Download Print this page

Nokia 7450 Configuration Manual

Ethernet service switch / service router / extensible routing system virtualized service router.
Hide thumbs
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900

Advertisement

ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5
7450 ETHERNET SERVICE SWITCH
7750 SERVICE ROUTER
7950 EXTENSIBLE ROUTING SYSTEM
VIRTUALIZED SERVICE ROUTER
ROUTER CONFIGURATION GUIDE
RELEASE 15.0.R5
3HE 11976 AAAC TQZZA 01
Issue: 01
September 2017
Nokia — Proprietary and confidential.
Use pursuant to applicable agreements.

Advertisement

   Related Manuals for Nokia 7450

   Summary of Contents for Nokia 7450

  • Page 1

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 7450 ETHERNET SERVICE SWITCH 7750 SERVICE ROUTER 7950 EXTENSIBLE ROUTING SYSTEM VIRTUALIZED SERVICE ROUTER ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01 September 2017 Nokia — Proprietary and confidential. Use pursuant to applicable agreements.

  • Page 2

    © 2017 Nokia. Contains proprietary/trade secret information which is the property of Nokia and must not be made available to, or copied or used by anyone outside Nokia without its written authorization. Not to be used or disclosed except in accordance with applicable agreements.

  • Page 3: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table of Contents Getting Started ................11 About This Guide..................11 Router Configuration Process ..............13 IP Router Configuration ..............15 Configuring IP Router Parameters ............15 2.1.1 Interfaces....................15 2.1.1.1 Network Interface ..................15 2.1.1.2 Network Domains ..................16 2.1.1.3 System Interface..................17 2.1.1.4 Unicast Reverse Path Forwarding Check (uRPF) ........17 2.1.1.5...

  • Page 4: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Bidirectional Forwarding Detection............64 2.4.1 BFD Control Packet...................64 2.4.2 Control Packet Format................65 2.4.3 BFD for RSVP-TE..................66 2.4.4 Echo Support.....................67 2.4.5 BFD Support for BGP ................67 2.4.6 Centralized BFD ..................67 2.4.6.1 IES Over Spoke SDP ................67 2.4.6.2 BFD Over LAG and VSM Interfaces ............68 2.4.6.3 LSP BFD and VCCV BFD .................69...

  • Page 5: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.10.2 Basic Configuration ...................98 2.10.3 Common Configuration Tasks ..............99 2.10.3.1 Configuring a System Name..............99 2.10.3.2 Configuring Interfaces ................99 2.10.3.3 Deriving the Router ID ................115 2.10.3.4 Configuring a Confederation..............116 2.10.3.5 Configuring an Autonomous System ............117 2.10.3.6 Configuring Overload State on a Single SFM..........117 2.11 Service Management Tasks ..............119...

  • Page 6: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.2.6 Owner and Non-Owner VRRP..............444 3.2.7 Configurable Parameters.................444 3.2.7.1 Virtual Router ID (VRID) ................445 3.2.7.2 Priority .....................445 3.2.7.3 IP Addresses ...................446 3.2.7.4 Message Interval and Master Inheritance ..........446 3.2.7.5 Skew Time....................447 3.2.7.6 Master Down Interval................447 3.2.7.7 Preempt Mode ..................448 3.2.7.8...

  • Page 7: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.8.2.1 Modifying Non-Owner Parameters ............475 3.8.2.2 Modifying Owner Parameters ..............475 3.8.2.3 Deleting VRRP from an Interface or Service ...........475 VRRP Configuration Command Reference ..........477 3.9.1 Command Hierarchies................477 3.9.1.1 IPv4 Interface VRRP Commands ............477 3.9.1.2 Router Interface Commands ..............478 3.9.1.3 IPv6 Interface VRRP Commands ............478 3.9.1.4...

  • Page 8: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.2.6 Advanced VPRN Redirection ..............573 4.1.2.7 Destination MAC Rewrite When Deploying Policy-Based Forwarding....................574 4.1.2.8 Network-port VPRN Filter Policy .............576 4.1.2.9 ISID MAC Filters..................576 4.1.2.10 VID MAC Filters..................577 4.1.2.11 IP Exception Filters..................580 4.1.2.12 Redirect Policies..................581 4.1.2.13 HTTP-redirect (Captive Portal) ..............583 4.1.2.14 Filter Policies and Dynamic Policy-Driven Interfaces ......585...

  • Page 9: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.4.2.10 IP Exception Filter Policy Commands .............684 4.4.2.11 Policy and Entry Maintenance Commands..........685 4.4.2.12 Redirect Policy Commands ..............686 Show, Clear, Monitor, and Debug Command Reference ......695 4.5.1 Command Hierarchies................695 4.5.1.1 Show Commands ..................695 4.5.1.2 Clear Commands..................696 4.5.1.3 Monitor Commands .................696 4.5.1.4...

  • Page 10: Table Of Contents

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 5.4.2 Command Descriptions ................788 5.4.2.1 Generic Commands.................788 5.4.2.2 Show Commands ..................793 5.4.2.3 Debug Commands...................799 Cflowd ..................811 Cflowd Overview..................811 6.1.1 Operation....................811 6.1.1.1 Version 8 ....................814 6.1.1.2 Version 9 ....................814 6.1.1.3 Version 10 ....................814 6.1.2 Cflowd Filter Matching ................815 Cflowd Configuration Process Overview ..........816 Configuration Notes.................817 Configuring Cflowd with CLI ..............819...

  • Page 11: Getting Started

    SR OS router. Table 1 Supported SR OS Router Chassis Types 7450 ESS 7750 SR 7950 XRS • 7450 ESS-7/12 running in • 7450 ESS-7/12 running in • 7950 XRS-16c standard mode (not mixed- mixed-mode (not standard • 7950 XRS-20/40...

  • Page 12

    Getting Started ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Note: This guide generically covers Release 15.0.Rx content and may contain some content that will be released in later maintenance loads. Refer to SR OS R15.0.Rx Software Release Notes, part number 3HE 12060 000x TQZZA or the VSR Release Notes, part number 3HE 12092 000x TQZZA, for information on features supported in each load of the Release 15.0.Rx software.

  • Page 13: Router Configuration Process

    ROUTER CONFIGURATION GUIDE Getting Started RELEASE 15.0.R5 1.2 Router Configuration Process Table 2 lists the tasks necessary to configure logical IP routing interfaces, virtual routers, IP and MAC-based filtering, and cflowd. This guide is presented in an overall logical configuration flow. Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area.

  • Page 14

    Getting Started ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 15: Ip Router Configuration

    • Confederations • Proxy ARP Refer to the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide for information about DHCP and support as well as configuration examples for the 7750 SR and 7450 ESS. 2.1.1 Interfaces Nokia routers use different types of interfaces for various functions.

  • Page 16: Network Domains

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • Physical or logical port • A SONET/SDH channel for the 7750 SR or 7450 ESS 2.1.1.2 Network Domains To determine which network ports (and, therefore, which network complexes) are eligible to transport traffic of individual SDPs, network-domain is provided. Network- domain information is then used for the sap-ingress queue allocation algorithm applied to VPLS SAPs.

  • Page 17: System Interface

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Any SDP can be assigned only to one network domain. If none is specified, the system will assign the default network-domain. This means that all SAPs in VPLS will have queue reaching all fwd-complexes serving interfaces that belong to the same network-domains as the SDPs.

  • Page 18: Creating An Ip Address Range

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 In loose mode, uRPF checks whether the incoming packet has a source address that matches a prefix in the routing table; loose mode does not check whether the interface expects to receive a packet with a specific source address prefix. Loose mode uRPF check is supported for ECMP, IGP shortcuts, and VPRN MP-BGP routes.

  • Page 19: Qos Policy Propagation Using Bgp (qppb)

    This section describes QPPB as it applies to VPRN, IES, and router interfaces. Refer to the “Internet Enhanced Service” section in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN and the “IP Router Configuration”...

  • Page 20

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.1.1.6.2 Inter-AS Coordination of QoS Policies The operator of an administrative domain “A” can use QPPB to signal to a peer administrative domain “B” that traffic sent to certain prefixes advertised by domain A should receive a specific QoS treatment in domain B.

  • Page 21: Qppb

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 1 Use of QPPB to Differentiate Traffic in an ISP Network Route Policy: Route Policy: Accept all routes with AS_PATH Accept all routes with AS_PATH ending with ASN 300 and set fcto ending with ASN 300 and set fcto high-1 high-1...

  • Page 22

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 action accept fc h1 priority high exit exit exit commit The fc command is supported with all existing from and to match conditions in a route policy entry, with any action other than reject, and with next-entry, next-policy, and accept actions.

  • Page 23

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • VPN-IPv4 (AFI=1, SAFI=128) • VPN-IPv6 (AFI=2, SAFI=128) A VPN-IP route may match both a VRF import policy entry and a BGP import policy entry (if vpn-apply-import is configured in the base router BGP instance). In this case, the VRF import policy is applied first, then the BGP import policy, so the QPPB QoS is based on the BGP import policy entry.

  • Page 24

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 PE1_to_PE2 h1, high ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== A:Dut-A# 2.1.1.7.3 Enabling QPPB on an IP interface To enable QoS classification of ingress IP packets on an interface based on the QoS information associated with the routes that best match the packets, configure the qos-route-lookup command in the IP interface.

  • Page 25

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Currently, QPPB is not supported for ingress MPLS traffic on network interfaces or on CsC PE’-CE’ interfaces (config>service>vprn>nw-if). Note: QPPB based on a source IP address is not supported for ingress subscriber management traffic on a group interface.

  • Page 26: Qppb And Grt Lookup

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.1.1.7.6 QPPB and Policy-Based Routing When an IPv4 or IPv6 packet with destination address arrives on an interface with both QPPB and policy-based-routing enabled: • There is no QPPB classification if the IP filter action redirects the packet to a directly connected interface, even if the destination address is matched by a route with a forwarding-class and priority.

  • Page 27

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 high), regardless of the QPPB priority or fc1 configuration. If fc2 is associated with a priority mode queue or policer, the packet priority will be based on QPPB (unless DE=1). If no priority information is associated with the route, the packet priority will be based on the configuration of fc1.

  • Page 28: Router Id

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 3 QPPB Interactions with SAP Ingress QoS (Continued) Original FC New FC Profile Priority (drop DE=1 In/out of profile object object preference) override marking mapping mapping Policer Priority mode Ignored If DE=1 override then From new From original FC queue...

  • Page 29: Autonomous Systems (as)

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 There are several ways to obtain the router ID. On each router, the router ID can be obtained in the following ways. • Define the value in the config>router router-id context. The value becomes the router ID.

  • Page 30: Confederations

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.1.4 Confederations Configuring confederations is optional and should only be implemented to reduce the IBGP mesh inside an AS. An AS can be logically divided into smaller groupings called sub-confederations and then assigned a confederation ID (similar to an autonomous system number).

  • Page 31: Proxy Arp

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 2 Confederation Configuration Confederation 2002 AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 2.1.5 Proxy ARP...

  • Page 32: Exporting An Inactive Bgp Route From A Vprn

    ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Static ARP is used when a Nokia router needs to know about a device on an interface that cannot or does not respond to ARP requests. The configuration can state that, if it has a packet with a specific IP address, to send it to the corresponding ARP address.

  • Page 33

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • Header format simplification — Some IPv4 header fields have been dropped or made optional to reduce the common-case processing cost of packet handling and to limit the bandwidth cost of the IPv6 header. •...

  • Page 34: Ipv6 Address Format

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 4 IPv6 Header Field Descriptions (Continued) Field Description Next Header 8-bit selector. Identifies the type of header immediately following the IPv6 header. This field uses the same values as the IPv4 protocol field. Hop Limit 8-bit unsigned integer.

  • Page 35: Ipv6 Applications

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.1.8.2 IPv6 Applications Examples of the IPv6 applications supported by the TiMOS include: • IPv6 Internet exchange peering — Figure 4 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6. Figure 4 IPv6 Internet Exchange IPv6 IX...

  • Page 36

    • IPv6 over IPv4 relay services — IPv6 over IPv4 tunnels are one of many IPv6 transition methods to support IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. Nokia routers support dynamic IPv6 over IPv4 tunneling. The IPv4 source and...

  • Page 37: Secure Neighbor Discovery (send)

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 7 IPv6 over IPv4 Tunnels IPv6 IPv6 IPv6 IPv6 header data header data Dual-stack Dual-stack IPv6 Host IPv6 Host router router IPv4 IPv6 IPv6 Network Network Tunnel: IPv6 in IPv4 packet IPv6 IPv6 IPv4...

  • Page 38

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 A number of potential use-cases for SeND exist in order to secure the network from deliberate or accidental tampering during neighbor discovery, SeND can prevent hijacking of in-use IPv6 addressing or man-in-the-middle attacks, but also to validate whether a node is permitted to participate in neighbor discovery, or validate which routers are permitted to act as default gateways.

  • Page 39: Send Persistent Cgas

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 4. PE-A receives the NA and completes similar checks as PE-B did. If all steps process correctly, both nodes will install each other’s addresses into their neighbor cache database. 2.1.8.5 SeND Persistent CGAs Persistent CGAs is a feature of SeND.

  • Page 40

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Import an online/offline generated RSA key pair To import a generated RSA key pair, use the admin certificate secure-nd-import command: admin certificate secure-nd-import local-url format {der | pem | pkcs12} [password <password>] [key-rollover] For example: admin certificate secure-nd-import cf1:\myDir\myRsaKeyPair format der •...

  • Page 41

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • While handling a key rollover, SeND keeps track of which interface uses which RSA key pair. Temporarily, SeND can have two RSA key pairs in use. At all times, only the latest RSA key pair is stored in the file cfx:\system-pki\secureNdKey.

  • Page 42

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 By storing the modifier in the configuration file, the operator can also configure an offline generated modifier (possibly with a security parameter > 1). Example 1: Configure a SeND interface without modifiers: configure router interface itf1 address 10.10.10.1 port 1/1/1...

  • Page 43

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 => Another offline generated modifier (*) is used for the generation of a global address. => For an offline generated modifier, a check is performed to see if it is generated with the actual RSA key pair and the security parameter applicable for the interface. If this check fails, the command is refused, unless the command is triggered in the context of an exec of a config file.

  • Page 44: Ipv6 Provider Edge Router Over Mpls (6pe)

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The file cfx:\system-pki\secureNdKey should exist. This file will be automatically uploaded by SeND during initialization. The configuration file should contain a modifier for each address on a SeND enabled interface. Modifiers in the configuration file are checked against the current RSA key pair. If the check fails, a new modifier and CGA is generated and a warning is raised that a new CGA is generated.

  • Page 45

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 9 Example of a 6PE Topology within One AS MP-BGP sessions 2001:0620 2001:0420 145:950.0 2001:0421 Dual Stack IPv4-IPv6 routers Dual Stack IPv4-IPv6 routers 2001:0621 IPv4 MPLS Fig_30 2.1.8.6.1 6PE Control Plane Support The 6PE MP-BGP routers support: •...

  • Page 46: Static Route Resolution Using Tunnels

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The egress 6PE router pops the top transport labels. When the IPv6 explicit null label is exposed, the egress 6PE router knows that an IPv6 packet is encapsulated. It pops the IPv6 explicit null label and performs an IPv6 route lookup to find the next hop for the IPv6 packet.

  • Page 47

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The ldp value instructs the code to search for an LDP LSP with a FEC prefix corresponding to the address of the indirect next-hop. Both LDP IPv4 FEC and LDP IPv6 FEC can be used as the tunnel next-hop. However, only an indirect next-hop of the same family (IPv4 or IPv6) as the prefix of the route can use an LDP FEC as the tunnel next-hop.

  • Page 48: Static Route Ecmp Support

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter. If disallow-igp is enabled, the static route will not be activated using IP next-hops in RTM if no tunnel next-hops are found in TTM. 2.1.9.1 Static Route ECMP Support The following is the ECMP behavior of a static route:...

  • Page 49: Weighted Load Balancing Over Mpls Lsp

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.2 Weighted Load Balancing over MPLS LSP The weighted load-balanced, or weighted-ecmp, feature sprays packets of IGP, BGP, and static route prefixes, resolved to a set of ECMP tunnel next hops, proportionally to the weights configured for each MPLS LSP in the ECMP set. Weighted load balancing is supported in the following forwarding contexts: •...

  • Page 50: Feature Configuration

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.2.1 Weighted Load Balancing IGP, BGP, and Static Route Prefix Packets over IGP Shortcut 2.2.1.1 Feature Configuration The user must have the IGP shortcut or forwarding adjacency feature enabled in one or more IGP instances: config>router>ospf(isis)>igp-shortcut config>router>ospf(isis)>advertise-tunnel-link The user can also disable specific MPLS LSPs from being used in IGP shortcut or...

  • Page 51: Feature Behavior

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.2.1.2 Feature Behavior This section describes the behavior of the weighted load-balancing feature for IGP, BGP, and static route prefixes resolved in RTM to IGP shortcuts. When an IGP, BGP, or a static route prefix is resolved in RTM to a set of ECMP tunnel next-hops of type RSVP-TE, and the router level weighted-ecmp option is enabled, the ingress hash table for the next-hop selection is populated with a number of tunnel next-hop entries for each LSP equal to the normalized LSP weight value.

  • Page 52: Ecmp Considerations

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 − CPM generated packets, including OAM packets, which are looked-up in RTM and which are forwarded over tunnel next-hops. These will be forwarded using either regular ECMP or by selecting one next-hop from the set.

  • Page 53

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 If the user enters, for the same static route, more LSP names with the same LSP metric than the value of the router level ecmp option, only the first configured LSPs equal to the ecmp value will be selected. The remaining tunnel next-hops for the route will not be activated.

  • Page 54: Weighted Load Balancing For 6pe

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.2.2 Weighted Load Balancing for 6PE ECMP-like spraying for BGP labeled IPv6 packets (6PE) is controlled using the config>router>ecmp max-ecmp-routes command, where max-ecmp-routes represents the maximum number of RSVP tunnels in the set representing equal-cost paths to the BGP next hop.

  • Page 55

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.3 Class-Based Forwarding of IPv4/IPv6 Prefix Over IGP IPv4 Shortcut This feature enables class-based forwarding (CBF) over IGP shortcuts. When the class-forwarding command is enabled, the following types of packets are forwarded based on their forwarding class: •...

  • Page 56

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 [no] default-set set-id <1..4> All FCs are mapped to set 1 as soon as the policy is created. The user can make changes to the mapping of FCs as required. An FC, which is not added to the class- forwarding policy, is thus always mapped to set 1.

  • Page 57

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Both the CBF feature in LDP-over-RSVP and this CBF feature over IGP IPv4 shortcuts make use of the CBF class-forwarding policy. IGP always passes the CBF information populated by MPLS for each LSP used as a tunnel next-hop by an IGP prefix.

  • Page 58: Feature Limitations

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • If no LSP among the full ECMP set of a BGP next-hop has a class-forwarding policy configuration assigned, then the set is considered inconsistent from a CBF perspective. No CBF-related information is programmed in IOM and regular ECMP spraying over the full set occurs.

  • Page 59: Data Path Support

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • CBF applies to packets of IPv4 and IPv6 BGP prefixes only. CBF does not apply to IGP prefixes and static route prefixes resolved over IGP IPv4 shortcuts. The latter are forwarded using regular ECMP over the entire set of up to 64 tunnel next-hops.

  • Page 60

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 If MPLS deletes an LSP from a specified set ID, the IOM handles failover within the same set ID. The IOM reprograms the data path to spray packets of the impacted FCs over the remaining tunnel next-hops of the set ID. Similarly, the IOM handles failover between class-forwarding sets when MPLS deletes the last LSP in a set ID.

  • Page 61

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 10 Default Forwarding Set Election Default forwarding set election: Set 1 goes down Set 1, 2 are down RSVP-TE_LSP-BB1-SET1[1..4] Set 1, 2, 3 are down Set 2 comes back up iBGP eBGP RSVP-TE_LSP-BB1-SET2[1..4] RSVP-TE_LSP-BB1-SET3[1..4]...

  • Page 62

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 no shutdown exit class-forwarding // Enables CBF feature for BGP and CPM traffic *A:Reno 194>config>router>isis# info ---------------------------------------------- igp-shortcut Enables IGP shortcut in this ISIS instance with both families IPv4 and IPv6 resolv ing to RSVP-TE LSPs tunnel-next-hop family ipv4...

  • Page 63

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 shutdown to 38.120.48.211 cspf class-forwarding forwarding-set policy “cbf1” set 1 exit primary "empty" exit exit no shutdown lsp "RSVP-TE_LSP-BB1-SET2[1..4]" // Four LSPs in Set2 shutdown to 38.120.48.211 cspf class-forwarding forwarding-set policy “cbf1” set 2 exit primary "empty"...

  • Page 64: Bidirectional Forwarding Detection

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.4 Bidirectional Forwarding Detection Bidirectional Forwarding Detection (BFD) is an efficient, short-duration detection of failures in the path between two systems. If a system stops receiving BFD messages for a long enough period (based on configuration), it is assumed that a failure along the path has occurred and the associated protocol or service is notified of the failure.

  • Page 65: Control Packet Format

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.4.2 Control Packet Format The BFD control packet has two sections: a mandatory section and an optional authentication section. Figure 11 Mandatory Frame Format 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version Diag P F C A D R...

  • Page 66: Bfd For Rsvp-te

    • Ethernet (Null, Dot1Q & QinQ) • Spoke SDPs • LAG interfaces The following interfaces are supported only on the 7750 SR and 7450 ESS: • VSM interfaces • POS interfaces (including APS) • Channelized interfaces (PPP, HDLC, FR, and ATM) on ASAP (priority 1) and...

  • Page 67: Echo Support

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.4.4 Echo Support Echo support for BFD calls for the support of the echo function within BFD. By supporting BFD echo, the router loops back received BFD echo messages to the original sender based on the destination IP address in the packet. The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency.

  • Page 68: Bfd Over Lag And Vsm Interfaces

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 12 BFD for IES/VPRN over Spoke SDP Metro Metro POP 1 POP 2 IES/ IES/ VPRN VPRN Primary Path Spoke Spoke Headend Router Headend Router Secondary Path IES/ IES/ Note: VPRN VPRN In this case BFD is run between the IES/VPRN interfaces...

  • Page 69: Lsp Bfd And Vccv Bfd

    Layer 2 services such as Epipe VPLS spoke-SDPs and mesh-SDPs using centralized BFD. See the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide and 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN for more information.

  • Page 70: Invalidate Next-hop Based On Ipv4 Arp

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.4.8 Invalidate Next-Hop Based on ARP/Neighbor Cache State This feature invalidates next-hop entries for static routes when the next-hop is no longer reachable on directly connected interfaces. This invalidation is based on ARP and Neighbor Cache state information.

  • Page 71: Ldp Shortcut For Igp Route Resolution

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.4.9 LDP Shortcut for IGP Route Resolution This feature enables you to forward user IP packets and specified control IP packets using LDP shortcuts over all network interfaces in the system that participate in the IS-IS and OSPF routing protocols.

  • Page 72: Ldp-igp Synchronization

    IP next-hop. LDP shortcut will also work when using RIP for routing. 2.4.9.2 LDP-IGP Synchronization See the 7450 ESS, 7750 SR, 7950 XRS, and VSR MPLS Guide for information about LDP-IGP Synchronization. 2.4.9.3 LDP Shortcut Forwarding Plane After the LDP activates a FEC for a prefix and programs RTM, it also programs the ingress tunnel table in IOM or on linecards with the LDP tunnel information.

  • Page 73

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The switching from a regular IP next-hop to an LDP shortcut next-hop will usually occur only when both are available. However, the programming of the NHLFE by LDP and the programming of the LDP tunnel information in the ingress IOM or linecards tunnel table are asynchronous.

  • Page 74: Handling Of Multicast Packets

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.4.9.6 Handling of Multicast Packets Multicast packets cannot be forwarded or received from an LDP LSP. This is because there is no support for the configuration of such an LSP as a tunnel interfaces in PIM.

  • Page 75

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 You must use the fec-originate command to generate bindings for all non-local routes for which this node acts as an egress LER for the corresponding LDP FEC. Specifically, this feature must support the FEC origination of IGP learned routes and subscriber/host routes statically configured or dynamically learned over subscriber IES interfaces.

  • Page 76

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.5 Weighted Load-Balancing over Interface Next-hops When the weighted-ecmp command is configured in the base router context (config>router) or a VPRN (config>service>vprn), the associated IS-IS instances are allowed to program IPv4 and IPv6 ECMP routes to use weighted load-balancing across interface next-hops.

  • Page 77: Gre Tunnel Overview

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.6 GRE Tunnel Overview This section describes the GRE tunneling feature supported through the use of a Port Cross Connect (PXC) port. In this application, the PXC port functions as a resource module for the system, providing the necessary resources for the GRE encapsulation function.

  • Page 78: Sample Gre Tunnel Configurations

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • In the upstream direction (public to private), the encapsulated traffic is forwarded to a public tunnel interface if the destination address matches the local or gateway address of a GRE tunnel. As the traffic passes through the PXC port, the tunnel header is removed, the payload IP packet is delivered to the private service, and from there, the traffic is forwarded again based on the destination address of the payload IP packet.

  • Page 79: Router Interface Encryption With Nge

    The outbound and inbound key groups configured on the router interface determine which keys are used to encrypt and decrypt traffic. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Services Overview Guide for more information about configuring key groups.

  • Page 80: Nge Domains

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The group keys used on an NGE-enabled router interface provide encryption of broadcast and multicast packets within the GRT. For example, OSPF uses a broadcast address to establish adjacencies, which can be encrypted by NGE without the need to establish point-to-point encryption tunnels.

  • Page 81: Private Ip/mpls Network Nge Domain

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Various traffic types are supported and encrypted when entering the NGE domain, as illustrated by the following items on node A in Figure • item 1: self-generated packets — these packets, which include all types of control plane and management packets such as OSPF, BGP, LDP, SNMPv3, SSH, ICMP, RSVP-TE, and 1588, are encrypted •...

  • Page 82: Private Over Intermediary Network Nge Domain

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 17 Private IP/MPLS Network NGE Domain Domain New node NSP NFM-P 26215 In a private IP/MPLS network NGE domain, all interfaces are owned by the operator and there is no intermediary service provider needed to interconnect nodes. Each interface is a point-to-point private link between private nodes.

  • Page 83

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 18 Private Over Intermediary Network NGE Domain Domain NGE domain gateway node Single interface into provider NSP NFM-P New node 26214 Private over intermediary network NGE domains have nodes with links that connect to a service provider network where a single link can communicate with multiple nodes over a Layer 3 service such as a VPRN.

  • Page 84: Router Interface Nge Domain Concepts

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.7.2 Router Interface NGE Domain Concepts An NGE domain is a group of nodes whose router interfaces in the base routing context (GRT) are enabled for router interface NGE. An interface without router interface NGE enabled is considered to be outside the NGE domain.

  • Page 85

    NGE domain where NGE is not applied. Refer to the “NGE Packet Overhead and MTU Considerations” section in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Services Overview Guide for MTU information related to enabling NGE on a router interface.

  • Page 86: Evpn-vxlan Tunnels And Services

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • GRE with the GRE protocol ID set to MPLS Unicast (0x8847) or Multicast (0x8848) • UDP packets with destination port = 6635) GRE-MPLS and MPLSoUDP packets that enter the NGE domain or transit the NGE domain are forwarded as is.

  • Page 87

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Figure 20 Router Interface NGE Exception Filter Example Carrier Service Self IP Exception IP Exception generated (in clear text) (in clear text) packets Carrier VPN Carrier VPN PE1 Router PE2 Router NGE node NGE node OSPF OSPF...

  • Page 88: Ipsec Packets Crossing An Nge Domain

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.7.6 IPSec Packets Crossing an NGE Domain IPSec packets can cross the NGE domain because they are still considered Layer 3 packets. To avoid confusion between the security association used in an IPSec packet and the one used in a router interface NGE packet, the router will always apply NGE to any IPSec packet that traverses the NGE domain.

  • Page 89: Multicast Packets Traversing The Nge Domain

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • NGE enabled with outbound key group configured and no inbound key group configured — the packet originates outside the NGE domain, so the router adds an ESP header over the existing ESP and encrypts the payload using the NGE domain keys for the configured outbound key group.

  • Page 90

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 22 Processing Multicast Packets NGE node NGE router interface disabled NGE is not configured Ingress Interface (Eth) Outside NGE domain Egress Interface Multicast packet Outside NGE domain Inside NGE domain NGE enabled, no inbound or outbound key groups Egress Interface (Eth) Encryption Capable...

  • Page 91: Assigning Key Groups To Router Interfaces

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.7.8 Assigning Key Groups to Router Interfaces Assigning key groups to router interfaces involves the following three steps: Step 1. Enable NGE with the group-encryption command. Step 2. Configure the outbound key group. Step 3.

  • Page 92

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • on ingress — Normal ACLs are applied to traffic received on the interface that could be either NGE-encrypted or clear text. For NGE-encrypted packets, this implies that only the source, destination, and IP options are available to filter on ingress, as the protocol is ESP and the packet is encrypted.

  • Page 93: V2 Encryption With Nge

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 These statistics are used when clear text ICMP messages are received on an NGE router interface. The Invalid ESP statistics are not used in this situation even though the packet does not have a correct NGE ESP header. If there is no ingress exception ACL configured on the interface to allow the ICMP messages to be forwarded, the messages are counted and dropped.

  • Page 94: Process Overview

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.8 Process Overview The following items are components to configure basic router parameters: • Interface — A logical IP routing interface. When created, attributes like an IP address, port, link aggregation group, or the system can be associated with the IP interface.

  • Page 95: Configuration Notes

    − 7750 SR chassis systems − 7750 SR-a chassis systems − 7750 SR-e chassis systems − 7450 ESS systems running in mixed-mode with IPv6 functionality limited to those interfaces on slots with 7750 IOM3-XPs/IMMs (or later) line cards. − 7750 SR-c4/12.

  • Page 96

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 97: Configuring An Ip Router With Cli

    This section provides information to configure an IP router using CLI. 2.10.1 Router Configuration Overview In a Nokia router, an interface is a logical named entity. An interface is created by specifying an interface name under the config>router context. This is the global router configuration context where objects like static routes are defined.

  • Page 98: Network Interface

    OSPF and BGP. The most basic router configuration must have the following: • System name • System address The following example shows a router configuration for the 7750 SR and 7450 ESS: A:ALA-A> config# info . . . #------------------------------------------...

  • Page 99: Common Configuration Tasks

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.10.3 Common Configuration Tasks The following sections describe basic system tasks. 2.10.3.1 Configuring a System Name Use the system command to configure a name for the device. The name is used in the prompt string.

  • Page 100: Configuring A System Interface, Configuring A Network Interface

    [netmask]} [broadcast {all-ones | host-ones] secondary {[address/mask | ip-address] [netmask]} [broadcast {all-ones | host- ones}] [igp-inhibit] 2.10.3.2.2 Configuring a Network Interface To configure a network interface for the 7450 ESS: CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all-ones | host-ones}]...

  • Page 101

    CPU protection policies are configured in the config>sys>security>cpu-protection context. Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide. 2.10.3.2.3 Assigning a Key Group to a Router Interface Use the following CLI syntax to assign a key group to a router interface: CLI Syntax: config>router# interface ip-int-name [create]...

  • Page 102

    • 7750 SR chassis systems. • 7750 SR-a chassis systems. • 7750 SR-e chassis systems. • 7450 ESS chassis running in mixed-mode, with IPv6 functionality limited to those interfaces on slots with 7750 IOM3-XPs/IMMs (or later) line card. • 7750 SR-c4/12.

  • Page 103: Configuring Ipv6 Over Ipv4 Parameters, Tunnel Ingress Node

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 time-exceeded 100 10 unreachables 100 10 exit ---------------------------------------------- A:ALA-49>config>router>if>ipv6# exit all To configure IPv6 parameters on a router interface: CLI Syntax: config>router# interface interface-name port port-name ipv6 address {ipv6-address/prefix-length} [eui-64] icmp6 packet-too-big [number seconds] param-problem [number seconds] redirects [number seconds] time-exceeded [number seconds]...

  • Page 104

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 interface ip-int-name address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}] port port-name The following example shows an interface configuration: A:ALA-49>config>router# info ---------------------------------------------- interface "ip-1.1.1.1" address 1.1.1.1/30 port 1/1/1 exit ---------------------------------------------- A:ALA-49>config>router# Both the IPv4 and IPv6 system addresses must be configured: CLI Syntax: config>router...

  • Page 105

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 CLI Syntax: config>router ospf area area-id interface ip-int-name The following example shows the configuration of OSPF output: A:ALA-49>config>router# info ---------------------------------------------- ospf area 0.0.0.0 interface "system" exit interface "ip-1.1.1.1" exit exit exit ---------------------------------------------- A:ALA-49>config>router# Configuring IPv4 BGP Peer The following example shows the configuration of an IPv4 BGP peer with (IPv4 and)

  • Page 106

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 exit exit exit ---------------------------------------------- A:ALA-49>config>router# An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint. The following example shows the configuration of a policy to export IPv6 routes into BGP: CLI Syntax:...

  • Page 107: Tunnel Egress Node

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.10.3.2.7 Tunnel Egress Node The following example shows the configuration of the interface through which the IPv6 over IPv4 traffic leaves the node. It must be configured on a network interface. Both the IPv4 and IPv6 system addresses must be configured. CLI Syntax: config>router static-route ::C8C8:C801/128...

  • Page 108

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ospf area 0.0.0.0 interface "system" exit interface "ip-1.1.1.2" exit exit exit ---------------------------------------------- A:ALA-49>config>router# Configuring an IPv4 BGP Peer The following example shows the configuration an IPv4 BGP peer with (IPv4 and) IPv6 protocol families: CLI Syntax: config>router export policy-name [policy-name...(upto 5 max)]...

  • Page 109: Router Advertisement

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint. The following example shows the configuration of a policy to export IPv6 routes into BGP: CLI Syntax:...

  • Page 110

    {seconds | infinite} valid-lifetime {seconds | infinite} reachable-time milliseconds retransmit-time milliseconds router-lifetime seconds no shutdown use-virtual-mac To configure router advertisement for the 7450 ESS: CLI Syntax: config>router# router-advertisement dns-options rdnss-lifetime seconds interface ip-int-name current-hop-limit number dns-options rdnss-lifetime {seconds | infinite}...

  • Page 111

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 on-link preferred-lifetime {seconds | infinite} valid-lifetime {seconds | infinite} reachable-time milliseconds retransmit-time milliseconds router-lifetime seconds no shutdown use-virtual-mac The following example shows a router advertisement configuration: *A:sim131>config>router>router-advert# info ---------------------------------------------- interface "n1" prefix 2001:db8:3::/64 exit use-virtual-mac no shutdown...

  • Page 112

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ---------------------------------------------- address 10.11.10.1/24 port 1/3/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpoint.

  • Page 113: Configuring Proxy Arp

    ARP requests will or will not be forwarded to depending on the action if a match is found. For more information about route policies, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Unicast Routing Protocols Guide. • Apply the policy statement to the proxy-arp configuration in the config>router>interface context.

  • Page 114

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 prefix 10.20.30.0/24 through 32 exit prefix-list "prefixlist2" prefix 10.10.10.0/24 through 32 exit policy-statement "ProxyARPpolicy" entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name...

  • Page 115: Deriving The Router Id

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The no service-prefix ip-prefix/mask command removes all address reservations. A service prefix cannot be removed while one or more services use address(es) in the range to be removed. CLI Syntax: config>router service-prefix ip-prefix/mask [exclusive] 2.10.3.3 Deriving the Router ID The router ID defaults to the address specified in the system interface command.

  • Page 116: Configuring A Confederation

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 A:ALA-4>config>router# 2.10.3.4 Configuring a Confederation Configuring a confederation is optional. The AS and confederation topology design should be carefully planned. Autonomous system (AS), confederation, and BGP connection and peering parameters must be explicitly created on each participating router.

  • Page 117: Configuring An Autonomous System

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.10.3.5 Configuring an Autonomous System Configuring an autonomous system is optional. To configure an autonomous system: CLI Syntax: config>router autonomous-system as-number The following example shows an autonomous system configuration: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system"...

  • Page 118

    The conditions to set overload are: • 7750 SR-12/SR-7/SR-c12 and 7450 ESS-12/ESS-7/ESS-6 platforms: protocol sets overload if one of the SF/CPMs fails • 7750 SR-12e and 7950 XRS platforms: protocol sets overload if two SFMs fail...

  • Page 119: Service Management Tasks

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.11 Service Management Tasks This section describes IP router service management tasks: 2.11.1 Changing the System Name The system command sets the name of the device and is used in the prompt string. Only one system name can be configured.

  • Page 120: Removing A Key Group From A Router Interface

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 To modify an IP address: CLI Syntax: A:ALA-A>config>router# interface “to-sr1” A:ALA-A>config>router>if# shutdown A:ALA-A>config>router>if# no address A:ALA-A>config>router>if# address 10.0.0.25/24 A:ALA-A>config>router>if# no shutdown To modify a port: CLI Syntax: A:ALA-A>config>router# interface “to-sr1” A:ALA-A>config>router>if# shutdown A:ALA-A>config>router>if# no port A:ALA-A>config>router>if# port 1/1/2 A:ALA-A>config>router>if# no shutdown...

  • Page 121: Changing The Key Group For A Router Interface

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 config>router>if>group-encryp# no encryption-keygroup 6 direction outbound The following example shows that the key group configuration has been removed from a router interface. domain1>config>router# info ---------------------------------------------- interface demo group-encryption exit no shutdown exit exit ---------------------------------------------- 2.11.4 Changing the Key Group for a Router Interface...

  • Page 122: Deleting A Logical Ip Interface

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 exit no shutdown exit exit ---------------------------------------------- 2.11.5 Deleting a Logical IP Interface The no form of the interface command typically removes the entry, but all entity associations must be shut down and/or deleted before an interface can be deleted. Step 1.

  • Page 123: Ip Router Configuration Command Reference

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.12 IP Router Configuration Command Reference • Command Hierarchies • Command Descriptions 2.12.1 Command Hierarchies • Router Commands • Router BFD Commands • Router L2TP Commands • Router Interface Commands • Router Interface IPv6 Commands •...

  • Page 124

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — bgp-labels-hold-timer seconds — no bgp-labels-hold-timer — sr-labels start start-value end end-value — no sr-labels — static-label-range static-range — no static-label-range — mss-adjust-group nat-group-id segment-size segment-size — no mss-adjust-group — multicast-info-policy policy-name —...

  • Page 125

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — [no] padding-size padding-size — [no] description description-string — [no] destination-class dest-index — [no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc} — [no] priority {low | high} —...

  • Page 126: Router Bfd Commands

    — multiplier multiplier — no multiplier — [no] type cpm-np 2.12.1.3 Router L2TP Commands The router L2TP commands apply only to the 7750 SR and 7450 ESS. config — router [router-name] — l2tp — calling-number-format ascii-spec — no calling-number-format —...

  • Page 127

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — avp-hiding {sensitive | always} — no avp-hiding — challenge [always] — no challenge — description description-string — no description — df-bit-lac {always | never | default} — no df-bit-lac — destruct-timeout destruct-timeout —...

  • Page 128

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — keepalive seconds [hold-up-multiplier multiplier] — no keepalive — [no] lcp-force-ack-accm — mtu-bytes — no — [no] proxy-authentication — [no] proxy-lcp — user-db local-user-db-name — no user-db — session-assign-method {existing-first | weighted | weighted- random} —...

  • Page 129

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — session-limit unlimited — session-limit session-limit — no session-limit — [no] shutdown — group-session-limit session-limit — group-session-limit unlimited — no group-session-limit — l2tpv3 — cookie-length {4 | 8} — no cookie-length — digest-type {default | md5 | sha1 | none} —...

  • Page 130: Router Interface Commands

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.12.1.4 Router Interface Commands config — router [router-name] — if-attribute — admin-group group-name value group-value — no admin-group group-name — srlg-group group-name value group-value [penalty-weight penalty-weight] — no srlg-group group-name — [no] interface ip-int-name [unnumbered-mpls-tp | gmpls-loopback | control- tunnel]...

  • Page 131

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — server server1 [server2 ... (up to 8 max)] — no server — [no] shutdown — [no] trusted — dist-cpu-protection policy-name — no dist-cpu-protection — egress — filter ip ip-filter-id — filter ipv6 ipv6-filter-id —...

  • Page 132

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — no unreachables — if-attribute — [no] admin-group group-name [group-name...(up to 5 max)] — no admin-group — [no] srlg-group group-name [group-name...(up to 5 max)] — no srlg-group — ingress — filter ip ip-filter-id —...

  • Page 133: Router Interface Ipv6 Commands

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — no tcp-mss — tos-marking-state {trusted | untrusted} — no tos-marking-state — unnumbered [ip-addr | ip-int-name] — no unnumbered — [no] urpf-check — [no] ignore-default — mode {strict | loose | strict-no-ecmp} —...

  • Page 134: Router Advertisement Commands

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — link-local-address ipv6-address [dad-disable] — [no] local-proxy-nd — neighbor ipv6-address [mac-address] — no neighbor ipv6-address — neighbor-limit limit [log-only] [threshold percent] — no neighbor-limit — proxy-nd-policy policy-name [policy-name...(up to 5 max)] — no proxy-nd-policy —...

  • Page 135: Command Descriptions

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — max-advertisement-interval seconds — no max-advertisement-interval — min-advertisement-interval seconds — no min-advertisement-interval — mtu-bytes — no — [no] other-stateful-configuration — prefix [ipv6-prefix/prefix-length] — [no] autonomous — [no] on-link — preferred-lifetime {seconds | infinite} —...

  • Page 136

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Default no shutdown description Syntax description description-string no description Context config>router>if>dhcp config>router>if>vrrp config>router>l2tp>group config>router>l2tp>group>tunnel Description This command creates a text description stored in the configuration file for a configuration context. The no form of the command removes the description string from the context. Default No description is associated with the configuration context.

  • Page 137: Router Global Commands

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.12.2.2 Router Global Commands router Syntax [no] router [router-instance] Context config Description This command enables the context to configure router parameters including interfaces, route policies and protocols. This command is also used to create CPM router instances. For CPM router instances, this command enters or creates a user-created CPM router instance.

  • Page 138

    [0 to FFFF]H [0 to 255]D ipv6-prefix-length 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 to 32 ip-prefix-length — The mask associated with the network address expressed as a mask length.

  • Page 139

    [0 to FFFF]H d: [0 to 255]D Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d description description-text — Specifies a text description stored in the configuration file for a configuration context. autonomous-system Syntax...

  • Page 140

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router Description This command configures the autonomous system (AS) number for the router. A router can only belong to one AS. An AS number is a globally unique number with an AS. This number is used to exchange exterior routing information with neighboring ASs and as an identifier of the AS itself.

  • Page 141

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Note: Weighted ECMP, at the transport tunnel level of BGP prefixes over IGP shortcuts and the CBF feature on a per BGP next-hop basis are mutually exclusive. Default no class-forwarding confederation Syntax confederation confed-as-num members as-number [as-number...up to 15 max] no confederation [confed-as-num members as-number...up to 15 max] Context...

  • Page 142

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ECMP can only be used for routes learned with the same preference and same protocol. When more ECMP routes are available at the best preference than configured in max-ecmp- routes, then the lowest next-hop IP address algorithm is used to select the number of routes configured in max-ecmp-routes.

  • Page 143

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ip-filter-max-size Syntax ip-filter-max-size {value | default} Context config>router>flowspec Description This command configures the maximum number of flowspec routes or rules that can be embedded into the auto-created embedded filter (fSpec-X). Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between “embedding offset + 1”...

  • Page 144

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Default ipv6-filter-max-size default Parameters value — The maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy. Values 0 to 65535 default — Keyword to configure the maximum size as 512. weighted-ecmp Syntax [no] weighted-ecmp...

  • Page 145

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The weight assigned to an LSP impacts only the forwarding decision, not the routing decision. In other words, it does not change the selection of the set of ECMP tunnel next-hops of a prefix when more next-hops exist than the value of the router ecmp option.

  • Page 146

    ICMP replies for packets received with any label stack, including VPRN and shortcuts. The 7450 ESS, 7750 SR, and 7950 XRS implementation supports appending to the ICMP reply of type Time Exceeded the MPLS label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination unreachable.

  • Page 147

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 This feature provides for the use of a Loop-Free Alternate (LFA) backup next-hop for forwarding in-transit and CPM generated IP packets when the primary next-hop is not available. IP FRR is supported on IPv4 and IPv6 OSPF/IS-IS prefixes forwarded in the base router instance to a network IP interface or to an IES SAP interface or spoke interface.

  • Page 148

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 threshold — The percentage at which a warning log message and SNMP trap should be sent. Values 0 to 100 Default mpls-labels Syntax mpls-labels Context config>router Description This command creates a context for the configuration of global parameters related to MPLS labels.

  • Page 149

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters seconds — Specifies the seconds Values 0 to 255 sr-labels Syntax sr-labels start start-value end end-value no sr-labels Context config>router>mpls-labels Description This command configures the range of the Segment Routing Global Block (SRGB). It is a label block which is used for assigning labels to segment routing prefix SIDs originated by this router.

  • Page 150

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 no multicast-info-policy Context config>router Description This command configures multicast information policy. Default no multicast-info-policy Parameters policy-name — Specifies the policy name Values 32 chars max network-domains Syntax network-domains Context config>router Description This command opens context for defining network-domains. This command is applicable only in the base routing context.

  • Page 151

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Default network-domain “default” Parameters network-domain-name — Network domain name character string. rpki-session Syntax rpki-session ip-address no rpki-session ip-address Context config>router>origin-validation Description This command configures a session with an RPKI local cache server by using the RPKI- Router protocol.

  • Page 152

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Description This command configures a description for an RPKI-Router session. Default no description Parameters description-string — Specifies a text string up to 80 characters in length. local-address Syntax local-address ip-address no local-address Context config>router>origin-validation>rpki-session Description...

  • Page 153

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command is used to configure the refresh-time and hold-time intervals that are used for liveness detection of the RPKI-Router session. The refresh-time defaults to 300 seconds and is reset whenever a Reset Query PDU or Serial Query PDU is sent to the cache server. When the timer expires, a new Serial Query PDU is sent with the last known serial number.

  • Page 154

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 static-entry Syntax static-entry ip-prefix/ip-prefix-length upto prefix-length2 origin-as as-number [valid | invalid] no static-entry ip-prefix/ip-prefix-length upto prefix-length2 origin-as as-number Context config>router>origin-validation Description This command configures a static VRP entry indicating that a specific origin AS is either valid or invalid for a specific IP prefix range.

  • Page 155

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 It is possible to configure SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

  • Page 156

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The no form of the command removes all address reservations. A service prefix cannot be removed while one or more service uses an address or addresses in the range. Default no service-prefix - No IP addresses are reserved for services. Parameters ip-prefix/mask —...

  • Page 157

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 • sets the DSCP bits in the IP packet • maps to the FC. This value will be signaled from the CPM to the egress forwarding complex. • based on this signaled FC, the egress forwarding complex QoS policy sets the IEEE 802.1p and MPLS EXP bits •...

  • Page 158

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Self-generated traffic that matches the specified DSCP will be assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all sixty-four DiffServ code points to the forwarding class. For undefined code points, packets are assigned to the forwarding class specified under the default-action command.

  • Page 159

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command specifies the transmit timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets. Default transmit-interval 100 Parameters...

  • Page 160

    The conditions to set overload are as follows: • 7750 SR-12/SR-7/SR-c12 and 7450 ESS-12/ESS-7/ESS-6 platforms: protocol sets overload if one of the SF/CPMs fails • 7750 SR-12e and 7950 XRS platforms: protocol sets overload if two SFMs fail (two SFMs belonging to different SFM pairs on the XRS-40) The no form of this command configures the router to not set overload if an SFM fails.

  • Page 161

    IPv6 static routes are not supported on the 7450 ESS except in mixed mode. Default No static routes are defined.

  • Page 162

    (on this node) can be configured. If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

  • Page 163

    IP Router Configuration RELEASE 15.0.R5 x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 characters maximum, mandatory for link local addresses IPv6 static routes are not supported on the 7450 ESS except in mixed mode. indirect Syntax [no] indirect ip-address Context config>router>static-route-entry Description This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

  • Page 164

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 bfd-enable Syntax [no] bfd-enable Context config>router>static-route-entry>next-hop Description This command associates the static route state to a BFD session between the local system and the configured nexthop. The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state.

  • Page 165

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command enables CPE-check and specifies the IP address of the target CPE device. This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes.

  • Page 166

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router>static-route-entry>next-hop>cpe-check config>router>static-route-entry>indirect>cpe-check Description This optional parameter specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.

  • Page 167

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 destination-class Syntax [no] destination-class dest-index Context config>router>static-route-entry>next-hop config>router>static-route-entry>indirect config>router>static-route-entry>black-hole Description This command configures the policy accounting destination-class index to be used when incrementing accounting statistic for traffic matching the associated static route. The no form of the command removes the associated destination-class from the associated static route nexthop.

  • Page 168

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 forwarding-class Syntax [no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc} Context config>router>static-route-entry>next-hop config>router>static-route-entry>indirect config>router>static-route-entry>next-hop Description This command specifies the enqueuing forwarding class that should be associated with traffic matching the associate static route.

  • Page 169

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command specifies the cost metric for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When the metric is configured as 0 then the metric configured in OSPF, default-import-metric, applies.

  • Page 170

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The no form of this command returns the returns the associated static route preference to its default value. Default preference 5 Parameters preference-value — Specifies the route preference value. Values 1 to 255 prefix-list Syntax [no] prefix-list name {all | none | any}...

  • Page 171

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters low — Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

  • Page 172

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Syntax [no] tag tag-value Context config>router>static-route-entry>indirect config>router>static-route-entry>next-hop Description This command adds a 32-bit integer tag to the associated static route. The tag value can be used in route policies to control distribution of the route into other protocols.

  • Page 173

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 resolution Syntax resolution {any | disabled | filter} no resolution Context config>router>static-route-entry>indirect>tunnel-next-hop Description This command determines how the associated static route can be resolved to a tunnel next- hop. Default resolution any Parameters any —...

  • Page 174

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 rsvp-te Syntax [no] rsvp-te Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of RSVP-TE sourced tunnel entries in the TTM to resolve the associated static route next-hop. The rsvp-te value instructs the code to search for the set of lowest metric RSVP-TE LSPs to the address of the indirect next-hop.

  • Page 175

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 sr-isis Syntax [no] sr-isis Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter Description This command enables the use of sr-isis sourced tunnel entries in the TTM to resolve the associated static route next-hop. Default no sr-isis sr-te Syntax [no] sr-te Context config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter...

  • Page 176

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 no disallow-igp Context config>router>static-route-entry>tunnel-next-hop Description This command is for indirect static routes using tunnel next-hops. When enabled, the static route will not be activated using IGP next-hops in RTM if no tunnel next-hops are found in TTM.

  • Page 177

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command configures the TTL propagation for locally generated packets which are forwarded over a BGP label route in the Global Routing Table (GRT) context. For IPv4 and IPv6 packets forwarded using a RFC 3107 label route in the global routing instance, including 6PE, the all value of the command enables TTL propagation from the IP header into all labels in the transport label stack.

  • Page 178

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The TTL of the IP packet is always propagated into the RFC 3107 label itself, and this command only controls the propagation into the transport labels, for example, labels of the RSVP or LDP LSP to which the BGP label route resolves and which are pushed on top of the BGP label.

  • Page 179

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The none value reverts to the default mode which disables TTL propagation. This changes the existing default behavior which propagates the TTL to the transport label stack. When a customer upgrades, the new default becomes in effect. This command does not have a no version.

  • Page 180

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value. When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route.

  • Page 181: Router L2tp Commands

    — The TTL of the IP packet is propagated into the VC label and all labels in the transport label stack. 2.12.2.3 Router L2TP Commands Router L2TP commands only apply to the 7750 SR and 7450 ESS. l2tp Syntax l2tp Context config>router...

  • Page 182

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router>l2tp Description This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance. Default calling-number-format "%S %s" Parameters ascii-spec —...

  • Page 183

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The no form of the command returns reconnect-timeout to an infinite timeout value, meaning that reconnection will not be attempted by the local client. Default no reconnect-timeout (infinite timeout) Parameters seconds — Specifies the number of seconds before a session reconnection is attempted after a previous session or session setup fails.

  • Page 184

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 no cookie-length Context config>router>l2tp>l2tpv3 config>router>l2tp>group>l2tpv3 Description This command configures the length of the optional cookie field. The default parameter only applies in the config>router>l2tp>group>l2tpv3 context. The no form of the command returns the cookie-length to a default of none. Default no cookie-length Parameters...

  • Page 185

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP. The default parameter only applies in the config>router>l2tp>group>l2tpv3 context The no form of the command returns the nonce-length to a default of none. Default no nonce-length Parameters...

  • Page 186

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Note that this command can be overridden by the corresponding configuration on the group or tunnel level. The no form of this command disables TCP MSS adjust on the public side. Default no public-tcp-mss-adjust Parameters octets —...

  • Page 187

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the group or tunnel level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

  • Page 188

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters ethernet — Specifies that the Ethernet pseudo-wire type is advertised. ethernet-vlan — Specifies that the Ethernet-VLAN pseudo-wire type is advertised. This parameter is only supported in SR OS Release 14.0 R4 or later. track-password-change Syntax [no] track-password-change...

  • Page 189

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters same-preference-level — In case that the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a blacklist) then the next elected tunnel, if available, will be chosen within the same preference-level as the last attempted tunnel.

  • Page 190

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 add-tunnel Syntax add-tunnel never add-tunnel on reason [reason...(upto 8 max)] no add-tunnel Context config>router>l2tp>tunnel-selection-blacklist config>service>vprn>l2tp>tunnel-selection-blacklist Description This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of preconfigured time.

  • Page 191

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 8 Return codes (Continued) Return code Tunnels added to blacklist stop-ccn-other A tunnel will be forced to the blacklist in case that StopCCN message with the following Result Codes is received: (1) General request to clear control connection (4) Requester is not authorized to establish a control channel (5) Protocol version not supported...

  • Page 192

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router>l2tp>tunnel-selection-blacklist config>service>vprn>l2tp>tunnel-selection-blacklist Description This command configured the maximum length of the peer/tunnel blacklist. This command specifies how many items (tunnels or peers) can be in the tunnel-selection- blacklist. If a tunnel or peer needs to be added to the tunnel-selection-blacklist and the tunnel- selection-blacklist is full, the system will remove the item (tunnel or peer) from the blacklist that was in this blacklist for the longest time.

  • Page 193

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters action — Specifies the Action to be taken when a tunnel or peer has been in the blacklist for the max-period of time. Values remove-from-blacklist — The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max-time expires.

  • Page 194

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router>l2tp Description This command configures the L2TP receive window size. Default receive-window-size 64 rtm-debounce-time Syntax rtm-debounce-time debounce-time no rtm-debounce-time Context config>router>l2tp Description This command configures the amount of time, in milliseconds, that the system will wait before declaring an L2TP tunnel down when the remote endpoint IP address cannot be resolved to an active IP route in the local routing table.

  • Page 195

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 session-limit unlimited no session-limit Context config>router>l2tp Description This command configures the L2TP session limit for the router. L2TP is connection-oriented. The L2TP Network Server (LNS) and LAC maintain state for each call that is initiated or answered by an LAC.

  • Page 196

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Description This command configures the use of challenge-response authentication. The no form of the command reverts to the default never value. Default no challenge Parameters always — Specifies that the challenge-response authentication is always used. Default no challenge Values...

  • Page 197

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 never — Specifies that the LAC will send all L2TP packets with the DF bit set to 0. default — Follows the DF-bit configuration specified on upper levels. destruct-timeout Syntax destruct-timeout destruct-timeout no destruct-timeout Context config>router>l2tp>group...

  • Page 198

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 idle-timeout Syntax idle-timeout idle-timeout no idle-timeout Context config>router>l2tp>group Description This command configures the period of time that an established tunnel with no active sessions will persist before being disconnected. Enter the no form of the command to maintain a persistent tunnel. The no form of the command removes the idle timeout from the configuration.

  • Page 199

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters per-session — Specifies that the lowest granularity for load-balancing is a session; each session can be assigned to a different. ISA MDA. per-tunnel — Specifies that the lowest granularity for load-balancing is a tunnel; all sessions associated with the same tunnel are assigned to the same ISA MDA;...

  • Page 200

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 max-retries-estab Syntax max-retries-estab max-retries no max-retries-estab Context config>router>l2tp>group config>router>l2tp>group>tunnel Description This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down. The no form of the command removes the value from the configuration.

  • Page 201

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 config>router>l2tp>group>l2tpv3 Description This command configures the password between L2TP LAC and LNS The no form of the command removes the password. Default no password Parameters password — Configures the password used for challenge/response calculation and AVP hiding.

  • Page 202

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 authentication-policy Syntax authentication-policy auth-policy-name no authentication-policy Context config>router>l2tp>group>ppp Description This command configures the authentication policy. Default no authentication-policy Parameters auth-policy-name — Specifies the authentication policy name. Values 32 chars max default-group-interface Syntax default-group-interface ip-int-name service-id service-id no default-group-interface Context...

  • Page 203

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 multiplier — Specifies the multiplier. Values 1 to 5 lcp-force-ack-accm Syntax [no] lcp-force-ack-accm Context config>router>l2tp>group>ppp config>router>l2tp>group>tunnel>ppp Description This command enables or disables the LCP Asynchronous Control Character Map (ACCM) configuration option. When the ACCM configuration option is enabled, the option is acknowledged during the LCP negotiation between the LNS and the PPP client, but no ACCM mapping is performed.

  • Page 204

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 proxy-lcp Syntax [no] proxy-lcp Context config>router>l2tp>group>ppp Description This command configures the use of the proxy LCP AVPs received from the LAC. Default no proxy-lcp user-db Syntax user-db local-user-db-name no user-db Context config>router>l2tp>group>ppp Description This command configures the local user database to use for PPP PAP/CHAP authentication.

  • Page 205

    1 to 131071 unlimited — Specifies to use the maximum number of sessions available. 2.12.2.3.1 Router L2TP Tunnel Commands Router L2TP tunnel commands only apply to the 7750 SR and 7450 ESS. tunnel Syntax tunnel tunnel-name [create] no tunnel tunnel-name Context config>router>l2tp>group...

  • Page 206

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Description This command specifies if this tunnel is to be automatically set up by the system. Default no auto-establish avp-hiding Syntax avp-hiding {never | sensitive | always} no avp-hiding Context config>router>l2tp>group>tunnel Description This command configures Attribute Value Pair (AVP) hiding.

  • Page 207

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 hello-interval Syntax hello-interval hello-interval hello-interval infinite no hello-interval Context config>router>l2tp>group>tunnel Description This command configures the number of seconds between sending Hellos for a L2TP tunnel. The no form removes the parameter from the configuration and indicates that the value on group level will be taken.

  • Page 208

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The no form of the command removes the IP address from the tunnel configuration. Default no peer Parameters ip-address — Sets the LNS IP address for the tunnel. preference Syntax preference preference no preference Context config>router>l2tp>group>tunnel...

  • Page 209

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 add-tunnel Syntax add-tunnel never add-tunnel on reason [reason...(upto 8 max)] no add-tunnel Context config>router>l2tp>tunnel-selection-blacklist config>service>vprn>l2tp>tunnel-selection-blacklist Description This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of preconfigured time.

  • Page 210

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 stop-ccn-other A tunnel will be forced to the blacklist in case that StopCCN message with the following Result Codes is received: (1) General request to clear control connection (4) Requester is not authorized to establish a control channel (5) Protocol version not supported (6) Requester is being shutdown Or in the case that the StopCCN with the following result codes is...

  • Page 211

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 This command specifies how many items (tunnels or peers) can be in the tunnel-selection- blacklist. If a tunnel or peer needs to be added to the tunnel-selection-blacklist and the tunnel- selection-blacklist is full, the system will remove the item (tunnel or peer) from the blacklist that was in this blacklist for the longest time.

  • Page 212

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters action — Specifies the action to be taken when a tunnel or peer has been in the blacklist for the maximum period of time. Values remove-from-blacklist — The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the maximum period expires.

  • Page 213

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 An unnumbered MPLS-TP interface is a special type of interface that is only intended for MPLS-TP LSPs. IP routing protocols are blocked on interfaces of this type. If an interface is configured as unnumbered-mpls-tp, then it can only be associated with an Ethernet port or VLAN, using the port command, then either a unicast, multicast, or broadcast remote MAC address may be configured.

  • Page 214

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 address Syntax address {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [track- srrp srrp-instance] no address Context config>router>if Description This command assigns an IP address, IP subnet, and broadcast address format to an IP interface.

  • Page 215

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 mask-length — The subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip- addr from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address;...

  • Page 216

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 allow-directed-broadcasts Syntax [no] allow-directed-broadcasts Context config>router>if Description This command enables the forwarding of directed broadcasts out of the IP interface. A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface.

  • Page 217

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 percent — The threshold value (as a percentage) that triggers a warning message to be sent. Values 0 to 100 limit — The number of entries that can be learned on an IP interface expressed as a decimal integer.

  • Page 218

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The no form of the command removes BFD from the router interface regardless of the IGP/ RSVP. Important notes: On the 7750 SR and 7950 XRS SR OS, the transmit-interval and receive receive-interval values can only be modified to a value less than 100 ms when: 1.

  • Page 219

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command creates the configuration context to configure cflowd parameters for the associated IP interfaces. cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

  • Page 220

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 direction — Specifies the direction to collect traffic flow samples. Values ingress-only — Enables ingress sampling only on the associated interface. egress-only — Enables egress sampling only on the associated interface. both — Enables both ingress and egress cflowd sampling. cpu-protection Syntax cpu-protection policy-id...

  • Page 221

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Context config>router>if config>service>ies >if config>service>vprn>if config>service>ies>sub-if>grp-if config>service>vprn>sub-if>grp-if Description This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics. If enabled, then the following statistics are collected: •...

  • Page 222

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters mep-id — Specifies the MEP identifier. Values 1 to 81921 md-index — Specifies the maintenance domain (MD) index value. Values 1 to 4294967295 ma-index — Specifies the maintenance association (MA) index value. Values 1 to 4294967295 collect-lmm-fc-stats...

  • Page 223

    Values nc, h1, ef, h2, l1, af, l2, be grace Syntax grace Context config>router>if>eth-cfm>mep Description This command enables the context to configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters. Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 224

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 eth-ed Syntax eth-ed Context config>router>if>eth-cfm>mep>grace Description This command enables the context to configure ITU-T Y.1731 ETH-ED expected defect functional parameters. max-rx-defect-window Syntax max-rx-defect-window seconds no max-rx-defect-window Context config>router>if>eth-cfm>mep>grace>eth-ed Description This command limits the duration of the received ETH-ED expected defect window to the lower value of either the received value from the peer or this parameter.

  • Page 225

    The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted. The no form of the command disables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP.

  • Page 226

    The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect. The no form of the command disables the reception of the Nokia ETH-CFM Grace PDU on the MEP.

  • Page 227

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 must match the level of a MEP configured with this command. It must not target any lower ETH-CFM level the MEP will terminate. When the service activation test is complete, the MEP may be returned to standard processing by removing this command.

  • Page 228

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 no ip-mtu Context config>router>if Description This command configures the IP maximum transmit unit (packet) for the associated router IP interface. The configured IP-MTU cannot be larger than the calculated IP MTU based on the port MTU configuration.

  • Page 229

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters ip-address — Specifies an IPv4 address. Values a.b.c.d lag-link-map-profile Syntax lag-link-map-profile link-map-profile-id no lag-link-map-profile Context config>router>if Description This command assigns a preconfigured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/unassigned, the SAP/ network interface egress traffic will be re-hashed over LAG as required by the new configuration.

  • Page 230

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 When LDP shortcut is enabled, LDP populates the routing table with next-hop entries corresponding to all prefixes for which it activated an LDP FEC. For a given prefix, two route entries are populated in the system routing table. One route corresponds to the LDP shortcut next-hop and has an owner of LDP.

  • Page 231

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Next, an LDP Hello adjacency is brought up with the neighbor. The LDP synchronization timer is started by the IGP when the LDP session to the neighbor is up over the interface. This is to allow time for the label-FEC bindings to be exchanged.

  • Page 232

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 end-of-lib — Specifies that the system should terminate the ldp-sync-timer early if the LDP End of LIB Typed Wildcard FEC messages are received for every FEC type negotiated for a given session to an LDP peer for that IGP interface. load-balancing Syntax load-balancing...

  • Page 233

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command specifies whether the IP header is used in the LAG and ECMP LSR hashing algorithm. This is the per interface setting. Default no lsr-load-balancing Parameters lbl-only — Specifies that only the label is used in the hashing algorithm lbl-ip —...

  • Page 234

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 loopback Syntax [no] loopback Context config>router>if Description This command configures the interface as a loopback interface. The vas-if-type and loopback commands are mutually exclusive Default Not enabled Syntax mac ieee-mac-addr no mac Context config>router>if Description...

  • Page 235

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Default per default “default” network domain is assigned ntp-broadcast Syntax [no] ntp-broadcast Context config>router>if Description This command enables SNTP broadcasts received on the IP interface. This parameter is only valid when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface.

  • Page 236

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 port-name port-id[:encap-val] encap-val for null 0..4094 for dot1q 0..4094.* for qinq port-id slot/mda/port[.channel] eth-sat-id esat-id/slot/port esat keyword 1 to 20 pxc-id pxc-id.sub-port keyword 1 to 64 sub-port a, b bundle-id - bundle-type-slot/mda.bundle-num bundle keyword type...

  • Page 237

    1 to 8 path-id a, b cc-type .sap-net, .net-sap lag-id lag-id keyword 1 to 200 gtg-id gmpls-tun-grp-id gmpls-tun-grp keyword 1 to 1024 Values The following values apply to the 7450 ESS: Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 238

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 port-id slot/mda/port[.channel] eth-sat-id esat-id/slot/port esat keyword 1 to 20 pxc-id pxc-id.sub-port keyword 1 to 64 sub-port a, b ccag-id ccag-id.path-id[cc-type] ccag keyword 1 to 8 path-id a, b cc-type .sap-net, .net-sap lag-id lag-id keyword 1 to 800...

  • Page 239

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ptp-hw-assist Syntax [no] ptp-hw-assist Context config>router>if Description This command configures the 1588 port based timestamping assist function for the interface. Various checks are performed to ensure that this feature can be enabled. If a check fails: •...

  • Page 240

    IPv6 packets on an interface, depending on whether it is present at the interface context (applies to IPv4) or the interface>ipv6 context (applies to IPv6). Subscriber management group interfaces for the 7750 SR and 7450 ESS also do not support the source QPPB option. The no form of the command reverts to the default.

  • Page 241

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters network-policy-id — An existing network policy ID to associate with the IP interface. Values 1 to 65535 egress-port-redirect-group queue-group-name — This optional parameter specifies the egress queue-group used for all egress forwarding-class redirections specified within the network QoS policy ID.

  • Page 242

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Caution: Configurations must not exceed 16 secondary IP addresses when IPSec, GRE, L2TPv3, or IP in IP protocols are active on an access interface. Parameters ip-address — The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet.

  • Page 243

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

  • Page 244

    However, IPv4 and IPv6 packets that arrive without any labels are supported on an interface with strip-label enabled. This command is supported on: • Optical ports for the 7750 SR and 7450 ESS • IOM3-XP cards for the 7750 SR and 7450 ESS • Null/Dot1q encaps •...

  • Page 245

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 When the ingress network IP interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop).

  • Page 246

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters ip-addr | ip-int-name — Optional. The IP address or IP interface name to associate with the unnumbered IP interface in dotted decimal notation. The configured IP address must exist on this node. It is recommended to use the system IP address as it is not associated with a specific interface and is therefore always reachable.

  • Page 247

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 secure-nd Syntax [no] secure-nd Context config>router>if>ipv6 Description This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface. The no form of the command reverts to the default and disabled SeND. allow-unsecured-msgs Syntax [no] allow-unsecured-msgs Context...

  • Page 248

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 security-parameter Syntax security-parameter sec [no] security-parameter Context config>router>if>ipv6>secure-nd Description This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA). Parameters sec — Specifies the security parameter. Values 0 to 1 shutdown...

  • Page 249

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Context config>router>if config>router>if>ipv6 Description This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP interface to the specified value. The no form of the command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu –...

  • Page 250

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 vas-if-type Syntax vas-if-type {to-from-access | to-from-network | to-from-both} no vas-if-type Context config>router>if Description This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.

  • Page 251

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 mode Syntax mode {strict | loose | strict-no-ecmp} no mode Context config>router>if>urpf-check config>router>if>ipv6>urpf-check Description This command specifies the mode of unicast RPF check. The no form of the command reverts to the default (strict) mode. Default mode strict Parameters...

  • Page 252

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Admin groups, also known as affinity, are used to tag IP and MPLS interfaces that share a specific characteristic with the same identifier. For example, an admin group identifier can represent all links that connect to core routers, or all links that have a bandwidth higher than 10G, or all links that are dedicated to a specific service.

  • Page 253

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Each single operation of the admin-group command allows a maximum of five (5) groups to be specified at a time. However, a maximum of 32 groups can be added to a given interface through multiple operations.

  • Page 254

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 When SRLGs applied to IES, VPRN, or network IP interfaces, they are evaluated in the route next-hop selection by adding the srlg-enable option in a route next-hop policy template applied to an interface or a set of prefixes. For instance, the user can enable the SRLG constraint to select a LFA next-hop for a prefix which avoids all interfaces that share fate with the primary next-hop.

  • Page 255

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 An interface can belong to up to 64 SRLG groups. However, each single operation of the srlg- group command allows a maximum of five (5) groups to be specified at a time. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

  • Page 256

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 To create a template, the user enters the name of the new template directly under the route- next-hop-policy context. 1. To delete a template that is not in use, the user enters the no form for the template name under the route-next-hop-policy context.

  • Page 257

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The exclude-group statement simply prunes all links belonging to the specified admin group before making the LFA backup next-hop selection for a prefix. If the same group name is part of both include and exclude statements, the exclude statement will win.

  • Page 258

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 If the same group name is part of both include and exclude statements, the exclude statement will win. It other words, the exclude statement can be viewed as having an implicit preference value of zero (0).

  • Page 259

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Default protection-type node Parameters {link | node} — Specifies the two possible values for the protection type. Default node nh-type Syntax nh-type {ip | tunnel} no nh-type Context config>router>route-next-hop-policy>template Description This command configures the next-hop type constraint into the route next-hop policy template.

  • Page 260

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ingress Syntax ingress Context config>router>if Description This command enables access to the context to configure ingress network filter policies for the IP interface. If an ingress filter is not defined, no filtering is performed. filter Syntax filter ip ip-filter-id...

  • Page 261

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.12.2.4.2 Router Interface ICMP Commands hold-time Syntax hold-time Context config>router>if config>service>ies>if config>service>ies>subscriber-interface config>service>ies>redundant-interface config>service>vprn>if config>service>vprn>network-interface config>service>vprn>subscriber-interface config>service>vprn>redundant-interface config>service>vpls>if Description This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface.

  • Page 262

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The no form of the command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires. Default no up ip Parameters...

  • Page 263

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 icmp Syntax icmp Context config>router>if Description This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

  • Page 264

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 redirects Syntax redirects [number seconds] no redirects Context config>router>if>icmp Description This command enables and configures the rate for ICMP redirect messages issued on the router interface. When routes are not optimal on this router, and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

  • Page 265

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Default ttl-expired 100 10 — Maximum of 100 TTL expired message in 10 seconds. Parameters number — The maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. The seconds parameter must also be specified. Values 10 to 2000 seconds —...

  • Page 266

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 2.12.2.4.3 Router Interface IPv6 Commands ipv6 Syntax [no] ipv6 Context config>router>if Description This command configures IPv6 for a router interface. The no form of the command disables IPv6 on the interface. Default not enabled address Syntax...

  • Page 267

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 preferred — Specifies that the IPv6 address is the preferred IPv6 address for this interface. The preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. Preferred addresses maybe used as the source (or destination) address of packets sent from (or to) the interface.

  • Page 268

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters number — Limits the number of packet-too-big messages issued per time frame specified in the seconds parameter. Values 10 to 1000 seconds — Determines the time frame, in seconds, that is used to limit the number of packet-too-big messages issued per time frame.

  • Page 269

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 seconds — Determines the time frame, in seconds, that is used to limit the number of time-exceeded messages issued per time frame. Values 1 to 60 unreachables Syntax unreachables [number seconds] no unreachables Context config>router>if>ipv6>icmp6 Description...

  • Page 270

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 local-proxy-nd Syntax [no] local-proxy-nd Context config>router>if>ipv6 Description This command enables local proxy neighbor discovery on the interface. The no form of the command disables local proxy neighbor discovery. neighbor Syntax neighbor [ipv6-address] [mac-address] no neighbor [ipv6-address] Context config>router>if>ipv6...

  • Page 271

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

  • Page 272

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 gi-address Syntax gi-address ip-address [src-ip-addr] no gi-address Context config>router>if>dhcp Description This command configures the gateway interface address for the DHCP relay. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

  • Page 273

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters replace — In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046). drop —...

  • Page 274

    This command enables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet. The no form of the command disables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.

  • Page 275

    This command enables the sending of the service ID in the Nokia vendor specific suboption of the DHCP relay packet. The no form of the command disables the sending of the service ID in the Nokia vendor specific suboption of the DHCP relay packet.

  • Page 276

    If spaces are used in the string, enclose the entire string in quotation marks (“ ”). system-id Syntax [no] system-id Context config>router>if>dhcp>option>vendor-specific-option Description This command specifies whether the system-id is encoded in the Nokia vendor specific sub- option of Option 82. Default no system-id relay-plain-bootp Syntax [no] relay-plain-bootp Context config>router>if>dhcp...

  • Page 277: Router Interface Encryption Commands

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters server — Specifies the DHCP server IP address. trusted Syntax [no] trusted Context config>router>if>dhcp Description According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the GI address is 0.0.0.0 and which contains an Option 82 field in the packet, should be discarded, unless it arrives on a "trusted"...

  • Page 278

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 group-encryption Syntax [no] group-encryption Context config>router>interface Description This command enables NGE on the router interface. When NGE is enabled on the interface, all received Layer 3 packets that have the protocol ID configured as ESP are considered to be NGE packets and must be encrypted using a valid set of keys from any preconfigured key group on the system.

  • Page 279

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command associates an IP exception filter policy with an NGE-enabled router interface to allow packets matching the exception criteria to transit the NGE domain as clear text. When an exception filter is added for inbound traffic, packets matching the criteria in the IP exception filter policy are allowed to be received in clear text even if an inbound key group is configured.

  • Page 280

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>router>router-advert config>router>router-advert>if Description This command enables the context for configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts. When specified at the router-advertisement level in the routing context, this command allows configuration of service-wide parameters. These can then be inherited at the interface level by specifying the config>router>router- advert>if>dns-options>include-dns command.

  • Page 281

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 no rdnss-lifetime Context config>router>router-advert>dns-options config>router>router-advert>if>dns-options Description This command specifies the maximum time that the RDNSS address may be used for name resolution by the client. The RDNSS Lifetime must be no more than twice MaxRtrAdvLifetime with a maximum of 3600 seconds.

  • Page 282

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 managed-configuration Syntax [no] managed-configuration Context config>router>router-advert>if Description This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration.

  • Page 283

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Context config>router>router-advert>if Description This command configures the MTU for the nodes to use to send packets on the link. Default no mtu — The MTU option is not sent in the router advertisement messages. Parameters mtu-bytes —...

  • Page 284

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix Description This command specifies whether the prefix can be used for stateless address autoconfiguration. Default enabled on-link Syntax [no] on-link Context config>router>router-advert>if>prefix Description This command specifies whether the prefix can be used for onlink determination. Default enabled preferred-lifetime...

  • Page 285

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 The address generated from an invalidated prefix should not appear as the destination or source address of a packet. Default 2592000 Parameters seconds — Specifies the remaining length of time in seconds that this prefix will continue to be valid.

  • Page 286

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Description This command sets the router lifetime. Default 1800 Parameters seconds — The length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination. Values 0, 4 to 9000 seconds.

  • Page 287: Show, Clear, And Debug Command Reference

    • Show Commands • Clear Commands • Debug Commands • Tools Commands 2.13.1.1 Show Commands The show L2TP commands apply only to the 7750 SR and 7450 ESS. show — router [router-instance] — router service-name service-name — aggregate [family] [active] —...

  • Page 288

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — session summary — session type type [ipv4 | ipv6] — dhcp — statistics [ip-int-name | ip-address] — summary — dhcp6 — statistics — summary — ecmp — slot-number [family] [ip-prefix/prefix-length [longer]] [secondary] —...

  • Page 289: Clear Commands

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — database [family] [ip-prefix/ip-prefix-length] [longer] — database {summary} — database [family] [static] — rpki-session [ipv4-address] [detail] — policy [name | damping | prefix-list name | as-path name | community name | admin] —...

  • Page 290: Debug Commands

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — icmp6 interface interface-name — interface [ip-int-name | ip-address] [urpf-stats] [statistics] [hold-time] — interface [ip-int-name | ip-address] policy-accounting [class] [index] — interface ip-int-name | ip-address mac [ieee-address] — l2tp — group tunnel-group-name —...

  • Page 291

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 — dump — router — segment-routing — tunnel — perform — router — l2tp — peer ip-address [{udp-port port | ip}] 2.13.2 Command Descriptions • Show Commands − L2TP Show Commands • Clear Commands •...

  • Page 292

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 router-instance : router name | vprn-svc-id router-name Base | management | cpm-vr-name | vpls- management cpm-vr-name [32 characters maximum] vprn-svc-id [1..2147483647] Default Base service-name — specifies the service name, up to 64 characters Output Sample Output: show router with PIM and S-PMSI *A:Dut-D# \show router 100 pim s-pmsi...

  • Page 293

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 aggregate Syntax aggregate [family] [active] Context show>router Description This command displays aggregate routes. Parameters family — specifies whether IPv4 or IPv6 aggregate routes are displayed Values ipv4, ipv6 active — when the active keyword is specified, inactive aggregates are filtered out Output The following output is an example of aggregate route information.

  • Page 294

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 [local | dynamic | static | managed] — only displays ARP information associated with the keyword Output ARP Table Output — The following output is an example of router ARP table information, Table 9 describes the ARP table output fields.

  • Page 295

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 9 ARP Fields (Continued) Label Description Type The ARP entry is a dynamic ARP entry. The ARP entry is an inactive static ARP entry (invalid). The ARP entry is a local or system ARP entry. The ARP entry is an active static ARP entry.

  • Page 296

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Output Authentication Statistics Output — The following output is an example of authentication statistics, and Table 10 describes the fields. Sample Output A:ALU-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail Client Packets Authenticate Ok : 12 ===================================================================...

  • Page 297

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 *A:Dut-C# show router bfd session src 11.120.1.4 dest 11.120.1.3 =============================================================================== BFD Session =============================================================================== Remote Address : 11.120.1.3 Admin State : Up Oper State : Up (3) Protocols : static Rx Interval : 10 Tx Interval : 10 Multiplier...

  • Page 298

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 =============================================================================== BFD Session =============================================================================== Interface/Lsp Name State Tx Intvl Rx Intvl Multipl Remote Address/Info Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- wp::lsp-32 Down (1) 1000 1000 0::0.0.0.0 mplsTp cpm-np wp::lsp-33 Down (1) 1000 1000 0::0.0.0.0...

  • Page 299

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 interface Syntax interface [interface-name] Context show>router>bfd Description This command displays interface information. Output The following output is an example of BFD interface information, and Table 11 describes the fields. Sample Output *A:Dut-B# show router bfd interface =============================================================================== BFD Interface ===============================================================================...

  • Page 300

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 session src ip-address/link-local address dest ip-address | link-local address detail lsp- rsvp {head | tail} tunnel-id tunnel-id lsp-id lsp-id session mpls-tp session lsp-name Lsp Name [link-type {cc-only | cc-cv}] detail session p2mp-interface interface-name detail session src ip-address/link-local address detail lsp-rsvp {head | tail} rsvp-session-name rsvp-session-name session [src ip-address/link-local address] [ipv4 | ipv6]...

  • Page 301

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 A:Dut-B# show router bfd session src 3FFE::A01:102 dest 3FFE::A01:103 =============================================================================== BFD Session =============================================================================== Remote Address : 3FFE::A01:103 Admin State : Up Oper State : Up (3) Protocols : static bgp Rx Interval : 10 Tx Interval : 10...

  • Page 302

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Remote Address Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- port-1-1 Up (3) 10.1.1.3 pim isis 51532 51279 port-1-2 Up (3) 10.2.1.3 pim isis 51529 51279 port-1-3 Up (3) 10.3.1.3 pim isis 51529 51279 port-1-4 Up (3)

  • Page 303

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Total ============================= *A:Dut-D# *A:Dut-B# show router bfd session detail lsp- rsvp head src 10.20.1.2 dest 10.20.1.5 tunnel-id 1 lsp-id 31744 =============================================================================== BFD On LSP Session =============================================================================== Rsvp Session Name : lsp1::path1 Remote Address : 10.20.1.5 Lsp Id : 31744 Tunnel Id...

  • Page 304

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 dhcp Syntax dhcp Context show>router Description This command enables the context to display DHCP related information. dhcp6 Syntax dhcp6 Context show>router Description This command enables the context to display DHCP6 related information. statistics Syntax statistics [interface ip-int-name | ip-address]...

  • Page 305

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 10 RECONFIGURE 11 INFO_REQUEST 12 RELAY_FORW 13 RELAY_REPLY -------------------------------------------------------------------------- Dhcp Drop Reason Counters : -------------------------------------------------------------------------- 1 Dhcp6 oper state is not Up on src itf 2 Dhcp6 oper state is not Up on dst itf 3 Relay Reply Msg on Client Itf 4 Hop Count Limit reached 5 Missing Relay Msg option, or illegal msg type...

  • Page 306

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 13 DHCP Statistics Fields (Continued) Label Description Client Packets The number of packets received from the DHCP clients that were Snooped snooped. Server Packets The number of packets received from the DHCP server that were Discarded discarded.

  • Page 307

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 5 Missing Relay Msg option, or illegal msg type 6 Unable to determine destination client Itf 7 Out of Memory 8 No global Pfx on Client Itf 9 Unable to determine src Ip Addr 10 No route to server 11 Subscr.

  • Page 308

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 14 DHCP Summary Field Descriptions Label Description Interface Name Name of the router interface. Info Option Indicates whether Option 82 processing is enabled on the interface. Auto Filter Indicates whether IP Auto Filter is enabled on the interface. Snoop Indicates whether Auto ARP table population is enabled on the interface.

  • Page 309

    — displays the peers that are IPv6-capable ip-prefix/prefix-length — displays FIB entries only matching the specified ip-prefix and length Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32...

  • Page 310

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ipv6-prefix: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D ipv6-prefix-length: 0 to 128 longer — displays FIB entries matching the ip-prefix/mask and routes with longer masks secondary — displays secondary VRF ID information summary —...

  • Page 311

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 1.2.3.2 (to_Dut-B) 1.1.3.0/24 LOCAL 1.1.3.0 (to_Dut-A) 1.1.9.0/24 ISIS 1.1.3.1 (to_Dut-A) 1.2.3.0/24 LOCAL 1.2.3.0 (to_Dut-B) 1.2.9.0/24 ISIS 1.2.3.2 (to_Dut-B) 10.12.0.0/24 LOCAL 10.12.0.0 (itfToArborCP_02) 10.20.1.1/32 ISIS 1.1.3.1 (to_Dut-A) 10.20.1.2/32 ISIS 1.2.3.2 (to_Dut-B) 10.20.1.3/32 LOCAL 10.20.1.3 (system) 20.12.0.43/32 STATIC...

  • Page 312

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 *A:Dut-C> show router fib 1 10.0.0.2/32 extensive =============================================================================== FIB Display (Router: Base) =============================================================================== Dest Prefix : 10.0.0.2/32 Protocol : OSPF Next-Hop : 1.0.0.3 (RSVP tunnel:94) : Priority=n/c, FC=n/c Source-Class Dest-Class ECMP-Weight : 20 Next-Hop : 1.0.0.3 (RSVP tunnel:61442) : Priority=n/c, FC=n/c...

  • Page 313

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Dest-Class ECMP-Weight =============================================================================== Total Entries : 1 =============================================================================== *A:Dut-B# show router fib 1 10.15.1.0/24 =============================================================================== FIB Display =============================================================================== Prefix [Flags] Protocol NextHop ------------------------------------------------------------------------------- 10.15.1.0/24 10.20.1.3 (Transport:SR) ------------------------------------------------------------------------------- Total Entries : 1 ------------------------------------------------------------------------------- =============================================================================== *A:Dut-B# show router fib 1 10.15.1.0/24 extensive ===============================================================================...

  • Page 314

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • 6PE/6VPE. Parameters slot-number — displays information for the specified slot Values 1 to 10 ip-prefix[/prefix-length] — displays routes only matching the specified ip-address and length Values ipv4-prefix: a.b.c.d (host bits must be set to 0) ipv4-prefix-length: 0 to 32 ipv6...

  • Page 315

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 4.0.0.1/32 SR-ISIS-0 20001 1.3.4.4 2/1/3:1 20001/21005 1.2.3.2(B) 1/1/2 10.20.1.2/32 SR-ISIS-0 21002 1.2.3.2 1/1/2 21002/21005 1.3.4.4(B) 2/1/3:1 10.20.1.4/32 SR-ISIS-0 21004 1.3.4.4 2/1/3:1 21004/21005 1.2.3.2(B) 1/1/2 10.20.1.5/32 SR-ISIS-0 21005 1.2.3.2...

  • Page 316

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 *A:Dut-C# *A:Dut-F# show router fp-tunnel-table 1 =============================================================================== Tunnel Table Display Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 1.0.11.1/32 SR-OSPF-0 30004 1.0.26.2 1/1/3:1 40004 1.0.36.3(B) 1/1/4:1 1.0.22.2/32 SR-OSPF-0 30005 1.0.26.2 1/1/3:1...

  • Page 317

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Tunnel Table Display Legend: B - FRR Backup =============================================================================== Destination Protocol Tunnel-ID NextHop Intf/Tunnel ------------------------------------------------------------------------------- 10.20.1.5/32 262135 10.10.5.5 2/1/1 10.20.1.5(B) 10.20.1.5/32 SR-ISIS-0 474390 10.10.5.5 2/1/1 474390/474389 10.10.12.2(B) lag-1 ------------------------------------------------------------------------------- Total Entries : 2 ------------------------------------------------------------------------------- =============================================================================== icmp...

  • Page 318

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Timestamp Request Timestamp Reply Address Mask Request Address Mask Reply Parameter Problem =============================================================================== *A:cses-V93# show router icmp interface "foo" =============================================================================== Interface ICMP Stats =============================================================================== Interface "foo" ------------------------------------------------------------------------------- Received Total Error Destination Unreachable : 0 Redirect Echo Request Echo Reply...

  • Page 319

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 16 ICMP Fields (Continued) Label Description Address Mask Reply The number of address mask replies (deprecated). Parameter Problem The number of packets with a parameter problem in the IP header. icmp6 Syntax icmp6 [interface interface-name] Context...

  • Page 320

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 =============================================================================== =============================================================================== Interface "foo" ------------------------------------------------------------------------------- Received Total Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 0 Parameter Problem ------------------------------------------------------------------------------- Sent...

  • Page 321

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 if-attribute Syntax if-attribute Context show>router Description This command enables the context to display interface attribute related information. srlg-group Syntax srlg-group [name] Context show>router>if-attribute>srlg-group Description This command displays SRLG statistics. Parameters name — only displays entries associated with the specified SRLG name Output The following output is an example of SRLG statistics, and Table 18...

  • Page 322

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 interface Syntax interface [interface-name] Context show>router>icmpv6 Description This command displays interface ICMPv6 statistics. Parameters interface-name — only displays entries associated with the specified IP interface name Output The following output is an example of ICMPv6 interface statistics, and Table 19 describes the fields.

  • Page 323

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 19 ICMP6 Interface Fields (Continued) Label Description Neighbor Solicits The number of times the neighbor router was solicited. Errors The number of error messages. Redirects The number of packet redirects. Pkt Too big The number of packets that exceed appropriate size.

  • Page 324

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 exclude-services — displays IP interface information, excluding IP interfaces configured for customer services. Only core network IP interfaces are displayed. family — specifies the router IP interface family to display Values ipv4 — displays only those peers that have the IPv4 family enabled Values ipv6 —...

  • Page 325

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Interface Table (Router: Base) =============================================================================== Interface-Name Adm(v4/v6) Opr(v4/v6) Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------- ip-100.0.0.2 Up/Up Up/Up Network lag-1 100.0.0.2/10 3FFE:1::2/64 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-100.128.0.2 Up/Up Up/Up Network lag-2 100.128.0.2/10 3FFE:2::2/64 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-24.2.4.4 Up/Up...

  • Page 326

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 20 Standard IP Interface Field Descriptions (Continued) Label Description Type n/a — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri — The IP address for the IP interface is the Primary address on the IP interface.

  • Page 327

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ------------------------------------------------------------------------------- Details ------------------------------------------------------------------------------- Description : (Not Specified) If Index : 29 Virt. If Index : 29 Last Oper Chg : 06/07/2016 15:02:00 Global If Index : 365 Mon Oper Grp : None Srrp En Rtng : Disabled Hold time...

  • Page 328

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 DHCP Proxy Details Admin State : Down Lease Time : N/A Emul. Server : Not configured Subscriber Authentication Details Auth Policy : None DHCP6 Relay Details Description : (Not Specified) Admin State : Down Lease Populate Oper State...

  • Page 329

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Interface Table (Service: 1) =============================================================================== ------------------------------------------------------------------------------- Interface ------------------------------------------------------------------------------- If Name : To_B_1 Admin State : Up Oper (v4/v6) : Down/Down Down Reason Code : assocObjNotReady Down Reason V4 : assocObjNotReady Down Reason V6 : assocObjNotReady ifProtoOperDown Protocols : OSPFv2...

  • Page 330

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Rx V4 Pkts : N/A Rx V4 Bytes : N/A Rx V6 Pkts : N/A Rx V6 Bytes : N/A Tx Pkts : 22 Tx Bytes : 1662 Tx V4 Pkts Tx V4 Bytes Tx V4 Discard Pk*: 0 Tx V4 Discard Byt*: 0 Tx V6 Pkts...

  • Page 331

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 No Matching Entries ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Srlg Groups ------------------------------------------------------------------------------- No Matching Entries ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- QoS Queue-Group Redirection Details ------------------------------------------------------------------------------- Ingress FP QGrp : (none) Egress Port QGrp : (none) Ing FP QGrp Inst : (none) Egr Port QGrp Inst: (none) =============================================================================== * indicates that the corresponding row element may have been truncated.

  • Page 332

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 21 Detailed IP Interface Field Descriptions (Continued) Label Description Arp Timeout The ARP timeout for the interface, in seconds, which is the time an ARP entry is maintained in the ARP cache without being refreshed.

  • Page 333

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Tx V6 Discard Pk*: 0 Tx V6 Discard Byt*: 0 uRPF Chk Fail Pk*: 6244 uRPF Fail Bytes : 487032 uRPF Fail V4 Pk : 3122 uRPF Fail V4 Byt : 243516 uRPF Fail V6 Pk : 3122 uRPF Fail V6 Byt...

  • Page 334

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 routes Syntax routes alternative Context show:router>isis Description This command displays IS-IS route information. Output The following output is an example of IS-IS route information. Sample Output *A:SRR# show router isis routes 1.1.1.0/24 =============================================================================== Route Table ===============================================================================...

  • Page 335

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 10.20.3.3 10.20.1.6/32 2/Int. Dut-D 10.20.4.4 10.20.3.0/24 1/Int. Dut-B 0.0.0.0 10.20.4.0/24 1/Int. Dut-B 0.0.0.0 10.20.5.0/24 2/Int. Dut-C 10.20.3.3 10.20.6.0/24 2/Int. Dut-D 10.20.4.4 10.20.9.0/24 2/Int. Dut-D 10.20.4.4 10.20.10.0/24 2/Int. Dut-C 10.20.3.3 ---------------------------------------------------------------------------- Routes : 11 Flags: L = LFA nexthop available ============================================================================ *A:Dut-B#...

  • Page 336

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 bindings Syntax bindings active Context show>router>ldp Description This command displays LDP bindings information. Output The following output is an example of LDP bindings information. Sample Output *A:Dut-A# show router ldp bindings active ======================================================================== Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn...

  • Page 337

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 LDP Generic IPv4 P2MP Bindings (Active) =============================================================================== P2MP-Id Interface RootAddr IngLbl EgrLbl EgrNH EgrIf/LspId ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== =============================================================================== LDP Generic IPv6 P2MP Bindings (Active) =============================================================================== P2MP-Id Interface RootAddr IngLbl EgrLbl EgrNH EgrIf/LspId...

  • Page 338

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ======================================================================== LDP Bindings (IPv4 LSR ID 1.1.1.1:0) (IPv6 LSR ID ::[0]) =============================================================================== Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn S - Status Signaled Up, D - Status Signaled Down E - Epipe Service, V - VPLS Service, M - Mirror Service A - Apipe Service, F - Fpipe Service, I - IES Service, R - VPRN service...

  • Page 339

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 1.1.1.1 Unknw 131049 90.90.90.2 1/1/6 2.2.2.2:0 1.1.1.1 Unknw 131048 90.90.90.2 1/1/6 2.2.2.2:0 1.1.1.1 Unknw 131047 90.90.90.2 1/1/6 2.2.2.2:0 1.1.1.1 Unknw 131046 90.90.90.2 1/1/6 2.2.2.2:0 1500 1.1.1.1 Unknw 131045 90.90.90.2 1/1/6 2.2.2.2:0 6.6.6.6 Unknw 131044 90.90.90.2...

  • Page 340

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 LDP In-Band-SSM IPv6 P2MP Bindings =============================================================================== Source Group RootAddr Interface IngLbl EgrLbl EgrNH EgrIf/LspId Peer ------------------------------------------------------------------------------- No Matching Entries Found =============================================================================== =============================================================================== LDP In-Band-VPN-SSM IPv4 P2MP Bindings =============================================================================== Source Group RootAddr Interface IngLbl EgrLbl EgrNH...

  • Page 341

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2.2.2.2:100 1.1.1.1 225.0.0.1 1.1.1.1:100 2000::3000 Unknwn 60.60.60.1 1/1/1 2.2.2.2:100 ------------------------------------------------------------------------------- No. of In-Band-VPN-SSM IPv6 P2MP Bindings: 3 =============================================================================== =============================================================================== LDP Service FEC 128 Bindings =============================================================================== Type VCId SDPId IngLbl LMTU Peer SvcId EgrLbl RMTU -------------------------------------------------------------------------------...

  • Page 342

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Sample Output *A:Dut-C# show router 1 mvpn =============================================================================== MVPN 1 configuration data =============================================================================== signaling : Bgp auto-discovery : Enabled UMH Selection : Highest-Ip intersite-shared : Enabled vrf-import : N/A vrf-export : N/A vrf-target : target:1:1 C-Mcast Import RT...

  • Page 343

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 00:03:fa:1a:79:22 STALE 03h29m28s Dynamic ------------------------------------------------------------------------------- No. of Neighbor Entries: 2 =============================================================================== B:CORE2# Table 24 Neighbor Fields Label Description IPv6 Address Displays the IPv6 address. Interface Displays the name of the IPv6 interface name. MAC Address Specifies the link-layer address.

  • Page 344

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Network Domains : 2 =============================================================================== *A:Dut-T>config>router# *A:Dut-T>config>router# show router network-domains detail =============================================================================== Network Domain Table (Router: Base) =============================================================================== ------------------------------------------------------------------------------- Network Domain : net1 ------------------------------------------------------------------------------- Description : Network domain 1 No. Of Ifs Associated No.

  • Page 345

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Context show>router Description This command enables the context to display origin validation information. database Syntax database [family] [ip-prefix/ip-prefix-length] [upto prefix-length2][origin-as as-number] database [family] [ip-prefix/ip-prefix-length] {longer} database {summary} database [family] [{static} Context show>router>origin-validation Description This command displays database information.

  • Page 346

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ------------------------------------------------------------------------------- No. of Vrp Database Entries: 2 ------------------------------------------------------------------------------- Flags: B = Base instance session M = Management instance session Static-V = Static-Valid; Static-I = Static-Invalid =============================================================================== A:Dut-C# show router origin-validation database summary =============================================================================== Static and Dynamic VRP Database Summary ===============================================================================...

  • Page 347

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ------------------------------------------------------------------------------- Port : 323 Oper State : established UpTime : 0d 00:57:41 Flaps Active IPv4 records: 17023 Active IPv6 records: 2515 Admin State : Up Local Address : n/a Admin State : Up Local Address : 192.0.2.2 Hold Time...

  • Page 348

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 25 Policy Fields Label Description Policy The policy name. Description Displays the description of the policy. policy-edits Syntax policy-edits Context show>router Description This command displays edited policy information. route-table Syntax route-table [family] [ip-prefix[/prefix-length] [longer | exact | protocol protocol-name] [all]] [next-hop-type type] [qos] [alternative] [accounting-class] route-table [family] summary route-table tunnel-endpoints [ip-prefix[/prefix-length]] [longer | exact] [detail]...

  • Page 349

    [0 to FFFF]H d: [0 to 255]D prefix-length: 1 to 128ipv6 Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be set to 0) ipv4-prefix-length: 0 to 32 longer — displays routes matching the ip-prefix/mask and routes with longer masks exact —...

  • Page 350

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 192.168.0.0/16 [E] Remote BGP VPN 00h06m38s 2.1.1.9 (tunneled) ------------------------------------------------------------------------------- No. of Routes: 4 Flags: L = LFA nexthop available B = BGP backup route available E = best-external BGP route available n = Number of times nexthop is repeated =============================================================================== *A:Dut-B#config>service>vprn# show router 1 route-table alternative ===============================================================================...

  • Page 351

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 10.10.4.4 20 10.10.10.0/24 [L] Remote ISIS 00h00m58s 15 10.10.12.3 23 10.10.11.0/24 [L] Remote ISIS 00h00m58s 15 10.10.12.3 13 10.10.12.0/24 Local Local 00h01m25s 0 ip-10.10.12.2 0 10.20.1.1/32 [L] Remote ISIS 00h00m58s 15 10.10.1.1 10 10.20.1.2/32 Local Local 00h01m25s 0 system 0 10.20.1.3/32 [L] Remote ISIS 00h00m58s 15...

  • Page 352

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 10.10.1.1 10 10.10.12.3 (LFA) 13 10.20.1.2/32 Local Local 00h02m28s 0 system 0 10.20.1.3/32 Remote ISIS 00h02m05s 15 10.10.12.3 3 10.10.1.1 (LFA) 20 10.20.1.4/32 Remote ISIS 00h02m05s 15 10.10.4.4 10 10.10.12.3 (LFA) 13 10.20.1.5/32 Remote ISIS 00h02m05s 15 10.10.12.3 13 10.10.4.4 (LFA) 20...

  • Page 353

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 100.128.0.1 11.4.101.0/24 Local Local 02h14m29s ------------------------------------------------------------------------------- A:ALA# B:ALA-B# show router route-table 100.10.0.0 exact ========================================================================== Dest Address Next Hop Type Proto Age Metric Pref ------------------------------------------------------------------------------- 100.10.0.0/16 Black Hole Remote Static 00h03m17s 1 5 ------------------------------------------------------------------------------- No.

  • Page 354

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 itfToArborCP_02 10.20.1.1/32 Remote ISIS 00h44m24s 1.1.3.1 10.20.1.2/32 Remote ISIS 00h44m28s 1.2.3.2 10.20.1.3/32 Local Local 00h44m32s system 20.12.0.43/32 Remote Static 00h44m31s vprn1:mda-1-1 20.12.0.44/32 Remote Static 00h44m31s vprn1:mda-2-1 20.12.0.45/32 Remote Static 00h44m31s vprn1:mda-2-2 20.12.0.46/32 Remote Static 00h44m30s...

  • Page 355

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 10.10.5.0/24 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 10.10.10.0/24 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 10.20.1.5/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 10.20.1.6/32 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 ------------------------------------------------------------------------------- No.

  • Page 356

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 3ffe::10:20:1:4/128 Remote ISIS 00h12m48s fe80::205e:1ff:fe01:1-"ip-10.10.5.3" 3ffe::10:20:1:4/128 Remote ISIS 00h12m48s fe80::6629:ffff:fe00:141-"ip-10.10.12.3" ------------------------------------------------------------------------------- No. of Routes: 2 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested ===============================================================================...

  • Page 357

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Flags: n = Number of times nexthop is repeated B = BGP backup route available L = LFA nexthop available S = Sticky ECMP requested E = Inactive best-external BGP route =============================================================================== *A:Dut-C# show router route-table ipv6 3ffe::10:20:1:4/128 all extensive =============================================================================== Route Table (Router: Base)

  • Page 358

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 26 Standard Route Table Fields Label Description Dest Address The route destination address and mask. Next Hop The next hop IP address for the route destination. Type Local The route is a local route. Remote The route is a remote route.

  • Page 359

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Active Available ------------------------------------------------------------------------------- Static Direct 1698 1698 Host 1477 BGP (Backup) VPN Leak OSPF ISIS 3296 6383 ISIS (LFA) 1499 Aggregate Sub Mgmt Managed ------------------------------------------------------------------------------- Total 5006 9570 =============================================================================== NOTE: ISIS LFA routes and BGP Backup routes are not counted towards the total. *A:SRR# *A:Dut-C>config>router>mpls>lsp# show router route-table 10.0.0.2/32 extensive ===============================================================================...

  • Page 360

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Dest-Class Metric ECMP-Weight : 18 Next-Hop : 1.0.0.2 (RSVP tunnel:132) : Priority=n/c, FC=n/c Source-Class Dest-Class Metric ECMP-Weight Next-Hop : 1.0.0.3 (RSVP tunnel:94) : Priority=n/c, FC=n/c Source-Class Dest-Class Metric ECMP-Weight Next-Hop : 1.0.0.3 (RSVP tunnel:61442) : Priority=n/c, FC=n/c Source-Class Dest-Class...

  • Page 361

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Sample Output A:Dut-A# show router rtr-advertisement ======================================================================= Router Advertisement ======================================================================= ------------------------------------------------------------------------------- Interface: interfaceNetworkNonDefault ------------------------------------------------------------------------------- Rtr Advertisement Tx : 8 Last Sent : 00h01m28s Nbr Solicitation Tx : 83 Last Sent : 00h00m17s Nbr Advertisement Tx : 74 Last Sent : 00h00m25s...

  • Page 362

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Reachable Time : 00h00m00s400ms Router Lifetime : 00h30m01s Retransmit Time : 00h00m00s400ms Hop Limit : 63 Link MTU : 1500 Prefix: 23::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : infinite Valid Lifetime : infinite...

  • Page 363

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 27 Router Advertisement Table Fields (Continued) Label Description Nbr Advertisement Tx The number of neighbor advertisements sent and time since they were sent. Rtr Advertisement Rx The number of router advertisements received and time since they were received.

  • Page 364

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Sample Output A:Dut-A# show>router# rtr-advertisement conflicts =============================================================================== Router Advertisement =============================================================================== Interface: interfaceNetworkNonDefault ------------------------------------------------------------------------------- Advertisement from: FE80::200:FF:FE00:2 Managed Config : FALSE [TRUE] Other Config : FALSE [TRUE] Reachable Time : 00h00m00s0ms [00h00m00s400ms] Router Lifetime : 00h30m00s [00h30m01s] Retransmit Time : 00h00m00s0ms [00h00m00s400ms]...

  • Page 365

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Prefix not present in own router advertisement Prefix: 24::/119 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix not present in neighbor router advertisement Prefix: 24::/120 Autonomous Flag : TRUE...

  • Page 366

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Output Static ARP Table Output — The following output is an example of static AARP table information, and Table 29 describes the output fields. Sample Output A:ALA-A# show router static-arp =============================================================================== ARP Table =============================================================================== IP Address MAC Address...

  • Page 367

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 29 Static ARP Table Fields Label Description IP Address The IP address of the static ARP entry. MAC Address The MAC address of the static ARP entry. The age of the ARP entry. Static ARPs always have 00:00:00 for the age.

  • Page 368

    [0 to FFFF]H [0 to 255]D ipv6-prefix-length: 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 to 32 preference preference — only displays static routes with the specified route preference...

  • Page 369

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 192.168.252.0/24 10.10.0.254 192.168.253.0/24 to-ser1 192.168.253.0/24 10.10.0.254 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# A:ALA-A# show router static-route 192.168.250.0/24 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-route preference 4 ===============================================================================...

  • Page 370

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 SR-TE Tunnels : disabled ------------------------------------------------------------------------------- Prefix : 3ffe::10:10:14:0/120 Nexthop : 3ffe::20:20:1:6 Type : Indirect Interface : n/a Active Prefix List : n/a Prefix List Type : n/a Metric Preference Source Class Dest Class Admin State : Up...

  • Page 371

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 30 Static Route Fields Label Description IP Addr/mask The static route destination address and mask. Pref The route preference value for the static route. Metric The route metric value for the static route. Type The static route is a black hole route.

  • Page 372

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Interface : Metric Prefence : Active : [Y|N] Admin State : [Up|Down] Tag : BFD: [enable|disabled] CPE-check: [enabled|disabled] State: [Up|Down] Target : <address> Interval : [value | n/a] Drop Count : <value> : [Y|N] CPE Host Up/Dn Time : 0d 16:32:28 CPE Echo Req Tx...

  • Page 373

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 service-prefix Syntax service-prefix Context show>router Description This command displays the address ranges reserved by this node for services sorted by prefix. Output Service Prefix Output — The following output is an example of service prefix information, Table 31 describes the fields.

  • Page 374

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 application Syntax application [app-name] [dscp | dot1p] Context show>router>sgt-qos Description This command displays application QoS settings. Parameters app-name — the specific application Values arp, bgp, cflowd, dhcp, diameter, dns, ftp, gtp, icmp, igmp, igmp- reporter, isis, l2tp, ldp, mld, msdp, ndis, ntp, ospf, pcep, pim, pppoe, ptp, radius, rip, rsvp, sflow, snmp, snmp-notification, srrp, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp...

  • Page 375

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 syslog none af41 tacplus none af41 telnet none af41 tftp none af41 traceroute none vrrp none =============================================================================== =============================================================================== Dot1p Application Values =============================================================================== Application Configured Dot1p Value Default Dot1p Value ------------------------------------------------------------------------------- none isis none pppoe none...

  • Page 376

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 af11 cp11 af12 cp13 af13 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 af33 cp31 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 cp49 cp50...

  • Page 377

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 cp62 cp63 =============================================================================== A:ALA-A# status Syntax status Context show>router Description This command displays the router status. Output Router Status Output — The following output is an example of router status information, and Table 32 describes the fields.

  • Page 378

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 32 Router Status Fields Label Description Router The administrative and operational states for the router. OSPF The administrative and operational states for the OSPF protocol. The administrative and operational states for RIP. ISIS The administrative and operational states for the IS-IS protocol.

  • Page 379

    Class Forwarding Enabled — Class Forwarding is enabled Disabled — Class Forwarding is disabled 7450 ESS Router Status Output—The following output is an example of router status information for the 7450 ESS: Sample Output *A:Performance# configure router ospf [1..31] shutdown...

  • Page 380

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 OSPFv2-3 Down Down OSPFv2-4 Down Down OSPFv2-5 Down Down OSPFv2-6 Down Down OSPFv2-7 Down Down OSPFv2-8 Down Down OSPFv2-9 Down Down OSPFv2-10 Down Down OSPFv2-11 Down Down OSPFv2-12 Down Down OSPFv2-13 Down Down OSPFv2-14 Down...

  • Page 381

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Sample Output *A:Performance# configure router ospf [1..31] shutdown *A:Performance# show router status ================================================================ Router Status (Router: Base) ================================================================ Admin State Oper State ---------------------------------------------------------------- Router OSPFv2-0 OSPFv2-1 Down Down OSPFv2-2 Down Down OSPFv2-3 Down Down OSPFv2-4...

  • Page 382

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Single SFM State normal Single SFM Start 004 19:03:39.680 Single SFM Interval 0d 00:16:06 Reassembly ISA-BB group Not configured Ipv6 Nbr Reachab. time Not configured Triggered Policies ================================================================ *A:Performance# Class Forwarding—The following output is an example for checking if class-based forwarding is enabled in the global router context.

  • Page 383

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 TTL Propagate VPRN Local vc-only VPRN Transit vc-only Label Route Local none Label Route Transit none LSR Label Route none LSP BFD Tail Sessions Disabled Class Forwarding Enabled =============================================================================== TTL Propagation and ICMP Tunneling—The following output is an example of TTL propagation and ICMP tunneling configurations, first in base router and then in a VPRN service.

  • Page 384

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Ipv6 Nbr Reachab. time Not configured IPv6 Nbr stale time (s) 14400 VPRN Local TTL Propagate vc-only VPRN Transit TTL Propag* vc-only Label Route Local TTL P* none Label Route Transit TTL* none LSR Label Route TTL Pro* none =============================================================================== * indicates that the corresponding row element may have been truncated.

  • Page 385

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ICMP Tunneling Disabled Reassembly ISA-BB group Not configured ICMP Tunneling Disabled Ipv6 Nbr Reachab. time Not configured VPRN Local TTL Propagate all VPRN Transit TTL Propag* inherit (vc-only) =============================================================================== * indicates that the corresponding row element may have been truncated. *A:Dut-A# tunnel-table Syntax...

  • Page 386

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Sample Output *A:Dut-D>config>service>vpls# show router tunnel-table sdp 17407 ======================================================================= Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ----------------------------------------------------------------------- 127.0.68.0/32 MPLS 17407 127.0.68.0 ======================================================================= *A:Dut-D# show service id 1 sdp 17407:4294967294 detail ======================================================================= Service Destination Point (Sdp Id : 17407:4294967294) Details =======================================================================...

  • Page 387

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Rest Prot Src Mac : Disabled Auto Learn Mac Prot: Disabled RestProtSrcMacAct : Disable Ingress Qos Policy : (none) Egress Qos Policy : (none) Ingress FP QGrp : (none) Egress Port QGrp : (none) Ing FP QGrp Inst : (none)

  • Page 388

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Designated Bridge : N/A Designated Port Id: N/A Fwd Transitions Bad BPDUs rcvd Cfg BPDUs rcvd Cfg BPDUs tx TCN BPDUs rcvd TCN BPDUs tx TC bit BPDUs rcvd TC bit BPDUs tx RST BPDUs rcvd RST BPDUs tx -----------------------------------------------------------------------...

  • Page 389

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 *A:Dut-C> show router tunnel-table =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric ------------------------------------------------------------------------------- 10.20.1.1/32 MPLS 65546 10.10.2.1 10.20.1.2/32 MPLS 65545 10.10.12.2 10.20.1.2/32 isis (0) MPLS 524318 10.10.12.2 10.20.1.4/32 isis (0)

  • Page 390

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Destination : 10.20.1.22/32 NextHop : 120.1.18.7 Tunnel Flags : exclude-for-lfa : 00h00m38s CBF Classes : af l1 ef nc Owner : rsvp Encap : MPLS Tunnel ID : 244 Preference Tunnel Label : 249905 Tunnel Metric : 2000...

  • Page 391

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 2001::a14:103/128 isis (0) MPLS 524355 fe80::c7b:1ff:fe01:1-"B_to_D" 2001::a14:104/128 isis (0) MPLS 524354 fe80::c7b:1ff:fe01:1-"B_to_D" 2001::a14:105/128 isis (0) MPLS 524356 fe80::c7f:2ff:fe01:1-"B_to_E" 2001::a14:106/128 isis (0) MPLS 524357 fe80::c7b:1ff:fe01:1-"B_to_D" ------------------------------------------------------------------------------- Flags: B = BGP backup route available E = inactive best-external BGP route =============================================================================== *B:Dut-B>config>router>mpls>lsp# show router tunnel-table...

  • Page 392

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Tunnel Flags : exclude-for-igpshortcuts : 00h02m32s CBF Classes : (Not Specified) Owner : isis (0) Encap : MPLS Tunnel ID : 524354 Preference : 11 Tunnel Label : 18564 Tunnel Metric : 10 Tunnel MTU : 1582 Max Label Stack...

  • Page 393

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Table 33 Tunnel Table Fields (Continued) Label Description Owner Specifies the tunnel owner. Encap Specifies the tunnel’s encapsulation type. Tunnel ID Specifies the tunnel (SDP) identifier. Pref Specifies the route preference for routes learned from the configured peers.

  • Page 394

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ------------------------------------------------------------------------------- Destination : 10.20.1.5/32 NextHop : 10.11.7.3 Tunnel Flags : exclude-for-lfa entropy-label-capable : 00h17m18s CBF Classes : af l1 Owner : rsvp Encap : MPLS Tunnel ID : 60 Preference Tunnel Label : 262063 Tunnel Metric : 2000...

  • Page 395

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 eth-tunnel Syntax eth-tunnel [group tunnel-group-name [vc-id vc-id]] Context show>router>l2tp Description This command displays information about configured L2TPv3 Ethernet tunnels. These Ethernet tunnels are the L2TPv3 sessions setup between the local private L2 SAP and the far end device.

  • Page 396

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 group Syntax group [tunnel-group-name [statistics]] Context show>router>l2tp Description This command displays L2TP group operational information. Parameters tunnel-group-name — displays information for the specified tunnel group statistics — displays statistics for the specified tunnel group Output The following output is an example of L2TP group operational information.

  • Page 397

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Group Name: isp1.group-2 ------------------------------------------------------------------------------- Attempts Failed Failed-Aut Active Total ------------------------------------------------------------------------------- Tunnels Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Pkt-Ctl Pkt-Err Octets ------------------------------------------------------------------------------- 1224 2796 ------------------------------------------------------------------------------- *A:Dut-C# peer Syntax peer ip-address [statistics] [{udp-port port | ip}] peer [draining] [{blacklisted | selectable | unreachable}] Context show>router>l2tp Description...

  • Page 398

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 =============================================================================== Peer IP Port Tun Active Ses Active Drain Reachability Tun Total Ses Total ------------------------------------------------------------------------------- 10.1.1.2 ------------------------------------------------------------------------------- No. of peers: 1 =============================================================================== A:Dut-A# show router 200 l2tp peer 10.1.1.2 ip =============================================================================== Peer IP: 10.1.1.2 =============================================================================== Roles capab/actual: LAC LNS / - Draining...

  • Page 399

    [0 to FFFF]H d: [0 to 255]D interface: 32 characters maximum, mandatory for link local addresses Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 400

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 group group-name — specifies a string to identify a Layer Two Tunneling Protocol Tunnel group assignment-id assignment-id — specifies a string that distinguishes this Layer Two Tunneling Protocol tunnel local-name local-host-name — specifies the host name used by this system during the authentication phase of tunnel establishment remote-name remote-host-name —...

  • Page 401

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 658210606 658178048 10043 32558 established ------------------------------------------------------------------------------- No. of sessions: 6 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp session state closed detail =============================================================================== L2TP Session Status =============================================================================== Connection ID : 143531662 State : closed Tunnel Group : isp1.group-2 Assignment ID : isp1.tunnel-3...

  • Page 402

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 *A:Dut-C# show router l2tp session session-id 946 =============================================================================== L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 143524786 143523840 2190 established ------------------------------------------------------------------------------- No. of sessions: 1 =============================================================================== *A:Dut-C# show router l2tp session connection-id 143524786 detail =============================================================================== L2TP Session Status ===============================================================================...

  • Page 403

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Assignment ID : isp1.tunnel-3 Error Message : Terminated by PPPoE: RX PADT Control Conn ID : 143523840 Remote Conn ID : 1148557524 Tunnel ID : 2190 Remote Tunnel ID : 17525 Session ID : 7822 Remote Session ID : 39124 Time Started...

  • Page 404

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 *A:Dut-C# *A:Dut-C# show router l2tp session peer 10.10.20.100 =============================================================================== L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 658187773 658178048 10043 9725 established...

  • Page 405

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 =============================================================================== L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 143524786 143523840 2190 established 143526923 143523840 2190 3083 established 143531662 143523840 2190 7822 closed 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275...

  • Page 406

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Control Conn ID : 600375296 Remote Conn ID : 1026712216 Tunnel ID : 9161 Remote Tunnel ID : 15666 Session ID : 31720 Remote Session ID : 25240 Time Started : 02/02/2010 09:08:54 Time Established : 02/02/2010 09:08:54 Time Closed : N/A...

  • Page 407

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command displays L2TP statistics. Output The following output is an example of L2TP statistics information. Sample Output *A:Dut-C# show router l2tp statistics =============================================================================== L2TP Statistics =============================================================================== Tunnels Sessions ------------------------------------------------------------------------------- Active Active Setup history since 04/17/2009 18:38:41 Total...

  • Page 408

    32 characters maximum, mandatory for link local addresses Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) tunnel-id tunnel-id (v2) — displays information for the specified ID of a L2TP tunnel. In L2TP version 2, it is the 16-bit tunnel ID...

  • Page 409

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 isp1.tunnel-3 236912640 3615 58919 closedByPeer isp1.group-2 isp1.tunnel-2 379387904 5789 4233 established isp1.group-1 isp1.tunnel-1 658178048 10043 33762 draining isp1.group-2 isp1.tunnel-2 ------------------------------------------------------------------------------- No. of tunnels: 4 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp tunnel state closed-by-peer detail =============================================================================== L2TP Tunnel Status ===============================================================================...

  • Page 410

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 isp1.tunnel-1 ------------------------------------------------------------------------------- No. of tunnels: 2 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp tunnel tunnel-id 2190 statistics =============================================================================== L2TP Tunnel Statistics =============================================================================== Connection ID: 143523840 ------------------------------------------------------------------------------- Attempts Failed Active Total ------------------------------------------------------------------------------- Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Ctrl Packets...

  • Page 411

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Error Message : N/A Remote Conn ID : 1148518400 Tunnel ID : 2190 Remote Tunnel ID : 17525 UDP Port : 1701 Remote UDP Port : 1701 Preference : 100 Hello Interval (s): 300 Idle TO (s) Destruct TO (s) : 7200...

  • Page 412

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Preference : 100 Hello Interval (s): infinite Idle TO (s) : 60 Destruct TO (s) : 7200 Max Retr Estab Max Retr Not Estab: 5 Session Limit : 1000 AVP Hiding : never Transport Type : udpIp Challenge...

  • Page 413

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 *A:Dut-C# show router l2tp tunnel local-name lac1.wholesaler.com remote- name lns2.retailer1.net state draining =============================================================================== Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active Group Ses Total Assignment ------------------------------------------------------------------------------- 658178048 10043 33762 draining isp1.group-2 isp1.tunnel-2 ------------------------------------------------------------------------------- No.

  • Page 414

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 IncomingCallReply ZeroLengthBody last cleared time : N/A =============================================================================== On LAC (master node after switchover) =============================================================================== L2TP Tunnel Status =============================================================================== Connection ID: 11206656 State : established : 10.124.0.9 : 1701 Peer IP : 10.124.0.3 Peer UDP : 1701 Tx dst-IP...

  • Page 415

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 On LAC (slave node after switchover) show router l2tp tunnel detail =============================================================================== L2TP Tunnel Status =============================================================================== Connection ID: 11206656 State : draining : 10.124.0.9 : 1701 Peer IP : 10.124.0.3 Peer UDP : 1701 Tx dst-IP : 10.124.0.3...

  • Page 416

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 : 10.124.0.3 : 1701 Peer IP : 10.124.0.9 Peer UDP : 1701 Tx dst-IP : 10.124.0.9 Tx dst-UDP : 1701 Rx src-IP : 10.124.0.9 Rx src-UDP : 1701 Name : mc-lns Remote Name : mc-lac Assignment ID: t1 Group Name...

  • Page 417

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Assignment ID: t1 Group Name : mc-lac Acct. Policy : l2tp-base Error Message: N/A Remote Conn ID : 433324032 Tunnel ID : 115 Remote Tunnel ID : 6612 Preference : 50 Receive Window : 64 Hello Interval (s): infinite Idle TO (s)

  • Page 418

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Set Dont Fragment : true Failover State : not-applicable Recovery Conn ID : N/A Recovery state : recovery-tunnel Recovered Conn ID : 7536640 Recovery method : default Track SRRP : 124 Ctrl msg behavior : handle ------------------------------------------------------------------------------- No.

  • Page 419

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ------------------------------------------------------------------------------- No. of tunnels: 1 =============================================================================== On LNS after switchover (433324032 is the recovered tunnel, 1169424384 is the recovery tunnel) =============================================================================== L2TP Tunnel Status =============================================================================== Connection ID: 433324032 State : established : 10.124.0.3 : 1701 Peer IP : 10.124.0.9...

  • Page 420

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Tx dst-UDP : 1701 Rx src-IP : 10.124.0.9 Rx src-UDP : 1701 Name : mc-lns Remote Name : mc-lac Assignment ID: t1 Group Name : mc-lns Acct. Policy : N/A Error Message: N/A Remote Conn ID : 1865089024 Tunnel ID...

  • Page 421

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Parameters router-instance — specifies the router name, CPM router instance, or service ID Values router-name or service-id router-instance : router-name router-name Base | management | vpls-management | cpm-vr-name cpm-vr-name [32 characters maximum] service-id: 1 to 2147483647 Default Base...

  • Page 422

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 session Syntax session src-ip ip-address dst-ip ip-address Context clear>router>bfd Description This command clears BFD sessions. Parameters src-ip ip-address — specifies the address of the local endpoint of this BFD session dst-ip ip-address — specifies the address of the remote endpoint of this BFD session statistics Syntax statistics src-ip ip-address dst-ip ip-address...

  • Page 423

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Context clear>router Description This command clears entries in the forwarding table (maintained by the IOMs). If the slot number is not specified, the command forces the route table to be recalculated. Parameters slot-number —...

  • Page 424

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 icmp6 Syntax icmp6 all icmp6 global icmp6 interface interface-name Context clear>router Description This command clears ICMPv6 statistics. Parameters all — clears all statistics global — clears global router statistics interface-name — clears ICMPv6 statistics for the specified interface interface Syntax interface [ip-int-name | ip-address] [urpf-stats] [statistics] [hold-time]...

  • Page 425

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 ieee-address — Specifies the MAC address. Values xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx l2tp Syntax l2pt Context clear>router Description This command enables the context to clear L2PT data. group Syntax group tunnel-group-name Context clear>router>l2tp Description This command clears L2PT data.

  • Page 426

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 statistics Syntax statistics [ip-address | ip-int-name] Context clear>router>dhcp clear>router>dhcp6 Description This command clear statistics for DHCP and DHCP6and DHCP6 relay and snooping statistics. If no IP address or interface name is specified, then statistics are cleared for all configured interfaces.

  • Page 427

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Description This command clears all router advertisement counters. Parameters all — clears all router advertisement counters for all interfaces interface interface-name — clear router advertisement counters for the specified interface 2.13.2.3 Debug Commands destination Syntax destination trace-destination...

  • Page 428

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 router Syntax router [router-instance] router service-name service-name Context debug Description This command enters the context to enable debugging of various protocols and areas of a router-instance. Parameters router-instance — specifies the router name, CPM router instance, or service ID Values router-name or service-id router-instance : router-name...

  • Page 429

    [0 to FFFF]H d: [0 to 255]D Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d (host bits must be 0) ip-int-name — only displays the interface information associated with the specified IP interface name Values...

  • Page 430

    [0 to FFFF]H [0 to 255]D ipv6-prefix-length 0 to 128 Values The following values apply to the 7450 ESS: ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 to 32 longer — specifies the prefix list entry matches any route that matches the specified ip-...

  • Page 431

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 tunnel-table Syntax tunnel-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id] | sdp [sdp-id sdp-id]] Context debug>router>ip Description This command enables debugging for tunnel tables. l2tp Syntax l2tp Context debug>router Description This command enables the context to configure debugging for L2TP. peer Syntax peer ip-address [{udp-port port | ip}]...

  • Page 432: Tools Commands

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. 2.13.2.4 Tools Commands tunnel Syntax tunnel Context tools>dump>router>segment-routing> tunnel Description This command displays Segment Routing tunnels information. Output Sample Output *A:Dut-F#...

  • Page 433

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 1.0.56.5 60002 DUTF_TO _DUTE.1.0 (B)1.0.26.2 30995 DUTF_TO _DUTB.1.0 Node Terminating 70003 OSPF-0 1.0.11.1 Node Orig/Transit 70004 OSPF-0 1.0.26.2 30004 DUTF_TO _DUTB.1.0 (B)1.0.36.3 40004 DUTF_TO _DUTC.1.0 1.0.22.2 Node Orig/Transit 70005 OSPF-0 1.0.26.2 30005 DUTF_TO _DUTB.1.0 (B)1.0.36.3...

  • Page 434

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Backup Node Transit 70995 OSPF-0 1.0.26.2 30995 DUTF_TO _DUTB.1.0 Backup Node Transit 70996 OSPF-0 1.0.26.2 30005 DUTF_TO _DUTB.1.0 Backup Node Transit 70998 OSPF-0 1.0.26.2 30998 DUTF_TO _DUTB.1.0 Backup Node Transit 70999 OSPF-0 1.0.36.3 40999 DUTF_TO...

  • Page 435

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 Adjacency Transit 262137 ISIS-0 10.10.2.3 10.10.2.1 Adjacency Transit 262138 ISIS-0 10.10.1.2 10.10.1.1 Adjacency Transit 262139 ISIS-0 10.10.1.2 10.10.1.1 Node Terminating 474387 ISIS-0 10.20.1.2 Node Orig/Transit 474388 ISIS-0 10.10.1.2 474388 10.10.1.1 10.20.1.3 Node Orig/Transit 474389 ISIS-0...

  • Page 436

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 10.10.12.3 (B)10.10.3.2 10.10.3.3 Adjacency Transit 262133 ISIS-0 10.10.5.5 10.10.5.3 (B)10.10.12.2 474389 10.10.12.3 474390 Adjacency Transit 262134 ISIS-0 10.10.5.5 10.10.5.3 (B)10.10.12.2 474389 10.10.12.3 474390 Adjacency Transit 262135 ISIS-0 10.10.3.2 10.10.3.3 (B)10.10.12.2 10.10.12.3 Adjacency Transit 262136 ISIS-0...

  • Page 437

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 10.10.12.3 (B)10.10.3.2 474392 10.10.3.3 Node Terminating 474393 ISIS-0 *A:Dut-C# *A:Dut-C# tools dump router segment-routing tunnel ==================================================================================== Legend: (B) - Backup Next-hop for Fast Re- Route Duplicate ==================================================================================== ------------------------------------------------------------------------------------ Prefix Sid-Type Fwd-Type In-Label Prot- Inst Next Hop(s)

  • Page 438

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 10.10.2.1 10.10.2.3 Adjacency Transit 262138 ISIS-0 10.10.2.1 10.10.2.3 10.20.1.4 Node Orig/Transit 474389 ISIS-0 10.10.12.2 474389 10.10.12.3 (B)10.10.5.5 474389 10.10.5.3 10.20.1.5 Node Orig/Transit 474390 ISIS-0 10.10.5.5 474390 10.10.5.3 (B)10.10.12.2 474389 10.10.12.3 474390 10.20.1.6 Node Orig/Transit 474391...

  • Page 439

    ROUTER CONFIGURATION GUIDE IP Router Configuration RELEASE 15.0.R5 port — specifies the UDP port for the L2TP peer. This parameter is only supported with L2TPv2 peers. ip — enables performance tools for peers using IP transport. Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 440

    IP Router Configuration ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 441: Vrrp

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3 VRRP 3.1 VRRP Overview The Virtual Router Redundancy Protocol (VRRP) for IPv4 is defined in the IETF RFC 3768, Virtual Router Redundancy Protocol. VRRP for IPv6 is specified in draft-ietf- vrrp-unified-spec-02.txt and only applies to the 7750 SR and 7950 XRS. VRRP describes a method of implementing a redundant IP interface shared between two or more routers on a common LAN segment, allowing a group of routers to function as one virtual router.

  • Page 442: Vrrp Components

    Up to four virtual routers are possible on a single Nokia IP interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine, and messaging instance.

  • Page 443: Primary And Secondary Ip Addresses

    IP packet. An IP interface must always have a primary IP address assigned for VRRP to be active on the interface. Nokia routers supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.

  • Page 444: Virtual Router Backup

    VRRP Non-Owner Accessibility. 3.2.7 Configurable Parameters As well as to backup IP addresses, to facilitate configuration of a virtual router on Nokia routers, the following parameters can be defined in owner configurations: • Virtual Router ID (VRID) • Message Interval and Master Inheritance •...

  • Page 445: Virtual Router Id (vrid)

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 • Priority • Message Interval and Master Inheritance • Master Down Interval • Preempt Mode • VRRP Message Authentication • Authentication Data • Virtual MAC Address • Inherit Master VRRP Router’s Advertisement Interval Timer •...

  • Page 446: Ip Addresses

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Non-owner virtual routers may be configured with a priority of 254 through 1. The default value is 100. Multiple non-owners can share the same priority value. When multiple non-owner backup virtual routers are tied (transmit VRRP advertisement messages simultaneously) in the election process, all attempt to become master simultaneously;...

  • Page 447: Skew Time

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 If a VRRP advertisement message is received with an advertisement interval set to a value different from the local value and the inherit parameter is disabled, the message is discarded without processing. The master virtual router on a VRID uses the advertisement interval to load the advertisement timer, specifying when to send the next VRRP advertisement message.

  • Page 448: Preempt Mode

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The master down timer is only operational when the local virtual router is operating in backup mode. 3.2.7.7 Preempt Mode Preempt mode is a true or false configured value that controls whether a specific backup virtual router preempts a lower-priority master.

  • Page 449

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.2.7.8.1 Authentication Type 0 – No Authentication The use of authentication type 0 indicates that VRRP advertisement messages are not authenticated (provides no authentication). The master transmitting VRRP advertisement messages will transmit the value 0 in the egress messages authentication type field and the authentication data field.

  • Page 450: Authentication Data

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.2.7.8.2 Authentication Type 1 – Simple Text Password The use of authentication type 1 indicates that VRRP advertisement messages are authenticated with a clear (simple) text password. All virtual routers participating in the virtual router instance must be configured with the same 8 octet password. Transmitting virtual routers put a value of 1 in the VRRP advertisement message authentication type field and put the configured simple text password into the message authentication data field.

  • Page 451: Virtual Mac Address

    IP addresses listed in the sequential IP address fields at the end of the message. The Nokia routers implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.

  • Page 452: Inherit Master Vrrp Router's Advertisement Interval Timer

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.2.7.12 Inherit Master VRRP Router’s Advertisement Interval Timer The virtual router instance can inherit the master VRRP router’s advertisement interval timer, which is used by backup routers to calculate the master down timer. The inheritance is only configurable in the non-owner nodal context. The inheritance is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual routers.

  • Page 453: Vrrp Priority Control Policies

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.3 VRRP Priority Control Policies This implementation of VRRP supports control policies to manipulate virtual router participation in the VRRP master election process and master self-deprecation. The local priority value for the virtual router instance is used to control the election process and master state.

  • Page 454: Vrrp Priority Control Policy Priority Events

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.3.3 VRRP Priority Control Policy Delta In-Use Priority Limit A VRRP priority control policy enforces an overall minimum value that the policy can assign to the VRRP virtual router instance base priority. This value provides a lower limit to the delta priority events manipulation of the base priority.

  • Page 455: Priority Event Hold-set Timers

    The port down priority event is assigned to either a physical port or a SONET/SDH channel for the 7750 SR and 7450 ESS. The port or channel operational state is evaluated to determine a port down priority event or event clear.

  • Page 456: Lag Degrade Priority Event

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.3.4.3 LAG Degrade Priority Event The LAG degrade priority event is assigned to an existing Link Aggregation Group (LAG). The LAG degrade priority event is conditional on a percentage of available port bandwidth on the LAG. Multiple bandwidth percentage thresholds may be defined, each with its own priority value.

  • Page 457

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 35 LAG Events (Continued) Time LAG Port State Parameter State Comments (seconds) All ports up Event State Cleared - All ports — Event Threshold None Event cleared Hold-set Timer Expired — Five ports down Event State Set - 5 ports down —...

  • Page 458: Host Unreachable Priority Event

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 35 LAG Events (Continued) Time LAG Port State Parameter State Comments (seconds) All ports up Event State Set - 7 ports down — Event Threshold 6 ports down — Hold-set timer 1 second —...

  • Page 459

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 When a route prefix exists within the active route table that matches the defined match criteria, the route unknown priority event is considered false or cleared. When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set.

  • Page 460: Vrrp Non-owner Accessibility

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.4 VRRP Non-Owner Accessibility Although the RFC states that only VRRP owners can respond to ping and other management-oriented protocols directed to the VRID IP addresses, the routers allow an override of this restraint on a per VRRP virtual router instance basis. 3.4.1 Non-Owner Access Ping Reply When non-owner access ping reply is enabled on a virtual router instance, ICMP echo request messages destined to the non-owner virtual router instance IP...

  • Page 461: Non-owner Access Ssh

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.4.3 Non-Owner Access SSH When non-owner access SSH is enabled on a virtual router instance, authorized SSH sessions may be established that are destined to the virtual router instance IP addresses when operating in master mode. SSH sessions are always discarded at the IP interface when destined to a virtual router IP address operating in backup mode.

  • Page 462: Vrrp Configuration Process Overview

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.5 VRRP Configuration Process Overview Figure 24 shows part 1 of the process to configure and implement VRRP parameters. Figure 24 VRRP Configuration and Implementation Flow - Part 1 Start Configure VRRP Priority Control Policies (Optional) Configure IES/VPRN Service Configure Router Interface Configure Interface...

  • Page 463

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Figure 25 VRRP Configuration and Implementation Flow Start Configure VRRP Priority Control Policies (Optional) Configure IES Service Configure Router Interface Configure Interface Configure Interface Specify Address, Secondary Address(es) Specify Address, Secondary Address(es) Configure VRRP Owner/Non-Owner Instance Specify Backup IP Address(es) Configure VRRP Parameters Apply VRRP Priority Control Policies (Optional)

  • Page 464

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.6 Configuration Notes This section describes VRRP configuration restrictions. 3.6.1 General • Creating and applying VRRP policies are optional. • Backup command: − The backup IP addresses must be on the same subnet. The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list.

  • Page 465: Configuring Vrrp With Cli

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.7 Configuring VRRP with CLI This section provides information to configure VRRP using the command line interface. 3.7.1 VRRP Configuration Overview Configuring VRRP policies and configuring VRRP instances on interfaces and router interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or router interface must specify the backup ip-address parameter.

  • Page 466: Vrrp Policy

    • Define at least one of the following priority events: − Port down − LAG port down − Host unreachable − Route unknown The following example shows a sample configuration of a VRRP policy for the 7450 ESS: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 4/1/2...

  • Page 467: Vrrp Ies Service Parameters

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 exit port-down 4/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta protocol bgp exit exit ---------------------------------------------- 3.7.2.2 VRRP IES Service Parameters VRRP parameters are configured within an IES service with two contexts: owner or non-owner.

  • Page 468

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# 3.7.2.2.1 Configure VRRP for IPv6 The following example shows a VRRP for IPV6 configuration and applies to the 7750 SR and 7950 XRS.

  • Page 469: Vrrp Router Interface Parameters

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.7.2.3 VRRP Router Interface Parameters VRRP parameters are configured on a router interface with two contexts: owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance owns the backed up IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

  • Page 470: Creating Interface Parameters

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 VRRP parameters are defined under a service interface or a router interface context. An IP address must be assigned to each IP interface. Only one IP address can be associated with an IP interface but several secondary IP addresses also be associated.

  • Page 471: Configuring Vrrp Policy Components

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA" address 123.123.123.123/24 exit interface "testB" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# 3.7.4 Configuring VRRP Policy Components The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ----------------------------------------------...

  • Page 472: Configuring Router Interface Vrrp Parameters

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.7.4.1.1 Non-Owner VRRP Example The following displays a basic non-owner VRRP configuration example: A:SR2>config>service>ies# info ---------------------------------------------- interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies#...

  • Page 473: Router Interface Vrrp Owner

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.7.4.2.1 Router Interface VRRP Non-Owner The following displays a router interface non-owner VRRP configuration example: A:SR2>config># info #------------------------------------------ interface "if-test" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply...

  • Page 474: Vrrp Configuration Management Tasks

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.8 VRRP Configuration Management Tasks This section describes VRRP configuration management tasks: 3.8.1 Modifying a VRRP Policy To access a specific VRRP policy, you must specify the policy ID. To display a list of VRRP policies, use the show vrrp policy command.

  • Page 475: Modifying Service And Interface Vrrp Parameters

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 None None =============================================================================== A:SR2# 3.8.2 Modifying Service and Interface VRRP Parameters 3.8.2.1 Modifying Non-Owner Parameters After a VRRP instance is created as non-owner, it cannot be modified to the owner state. The VRID must be deleted, then recreated with the owner keyword, to invoke IP address ownership.

  • Page 476

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 477: Vrrp Configuration Command Reference

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.9 VRRP Configuration Command Reference • Command Hierarchies • Command Descriptions 3.9.1 Command Hierarchies • IPv4 Interface VRRP Commands • Router Interface Commands • IPv6 Interface VRRP Commands • Priority Control Event Policy Commands 3.9.1.1 IPv4 Interface VRRP Commands config...

  • Page 478

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — [no] traceroute-reply VRRP commands are applicable to router interfaces, IES interfaces and VPRN. The authentication-key, bfd-enable, and ssh-reply commands are applicable only to IPv4 contexts, not IPv6. 3.9.1.2 Router Interface Commands config — router [router-name] —...

  • Page 479: Priority Control Event Policy Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 — init-delay seconds — no init-delay — mac-address — no — [no] master-int-inherit — message-interval {[seconds] [milliseconds milliseconds]} — no message-interval — [no] ping-reply — policy vrrp-policy-id — no policy — [no] preempt — priority priority —...

  • Page 480

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 — no priority — weight-down lag-ports-down-weight — no weight-down — mc-ipsec-non-forwarding tunnel-grp-id — hold-clear seconds — no hold-clear — hold-set seconds — no hold-set — priority priority-level [{delta | explicit}] — no priority — [no] port-down port-id —...

  • Page 481: Interface Configuration Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.9.2.1 Interface Configuration Commands authentication-key Syntax authentication-key [authentication-key | hash-key] [hash | hash2] no authentication-key Context config>router>if>vrrp Description This command sets the simple text authentication key used to generate master VRRP advertisement messages and validates VRRP advertisements. If simple text password authentication is not required, the authentication-key command is not required.

  • Page 482

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters authentication-key — The authentication key. Allowed values are any string up to 8 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

  • Page 483

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 For non-owner virtual router instances, the backup command actually creates an IP interface IP address used for routing IP packets and communicating with the system when the access commands are defined (ping-reply, telnet-reply, and ssh-reply). The specified ip-addr must be an IP address that is within one of the parental IP interface local subnets created with the address or secondary commands.

  • Page 484

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Virtual Router Instance IP Address Assignment Conditions — The RFC does not specify that the assigned IP addresses to the virtual router instance must be in the same subnet as the parent IP interface primary IP address or secondary IP addresses.

  • Page 485

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 37 Example - Non-Owner Virtual Router Instance Parent IP addresses: 10.10.10.10/24 11.11.11.11/24 Virtual router IP addresses: 10.10.10.11 Associated with 10.10.10.10 (in subnet) 10.10.10.10 Invalid (same as parent IP address) 10.10.11.11 Invalid (outside of all Parent IP subnets) 11.11.11.254 Associated with 11.11.11.11 (in...

  • Page 486

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 backup Syntax backup ipv6-address no backup Context config>router>if>ipv6>vrrp Description This command associates router IPv6 addresses with the parental IP interface IP addresses. The backup command has two distinct functions when used in an owner or a non-owner context of the virtual router instance.

  • Page 487

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 When operating as (non-owner) master, the default functionality associated with ipv6-addr is ARP response to ARP requests to ip-addr, routing of packets destined to the virtual router instance source MAC address and silently discarding packets destined to ipv6-addr. An IPv6 virtual router instance can enter the operational state only if one of the configured backup address is a link-local address and the router advertisement of the interface is configured to use the virtual MAC address.

  • Page 488

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Non-Owner Virtual Router IP Address Parental Association — When an IP address is assigned to a non-owner virtual router instance, it must be associated with one of the parental IP interface assigned IP addresses. The virtual router IP address must be a valid IP address within one of the parental IP interfaces local subnet.

  • Page 489

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 ipv6- x:x:x:x:x:x:x:x (eight 16-bit address pieces) x:x:x:x:x:x::d.d.d.d x: [0..FFFF]H d: [0..255]D bfd-enable Syntax [no] bfd-enable [service-id] interface interface-name dst-ip ip-address [no] bfd-enable interface interface-name dst-ip ip-address Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This commands assigns a bidirectional forwarding detect (BFD) session to a specific VRRP/ SRRP instance.

  • Page 490

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 config>router>if>ipv6>vrrp Description This command configures a VRRP initialization delay timer. Default no init-delay Parameters seconds — Specifies the initialization delay timer for VRRP, in seconds. Values 1 to 65535 Syntax mac mac-address no mac Context config>router>if>vrrp config>router>if>ipv6>vrrp...

  • Page 491

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 master-int-inherit Syntax [no] master-int-inherit Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command enables the virtual router instance to inherit the master VRRP router’s advertisement interval timer which is used by backup routers to calculate the master down timer.

  • Page 492

    IPv4: 1 to 255 IPv6: 1 to 40 milliseconds milliseconds — Specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on the 7450 ESS-1 chassis. Values 100 to 900 IPv6: 10 to 990 oper-group...

  • Page 493

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Description This command configures VRRP to associate with an operational group. When associated, VRRP notifies the operational group of its state changes so that other protocols can monitor it to provide a redundancy mechanism. When VRRP is the master router (MR), the operational group is up;...

  • Page 494

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 preempt Syntax [no] preempt Context config>router>if>vrrp config>router>if>ipv6>vrrp Description The preempt mode value controls whether a specific backup virtual router preempts a lower priority master. When preempt is enabled, the virtual router instance overrides any non-owner master with an "in use"...

  • Page 495

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Default priority 100 Parameters base-priority — The base priority used by the virtual router instance expressed as a decimal integer. If no VRRP priority control policy is defined, the base-priority is the in-use priority for the virtual router instance. Values 1 to 254 ping-reply...

  • Page 496

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 shutdown Syntax [no] shutdown Context config>router>if>vrrp config>router>if>ipv6>vrrp config>vrrp>policy Description This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within.

  • Page 497

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. This limitation can be disregarded for certain applications.

  • Page 498

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Description This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instances’ IP addresses. Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses.

  • Page 499

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 vrrp Syntax vrrp vrid [owner] [passive] no vrrp vrid Context config>router>interface config>router>if>ipv6 Description This command creates the context to configure a VRRP virtual router instance. A virtual router is defined by its virtual router identifier (VRID) and a set of IP addresses. The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address.

  • Page 500

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • ping-reply, telnet-reply and ssh-reply — The owner virtual router instance always allows Ping, Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface. • vrrp shutdown — The owner virtual router instance cannot be shut down on the vrrp node.

  • Page 501: Priority Policy Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.9.2.2 Priority Policy Commands delta-in-use-limit Syntax delta-in-use-limit in-use-priority-limit no delta-in-use-limit Context config>vrrp>policy Description This command sets a lower limit on the virtual router in-use priority that can be derived from the delta priority control events. Each vrrp-priority-id places limits on the delta priority control events to define the in-use priority of the virtual router instance.

  • Page 502

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base-priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. Values 1 to 254 description...

  • Page 503: Priority Policy Event Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Because VRRP priority control policies define conditions and events that must be maintained, they can be resource intensive. The number of policies is limited to 1000. The policy-id do not have to be consecutive integers. The range of available policy identifiers is from 1 to 9999.

  • Page 504

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>vrrp>policy>priority-event>host-unreachable config>vrrp>policy>priority-event>lag-port-down config>vrrp>policy>priority-event>mc-ipsec-non-forwarding config>vrrp>policy>priority-event>port-down config>vrrp>policy>priority-event>route-unknown Description This command configures the hold clear time for the event. The seconds parameter specifies the hold-clear time, the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed.

  • Page 505

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Once the hold-set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the current set effect on the virtual router instances in-use priority can be removed. As with lag-port-down events, this may be a decrease in the set effect if the clearing amounts to a lower set threshold.

  • Page 506

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, therefore, there is no impact on the in-use priority. The no form of the command reverts to the default values. Default 0 delta —...

  • Page 507: Priority Policy Port Down Event Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 A weight-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. The no form of the command deletes the event set threshold. The threshold may be removed at any time.

  • Page 508

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Multiple unique port-down event nodes can be configured within the priority-event context up to the overall limit of 32 events. Up to 32 events can be defined in any combination of types. The port-down command can reference an arbitrary port or channel. The port or channel does not need to be preprovisioned or populated within the system.

  • Page 509

    1 to 256 ccag-id ccag-id. path-id[cc-type] ccag keyword 1 to 8 path-id a, b cc-type .sap-net, .net- Values The following values apply to the 7450 ESS: port- slot/mda/ port[.channel] eth-sat-id esat-id/slot/port esat keyword 1 to 20 pxc-id pxc-id.sub-port keyword...

  • Page 510: Priority Policy Lag Events Commands

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The POS channel on the port monitored by the VRRP priority control event. The port-id.channel-id can only be monitored by a single event in this policy. The channel can be monitored by multiple VRRP priority control policies.

  • Page 511

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 • Set – six ports down • Set – seven ports down • Set – eight ports down • Cleared – all ports up When the lag-id is created, or a port in lag-id becomes operationally up or down, the event operational state must be updated appropriately.

  • Page 512: Priority Policy Host Unreachable Event Commands

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 1 to 200 (apply to the 7450 ESS) number-down Syntax [no] number-down number-of-lag-ports-down Context config>vrrp>policy>priority-event>lag-port-down Description This command creates a context to configure an event set threshold within a lag-port-down priority control event. The number-down command defines a sub-node within the lag-port-down event and is uniquely identified with the number-of-lag-ports-down parameter.

  • Page 513

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Context config>vrrp vrrp-policy-id>priority-event>host-unreachable Description This command configures the number of consecutively sent ICMP echo request messages that must fail before the host unreachable priority control event is set. The drop-count command is used to define the number of consecutive message send attempts that must fail for the host-unreachable priority event to enter the set state.

  • Page 514

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The host-unreachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure. The host-unreachable priority event operational state tracks ARP or route table entries dynamically appearing and disappearing from the system.

  • Page 515

    This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d Values The following values apply to the 7750 SR and 7950 XRS: ipv4- a.b.c.d...

  • Page 516

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Context config>vrrp>priority-event>host-unreachable Description This command configures the number of seconds between host unreachable priority event ICMP echo request messages directed to the host IP address. The no form of the command reverts to the default value. Default interval 1 Parameters...

  • Page 517: Priority Policy Route Unknown Event Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 • An internal error occurs preventing message sending (request unsuccessful). • An internal error occurs preventing message reply receiving (request unsuccessful). • A required route table entry does not exist to reach the IP address (request unsuccessful).

  • Page 518

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 The less-specific command eases the RTM lookup criteria when searching for the prefix/ mask-length. When the route-unknown priority event sends the prefix to the RTM (as if it was a destination lookup), the result route table prefix (if a result is found) is checked to see if it is an exact match or a less specific match.

  • Page 519

    — The IP address for an acceptable next hop IP address for a returned route prefix from the RTM when looking up the route-unknown route prefix. Values The following values apply to the 7450 ESS: ipv4-address: a.b.c.d Values The following values apply to the 7750 SR and 7950 XRS: ipv4- a.b.c.d...

  • Page 520

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Parameters bgp — This parameter defines BGP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp parameter, a returned route prefix with a source of BGP will not be considered a match and will cause the event to enter the set state.

  • Page 521

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 The route-unknown command configures a priority control event that defines a link between the VRRP priority control policy and the Route Table Manager (RTM). The RTM registers the specified route prefix as monitored by the policy. If any change (add, delete, new next hop) occurs relative to the prefix, the policy is notified and takes correct action according to the priority event definition.

  • Page 522

    Each session originates a unique identifier value for the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values The following values apply to the 7450 ESS: ip-prefix/ ip-prefix a.b.c.d (host bits must be mask:...

  • Page 523

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 ipv6-address/prefix: ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H prefix-length 1 to 128 Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 524

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 525: Command Hierarchies

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.10 Show, Monitor, Clear, and Debug Command Reference • Command Hierarchies • Command Descriptions The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration. 3.10.1 Command Hierarchies •...

  • Page 526

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3.10.1.3 Clear Commands clear — vrrp — statistics — router — vrrp — interface ip-int-name [vrid virtual-router-id] — interface ip-int-name vrid virtual-router-id ipv6 — statistics interface interface-name [vrid virtual-router-id] — statistics — statistics interface interface-name vrid virtual-router-id ipv6 3.10.1.4 Debug Commands debug...

  • Page 527

    All VRIDs for the IP interface. Values 1 to 255 ipv6 — Specifies the IPv6 instance. Output The following output is an example of VRRP instance information for the 7450 ESS, and Table 42 describes the fields. Sample Output *A:ALA-A# show router vrrp instance...

  • Page 528

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Master Inherit Intvl: No Base Priority : 100 In-Use Priority : 100 Policy ID : n/a Preempt Mode : Yes Ping Reply : No Telnet Reply : No SSH Reply : No Traceroute Reply : No Init Delay Init Timer Expires: 0.000 sec...

  • Page 529

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 VRRP Backup Addr : 5::10 : FE80::10 Admin State : Up Oper State : Up Up Time : 09/23/2004 06:55:12 Virt MAC Addr : 00:00:5e:00:02:0a Config Mesg Intvl : 1.0 In-Use Mesg Intvl : 1.0 Master Inherit Intvl: Yes Base Priority : 100...

  • Page 530

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 42 Show VRRP Instance Output Fields (Continued) Label Description Indicates that the administrative state of the VRRP instance is up. Down Indicates that the administrative state of the VRRP instance is down. Indicates that the operational state of the VRRP instance is up. Down Indicates that the operational state of the VRRP instance is down.

  • Page 531

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 42 Show VRRP Instance Output Fields (Continued) Label Description Inh Int When the VRRP instance is a non-owner and is operating as a backup and the master-int-inherit command is enabled, the master down timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master.

  • Page 532

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 42 Show VRRP Instance Output Fields (Continued) Label Description Ping Reply A non-owner master is enabled to reply to ICMP Echo requests directed to the virtual router instance IP addresses. Ping Reply is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

  • Page 533

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 42 Show VRRP Instance Output Fields (Continued) Label Description Master Priority The priority of the virtual router instance which is the current master. Master Since The date and time when operational state of the virtual router changed to master.

  • Page 534

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 43 Show VRRP Policy Output Fields Label Description Policy Id The VRRP priority control policy associated with the VRRP virtual router instance. A value of 0 indicates that no control policy is associated with the virtual router instance.

  • Page 535

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 43 Show VRRP Policy Output Fields (Continued) Label Description Event Type & ID A delta priority event is a conditional event defined in a priority control policy that subtracts a given amount from the base priority to give the current in-use priority for the VRRP virtual router instances to which the policy is applied.

  • Page 536

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ------------------------------------------------------------------------------- None None None None None None =============================================================================== A:ALA-A# A:ALA-A# show vrrp policy 1 =============================================================================== VRRP Policy 1 =============================================================================== Description : 10.10.200.253 reachability Current Priority: None Applied : No Current Explicit: None Current Delta Sum : None Delta Limit ------------------------------------------------------------------------------- Applied To...

  • Page 537

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Hold Set Config : 0 sec Hold Set Remaining: Expired Value In Use : No Current State : Cleared # trans to Set Previous State : Set-down Last Transition : 04/13/2007 04:54:35 =============================================================================== A:ALA-A# A:ALA-A# show vrrp policy 1 event host-unreachable =============================================================================== VRRP Policy 1, Event Host Unreachable 10.10.200.252...

  • Page 538

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Value In Use : No Current State : n/a # trans to Set Previous State : n/a Last Transition : 04/13/2007 23:10:24 =============================================================================== Table 44 Show VRRP Policy Event Output Fields Label Description Description A text string which describes the VRRP policy.

  • Page 539

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Table 44 Show VRRP Policy Event Output Fields (Continued) Label Description Indicates that the operational state of the VRRP instance is up. Down Indicates that the operational state of the VRRP instance is down. Base Pri The base priority used by the virtual router instance.

  • Page 540

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Table 44 Show VRRP Policy Event Output Fields (Continued) Label Description Priority Effect Delta The priority-level value is subtracted from the associated virtual router instance’s base priority when the event is set and no explicit events are set.

  • Page 541: Monitor Commands

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== Table 45 Show VRRP Statistics Output Fields Label Description VR Id Errors Displays the number of virtual router ID errors. Version Errors Displays the number of version errors.

  • Page 542

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. ipv6 — Specifies to monitor IPv6 instances. Output The following output is an example of VRRP instance information. Sample Output *A:ALA-A# monitor router vrrp instance interface n2 vr-id 1 ===============================================================================...

  • Page 543

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 3.10.2.3 Clear Commands interface Syntax interface ip-int-name [vrid virtual-router-id] interface ip-int-name vrid virtual-router-id ipv6 Context clear>router>vrrp Description This command resets VRRP protocol instances on an IP interface. Parameters ip-int-name — The IP interface to reset the VRRP protocol instances. vrid vrid —...

  • Page 544

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 vrid virtual-router-id — Clears the VRRP statistics for the specified VRRP instance on the IP interface. Default All VRRP instances on the IP interface. Values 1 to 255 policy [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control policy.

  • Page 545

    ROUTER CONFIGURATION GUIDE VRRP RELEASE 15.0.R5 Description This command enables debugging for VRRP packets. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id — Displays the specified VRID. Issue: 01 3HE 11976 AAAC TQZZA 01...

  • Page 546

    VRRP ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11976 AAAC TQZZA 01 Issue: 01...

  • Page 547: Filter Policies

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 4 Filter Policies 4.1 ACL Filter Policy Overview ACL filter policies, also referred to as Access Control Lists (ACLs) or just “filters”, are sets of ordered rule entries specifying packet match criteria and actions to be performed to a packet upon a match.

  • Page 548: Filter Policy Basics

    Filter policies are associated with interfaces/services/ subscribers separately in the ingress and egress directions. A policy deployed on ingress and egress direction can be the same or different. In general, Nokia recommends using different filter policies for the ingress and egress directions and to use different filter policies per service type, since filter policies support different match criteria and different actions for different directions/service contexts.

  • Page 549: Filter Policy Packet Match Criteria

    (if applicable). Support for match criteria may depend on hardware or filter direction, as described below. Nokia recommends not configuring a filter in a direction or on hardware where a match criterion is not supported as this may lead to unwanted behavior.

  • Page 550

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Fragmentation match criteria: • fragment — Enable fragmentation support in the filter policy match. For IPv4, match against the MF bit or Fragment Offset field to determine whether the packet is a fragment. For IPv6 for the 7750 SR and 7950 XRS, match against the Next Header Field for Fragment Extension Header value to determine whether the packet is a fragment.

  • Page 551: Mac Filter Policy Entry Match Criteria

    H/W and/or filter direction as per below description. Match criterion is blocked if it is not supported by a specified frame-type or MAC filter sub-type. Nokia recommends not configuring a filter in a direction or on hardware where a match condition is not supported as this may lead to unwanted behavior.

  • Page 552: Ip Exception Filters

    IP Exception Filters An NGE node supports IPv4 exception filters. For information on IP exception filters, refer to the “Router Encryption Exceptions using ACLs” section in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN.

  • Page 553: Filter Policy Actions

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 4.1.1.5 Filter Policy Actions The actions are supported by ACL filter policies: • drop — Allows operators to deny traffic to ingress or egress the system. − IPv4 packet-length and IPv6 payload-length conditional drop — Traffic can be dropped based on IPv4 packet length or IPv6 payload length by specifying a packet length or payload length value or range within the drop filter action (the IPv6 payload length field does not account for the size of...

  • Page 554

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • drop-extracted-traffic — Traffic extracted to the CPM can be dropped using ingress IPv4 and IPv6 filter policies based on filter match criteria. Any IP traffic extracted to the CPM is subject to this filter action, including routing protocols, snooped traffic, and TTL expired traffic.

  • Page 555

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Packets that match a filter policy’s entry match criteria and the rate-limit packet-length-value or rate-limit payload-length-value are rate limited. Packets that match only the filter policy’s entry match criteria and do not match the rate-limit packet-length-value or rate-limit payload-length-value are forwarded with no further match in subsequent filter entries.

  • Page 556

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 is an egress PBR action. Processing defined by pbr-down-action-override does not apply if the action is deployed in the wrong direction. If a packet matches a filter PBR entry and the entry is not activated for the direction in which the filter is deployed, action forward is executed.

  • Page 557

    Packets are dropped if they cannot be routed in the configured routing instance. For further details, see section “Traffic Leaking to GRT” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN.

  • Page 558

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 − gtp-local-breakout — Forwards matching traffic to NAT instead of being GTP tunneled to the mobile operator’s PGW or GGSN. The action applies to GTP-subscriber-hosts. If filter is deployed on other entities, action forward is applied.

  • Page 559: Viewing Filter Policy Actions

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Table 46 Default behavior when a PBR/PBF target is down (Continued) PBR/PBF action Default behavior when down forward lsp Forward forward next-hop (any type) Drop forward redirect-policy Forward when redirect policy is shutdown forward redirect-policy Forward when destination tests are enabled and the best destination is not reachable...

  • Page 560

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 From a configuration point of view, the show command output displays the main action (primary and secondary), as well as the extended action. The “PBR Target Status” field shows the basic information that the system has of the target based on simple verification methods.

  • Page 561: Filter Policy Statistics

    • Two consecutive bulk requests for one entry will return the same values if the cache has not been refreshed between the two requests. The refresh interval is platform/release dependent. Contact your Nokia representative for more information. • The cache is currently used only for Open Flow statistics retrieval. See...

  • Page 562: Filter Policy Logging

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.1.8 Filter Policy Logging SR OS supports logging of the information from the packets that match a specific filter policy. Logging is configurable per filter policy entry by specifying preconfigured filter log (config>filter>log). A filter log can be applied to ACL filters and CPM hardware filters.

  • Page 563: Filter Policy Cflowd Sampling

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 4.1.1.9 Filter Policy cflowd Sampling Filter policies can be used to control how cflowd sampling is performed on an IP interface. If an IP interface has cflowd sampling enabled, an operator can exclude some flows for interface sampling by configuring filter policy rules that match the flows and by disabling interface sampling as part of the filter policy entry configurations (interface-disable-sample).

  • Page 564: Filter Policy Advanced Topics

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.1.10.2 Filter Policy Copy and Renumbering To assist operators in filter policy management, SR OS supports entry copy and entry renumbering operations. Filter copy allows operators to perform bulk operations on filter policies by copying one filter’s entries to another filter.

  • Page 565

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Figure 26 IOM/CPM Filter Policy Using Individual Address Prefixes IPv4 Prefix 1 Entry K+1 +1: match IPv4 Prefix 1 Entry K+2 IPv4 Prefix 2 : match IPv4 Prefix 2 Entry M+1 match IPv4 Prefix 1 Entry M+2 match IPv4 Prefix 2 Entry M+N...

  • Page 566

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 27 IOM/CPM Filter Policy Using an Address Prefix Match List Entry K IPv4 Prefix 1 match: IPv4 Prefix List A IPv4 Prefix 2 IPv4 Prefix List A Entry M IPv4 Prefix N match: IPv4 Prefix List A CPM Filter IOM Filters...

  • Page 567: Embedded Filters

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Using the filter match-list apply-path capability, the operator can: • specify one or more regex expression matches against the SR OS configuration per list • specify wildcard matches by specifying the regex wildcard match expression (“.*”) •...

  • Page 568

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4. When embedding an embedded filter, an operator may want to change or deactivate an embedded filter policy entry in the embedding filter, allowing for customization of the common embedded filter policy rules by the embedding filter.

  • Page 569: System-level Ipv4/ipv6 Line Card Filter Policy

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Figure 28 Embedded Filter Policy ip-filter 10 ip-filter 1 ip-filter 20 scope embedded embed-filter 10 offset 0 embed-filter 10 offset 0 Entry 10 Entry 10 Entry 10 Entry 20 Entry 20 Entry 50 Entry 50 Entry 50 Entry 70...

  • Page 570: Primary And Secondary Filter Policy Action For Pbr/pbf Redundancy

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 System filter policies can be populated using CLI/SNMP/Netconf management interfaces and Openflow policy interface. System filter policy entries cannot be populated using flowspec, RADIUS, or Gx. System filter policy scale is identical to a corresponding IPv4 or IPv6 filter policy scale.

  • Page 571

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 • action forward sdp AND action secondary forward sdp • action forward sap AND action secondary forward sdp • action forward sdp AND action secondary forward sap For Layer 3 PBR redundancy, an operator can configure any of the following actions as a primary action and any (either same or different than primary) of the following as a secondary action.

  • Page 572: Extended Action For Performing Two Actions At A Time

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 *A:vsim-200001# show filter ip 10 entry 1000 … Primary Action : Forward (SAP) <-details of (primary) action Next Hop : 1/1/1 Service Id : Not configured PBR Target Status : Does not exist Secondary Action : Forward (SAP) <-details...

  • Page 573: Advanced Vprn Redirection

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 If the status of the target of the main action is tracked, which is the case, amongst others, for PBR/PBF redundancy, the extended action listed above will not be performed when the PBR target is down. Moreover, a filter policy containing an entry with the extended action remark dscp will be blocked in the following cases: if applied on ingress with the egress-pbr flag set, if applied on egress without the egress-pbr flag set.

  • Page 574: Destination Mac Rewrite When Deploying Policy-based Forwarding

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Note: While the system only performs the redirection when the traffic is effectively able to reach the target BGP next-hop, it does not verify whether the redirected packets will effectively reach their destination after that. This action is resilient in that it tracks events affecting the redirection at the service level and reacts to those events.

  • Page 575

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Figure 29 Layer 2 Policy-Based Forwarding (PBF) redirect action CPE: Single static route, 0.0.0.0/0 next-hop 10.0.0.1 Follows “black path” to PE facing legacy network IP:10.0.0.1 Mac_A Legacy Network L2 Switch VPRN Access/ VPLS Netw IP:10.0.0.1 Mac_B...

  • Page 576: Network-port Vprn Filter Policy

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.2.8 Network-port VPRN Filter Policy Network-port Layer 3 service-aware filter feature allows operators to deploy VPRN service aware ingress filtering on network ports. A single ingress filter of scope template can each be defined for IPv4 and for IPv6 against a VPRN service. The filter applies to all unicast traffic arriving on auto-bind and explicit-spoke network interfaces for that service.

  • Page 577: Vid Mac Filters

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 The ISID match criteria are exclusive with any other criteria under mac-filter. A new mac-filter type attribute is defined to control the use of ISID match criteria and must be set to ISID to allow the use of ISID match criteria. 4.1.2.10 VID MAC Filters VID filters are a type of MAC filters that extend the capability of current Ethernet ports...

  • Page 578

    SAP-ingress QoS setting allows for MAC-criteria type VID, which uses the VID filter matching capabilities of QoS and VID Filters (see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide). A VID filter entry can also be used as a debug or lawful intercept mirror source entry.

  • Page 579

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 VID filters are available on Ethernet SAPs for Epipe, VPLS, or I-VPLS including eth- tunnel and eth-ring services. 4.1.2.10.1 Arbitrary Bit Matching of VID Filters In addition to matching an exact value, a VID filter mask allows masking any set of bits.

  • Page 580

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.2.10.2 Port Group Configuration Example Figure 31 Port Groups C-VID Filters are Configured per Sub-group (S-VID) (Example) SVID=1 / CVID=30: Discard SVID=2 / CVID=30: Forward Legend S-TAG Sub-group 2 C-TAG Sub-group 1 : Data : Discard 10 30 Discards Frames...

  • Page 581: Redirect Policies

    RELEASE 15.0.R5 The VSR supports IPv4 exception filters. For information on IP exception filters, refer to the “Router Encryption Exceptions using ACLs” section in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN.

  • Page 582

    • Redirect policy is supported for ingress IPv4 and IPv6 filter policies only. • SNMP and URL tests are not supported for IPv6. • Different platforms support different scale for redirect policies. Contact your local Nokia representative to ensure the planned deployment does not exceed recommended scale. 4.1.2.12.1 Router Instance Support for Redirect Policies There are two modes of deploying redirect policies on VPRN interfaces.

  • Page 583: Http-redirect (captive Portal)

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 − When a PBR destination is up, the PBR lookup is performed in the redirect policy's configured routing instance. When that instance differs from the incoming interface where the filter policy using the specific redirect policy is deployed, the PBR action is equivalent to forward next-hop router filter policy action.

  • Page 584: Traffic Flow

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.1.2.13.1 Traffic Flow The following example provides a brief scenario of a customer connection with web redirection. 1. The customer gets an IP address using DHCP (if the customer is trying to set a static IP he will be blocked by the anti-spoofing filter).

  • Page 585: Filter Policies And Dynamic Policy-driven Interfaces

    The subscriber identification string is available only when used with subscriber management. Refer to the subscriber management section of the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide and the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

  • Page 586: Filter Policy-based Esm Service Chaining

    For RADIUS, operator can assign filter policies to a subscriber, and populate filter policies used by the subscriber within a preconfigured block reserved for RADIUS filter entries. See the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide and filter RADIUS-related commands for more details.

  • Page 587

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 On the left in Figure 33, the per-tier-of-service ACL model is depicted. Each tier of service (Gold or Silver) has a dedicated embedded VAS filter (“Gold VAS”, “Silver VAS”) that contains all steering rules for all service chains applicable to the specific tier.

  • Page 588

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 34 shows upstream VAS service chaining steering using filter policies. Upstream subscriber traffic entering Res-GW is subject to the subscriber's ingress ACL filter assigned to that subscriber by a policy server. If the ACL contains VAS steering rules, the VAS-rule-matching subscriber traffic is steered for VAS processing over a dedicated to-from-access VAS interface in the same or a different routing instance.

  • Page 589

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Figure 35 Downstream ESM ACL-policy based service chaining DC VAS Service - SFC rules for downstream chains embedded into per Downstream VAS-processed Traffic residential service ACLs - Traffic enters Res-GW on dedicated subscribers are assigned to via to-from-access interface (required tp Radius based on tier-of-service.

  • Page 590

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 • downstream traffic destined for subscribers arriving from network interfaces must be redirected to a VAS PBR target reachable over this interface for downstream VAS processing • upstream traffic after VAS processing, if returned to the router, must arrive on this interface so that regular routing can be applied •...

  • Page 591: Policy-based Forwarding For Deep Packet Inspection In Vpls

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 • action forward esi sf-ip vas-interface router for an integrated service chaining solution Operational notes: • Downstream traffic steered toward a VAS on the subscriber-facing IOM is reclassified (FC and profile) based on the subscriber egress QoS policy, and is queued toward the VAS based on the network egress QoS configuration.

  • Page 592

    VPLS service. For information about configuring services, refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN.

  • Page 593

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 service-mtu 1400 split-horizon-group "dpi" residential-group create exit split-horizon-group "split" create exit shutdown exit sap 1/1/21:1 split-horizon-group "split" create disable-learning static-mac 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit...

  • Page 594

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 exit sap 1/1/5:5 split-horizon-group "split" create ingress filter mac 100 exit static-mac 00:00:00:31:15:05 create exit sap 1/1/21:1 split-horizon-group "split" create disable-learning static-mac 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create...

  • Page 595: Configuring Filter Policies With Cli

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 4.2 Configuring Filter Policies with CLI This section provides information to configure filter policies using the command line interface. 4.2.1 Common Configuration Tasks This section provides a brief overview of the tasks that must be performed for both IP and MAC filter configurations and provides the CLI commands.

  • Page 596

    A:ALA-7>config>filter>ip-filter# Configuring the HTTP-Redirect Option If http-redirect is specified as an action, a corresponding forward entry must be specified before the redirect. Http-redirect is not supported on the 7450 ESS-1 model. The following displays an http-redirect configuration example: A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "Captive Portal Filter"...

  • Page 597

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# Cflowd Filter Sampling Within a filter entry, you can specify that traffic matching the associated IPv4 filter entry is sampled if the IPv4 interface is set to cflowd acl mode. Enabling filter- sample enables the cflowd tool.

  • Page 598: Creating An Ipv6 Filter Policy

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 4.2.1.2 Creating an IPv6 Filter Policy Configuring and applying IPv6 filter policies is optional. IPv6 filter policies must be configured separately from IP (IPv4) filter policies. The configuration mimics IP filter policy configuration. See Creating an IPv4 Filter Policy.

  • Page 599: Mac Filter Entry

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids" match isid 150 exit action forward exit 4.2.1.3.3 MAC VID Filter Policy The following example shows a VID filter policy configuration: A:TOP_NODE>config>filter>mac-filter# info ---------------------------------------------- default-action forward...

  • Page 600: Creating An Ip Exception Filter Policy

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 4.2.1.4 Creating an IP Exception Filter Policy Configuring and applying IP exception filter policies is optional. Each exception filter policy must have the following: •...

  • Page 601

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 4.2.1.4.2 IP Exception Entry Matching Criteria Within an exception filter policy, configure exception entries that contain criteria against which ingress, egress, and network traffic is matched. Packets that match the entry criteria are allowed to transit the NGE domain in clear text. •...

  • Page 602: Creating A Match List For Filter Policies

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 A:domain1>config>filter>ip-except# 4.2.1.5 Creating a Match List for Filter Policies IP filter policies support usage of match lists as a single match criteria. To create a match list you must: • Specify a type of a match list (IPv4 address prefix for example). •...

  • Page 603

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 Table 47 Applying Filter Policies (Continued) IPv4 and IPv6 Filter Policies MAC Filter Policies Fpipe SAP, spoke SDP IES interface SAP, spoke SDP, R-VPLS Ipipe SAP, spoke SDP VPLS mesh SDP, spoke SDP, SAP VPLS mesh SDP, spoke SDP, SAP VPRN interface SAP, spoke SDP, R-VPLS, network ingress Network interface...

  • Page 604

    Filter Policies ROUTER CONFIGURATION GUIDE RELEASE 15.0.R5 address 192.22.1.1/24 sap 2/1/3:0 create exit ipv6 ingress filter ipv6 100 egress filter ipv6 100 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# 4.2.1.6.2 Applying IPv4/IPv6 Filter Policies to a Network Port IP filter policies can be applied to network IPv4/IPv6 interfaces. MAC filters cannot be applied to network IP interfaces or to routable IES services.

  • Page 605: Creating A Redirect Policy

    ROUTER CONFIGURATION GUIDE Filter Policies RELEASE 15.0.R5 ingress filter ip 2 filter ipv6 1 exit e