Alcatel 7710 SR OS Configuration Manual

page of 502

/ 502
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

7710 SR OS

Router Configuration Guide

Software Version: 7710 SR OS 9.0R3

May 2011

Document Part Number: 93-0082-07-03

*93-0082-07-03*

Table of Contents

Need help?

Do you have a question about the 7710 SR OS and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel 7710 SR OS

Page 1 7710 SR OS Router Configuration Guide Software Version: 7710 SR OS 9.0R3 May 2011 Document Part Number: 93-0082-07-03 *93-0082-07-03*...
Page 2 This document is protected by copyright. Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7710 SR-Series Router Configuration Process ....... . .17 IP Router Configuration Configuring IP Router Parameters .
Page 4 VRRP Priority Control Policy Priority Events ..........210 Page 4 7710 SR OS Router Configuration Guide...
Page 5 VRRP Debug Commands.............300 7710 SR OS Router Configuration Guide...
Page 6 From an Egress SAP ............353 Page 6 7710 SR OS Router Configuration Guide...
Page 7 Filter Configurations ............472 7710 SR OS Router Configuration Guide...
Page 8 ................501 Page 8 7710 SR OS Router Configuration Guide...
Page 9 Show Cflowd Status Output Fields ..........491 7710 SR OS Router Configuration Guide...
Page 10 List of Tables Page 10 7710 SR OS Router Configuration Guide...
Page 11 Cflowd Configuration and Implementation Flow ........452 7710 SR OS Router Configuration Guide...
Page 12 List of Figures Page 12 7710 SR OS Router Configuration Guide...
Page 13: Ip Router Configuration
About This Guide This guide describes logical IP routing interfaces, virtual routers, IP and MAC-based filtering, and cflowd support provided by the 7710 SR OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.
Page 14: List Of Technical Publications
This guide describes Triple Play services and support provided by the 7710 SR and presents examples to configure and implement various protocols and services. • 7710 SR Quality of Service Guide This guide describes how to configure Quality of Service (QoS) policy management. Page 14 7710 SR OS Router Configuration Guide7710 SR OS...
Page 15: Technical Support
If you purchased a service agreement for your router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center at: Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
Page 16 Preface Page 16 7710 SR OS Router Configuration Guide7710 SR OS...
Page 17: Getting Started
VRRP on page 195 tion IP and MAC filters Filter Policies on page 301 Cflowd Cflowd on page 445 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 495 proprietary entities. 7710 SR OS Router Configuration Guide Page 17...
Page 18: Getting Started
Getting Started Page 18 7710 SR OS Router Configuration Guide...
Page 19: Ip Router Configuration
Interfaces on page 20  Autonomous Systems (AS) on page 25  Confederations on page 26  Proxy ARP on page 28  Bi-directional Forwarding Detection on page 37 • Configuration Notes on page 44 Page 19 7710 SR OS Router Configuration Guide...
Page 20: Configuring Ip Router Parameters
Confederations on page 26 • Proxy ARP on page 28 Refer to 7710 SR OS Triple Play Guide for information about DHCP and support provided by the 7710 SR as well as configuration examples. on page 33 Interfaces 7710 SR-Series routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (network and system) and address.
Page 21: Network Domains
This means that all SAPs in VPLS will have queue reaching all fwd- complexes serving interfaces that belong to the same network-domains as the SDPs. It is possible to assign/remove network-domain association of the interface/SDP without requiring deletion of the respective object. 7710 SR OS Router Configuration Guide Page 21...
Page 22: System Interface
If there is a default route in the router and the packets are coming from the interface that the default route is pointing to, the following can occur: Page 22 7710 SR OS Router Configuration Guide...
Page 23: Creating An Ip Address Range
10.10.0.0/16, and a new service prefix is configured as 10.10.10.0/24, then the 10.10.0.0/16 entry will be removed, provided that no services are configured that use 10.10.x.x addresses other than 10.10.10.x. 7710 SR OS Router Configuration Guide Page 23...
Page 24: Router Id
If neither the system interface or router ID are implicitly specified, then the router ID is inherited from the last four bytes of the MAC address. • The router can be derived on the protocol level; for example, BGP. Page 24 7710 SR OS Router Configuration Guide...
Page 25: Autonomous Systems (As)
AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. 7710 SR OS Router Configuration Guide Page 25...
Page 26: Confederations
To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router. Setting BGP policies to select an optimal path through a confederation requires other BGP modifications. Page 26 7710 SR OS Router Configuration Guide...
Page 27: Figure 1: Confederation Configuration
AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 Figure 1: Confederation Configuration 7710 SR OS Router Configuration Guide Page 27...
Page 28: Proxy Arp
Static ARP is used when a 7710 SR OS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 29: Dhcp Relay
IP Router Configuration DHCP Relay Refer to 7710 SR OS Triple Play Guide for information about DHCP and support provided by the 7710 SR as well as configuration examples. 7710 SR OS Router Configuration Guide Page 29...
Page 30: Internet Protocol Versions
(optional) data confidentiality are specified for IPv6. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Prio. | Flow Label +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Length Next Header Hop Limit +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: IPv6 Header Format Page 30 7710 SR OS Router Configuration Guide...
Page 31: Table 2: Ipv6 Header Field Descriptions
Source Address 128-bit address of the originator of the packet. Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient if a routing header is present). 7710 SR OS Router Configuration Guide Page 31...
Page 32: Ipv6 Applications
Figure 3: IPv6 Internet Exchange • IPv6 transit services — Figure 4 shows IPv6 transit provided by an ISP. Customer 1 2001:0410:0001:/48 2001:0410::/32 Customer 2 2001:0410:0002:/4 IPIPE_008 Figure 4: IPv6 Transit Services Page 32 7710 SR OS Router Configuration Guide...
Page 33: Ip Router Configuration
Dual-stack Dual-stack IPv6 Host IPv6 Host router router IPv4 IPv6 IPv6 Network Network Tunnel: IPv6 in IPv4 packet IPv6 IPv6 IPv4 data header header Figure 6: IPv6 over IPv4 Tunnels 7710 SR OS Router Configuration Guide Page 33...
Page 34: Dns
AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address since IPv6 addresses are more difficult to remember than IPv4 addresses. Page 34 7710 SR OS Router Configuration Guide...
Page 35: Ipv6 Provider Edge Router Over Mpls (6Pe)
MPLS labels. 6PE is a cost effective solution for IPv6 deployment. MP-BGP sessions 2001:0620 2001:0420 145:950.0 2001:0421 Dual Stack IPv4-IPv6 routers Dual Stack IPv4-IPv6 routers 2001:0621 IPv4 MPLS Fig_30 Figure 7: Example of a 6PE Topology within One AS 7710 SR OS Router Configuration Guide Page 35...
Page 36 LDP label used to reach the egress 6PE router. The bottom label is advertised in MP- BGP by the remote 6PE router. Typically, the IPv6 explicit null (value 2) label is used but an arbitrary value can be used when the remote 6PE router is from a vendor other than Alcatel- Lucent.
Page 37: Bi-Directional Forwarding Detection
If multiple BFD sessions exist between two nodes, the BFD discriminator is used to de-multiplex the BFD control packet to the appropriate BFD session. Control Packet Format The BFD control packet has 2 sections, a mandatory section and an optional authentication section. 7710 SR OS Router Configuration Guide Page 37...
Page 38: Table 3: Bfd Control Packet Field Descriptions
The final bit. If set, the transmitting system is responding to a received BFD control packet that had the poll (P) bit set. Rsvd Reserved bits. These bits must be zero on transmit and ignored on receipt. Detect Mult Page 38 7710 SR OS Router Configuration Guide...
Page 39 This is the minimum interval, in microseconds, between received BFD echo Interval packets that this system is capable of supporting. If this value is zero, the transmitting system does not support the receipt of BFD echo packets. 7710 SR OS Router Configuration Guide Page 39...
Page 40: Bfd For Rsvp-Te
As a result, it relies on the echo sender to send a high rate of BFD echo messages through the receiver node, which is only processed by the receiver’s forwarding path. This allows the echo sender to send BFD echo packets at any rate. Page 40 7710 SR OS Router Configuration Guide...
Page 41: Bfd Support For Bgp
Spoke Headend Router Headend Router Secondary Path IES/ IES/ Note: VPRN VPRN In this case BFD is run between the IES/VPRN interfaces Metro Metro Figure 9: BFD for IES/VPRN over Spoke SDP 7710 SR OS Router Configuration Guide Page 41...
Page 42: Figure 10: Bfd Over Lag
LAG i/f LAG i/f LAG i/f IES/ Note: VPRN In this case BFD is run between the IES/VPRN interfaces independent of the LAG or its members Fig_32 Figure 10: BFD over LAG Page 42 7710 SR OS Router Configuration Guide...
Page 43: Process Overview
Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. • Confederation — (Optional) Creates confederation autonomous systems within an AS to reduce the number of IBGP sessions required within an AS. 7710 SR OS Router Configuration Guide Page 43...
Page 44: Configuration Notes
 Chassis systems running in chassis mode c or d.  Chassis systems running in mixed-mode with IPv6 functionality limited to those interface on slots with IOM3-XPs/IMMs or later line cards.  7710 SR-c4/c12. Page 44 7710 SR OS Router Configuration Guide...
Page 45: Configuring An Ip Router With Cli
Service Management Tasks on page 72 • Service Management Tasks on page 72  Changing the System Name on page 72  Modifying Interface Parameters on page 73  Deleting a Logical IP Interface on page 74 7710 SR OS Router Configuration Guide Page 45...
Page 46: Router Configuration Overview
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7710 SR-Series router, the basic configuration tasks that must be performed are: •...
Page 47: Basic Configuration
# Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 confederation 1000 members 100 200 300 router-id 10.10.10.103 exit isis exit #------------------------------------------ A:ALA-A> config# 7710 SR OS Router Configuration Guide Page 47...
Page 48: Common Configuration Tasks
The following example displays the system name output. A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit Page 48 7710 SR OS Router Configuration Guide...
Page 49: Configuring Interfaces
CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all- ones | host-ones}] cflowd {acl | interface} egress filter ip ip-filter-id filter ipv6 ipv6-filter-id ingress filter ip ip-filter-id filter ipv6 ipv6-filter-id port port-name 7710 SR OS Router Configuration Guide Page 49...
Page 50: Configuring Ipv6 Parameters
CLI Syntax: config>router interface interface-name cpu-protection policy-id CPU protection policies are configured in the config>sys>security>cpu-protection context. See the 7710 SR OS System Management Guide. Configuring IPv6 Parameters IPv6 interfaces and associated routing protocols may only be configured on the following systems: •...
Page 51 [number seconds] time-exceeded [number seconds] unreachables [number seconds] neighbor ipv6-address mac-address The following displays a configuration example showing interface information. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/2/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# 7710 SR OS Router Configuration Guide Page 51...
Page 52: Configuring Ipv6 Over Ipv4 Parameters
::C8C8:C802/128 indirect 200.200.200.2 interface ip-int-name address {ip-address/mask|ip-address netmask} [broadcast all-ones|host-ones] port port-name The following displays configuration output showing interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.1" address 1.1.1.1/30 port 1/1/1 exit ---------------------------------------------- A:ALA-49>configure>router# Page 52 7710 SR OS Router Configuration Guide...
Page 53 {ip-address/mask|ip-address netmask} [broad- cast all-ones|host-ones] ipv6 address ipv6-address/prefix-length [eui-64] The following displays configuration output showing interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "system" address 200.200.200.1/32 ipv6 address 3FFE::C8C8:C801/128 exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 53...
Page 54 The following displays a configuration showing BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.1 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.2 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 54 7710 SR OS Router Configuration Guide...
Page 55 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 55...
Page 56: Tunnel Egress Node
[eui-64] port port-name The following displays interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.2" address 1.1.1.2/30 port 1/1/1 exit interface "system" address 200.200.200.2/32 ipv6 address 3FFE::C8C8:C802/128 exit exit ---------------------------------------------- Page 56 7710 SR OS Router Configuration Guide...
Page 57 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 57...
Page 58 Common Configuration Tasks Router advertisement on all IPv6-enabled interfaces will be enabled. prefix ipv6-prefix/prefix-length Page 58 7710 SR OS Router Configuration Guide...
Page 59: Configuring Ipv6 Parameters
100 10 time-exceeded 100 10 unreachables 100 10 exit ---------------------------------------------- A:ALA-49>config>router>if>ipv6# exit all The following displays an IPv6 configuration example. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/3/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# 7710 SR OS Router Configuration Guide Page 59...
Page 60 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 60 7710 SR OS Router Configuration Guide...
Page 61: Router Advertisement
The following displays the output showing the router advertisement configuration. *A:sim131>config>router>router-advert# info ---------------------------------------------- interface "n1" prefix 3::/64 exit use-virtual-mac no shutdown exit ---------------------------------------------- *A:sim131>config>router>router-advert# interface n1 *A:sim131>config>router>router-advert>if# prefix 3::/64 *A:sim131>config>router>router-advert>if>prefix# info detail ---------------------------------------------- autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000 ---------------------------------------------- *A:sim131>config>router>router-advert>if>prefix# 7710 SR OS Router Configuration Guide Page 61...
Page 62: Configuring Proxy Arp
 In the policy statement entry>from context, specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found. For more information about route policies, refer to the 7710 SR OS Routing Protocols Guide.
Page 63 10.20.30.0/24 through 32 exit prefix-list "prefixlist2" prefix 10.10.10.0/24 through 32 exit policy-statement "ProxyARPpolicy" entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# 7710 SR OS Router Configuration Guide Page 63...
Page 64 Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [policy-name...(upto 5 max)] remote-proxy-arp The following displays a proxy ARP configuration example: A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# Page 64 7710 SR OS Router Configuration Guide...
Page 65: Creating An Ip Address Range
All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP. The following is an example of the resolution process. 7710 SR OS Router Configuration Guide Page 65...
Page 66 When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM will spray the packets for this route based on hashing routine currently supported for IPv4 packets. Page 66 7710 SR OS Router Configuration Guide...
Page 67 IGP route resolution. BGP will continue to resolve a BGP next-hop to an LDP shortcut if the user enabled the LDP shortcut option in BGP BGP-Shortcut: CLI Syntax: config>router>bgp>igp-shortcut ldp 7710 SR OS Router Configuration Guide Page 67...
Page 68 FEC origination of IGP learned routes and subscriber/host routes statically configured or dynamically learned over subscriber IES interfaces. An LDP LSP used as a shortcut by IPv4 packets may also be tunneled using the LDP-over-RSVP feature. Page 68 7710 SR OS Router Configuration Guide...
Page 69: Deriving The Router Id
{ip-address/mask | ip-address netmask} [broad- cast all-ones | host-ones] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# 7710 SR OS Router Configuration Guide Page 69...
Page 70: Configuring A Confederation
A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# Page 70 7710 SR OS Router Configuration Guide...
Page 71: Configuring An Autonomous System
The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# 7710 SR OS Router Configuration Guide Page 71...
Page 72: Service Management Tasks
"TGIF" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# Page 72 7710 SR OS Router Configuration Guide...
Page 73: Modifying Interface Parameters
A:ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# 7710 SR OS Router Configuration Guide Page 73...
Page 74: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# Page 74 7710 SR OS Router Configuration Guide...
Page 75: Ip Router Command Reference
• Router Interface IPv6 Commands on page 79 • Router Advertisement Commands on page 80 • Show Commands on page 81 • Clear Commands on page 83 • Debug Commands on page 84 7710 SR OS Router Configuration Guide Page 75...
Page 76 [tag tag] [enable | disable] indirect ip-address [ldp | rsvp-te [disallow-igp]] [cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]] — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [tag tag] [enable | disable] black-hole [mcast-family] — [no] triggered-policy Page 76 7710 SR OS Router Configuration Guide...
Page 77: Router Interface Commands
— ieee-mac-addr — no — [no] multihoming primary|secondary [hold-time holdover-time] — network-domain network-domain-name — no network-domain — [no] ntp-broadcast — port port-name — no port — [no] proxy-arp-policy — network-policy-id [queue-redirect-group queue-group-name] 7710 SR OS Router Configuration Guide Page 77...
Page 78 — no hold-time — address {ip-address/mask | ip-address netmask} — no address — description description-string — no description — [no] shutdown For router interface VRRP commands, see VRRP Command Reference on page 237. Page 78 7710 SR OS Router Configuration Guide...
Page 79 — no time-exceeded — unreachables [number seconds] — no unreachables — [no] local-proxy-nd — neighbor ipv6-address [mac-address] — no neighbor ipv6-address — proxy-nd-policy policy-name [ policy-name...(up to 5 max)] — no proxy-nd-policy 7710 SR OS Router Configuration Guide Page 79...
Page 80: Router Advertisement Commands
— valid-lifetime {seconds | infinite} — no valid-lifetime — reachable-time milli-seconds — no reachable-time — retransmit-time milli-seconds — no retransmit-time — router-lifetime seconds — no router-lifetime — [no] shutdown — [no] use-virtual-mac Page 80 7710 SR OS Router Configuration Guide...
Page 81 — sgt-qos — application [app-name] [dscp-dot1p] — dscp-map [dscp-name] — static-arp [ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix /mask]| [preference preference] | [next-hop ip-address] | [tag tag] [detail] 7710 SR OS Router Configuration Guide Page 81...
Page 82 IP Router Command Reference — status — tunnel-table [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] — neighbor [interface-name] Page 82 7710 SR OS Router Configuration Guide...
Page 83 — tunnel tunnel-id — statistics — neighbor {all | ip-address} — neighbor [interface ip-int-name | ip-address] — router-advertisement — router-advertisement [interface interface-name] — forwarding-table [slot-number] — interface [ip-int-name | ip-addr] [icmp] 7710 SR OS Router Configuration Guide Page 83...
Page 84 [ip-int-name | ip-address] — route-table [ip-prefix/prefix-length] [longer] — no route-table — tunnel-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id]| sdp [sdp-id sdp-id]] — mtrace — [no] misc — [no] packet [query | request | response] Page 84 7710 SR OS Router Configuration Guide...
Page 85: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 85...
Page 86: Router Global Commands
Parameters ip-prefix — The destination address of the aggregate route in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d Page 86 7710 SR OS Router Configuration Guide...
Page 87 — The autonomous system number expressed as a decimal integer. Values 1 — 4294967295 confederation Syntax confederation confed-as-num members as-number [as-number...up to 15 max] no confederation [confed-as-num members as-number...up to 15 max] Context config>router 7710 SR OS Router Configuration Guide Page 87...
Page 88 — The maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp. Values 0 — 16 Page 88 7710 SR OS Router Configuration Guide...
Page 89 — Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes. threshold threshold — The percentage at which a warning log message and SNMP trap should be sent. Values 0 — 100 Default 7710 SR OS Router Configuration Guide Page 89...
Page 90 Syntax network-domain network-domain-name [create] no network-domain network-domain-name Context config>router>network-domains Description This command creates network-domains that can be associated with individual interfaces and SDPs. Default network-domain “default” Page 90 7710 SR OS Router Configuration Guide...
Page 91 When a range that is a subset of a previously defined service prefix is defined, the subset replaces the existing superset, providing addresses used by services are not affected; for example, if a service 7710 SR OS Router Configuration Guide Page 91...
Page 92 — Specifies the DSCP value Values 0 — 63 Page 92 7710 SR OS Router Configuration Guide...
Page 93 If the triggered-policy command is enabled, and a given peer is established, and you want the peer to remain up, in order for a change to a route policy to take effect, a clear command with the soft or soft 7710 SR OS Router Configuration Guide Page 93...
Page 94 IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Values ipv4-address a.b.c.d (host bits must be 0) ipv6-address x:x:x:x:x:x:x:x[-interface] Page 94 7710 SR OS Router Configuration Guide...
Page 95 (on this node) can be configured. The next-hop keyword and the indirect or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the indirect or black-hole 7710 SR OS Router Configuration Guide Page 95...
Page 96: Table 4: Default Route Preferences
— Adds a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols. Table 4: Default Route Preferences Route Type Preference Configurable Direct attached Static-route OSPF Internal routes Page 96 7710 SR OS Router Configuration Guide...
Page 97 CPE connectivity feature for the associated static route. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route. 7710 SR OS Router Configuration Guide Page 97...
Page 98 Local 05h04m10s management ------------------------------------------------------------------------------- No. of Routes: 3 =============================================================================== *B:Dut-C>config>router# *B:Dut-C>config>router# show router "management" route-table ipv6 =============================================================================== IPv6 Route Table (Router: management) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric Page 98 7710 SR OS Router Configuration Guide...
Page 99 *B:Dut-C>config>router# show router "management" static-route ipv6 =============================================================================== Static Route Table (Router: management) Family: IPv6 =============================================================================== Prefix Pref Type Act Next Hop Interface ------------------------------------------------------------------------------- 1::/96 3000::AC1F:7567 management ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== *B:Dut-C>config>router# 7710 SR OS Router Configuration Guide Page 99...
Page 100: Router Interface Commands
IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing. Page 100 7710 SR OS Router Configuration Guide...
Page 101 IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. Note that a mask length of 32 is reserved for system IP addresses. Values 1 — 32 7710 SR OS Router Configuration Guide Page 101...
Page 102 This command enables the forwarding of directed broadcasts out of the IP interface. A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables Page 102 7710 SR OS Router Configuration Guide...
Page 103 BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault. The no form of the command removes BFD from the router interface regardless of the IGP/RSVP. Default no bfd 7710 SR OS Router Configuration Guide Page 103...
Page 104 — cflowd policy associated with an IP interface. delayed-enable Syntax delayed-enable seconds no delayed-enable Context config>router>if Description This command creates a delay to make the interface operational by the specified number of seconds Page 104 7710 SR OS Router Configuration Guide...
Page 105 When the preferred RTM entry corresponds to a regular IP route, spraying will be performed across regular IP next-hops for the prefix.. The no form of this command disables the resolution of IGP routes using LDP shortcuts. 7710 SR OS Router Configuration Guide Page 105...
Page 106 Note that the LDP Sync Timer State is not always synched across to the standby CPM, so after an activity switch the timer state might not be same as it was on the previous active CPM. The no form of this command disables IGP/LDP synchronization and deletes the configuration Page 106 7710 SR OS Router Configuration Guide...
Page 107 — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses. 7710 SR OS Router Configuration Guide Page 107...
Page 108 This is to allow the reset of the network to reconverge after a router failure before the anycase based label assignments are flushed from the forwarding plane. Values 0 - 65535 Default Page 108 7710 SR OS Router Configuration Guide...
Page 109 The command returns an error if the interface is already associated with another port or the system. In this case, the association must be deleted before the command is re-attempted. The port-id can be in one of the following forms: • Ethernet Interfaces 7710 SR OS Router Configuration Guide Page 109...
Page 110 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 111 The specified queue-group-name must exist as a port egress queue group on the port associated with the IP interface. remote-proxy-arp Context config>router>interface Description This command enables remote proxy ARP on the interface. Default no remote-proxy-arp 7710 SR OS Router Configuration Guide Page 111...
Page 112 1. This is the default broadcast address used by an IP interface. Page 112 7710 SR OS Router Configuration Guide...
Page 113 Static ARP is used when a 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 114 The profile of a packet is either derived from ingress classification or ingress policing. The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos- Page 114 7710 SR OS Router Configuration Guide...
Page 115 IP interface has the remark-trusted state set untrusted — Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. 7710 SR OS Router Configuration Guide Page 115...
Page 116 Syntax mode {strict | loose} no mode Context config>router>if>urpf-check Description This command specifies the mode of unicast RPF check. The no form of the command reverts to the default (strict) mode. Page 116 7710 SR OS Router Configuration Guide...
Page 117 Domain Routing) or traditional dotted decimal notation. Show commands display CIDR notation and are stored in configuration files. By default, no IP address or subnet association exists on an IP interface until it is explicitly created. 7710 SR OS Router Configuration Guide Page 117...
Page 118 Context config>router>mh-primary-interface config>router>mh-secondary-interface Description This command creates a text description stored in the configuration file for a configuration context. The no form of the command removes the description string from the context. Page 118 7710 SR OS Router Configuration Guide...
Page 119 IGPs and LDP protocols to allow the resolution of BGP routes advertised with this address by the primary multihoming router. The no form of the command disables this setting. Default no mh-secondary-interface 7710 SR OS Router Configuration Guide Page 119...
Page 120 This is to allow the reset of the network to reconverge after a router failure before the anycast based label assignments are flushed from the forwarding plane. Values 0-65535 Default Page 120 7710 SR OS Router Configuration Guide...
Page 121 No interfaces have flowspec enabled. filter Syntax filter ip ip-filter-id filter ipv6 ipv6-filter-id no filter [ip ip-filter-ip] [ipv6 ipv6-filter-id] Context config>router>if>ingress config>router>if>egress Description This command associates an IP filter policy with an IP interface. 7710 SR OS Router Configuration Guide Page 121...
Page 122 — The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ipv6 context. Values 1— 65535 Page 122 7710 SR OS Router Configuration Guide...
Page 123 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. Default redirects 100 10 — Maximum of 100 redirect messages in 10 seconds. 7710 SR OS Router Configuration Guide Page 123...
Page 124 The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval. Page 124 7710 SR OS Router Configuration Guide...
Page 125 The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. 7710 SR OS Router Configuration Guide Page 125...
Page 126 Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used. icmp6 Syntax icmp6 Context config>router>if>ipv6 Description This command enables the context to configure ICMPv6 parameters for the interface. Page 126 7710 SR OS Router Configuration Guide...
Page 127 The no form of the command disables ICMPv6 redirects. Default 100 10 (when IPv6 is enabled on the interface) 7710 SR OS Router Configuration Guide Page 127...
Page 128 Values 10 — 1000 seconds — Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame. Values 1 — 60 Page 128 7710 SR OS Router Configuration Guide...
Page 129 This command can only be used on Ethernet media. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address. 7710 SR OS Router Configuration Guide Page 129...
Page 130 — The IPv6 address assigned to a router interface. Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx- xx-xx-xx-xx-xx. Page 130 7710 SR OS Router Configuration Guide...
Page 131: Router Advertisement Commands
IPv6 packets. Default Parameters number — Specifies the hop limit. Values 0 — 255. A value of zero means there is an unspecified number of hops. 7710 SR OS Router Configuration Guide Page 131...
Page 132 This command configures the minimum interval between sending ICMPv6 neighbor discovery router advertisement messages. Default Parameters seconds — Specify the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages. Values 3 — 1350 Syntax [no] mtu mtu-bytes Context config>router>router-advert>if Page 132 7710 SR OS Router Configuration Guide...
Page 133 [0 — 255]D ipv6-prefix-length 0 — 128 prefix-length — Specifies a route must match the most significant bits and have a prefix length. Values 1 — 128 autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix 7710 SR OS Router Configuration Guide Page 133...
Page 134 The address generated from an invalidated prefix should not appear as the destination or source address of a packet. Default 2592000 Parameters seconds — Specifies the remaining length of time in seconds that this prefix will continue to be valid. Page 134 7710 SR OS Router Configuration Guide...
Page 135 — The length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination. Values 0, 4 — 9000 seconds. 0 means that the router is not a default router on this link. 7710 SR OS Router Configuration Guide Page 135...
Page 136 If the virtual router is not the master, no router advertisement messages are sent. The no form of the command disables sending router advertisement messages. Default no use-virtual-mac Page 136 7710 SR OS Router Configuration Guide...
Page 137: Show Commands
Inv — The ARP entry is an inactive static ARP entry (invalid). Oth — The ARP entry is a local or system ARP entry. Sta — The ARP entry is an active static ARP entry. 7710 SR OS Router Configuration Guide Page 137...
Page 138 Type Interface ------------------------------------------------------------------------------- 10.10.0.3 04:5d:ff:00:00:00 00:00:00 system =============================================================================== A:ALA-A# A:ALA-A# show router ARP to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.13.1 04:5b:01:01:00:02 03:53:09 to-ser1 =============================================================================== A:ALA-A# Page 138 7710 SR OS Router Configuration Guide...
Page 139 The number of packets that were authenticated. Client Packets Authenticate Ok Sample Output A:ALU-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail Client Packets Authenticate Ok : 12 =================================================================== A:ALU-3> 7710 SR OS Router Configuration Guide Page 139...
Page 140 Remote State : Up (3) Remote Diag : 0 (None) Remote Mode : Async Remote Min Tx : 1000 Remote Mult Last Recv (ms) : 367 Remote Min Rx : 10 =============================================================================== *A:Dut-C# Page 140 7710 SR OS Router Configuration Guide...
Page 141 =============================================================================== *A:Dut-B# session Syntax session [src ip-address [dst ip-address] | detail] session [type type] session [summary] Context show>router>bfd Description This command displays session information. 7710 SR OS Router Configuration Guide Page 141...
Page 142 Up (3) 10.2.1.3 pim isis 50968 50718 port-1-2 Up (3) 3FFE::A02:103 static bgp cpm-np port-1-2 Up (3) =============================================================================== *A:Dut-B# A:Dut-B# show router bfd session src 3FFE::A01:102 dest 3FFE::A01:103 =============================================================================== BFD Session Page 142 7710 SR OS Router Configuration Guide...
Page 143 * indicates that the corresponding row element may have been truncated. *A:Dut-D# *A:Dut-B# show router bfd session ipv4 =============================================================================== BFD Session =============================================================================== Interface State Tx Intvl Rx Intvl Multipl Remote Address Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- port-1-1 Up (3) 7710 SR OS Router Configuration Guide Page 143...
Page 144 *A:Dut-D# show router bfd session summary ============================= BFD Session Summary ============================= Termination Session Count ----------------------------- central cpm-np iom, slot 1 iom, slot 2 iom, slot 3 iom, slot 4 iom, slot 5 Total ============================= Page 144 7710 SR OS Router Configuration Guide...
Page 145 The number of packets received from the DHCP clients. Transmitted Pack- The number of packets transmitted to the DHCP clients. Received Mal- The number of malformed packets received from the DHCP clients. formed Packets 7710 SR OS Router Configuration Guide Page 145...
Page 146 4 Hop Count Limit reached 5 Missing Relay Msg option, or illegal msg type 6 Unable to determine destinatinon client Itf 7 Out of Memory 8 No global Pfx on Client Itf Page 146 7710 SR OS Router Configuration Guide...
Page 147 Sample Output A:ALA-1# show router dhcp summary =============================================================================== DHCP6 Summary (Router: Base) =============================================================================== Interface Name Used/Max Relay Admin Oper Relay SapId Resol. Used/Max Server Admin Oper Server ------------------------------------------------------------------------------- interfaceServiceDefault NoServerCo* sap:1/2/12:1 0/8000 7710 SR OS Router Configuration Guide Page 147...
Page 148 True — ECMP is enabled for the instance. The number of ECMP routes configured for path sharing. Configured-ECMP-Routes Sample Output A:ALA-A# show router ecmp =============================================================================== Router ECMP =============================================================================== Instance Router Name ECMP Configured-ECMP-Routes ------------------------------------------------------------------------------- Base True =============================================================================== A:ALA-A# Page 148 7710 SR OS Router Configuration Guide...
Page 149 ======================================================================== FIB Display ======================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------ 131.132.133.134/32 OSPF 66.66.66.66 (loop7) Next-hop type: tunneled, Owner: RSVP, Tunnel-ID: <out-ifindex-from-route> ------------------------------------------------------------------------ Total Entries : 1 ------------------------------------------------------------------------ ======================================================================== *A:Dut-C# show router fib 1 1.1.1.1/32 7710 SR OS Router Configuration Guide Page 149...
Page 150 The number of packet redirects. Pkt Too big The number of packets that exceed appropriate size. Echo Reply The number of echo replies. Router Advertise- The number of times the router advertised its location. ments Page 150 7710 SR OS Router Configuration Guide...
Page 151 Label Description Total The total number of all messages. Destination The number of message that did not reach the destination. Unreachable Time Exceeded The number of messages that exceeded the time threshold. 7710 SR OS Router Configuration Guide Page 151...
Page 152 Total : 47 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits : 27 Neighbor Advertisements : 20 =============================================================================== B:CORE2# Page 152 7710 SR OS Router Configuration Guide...
Page 153 The IP address and subnet mask length of the IP interface. — Indicates no IP address has been assigned to the IP interface. Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled. 7710 SR OS Router Configuration Guide Page 153...
Page 154 Up/Up Down/Down Network 1/7/2 12.2.4.4/24 3FFE::C02:404/120 ip-13.2.4.4 Up/Up Down/Down Network 1/1/3 13.2.4.4/24 3FFE::D02:404/120 ip-14.2.4.4 Up/Up Down/Down Network 1/1/4 14.2.4.4/24 3FFE::E02:404/120 ip-15.2.4.4 Up/Up Down/Down Network 1/1/5 15.2.4.4/24 3FFE::F02:404/120 ip-21.2.4.4 Up/Up Up/Up Network 1/3/11 Page 154 7710 SR OS Router Configuration Guide...
Page 155 A:ALA-A# show router interface exclude-services =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode ------------------------------------------------------------------------------- system 10.10.0.3/32 Network to-ser1 10.10.13.3/24 Network to-ser4 10.10.34.3/24 Network to-ser5 10.10.35.3/24 Network to-ser6 Down Network management 192.168.2.93/20 Network =============================================================================== A:ALA-A# 7710 SR OS Router Configuration Guide Page 155...
Page 156 True — The IP interface will reply to a received ICMP mask request. Arp Populate Displays whether ARP is enabled or disabled. Host Conn Verify host connectivity verification. LdpSyncTimer Specifies the IGP/LDP sync timer value. Page 156 7710 SR OS Router Configuration Guide...
Page 157 LdpSyncTimer : None Proxy ARP Details Rem Proxy ARP: Disabled Local Proxy ARP : Disabled Policies : none Proxy Neighbor Discovery Details Local Pxy ND : Disabled Policies : none ICMP Details 7710 SR OS Router Configuration Guide Page 157...
Page 158 The number of IP interfaces in the router instance. The number of administratively enabled IP interfaces in the router Admin-Up instance. The number of operationally enabled IP interfaces in the router Oper-Up instance. Page 158 7710 SR OS Router Configuration Guide...
Page 159 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps =============================================================================== neighbor Syntax neighbor [ip-int-name | ip-address | mac ieee-mac-address | summary] Context show>router Description This command displays information about the IPv6 neighbor cache. 7710 SR OS Router Configuration Guide Page 159...
Page 160 Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface MAC Address State Expiry Type ------------------------------------------------------------------------------- FE80::203:FAFF:FE78:5C88 net1_1_2 00:16:4d:50:17:a3 STALE 03h52m08s Dynamic FE80::203:FAFF:FE81:6888 net1_2_3 00:03:fa:1a:79:22 STALE 03h29m28s Dynamic ------------------------------------------------------------------------------- No. of Neighbor Entries: 2 =============================================================================== B:CORE2# Page 160 7710 SR OS Router Configuration Guide...
Page 161 No. Of Ifs Associated No. Of SDPs Associated =============================================================================== *A:Dut-T>config>router# *A:Dut-T>config>router# show router network-domains "net1" interface-association =============================================================================== Interface Network Domain Association Table =============================================================================== Interface Name Port Network Domain ------------------------------------------------------------------------------- intf1 1/2/2 net1 intf2 6/1/2 net1 7710 SR OS Router Configuration Guide Page 161...
Page 162 Policy Output — The following table describes policy output fields. Label Description Policy The policy name. Description Displays the description of the policy. Sample Output B:CORE2# show router policy =============================================================================== Route Policies =============================================================================== Policy Description Page 162 7710 SR OS Router Configuration Guide...
Page 163 [0 — FFFF]H d: [0 — 255]D prefix-length: 1 — 128ipv6 longer — Displays routes matching the ip-prefix/mask and routes with longer masks. exact — Displays the exact route matching the ip-prefix/mask masks. 7710 SR OS Router Configuration Guide Page 163...
Page 164 Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 1.1.1.1/32 Remote 00h00m09s 10.20.1.1 (tunneled:RSVP:1) ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== A:ALA# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Page 164 7710 SR OS Router Configuration Guide...
Page 165 A:ALA-A# A:ALA-A# show router route-table 10.10.0.4/32 longer =============================================================================== Route Table =============================================================================== Dest Address Next Hop Type Protocol Metric Pref ------------------------------------------------------------------------------- 10.10.0.4/32 10.10.34.4 Remote OSPF 3523 1001 ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== 7710 SR OS Router Configuration Guide Page 165...
Page 166 OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 10.20.1.5/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 10.20.1.6/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 ------------------------------------------------------------------------------- No. of Routes: 4 =============================================================================== *A:Dut-B# show router route-table 10.20.1.5/32 next-hop-type tunneled =============================================================================== Page 166 7710 SR OS Router Configuration Guide...
Page 167 If no command line arguments are specified, all routes are displayed, sorted by prefix. Parameters interface-name — Maximum 32 characters. ipv6-prefix[/prefix-length] — Displays routes only matching the specified ip-address and length. Values ipv6 ipv6-prefix[/pref*: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H 7710 SR OS Router Configuration Guide Page 167...
Page 168 The minimum interval between sending ICMPv6 neighbor discovery router advertisement messages. Other Config True — Indicates there are other stateful configurations. False — Indicates there are no other stateful configurations. Router Lifetime Displays the router lifetime in seconds. Page 168 7710 SR OS Router Configuration Guide...
Page 169 Rtr Solicitation Rx Nbr Advertisement Rx : 166 Nbr Solicitation Rx : 143 ------------------------------------------------------------------------------- Max Advert Interval : 601 Min Advert Interval : 201 Managed Config : TRUE Other Config : TRUE 7710 SR OS Router Configuration Guide Page 169...
Page 170 The address of the advertising router. Advertisement from The time, in milliseconds, that a node assumes a neighbor is reachable Reachable Time after receiving a reachability confirmation. Displays the router lifetime in seconds. Router Lifetime Page 170 7710 SR OS Router Configuration Guide...
Page 171 : FALSE [TRUE] Other Config : FALSE [TRUE] Reachable Time : 00h00m00s0ms [00h00m00s400ms] Router Lifetime : 00h30m00s [00h30m01s] Retransmit Time : 00h00m00s0ms [00h00m00s400ms] Hop Limit : 64 [63] Link MTU : 0 [1500] 7710 SR OS Router Configuration Guide Page 171...
Page 172 The IP address of the static ARP entry. IP Address The MAC address of the static ARP entry. MAC Address The age of the ARP entry. Static ARPs always have for the age. 00:00:00 Page 172 7710 SR OS Router Configuration Guide...
Page 173 Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp mac 00:00:5a:40:00:01 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 7710 SR OS Router Configuration Guide Page 173...
Page 174 Static Route Output — The following table describes the output fields for the static route table. Label Description The static route destination address and mask. IP Addr/mask The route preference value for the static route. Pref Page 174 7710 SR OS Router Configuration Guide...
Page 175 10.10.0.254 192.168.253.0/24 to-ser1 192.168.253.0/24 10.10.0.254 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route 192.168.250.0/24 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 =============================================================================== A:ALA-A# 7710 SR OS Router Configuration Guide Page 175...
Page 176 Description This command displays the address ranges reserved by this node for services sorted by prefix. Output Service Prefix Output — The following table describes the output fields for service prefix information. Page 176 7710 SR OS Router Configuration Guide...
Page 177 — The specific application. Values arp, bgp, cflowd, dhcp, dns, ftp, icmp, igmp, isis, ldp, mld, msdp, ndis, ntp, ospf, pimradius, rip, rsvpsnmp, snmp-notification, srrp, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp, pppoe 7710 SR OS Router Configuration Guide Page 177...
Page 178 The maximum number of routes configured for the system. Total Routes The total number of routes in the route table. ECMP Max Routes The number of ECMP routes configured for path sharing. Page 178 7710 SR OS Router Configuration Guide...
Page 179 Oper State ---------------------------------------------------------------- Router OSPFv2-0 OSPFv2-1 Down Down OSPFv2-2 Down Down OSPFv2-3 Down Down OSPFv2-4 Down Down OSPFv2-5 Down Down OSPFv2-6 Down Down OSPFv2-7 Down Down OSPFv2-8 Down Down OSPFv2-9 Down Down 7710 SR OS Router Configuration Guide Page 179...
Page 180 NH resolution is refering to the core routing instance for IP reachability. For a VPRN service this object specifies the lookup to be used by the routing instance if no SDP to the destination exists. Parameters ip-address[/mask] — Displays the specified tunnel table’s destination IP address and mask. Page 180 7710 SR OS Router Configuration Guide...
Page 181 ------------------------------------------------------------------------------- 10.0.0.1/32 0.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 =============================================================================== A:ALA-A>config>service# A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- =============================================================================== A:ALA-A>config>service# Values ipv6-address x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] 7710 SR OS Router Configuration Guide Page 181...
Page 182 : N/A IPv6 Del.Pfx. : N/A Primary IPv6 DNS : N/A Secondary IPv6 DNS : N/A Values ipv6-address x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 characters maximum, mandatory for link local addresses Page 182 7710 SR OS Router Configuration Guide...
Page 183: Clear Commands
— Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router Description This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. 7710 SR OS Router Configuration Guide Page 183...
Page 184 Syntax dhcp Context clear>router Description This command enables the context to clear DHCP related information. dhcp6 Syntax dhcp6 Context clear>router Description This command enables the context to clear DHCP6 related information. Page 184 7710 SR OS Router Configuration Guide...
Page 185 This command deletes routes created as a result of ICMP redirects received on the management interface. Parameters all — Clears all routes. ip-address — Clears the routes associated with the specified IP address. 7710 SR OS Router Configuration Guide Page 185...
Page 186 — - Resets the statistics associated with uRPF failures. statistics — - Resets the IP interface traffic statistics. l2tp Syntax l2pt Context clear>router Description This command enables the context to clear L2PT data. Page 186 7710 SR OS Router Configuration Guide...
Page 187 If no IP address or interface name is specified, then statistics are cleared for all configured interfaces. If an IP address or interface name is specified, then only data regarding the specified interface is cleared. Parameters ip-address | ip-int-name — Displays statistics for the specified IP interface. 7710 SR OS Router Configuration Guide Page 187...
Page 188 Context clear>router Description This command clears all router advertisement counters. Parameters all — Clears all router advertisement counters for all interfaces. interface interface-name — Clear router advertisement counters for the specified interface. Page 188 7710 SR OS Router Configuration Guide...
Page 189: Debug Commands
Syntax router router-instance Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values router-name: Base, management service-id: 1 — 2147483647 7710 SR OS Router Configuration Guide Page 189...
Page 190 Description This command enables ICMP6 debugging. interface Syntax [no] interface [ip-int-name | ip-address| ipv6-address | ipv6-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. Page 190 7710 SR OS Router Configuration Guide...
Page 191 * — udp/tcp wildcard route-table Syntax route-table [ip-prefix/prefix-length] route-table ip-prefix/prefix-length longer no route-table Context debug>router>ip Description This command configures route table debugging. 7710 SR OS Router Configuration Guide Page 191...
Page 192 Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. Page 192 7710 SR OS Router Configuration Guide...
Page 193 Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. 7710 SR OS Router Configuration Guide Page 193...
Page 194 Debug Commands Page 194 7710 SR OS Router Configuration Guide...
Page 195: Vrrp
 Non-Owner Access SSH on page 217  VRRP Advertisement Message IP Address List Verification on page 206 • VRRP Configuration Process Overview on page 218 • Configuration Notes on page 219 7710 SR OS Router Configuration Guide Page 195...
Page 196: Vrrp Overview
VRRP configuration. Internet Backup Master Backup Non-Owner Owner Non-Owner ALA-1 ALA-2 ALA-3 vrld 100 vrld 100 vrld 100 Priority 200 Priority 150 Virtual Router ID (VRID) OSRG006 Figure 11: VRRP Configuration Page 196 7710 SR OS Router Configuration Guide...
Page 197: Vrrp Components
7710 SR OS allows the virtual routers to be configured as non-owners of the IP address. VRRP on a 7710 SR router can be configured to allow non-owners to respond to ICMP echo requests when they become the virtual router master for the virtual router.
Page 198: Primary And Secondary Ip Addresses
A 7710 SR IP interface must always have a primary IP address assigned for VRRP to be active on the interface. 7710 SR OS supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 199: Virtual Router Backup
VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis. For information about non-owner access parameters, refer to VRRP Non-Owner Accessibility on page 216. 7710 SR OS Router Configuration Guide Page 199...
Page 200: Configurable Parameters
The priority value affects the interaction between this VRID and the same VRID of other virtual routers participating on the same LAN. A higher priority value defines a greater priority in becoming the virtual router master for the VRID. The priority value can only be configured when Page 200 7710 SR OS Router Configuration Guide...
Page 201: Ip Addresses
These are the IP addresses being used by hosts on the LAN as gateway addresses. Multi-netting supports 16 IP addresses on the IP interface, up to 16 addresses can be assigned to a specific a virtual router instance. 7710 SR OS Router Configuration Guide Page 201...
Page 202: Message Interval And Master Inheritance
Skew Time = (((256 - priority) * Master_Adver_Interval) / 256) centiseconds The higher priority value, the smaller the skew time will be. This means that virtual routers with a lower priority will transition to master slower than virtual routers with higher priorities. Page 202 7710 SR OS Router Configuration Guide...
Page 203: Master Down Interval
If preempt disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router. 7710 SR OS Router Configuration Guide Page 203...
Page 204: Vrrp Message Authentication
 IP header destination IP address – Must be 224.0.0.18  IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops  IP header protocol field – must be 112 (decimal) Page 204 7710 SR OS Router Configuration Guide...
Page 205  Authentication data fields – Must be equal to the VRID configured simple text password Any VRRP message not meeting the type 0 verification checks with the exceptions above are silently discarded. 7710 SR OS Router Configuration Guide Page 205...
Page 206: Authentication Data
VRRP advertisement messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The 7710 SR OS implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 207: Inherit Master Vrrp Router's Advertisement Interval Timer
Policies can only be configured in the non-owner VRRP context. For non-owner virtual router instances, if policies are not configured, then the base priority is used as the in-use priority. 7710 SR OS Router Configuration Guide Page 207...
Page 208: Vrrp Priority Control Policies
The base priority is the starting priority for the VRRP instance. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy. Page 208 7710 SR OS Router Configuration Guide...
Page 209: Vrrp Priority Control Policy Delta In-Use Priority Limit
The allowed range of the Delta In-Use Priority Limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance. 7710 SR OS Router Configuration Guide Page 209...
Page 210: Vrrp Priority Control Policy Priority Events
This extends the amount of time that must expire before entering the cleared state. For an example of a hold-set timer setting, refer to LAG Degrade Priority Event on page 211. Page 210 7710 SR OS Router Configuration Guide...
Page 211: Port Down Priority Event
Table 5: LAG Events Time LAG Port State Parameter State Comments All ports down Event State Set - 8 ports down Event Threshold 6 ports down Hold Set Timer 5 seconds Set to hold-set parameter 7710 SR OS Router Configuration Guide Page 211...
Page 212 Event Threshold 2 ports down Hold Set Timer Expired Four ports down Event State Set - 2 ports down Event Threshold 4 ports down Hold Set Timer 5 seconds Set to hold-set parameter Page 212 7710 SR OS Router Configuration Guide...
Page 213 Event Threshold 2 ports down Hold Set Timer Expired Four ports down Event State Set - 2 ports down Event Threshold 4 ports down Hold Set Timer 5 seconds Set to hold-set parameter 7710 SR OS Router Configuration Guide Page 213...
Page 214: Host Unreachable Priority Event
The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next hop parameter can be defined. Page 214 7710 SR OS Router Configuration Guide...
Page 215 When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set. 7710 SR OS Router Configuration Guide Page 215...
Page 216: Vrrp Non-Owner Accessibility
Although the RFC states that only VRRP owners can respond to ping and other management- oriented protocols directed to the VRID IP addresses, 7710 SR OS allows an override of this restraint on a per VRRP virtual router instance basis.
Page 217: Non-Owner Access Ssh
IP address. SSH is applicable to IPv4 VRRP only. When non-owner access SSH is disabled on a virtual router instance, SSH sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. 7710 SR OS Router Configuration Guide Page 217...
Page 218: Vrrp Configuration Process Overview
SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) ENABLE Figure 12: VRRP Configuration and Implementation Flow Page 218 7710 SR OS Router Configuration Guide...
Page 219: Configuration Notes
The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list.  For IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance. 7710 SR OS Router Configuration Guide Page 219...
Page 220 Configuration Notes Page 220 7710 SR OS Router Configuration Guide...
Page 221: Configuring Vrrp With Cli
Modifying Service and Interface VRRP Parameters on page 236 • Modifying Non-Owner Parameters on page 236 • Modifying Owner Parameters on page 236 • Deleting VRRP on an Interface or Service on page 236 7710 SR OS Router Configuration Guide Page 221...
Page 222: Vrrp Configuration Overview
The service customer account must be created prior to configuring an IES or VPRN VRRP instance. • The interface address must be specified in the both the owner and non-owner IES, VPRN or router interface instances. Page 222 7710 SR OS Router Configuration Guide...
Page 223: Basic Vrrp Configurations
100 delta exit port-down 1/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta protocol bgp exit exit ---------------------------------------------- 7710 SR OS Router Configuration Guide Page 223...
Page 224: Vrrp Ies Service Parameters
10.10.36.2 authentication-type password authentication-key "testabc" exit exit interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 224 7710 SR OS Router Configuration Guide...
Page 225: Configure Vrrp For Ipv6
FD10:D68F:1:221::FFFD/64 link-local-address FE80::D68F:1:221:FFFD preferred vrrp 219 backup FE80::D68F:1:221:FFFF priority 254 ping-reply exit exit sap ccag-1.a:921 create description "cross connect to VPLS 921" exit exit no shutdown ---------------------------------------------- *A:nlt7750-3>config>service>ies# 7710 SR OS Router Configuration Guide Page 225...
Page 226: Vrrp Router Interface Parameters
"system" address 10.10.0.4/32 exit interface "test1" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 226 7710 SR OS Router Configuration Guide...
Page 227: Common Configuration Tasks
In addition to the common parameters, the following non-owner commands can be configured: • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply (IPv4 only) • [no] shutdown 7710 SR OS Router Configuration Guide Page 227...
Page 228: Creating Interface Parameters
A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA" address 123.123.123.123/24 exit interface "testB" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# Page 228 7710 SR OS Router Configuration Guide...
Page 229: Configuring Vrrp Policy Components
The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# 7710 SR OS Router Configuration Guide Page 229...
Page 230: Configuring Service Vrrp Parameters
The following displays a basic non-owner VRRP configuration example: A:SR2>config>service>ies# info ---------------------------------------------- interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 230 7710 SR OS Router Configuration Guide...
Page 231: Owner Service Vrrp
The following displays the owner VRRP configuration example: A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# 7710 SR OS Router Configuration Guide Page 231...
Page 232: Configuring Router Interface Vrrp Parameters
A:SR2>config># info #------------------------------------------ interface "if-test" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply telnet-reply authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config># Page 232 7710 SR OS Router Configuration Guide...
Page 233: Router Interface Vrrp Owner
Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# 7710 SR OS Router Configuration Guide Page 233...
Page 234: Vrrp Configuration Management Tasks
The following example displays the modified VRRP policy configuration: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit port-down 1/1/3 priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# Page 234 7710 SR OS Router Configuration Guide...
Page 235: Deleting A Vrrp Policy
Applied applied to an entity. A:SR2# =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- 200 Explicit None None None None =============================================================================== A:SR2# 7710 SR OS Router Configuration Guide Page 235...
Page 236: Modifying Service And Interface Vrrp Parameters
The following example displays the command usage to delete a VRRP instance from an interface or IES service: Example: config>service#ies 10 config>service>ies# interface “test” config>service>ies>if# vrrp 1 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all Page 236 7710 SR OS Router Configuration Guide...
Page 237: Vrrp Command Reference
Router Interface IPv6 Commands on page 239 • Router Interface IPv6 VRRP Commands on page 240 • VRRP Priority Control Event Policy Commands on page 241 • Show Commands on page 242 • Clear Commands on page 242 7710 SR OS Router Configuration Guide Page 237...
Page 238 — [no] traceroute-reply * Note that VRRP commands are applicable to router interfaces, IES interfaces and VPRN. The authentication-key, authentication-type, bfd-enable, and ssh-reply commands are applicable only to IPv4 contexts, not IPv6. Page 238 7710 SR OS Router Configuration Guide...
Page 239 — no unreachables — link-local-address ipv6-address [preferred] — no link-local-address — [no] local-proxy-nd — neighbor ipv6-address [mac-address] — no neighbor ipv6-address — proxy-nd-policy policy-name [ policy-name...(up to 5 max)] — no proxy-nd-policy 7710 SR OS Router Configuration Guide Page 239...
Page 240 — no message-interval — [no] ping-reply — policy vrrp-policy-id — no policy — [no] preempt — priority priority — no priority — [no] shutdown — [no] standby-forwarding — [no] telnet-reply — [no] traceroute-reply Page 240 7710 SR OS Router Configuration Guide...
Page 241 — [no] next-hop ip-address — priority priority-level [delta | explicit] — no priority — protocol protocol — no protocol[protocol] — [no] protocol — [no] protocol bgp -vpn — [no] protocol ospf 7710 SR OS Router Configuration Guide Page 241...
Page 242 — no events — no events interface ip-int-name [vrid virtual-router-id] — no events interface ip-int-name vrid virtual-router-id ipv6 — packets — packets interface ip-int-name [vrid virtual-router-id] Page 242 7710 SR OS Router Configuration Guide...
Page 243 VRRP — packets interface ip-int-name vrid virtual-router-id ipv6 — no packets — no packets interface ip-int-name [vrid virtual-router-id] — no packets interface ip-int-name vrid virtual-router-id ipv6 7710 SR OS Router Configuration Guide Page 243...
Page 244 VRRP Command Reference Page 244 7710 SR OS Router Configuration Guide...
Page 245: Configuration Commands
— The authentication key. Allowed values are any string up to 8 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 245...
Page 246 IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. Page 246 7710 SR OS Router Configuration Guide...
Page 247 Parent IP addresses: 10.10.10.10/24 11.11.11.11/24 Virtual router IP addresses: 10.10.10.11 Invalid (not equal to parent IP address) 10.10.10.10 Associated (same as parent IP address 10.10.10.10) 10.10.11.11 Invalid (not equal to parent IP address) 7710 SR OS Router Configuration Guide Page 247...
Page 248 IP interface IP address is attempted and fails. All virtual router IP addresses associated with the parental IP interface IP address must be deleted prior Page 248 7710 SR OS Router Configuration Guide...
Page 249 A single virtual router instance may only have a single virtual router IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. 7710 SR OS Router Configuration Guide Page 249...
Page 250 IP interface assigned IP addresses. The virtual router IP address must be a valid IP address within one of Page 250 7710 SR OS Router Configuration Guide...
Page 251 IP address must be in the same subnet of the parental IP interface IP address or equal to one of the the parent interface addresses for owner virtual router instances. Values ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x::d.d.d.d x: [0..FFFF]H d: [0..255]D 7710 SR OS Router Configuration Guide Page 251...
Page 252 Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command configures a VRRP initialization delay timer. Parameters seconds — Specifies the initialization delay timer for VRRP, in seconds. Values 1 — 65535 Page 252 7710 SR OS Router Configuration Guide...
Page 253 The master-int-inherit command has no effect when the virtual router instance is operating as master. 7710 SR OS Router Configuration Guide Page 253...
Page 254 The skew time portion is used to slow down virtual routers with relatively low priority values when competing in the master election process. The command is available in both non-owner and owner vrrp nodal contexts. Page 254 7710 SR OS Router Configuration Guide...
Page 255 — No VRRP priority control policy is associated with the virtual router instance. Parameters policy-id — The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp- policy-id must already exist for the command to function. Values 1 — 9999 7710 SR OS Router Configuration Guide Page 255...
Page 256 Syntax priority base-priority no priority Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command configures the base router priority for the virtual router instance used in the master election process. Page 256 7710 SR OS Router Configuration Guide...
Page 257 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. 7710 SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
Page 258 Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Page 258 7710 SR OS Router Configuration Guide...
Page 259 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. This limitation can be disregarded for certain applications. Ping, SSH and Telnet can each be individually enabled or disabled on a per-virtual-router-instance basis. 7710 SR OS Router Configuration Guide Page 259...
Page 260 The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router. Page 260 7710 SR OS Router Configuration Guide...
Page 261 IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot 7710 SR OS Router Configuration Guide Page 261...
Page 262 Interface Configuration Commands have the owner parameter removed. The vrid must be deleted and than recreated without the owner keyword to remove ownership. Page 262 7710 SR OS Router Configuration Guide...
Page 263: Priority Policy Commands
Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base- priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. Values 1 — 254 7710 SR OS Router Configuration Guide Page 263...
Page 264 The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail. Default none Page 264 7710 SR OS Router Configuration Guide...
Page 265 A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance. Up to 32 priority control events can be configured within the priority-event node. The no form of the command clears any configured priority events. 7710 SR OS Router Configuration Guide Page 265...
Page 266: Priority Policy Event Commands
It is possible, on some event types, to have another set action reload the hold-set timer. This extends the amount of time that must expire before entering the cleared state. Page 266 7710 SR OS Router Configuration Guide...
Page 267 If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, thus, there is no impact on the in-use priority. The no form of the command reverts to the default values. 7710 SR OS Router Configuration Guide Page 267...
Page 268 The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy. Default delta Values delta, explicit Page 268 7710 SR OS Router Configuration Guide...
Page 269: Priority Policy Port Down Event Commands
The events hold-set timer has no effect on the removal procedure. Default no port-down — No port down priority control events are defined. Parameters port-id — The port ID of the port monitored by the VRRP priority control event. 7710 SR OS Router Configuration Guide Page 269...
Page 270 If the port is not provisioned, the event operational state is Set – non-provisioned. If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port. Page 270 7710 SR OS Router Configuration Guide...
Page 271: Priority Policy Lag Events Commands
If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7710 SR OS Router Configuration Guide Page 271...
Page 272 A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold. Page 272 7710 SR OS Router Configuration Guide...
Page 273 LAG equals or exceeds number-of- lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. Values 1 — 8 7710 SR OS Router Configuration Guide Page 273...
Page 274: Priority Policy Host Unreachable Event Commands
If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared. Multiple unique (different ip-address) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events. Page 274 7710 SR OS Router Configuration Guide...
Page 275 If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7710 SR OS Router Configuration Guide Page 275...
Page 276 The no form of the command reverts to the default value. Default Parameters seconds — The number of seconds between the ICMP echo request messages sent to the host IP address for the host unreachable priority event. Values 1 — 60 Page 276 7710 SR OS Router Configuration Guide...
Page 277 — The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded. Values 1 — 60 7710 SR OS Router Configuration Guide Page 277...
Page 278: Priority Policy Route Unknown Event Commands
The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information. Page 278 7710 SR OS Router Configuration Guide...
Page 279 — This parameter defines BGP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp parameter, 7710 SR OS Router Configuration Guide Page 279...
Page 280 If the route prefix is removed, becomes inactive or fails to meet the event criteria, the event is in the set state. The command creates a route-unknown node identified by prefix/mask-length and containing event control commands. Page 280 7710 SR OS Router Configuration Guide...
Page 281 The no form of the command is used to remove the specific prefix/mask-length monitoring event. The event can be removed at anytime. When the event is removed, the in-use priority of all associated 7710 SR OS Router Configuration Guide Page 281...
Page 282 Values ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0) mask 0 — 32 ipv6-address/prefix: ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H prefix-length 1 — 128 Page 282 7710 SR OS Router Configuration Guide...
Page 283: Show Commands
Down — Indicates that the administrative state of the VRRP instance is down. Up — Indicates that the operational state of the VRRP instance is up. Down — Indicates that the operational state of the VRRP instance is down. 7710 SR OS Router Configuration Guide Page 283...
Page 284 VRRP master with a lower priority. No — The preempt mode is disabled and prevents the non-owner vir- tual router instance from preempting another, less desirable virtual router. Page 284 7710 SR OS Router Configuration Guide...
Page 285 The date and time when operational state of the virtual router changed to master. For a backup virtual router, this value specifies the date and time when it received the first VRRP advertisement message from the virtual router which is the current master. 7710 SR OS Router Configuration Guide Page 285...
Page 286 Become Master Master Changes Adv Sent : 103 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Page 286 7710 SR OS Router Configuration Guide...
Page 287 : 23 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors 7710 SR OS Router Configuration Guide Page 287...
Page 288 When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the cur- rent explicit priorities will be used as the in-use priority for the virtual router. Page 288 7710 SR OS Router Configuration Guide...
Page 289 If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation. 7710 SR OS Router Configuration Guide Page 289...
Page 290 Event Type & ID Event Oper State Hold Set Priority In Remaining &Effect ------------------------------------------------------------------------------- Host Unreach 10.10.200.252 Expired 20 Del Host Unreach 10.10.200.253 Expired 10 Del Route Unknown 10.10.100.0/24 Expired 1 Exp =============================================================================== A:ALA-A# Page 290 7710 SR OS Router Configuration Guide...
Page 291 Down — Indicates that the operational state of the VRRP instance is down. Base Pri The base priority used by the virtual router instance. InUse Priority The current in-use priority associated with the VRRP virtual router instance. 7710 SR OS Router Configuration Guide Page 291...
Page 292 Value In Use Yes — The event is currently affecting the in-use priority of some virtual router. Page 292 7710 SR OS Router Configuration Guide...
Page 293 Priority Control Event Host Unreachable 10.10.200.252 ------------------------------------------------------------------------------- Priority : 20 Priority Effect : Delta Interval : 1 sec Timeout : 1 sec Drop Count Hold Set Config : 0 sec Hold Set Remaining: Expired 7710 SR OS Router Configuration Guide Page 293...
Page 294: Table 6: Show Vrrp Statistics Output
Table 6: Show VRRP Statistics Output Label Description Displays the number of virtual router ID errors. VR Id Errors Displays the number of version errors. Version Errors Displays the number of checksum errors. Checksum Errors Page 294 7710 SR OS Router Configuration Guide...
Page 295 VRRP Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# 7710 SR OS Router Configuration Guide Page 295...
Page 296: Monitor Commands
Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Total Discards =============================================================================== Page 296 7710 SR OS Router Configuration Guide...
Page 297 Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors Auth Failures Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 =============================================================================== *A:ALA-A# 7710 SR OS Router Configuration Guide Page 297...
Page 298: Clear Commands
This command clears statistics for VRRP instances on an IP interface or VRRP priority control poli- cies. Parameters interface ip-int-name — Clears the VRRP statistics for all VRRP instances on the specified IP inter- face. Page 298 7710 SR OS Router Configuration Guide...
Page 299 [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. Default All VRRP policies. Values 1 — 9999 ipv6 — Clears IPv6 statistics for the specified interface. 7710 SR OS Router Configuration Guide Page 299...
Page 300: Vrrp Debug Commands
Description This command enables debugging for VRRP packets. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id — Displays the specified VRID. Page 300 7710 SR OS Router Configuration Guide...
Page 301: Filter Policies
Filter Policy Entities on page 303  Redirect Policies on page 305  VID Filters on page 346 • Creating and Applying Policies on page 308 • Configuration Notes on page 319 7710 SR OS Router Configuration Guide Page 301...
Page 302: Filter Policy Configuration Overview
The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria. Page 302 7710 SR OS Router Configuration Guide...
Page 303: Filter Policy Entities
VLL SAP, spoke SDP VLL SAP, spoke SDP IES interface SAP, IES interface SAP, subscriber-interface subscriber-interface Ipipe SAP, spoke SDP VPLS mesh/spoke SDP, SAP VPLS mesh/spoke SDP, SAP VPLS mesh/spoke SDP, SAP 7710 SR OS Router Configuration Guide Page 303...
Page 304 • IES interfaces • Network ingress — IP filter policies are applied to network ingress IP interfaces. • Network egress — IP filter policies are applied to network egress IP interfaces. Page 304 7710 SR OS Router Configuration Guide...
Page 305: Redirect Policies
IP address as an indirect next hop Policy Based Route (PBR) action. 7710 SR OS Router Configuration Guide Page 305...
Page 306: Web Redirection (Captive Portal)
5. The customer’s web browser will then close the original connection and open a new connec- tion to the web portal. 6. The web portal updates the ACL (directly or through SSC) to remove the redirection policy. 7. The customer connects to the original site. Page 306 7710 SR OS Router Configuration Guide...
Page 307: Figure 13: Web Redirect Traffic Flow
Customer’s subscriber identification string Note that the subscriber identification string is available only when used with subscriber management. Refer to the subscriber management section of the 7710 SR OS Triple Play Guide and the 7710 SR OS Router Configuration Guide.
Page 308: Creating And Applying Policies
ASSOCIATE FILTER ID TO SAP SAVE CONFIGURATION Figure 14: Filter Creation and Implementation Flow Figure 15 displays the process to create filter policies and apply them to a service or network port. Page 308 7710 SR OS Router Configuration Guide...
Page 309: Figure 15: Creating And Applying Filter Policies
CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE SELECT NETWORK PORT OR IP INTERFACE ASSOCIATE FILTER ID SAVE CONFIGURATION Figure 15: Creating and Applying Filter Policies 7710 SR OS Router Configuration Guide Page 309...
Page 310: Packet Matching Criteria
ICMP code — Entering an ICMP code allows the filter to search for matching ICMP code in the ICMP header. • ICMP type — Entering an ICMP type allows the filter to search for matching ICMP types in the ICMP header. Page 310 7710 SR OS Router Configuration Guide...
Page 311 Specifying an Ethernet 802.2 LLC DSAP value allows the filter to match a destination access point on the network node designated in the destination field of a packet. The DSAP and mask accepts decimal, hex, and binary in the range of 0 to 255. 7710 SR OS Router Configuration Guide Page 311...
Page 312 PID allows the filter to match the two-byte IEEE 802.3 LLC SNAP protocol ID that follows the three-byte OUI field. The DSAP and mask accepts decimal and hex in the range of 0 to 65535. Page 312 7710 SR OS Router Configuration Guide...
Page 313: Table 8: Dscp Name To Dscp Value Table
Table 8: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 7710 SR OS Router Configuration Guide Page 313...
Page 314 DSCP Value DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 Page 314 7710 SR OS Router Configuration Guide...
Page 315: Table 9: Ip Option Values
Experimental Access Control [Estrin] IMITD IMI Traffic Descriptor Extended Internet Protocol ADDEXT Address Extension RTRALT Router alert Selective directed broadcast NSAPA NSAP addresses Dynamic packet state Upstream multicast packet FINN Experimental flow control 7710 SR OS Router Configuration Guide Page 315...
Page 316: Ordering Filter Entries
If a packet does not completely match, the packet continues to the next entry, and then subsequent entries. • If a packet does not completely match any subsequent entries, then the default action is performed. Page 316 7710 SR OS Router Configuration Guide...
Page 317: Figure 16: Filtering Process Example
Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 16: Filtering Process Example 7710 SR OS Router Configuration Guide Page 317...
Page 318: Applying Filters
If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are discarded or forwarded based on the default action specified in the policy. Page 318 7710 SR OS Router Configuration Guide...
Page 319: Configuration Notes
Ethernet frame. Use the following table to determine the exclusivity of fields. Table 10: MAC Match Criteria Exclusivity Rules Frame Format Etype LLC – Header SNAP-OUI SNAP- PID (ssap & dsap) Ethernet – II 802.3 802.3 – snap 7710 SR OS Router Configuration Guide Page 319...
Page 320: Ip Filters
Upon activation of a summary, a mini-table with src/dst-address and count is created for each type (IP/IPv6/MAC). • Every received log packet (due to filter hit) is examined for source or destination address. If the log packet (source/destination address) matches a source/destination address entry in Page 320 7710 SR OS Router Configuration Guide...
Page 321 In case the mini-table has no more free entries, only total counter is incremented. • At expiry of the summarization interval, the mini-table for each type is flushed to the syslog destination. 7710 SR OS Router Configuration Guide Page 321...
Page 322 Configuration Notes Page 322 7710 SR OS Router Configuration Guide...
Page 323: Configuring Filter Policies With Cli
 Modifying an IP Filter Policy on page 349  Deleting a Filter Policy on page 353  Deleting a Filter Policy on page 353  Copying Filter Policies on page 359 7710 SR OS Router Configuration Guide Page 323...
Page 324: Basic Configuration
20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 17: Applying an IP Filter to an Ingress Interface Page 324 7710 SR OS Router Configuration Guide...
Page 325: Common Configuration Tasks
At least one filter entry with matching criteria specified IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 325...
Page 326: Ip Filter Entry
[time-range time-range-name] [create] description description-string The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match exit no action exit exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 326 7710 SR OS Router Configuration Guide...
Page 327 20 create match protocol tcp dst-ip 100.0.0.2/32 dst-port eq 80 exit action forward exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 327...
Page 328 The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 328 7710 SR OS Router Configuration Guide...
Page 329: Ip Entry Matching Criteria
The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward redirect-policy redirect2 exit ---------------------------------------------- *A:ALA-48>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 329...
Page 330: Creating An Ipv6 Filter Policy
Use the following CLI syntax to create an IPv6 filter policy: The following displays an IPv6 filter policy configuration example: A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "New IPv6 filter info" scope exclusive exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# tree detail Page 330 7710 SR OS Router Configuration Guide...
Page 331: Ipv6 Filter Entry
The following displays an IPv6 filter entry configuration example. A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "New IPv6 filter info" scope exclusive entry 1 create match dst-ip 11::12/128 src-ip 13::14/128 exit action drop exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# 7710 SR OS Router Configuration Guide Page 331...
Page 332: Creating A Mac Filter Policy
At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 332 7710 SR OS Router Configuration Guide...
Page 333: Creating An Isid Filter
"filter-wan-man" scope template type isid entry 1 create description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids" match isid 150 exit action forward exit 7710 SR OS Router Configuration Guide Page 333...
Page 334 1 create match frame-type ethernet_II ouiter-tag 85 4095 exit action drop exit entry 2 create match frame-type ethernet_II ouiter-tag 43 4095 exit action drop exit ---------------------------------------------- A:TOP_NODE>config>filter>mac-filter# Page 334 7710 SR OS Router Configuration Guide...
Page 335: Mac Filter Entry
• Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 7710 SR OS Router Configuration Guide Page 335...
Page 336: Mac Entry Matching Criteria
The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# Page 336 7710 SR OS Router Configuration Guide...
Page 337: Creating Filter Log Policies
Filter Policies Creating Filter Log Policies The following displays a filter matching configuration example. A:ALA-48>config>filter>log# info detail --------------------------------------------- description "Test filter log." destination memory 1000 wrap-around no shutdown --------------------------------------------- A:ALA-48>config>filter>log# 7710 SR OS Router Configuration Guide Page 337...
Page 338: Applying Filter Policies
| mac-filter-id} ip-filter-id The following output displays IP and MAC filters assigned to an ingress and egress SAP and spoke SDP: A:ALA-48>config>service>epipe# info ---------------------------------------------- sap 1/1/1.1.1 create ingress filter ip 10 exit Page 338 7710 SR OS Router Configuration Guide...
Page 339 Filter Policies egress filter mac 92 exit exit spoke-sdp 8:8 create ingress filter ip 10 exit egress filter mac 91 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7710 SR OS Router Configuration Guide Page 339...
Page 340: Apply An Ipv6 Filter Policy To An Ies Sap
The following output displays the IPv6 filters assigned to an IES service interface: A:ALA-48>config>service>ies# info ---------------------------------------------- interface "testA" create address 192.22.1.1/24 sap 1/1/3:0 create exit ipv6 ingress filter ipv6 100 egress filter ipv6 100 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# Page 340 7710 SR OS Router Configuration Guide...
Page 341: Apply Filter Policies To A Network Port
The following displays an IP filter applied to an interface at ingress. A:ALA-48>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "to-104" address 10.0.0.103/24 port 1/1/1 ingress filter ip 10 exit egress filter ip 10 exit exit #------------------------------------------ A:ALA-48>config>router# 7710 SR OS Router Configuration Guide Page 341...
Page 342: Apply An Ipv6 Interface
The following displays IPv6 filters applied to an interface at ingress and egress. A:config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 filter ipv6 1 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:config>router>if# Page 342 7710 SR OS Router Configuration Guide...
Page 343: Creating A Redirect Policy
95 ping-test timeout 30 drop-count 5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_106" url "http://aww.alcatel.com/ipd/" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 343...
Page 344: Configuring Policy-Based Forwarding For Deep Packet Inspection In Vpls
SAP 1/1/23:5 (which it should not). Figure shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service. For information about configuring services, refer to the 7710 SR OS Services Guide. DPI Box...
Page 345 The following displays a MAC filter configuration example: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1 exit exit ---------------------------------------------- *A:ALA-48>config>filter# 7710 SR OS Router Configuration Guide Page 345...
Page 346 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# Page 346 7710 SR OS Router Configuration Guide...
Page 347: Filter Management Tasks
Use the following CLI syntax to renumber existing MAC or IP filter entries to re-sequence filter entries: CLI Syntax: config>filter ip-filter filter-id renum old-entry-number new-entry-number mac-filter filter-id renum old-entry-number new-entry-number Example config>filter>ip-filter# renum 10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 7710 SR OS Router Configuration Guide Page 347...
Page 348 40 create exit match entry 30 create dst-ip 10.10.10.91/24 match src-ip 10.10.10.106/24 dst-ip 10.10.10.91/24 exit src-ip 10.10.0.200/24 action drop exit exit action forward exit exit exit ---------------------------------------------- A:ALA-7>config>filter# ---------------------------------------------- A:ALA-7>config>filter# Page 348 7710 SR OS Router Configuration Guide...
Page 349: Modifying An Ip Filter Policy
10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match 7710 SR OS Router Configuration Guide Page 349...
Page 350 Filter Management Tasks dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 350 7710 SR OS Router Configuration Guide...
Page 351: Modifying An Ipv6 Filter Policy
The following output displays the modified IPv6 filter output: A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "IPv6 filter for Customer 1" scope exclusive entry 1 create description "Fwds matching packets" match dst-ip 11::12/128 src-ip 13::14/128 exit action forward exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# 7710 SR OS Router Configuration Guide Page 351...
Page 352: Modifying A Mac Filter Policy
1 create description "New entry info" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action forward exit entry 2 create match dot1p 7 7 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 352 7710 SR OS Router Configuration Guide...
Page 353: Deleting A Filter Policy
To remove a filter from an egress SAP, enter the following CLI commands: CLI Syntax: config>service# [epipe | ies | vpls] service-id sap port-id[:encap-val] egress no filter Example config>service# epipe 5 config>service>epipe# sap 1/1/2:3 config>service>epipe>sap# egress config>service>epipe>sap>egress# no filter 7710 SR OS Router Configuration Guide Page 353...
Page 354: From A Network Interface
A:ALA-49>config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router>if# CLI Syntax: config>router>if# egress no filter ip 2 A:ALA-49>config>router>if# info Page 354 7710 SR OS Router Configuration Guide...
Page 355 CLI Syntax: config>router>if# ingress no filter ipv6 1 A:ALA-49>config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 exit egress filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router>if# CLI Syntax: config>router>if# ingress no filter A:ALA-49>config>router>if# ---------------------------------------------- port 1/1/1 7710 SR OS Router Configuration Guide Page 355...
Page 356: From The Filter Configuration
After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id CLI Syntax: config>filter# no ipv6-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter config>filter# no ipv6-filter 100 Page 356 7710 SR OS Router Configuration Guide...
Page 357: Modifying A Redirect Policy
5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_Proxy" url "http://www.alcatel.com" interval 10 timeout 10 return-code 1 4294967295 raise-priority 255 exit no shutdown exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 357...
Page 358: Deleting A Redirect Policy
A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "This is new" scope exclusive entry 1 create filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action forward redirect-policy redirect2 exit entry 2 create description "new entry" ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 358 7710 SR OS Router Configuration Guide...
Page 359: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 359...
Page 360 Filter Management Tasks Page 360 7710 SR OS Router Configuration Guide...
Page 361: Filter Command Reference
— no summary-crit — [no] wrap-around DHCP Filter Policy Commands config — filter — dhcp-filter filter-id [create] — no dhcp-filter filter-id — description description-string — no description — entry entry-id [create] 7710 SR OS Router Configuration Guide Page 361...
Page 362 — no dst-port — fragment {true | false} — no fragment — icmp-code icmp-code — no icmp-code — icmp-type icmp-type — no icmp-type — ip-option ip-option-value [ip-option-mask] — no ip-option Page 362 7710 SR OS Router Configuration Guide...
Page 363 — src-port {lt | gt | eq} src-port-number — src-port range start end} — no src-port — tcp-ack {true | false} — no tcp-ack — tcp-syn {true | false} — no tcp-syn 7710 SR OS Router Configuration Guide Page 363...
Page 364 Filter Command Reference — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope Page 364 7710 SR OS Router Configuration Guide...
Page 365 — no snap-pid — ssap ssap-value [ssap-mask] — no ssap — src-mac ieee-address [ieee-address-mask] — no src-mac — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope — type filter-type 7710 SR OS Router Configuration Guide Page 365...
Page 366 — no interval — return-code return-code-1 [return-code-2] [disable | lower- priority priority | raise-priority priority] — no return-code return-code-1 [return-code-2] — timeout seconds — no timeout — url-string [http-version version-string] — no Page 366 7710 SR OS Router Configuration Guide...
Page 367 [interval seconds] [repeat repeat] [absolute | rate] — filter ipv6 ipv6-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter mac mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] 7710 SR OS Router Configuration Guide Page 367...
Page 368 Filter Command Reference Page 368 7710 SR OS Router Configuration Guide...
Page 369: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 369...
Page 370: Global Filter Commands
— Specifies the IP filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. Page 370 7710 SR OS Router Configuration Guide...
Page 371 — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. redirect-policy Syntax [no] redirect-policy redirect-policy-name Context config>filter 7710 SR OS Router Configuration Guide Page 371...
Page 372 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured. Page 372 7710 SR OS Router Configuration Guide...
Page 373: Dhcp Filter Commands
— The option must (partially) match a specified ASCII string. Values Up to 127 characters exact — This option requires an exact match of a hex or ascii string. invert-match — Requires the option not to (partially) match. 7710 SR OS Router Configuration Guide Page 373...
Page 374 Configuration Commands Page 374 7710 SR OS Router Configuration Guide...
Page 375: Filter Log Destination Commands
1000 entries. The number of entries and wrap-around behavior can be edited. Default log 101 Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7710 SR OS Router Configuration Guide Page 375...
Page 376 Log packets received during the reconfiguration time will be handled as if summary was not active. The no form of the command reverts to the default parameter. Page 376 7710 SR OS Router Configuration Guide...
Page 377 The no form of the command configures the memory filter log to accept filter log entries until full. When the memory filter log is full, filter logging for the log filter ID ceases. Default wrap-around 7710 SR OS Router Configuration Guide Page 377...
Page 378: Filter Policy Commands
If the policy is removed from the entity, it will become available for assignment to another entity. template — When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or network ports. Page 378 7710 SR OS Router Configuration Guide...
Page 379 — Regular match criteria are allowed; ISID match not allowed. isid — Only ISID match criteria are allowed. vid — Configures the VID filter type used to match on ethernet_II frame types. This allows matching VLAN tags for explicit filtering. 7710 SR OS Router Configuration Guide Page 379...
Page 380: General Filter Entry Commands
32 characters in length. The time-range name must already exist in the config>cron context. create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. Page 380 7710 SR OS Router Configuration Guide...
Page 381 The no form of the command disables logging for the filter entry. Default no log Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7710 SR OS Router Configuration Guide Page 381...
Page 382: Ip Filter Entry Commands
This parameter is only valid for unnumbered point-to-point interfaces. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. redirect policy-name — Specifies the redirect policy configured in the config>filter>redirect- policy context. Page 382 7710 SR OS Router Configuration Guide...
Page 383 If the cflowd is either not enabled or set to cflowd interface mode, this command is ignored. The no form removes this command for the system configuration, disallowing the sampling of packets if the ingress interface is in cflowd acl mode. Default no filter-sample 7710 SR OS Router Configuration Guide Page 383...
Page 384 * — udp/tcp wildcard Page 384 7710 SR OS Router Configuration Guide...
Page 385 PNNI over IP Protocol Independent Multicast vrrp Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Spanning Tree Protocol Performance Transparency Protocol isis ISIS over IPv4 crtp Combat Radio Transport Protocol 7710 SR OS Router Configuration Guide Page 385...
Page 386 * — udp/tcp wildcard Page 386 7710 SR OS Router Configuration Guide...
Page 387: Mac Filter Entry Commands
0 — 4094 The SAP is identified by two 802.1Q tags on the port. qtag2: 0 — 4094 Note that a 0 qtag1 value also accepts untagged packets on the dot1q port. 7710 SR OS Router Configuration Guide Page 387...
Page 388 802dot2-llc — Specifies the frame type is Ethernet IEEE 802.2 LLC. 802dot2-snap — Specifies the frame type is Ethernet IEEE 802.2 SNAP. ethernet_II — Specifies the frame type is Ethernet Type II. Page 388 7710 SR OS Router Configuration Guide...
Page 389: Ip Filter Match Criteria
Values 0.0.0.0 — 255.255.255.255 mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 7710 SR OS Router Configuration Guide Page 389...
Page 390 — Specifies the operator to use relative to dst-port-number for specifying the port number match criteria. The eq keyword specifies that dst-port-number must be an exact match. Page 390 7710 SR OS Router Configuration Guide...
Page 391 The no form of the command removes the criterion from the match entry. Default no icmp-code Parameters icmp-code — The ICMP code values that must be present to match. Values 0 — 255 7710 SR OS Router Configuration Guide Page 391...
Page 392 (option number = 20), enter the option type of 148 (10010100). Values 0 — 255 ip-option-mask — This is optional and may be used when specifying a range of option numbers to use as the match criteria. Page 392 7710 SR OS Router Configuration Guide...
Page 393 — Specifies matching on all IP packets that contain the option field in the header. A match will occur for all packets that have the option field present. An option field of zero is considered as no option present. 7710 SR OS Router Configuration Guide Page 393...
Page 394 — The IP prefix for the IP match criterion in dotted decimal notation. Values x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x [0..FFFF]H d [0 — 255]D prefix-length — The IPv6 mask value for the IPv6 filter entry. Values 1 — 28 Page 394 7710 SR OS Router Configuration Guide...
Page 395 The no form of the command removes the criterion from the match entry. Default no tcp-ack Parameters true — Specifies matching on IP packets that have the ACK bit set in the control bits of the TCP header of an IP packet. 7710 SR OS Router Configuration Guide Page 395...
Page 396 — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header. false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 396 7710 SR OS Router Configuration Guide...
Page 397: Mac Filter Match Criteria
0bBBB 0b100 To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) 7710 SR OS Router Configuration Guide Page 397...
Page 398 This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default FF (hex) (exact match) Values 0x00 — 0xFF Page 398 7710 SR OS Router Configuration Guide...
Page 399 The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Table 10, MAC Match Criteria Exclusivity Rules, on page 319 describes fields 7710 SR OS Router Configuration Guide Page 399...
Page 400 — Specifies to match packets with the three-byte OUI field in the SNAP-ID set to zero. non-zero — Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero. Page 400 7710 SR OS Router Configuration Guide...
Page 401 — Enter the 48-bit IEEE mac address to be used as a match criterion. Values HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit ieee-address-mask — This 48-bit mask can be configured using: Format Style Format Syntax Example Decimal DDDDDDDDDDDDDD 281474959933440 Hexadecimal 0xHHHHHHHHHHHH 0x0FFFFF000000 7710 SR OS Router Configuration Guide Page 401...
Page 402 — This is optional and may be used when specifying a range of ssap values to use as the match criteria. This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default none Values 0x00 — 0xFF Page 402 7710 SR OS Router Configuration Guide...
Page 403: Policy And Entry Maintenance Commands
ID. If the destination filter ID exists, either overwrite must be specified or an error message will be returned. If overwrite is specified, the function of copying from source to destination occurs in a ‘break before make’ manner and therefore should be handled with care. 7710 SR OS Router Configuration Guide Page 403...
Page 404 Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 Page 404 7710 SR OS Router Configuration Guide...
Page 405: Redirect Policy Commands
This command specifies the number of consecutive requests that must fail for the destination to be declared unreachable. Default drop-count 3 hold-down 0 Parameters consecutive-failures — Specifies the number of consecutive ping test failures before declaring the destination down. Values 1 — 60 7710 SR OS Router Configuration Guide Page 405...
Page 406 — Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host. Values 1 — 60 priority Syntax priority priority no priority Context config>filter>destination Page 406 7710 SR OS Router Configuration Guide...
Page 407 This command specifies the criterion to adjust the priority based on the test result. Multiple criteria can be specified with the condition that they are not conflicting or overlap. If the returned value is 7710 SR OS Router Configuration Guide Page 407...
Page 408 For example, error code 401 for HTTP is “page not found.” If, while performing this test, the URL is not reachable, you can lower the priority by 10 points so that other means of reaching this destination are prioritized higher than the older one. Page 408 7710 SR OS Router Configuration Guide...
Page 409 This command specifies the URL to be probed by the URL test. Default none Parameters url-string — Specify a URL up to 255 characters in length. http-version version-string — Specifies the HTTP version, 80 characters in length. 7710 SR OS Router Configuration Guide Page 409...
Page 410 Configuration Commands Page 410 7710 SR OS Router Configuration Guide...
Page 411: Show Commands
— Displays information on the specified filter entry ID for the specified filter ID only. Values 1 — 65535 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output. 7710 SR OS Router Configuration Guide Page 411...
Page 412 *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total: =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- 10001 Template Yes fSpec-1 Template Yes BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Num IP filters: 2 =============================================================================== *A:Dut-C>config>filter# Page 412 7710 SR OS Router Configuration Guide...
Page 413 Fragments are not a matching criteria. All fragments and non- Off — fragments implicitly match. Specifies that traffic sampling is disabled. Sampling Off — Specifies that traffic matching the associated IP filter entry is On — sampled. 7710 SR OS Router Configuration Guide Page 413...
Page 414 The state of the TCP ACK flag is not considered as part of the Off — match criteria. as part of the match criteria. Egr. Matches The number of egress filter matches/hits for the filter entry. Page 414 7710 SR OS Router Configuration Guide...
Page 415 : Template Def. Action : Drop Radius Ins Pt: n/a CrCtl. Ins Pt: n/a Entries BGP Entries Description : (Not Specified) ------------------------------------------------------------------------------- Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry Description : (Not Specified) 7710 SR OS Router Configuration Guide Page 415...
Page 416 Show Filter (with time-range specified) — If a time-range is specified for a filter entry, the following is displayed. A:ALA-49# show filter ip =============================================================================== IP Filter =============================================================================== Filter Id : 10 Applied : No Scope : Template Def. Action : Drop Entries Page 416 7710 SR OS Router Configuration Guide...
Page 417 Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Forward Next Hop : 172.22.184.101 Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# 7710 SR OS Router Configuration Guide Page 417...
Page 418 The ICMP type match criterion. indicates no ICMP type ICMP Type Undefined specified. Configures a match on all non-fragmented IP packets. Fragment False — Configures a match on all fragmented IP packets. True — Page 418 7710 SR OS Router Configuration Guide...
Page 419 On — The option fields are not checked. Multiple Option Off — Packets containing one or more option fields in the IP header On — will be used as IP filter match criteria. 7710 SR OS Router Configuration Guide Page 419...
Page 420 Show Filter Associations (with TOD-suite specified) — If a filter is referred to in a TOD Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160 Applied : No Page 420 7710 SR OS Router Configuration Guide...
Page 421 Note that egress counters count the packets without Layer 2 encapsula- tion. Ingress counters count the packets with Layer 2 encapsulation. Sample Output *A:ALA-48# show filter ipv6 100 counters =============================================================================== IPv6 Filter =============================================================================== Filter Id : 100 Applied : No 7710 SR OS Router Configuration Guide Page 421...
Page 422 The filter policy is of type exclusive. Exclusive — The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — The IP filter policy description. Description Page 422 7710 SR OS Router Configuration Guide...
Page 423 The source IP address and mask match criterion. indicates 0.0.0.0/0 no criterion specified for the filter entry. The destination IP address and mask match criterion. indi- Dest. IP 0.0.0.0/0 cates no criterion specified for the filter entry. 7710 SR OS Router Configuration Guide Page 423...
Page 424 The destination TCP or UDP port number or port range. Dest. Port The DiffServ Code Point (DSCP) name. Dscp The ICMP code field in the ICMP header of an IP packet. ICMP Code Page 424 7710 SR OS Router Configuration Guide...
Page 425 : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-48# Output Show Filter Associations — The following table describes the fields that display when the associations keyword is specified. 7710 SR OS Router Configuration Guide Page 425...
Page 426 Configures a match on all fragmented IP packets. True — Fragments are not a matching criteria. All fragments and non- Off — fragments implicitly match. Sampling Specifies that traffic sampling is disabled. Off — Page 426 7710 SR OS Router Configuration Guide...
Page 427 IP filter match criteria. TCP-ack Configures a match on packets with the ACK flag set to False — false. Configured a match on packets with the ACK flag set to true. True — 7710 SR OS Router Configuration Guide Page 427...
Page 428 The filter policy is of type template. Scope Template — The filter policy is of type exclusive. Exclusive — The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — Page 428 7710 SR OS Router Configuration Guide...
Page 429 Ing. Matches : 160 pkts (14400 bytes) Egr. Matches : 80 pkts (6880 bytes) Entry : 10 Ing. Matches : 80 pkts (7200 bytes) Egr. Matches : 80 pkts (6880 bytes) ==================================================================================== A:ALA-48# 7710 SR OS Router Configuration Guide Page 429...
Page 430 The more fragments IP flag is set in the logged packet. Flags M — The do not fragment IP flag is set in the logged packet. (IP flags) DF — The TOS byte value in the logged packet. Page 430 7710 SR OS Router Configuration Guide...
Page 431 Summary criterion that is used as index into the mini-tables of the log. TotCnt The total count of logs. ArpCnt Displays the total number of ARP messages logged for this log ID. 7710 SR OS Router Configuration Guide Page 431...
Page 432 Note: A summary log will be printed only in case TotCnt is different from 0. Only the address types with at least 1 entry in the minitable will be printed. A:ALA-A>config# show filter log 190 =============================================================================== Summary Log[190] Crit1: SrcAddr TotCnt: 723 ArpCnt: 06-06-06-06-06-06 06-06-06-06-06-05 06-06-06-06-06-04 06-06-06-06-06-03 Page 432 7710 SR OS Router Configuration Guide...
Page 433 Values 1 — 65535 Output No Parameters Specified — When no parameters are specified, a brief listing of IP filters is produced. The following table describes the command output for the command. 7710 SR OS Router Configuration Guide Page 433...
Page 434 The destination MAC address and mask match criterion. When both the Dest MAC MAC address and mask are all zeroes, no criterion specified for the filter entry. Page 434 7710 SR OS Router Configuration Guide...
Page 435 : Forward Ing. Matches Egr. Matches Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : Ethernet 7710 SR OS Router Configuration Guide Page 435...
Page 436 =============================================================================== A:ALA-49# Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. Page 436 7710 SR OS Router Configuration Guide...
Page 437 Def. Action : Forward Entries Description : Description for Mac Filter Policy id # 8 ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts (5440 bytes) 7710 SR OS Router Configuration Guide Page 437...
Page 438 Specifies the amount of time in seconds that is allowed for receiving a response from the far-end host. If a reply is not received within this time the far-end host is considered unresponsive. Page 438 7710 SR OS Router Configuration Guide...
Page 439 Admin State : Up Oper State : Up SNMP Test : SNMP-1 Interval : 30 Timeout Drop Count : 30 Hold Down : 120 Hold Remain Last Action at : None Taken ------------------------------------------------------------------------------- 7710 SR OS Router Configuration Guide Page 439...
Page 440 URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2007 05:04:15 Action Taken : Disable Priority Change: 0 Return Code =============================================================================== ALA-A# Page 440 7710 SR OS Router Configuration Guide...
Page 441: Clear Commands
1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. 7710 SR OS Router Configuration Guide Page 441...
Page 442 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. Page 442 7710 SR OS Router Configuration Guide...
Page 443: Monitor Commands
— The IP filter policy ID. Values 1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be moniitored. Values 1 — 65535 7710 SR OS Router Configuration Guide Page 443...
Page 444 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. Page 444 7710 SR OS Router Configuration Guide...
Page 445: Cflowd
• Cflowd Overview on page 446  Operation on page 447  Cflowd Filter Matching on page 451 • Cflowd Configuration Process Overview on page 452 • Configuration Notes on page 453 7710 SR OS Router Configuration Guide Page 445...
Page 446: Cflowd Overview
Cflowd is not supported on the 7750 SR-1 chassis. Page 446 7710 SR OS Router Configuration Guide...
Page 447: Operation
6. If a flow has been active for a period of time equal to or greater than the active timer (default 30 minutes), then the entry is removed from the flow cache. 7710 SR OS Router Configuration Guide Page 447...
Page 448 V8 record format. Figure 20 depicts Version 5, Version 8, Version 9, and Version 10 flow processing. Page 448 7710 SR OS Router Configuration Guide...
Page 449: Figure 20: V5, V8, V9, V10, And Flow Processing
• When the user executes a clear cflowd command. • When other measures are met that apply to aggressively age flows as the cache becomes too full (such as overflow percent). 7710 SR OS Router Configuration Guide Page 449...
Page 450: Version 9
IPv4, IPv6, and MPLS. Version 10 is interoperable with RFC 5150 and 5102. Page 450 7710 SR OS Router Configuration Guide...
Page 451: Cflowd Filter Matching
Subsequent packets in the same flow are then forwarded without needing to be matched against the complete set of filters. Specific performance varies depending on the number and complexity of the filters. 7710 SR OS Router Configuration Guide Page 451...
Page 452: Cflowd Configuration Process Overview
Cflowd ACL, where IP filters must be created with entries containing the action filter- sampled. In this mode only traffic matching these filter entries will be subject to the cflowd sampling process. Page 452 7710 SR OS Router Configuration Guide...
Page 453: Configuration Notes
A cflowd option must be specified and enabled on a router interface. • Sampling must be enabled on either:  An IP filter which is applied to a port or service.  An interface on a port or service. 7710 SR OS Router Configuration Guide Page 453...
Page 454 Configuration Notes Page 454 7710 SR OS Router Configuration Guide...
Page 455: Configuring Cflowd With Cli
Specifying Sampling Options in Filter Entries on page 472 • Cflowd Configuration Management Tasks on page 475  Modifying Global Cflowd Components on page 475  Modifying Cflowd Collector Parameters on page 476 7710 SR OS Router Configuration Guide Page 455...
Page 456: Cflowd Configuration Overview
Cflowd Configuration Overview Cflowd Configuration Overview The 7710 SR OS implementation of cflowd supports the option to analyze traffic flow. The imple- mentation also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed.
Page 457: Collectors
• MPLS labels The 7710 SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all IP packets forwarded by the inter- face are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis.
Page 458 Source-destination prefix — Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress interface and egress interface. • Raw — Flows are not aggregated and are sent to the collector in a V5 record. Page 458 7710 SR OS Router Configuration Guide...
Page 459: Basic Cflowd Configuration
A:ALA-1>config>cflowd# info detail ---------------------------------------------- active-timeout 30 cache-size 65536inactive-timeout 15 overflow 1 rate 1000 collector 10.10.10.103:2055 version 9 no aggregation autonomous-system-type origin description "V9 collector" no shutdown exit template-retransmit 330 exit no shutdown ---------------------------------------------- A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 459...
Page 460: Common Configuration Tasks
Global Cflowd Components The components common (global) to all instances of cflowd include the following parameters: • Active timeout • Inactive timeout • Cache size • Overflow • Rate • Template retransmit Page 460 7710 SR OS Router Configuration Guide...
Page 461: Configuring Cflowd
{version [5 | 8 | 9 |10]} aggregation as-matrix destination-prefix protocol-port source-destination-prefix source-prefix template-set {basic | mpls-ip} autonomous-system-type [origin | peer] description description-string no shutdown no shutdown 7710 SR OS Router Configuration Guide Page 461...
Page 462: Enabling Cflowd
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured. A:ALA-1>config# info detail #------------------------------------------ echo "Cflowd Configuration" #------------------------------------------ cflowd active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 template-retransmit 600 no shutdown exit #------------------------------------------ A:ALA-1>config# Page 462 7710 SR OS Router Configuration Guide...
Page 463: Configuring Global Cflowd Parameters
The following example displays a common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 463...
Page 464: Configuring Cflowd Collectors
"AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation protocol-port source-destination-prefix exit autonomous-system-type peer description "Neighbor collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Version 9 Collector example: collector 10.10.10.9:2000 version 9 description "v9collector" template-set mpls-ip no shutdown Page 464 7710 SR OS Router Configuration Guide...
Page 465: Table 12: Template-Set
IP version (60) ICMP Type & Code (32) BGP Source ASN (16) BGP Dest ASN (17) Source IPv4 Prefix Length (9) Dest IPv4 Prefix Length (13) MPLS-IPv4 Template: IPv4 Src Addr (8) 7710 SR OS Router Configuration Guide Page 465...
Page 466 Protocol (4) IPv6 Options Hdr (64) IPv6 Next Header (193) IPv6 Flow Label (31) TOS (5) IP version (60) IPv6 ICMP Type & Code (139) BGP Source ASN (16) BGP Dest ASN (17) Page 466 7710 SR OS Router Configuration Guide...
Page 467 Egress Interface (14) Packet Count (2) Byte Count (1) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) 7710 SR OS Router Configuration Guide Page 467...
Page 468 IP version (60) ICMP Type & Code (32) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) Page 468 7710 SR OS Router Configuration Guide...
Page 469: Enabling Cflowd On Interfaces And Filters
Specifying Cflowd Options on an IP Interface on page 470  Interface Configurations on page 470  Service Interfaces on page 471 • Specifying Sampling Options in Filter Entries on page 472  Interface Configurations on page 470 7710 SR OS Router Configuration Guide Page 469...
Page 470: Specifying Cflowd Options On An Ip Interface
3. The interface>cflowd interface option must be selected. For configuration information, refer to the Filter Policy Overview section of the 7710 SR OS Router Configuration Guide. 4. To omit certain types of traffic from being sampled when the interface sampling is enabled, the config>filter>ip-filter>entry>interface-disable-sample option may be...
Page 471: Service Interfaces
Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface. 7710 SR OS Router Configuration Guide Page 471...
Page 472: Specifying Sampling Options In Filter Entries
3. On the IP interface being used, the interface>cflowd acl option must be selected. (See Interfcace Configuration) For configuration information, refer to the IP Router Confguration Overview section of the 7710 SR OS Router Configuration Guide. 4. On the IP filter being used, the entry>filter-sample option must be explicitly enabled for the entries matching the traffic that should be sampled.
Page 473: Dependencies
Filter Configurations on page 472 Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 13 displays the expected results when specific features are enabled and disabled. 7710 SR OS Router Configuration Guide Page 473...
Page 474: Table 13: Cflowd Configuration Dependencies
Interface mode All IP traffic ingressing the none interface interface is subject to sampling. Interface mode Filter level action is ignored. All filter sampled interface traffic ingressing the interface is subject to sampling. Page 474 7710 SR OS Router Configuration Guide...
Page 475: Cflowd Configuration Management Tasks
Example: config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10 The following example displays the common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 60 overflow 2 rate 10 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 475...
Page 476: Modifying Cflowd Collector Parameters
The following displays basic cflowd modifications: A:ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 version 5 description "AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation source-prefix exit description "Test collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Page 476 7710 SR OS Router Configuration Guide...
Page 477: Cflowd Command Reference
— no rate — [no] shutdown — template-retransmit seconds — no template-retransmit Show Commands show — cflowd — collector [ip-address[:port]] [detail] — interface [ip-int-name | ip-address] — status Clear Commands clear — cflowd 7710 SR OS Router Configuration Guide Page 477...
Page 478 Cflowd Command Reference Page 478 7710 SR OS Router Configuration Guide...
Page 479: Cflowd Configuration Commands
The no form of this command resets the inactive timeout back to the default value. Default Parameters minutes — The value expressed in minutes before an active flow is exported. Values 1 — 600 7710 SR OS Router Configuration Guide Page 479...
Page 480 — The IP address of the flow data collector in dotted decimal notation. :port — The UDP port of flow data collector. Values 1— 65535 Default 2055 version — The version of the flow data collector. Values 5, 8, 9, 10 Default Page 480 7710 SR OS Router Configuration Guide...
Page 481 The no form removes this type of aggregation from the collector configuration. Default none protocol-port Syntax [no] protocol-port Context config>cflowd>collector>aggregation Description This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number. 7710 SR OS Router Configuration Guide Page 481...
Page 482 [no] source-prefix Context config>cflowd>collector>aggregation Description This command configures cflowd aggregation based on source prefix information. The no form of this command removes this type of aggregation from the collector configuration. Default none Page 482 7710 SR OS Router Configuration Guide...
Page 483 The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. The no form of this command administratively enables an entity. 7710 SR OS Router Configuration Guide Page 483...
Page 484 Parameters seconds — Specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive. Values 10 — 600 Page 484 7710 SR OS Router Configuration Guide...
Page 485 Context config>cflowd Description This command specifies the interval for sending template definitions. Default Parameters seconds — The value expressed in seconds before sending template definitions. Values 10 — 600 7710 SR OS Router Configuration Guide Page 485...
Page 486 Cflowd Configuration Commands Page 486 7710 SR OS Router Configuration Guide...
Page 487: Show Commands
The current operational status of this Cflowd remote collector host. Oper The number of Cflowd records that have been transmitted to this Recs Sent remote collector host. The total number of collectors using this IP address. Collectors 7710 SR OS Router Configuration Guide Page 487...
Page 488: Table 15: Show Cflowd Collector Detailed Output Fields
The number of Cflowd records that have been transmitted to this remote collector host. The time when this row entry was last changed. Last Changed The time when the last Cflowd packet was sent to this remote collector Last Pkt Sent host. Page 488 7710 SR OS Router Configuration Guide...
Page 489 Last Pkt Sent : 09/03/2009 18:06:41 ------------------------------------------------------------------------------- Aggregation Type Status Sent Open Errors ------------------------------------------------------------------------------- as-matrix Disabled protocol-port Disabled source-prefix Enabled destination-prefix Enabled source-destination-prefix Disabled Disabled =============================================================================== Address : 138.120.135.103 Port : 9996 7710 SR OS Router Configuration Guide Page 489...
Page 490 Displays the administrative state of the interface. Admin Displays the operational state of the interface. Oper Sample Output B:sr-002# show cflowd interface =============================================================================== Cflowd Interfaces =============================================================================== Interface IP Address Mode Admin Oper Page 490 7710 SR OS Router Configuration Guide...
Page 491: Table 16: Show Cflowd Status Output Fields
The rate at which traffic is sampled and forwarded for Cflowd anal- ysis. All packets are analyzed. one (1) — Every 1000th packet is analyzed. 1000 (default) — The current number of active flows being collected. Active Flows 7710 SR OS Router Configuration Guide Page 491...
Page 492 Overflow : 1% Sample Rate Active Flows : 34 Total Pkts Rcvd : 801600 Total Pkts Dropped =============================================================================== Version Info =============================================================================== Version Status Sent Open Errors ------------------------------------------------------------------------------- Enabled Enabled Enabled Enabled =============================================================================== Page 492 7710 SR OS Router Configuration Guide...
Page 493: Clear Commands
This action will trigger all the flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global stats collector stats listed in the cflowd show commands. 7710 SR OS Router Configuration Guide Page 493...
Page 494 Clear Commands Page 494 7710 SR OS Router Configuration Guide...
Page 495: Standards And Protocol Support
Standards and Protocol Support Standards Compliance RFC 3623 Graceful OSPF Restart – GR RFC 5065 Confederations for BGP helper (obsoletes 3065) IEEE 802.1ab-REV/D3 Station and RFC 3630 Traffic Engineering (TE) Media Access Control Connectivity IS-IS Extensions to OSPF Version 2 Discovery RFC 1142 OSI IS-IS Intra-domain RFC 4203 - Shared Risk Link Group...
Page 496 Standards and Protocols draft-ietf-ipsec-isakmp-modecfg-05.txt – Multicast RFC 3443 Time To Live (TTL) The ISAKMP Configuration Processing in Multi-Protocol Label RFC 1112 Host Extensions for IP Method Switching (MPLS) Networks Multicasting (Snooping) RFC 4182 Removing a Restriction on the RFC 2236 Internet Group Management IPv6 use of MPLS Explicit NULL Protocol, (Snooping)
Page 497 Standards and Protocols to-Multipoint TE Label Switched draft-ietf-bfd-mib-00.txtBidirectional FRF.16.1 Multilink Frame Relay UNI/ Paths (LSPs) Forwarding Detection Management NNI Implementation Agreement Information Base RFC 5151 Inter-domain MPLS and ITU-T Q.933 Annex A- Additional GMPLS Traffic Engineering – RFC 5880 Bidirectional Forwarding procedures for Permanent Virtual RSVP-TE Extensions Detection...
Page 498 Standards and Protocols VPLS draft-ietf-pwe3-redundancy-bit-03.txt, MEF-8 Implementation Agreement for Pseudowire Preferential Forwarding the Emulation of PDH Circuits over RFC 4762 Virtual Private LAN Services Status bit definition Metro Ethernet Networks, October Using LDP 2004 draft-ietf-pwe3-redundancy-03.txt, draft-ietf-l2vpn-vpls-mcast-reqts-04 Pseudowire (PW) Redundancy RFC 5287 Control Protocol Extensions draft-ietf-l2vpn-signaling-08 for the Setup of Time-Division draft-ietf-pwe3-fat-pw-05 Flow Aware...
Page 499 Standards and Protocols ITU-T G.8261 Telecommunication RFC 2575 SNMP-View-based ACM- TIMETRA-FILTER-MIB.mib Standardization Section of ITU, TIMETRA-GLOBAL-MIB.mib Timing and synchronization aspects RFC 2576 SNMP-Community-MIB TIMETRA-IGMP-MIB.mib in packet networks, issued 04/2008. RFC 2665 EtherLike-MIB TIMETRA-ISIS-MIB.mib ITU-T G.8262 Telecommunication RFC 2819 RMON-MIB TIMETRA-LAG-MIB.mib Standardization Section of ITU, RFC 2863 IF-MIB TIMETRA-LDP-MIB.mib...
Page 500 Standards and Protocols Page 500 Standards and Protocols...
Page 501: Index
IP address range network interface IPv6 overview router ID matching criteria service management tasks DSCP values system interface system name IP option values packets policies VRRP policy entries overview port-based filtering 7710 SR OS Router Configuration Guide Page 501...
Page 502 IP addresses owner and non-owner virtual router virtual router backup virtual router master VRID configuring basic command reference IES parameters non-owner owner management tasks overview router interface non-owner owner VRRP policy parameters Page 502 7710 SR OS Router Configuration Guide...

Alcatel 7710 SR OS Configuration Manual

Getting Started

Getting Started

IP Router Configuration

IP Router Configuration

Vrrp

Vrrp

Vrrp

Filter Policies

Filter Policies

Filter Policies

Cflowd

Cflowd

Cflowd

Quick Links

Need help?

Questions and answers

Related Manuals for Alcatel 7710 SR OS

Summary of Contents for Alcatel 7710 SR OS