114 Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-3# show router vrrp instance =============================================================================== VRRP Instances =============================================================================== Interface Name VR Id Own Adm State Base Pri Msg Int Pol Id InUse Pri Inh Int ------------------------------------------------------------------------------- redundant-interface Master IPv4...
  • Page 115 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 Min Delay Last Exec : 10/27/2016 15:41:52 ------------------------------------------------------------------------------- Handler Action-List Entry Execution Statistics Enqueued : 11 Err Launch Err Adm Status : 0 Total : 11 =============================================================================== The example includes an event-trigger and script to meet the requirements of a fail- forward where PE-3 becomes VRRP master.
  • Page 116 Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The event-handler acts as the interface between the configured script-policy and event-trigger. Therefore, a second event-handler is configured with an action-list consisting of a single entry referencing the newly configured vrrp-backup-policy. configure event-handling handler "event-handler-2"...
  • Page 117 Advanced Configuration Guide - Part I Event Handling System Releases Up To 14.0.R7 The configuration of the example event handling for the revertive failure event (PE-3 transitions to VRRP backup) is now complete. By re-enabling the spoke-SDP between PE-1 and PE-2, the VRRP message path is restored, and PE-2 again becomes the VRRP master.
  • Page 118: Conclusion

    Event Handling System Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion EHS allows operators to configure user-defined actions on the router when an event occurs. The event trigger can be anything that is generated by the event-control framework, and explicit filtering is possible using regular expressions.
  • Page 119: Interface Configuration

    Advanced Configuration Guide - Part I Interface Configuration Releases Up To 14.0.R7 Interface Configuration In This Section This section provides interface configuration information for the following topics: • Multi-Chassis APS and Pseudowire Redundancy Interworking • Multi-Chassis LAG and Pseudowire Redundancy Interworking •...
  • Page 120 Interface Configuration Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 121: Multi-Chassis Aps And Pseudowire Redundancy Interworking

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Multi-Chassis APS and Pseudowire Redundancy Interworking This chapter describes multi-chassis APS and pseudowire redundancy interworking. Topics in this chapter include: • Applicability • Overview •...
  • Page 122 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Signaling functionality includes support for: • APS group matching between service routers. • Verification that one side is configured as a working circuit and the other side is configured as the protect circuit.
  • Page 123: Figure 21 Mc-Aps Network Topology

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 21 MC-APS Network Topology System IP System IP 192.168.13.0/30 192.0.2.1 192.0.2.3 Active Standby PE-1 PE-3 MSAN MSAN 1+1 APS 1+1 APS 192.168.12.0/30 192.168.34.0/30 System IP System IP Standby...
  • Page 124: Configuration

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 23 Access Node and Network Resilience (Part 2) TLDP Aggregation Aggregation Node Node Active Standby PE-1 PE-3 Inter-chassis Inter-chassis MSAN MSAN 1+1 APS 1+1 APS PW for VLL PW for VLL...
  • Page 125 Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking 192.168.12.2 192.0.2.3/32 Remote OSPF 00h01m05s 192.168.13.2 192.0.2.4/32 Remote OSPF 00h01m08s 192.168.12.2 192.168.12.0/30 Local Local 00h02m13s int-PE-1-PE-2 192.168.13.0/30 Local Local 00h02m12s int-PE-1-PE-3 192.168.24.0/30 Remote OSPF 00h01m17s 192.168.12.2 192.168.34.0/30...
  • Page 126 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Wait-To-Restore Timer : 5 minute(s) Step 2. MC-APS configuration on PE-1 and PE-2 Assuming the link between MSAN and PE-1 is working circuit and the link between MSAN and PE-2 is protection circuit.
  • Page 127 Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking − advertise-interval — This command specifies the time interval, in 100s of milliseconds, between 'I am operational' messages sent by both protect and working circuits to their neighbor for multi-chassis APS. −...
  • Page 128 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Step 4. Verify the MC-APS status and parameters on PE-1 and PE-2 Detailed parameters of the APS configuration on PE-1 can be verified, as follows.
  • Page 129 Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Working Circuit : N/A Protection Circuit : 1/2/1 Switching-mode : Bi-directional Switching-arch : 1+1(sig-only) Annex B : No Revertive-mode : Non-revertive Revert-time (min) Rx K1/K2 byte : 0x00/0x05 (No-Req on Protect) Tx K1/K2 byte : 0x00/0x05 (No-Req on Protect)
  • Page 130: Figure 24 Association Of Saps/Sdps And Endpoints

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 24 Association of SAPs/SDPs and Endpoints PE-1 PE-3 Apipe Apipe Active Standby MSAN MSAN 1+1 APS 1+1 APS Active Standby Apipe Apipe PE-2 PE-4 OSSG631 *A:PE-1# configure...
  • Page 131 Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking 2147483649 intVpls Down 1 _tmnx_InternalVplsService ------------------------------------------------------------------------------- Matching Services : 3 ------------------------------------------------------------------------------- =============================================================================== *A:PE-1# The Apipe service is down in PE-2 (MC-APS protect circuit), as follows: *A:PE-2# show service service-using =============================================================================== Services...
  • Page 132 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Note: After configuring ICB spoke-SDPs, the Apipe will be up on all PEs. Step 8. Verify SDP status The status of SDP 23:1 on PE-2 can be verified as follows. Peer Pw Bits shows the status of the pseudowire on the peer node.
  • Page 133: Figure 25 Icb Spoke Sdps And Association With The Endpoints

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking ---snip--- ------------------------------------------------------------------------------- Number of SDPs : 1 ------------------------------------------------------------------------------- =============================================================================== *A:PE-2# In case of failure, the access link can be protected by MC-APS. An MPLS network failure can be protected by pseudowire redundancy.
  • Page 134 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Two ICB spoke SDPs must be configured in the Apipe service on each PE router, one in each endpoint. The same SDP IDs can be used for the ICBs since the far-end will be the same.
  • Page 135 Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking *A:PE-1# show service id 1 endpoint =============================================================================== Service 1 endpoints =============================================================================== Endpoint name Description : (Not Specified) Creation Origin : manual Revert time Act Hold Delay Tx Active : aps-1:0/32 Tx Active Up Time...
  • Page 136: Figure 26 Additional Setup Example 1 (Part 1)

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 26 Additional Setup Example 1 (Part 1) PE-1 Apipe 1+1 APS MSAN MSAN MC-APS ICB Spoke-SDP Apipe PE-2 OSSG634 Figure 27 Additional Setup Example 1 (Part 2) PE-1 Apipe SDP SDP...
  • Page 137: Figure 28 Additional Setup Example 2 (Part 1A)

    Advanced Configuration Guide - Part I Multi-Chassis APS and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 28 Additional Setup Example 2 (Part 1a) PE-1 PE-3 Apipe Apipe 1+1 APS Spoke-SDP MSAN Active MSAN MC-APS ICB Spoke-SDP Spoke-SDP Standby Apipe PE-2 OSSG636 Figure 29...
  • Page 138: Figure 30 Additional Setup Example 2 (Part 2)

    Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 30 Additional Setup Example 2 (Part 2) PE-3 Apipe Spoke-SDP MSAN MC-APS ICB Spoke-SDP PE-1 Spoke-SDP Apipe Spoke-SDP Apipe Spoke-SDP PE-4 MSAN MC-APS Spoke-SDP PE-5 Apipe...
  • Page 139: Conclusion

    It supports ATM VLL and Ethernet VLL with ATM SAP. Access links and PE nodes are protected by APS and the MPLS network is protected by pseudowire redundancy/FRR. With this feature, Nokia can provide resilient end-to-end solutions. Issue: 01 3HE 11598 AAAB TQZZA 01...
  • Page 140 Multi-Chassis APS and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 141: Multi-Chassis Lag And Pseudowire Redundancy Interworking

    MC-LAG MC-LAG is an extension to the LAG feature to provide not only link redundancy but also node-level redundancy. This feature provides a Nokia added value solution which is not defined in any IEEE standard. A proprietary messaging system between redundant-pair nodes supports coordinating the LAG switchover.
  • Page 142: Figure 31 Mc-Lag Example Topology

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Pseudowire Redundancy Pseudowire (PW) redundancy provides the ability to protect a pseudowire with a pre- provisioned pseudowire and to switch traffic over to the secondary standby pseudowire in case of a SAP and/or network failure condition.
  • Page 143: Figure 32 Network Resiliency

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 32 shows the use of both MC-LAG in the access network and pseudowire redundancy in the core network to provide a resilient end-to-end VLL service between CE-5 and CE-6.
  • Page 144: Configuration

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Configuration It is assumed that the following base configuration has been implemented on the PEs: • Cards, MDAs and ports • Interfaces • IGP configured and converged •...
  • Page 145 Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking =============================================================================== *A:PE-1# The following command shows that the SDPs are up: *A:PE-1# show service sdp ============================================================================ Services: Service Destination Points ============================================================================ SdpId AdmMTU OprMTU Far End ---------------------------------------------------------------------------- 1556...
  • Page 146 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 The LAG encapsulation type (null | dot1q | qinq) must match the port encapsulation type of the LAG members. Auto-negotiation must be switched off or configured to limited. Configure LACP on the LAG.
  • Page 147 Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking no shutdown exit no shutdown exit exit Step 4. MC-LAG verification. Verify MC peers showing that the authentication and admin state are enabled. *A:PE-1# show redundancy multi-chassis sync =============================================================================== Multi-chassis Peer Table ===============================================================================...
  • Page 148 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 There is a fixed keepalive timer of 1 second. The hold-on-neighbor- failure multiplier command indicates the interval that the standby node will wait for packets from the active node before assuming a redundant- neighbor failure.
  • Page 149 Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking The selection criteria by default is highest number of links and priority. In this example, the number of links and the priority of the links is the same on both redundant PEs.
  • Page 150 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Subgrp hold time : 0.0 sec Remaining time : 0.0 sec Subgrp selected Subgrp candidate Subgrp count System Id : 4a:c4:ff:00:00:00 System Priority : 32768 Admin Key : 32768 Oper Key...
  • Page 151: Figure 33 Association Of Saps/Sdps And Endpoints

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 33 Association of SAPs/SDPs and Endpoints PE-3 PE-1 epipe epipe MC-LAG MC-LAG CE-6 CE-5 PE-4 PE-2 epipe epipe OSSG382 *A:PE-1# configure service epipe 1 customer 1 create endpoint "X"...
  • Page 152 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 2147483649 intVpls Down 1 _tmnx_InternalVplsService ------------------------------------------------------------------------------- Matching Services : 3 ------------------------------------------------------------------------------- =============================================================================== *A:PE-1# *A:PE-2# show service service-using =============================================================================== Services =============================================================================== ServiceId Type CustomerId Service Name ------------------------------------------------------------------------------- Epipe Down 1...
  • Page 153 Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Step 11. Verify SDP status Local pseudowire bits indicate the status of the pseudowire on the PE node. These pseudowire bits will be sent to the peer. Peer pseudowire bits indicate the status of the pseudowire on the peer, as sent by the peer.
  • Page 154 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 In this example, the remote side of the SDP is sending lacIngressFault lacEgressFault pwFwdingStandby flags. This is because the Epipe service on PE-3 is down because the MC-LAG is in standby/down status. Link and node protection can be tested.
  • Page 155: Figure 34 Icb Spoke Sdps And Their Association With The Endpoints

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 34 ICB Spoke SDPs and Their Association with the Endpoints PE-3 PE-1 epipe epipe SDP SDP SDP MC-LAG MC-LAG ICB Spoke-SDP ICB Spoke-SDP CE-5 CE-6 SDP SDP SDP...
  • Page 156 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 spoke-sdp 21:1 endpoint "Y" icb create exit spoke-sdp 21:2 endpoint "X" icb create exit *A:PE-3# configure service epipe 1 spoke-sdp 34:1 endpoint "X" icb create exit spoke-sdp 34:2 endpoint "Y"...
  • Page 157 Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Last Tx Active Change : 10/25/2016 07:45:31 ------------------------------------------------------------------------------- Members ------------------------------------------------------------------------------- Spoke-sdp: 12:2 Prec:4 (icb) Oper Status: Up Spoke-sdp: 13:1 Prec:4 Oper Status: Up Spoke-sdp: 14:1 Prec:4 Oper Status: Up =============================================================================== ===============================================================================...
  • Page 158: Figure 35 Additional Setup Example 1

    Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 Figure 35 Additional Setup Example 1 PE-1 epipe MC-LAG MC-LAG ICB Spoke-SDP ICB Spoke-SDP CE-1 CE-2 epipe = SDP PE-2 = SAP PE-1 epipe CE-2 MC-LAG ICB Spoke-SDP...
  • Page 159: Figure 36 Additional Setup Example 2

    Advanced Configuration Guide - Part I Multi-Chassis LAG and Pseudowire Redundancy Releases Up To 14.0.R7 Interworking Figure 36 Additional Setup Example 2 PE-1 PE-3 epipe epipe Spoke- MC-LAG CE-2 ICB Spoke-SDP ICB Spoke-SDP CE-1 Spoke-SDP epipe = SDP PE-2 = SAP PE-1 PE-3 epipe...
  • Page 160 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 MC-LAG in VPLS Services MC-LAG can also be configured in VPLS services. When the MC-LAG converges, the PE that transitions to standby state for the MC-LAG will send out an LDP address withdrawal message to all peers configured in the VPLS service.
  • Page 161: Conclusion

    *A:PE-1# tools perform lag clear-force lag-id 1 Conclusion MC-LAG is a Nokia added value redundancy feature that offers fast access link convergence in Epipe and VPLS services for CE devices that support standard LACP. PE node convergence for VPLS services is enhanced by using LDP address withdrawal messages to flush the FDB on the PE peers.
  • Page 162 Multi-Chassis LAG and Pseudowire Redundancy Advanced Configuration Guide - Part I Interworking Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 163: Port Cross-Connect (Pxc)

    • 7750 SR-7/12/12e in chassis mode D with SFM5 using FP3-based 10GE and 100GE ports • 7450 ESS-7/12 in mixed-mode with SFM5 using FP3-based 10GE and 100GE ports The information and configuration in this chapter is based on SR OS Release 14.0.R5.
  • Page 164 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When traffic is passed through the egress data path of the PXC, it can be used for additional packet processing that cannot be supported on the ingress data path, such as the removal of an encapsulation header.
  • Page 165: Configuration

    Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 Figure 37 Example Topology PE-2 PE-4 192.0.2.2 192.0.2.4 AS 64496 Test Port A CE-2 CE-4 Test Port B 172.31.102.2/24 172.31.104.2/24 PE-7 192.0.2.7 Test Port C 172.31.107.2/24 26223 PE-7 will host the PXC and is equipped with an FP3-based 20 x 10GE IMM in slot 1 for this purpose, as shown in the following output: *A:PE-7# show card 1...
  • Page 166 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Non-Redundant PXC The non-redundant PXC is created within the port-xc context and can be numbered from 1 to 64. A port must be assigned to the PXC before it is put into a no shutdown state, and that port must be in a shutdown state when it is assigned.
  • Page 167 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 *A:PE-7# configure port pxc-1.b no shutdown The physical port assigned to the PXC must also now be put into a no shutdown state in order for the PXC to become operational: *A:PE-7# configure port 1/2/1 no shutdown The command in the following output can then be used to verify the operational state of the PXC:...
  • Page 168: Figure 38 Non-Redundant Pxc

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 38 Non-Redundant PXC Port FP3 complex Switch Fabric PXC-1.a Upstream PXC-1.b Downstream 26224 When using a PXC, the physical port effectively simulates two (sub-)ports, which creates two egress traffic paths: one upstream and one downstream. When the receive side of the PXC port receives those paths, it needs to distinguish between them, and this is where the internal additional VLAN tag is used.
  • Page 169 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit As with the non-redundant PXC, when the PXC has been put into a no shutdown state, two PXC sub-ports with .a and .b suffixes are automatically created by the system for each PXC port: *A:PE-7# show port pxc [2..3] ===============================================================================...
  • Page 170: Figure 39 Pxc Redundant Mode With Lag

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Admin Oper Port Description State State ------------------------------------------------------------------------------- 1/2/3 PXC redundant =============================================================================== The PXC sub-ports are then associated with two LAGs to essentially form an internal back-to-back LAG. To do this, both sub-ports with the .a suffix belong to one LAG instance, and both sub-ports with the .b suffix belong to the other LAG instance.
  • Page 171 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 When the LAGs are configured and the associated PXC sub-ports assigned as member links, the operational status can be verified. Note that at the LAG level, each of the configured LAG instances is not aware that it is internally connected to another LAG instance, even though the member sub-ports are logically looped.
  • Page 172 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 DVSM Mode DVSM mode enables the creation of a back-to-back cross-connect. This back-to- back connection can be network-to-network, access-to-access, or a combination such as network-to-access. To provide an example of using DVSM mode, PE-4 in Figure 1 functions as a Layer 2 backhaul device, and PE-7 housing the PXC functions as the Layer 3 service edge.
  • Page 173 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 service sdp 2004 mpls create far-end 192.0.2.4 no shutdown exit epipe 11 customer 1 create sap pxc-1.a:100 create no shutdown exit spoke-sdp 2004:11 create no shutdown exit no shutdown exit The VPRN configuration at the corresponding side of the PXC port is shown in the...
  • Page 174 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PXC Port Dimensioning When the VPRN service at PE-7 is put into a no shutdown state, the EBGP session to CE-4 is established. The relevant routes are exchanged between CE-4 and PE-7 and traffic can be exchanged between test ports B (connected to CE-4) and C (connected to PE-7).
  • Page 175 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 However, the PXC sub-ports are subtly different. Consider SAP ingress traffic entering the VPRN at PE-7 from the locally connected test port C destined toward test port B at CE-4. At the ingress to PE-7, this traffic is mapped to FC Expedited Forwarding (EF) and forwarded into the PXC port through SAP pxc-1.b:100.
  • Page 176 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The configuration of the Tier 1 scheduler "aggregate-rate" referenced by the child queues in the preceding SAP-egress QoS policy is shown in the following output. The scheduler in turn references a port-scheduler-policy using the command port- parent.
  • Page 177 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit exit On the opposing side of the PXC loop, the dot1p markings imposed by the VPRN SAP egress are used to reclassify traffic back to its original FC mapping. The following output shows the SAP-ingress QoS policy applied at the Epipe PXC sub- port SAP (pxc-1.a:100).
  • Page 178 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 AS Mode AS mode creates an FPE context that is used to provide information to the system about which PXC ports or LAGs are paired, so that the configuration process can be simplified by automatic provisioning of cross-connects.
  • Page 179 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 After the sdp-id-range is configured, the fpe instance is created and the user enters the fpe context. The path command is used to assign redundant or non-redundant PXC objects to the FPE.
  • Page 180 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The next step is to configure a pseudowire-port (pw-port) that will be used for terminating services. The creation of the pw-port creates a new context in which the only required configuration is to define the encapsulation type as dot1q or qinq.
  • Page 181 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 The following output shows the SDPs belonging to the preceding vc-switched Epipe service configured. The first SDP with identifier 2004:13 is the pseudowire toward PE-4 with VC-ID 13. The second SDP has identifier 17280:1 allocated from the preconfigured sdp-id-range, and has a type of Fpe.
  • Page 182: Figure 40 As Mode With Redundant Fpe

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In SR OS, the combination of SDP ID and VC-ID is always associated with a service. When using AS mode, the system automatically creates an internal VPLS service with ID 2147383649 and a name of _tmns_InternalVplsService.
  • Page 183 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 exit exit group "EBGP" ---snip--- no shutdown exit exit FPE Port Dimensioning After the VPRN service at PE-7 is put into a no shutdown state, the EBGP session to CE-4 is established.
  • Page 184 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Totals 54200 54200 % Util ~0.00 ~0.00 ! indicates that the port is assigned to a port-xc. Traffic is then generated unidirectionally upstream from test port B (connected to CE4) toward port C (connected to PE7) at a rate of 100 packets/s.
  • Page 185 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 The internal cross-connects also use the default network-queue policy named "default". While this policy also cannot be modified, it is possible to configure and apply a non-default network-queue policy (including a port-scheduler policy, if required) at PXC sub-port level.
  • Page 186 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 queue 3 expedite create parent "aggregate-rate" cir-level 3 rate 2000 cir 2000 exit fc af create queue 2 exit fc be create queue 1 exit fc ef create queue 3 exit exit...
  • Page 187 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 vprn 12 customer 1 create interface "to-CE-4" create sap pw-1:100.1024 create egress scheduler-policy "egress-hqos-scheduler" scheduler-override scheduler "aggregate-rate" create rate 25000 exit exit qos 12 exit exit exit When traffic is generated downstream toward CE-4 in FC EF at a rate of 100 packets/ s, the first point of verification is the VPRN pw-port SAP egress.
  • Page 188 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The last point of verification is the network egress interface toward PE-4. Again, a check at the physical port level shows that packets are incrementing in egress queue 6.
  • Page 189 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 correct FC by the SAP-ingress QoS policy. The following output shows the SAP- ingress QoS policy applied to the pw-port SAP within the VPRN. Because the EXP- to-FC mapping could not be completed, FC reclassification is required in order to map traffic to its original FC before transiting the FPE.
  • Page 190 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The SAP-ingress QoS policy is applied to the pw-port SAP within the VPRN, together with the ingress H-QoS scheduler. An override of the scheduler rate is also applied. PE-7 configure service...
  • Page 191 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 OAM Continuity The FPE pw-port functionality may be used by redundant routers to provide resilient service termination for a Layer 2 backhaul node implementing a mechanism such as active/standby pseudowire.
  • Page 192 Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE- 4# show service id 13 sdp 2007:13 detail | match expression "Local Pw Bits|Peer Pw B its|Admin State" Admin State : Up Oper State : Up Local Pw Bits : pwFwdingStandby Peer Pw Bits...
  • Page 193 Advanced Configuration Guide - Part I Port Cross-Connect (PXC) Releases Up To 14.0.R7 VC-Id : 100001 Admin Status : up Encap : qinq Oper Status : down VC Type : ether Admin Ingress label : 262127 Admin Egress label : 262128 Oper Flags : stitchingSvcTxDown Monitor Oper-Group...
  • Page 194: Conclusion

    Port Cross-Connect (PXC) Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This example in the AS mode section illustrated how notification of a downstream failure is propagated through the components of the PXC in AS mode and reflected in the status of the pw-port (and its associated services).
  • Page 195: Router Configuration

    Advanced Configuration Guide - Part I Router Configuration Releases Up To 14.0.R7 Router Configuration In This Section This section provides configuration information for the following topics: • 6PE Next-Hop Resolution • Aggregate Route Indirect Next-Hop Option • Bi-Directional Forwarding Detection •...
  • Page 196 Router Configuration Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 197: 6Pe Next-Hop Resolution

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next-Hop Resolution This chapter provides information about 6PE Next-Hop Resolution. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.
  • Page 198: Figure 41 Ipv6 Provider Edge (6Pe)

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 41 IPv6 Provider Edge (6PE) RR-3 MPLS 2001::10:10:1:0/120 2001::10:10:4:0/120 MPLS tunnel CE-1 CE-4 PE-1 PE-4 Dual stack Dual stack 6PE router 6PE router IPv6 IPv4 IPv6 26333 The 6PE route next-hop resolution is configured using the following command: *A:PE-1# configure router bgp next-hop-resolution label-route-transport-...
  • Page 199: Configuration

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 With 6PE next-hop resolution set to filter, a subset of protocols is required, and LDP is automatically added to the protocol list in the resolution filter. The following example shows that when one tries to create a resolution filter that includes the BGP protocol only, the resolution filter includes LDP and BGP.
  • Page 200: Figure 42 Example Topology

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 42 Example Topology RR-3 192.0.2.3 MPLS 192.168.23.0/30 2001::10:10:1:0/120 2001::10:10:4:0/120 192.168.12.0/30 192.168.24.0/30 CE-1 CE-4 PE-1 PE-4 192.0.2.1 192.0.2.2 192.0.2.4 IPv6 IPv4 IPv6 26334 The initial configuration on the nodes is as follows: •...
  • Page 201 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 sr-isis exit resolution filter exit exit exit group "iBGP" export "export-6pe" peer-as 64496 neighbor 192.0.2.3 family label-ipv6 exit exit The export policy "export-6pe" exports the IPv6 prefixes that are local to the PE, for example, on PE-1: 2001::10:10:1:0/120, and is defined as follows: configure router...
  • Page 202 6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 IES Configuration On PE-1, an IES is configured with IPv6 addresses on the interface toward CE-1, as follows: configure service ies 1 customer 1 create description "6PE" interface "int-PE-1-CE-1"...
  • Page 203 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next Hop Resolved to an LDP Tunnel On PE-1, the route for prefix 2001::10:10:4:0/120 uses a tunnel to 6PE next hop 192.0.2.4, as follows: *A:PE-1# show router route-table 2001::10:10:4:0/120 =============================================================================== IPv6 Route Table (Router: Base) ===============================================================================...
  • Page 204: Figure 43 6Pe Next Hop Resolved To An Ldp Tunnel

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Total Entries : 1 The extended route information for IPv6 prefix 2001::10:10:4:0/120 shows that the 6PE next hop 192.0.2.4 is resolved to an LDP tunnel: *A:PE-1# show router route-table 2001::10:10:4:0/120 extensive =============================================================================== Route Table (Router: Base) ===============================================================================...
  • Page 205 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 6PE Next Hop Resolved to an RSVP-TE Tunnel MPLS and RSVP are enabled on the interfaces between the PEs and P-2. On both PEs, an RSVP-TE LSP is configured toward the peer PE; for example, on PE-1: configure router mpls...
  • Page 206: Figure 44 6Pe Next Hop Resolved To An Rsvp-Te Tunnel

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Indirect Next-Hop : 192.0.2.4 Label : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight : N/A Resolving Next-Hop : 192.0.2.4 (RSVP tunnel:1) Metric : 20 ECMP-Weight : N/A ------------------------------------------------------------------------------- No. of Destinations: 1 Figure 44 shows that the 6PE next hop 192.0.2.4 is resolved to an RSVP-TE tunnel, even though an LDP tunnel is available too.
  • Page 207 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 segment-routing prefix-sid-range start-label 20000 max-index 99 no shutdown exit exit For more information about SR-ISIS, see chapter Segment Routing with IS-IS Control Plane. The following output shows that three tunnels are available toward 6PE next hop 192.0.2.4/32: *A:PE-1# show router fp-tunnel-table 1 192.0.2.4/32 ===============================================================================...
  • Page 208 6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 To verify that LDP tunnels are preferred over SR-ISIS tunnels, the RSVP-TE LSPs are put in a shutdown state, as follows: *A:PE-1# configure router mpls lsp "LSP-PE-1-PE-4" shutdown *A:PE-4# configure router mpls lsp "LSP-PE-4-PE-1"...
  • Page 209 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 *A:PE-1# show router fp-tunnel-table 1 192.0.2.4/32 =============================================================================== Tunnel Table Display Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 192.0.2.4/32 SR-ISIS-0 20004 192.168.12.2 1/1/1 ------------------------------------------------------------------------------- Total Entries : 1 The 6PE next hop 192.0.2.4 is resolved to an SR-ISIS tunnel, as follows:...
  • Page 210: Figure 45 6Pe Next Hop Resolved To An Sr-Isis Tunnel

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 45 6PE Next Hop Resolved to an SR-ISIS Tunnel RR-3 SR-ISIS 2001::10:10:1:0/120 2001::10:10:4:0/120 SR-ISIS tunnel CE-1 CE-4 PE-1 PE-4 Dual stack Dual stack 6PE router 6PE router IPv6 IPv4 IPv6...
  • Page 211: Figure 46 Example Topology For Seamless Mpls

    Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 Figure 46 Example Topology for Seamless MPLS 192.168.12.0/30 192.168.23.0/30 192.168.34.0/30 2001::10:10:1:0/120 2001::10:10:4:0/120 CE-1 CE-4 PE-1 ABR-2 ABR-3 PE-4 Dual stack 192.0.2.2/32 192.0.2.3/32 Dual stack 6PE router 6PE router 192.0.2.1/32 192.0.2.4/32 IPv6...
  • Page 212: Figure 47 Configured Protocols For Seamless Mpls

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 47 shows the configured protocols for this example: IS-IS instances, LDP, BGP labeled IPv4 with the ABRs as route reflector with next-hop-self (NHS) option, and BGP labeled IPv6 peering between PE-1 and PE-4. Figure 47 Configured Protocols for Seamless MPLS Aggregation...
  • Page 213 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 interface "system" exit interface "int-ABR-2-ABR-3" interface-type point-to-point exit exit interface-parameters interface "int-ABR-2-PE-1" exit interface "int-ABR-2-ABR-3" exit exit exit The configuration is similar on the other nodes. Only the ABRs have two IS-IS instances configured;...
  • Page 214 6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 neighbor 192.0.2.4 family label-ipv6 exit exit The configuration is similar on PE-4, but the neighbor IP addresses are different. The resolution filter will include LDP as well as BGP, because it is added automatically.
  • Page 215 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 The BGP configuration on ABR-2 has two different groups for BGP labeled IPv4 peering: one toward the aggregation network-with the ABR as RR-and one toward the core, as follows: configure router autonomous-system 64496...
  • Page 216 6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Legend : D - Dynamic Neighbor =============================================================================== Neighbor Description ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family) PktSent OutQ ------------------------------------------------------------------------------- 192.0.2.2 Def. Instance 64496 0 00h00m08s 1/1/1 (Lbl-IPv4) 192.0.2.4 Def.
  • Page 217 Advanced Configuration Guide - Part I 6PE Next-Hop Resolution Releases Up To 14.0.R7 ------------------------------------------------------------------------------- 192.0.2.4/32 262135 192.0.2.2 ------------------------------------------------------------------------------- Total Entries : 1 On ABR-2, the BGP labeled route to 192.0.2.4/32 has next hop 192.0.2.3 and uses an LDP tunnel in the core network to reach ABR-3, as follows: *A:ABR-2# show router fp-tunnel-table 1 192.0.2.4/32 =============================================================================== Tunnel Table Display...
  • Page 218: Conclusion

    6PE Next-Hop Resolution Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 48 BGP Labeled IPv4 Tunnel for 192.0.2.4/32 Using LDP Tunnels Aggregation Core Aggregation 2001::10:10:1:0/120 2001::10:10:4:0/120 CE-1 CE-4 PE-1 ABR-2 ABR-3 PE-4 Dual stack Dual stack 6PE router 6PE router Legend: LDP tunnel...
  • Page 219: Aggregate Route Indirect Next-Hop Option

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 Aggregate Route Indirect Next-Hop Option This chapter provides information about aggregate route indirect next-hop option configurations. Topics in this chapter include: • Applicability • Overview •...
  • Page 220: Configuration

    Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 49 Aggregate Routes 10.16.12.0/24 10.16.13.0/24 10.16.14.0/24 10.16.12.0/22 Router A Router B Routing Table Routing Table 10.16.15.0/24 10.16.12.0/24 10.16.12.0/22 10.16.13.0/24 10.16.14.0/24 10.16.15.0/24 al_0294 Figure 49, Router A could choose to advertise all the four routes or one aggregate route.
  • Page 221: Figure 50 Example Topology

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 Figure 50 Example topology Aggregate Route with Indirect Next Hop Resolved Indirect Next Hop PE-1 PE-2 192.168.12.0/30 192.0.2.1/32 192.0.2.1/32 192.0.2.2/32 192.168.14.0/30 192.168.23.0/30 al_0295 Initial Configuration The nodes have the following basic configuration: •...
  • Page 222 Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Aggregate Route with Indirect Next Hop Option This feature adds a keyword indirect and an associated IP address parameter to the aggregate command in these configuration contexts: —...
  • Page 223 Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 • <ip-address> — Installing an aggregate route with an indirect next-hop is supported for both IPv4 and IPv6 prefixes. However if the aggregate prefix is IPv6 the indirect next-hop must be an IPv6 address and if the aggregate prefix is IPv4 the indirect next-hop must be an IPv4 address.
  • Page 224 Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Aggregates: 1 =============================================================================== *A:PE-1# The inactive aggregate route does not appear in the routing table: *A:PE-1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type...
  • Page 225 Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 *A:PE-1# show router aggregate =============================================================================== Legend: G - generate-icmp enabled =============================================================================== Aggregates (Router: Base) =============================================================================== Prefix Aggr IP-Address Aggr AS Summary AS Set State NextHop Community NextHopType -------------------------------------------------------------------------------...
  • Page 226 Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# configure router static-route-entry 192.168.11.0/24 next-hop 192.168.12.2 no shutdown exit exit In the route table, the aggregate route is no longer black-holed. The next hop for the indirect next hop is 192.168.12.2 (PE-2).
  • Page 227: Conclusion

    Advanced Configuration Guide - Part I Aggregate Route Indirect Next-Hop Option Releases Up To 14.0.R7 ------------------------------------------------------------------------------- 10.16.12.0/22 Remote Static 00h00m00s 192.168.23.2 192.0.2.2/32 Local Local 00h13m44s system 192.168.12.0/30 Local Local 00h13m44s int-PE-2-PE-1 192.168.23.0/30 Local Local 00h13m44s int-PE-2-PE-3 ------------------------------------------------------------------------------- No. of Routes: 4 Conclusion Aggregate routes offer several advantages, the key being reduction in the routing table size and overcoming routing loops, among other things.
  • Page 228 Aggregate Route Indirect Next-Hop Option Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 229: Bi-Directional Forwarding Detection

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Bi-Directional Forwarding Detection This chapter provides information about bi-directional forwarding (BFD) detection. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to the 7x50 series. BFD timing differences among platforms will be indicated.
  • Page 230 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD protocol provides rapid link continuity checking between network devices, and the state of BFD can be propagated to IP routing protocols to drastically reduce convergence time in cases where a physical network error occurs in a transport network.
  • Page 231: Configuration

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 51 BFD Multi-Scenarios BFD Session Transport Transport Netw or IES Netw or IES Device Device Supported Protocols: • OSPF • IS-IS System i/f • BGP • PIM •...
  • Page 232: Figure 52 Bfd Centralized Sessions

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 − Minimum 300 ms in 7x50 SR-1 and ESS-1 − Minimum 100 ms in 7x50 equipped with SF/CPM 1 and in every 7x50 up to Release 7.0 −...
  • Page 233: Figure 53 Bfd Interface Configuration

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 On the other end, when the two peers are directly connected, the BFD session is local by default, but in a 7x50 equipped with SF/CPM 2 or higher, the user can choose what session type (local or centralized) to implement.
  • Page 234 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit On PE2: configure router interface "int-PE-2-PE-1" address 192.168.1.2/30 port 1/1/2 bfd 100 receive 100 multiplier 3 no shutdown exit exit exit The following show commands are used to verify the BFD configuration on the router interfaces on PE1 and PE2.
  • Page 235 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 bfd <transmit-interval> [receive <receive-interval>] [multiplier <multiplier>] [echo-receive <echo-interval>] [type <cpm-np>] no bfd <transmit-interval> : [10..100000] in milliseconds <receive-interval> : [10..100000] in milliseconds <multiplier> : [3..20] <echo-interval> : [100..100000] in milliseconds <cpm-np>...
  • Page 236 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 int-PE-1-PE-2 192.168.1.2 ospf2 ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-1# If the command gives a negative output, troubleshoot it by firstly checking that the protocol that is bound to it is up: for instance, check the OSPF neighbor adjacency as shown in following example.
  • Page 237: Figure 54 Bfd For Isis

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Rx Interval : 100 Tx Interval : 100 Multiplier Echo Interval Recd Msgs : 996 Sent Msgs : 1031 Up Time : 0d 00:00:07 Up Transitions Down Time : None Down Transitions : 1 Version Mismatch : 0...
  • Page 238 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit On PE2: configure router isis interface "int-PE-2-PE-1" bfd-enable ipv4 exit exit exit exit Finally, verify that the BFD session is operational between PE1 and PE2. On PE1: *A:PE-1# show router bfd session ===============================================================================...
  • Page 239: Figure 55 Bfd For Ospf

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 BFD for OSPF The goal of this section is to configure BFD on a network interlink between two 7750 nodes that are OSPF peers. For this scenario, the topology is shown in Figure Figure 55 BFD for OSPF...
  • Page 240 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Verify that the BFD session is operational between PE1 and PE2. On PE1: *A:PE-1# show router bfd session =============================================================================== Legend: wp = Working path pp = Protecting path =============================================================================== BFD Session ===============================================================================...
  • Page 241: Figure 56 Bfd For Ospf And Pim

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 56 BFD for OSPF and PIM Same BFD Session Bound To Both OSPF and PIM Transport Transport int-PE-1-PE-2 int-PE-2-PE-1 Device Device port 1/1/1 port 1/1/2 192.168.1.1 192.168.1.2 OSPF and PIM OSSG558...
  • Page 242: Figure 57 Bfd For Static Routes

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 LAG port LAG ID ------------------------------------------------------------------------------- int-PE-1-PE-2 192.168.1.2 ospf2 pim ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-1# On PE2: *A:PE-2# show router bfd session =============================================================================== Legend: wp = Working path pp = Protecting path =============================================================================== BFD Session...
  • Page 243 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router static-route 10.1.2.0/24 next-hop 192.168.1.2 exit exit On PE2: configure router static-route 10.1.1.0/24 next-hop 192.168.1.1 exit exit Next, verify that static routes are populated in the routing table. On PE1: *A:PE-1# show router route-table protocol static ===============================================================================...
  • Page 244 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The next step is to configure the base level BFD on PE1 and PE2. Refer to paragraph BFD Base Parameter Configuration and Troubleshooting. Then apply BFD to the static routing entries using the BFD interfaces as next-hop. On PE1: configure router...
  • Page 245: Figure 58 Bfd For Ies Over Spoke Sdp

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 If/Lsp Name/Svc-Id/RSVP-sess State Tx Intvl Rx Intvl Multipl Rem Addr/Info/SdpId:VcId Protocols Tx Pkts Rx Pkts Type LAG port LAG ID ------------------------------------------------------------------------------- int-PE-2-PE-1 192.168.1.1 static ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-2# BFD for IES...
  • Page 246 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 On PE-2: configure service ies 2 customer 1 create interface int-IES-PE-2-PE-1 create address 192.168.3.2/30 spoke-sdp 2010:1 create exit exit no shutdown exit exit exit The next step is to add the IES interfaces to the OSPF area domain. On PE-1: configure router...
  • Page 247 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Service Basic Information =============================================================================== Service Id Vpn Id Service Type : IES Name : (Not Specified) Description : (Not Specified) Customer Id Creation Origin : manual Last Status Change: 12/09/2015 10:25:21 Last Mgmt Change : 12/09/2015 10:25:08 Admin State...
  • Page 248 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== *A:PE-2# *A:PE-2# show router ospf neighbor =============================================================================== Rtr Base OSPFv2 Instance 0 Neighbors =============================================================================== Interface-Name Rtr Id State RetxQ Area-Id ------------------------------------------------------------------------------- int-PE-2-PE-1 192.0.2.1 Full 0.0.0.0 int-IES-PE-2-PE-1 192.0.2.1 Full 0.0.0.0...
  • Page 249 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Note that in case of BFD over spoke SDP, a centralized BFD session is created even if a physical link exists between the two nodes. In fact, the next output shows that BFD session type is cpm-np.
  • Page 250: Figure 59 Bfd For Rsvp

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 59 BFD for RSVP BFD Session for RSVP RSVP RSVP int-PE-2-PE-1 int-PE-1-PE-2 LSP-PE-1-PE-2 LSP-PE-2-PE-1 RSVP-TE OSSG561 To enable the BFD session between the two RSVP peers, the user should follow these steps: First, configure BFD on interfaces between PE-1 and PE-2 as described in BFD Base...
  • Page 251 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 no shutdown exit exit exit On PE-2: configure router mpls interface "system" no shutdown exit interface "int-PE-2-PE-1" no shutdown exit exit rsvp interface "system" no shutdown exit interface "int-PE-2-PE-1"...
  • Page 252 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Then, apply BFD on the RSVP Interfaces. On PE1: configure router rsvp interface "int-PE-1-PE-2" bfd-enable exit exit exit exit On PE2: configure router rsvp interface "int-PE-2-PE-1" bfd-enable exit exit exit...
  • Page 253: Figure 60 Bfd For T-Ldp

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 If/Lsp Name/Svc-Id/RSVP-sess State Tx Intvl Rx Intvl Multipl Rem Addr/Info/SdpId:VcId Protocols Tx Pkts Rx Pkts Type LAG port LAG ID ------------------------------------------------------------------------------- int-PE-2-PE-1 192.168.1.1 rsvp ------------------------------------------------------------------------------- No. of BFD sessions: 1 =============================================================================== *A:PE-2# BFD for T-LDP...
  • Page 254 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When using BFD over other links with the ability to reroute, such as spoke-SDPs, the interval and multiplier values configuring BFD should be set to allow sufficient time for the underlying network to re-converge before the associated BFD session expires.
  • Page 255 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router targeted-session peer 192.0.2.2 bfd-enable exit exit exit exit exit Note that the loopback interface can be used to source BFD sessions to many peers in the network. Finally, check that the BFD session is up.
  • Page 256: Figure 61 Bfd For Ospf Pe-Ce I/F

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When the T-LDP session comes up, a centralized BFD session is always created (cpm-np) even if the local interface has a direct link to the peer. BFD for OSPF PE-CE Adjacencies This feature extends BFD support to OSPF within a VPRN context when OSPF is used as the PE-CE protocol.
  • Page 257 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 configure router interface "int-CE-1-PE-1" address 172.16.0.2/24 port 1/1/1:1 bfd 100 receive 100 multiplier 3 no shutdown exit ospf area 0 interface int-CE-1-PE-1 exit exit exit exit exit Then, ensure that OSPF adjacency is up.
  • Page 258 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Enable BFD on the CE-1-PE-1 interface on CE-1. configure router ospf area 0 interface int-CE-1-PE-1 bfd-enable Finally, check that the BFD sessions are up in both PE-1 and CE-1. *A:PE-1# show router 1 bfd session =============================================================================== Legend:...
  • Page 259: Figure 62 Bfd Sessions Within Ipsec Tunnels

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Figure 62 BFD Sessions within IPSec Tunnels Interface Private-ipsec 192.168.2.254/24 Interface Public-ipsec ISA-IPsec 192.168.2.1/24 Interface to Internet SAP ipsec-1.public:1 SAP ipsec-1.private:1 192.168.1.1/24 VPRN 2 BFD Session Loopback i/f 172.16.2.1/32 10.1.1.0/24 172.16.1.1...
  • Page 260 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 interface "public-ipsec" create address 192.168.2.1/24 sap tunnel-1.public:1 create exit exit no shutdown exit exit exit configure service vprn 2 customer 1 create ipsec security-policy 1 create entry 10 create local-ip 192.168.3.1/32 remote-ip any exit...
  • Page 261 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 static-route 10.1.2.0/24 ipsec-tunnel "t2" metric 1 static-route 10.1.2.0/24 ipsec-tunnel "t3" metric 5 no shutdown exit exit exit Then configure the BFD parameters within loopback interface loop (refer to Base Parameter Configuration and Troubleshooting).
  • Page 262: Figure 63 Logic For Shared Bfd Sessions

    Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • BFD over IPSec sessions are centralized, managed by the hardware on the CPM. • Only BFD over static lan-to-lan tunnel is supported in Release 8.0 (not dynamic). •...
  • Page 263: Figure 64 Bfd For Vrrp

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 BFD for VRRP This feature assigns a BFD session to provide a heart-beat mechanism for the given VRRP instance. It should be noted that there can be only one BFD session assigned to any given VRRP instance, but there can be multiple VRRP sessions using the same BFD session.
  • Page 264 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 On PE-2: configure service ies 10 customer 1 create interface "int-vrrp-ies-PE-2" create address 192.168.1.2/24 sap 1/1/3:10 create exit exit no shutdown exit exit exit Verify that the IES services are operational (show service service-using) and verify that you can ping the remote interface IP address.
  • Page 265 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 no shutdown exit exit exit On PE-2: configure service ies 10 customer 1 create interface "int-vrrp-ies-PE-2" create vrrp 10 backup 192.168.1.1 ping-reply telnet-reply ssh-reply exit vrrp 30 owner backup 192.168.1.2 exit exit...
  • Page 266 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit no shutdown exit exit exit The parameters used for the BFD are set by the BFD command under the IP interface. Note that unlike the previous scenarios, the user can enter the commands above, enabling the BFD session, even if the specified interface (vrrp_ies_PE1) has not been configured with BFD parameters.
  • Page 267 Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 =============================================================================== =============================================================================== *A:PE-1# This session is shared by all the VRRP instances configured between the specified interfaces. When BFD is configured in a VRRP instance, the following command gives details of BFD related to every instance: *A:PE-1# show router vrrp instance interface "int-vrrp-ies-PE-1"...
  • Page 268 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type...
  • Page 269: Conclusion

    Advanced Configuration Guide - Part I Bi-Directional Forwarding Detection Releases Up To 14.0.R7 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0...
  • Page 270 Bi-Directional Forwarding Detection Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD is linked to a protocol state. For BFD session to be established, the prerequisite condition is that the protocol to which the BFD is linked must be operationally active. Once the BFD session is established, the state of the protocol to which BFD is tied to is then determined based on the BFD session’s state.
  • Page 271: Hybrid Openflow Switch

    • Conclusion Applicability This feature is applicable to 7750 SR-7/12 and 7450 ESS-7/12, both running IOM-2 and above. It is also applicable to 7750 SR-a4/8, SR-1e/2e/3e, 7750 SR-12E, and XRS-20/16c. The information and configuration in this chapter is based on SR OS Release 14.0.R5.
  • Page 272 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 An OpenFlow switch may have one or more flow tables, each of which contains one or more flow entries. A flow is a sequence of packets that matches a specific entry in a flow table.
  • Page 273 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The Datapath ID is an 8-byte value used to uniquely identify the switch. To construct it, SR OS uses a concatenation of the OpenFlow switch instance ID (2 bytes) and the chassis MAC (6 bytes).
  • Page 274: Table 2 Openflow Messages

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 2 OpenFlow Messages Message Type Message Description Controller-to-switch Feature [OFPT_FEATURES_REQUEST/REPLY] Used by controller to query capabilities of the switch. Typically used on session establishment. Configuration [OFPT_GET_CONFIG_REQUEST/ REPLY, OFPT_SET_CONFIG] Used to set and query configuration parameters in the switch.
  • Page 275 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Table 2 OpenFlow Messages (Continued) Message Type Message Description Asynchronous Packet-In [OFPT_PACKET_IN] Used to transfer a packet to the controller (for example, a table-miss flow entry). Flow-Removed [OFPT_FLOW_REMOVED] Used to notify the controller that a flow entry has been removed from the flow table.
  • Page 276: Configuration

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Configuration Figure 65 shows an example topology to demonstrate the use of OpenFlow. PE routers PE-1 through PE-8 form part of AS 65545 and run IS-IS and RSVP. All PE routers are IBGP clients of a Route Reflector situated at PE-2 for the IPv4 and VPN- IPv4 address families.
  • Page 277 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 OpenFlow Switch Configuration OpenFlow specification 1.3.1 allows for multiple flow tables within an OpenFlow switch that are sequentially numbered starting at zero. A function referred to as pipeline processing subsequently matches packets, first against flow entries of flow table 0, but allows for instructions to optionally direct a packet to another flow table, where the process is repeated.
  • Page 278 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 of-switch "ofs-1" aux-channel-enable controller 192.0.2.224:6653 flowtable 0 switch-defined-cookie max-size 4096 exit logical-port-status rsvp-te no shutdown exit exit The of-switch command allows for the creation of a switch instance and requires a name of 1 to 32 characters.
  • Page 279 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 =============================================================================== Open Flow Switch Information =============================================================================== Switch Name : ofs-1 Data Path ID : 00030ca40202d401 Admin Status : Up Echo Interval : 10 seconds Echo Multiple Logical Port Type : rsvp-te Buffer Size Num.
  • Page 280 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Async Fltr Packet In (Master or Equal): table-miss apply-action (Slave) : (Not Specified) Async Fltr Port Status (Master or Equal): port-add port-delete port-modify (Slave) : port-add port-delete port-modify Async Fltr Flow Rem (Master or Equal): idle-time-out hard-time-out flow-mod-delete group-delete (Slave)
  • Page 281 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The version, connection type, and Auxiliary ID have been previously described. The output shows asynchronous filters (Async Fltr), dependent on the role that the controller is playing. A controller may use Asynchronous Configuration (OFPT_SET_ASYNC) messages to set a filter on the asynchronous messages that it receives from the switch.
  • Page 282: Figure 66 Openflow Operation In Base Routing Context

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 66 OpenFlow Operation in Base Routing Context OpenFlow Controller 192.0.2.224 PE-1 PE-2 AS 65545 192.0.2.43 192.0.2.13 PE-3 PE-4 192.168.1.0/30 IES 1 192.0.2.45 192.0.2.19 EBGP Test Port B IES 1 172.31.100.0/24 172.31.200.0/24...
  • Page 283 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 configure service ies 1 customer 1 create interface "Test-Port-A" create address 172.16.48.1/24 sap 3/1/4:10 create ingress filter ip 10 exit exit Before any flow entries are initiated from the controller, a single entry with ID 65535 (maximum) is automatically populated in the embedding filter.
  • Page 284 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 TCP-syn : Off TCP-ack : Off Option-pres : Off Egress PBR : Disabled Primary Action : Forward Ing. Matches : 0 pkts Egr. Matches : 0 pkts =============================================================================== An OpenFlow IP filter is also automatically created by the system with a filter ID of _tmnx_ofs_<name>:<number>, where <name>...
  • Page 285 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 *B:PE-4# show router bgp routes 172.31.0.0/16 longer =============================================================================== BGP Router ID:192.0.2.19 AS:65545 Local AS:65545 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...
  • Page 286 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Util. Egress Queue 1 For. In/InplusProf ~0.00 For. Out/ExcProf : 2000 1023907 0.08 Dro. In/InplusProf 0.00 Dro. Out/ExcProf 0.00 The controller initiates an OFPT_FLOW_MOD message containing an OFPFC_ADD command to the switch to create a new flow entry.
  • Page 287 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Flow Flags: IPv4 [FR] Up Time : 0d 00:01:57 Add TS : 405858646 Mod TS Stats TS : 405870241 #Packets : 115951 #Bytes : 59366912 ------------------------------------------------------------------------------- Number of flows: 2 =============================================================================== The first flow entry shown is the table-miss entry with an action of fall-through (or forward).
  • Page 288 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 4 FLOW_MOD Flags (Continued) Flag Meaning Description Default SEND_FLOW_REM If set, the switch must send a Flow-Removed message when the flow entry is deleted. CHECK_OVERLAP If set, the switch must check that there are no conflicting entries with the same priority before inserting it into the flow entry table.
  • Page 289 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Dro. Out/ExcProf 0.00 FLOW_MOD messages allow for flow entries to be associated with hard and idle timeouts, which are not currently used by SR OS. Although timeout values can be passed by a controller in a FLOW_MOD message, they are effectively ignored.
  • Page 290: Figure 67 Example Topology For Openflow Within A Service Routing Context

    Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 67 Example Topology for OpenFlow within a Service Routing Context OpenFlow Controller 192.0.2.224 PE-1 PE-2 AS 65545 192.0.2.43 192.0.2.13 PE-3 PE-4 192.168.5.0/30 VPRN 5 192.0.2.45 192.0.2.19 EBGP 192.168.5.8/30 Test Port B...
  • Page 291 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The filter is applied at PE-4 on the SAP connecting test port A, as follows: configure service vprn 5 customer 1 create interface "Test-Port-A" create address 192.168.5.9/30 sap 3/1/4:5 create ingress filter ip 20...
  • Page 292 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== An OpenFlow IP filter, _tmnx_ofs_ofs-1:16, is also automatically created by the system and contains all of the flow entries dynamically created by the OpenFlow switch ofs-1 for service ID 5. This filter acts as a repository for active flow entries specific to that service context and its purpose has been previously described.
  • Page 293 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 PE-1 is egressing traffic at a rate of 2000 packets/s toward test port B, representing the sum of the two 1000 packets/s test streams, as follows: B:PE-1# monitor service id 1 sap 5/1/3:10 rate =============================================================================== Monitor statistics for Service 1 SAP 5/1/3:10 ===============================================================================...
  • Page 294 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In Port Outer VID : * EthType : 0x0800 Src IP : 172.16.2.128/25 Dst IP IP Proto DSCP Src Port Dst Port ICMP Type : * ICMP Code : * Label Action : Forward On Nhop(Indirect)
  • Page 295 Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 The preferred next-hop for traffic destined to prefix 172.16.1.0/24 is PE-1. The indirect next-hop address of 192.168.5.6 represents the (simulated) CE WAN address of test port C, and is known in the routing table of VPRN 5 with a next-hop of PE-5 (192.0.2.46), as follows: B:PE-4# show router 5 route-table 192.168.5.6 ===============================================================================...
  • Page 296 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Monitor statistics for Service 5 SAP lag-1:5 =============================================================================== ---snip--- Packets Octets % Port Util. Egress Queue 1 For. In/InplusProf 0.00 For. Out/ExcProf : 1000 512000 0.04 Dro.
  • Page 297: Table 5 Supported Redirect Actions

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 Table 5 Supported Redirect Actions Action Applicability Action Type Remarks Redirect to IP IPv4/IPv6 traffic OFPAT_EXPERIMENTER Next-hop can be direct or Next-Hop ingressing an IP interface (ALU_AXN_REDIRECT_TO_N indirect EXTHOP) Redirect to...
  • Page 298 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Table 5 Supported Redirect Actions Action Applicability Action Type Remarks Redirect to SAP Traffic ingressing a VPLS Action 1: OFPAT_OUTPUT TmnxPortId encoding in interface <port> TIMETRA-CHASSIS-MIB (port) or LAG TIMETRA-TC- <port>...
  • Page 299: Conclusion

    Advanced Configuration Guide - Part I Hybrid OpenFlow Switch Releases Up To 14.0.R7 B:PE-4# tools dump system-resources 3 Resource Manager info at 049 d 12/01/16 09:10:18.148: Hardware Resource Usage for Slot #3, CardType imm12-10gb-sf+, Cmplx #0: Total | Allocated | Free -------------------------------|-----------|-----------|------------ ---snip---...
  • Page 300 Hybrid OpenFlow Switch Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 301: Lfa Policies Using Ospf As Igp

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 LFA Policies Using OSPF as IGP This chapter provides information about LFA policies using OSPF as IGP. Topics in this chapter include: • Applicability •...
  • Page 302 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Implementation The SROS LFA policy implementation is built around the concept of route-next-hop (NH) templates which are applied to IP interfaces. A route-next-hop template specifies criteria which influence the selection of an LFA backup NH for either: •...
  • Page 303: Configuration

    Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Figure 68 Example Topology PE-1 PE-2 PE-3 192.0.2.1/32 192.0.2.2/32 192.0.2.3/32 1/1/1 1/1/2 1/1/1 1/1/2 192.168.12.0/30 192.168.23.0/30 1/1/3 1/2/1 1/1/2 1/1/1 1/1/4 1/1/3 1/1/3 1/1/3 1/1/1 1/1/4 1/1/2...
  • Page 304 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------------- 192.0.2.1/32 MPLS 65537 192.168.12.1 192.0.2.3/32 MPLS 65538 192.168.23.2 192.0.2.4/32 MPLS 65539 192.168.24.2 192.0.2.5/32 MPLS 65540 192.168.12.1 192.0.2.6/32 MPLS...
  • Page 305 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Alt-NextHop Alt- Metric ------------------------------------------------------------------------------- 192.0.2.1/32 Remote OSPF 00h11m32s 192.168.12.1 192.168.26.2 (LFA) 192.0.2.2/32 Local Local 00h11m44s system 192.0.2.3/32 Remote OSPF 00h11m18s 192.168.23.2 192.168.24.2 (LFA) 192.0.2.4/32 Remote OSPF 00h11m12s...
  • Page 306 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== LDP Bindings (IPv4 LSR ID 192.0.2.2) (IPv6 LSR ID ::) =============================================================================== Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route LF - Lower FEC, UF - Upper FEC (S) - Static...
  • Page 307 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 192.0.2.5/32 Push 262139BU 192.168.24.2 1/2/1 192.0.2.5/32 Swap 262139 262139 192.168.12.1 1/1/2 192.0.2.5/32 Swap 262139 262139BU 192.168.24.2 1/2/1 192.0.2.6/32 Push 262143 192.168.26.2 1/1/3 192.0.2.6/32 Push 262138BU 192.168.12.1 1/1/2...
  • Page 308 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Commands within a route-next-hop policy template follow the begin- abort-commit model. After a commit, the IGP re-evaluates the template and schedules a new LFA SPF to re-compute the LFA NH for the prefixes associated with this template.
  • Page 309 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 *A:PE-x# configure router route-next-hop-policy template <template-name> exclude- group <group-name> *A:PE-x# configure router route-next-hop-policy template <template-name> include- group <group-name> [pref <preference>] Step 4. Configure SRLG constraints in route-next-hop policy. This is an optional step in the context of LFA policies.
  • Page 310 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This is an optional step in the context of LFA policies. With the use of LFA policies, the user can also select if tunnel backup NH or IP backup NH is preferred for IP prefixes and LDP FEC prefixes protected by a backup LFA NH.
  • Page 311 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 =============================================================================== Prefix IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 Push 262143 192.168.12.1 1/1/2 192.0.2.1/32 Push 262142BU 192.168.26.2 1/1/3 192.0.2.1/32 Swap 262142 262143 192.168.12.1 1/1/2 192.0.2.1/32 Swap 262142 262142BU...
  • Page 312 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 This default LFA NH can be changed by adding specific selection criteria inside a route-next-hop policy template. Example 1: LFA Policy with Admin Group Constraint The objective is to force the LFA NH for both LDP FEC prefixes to use the path between PE-2 and PE-5.
  • Page 313 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) =============================================================================== Prefix IngLbl EgrLbl EgrNextHop...
  • Page 314 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-2# Example 2: LFA Policy with SRLG Constraint The objective is to force the LFA NH for both LDP FEC prefixes to use the path from PE-2 to PE-5.
  • Page 315 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 (B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) ===============================================================================...
  • Page 316 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The LFA policy mapping is removed from the OSPF interfaces as follows: *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-1" no lfa-policy-map *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-6" no lfa-policy-map Example 3: LFA Policy with NH-type Constraint The objective is to force the LFA NH for IP prefix 192.0.2.6/32 to use an RSVP tunnel.
  • Page 317 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 *A:PE-2# show router tunnel-table 192.0.2.6 =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------------- 192.0.2.6/32 rsvp MPLS 192.168.24.2 16777215 192.0.2.6/32 MPLS...
  • Page 318 LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Define a route-next-hop policy template “LFA_NH_Tunnel”, where nh-type is set to tunnel. *A:PE-2# configure router route-next-hop-policy begin template "LFA_NH_Tunnel" nh-type tunnel exit commit Apply the policy template to the interface toward PE-6, as follows: *A:PE-2# configure router ospf area 0 interface "int-PE-2-PE-6"...
  • Page 319 Advanced Configuration Guide - Part I LFA Policies Using OSPF as IGP Releases Up To 14.0.R7 Example 4: Exclude Prefix from LFA Policy The objective is to force no LFA NH for LDP FEC prefix 192.0.2.1/32 where PE-2 is the PLR. The IP/LDP FRR implementation in SR OS allows to exclude an IGP interface, IGP area (OSPF), or IGP level (IS-IS) from the LFA SPF computation.
  • Page 320: Conclusion

    LFA Policies Using OSPF as IGP Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Prefix IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 Push 262143 192.168.12.1 1/1/2 192.0.2.1/32 Swap 262142 262143 192.168.12.1 1/1/2 ------------------------------------------------------------------------------- No. of IPv4 Prefix Active Bindings: 2 =============================================================================== *A:PE-2# Conclusion...
  • Page 321: Pbr/Pbf Redundancy

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 PBR/PBF Redundancy This chapter provides information about PBR/PBF Redundancy. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.
  • Page 322 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • Different QoS treatment can be provided, based on additional criteria • Cost saving: time-sensitive traffic can be sent over higher-speed links at a higher cost, while bulk file transfers are sent over lower-speed links at a lower cost •...
  • Page 323: Figure 69 Pbf In Vpls 1 On Pe-1

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Figure 69 PBF in VPLS 1 on PE-1 PE-1 PE-2 CE-10 172.16.10.1/24 1/1/3:1 1/1/1:1 1/1/2:1 VPLS 1 VPLS 1 1/1/2:1 1/1/1:1 Ingress filter 1/1/1:1 1/1/2:1 1/1/2:1 1/1/1:1 1/1/3:1 VPLS 1 VPLS 1 CE-40...
  • Page 324 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 [no] log - Configure log for the filter entry [no] match + Configure match criteria for this mac filter entry [no] pbr-down-actio* - Configure action that overrides default PBR/PBF down action. 'no pbr-down-action-override' preserves default PBR/PBF down action, which varies for different actions.
  • Page 325: Table 6 Primary And Secondary Forwarding Actions

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 exit This IPv4 filter only affects packets with IPv4 SA 172.16.10.1/24 and IPv4 DA 172.16.10.4/24. When the primary action SAP 1/1/1:1 is operationally up, the primary action is executed; when SAP 1/1/1:1 is operationally down, the secondary action is executed, until SAP 1/1/1:1 is operationally up again.
  • Page 326 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 When the primary action SAP 1/1/1:1 is operationally up (PBR Target Status: Up), the primary action is executed (Downloaded Action: Primary), as follows: *A:PE-1# show filter ip 10 =============================================================================== IP Filter ===============================================================================...
  • Page 327: Configuration

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 *A:PE-1# configure filter ip-filter 10 entry 10 sticky-dest - no sticky-dest - sticky-dest <hold-time-up> - sticky-dest no-hold-time-up <hold-time-up> : 0..65535 seconds When both the primary action SAP 1/1/1:1 and the secondary action SAP 1/1/2:1 are down, the default action is drop, unless the pbr-down-action-override <filter- action>...
  • Page 328: Figure 70 Example Topology

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 70 Example Topology PE-1 PE-2 192.168.0.1/32 192.168.0.2/32 CE-10 1/1/3 1/1/1 192.168.12.0/30 1/1/2 1/1/2 1/1/1 192.168.13.0/30 192.168.24.0/30 1/1/1 1/1/2 1/1/2 192.168.34.0/30 1/1/1 1/1/3 CE-40 PE-3 PE-4 192.168.0.3/32 192.168.0.4/32 26308 The initial configuration is as follows: •...
  • Page 329 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 6. The primary action SAP 1/1/1:1 is put in a no shutdown state. The primary action is executed. 7. Stickiness is configured with a hold timer of 60 seconds. At timer expiry, stickiness takes effect.
  • Page 330 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 filter ip 10 exit exit spoke-sdp 12:1 create exit spoke-sdp 13:1 create exit no shutdown exit When all SAPs are up, all packets from CE-10 enter SAP 1/1/3:1 and are forwarded to primary action SAP 1/1/1:1.
  • Page 331 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 All traffic is forwarded from ingress SAP 1/1/3:1 to SAP 1/1/1:1 and the reply messages from SAP 1/1/1:1 to SAP 1/1/3:1. No packets are forwarded via SAP 1/1/ 2:1.
  • Page 332 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Next Hop : 1/1/1:1 Service Id PBR Target Status : Down Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Up PBR Down Action : Drop (entry-default) Downloaded Action : Secondary...
  • Page 333 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Egr. Matches : 0 pkts =============================================================================== PBR Down Action Override Both SAPs remain in a shutdown state. The default PBR down action is drop, but that can be overruled by configuring the pbr-down-action-override parameter, as follows: *A:PE-1# configure filter ip-filter 10 entry 10 pbr-down-action-override forward With this configuration added in entry 10 of IPv4 filter 10, the PBR down action will...
  • Page 334 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Down PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Forward Dest. Stickiness : None Hold Remain Ing.
  • Page 335 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Primary Action Up - Revertive Behavior As well as the secondary action SAP, also the primary action SAP 1/1/1:1 is re- enabled, as follows: *A:PE-1# configure service vpls 1 sap 1/1/1:1 no shutdown The default PBR/PBF behavior is revertive;...
  • Page 336 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The hold remain timer starts counting down when stickiness is configured and at least one PBR target is up. If the primary action SAP 1/1/1:1 remains operationally up for the configured 60 seconds, the primary action will be active, and at timer expiry, stickiness applies.
  • Page 337 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Secondary Action : Forward (SAP) Next Hop : 1/1/2:1 Service Id PBR Target Status : Up PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Secondary Dest. Stickiness : 60 Hold Remain : 29...
  • Page 338 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Force Primary Action Stickiness can be enabled without any delay, as follows: *A:PE-1# configure filter ip-filter 10 entry 10 sticky-dest no-hold-time-up *A:PE-1# configure filter *A:PE-1>config>filter# info ---------------------------------------------- ip-filter 10 create entry 10 create action forward sap 1/1/1:1...
  • Page 339 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 The secondary action is active and will remain active as long as the secondary action SAP 1/1/2:1 is up. The hold remain timer is not enabled (== value 0). When the primary action SAP 1/1/1:1 is operationally up again, the secondary action remains active, as follows: *A:PE-1# configure service vpls 1 sap 1/1/1:1 no shutdown...
  • Page 340 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PBR Target Status : Up PBR Down Action : Forward (pbr-down-action-override) Downloaded Action : Primary Dest. Stickiness Hold Remain Ing. Matches : 11000 pkts (1166000 bytes) Egr. Matches : 0 pkts =============================================================================== This tools command can also be used in combination with a running sticky-...
  • Page 341 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 *A:PE-1# show filter mac 20 =============================================================================== Mac Filter =============================================================================== Filter Id : 20 Applied : Yes Scope : Template Def. Action : Drop Entries Type : normal Description : (Not Specified) ------------------------------------------------------------------------------- Filter Match Criteria : Mac...
  • Page 342: Figure 71 Pbr In A Vprn

    PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 71 PBR in a VPRN PE-1 PE-2 CE-11 172.16.111.2/30 1/1/3:2 1/1/1:2 172.16.12.0/30 VPRN 2 VPRN 2 1/1/2:2 Ingress filter 172.16.13.0/30 172.16.24.0/30 172.16.34.0/30 VPRN 2 VPRN 2 CE-41 172.16.114.2/30 PE-3 PE-4...
  • Page 343 Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 exit action secondary forward next-hop 172.16.13.2 router 2 exit exit configure service vprn 2 interface "int-PE-1-CE-11_VPRN2" sap 1/1/3:2 ingress filter ip 30 The primary action forwards packets from CE-11 to next-hop 172.16.12.2, which is an interface in VPRN 2 on PE-2;...
  • Page 344 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:PE-1# configure service vprn 2 interface "int-PE-1-PE-2_VPRN2" sap 1/1/1:2 shutdown *A:PE-1# show filter ip 30 =============================================================================== IP Filter =============================================================================== Filter Id : 30 Applied : Yes Scope : Template Def.
  • Page 345: Conclusion

    Advanced Configuration Guide - Part I PBR/PBF Redundancy Releases Up To 14.0.R7 Conclusion Operators can define two targets for L2 and L3 traffic steering (PBF and PBR): primary and secondary. The primary target is used when both targets are up; the secondary target is used when the primary is down.
  • Page 346 PBR/PBF Redundancy Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 347: Rate Limit Filter Action

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Rate Limit Filter Action This chapter provides information about Rate Limit Filter Action. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to SR OS routers and is based on SR OS Release 14.0.R7.
  • Page 348 Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 QoS Interaction On ingress, if the MAC or IPv4/IPv6 filter action indicates that traffic must be rate limited, this traffic is redirected to a rate-limiting filter policer before delivery to the switching fabric.
  • Page 349: Configuration

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Figure 73 Rate Limit Filters and FlexPaths Rate Limit int-1 int-1 Policer-1 filter-1 filter-1 Rate Limit Policer-1 Rate int-2 int-2 Limit filter-1 filter-2 Policer-2 26369 Use caution when applying filter-based rate limiting to SAPs on group interfaces, because group interfaces can host many ESM subscribers, which could defeat per- subscriber and per-ESM host rate limiting.
  • Page 350: Figure 74 Example Configuration

    Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 74 Example Configuration VPRN-1 10.10.1.1 10.10.2.1 3/2/13 3/2/14 Tester T1 PE-1 Tester T2 traffic source 192.0.2.1 traffic sink 26370 The configuration of VPRN-1 on PE-1 is as follows: # R1 configure service...
  • Page 351 Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 exit exit exit exit A stream of UDP packets with a fixed size of 128 bytes is sent out of Tester T1 at a rate of 1000 packets/sec, accounting for a data rate of 128 x 8 x 1000 = 1.024 Mbit/ s.
  • Page 352 Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Ing. Rate-limiter Offered : 3222046 pkts (412421888 bytes) Forwarded : 2147991 pkts (274942848 bytes) Dropped : 1074055 pkts (137479040 bytes) Egr. Rate-limiter Offered : 0 pkts Forwarded : 0 pkts Dropped...
  • Page 353 Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 At time t = 20 sec (Mode: Delta) ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Sap Statistics ------------------------------------------------------------------------------- Last Cleared Time : N/A Packets Octets CPM Ingress Forwarding Engine Stats Dropped Received Valid : 19901 5094656...
  • Page 354 Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Dropped Received Valid : 312516277 20001041728 Off. HiPrio Off. LowPrio : 312516277 20001041728 Off. Uncolor Off. Managed Queueing Stats(Ingress QoS Policy 1) Dro. HiPrio Dro. LowPrio For.
  • Page 355: Conclusion

    Advanced Configuration Guide - Part I Rate Limit Filter Action Releases Up To 14.0.R7 Packets Octets CPM Ingress --- snipped --- Queueing Stats(Egress QoS Policy 1) Dro. In/InplusProf Dro. Out/ExcProf For. In/InplusProf : 10005 2561280 For. Out/ExcProf --- snipped --- *A:PE1# Conclusion Rate-limiting filter actions can be used by network operators for security purposes to...
  • Page 356 Rate Limit Filter Action Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 357: Unicast Routing Protocols

    Advanced Configuration Guide - Part I Unicast Routing Protocols Releases Up To 14.0.R7 Unicast Routing Protocols In This Section This section provides configuration information for the following topics: • Associating Communities with Static and Aggregate Routes • BGP Add-Path • BGP Fast Reroute •...
  • Page 358 Unicast Routing Protocols Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 359: Associating Communities With Static And Aggregate Routes

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Associating Communities with Static and Aggregate Routes This chapter provides information about associating communities with static and aggregate routes configurations. Topics in this chapter include: •...
  • Page 360: Overview

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Overview Figure 75 Example Topology PE-2 PE-1 CE-7 192.0.2.7 192.168.12.0/30 192.0.2.2 192.0.2.1 192.168.25.0/30 192.0.2.8 CE-8 192.0.2.5 AS 64496 RR-5 .2 .2 192.168.34.0/30 AS 64497 192.0.2.3 192.0.2.4 192.0.2.6...
  • Page 361: Configuration

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Associating Communities with Static and Aggregate Routes It is possible to add a single community value to a static and aggregate route without using a route policy.
  • Page 362 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 group “RR-clients" family vpn-ipv4 peer-as 64496 neighbor 192.0.2.1 exit neighbor 192.0.2.2 exit neighbor 192.0.2.3 exit neighbor 192.0.2.4 exit exit On RR-5, show that BGP sessions with each PE are established, and have correctly negotiated the VPN IPv4 address family capability.
  • Page 363: Figure 76 Ce Connections For Next-Hops

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family) PktSent OutQ ------------------------------------------------------------------------------- 192.0.2.1 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.2 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.3 64496 0 00h00m05s 0/0/0 (VpnIPv4) 192.0.2.4...
  • Page 364 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 interface "loop1" create address 192.0.2.100/32 loopback exit interface "int-PE-1-CE-8" create unnumbered "loop1" sap 1/2/2:1.0 create exit exit no shutdown For unnumbered interfaces, an IP address is borrowed from a loopback interface, for example from the system interface, see MPLS chapter Unnumbered Interfaces in RSVP-TE and...
  • Page 365 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes group "VPRN1-external" export "BGP-VPN-accept" peer-as 64497 neighbor 172.16.46.2 exit exit exit no shutdown Static Routes with Communities A static route has a number of next-hop options: direct connected IP address, black- hole, indirect IP address, and interface-name.
  • Page 366 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 • 10.100.101.0/24 must be advertised with a community of 64496:101 configure service vprn 1 static-route-entry 10.100.101.0/24 next-hop 172.16.17.2 community 64496:101 no shutdown exit •...
  • Page 367 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes configure service vprn 1 static-route-entry 10.100.105.0/24 next-hop "int-PE-1-CE-8" community 64496:105 no shutdown exit exit On PE-1, configure static routes that match the static routes from Figure 76, and the preceding conditions.
  • Page 368 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Routes : 7 =============================================================================== *A:PE-1# There are only seven exported routes. The route prefixes associated with the no- advertise community are not present, as expected. Examining the BGP table of PE-4 shows the presence of the expected routes, with the correct community values.
  • Page 369 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes VPRN Imported ---snip--- The following command shows all members of the community no-report: *A:PE-4# show router bgp routes vpn-ipv4 community no-export =============================================================================== BGP Router ID:192.0.2.4 AS:64496 Local AS:64496 ===============================================================================...
  • Page 370 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 *A:PE-4# show router bgp routes 10.100.101.0/24 vpn-ipv4 detail =============================================================================== BGP Router ID:192.0.2.4 AS:64496 Local AS:64496 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...
  • Page 371 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Network : 10.100.103.0/24 Nexthop : 192.0.2.1 Route Dist. : 64496:1 VPN Label : 262139 Path Id : None From : 192.0.2.5 Res. Nexthop : n/a Local Pref.
  • Page 372 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Originator Id : 192.0.2.1 Peer Router Id : 192.0.2.5 Fwd Class : None Priority : None Flags : Used Valid Best Route Source : Internal AS-Path : No As-Path...
  • Page 373 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Examine the route table of VPRN 1 on PE-4 – looking specifically at the BGP-learned routes, the same seven routes are present as valid routes. *A:PE-4# show router 1 route-table protocol bgp-vpn =============================================================================== Route Table (Service: 1)
  • Page 374 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Routes: 6 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested =============================================================================== *A:CE-6#...
  • Page 375 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes *A:CE-6# show router bgp routes community 64496:103 =============================================================================== BGP Router ID:192.0.2.6 AS:64497 Local AS:64497 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...
  • Page 376: Figure 77 Ce-7 Connectivity

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid Legend - l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...
  • Page 377 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes • 10.101.0.0/24 to 10.101.7.0/24 • 10.102.0.0/24 to 10.102.7.0/24 Instead of advertising all of these prefixes out of the VPRN towards an external CE individually, an aggregate route can be configured that summarizes each set of eight prefixes and a community can be directly associated with each aggregate route.
  • Page 378 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 State : Established Last State : Established Last Event : recvKeepAlive Last Error : Cease (Connection Collision Resolution) Local Family : IPv4 Remote Family : IPv4 Hold Time : 90...
  • Page 379 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes Routes Resolve To St*: Disabled Local AddPath Capabi*: Disabled Remote AddPath Capab*: Send - None : Receive - None Import Policy : None Specified / Inherited Export Policy : None Specified / Inherited Origin Validation...
  • Page 380 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 u*>i 10.101.6.0/24 None None 172.16.117.2 None 64498 u*>i 10.101.7.0/24 None None 172.16.117.2 None 64498 u*>i 10.102.0.0/24 None None 172.16.117.2 None 64498 u*>i 10.102.1.0/24 None None 172.16.117.2...
  • Page 381: Figure 78 Ce-6 Connectivity

    Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes neighbor 172.16.146.2 exit exit no shutdown exit no shutdown exit Figure 78 shows the connectivity between PE-4 and CE-6. PE-4 will only forward a summarizing aggregate route toward CE-6.
  • Page 382 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 192.0.2.1 (tunneled) 10.102.2.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.3.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.4.0/24 Remote BGP VPN 00h01m07s 192.0.2.1 (tunneled) 10.102.5.0/24 Remote BGP VPN...
  • Page 383 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes =============================================================================== ------------------------------------------------------------------------------- Peer : 172.16.146.2 Description : (Not Specified) Group : VPRN2-external ------------------------------------------------------------------------------- Peer AS : 64497 Peer Port : 51154 Peer Address : 172.16.146.2 Local AS : 64496...
  • Page 384 Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Advertise Label : None Auth key chain : n/a Disable Cap Nego : Disabled Bfd Enabled : Disabled Flowspec Validate : Disabled Default Route Tgt : Disabled Aigp Metric : Disabled...
  • Page 385 Advanced Configuration Guide - Part I Associating Communities with Static and Aggregate Releases Up To 14.0.R7 Routes policy-statement "PE-4-VPN-Agg" entry 10 from protocol aggregate exit action accept exit exit commit exit This is applied as an export policy within the group context of the BGP configuration of the VPRN.
  • Page 386: Conclusion

    Associating Communities with Static and Aggregate Advanced Configuration Guide - Part I Routes Releases Up To 14.0.R7 Fwd Class : None Priority : None Flags : Used Valid Best Route Source : External AS-Path : 64496 Route Tag Neighbor-AS : 64496 Orig Validation: NotFound Source Class Dest Class...
  • Page 387: Bgp Add-Path

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 BGP Add-Path This chapter provides information about BGP Add-Path. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS Release 14.0.R7.
  • Page 388: Figure 79 Rr Advertises Best Path Only - Path A Preferred Over Path B

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Faster Convergence after Failure Figure 79 shows a network that does not support add-path. CE-4 advertises two paths for prefix 10.0.0.0/8 to its eBGP neighbors: PE-1 and PE-2. PE-1 has an import policy that sets the local preference (LP) of path A to 200;...
  • Page 389: Figure 80 Reconvergence After Path Failure (Without Add-Path)

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Step 5. PE-1 and PE-3 rerun their BGP decision process and determine that path B is the best path. Traffic can flow from CE-6 to CE-4 via PE-3 and PE-2. Figure 80 shows the BGP updates sent to withdraw path A and advertise path B.
  • Page 390: Figure 81 Advertised Paths When Bgp Add-Path Is Enabled In Pes And Rr

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • When BGP FRR is enabled as described in chapter BGP Fast Reroute, path A is the best path and path B is the second-best path. The FIB entry for destination 10.0.0.0/8 points to path {A,B}.
  • Page 391: Figure 82 Reconvergence After Path Failure When Bgp Add-Path Is Enabled

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Step 3. PE-2 and PE-3 receive the withdrawal, rerun the BGP decision process, and update the forwarding entry for destination 10.0.0.0/8: path B is best. Figure 82 Reconvergence after Path Failure when BGP Add-path is Enabled AS 64496 AS 64500 CE-4...
  • Page 392 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Enhanced Load-Sharing When paths A and B are equal in cost or preference, and ECMP and BGP multipath are enabled on all PEs, load-sharing can be done for traffic with destination 10.0.0.0/ 8.
  • Page 393 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-path Implementation BGP add-path is configured in the base routing instance, for iBGP or eBGP, per address family at different levels: in the global BGP context, per group, and per neighbor.
  • Page 394 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 " 58 2017/02/21 09:57:36.11 UTC MINOR: DEBUG #2001 Base BGP "BGP: OPEN Peer 1: 192.0.2.5 - Received BGP OPEN: Version 4 AS Num 64496: Holdtime 90: BGP_ID 192.0.2.5: Opt Length 22 Opt Para: Type CAPABILITY: Length = 20: Data: Cap_Code MP-BGP: Length 4 Bytes: 0x0 0x1 0x0 0x1...
  • Page 395: Configuration

    Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes =============================================================================== Flag...
  • Page 396: Figure 83 Example Topology

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 83 Example Topology AS 64496 PE-1 AS 64500 172.16.14.0/30 192.168.13.0/30 CE-4 192.0.2.1/32 10.0.0.0/8 192.168.12.0/30 192.168.15.0/30 192.168.25.0/30 RR-5 172.16.24.0/30 AS 64501 192.0.2.5/32 PE-3 CE-6 PE-2 192.0.2.2/32 192.0.2.3/32 192.168.23.0/30 172.16.36.0/30 eBGP iBGP...
  • Page 397 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 min-route-advertisement 1 rapid-withdrawal split-horizon group "eBGP" export "export-bgp" peer-as 64496 neighbor 172.16.14.1 exit neighbor 172.16.24.1 exit exit exit policy-options begin prefix-list "10.0.0.0/8" prefix 10.0.0.0/8 longer exit policy-statement "export-bgp" entry 10 from prefix-list "10.0.0.0/8"...
  • Page 398 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit commit The BGP configuration on PE-2 and PE-3 is similar, but there is no import policy. The BGP configuration on RR-5 is as follows: configure router autonomous-system 64496 min-route-advertisement 1 rapid-withdrawal...
  • Page 399 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Reconvergence without Add-path A failure of the link between CE-4 and PE-1 is simulated as follows: *A:CE-4# configure router interface "int-CE-4-PE-1" shutdown The following four BGP update messages are received or sent by RR-5. RR-5 receives the following withdrawal message from PE-1: 14 2017/02/21 12:26:44.56 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1 "Peer 1: 192.0.2.1: UPDATE...
  • Page 400 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Withdrawn Length = 0 Total Path Attr Length = 41 Flag: 0x40 Type: 1 Len: 1 Origin: 0 Flag: 0x40 Type: 2 Len: 6 AS Path: Type: 2 Len: 1 < 64500 > Flag: 0x40 Type: 3 Len: 4 Nexthop: 192.0.2.2 Flag: 0x40 Type: 5 Len: 4 Local Preference: 100 Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.2...
  • Page 401 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-path is enabled on PE-1 and PE-2 with a send path limit of two for groups "eBGP" and "iBGP" and no limit on the receive path limit, which is the default setting, as follows: configure router bgp group "eBGP"...
  • Page 402 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 : Receive - IPv4 Remote AddPath Capab*: Send - IPv4 : Receive - None With BGP add-path enabled, PE-2 will advertise its second-best route for prefix 10.0.0.0/8 with LP 100 to RR-5. PE-1, PE-2, and RR-5 will have two routes for prefix 10.0.0.0/8 in their RIB-IN, but only the route with LP 200 will be used.
  • Page 403 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 192.0.2.1 None 64500 ------------------------------------------------------------------------------- Routes : 1 When add-path is enabled on the session between PE-3 and RR-5, the second route will also be advertised, as follows: *A:PE-3# configure router bgp group "iBGP" add-paths ipv4 send 2 *A:RR-5# configure router bgp group "iBGP"...
  • Page 404 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Reconverge with Add-Path: No BGP FRR, No ECMP A link failure between CE-4 and PE-1 is simulated as follows: *A:CE-4# configure router interface "int-CE-4-PE-1" shutdown PE-1 sends a withdrawal message for route 10.0.0.0/8 with LP 200 to RR-5 and reruns the BGP decision process.
  • Page 405 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 The convergence with add-path enabled is twice as fast as without BGP add-path. With BGP add-path disabled, four sequential messages are sent: 1. PE-1 sends a withdrawal to RR-5. 2.
  • Page 406 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The following routing table on PE-3 shows the active route for 10.0.0.0/8 and adds an indication "B", indicating that a backup route is available: *A:PE-3# show router route-table 10.0.0.0/8 =============================================================================== Route Table (Router: Base) ===============================================================================...
  • Page 407 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 Add-Path and ECMP On PE-1, the import policy is removed to have paths with equal cost: *A:PE-1# configure router bgp group "eBGP" no import ECMP is enabled on all PEs with a value of two, as follows: configure router ecmp 2 On all PEs, BGP multipath is configured with a value of two in the BGP context, as follows:...
  • Page 408: Figure 84 Example Topology With Vprns

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 10.0.0.0/8 Remote 00h02m40s 192.168.13.1 10.0.0.0/8 Remote 00h02m40s 192.168.23.1 ------------------------------------------------------------------------------- No. of Routes: 2 Traffic flows with destination 10.0.0.0/8 will be sprayed over the two active paths. Add-path for Family VPN-IPv4 with BGP FRR Figure 84 shows the example topology with VPRN1 configured on the PEs in AS 64496.
  • Page 409 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 vprn 1 customer 1 create autonomous-system 64496 route-distinguisher 64496:1 auto-bind-tunnel resolution any exit enable-bgp-vpn-backup ipv4 vrf-target target:64496:1 interface "int-PE-1-CE-4_VPRN1" create address 172.16.114.1/30 sap 1/1/3:1 create exit exit split-horizon group "eBGP_1"...
  • Page 410 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 address 172.31.0.1/16 loopback exit split-horizon group "eBGP_1" export "export_172.31.0.0/16" peer-as 64496 neighbor 172.16.114.1 exit neighbor 172.16.124.1 exit exit exit no shutdown The export policy to export prefix 172.31.0.0/16 is defined as follows: configure router policy-options...
  • Page 411 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 The BGP configuration for group "iBGP" on PE-1 is as follows: *A:PE-1# configure router bgp group "iBGP" *A:PE-1>config>router>bgp>group# info ---------------------------------------------- family ipv4 vpn-ipv4 next-hop-self peer-as 64496 add-paths ipv4 send 2 receive vpn-ipv4 send 2 receive exit neighbor 192.0.2.5...
  • Page 412 BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Route Table (Service: 1) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 172.31.0.0/16 [B] Remote BGP VPN 00h00m27s 192.0.2.1 (tunneled) ------------------------------------------------------------------------------- No. of Routes: 1 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available...
  • Page 413 Advanced Configuration Guide - Part I BGP Add-Path Releases Up To 14.0.R7 configure service vprn 1 ecmp 2 BGP multipath needs to be enabled in the base routing context, but that already happened. With ECMP enabled, the two routes that are received on PE-3 from RR-5 are both active, as follows: *A:PE-3# show router bgp routes 172.31.0.0/16 vpn-ipv4 ===============================================================================...
  • Page 414: Conclusion

    BGP Add-Path Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion BGP add-path allows BGP speakers to advertise multiple distinct paths for the same prefix. The potential benefits of BGP add-path include reduced routing churn, faster convergence, and better load-sharing. 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 415: Bgp Fast Reroute

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 BGP Fast Reroute This chapter provides information about BGP Fast Reroute. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to SR OS routers and is based on SR OS Release 14.0.R7 Overview Border Gateway Protocol (BGP) is a key protocol for ISPs, supporting inter- Autonomous System (inter-AS) and intra-Autonomous System (intra-AS)
  • Page 416: Figure 85 Core Pic

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Within SR OS, two BGP FRR functions are supported: Core PIC and Edge PIC. Core PIC describes a scenario where a link or node on the path to the BGP next-hop fails, but the BGP next-hop remains reachable;...
  • Page 417: Configuration

    Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 The following SR OS supported features can be used to allow BGP to maintain multiple paths through an autonomous system: • BGP Best External • BGP Add-Paths Convergence goes through several phases, which also apply to BGP: •...
  • Page 418: Figure 87 Bgp Frr Topology

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 87 BGP FRR Topology 192.0.2.2/32 10.0.12.0/30 192.168.24.0/30 AS 65537 AS 65536 192.0.2.4/32 192.0.2.5/32 192.168.45.0/30 10.0.13.0/30 172.20.1.0/24 192.168.34.0/30 172.20.1.0/24 192.168.46.0/30 192.0.2.1/32 192.0.2.3/32 = eBGP 192.0.2.6/32 = iBGP 26257 These characteristics enforce traffic for destination 172.10.1.0/24 to leave AS 65537 via R2.
  • Page 419 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 BGP Best External R3 is configured with the BGP Best External feature, as follows: # on R3 configure router loop-detect discard-route split-horizon advertise-external ipv4 group "eBGP_AS65536" export "AS65537_Export_External_Networks" peer-as 65536 neighbor 192.168.13.1 exit...
  • Page 420 BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 192.0.2.3 None 65536 ------------------------------------------------------------------------------- Routes : 1 =============================================================================== *A:R3# The BGP Best External feature is sufficient for providing alternate paths in a fully meshed autonomous system, and could be used in conjunction with the BGP Add- Paths feature.
  • Page 421 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 # on RR6 configure router loop-detect discard-route split-horizon group "iBGP_AS65537" cluster 6.6.6.6 peer-as 65537 add-paths ipv4 send 2 receive exit neighbor 192.0.2.2 exit neighbor 192.0.2.3 exit neighbor 192.0.2.4 exit neighbor 192.0.2.5 exit...
  • Page 422 BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...
  • Page 423 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 =============================================================================== BGP Router ID:192.0.2.4 AS:65537 Local AS:65537 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...
  • Page 424 BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== BGP IPv4 Routes =============================================================================== Flag Network LocalPref Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 172.10.1.0/24 None 192.0.2.2 65536 ub*i 172.10.1.0/24 None 192.0.2.3 65536 ------------------------------------------------------------------------------- Routes : 2 =============================================================================== *A:R4# Now the routing table is as follows.
  • Page 425 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 Backup = BGP backup route LFA = Loop-Free Alternate nexthop S = Sticky ECMP requested =============================================================================== *A:R4# The currently active next-hop in the forwarding path is 192.168.24.1, as follows: *A:R4# show router fib 1 172.10.1.0/24 all =============================================================================== FIB Display...
  • Page 426 BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 In summary, two paths are available out of R4 and leading to 172.10.1.0/24 in the remote AS, but only one is installed in the forwarding plane. The active route is R4- R2-R1;...
  • Page 427 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 exit neighbor 192.168.13.2 exit exit no shutdown exit exit exit Because the BFD configuration for R2 and R3 is very similar, it is only shown for R2, as follows: # for R2 configure...
  • Page 428 BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BFD for IS-IS is enabled at the IS-IS interface level, and is enabled for IPv4 only, as follows. configure router isis area-id 48.0001 interface "system" no shutdown exit interface "int-R2-R4"...
  • Page 429 Advanced Configuration Guide - Part I BGP Fast Reroute Releases Up To 14.0.R7 192.168.45.1 0.698 ms 0.695 ms 0.698 ms 192.168.34.1 1.21 ms 1.21 ms 1.15 ms 172.10.1.1 1.73 ms 1.71 ms 1.70 ms *A:R5# On R4, traffic is now diverted to R3, and the BGP routes are as follows: *A:R4# show router bgp routes =============================================================================== BGP Router ID:192.0.2.4...
  • Page 430: Conclusion

    BGP Fast Reroute Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== Dest Prefix : 172.10.1.0/24 Protocol : BGP Installed Indirect Next-Hop : 192.0.2.3 : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight Resolving Next-Hop : 192.168.34.1 Interface : int-R4-R3 ECMP-Weight =============================================================================== Total Entries : 1 ===============================================================================...
  • Page 431: Bgp Flowspec For Ipv4 And Ipv6

    Applicability This chapter is applicable to 7750 SR-7/12, 7750 SRc4/c12, 7750 SR-12E, 7750 SR- a, 7750 SR-e, XRS-20/40/16c, and 7450 ESS-7/12 in mixed-mode. Only interfaces supported on IOM3-XP, IOM4-e, XMA/C-XMA, IOM-a, and IMM cards can be configured for FlowSpec filtering. Also, all network interfaces must be on IOM3-XP, IOM4-e, XMA/C-XMA, IOM-a, or IMM cards in order to enable FlowSpec on any spoke-SDP interface.
  • Page 432: Table 7 Flowspec Component Types

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Initially, the primary use for FlowSpec was to dynamically distribute traffic filtering rules for mitigating distributed denial of service (DDoS) attacks. A router receiving a FlowSpec update can dynamically create IP filters to prevent both intra-AS and inter- AS DDoS attacks.
  • Page 433: Table 8 Flowspec Extended Community Attributes

    Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 Table 7 FlowSpec Component Types Type Value Component Type SR OS Support Fragment Yes (non-first only, first-only, fragment true, fragment false. Last fragment matching is not supported).
  • Page 434: Figure 88 Example Topology

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 To allow for tunneling of IPv4 traffic in MPLS, all PE routers are configured for BGP next-hop-resolution using LDP shortcut-tunnels. To allow for tunneling of IPv6 traffic in MPLS, all PE routers are configured to run 6PE, with peering sessions configured to advertise labels for the IPv6 address family.
  • Page 435: Configuration

    Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 − A "dirty" interface for forwarding of mitigated traffic toward the scrubbing center for cleansing. This interface is connected to an off-ramp VPRN configured on PE-5 and PE-2. PE-5 has static IPv4/IPv6 default routes toward the scrubbing center, which are subsequently advertised into the off- ramp VPRN.
  • Page 436 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 PE-2 uses an IES to externally peer with AS 64511. The peering is for the IPv4 and IPv6 address families, and a separate IPv4/IPv6 BGP session is maintained for each address family.
  • Page 437 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 An IPv4 FlowSpec route is subsequently established to black-hole/drop traffic with a source address of 172.16.15.148 (Tester T1) and a destination address of 172.31.100.232 (Tester T2), for any destination ports in the range 4190-4199. The following output shows the route as received at PE-2.
  • Page 438 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BGP FLOW IPV4 Routes =============================================================================== Flag Network Nexthop LocalPref As-Path ------------------------------------------------------------------------------- u*>i 0.0.0.0 None 65530 Community Action: rate-limit: 0:0 NLRI Subcomponents: Dest Pref : 172.16.15.148/32 Src Pref : 172.31.100.232/32 Ip Proto...
  • Page 439 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 Egress PBR : Disabled Match action : Drop Ing. Matches : 7234 pkts (723400 bytes) Egr. Matches : 0 pkts When the route is withdrawn and PE-2 receives an MP_UNREACH_NLRI for the same FlowSpec NLRI, the dynamically created filter entries are removed and all associated hardware resources (TCAM entries) are released.
  • Page 440 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 service-name "FlowSpec-OffRamp-VRF" no shutdown exit The following output shows the on-ramp IES at PE-5. This is the point where cleansed traffic re-enters the network and is forwarded toward its destination using the GRT.
  • Page 441 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 The FlowSpec ingress filter in the following output uses the filter identifier "fSpec-0" and the entry 32767 inserted by BGP FlowSpec. The output shows that there are ingress packet/byte matches against the defined match criteria received in the FlowSpec NLRI.
  • Page 442 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 IPv6 FlowSpec To validate the instantiation of ingress filters based on IPv6 FlowSpec routes, a bidirectional traffic stream is commenced between Tester T1 (2001:db8:4511:188::177) in AS 64511 and Tester T2 (2001:db8:4496:100::32) in AS 64496.
  • Page 443 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 A:PE-2# show filter ipv6 "fSpec-0" =============================================================================== IPv6 Filter =============================================================================== Filter Id : fSpec-0 Applied : Yes Scope : Template Def. Action : Forward System filter: Unchained Radius Ins Pt: n/a CrCtl.
  • Page 444 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Peer 1: 192.0.2.10 - Received BGP UPDATE: Withdrawn Length = 0 Total Path Attr Length = 110 Flag: 0x90 Type: 14 Len: 54 Multiprotocol Reachable NLRI: Address Family FLOW_IPV6 NLRI len: 48 dest_pref...
  • Page 445 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 Dest. Port : 4191..4198 Next Header Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined Sampling : Off Int. Sampling : On TCP-syn : Off TCP-ack...
  • Page 446 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 peer-as 64511 flowspec-validate split-horizon exit exit To verify the use of FlowSpec validation, the external peer in AS 64511 will attempt to instantiate an IPv4 FlowSpec filter at PE-4. The FlowSpec NLRI uses Tester T2's IP address (172.31.100.232) as the source prefix and Tester T1's IP address (172.16.15.148) as the destination prefix.
  • Page 447 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 The external peer in AS 64511 now advertises the prefix 172.16.0.0/20, together with the same IPv4 FlowSpec route with NLRI, containing a source prefix of 172.16.15.148/32 and destination prefix of 172.31.100.232/32.
  • Page 448 BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Flag Network Nexthop LocalPref As-Path ------------------------------------------------------------------------------- u*>i 0.0.0.0 None 64511 Community Action: rate-limit: 0:0 NLRI Subcomponents: Dest Pref : 172.16.15.148/32 Src Pref : 172.31.100.232/32 ------------------------------------------------------------------------------- Routes : 1 ===============================================================================...
  • Page 449 Advanced Configuration Guide - Part I BGP FlowSpec for IPv4 and IPv6 Releases Up To 14.0.R7 Resource Consumption Similar to static filters consuming hardware resources, also dynamically instantiated FlowSpec filters consume hardware resources (TCAM entries) on the associated linecards. Therefore, resources must be checked and monitored to ensure that the system operates within its scaling boundaries.
  • Page 450: Conclusion

    BGP FlowSpec for IPv4 and IPv6 Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Conclusion FlowSpec IPv4 and IPv6 provide a dynamic way to activate (and tear down) ingress filters to mitigate against DDoS attacks. SR OS supports a wide range of match criteria (FlowSpec NLRI) coupled with the ability to either drop or redirect mitigated traffic.
  • Page 451: Bgp Multipath

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 BGP Multipath This chapter provides information about BGP Multipath. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS release 14.0.R4.
  • Page 452 BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 1. The multipath command in the base router and VPRN BGP contexts contains the following options: multipath max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] − max-paths is the default maximum number of paths. It is overruled by ebgp-max-paths and ibgp-max-paths.
  • Page 453: Configuration

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 The eibgp-loadbalance command in a VPRN is used to provide ECMP over BGP- VPN (imported routes) and BGP routes. It is called eibgp-loadbalance because, in such scenarios, BGP-VPN is typically used between iBGP peers and BGP is used between eBGP peers.
  • Page 454 BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • BGP on all nodes (eBGP between CEs and PE-5; iBGP between PEs) • Export policy "export-bgp" accepting routes from protocol direct on all nodes The BGP configuration on CE-1 is as follows: configure router autonomous-system 64501...
  • Page 455 Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 exit The following will be configured and verified: • BGP multipath with different limits for eBGP and iBGP paths • BGP multipath with equal treatment for eBGP and iBGP paths •...
  • Page 456: Figure 90 Bgp Multipath With Ebgp Limit 2

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 90 BGP Multipath with eBGP Limit 2 AS 64501 CE-1 172.16.2.1/32 Common IP 3.1.0.0/32 route table Path: 64501 AS 64502 CE-2 172.16.2.2/32 3.1.0.0/32 Path: 64502 64500 CE-3 3.1.0.0/32 172.16.2.3/32 Path: 64503...
  • Page 457 Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 With ECMP disabled, only one of the four paths is active for prefix 3.1.0.0/32, as follows: *A:PE-5# show router bgp routes 3.1.0.0/32 =============================================================================== BGP Router ID:192.0.2.5 AS:64500 Local AS:64500 =============================================================================== Legend - Status codes...
  • Page 458: Figure 92 Bgp Multipath With Ibgp Limit 3 And Ecmp Limit 8

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BGP IPv4 Routes =============================================================================== Flag Network LocalPref Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 3.1.0.0/32 None None 172.16.15.1 None 64501 u*>i 3.1.0.0/32 None None 172.16.25.1 None 64502 *>i 3.1.0.0/32 None None...
  • Page 459 Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...
  • Page 460: Figure 93 Bgp Multipath With Limit 6 And Ebgp Preferred

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 93 BGP Multipath with Limit 6 and eBGP Preferred AS 64501 64500 CE-1 172.16.2.1/32 3.3.0.0/32 3.3.0.0/32 PE-6 192.0.2.6/32 Path: 64501 Path: 6 AS 64502 CE-2 3.3.0.0/32 3.3.0.0/32 PE-7 172.16.2.2/32 192.0.2.7/32...
  • Page 461 Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 3.3.0.0/32 None 192.0.2.7 None 3.3.0.0/32 None 192.0.2.8 None 3.3.0.0/32 None 192.0.2.9 None ------------------------------------------------------------------------------- Routes : 8 The BGP decision process prefers eBGP over iBGP, but this step can be skipped by configuring the following: *A:PE-5# configure router bgp best-path-selection ebgp-ibgp-equal ipv4 This configuration only skips one step in the BGP decision process.
  • Page 462: Figure 94 Bgp Multipath With Limit 6, Ebgp Equal To Ibgp, And Other Path Options Identical

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 94 BGP Multipath with Limit 6, eBGP Equal to iBGP, and Other Path Options Identical AS 64501 64500 CE-1 172.16.2.1/32 3.3.0.0/32 3.3.0.0/32 PE-6 192.0.2.6/32 Path: 64501 Path: 6 AS 64502 CE-2 3.3.0.0/32...
  • Page 463: Figure 95 Bgp Multipath Configured With Restriction To The Same Neighbor

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 192.0.2.6 None u*>i 3.3.0.0/32 None 192.0.2.7 None *>i 3.3.0.0/32 None 192.0.2.8 None *>i 3.3.0.0/32 None 192.0.2.9 None ------------------------------------------------------------------------------- Routes : 8 BGP Multipath Restricted to the Same Neighbor AS BGP multipath can be configured with the restriction that the neighbor AS must be the same for all the active paths.
  • Page 464 BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Only one BGP path will be active, because all the other routes have a different neighbor AS, as follows: *A:PE-5# show router bgp routes 3.2.0.0/32 =============================================================================== BGP Router ID:192.0.2.5 AS:64500 Local AS:64500 ===============================================================================...
  • Page 465: Figure 96 Bgp Multipath Restricted To The Same Neighbor As: As Paths With Same Length

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 Figure 96 BGP Multipath Restricted to the Same Neighbor AS: AS Paths with Same Length 64500 PE-6 3.4.0.0/32 Path: 4 6 192.0.2.6/32 PE-7 3.4.0.0/32 Path: 4 7 192.0.2.7/32 3.4.0.0/32 PE-8 Path: 4 8...
  • Page 466: Figure 97 Bgp Multipath Restricted To The Same Neighbor As: As Paths Of Different Lengths

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Routes : 4 The restriction that the neighbor AS must be the same does not overrule the BGP selection criterion that the shorter AS path is preferred. When the AS path is longer for the routes advertised by neighbors 192.0.2.8 and 192.0.2.9, only the BGP paths with the shorter AS path will be active, as shown in Figure...
  • Page 467: Figure 98 Bgp Multipath Restricted To The Same Neighbor As: As Paths Of Different Lengths, As Path Ignored

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 As-Path ------------------------------------------------------------------------------- u*>i 3.4.0.0/32 None 192.0.2.6 None u*>i 3.4.0.0/32 None 192.0.2.7 None 3.4.0.0/32 None 192.0.2.8 None 4 1 8 3.4.0.0/32 None 192.0.2.9 None 4 1 9 ------------------------------------------------------------------------------- Routes : 4 When the best path selection is configured to ignore the AS path, three paths will be active again, as shown in Figure...
  • Page 468 BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BGP Router ID:192.0.2.5 AS:64500 Local AS:64500 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...
  • Page 469: Figure 99 Bgp Multipath Restricted To Exact Same As. All As Paths Are Different

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 Figure 99 BGP Multipath Restricted to Exact Same AS. All AS Paths are Different. 64500 PE-6 3.5.0.0/32 Path: 5 6 192.0.2.6/32 PE-7 3.5.0.0/32 Path: 5 7 192.0.2.7/32 3.5.0.0/32 PE-8 Path: 5 8 192.0.2.8/32...
  • Page 470: Figure 100 Bgp Multipath Restricted To Exact Same As. All As Paths Are Identical

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Routes : 4 However, all the received BGP routes for prefix 3.6.0.0/32 have the same AS path. Three of these BGP paths will become active, as shown in Figure 100.
  • Page 471 Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 192.0.2.8 None u*>i 3.6.0.0/32 None 192.0.2.9 None 3.6.0.0/32 None 192.0.2.6 None ------------------------------------------------------------------------------- Routes : 4 EIBGP Load-Balancing in a VPRN The eibgp-loadbalance command is used to perform ECMP over BGP-VPN (imported routes) and BGP routes, not to make eBGP routes equal to iBGP routes.
  • Page 472 BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 BGP multipath is configured with an eBGP multipath limit of 4 and an iBGP multipath limit of 4, as follows: *A:PE-5# configure service vprn 1 bgp multipath 4 ebgp 4 ibgp 4 The eibgp-loadbalance command is not configured yet.
  • Page 473: Figure 101 Ebgp Equal To Ibgp: No Eibgp Load-Balancing

    Advanced Configuration Guide - Part I BGP Multipath Releases Up To 14.0.R7 Figure 101 EBGP Equal to IBGP: No EIBGP Load-Balancing AS 64501 172.16.115.0/30 64500 CE-1 172.16.2.1/32 PE-6 192.0.2.6/32 3.3.3.3/32 3.3.3.3/32 VPRN 1 VPRN 1 VPRN 1 AS 64502 CE-2 172.16.125.0/30 PE-7 172.16.2.2/32...
  • Page 474: Conclusion

    BGP Multipath Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Routes: 8 The first two BGP-VPN entries are eBGP routes learned from CE-3 and CE-4 and the other two BGP-VPN entries are iBGP routes learned from PE-8 and PE-9. Figure 102 shows that when EIBGP load-balancing is configured, the BGP-VPN routes are equal to the BGP routes.
  • Page 475: Bgp Route Leaking

    Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 BGP Route Leaking This chapter provides information about BGP route leaking. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability The information and configuration in this chapter is based on SR OS release 14.0.R4.
  • Page 476: Figure 103 Bgp Route Leaking Process

    BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 An IPv4 or IPv6 BGP route becomes a candidate for leaking to another instance when it is specially marked by a BGP import policy. This special marking is achieved by accepting the route with a bgp-leak action in the route policy.
  • Page 477: Configuration

    Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 Configuration Figure 104 shows the example topology used in this chapter, including the IPv4 addresses. For each of the examples, a dedicated figure will show the specific topology, which is a subset of the topology in Figure 2.
  • Page 478: Figure 105 Bgp Ipv4 Route Leaking Between Vprns

    BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 • Cards, MDAs, ports • Router interfaces • IGP (IS-IS or OSPF) between the PEs • LDP between the PEs • VPRN 1 on PE-1; VPRN 2 on PE-1 and PE-2 •...
  • Page 479 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 =============================================================================== Route Table (Service: 1) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 172.16.1.1/32 Local Local 00h45m08s system 172.16.111.0/30 Local Local 00h45m08s int-PE-1-CE-11 172.16.112.0/30 Local Local 00h45m08s...
  • Page 480 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- 172.16.2.1/32 Local Local 00h47m19s system 172.16.12.0/30 Local Local 00h47m19s int-PE-1-PE-2_VPN2 ------------------------------------------------------------------------------- No. of Routes: 2 To configure BGP route leaking, an import policy is required in VPRN 1. The BGP route leaking policy is configured on PE-1, as follows: configure router...
  • Page 481 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete ===============================================================================...
  • Page 482 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Flags : Used Valid Best Leakable Route Source : External ---snip--- BGP leakable routes can be imported into another VPRN. Prefix lists can be used to filter specific routes for BGP leaking, but that is not configured in this example. The following import policy is configured on PE-1 to import BGP leakable routes: configure router...
  • Page 483 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>li 192.168.90.2/32 None 172.16.111.2 (VPRN 1) None 64501 u*>li 192.168.90.3/32 None 172.16.111.2 (VPRN 1) None 64501 u*>l? 192.168.90.4/30 None 172.16.111.2 (VPRN 1) None 64501 u*>li 192.168.120.2/32...
  • Page 484 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Route Source : Leaked from VPRN 1 AS-Path : 64501 Route Tag Neighbor-AS : 64501 Orig Validation: NotFound Source Class Dest Class Add Paths Send : Default Last Modified : 00h00m07s ---snip---...
  • Page 485 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 Example 2 - BGP IPv4 Route Leaking between VPRNs per Neighbor The topology used for this example is the same as for Example 1; see Figure 105. Both CEs export the same routes as in the preceding example, and the BGP route leaking policy is identical: configure...
  • Page 486 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes ===============================================================================...
  • Page 487 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 172.16.111.2 None 64501 ------------------------------------------------------------------------------- Routes : 3 =============================================================================== *A:PE-1# The BGP leakable routes can be imported into another VPRN instance. The import policy is the same as for Example 1: configure router policy-options...
  • Page 488 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Flag Network LocalPref Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>li 192.168.90.2/32 None 172.16.111.2 (VPRN 1) None 64501 u*>li 192.168.90.3/32 None 172.16.111.2 (VPRN 1) None 64501 u*>l? 192.168.90.4/30 None 172.16.111.2 (VPRN 1) None...
  • Page 489: Figure 106 Bgp Ipv4 Route Leaking From Vprn To Grt

    Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 Figure 106 BGP IPv4 Route Leaking from VPRN to GRT AS 64501 PE-1 172.16.111.0/30 CE-11 VPRN 1 192.168.90.2/32 192.168.90.3/32 192.168.90.4/30 Service 172.16.112.0/30 Provider Network AS 64500 AS 64502 CE-12 PE-2 192.168.120.2/32...
  • Page 490 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 The routing table of the base router does not include any of the BGP routes exported by the CEs, as follows: *A:PE-1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type...
  • Page 491 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 The following command shows the leakable BGP routes in VPRN 1: *A:PE-1# show router 1 bgp routes ipv4 leakable =============================================================================== BGP Router ID:192.0.2.1 AS:64500 Local AS:64500 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid...
  • Page 492 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 exit exit exit exit exit As a result, the leakable BGP routes in VPRN 1 are leaked to the GRT, as follows: *A:PE-1# show router bgp routes ipv4 leaked =============================================================================== BGP Router ID:192.0.2.1 AS:64500...
  • Page 493 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 Route Source : Leaked from VPRN 1 ---snip--- The GRT includes the leaked routes, as follows: *A:PE-1# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Pref...
  • Page 494: Figure 107 Bgp Ipv4 Route Leaking From Grt To Vprn

    BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Example 4 - BGP IPv4 Route Leaking from GRT to VPRN per Neighbor Figure 107 shows the topology for this example, and the corresponding IP addresses. CE-11 exports routes such as 192.168.100.2/32 to the base router and CE-12 exports routes such as 192.168.121.2/32 to the base router.
  • Page 495 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 172.17.111.2 192.168.100.103/32 Remote 00h02m37s 172.17.111.2 192.168.100.104/30 Remote 00h02m37s 172.17.111.2 192.168.121.2/32 Remote 00h12m52s 172.17.112.2 192.168.121.3/32 Remote 00h12m52s 172.17.112.2 192.168.121.4/30 Remote 00h12m52s 172.17.112.2 ------------------------------------------------------------------------------- No. of Routes: 11 The BGP leaking policy is the same as in the preceding examples: configure router policy-options...
  • Page 496 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP IPv4 Routes ===============================================================================...
  • Page 497 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 The following command shows the imported leaked BGP routes in VPRN 2. The source of these leaked routes is the base router, not a VPRN. *A:PE-1# show router 2 bgp routes ipv4 leaked =============================================================================== BGP Router ID:192.0.2.1 AS:64500...
  • Page 498: Figure 108 Bgp Ipv6 Route Leaking Between Vprns

    BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Example 5 - BGP IPv6 Route Leaking between VPRNs. Global VPRN BGP Configuration Figure 6 shows the topology and the IP addresses used for this example. CE-11 exports routes such as 2001:db8:90::2/128 to VPRN 1 on PE-1, and CE-12 exports routes such as 2001:db8:120::2/128 to VPRN 1 on PE-1.
  • Page 499 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 2001:db8:112::1 2001:db8:120::4/126 Remote 00h02m05s 2001:db8:112::1 ------------------------------------------------------------------------------- No. of Routes: 9 The BGP route leaking policy is the same as for IPv4 routes: configure router policy-options begin policy-statement "BGP-Leak-Policy" entry 10 from protocol bgp...
  • Page 500 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 As-Path ------------------------------------------------------------------------------- u*>i 2001:db8:90::2/128 None None 2001:db8:111::1 None 64501 u*>i 2001:db8:90::3/128 None None 2001:db8:111::1 None 64501 u*>? 2001:db8:90::4/126 None None 2001:db8:111::1 None 64501 u*>i 2001:db8:120::2/128 None None 2001:db8:112::1 None 64502...
  • Page 501 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 exit exit The following command shows that the VPRN is importing the leaked BGP IPv6 routes from another VPRN instance: *A:PE-1# show router 2 bgp routes ipv6 leaked =============================================================================== BGP Router ID:192.0.2.1 AS:64500...
  • Page 502: Figure 109 Bgp Ipv6 Route Leaking From Grt And Vprn To Vprn

    BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Original Attributes Network : 2001:db8:90::2/128 Nexthop : 2001:db8:111::1 (VPRN 1) ---snip--- Flags : Used Valid Best Leaked Route Source : Leaked from VPRN 1 ---snip--- Example 6 - BGP IPv6 Route Leaking from GRT to VPRN and from VPRN to VPRN Figure 7 shows the topology and the IPv6 addresses used in this example.
  • Page 503 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 IPv6 Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 2001:db8::1/128 Local Local 00h10m57s system 2001:db8::2/128 Remote ISIS 00h10m45s fe80::48c5:1ff:fe01:1-"int-PE-1-PE-2" 2001:db8:12::/126 Local Local 00h10m56s...
  • Page 504 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 ------------------------------------------------------------------------------- No. of Routes: 9 The policy to mark imported BGP routes as leakable can be identical to the policy used in the preceding examples. However, in this case, prefix-lists are added as a filter.
  • Page 505 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 configure router policy-options begin prefix-list "2001:db8:100::" prefix 2001:db8:100::/100 longer exit prefix-list "2001:db8:121::" prefix 2001:db8:121::/100 longer exit policy-statement "BGP-Leak-Policy_100_121" entry 10 from protocol bgp prefix-list "2001:db8:100::" exit action accept bgp-leak exit exit...
  • Page 506 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 =============================================================================== BGP IPv6 Routes =============================================================================== Flag Network LocalPref Nexthop (Router) Path-Id Label As-Path ------------------------------------------------------------------------------- u*>i 2001:db8:100::2/128 None None 2001:db8:17:111::1 None 64501 u*>i 2001:db8:100::3/128 None None 2001:db8:17:111::1 None 64501 u*>? 2001:db8:100::4/126...
  • Page 507 Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 ===== *A:PE-1# On PE-1, a policy is created to import the BGP leakable routes (the same as in the preceding examples), as follows: configure router policy-options begin policy-statement "Import-Leakable-Routes"...
  • Page 508 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 64501 u*>li 2001:db8:90::3/128 None 2001:db8:111::1 (VPRN 1) None 64501 u*>l? 2001:db8:90::4/126 None 2001:db8:111::1 (VPRN 1) None 64501 u*>li 2001:db8:100::2/128 None 2001:db8:17:111::1 (Base) None 64501 u*>li 2001:db8:100::3/128 None 2001:db8:17:111::1 (Base) None 64501...
  • Page 509: Conclusion

    Advanced Configuration Guide - Part I BGP Route Leaking Releases Up To 14.0.R7 *A:PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail =============================================================================== BGP Router ID:192.0.2.1 AS:64500 Local AS:64500 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, >...
  • Page 510 BGP Route Leaking Advanced Configuration Guide - Part I Releases Up To 14.0.R7 3HE 11598 AAAB TQZZA 01 Issue: 01...
  • Page 511: Dynamic Bgp Peers

    Advanced Configuration Guide - Part I Dynamic BGP Peers Releases Up To 14.0.R7 Dynamic BGP Peers This chapter provides information about Dynamic BGP Peers. Topics in this chapter include: • Applicability • Overview • Configuration • Conclusion Applicability This chapter is applicable to SR OS routers and is based on SR OS Release 14.0.R7. Overview SR OS supports static and dynamic BGP sessions, where the static sessions are initiated toward explicitly configured non-passive neighbors, which are identified...
  • Page 512: Figure 110 Establishing Dynamic Bgp Sessions

    Dynamic BGP Peers Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 110 Establishing Dynamic BGP Sessions Dynamic BGP sessions Sessions 26360 Dynamic BGP peering is also supported for ESM-routed subscriber hosts to improve deployment flexibility, but this is out of the scope of this chapter. Characteristics In SR OS, BGP groups and dynamic BGP peers have the following characteristics: •...
  • Page 513: Configuration

    Advanced Configuration Guide - Part I Dynamic BGP Peers Releases Up To 14.0.R7 • If a new prefix entry is added to a group and this entry will become the longest prefix match for the IP address, then the session remains up, without interruption, if the new entry belongs to the same group as the one previously used to set up the dynamic session.
  • Page 514: Figure 111 Dynamic Bgp Peers

    Dynamic BGP Peers Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Figure 111 Dynamic BGP Peers AS 65536 192.168.13.0/30 192.168.14.0/30 192.0.2.3/32 192.0.2.4/32 192.0.2.1/32 192.168.12.0/30 192.168.15.0/30 192.0.2.2/32 192.0.2.5/32 26361 BGP is configured between the route reflector clients and the route reflector for the IPv4 address family.
  • Page 515 Advanced Configuration Guide - Part I Dynamic BGP Peers Releases Up To 14.0.R7 peer-as 65536 dynamic-peer-limit 10 dynamic-neighbor prefix 192.0.2.0/24 exit exit no shutdown exit exit exit Dynamic neighbors are shown with the "D" flag, as follows: *A:RR5# show router bgp summary all =============================================================================== BGP Summary ===============================================================================...
  • Page 516 Dynamic BGP Peers Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Last Error : Cease (Connection Collision Resolution) Local Family : IPv4 Remote Family : IPv4 Hold Time : 90 Keep Alive : 30 Min Hold Time Active Hold Time : 90 Active Keep Alive : 30...
  • Page 517 Advanced Configuration Guide - Part I Dynamic BGP Peers Releases Up To 14.0.R7 Auth key chain : n/a Bfd Enabled : Disabled Disable Cap Nego : Disabled Creation Origin : manual Flowspec Validate: Disabled Default Route Tgt: Disabled Aigp Metric : Disabled Split Horizon : Enabled...
  • Page 518 Dynamic BGP Peers Advanced Configuration Guide - Part I Releases Up To 14.0.R7 62 2017/02/16 14:49:46.48 CET MINOR: BGP #2038 Base Peer 1: 192.0.2.1 "VR 1: Group iBGP: Peer 192.0.2.1: moved into established state" 61 2017/02/16 14:49:46.47 CET WARNING: BGP #2011 Base Peer 1: 192.0.2.1 "VR 1: Group iBGP: Peer 192.0.2.1: remote end closed connection"...
  • Page 519 Advanced Configuration Guide - Part I Dynamic BGP Peers Releases Up To 14.0.R7 ------------------------------------------------------------------------------- Neighbors : 1 =============================================================================== * indicates that the corresponding row element may have been truncated. *A:RR5# The properties of all dynamic peers can be displayed using a single command, as follows: *A:RR5# show router bgp neighbor dynamic ===============================================================================...
  • Page 520: Conclusion

    Dynamic BGP Peers Advanced Configuration Guide - Part I Releases Up To 14.0.R7 *A:RR5# configure router bgp group "iBGP" dynamic-neighbor-limit 2 A hard reset of a running BGP session will result in that BGP session being torn down, as follows: *A:RR5# clear router bgp neighbor 192.0.2.4 hard The BGP peer fails to reconnect to the route reflector, because the peer limit has been reached, as follows:...
  • Page 521: Ebgp Route Resolution To A Static Route

    Advanced Configuration Guide - Part I EBGP Route Resolution to a Static Route Releases Up To 14.0.R7 EBGP Route Resolution to a Static Route This chapter provides information about EBGP Route Resolution to a Static Route. Topics in this chapter include: •...
  • Page 522: Configuration

    EBGP Route Resolution to a Static Route Advanced Configuration Guide - Part I Releases Up To 14.0.R7 configure router bgp group "eBGP" mh-ebgp-labeled-routes-resolve-to-static configure router bgp group "eBGP" neighbor 192.0.2.3 mh-ebgp-labeled-routes-resolve- to-static When applied to an eBGP peer, only labeled BGP routes learned from the associated eBGP peer can be resolved via IP routes.
  • Page 523: Figure 113 Bgp Peering

    Advanced Configuration Guide - Part I EBGP Route Resolution to a Static Route Releases Up To 14.0.R7 • eBGP sessions for address family labeled IPv4 between the ASBRs PE-2 and PE-3 • a multi-hop eBGP session for address family VPN-IPv4 between PE-1 and PE-4 Figure 113 BGP Peering AS 64496...
  • Page 524 EBGP Route Resolution to a Static Route Advanced Configuration Guide - Part I Releases Up To 14.0.R7 action accept exit exit exit commit On PE-2, iBGP and eBGP are configured for address family labeled IPv4, as follows. Two links are connecting PE-2 to PE-3 and, therefore, ECMP and BGP multipath are enabled.
  • Page 525 Advanced Configuration Guide - Part I EBGP Route Resolution to a Static Route Releases Up To 14.0.R7 peer-as 64500 local-address 192.0.2.1 neighbor 192.0.2.4 multihop 10 vpn-apply-export export "EBGP-VPN-IPv4" exit exit The export policy "EBGP-VPN-IPv4" is not defined and not required in this example, but usually some export policy would be used.
  • Page 526 EBGP Route Resolution to a Static Route Advanced Configuration Guide - Part I Releases Up To 14.0.R7 192.0.2.3 64500 0 00h00m21s Connect ------------------------------------------------------------------------------- The state of the BGP session toggles between Active and Connect. The last event is an openFail, as follows: *A:PE-2# show router bgp neighbor 192.0.2.3 detail | match "BGP Neighbor"...
  • Page 527 Advanced Configuration Guide - Part I EBGP Route Resolution to a Static Route Releases Up To 14.0.R7 PktSent OutQ ------------------------------------------------------------------------------- 192.0.2.2 64496 0 00h00m51s 0/0/1 (Lbl-IPv4) 192.0.2.4 64500 0 00h00m12s Connect ------------------------------------------------------------------------------- *A:PE-1# The state of the multi-hop eBGP session toggles between Active and Connect. The last event is openFail, as follows: *A:PE-1# show router bgp neighbor 192.0.2.4 detail | match "BGP Neighbor"...
  • Page 528 EBGP Route Resolution to a Static Route Advanced Configuration Guide - Part I Releases Up To 14.0.R7 Route Table (Router: Base) =============================================================================== Dest Prefix[Flags] Type Proto Pref Next Hop[Interface Name] M