Download Print this page

Alcatel-Lucent 7710 SR OS Configuration Manual

Router

Hide thumbs Also See for 7710 SR OS:

Configuration manual (566 pages)

,

Interface configuration manual (436 pages)

Table Of Contents

page of 534

/ 534
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual

7710 SR OS

Router Configuration Guide

Software Version: 7710 SR OS 10.0 R5

September 2012

Document Part Number: 93-0082-08-03

*93-0082-08-03*

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 7710 SR OS and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent 7710 SR OS

Page 1 7710 SR OS Router Configuration Guide Software Version: 7710 SR OS 10.0 R5 September 2012 Document Part Number: 93-0082-08-03 *93-0082-08-03*...
Page 2 This document is protected by copyright. Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7710 SR-Series Router Configuration Process ....... . .17 IP Router Configuration Configuring IP Router Parameters .
Page 4 VRRP Priority Control Policies ............236 Page 4 7710 SR OS Router Configuration Guide...
Page 5 Priority Policy Route Unknown Event Commands ........304 7710 SR OS Router Configuration Guide...
Page 6 Renumbering Filter Policy Entries ........... .375 Page 6 7710 SR OS Router Configuration Guide...
Page 7 Configuring Cflowd Collectors ............498 7710 SR OS Router Configuration Guide...
Page 8 ................535 Page 8 7710 SR OS Router Configuration Guide...
Page 9 Show Cflowd Status Output Fields ..........525 7710 SR OS Router Configuration Guide...
Page 10 List of Tables Page 10 7710 SR OS Router Configuration Guide...
Page 11 Cflowd Configuration and Implementation Flow ........486 7710 SR OS Router Configuration Guide...
Page 12 List of Figures Page 12 7710 SR OS Router Configuration Guide...
Page 13: Ip Router Configuration
It is assumed that the network administrators have an understanding of networking principles and configurations. Protocols, standards, and services described in this manual include the following: • IP router configuration • Virtual routers • IP-based filters • Cflowd 7710 SR OS Router Configuration Guide Page 13...
Page 14: List Of Technical Publications
• 7710 SR OS Quality of Service Guide This guide describes how to configure Quality of Service (QoS) policy management. Page 14 7710 SR OS Router Configuration Guide7710 SR OS Router Configuration Guide...
Page 15: Technical Support
If you purchased a service agreement for your router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center at: Web: http://www.alcatel-lucent.com/wps/portal/support...
Page 16 Preface Page 16 7710 SR OS Router Configuration Guide7710 SR OS Router Configuration Guide...
Page 17: Getting Started
VRRP on page 223 tion IP and MAC filters Filter Policies on page 327 Cflowd Cflowd on page 471 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 527 proprietary entities. 7710 SR OS Router Configuration Guide Page 17...
Page 18: Getting Started
Getting Started Page 18 7710 SR OS Router Configuration Guide...
Page 19: Ip Router Configuration
Interfaces on page 20  Autonomous Systems (AS) on page 37  Confederations on page 38  Proxy ARP on page 40  Bi-directional Forwarding Detection on page 49 • Configuration Notes on page 58 7710 SR OS Router Configuration Guide Page 19...
Page 20: Configuring Ip Router Parameters
Confederations on page 38 • Proxy ARP on page 40 Refer to 7710 SR OS Triple Play Guide for information about DHCP and support as well as configuration examples. on page 33 Interfaces Alcatel-Lucent routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (network and system) and address.
Page 21: Network Domains
This means that all SAPs in VPLS will have queue reaching all fwd- complexes serving interfaces that belong to the same network-domains as the SDPs. It is possible to assign/remove network-domain association of the interface/SDP without requiring deletion of the respective object. 7710 SR OS Router Configuration Guide Page 21...
Page 22: System Interface
If there is a default route in the router and the packets are coming from the interface that the default route is pointing to, the following can occur: Page 22 7710 SR OS Router Configuration Guide...
Page 23  The source IP address of the packet matches a route in the forwarding table, but the next-hop of the route is not on this specific interface. If the source IP address matches a discard/blackhole route, the packet is treated as if it failed uRPF check. 7710 SR OS Router Configuration Guide Page 23...
Page 24: Creating An Ip Address Range
10.10.0.0/16, and a new service prefix is configured as 10.10.10.0/24, then the 10.10.0.0/16 entry will be removed, provided that no services are configured that use 10.10.x.x addresses other than 10.10.10.x. Page 24 7710 SR OS Router Configuration Guide...
Page 25: Qos Policy Propagation Using Bgp (Qppb)
XYZ into the QoS class implied by the BGP community value. QPPB may also be used to request that traffic sourced from certain networks receive appropriate QoS handling in downstream nodes that may span different administrative domains. This can be 7710 SR OS Router Configuration Guide Page 25...
Page 26 ISP’s network do not need to rely on QPPB to determine the correct forwarding-class to use for the traffic. Note however, that the DSCP or other COS markings could be left unchanged in the ISP’s network and QPPB used on every node. Page 26 7710 SR OS Router Configuration Guide...
Page 27: Ip Router Configuration
Content Provider interface to determine fc AS 300 Provider Peer AS 200 ASBR 2 PE 1 ASBR 1 OSSG639 Figure 1: Use of QPPB to Differentiate Traffic in an ISP Network 7710 SR OS Router Configuration Guide Page 27...
Page 28: Qppb
A route policy that includes the fc command in one or more entries can be used in any import or export policy but the fc command has no effect except in the following types of policies: • VRF import policies:  config>service>vprn>vrf-import Page 28 7710 SR OS Router Configuration Guide...
Page 29 IPv4 and IPv6 static routes. This is achieved using the following modified versions of the static- route commands: • static-route {ip-prefix/prefix-length|ip-prefix netmask} [fc fc-name [priority {low | high}]] next-hop ip-int-name|ip-address • static-route {ip-prefix/prefix-length|ip-prefix netmask} [fc fc-name [priority {low | high}]] indirect ip-address 7710 SR OS Router Configuration Guide Page 29...
Page 30 A:Dut-A# show router route-table 10.1.5.0/24 qos =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 10.1.5.0/24 Remote 15h32m52s PE1_to_PE2 h1, high ------------------------------------------------------------------------------- No. of Routes: 1 =============================================================================== A:Dut-A# Page 30 7710 SR OS Router Configuration Guide...
Page 31 Currently, QPPB is not supported for ingress MPLS traffic on network interfaces or on CsC PE’- CE’ interfaces (config>service>vprn>nw-if). 7710 SR OS Router Configuration Guide Page 31...
Page 32 QPPB classification is based on the forwarding-class and priority of the route matching IP address Y if the IP filter action redirects the packet to the indirect next-hop IP address Y, even if X is matched by a route with a forwarding-class and priority Page 32 7710 SR OS Router Configuration Guide...
Page 33: Qppb And Grt Lookup
DSCP/IP prec/802.1p and if fc1 mapped to a profile mode queue then it is based on the profile state of fc1). Table 2 summarizes these interactions. 7710 SR OS Router Configuration Guide Page 33...
Page 34: Table 2: Qppb Interactions With Sap Ingress Qos
If DE=1 override then From new From original FC mode queue low otherwise from base FC and sub-class QPPB. If no DEI or QPPB overrides then from original dot1p/ exp/DSCP mapping or policy default. Page 34 7710 SR OS Router Configuration Guide...
Page 35 From new From original FC queue base FC packet is marked in or base FC and sub-class unless out of profile in which overridden case follows profile. by DE=1 Default is high priority 7710 SR OS Router Configuration Guide Page 35...
Page 36: Router Id
If neither the system interface or router ID are implicitly specified, then the router ID is inherited from the last four bytes of the MAC address. • The router can be derived on the protocol level; for example, BGP. Page 36 7710 SR OS Router Configuration Guide...
Page 37: Autonomous Systems (As)
AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. 7710 SR OS Router Configuration Guide Page 37...
Page 38: Confederations
To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router. Setting BGP policies to select an optimal path through a confederation requires other BGP modifications. Page 38 7710 SR OS Router Configuration Guide...
Page 39: Figure 2: Confederation Configuration
AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 Figure 2: Confederation Configuration 7710 SR OS Router Configuration Guide Page 39...
Page 40: Proxy Arp
Static ARP is used when an Alcatel-Lucent router needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 41: Dhcp Relay
IP Router Configuration DHCP Relay Refer to 7710 SROS Triple Play Guide for information about DHCP and support provided by the 7710 SR as well as configuration examples. 7710 SR OS Router Configuration Guide Page 41...
Page 42: Internet Protocol Versions
(optional) data confidentiality are specified for IPv6. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Prio. | Flow Label +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Payload Length Next Header Hop Limit +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: IPv6 Header Format Page 42 7710 SR OS Router Configuration Guide...
Page 43: Table 3: Ipv6 Header Field Descriptions
Source Address 128-bit address of the originator of the packet. Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient if a routing header is present). 7710 SR OS Router Configuration Guide Page 43...
Page 44: Ipv6 Applications
Figure 4: IPv6 Internet Exchange • IPv6 transit services — Figure 5 shows IPv6 transit provided by an ISP. Customer 1 2001:0410:0001:/48 2001:0410::/32 Customer 2 2001:0410:0002:/4 IPIPE_008 Figure 5: IPv6 Transit Services Page 44 7710 SR OS Router Configuration Guide...
Page 45: Figure 6: Ipv6 Services To Enterprise Customers And Home Users
IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. Alcatel-Lucent router supports dynamic IPv6 over IPv4 tunneling. The ipv4 source and destination address are taken from configuration, the source address is the ipv4 system address and the ipv4 destination is the next hop from the configured 6over4 tunnel.
Page 46: Dns
AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address since IPv6 addresses are more difficult to remember than IPv4 addresses. Page 46 7710 SR OS Router Configuration Guide...
Page 47: Ipv6 Provider Edge Router Over Mpls (6Pe)
MPLS labels. 6PE is a cost effective solution for IPv6 deployment. MP-BGP sessions 2001:0620 2001:0420 145:950.0 2001:0421 Dual Stack IPv4-IPv6 routers Dual Stack IPv4-IPv6 routers 2001:0621 IPv4 MPLS Fig_30 Figure 8: Example of a 6PE Topology within One AS 7710 SR OS Router Configuration Guide Page 47...
Page 48 The egress 6PE router pops the top LDP tunnel label. It sees the IPv6 explicit null label, which indicates an IPv6 packet is encapsulated. It also pops the IPv6 explicit null label and performs an IPv6 route lookup to find out the next hop for the IPv6 packet. Page 48 7710 SR OS Router Configuration Guide...
Page 49: Bi-Directional Forwarding Detection
IP TTL should be 255 but can still be processed if it is not (assuming the packet passes the enabled authentication mechanism). If multiple BFD sessions exist between two nodes, the BFD discriminator is used to de-multiplex the BFD control packet to the appropriate BFD session. 7710 SR OS Router Configuration Guide Page 49...
Page 50: Control Packet Format
The final bit. If set, the transmitting system is responding to a received BFD control packet that had the poll (P) bit set. Rsvd Reserved bits. These bits must be zero on transmit and ignored on receipt. Page 50 7710 SR OS Router Configuration Guide...
Page 51 This is the minimum interval, in microseconds, between received BFD echo pack- Interval ets that this system is capable of supporting. If this value is zero, the transmitting system does not support the receipt of BFD echo packets. 7710 SR OS Router Configuration Guide Page 51...
Page 52: Bfd For Rsvp-Te
POS interfaces (including APS) • Channelized interfaces (PPP, HDLC, FR and ATM) on ASAP (priority 1) and channelized MDAs (Priority 2) including link bundles and IMA • Spoke SDPs • LAG interfaces • VSM interfaces Page 52 7710 SR OS Router Configuration Guide...
Page 53: Echo Support
This allows the echo sender to send BFD echo packets at any rate. Note that the SR-OS router does not support the sending of echo requests, only the response to echo requests. 7710 SR OS Router Configuration Guide Page 53...
Page 54: Bfd Support For Bgp
The MPLS LSP associated with the spoke SDP can enter or egress from multiple interfaces on the box. BFD for these types of interfaces can not exist on the IOM itself. Page 54 7710 SR OS Router Configuration Guide...
Page 55: Figure 10: Bfd For Ies/Vprn Over Spoke Sdp
VPRN VPRN In this case BFD is run between the IES/VPRN interfaces Metro Metro independent of the SPD/LSP paths POP 4 POP 3 Fig_31 Figure 10: BFD for IES/VPRN over Spoke SDP 7710 SR OS Router Configuration Guide Page 55...
Page 56: Figure 11: Bfd Over Lag
LAG i/f LAG i/f LAG i/f IES/ Note: VPRN In this case BFD is run between the IES/VPRN interfaces independent of the LAG or its members Fig_32 Figure 11: BFD over LAG Page 56 7710 SR OS Router Configuration Guide...
Page 57: Process Overview
Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. • Confederation — (Optional) Creates confederation autonomous systems within an AS to reduce the number of IBGP sessions required within an AS. 7710 SR OS Router Configuration Guide Page 57...
Page 58: Configuration Notes
 Chassis systems running in chassis mode c or d.  Chassis systems running in mixed-mode with IPv6 functionality limited to those interface on slots with IOM3-XPs/IMMs or later line cards.  7710 SR-c4/c12. Page 58 7710 SR OS Router Configuration Guide...
Page 59: Configuring An Ip Router With Cli
Service Management Tasks on page 87 • Service Management Tasks on page 87  Changing the System Name on page 87  Modifying Interface Parameters on page 88  Deleting a Logical IP Interface on page 89 7710 SR OS Router Configuration Guide Page 59...
Page 60: Router Configuration Overview
Router Configuration Overview In an Alcatel-Lucent router, an interface is a logical named entity. An interface is created by specifying an interface name under the context. This is the global router configure>router configuration context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters long, must start with a letter, and is case-sensitive;...
Page 61: Basic Configuration
# Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 confederation 1000 members 100 200 300 router-id 10.10.10.103 exit isis exit #------------------------------------------ A:ALA-A> config# 7710 SR OS Router Configuration Guide Page 61...
Page 62: Common Configuration Tasks
The following example displays the system name output. A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit Page 62 7710 SR OS Router Configuration Guide...
Page 63 IP Router Configuration . . . exit 7710 SR OS Router Configuration Guide Page 63...
Page 64: Configuring Interfaces
CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all- ones | host-ones}] cflowd {acl | interface} egress filter ip ip-filter-id filter ipv6 ipv6-filter-id ingress filter ip ip-filter-id filter ipv6 ipv6-filter-id port port-name Page 64 7710 SR OS Router Configuration Guide...
Page 65 10 exit exit #------------------------------------------ A:ALA-A>config>router# To enable CPU protection: CLI Syntax: config>router interface interface-name cpu-protection policy-id CPU protection policies are configured in the config>sys>security>cpu-protection context. See the OS System Management Guide. 7710 SR OS Router Configuration Guide Page 65...
Page 66: Configuring Ipv6 Parameters
[number seconds] time-exceeded [number seconds] unreachables [number seconds] neighbor ipv6-address mac-address The following displays a configuration example showing interface information. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/2/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# Page 66 7710 SR OS Router Configuration Guide...
Page 67: Configuring Ipv6 Over Ipv4 Parameters
::C8C8:C802/128 indirect 200.200.200.2 interface ip-int-name address {ip-address/mask|ip-address netmask} [broadcast all-ones|host-ones] port port-name The following displays configuration output showing interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.1" address 1.1.1.1/30 port 1/1/1 exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 67...
Page 68 {ip-address/mask|ip-address netmask} [broad- cast all-ones|host-ones] ipv6 address ipv6-address/prefix-length [eui-64] The following displays configuration output showing interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "system" address 200.200.200.1/32 ipv6 address 3FFE::C8C8:C801/128 exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 68 7710 SR OS Router Configuration Guide...
Page 69 The following displays a configuration showing BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.1 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.2 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 69...
Page 70 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 70 7710 SR OS Router Configuration Guide...
Page 71: Tunnel Egress Node
[eui-64] port port-name The following displays interface configuration. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.2" address 1.1.1.2/30 port 1/1/1 exit interface "system" address 200.200.200.2/32 ipv6 address 3FFE::C8C8:C802/128 exit exit ---------------------------------------------- 7710 SR OS Router Configuration Guide Page 71...
Page 72 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 72 7710 SR OS Router Configuration Guide...
Page 73: Router Advertisement
The following displays a router advertisement configuration example. *A:sim131>config>router>router-advert# info ---------------------------------------------- interface "n1" prefix 3::/64 exit use-virtual-mac no shutdown exit ---------------------------------------------- *A:sim131>config>router>router-advert# interface n1 *A:sim131>config>router>router-advert>if# prefix 3::/64 *A:sim131>config>router>router-advert>if>prefix# info detail ---------------------------------------------- autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000 ---------------------------------------------- *A:tahi>config>router>router-advert>if>prefix# 7710 SR OS Router Configuration Guide Page 73...
Page 74: Configuring Ipv6 Parameters
100 10 time-exceeded 100 10 unreachables 100 10 exit ---------------------------------------------- A:ALA-49>config>router>if>ipv6# exit all The following displays an IPv6 configuration example. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/3/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# Page 74 7710 SR OS Router Configuration Guide...
Page 75 "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7710 SR OS Router Configuration Guide Page 75...
Page 76: Configuring Proxy Arp
For more information about route policies, refer to the OS Routing Protocols Guide. • Apply the policy statement to the proxy-arp configuration in the config>router>interface context. CLI Syntax: config>router# policy-options begin commit prefix-list name prefix ip-prefix/mask [exact|longer|through length|prefix-length-range length1-length2] Page 76 7710 SR OS Router Configuration Guide...
Page 77 10.20.30.0/24 through 32 exit prefix-list "prefixlist2" prefix 10.10.10.0/24 through 32 exit policy-statement "ProxyARPpolicy" entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# 7710 SR OS Router Configuration Guide Page 77...
Page 78 Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [policy-name...(upto 5 max)] remote-proxy-arp The following displays a proxy ARP configuration example: A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# Page 78 7710 SR OS Router Configuration Guide...
Page 79: Creating An Ip Address Range
All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP. The following is an example of the resolution process. 7710 SR OS Router Configuration Guide Page 79...
Page 80 When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM will spray the packets for this route based on hashing routine currently supported for IPv4 packets. Page 80 7710 SR OS Router Configuration Guide...
Page 81 IGP route resolution. BGP will continue to resolve a BGP next-hop to an LDP shortcut if the user enabled the LDP shortcut option in BGP BGP-Shortcut: CLI Syntax: config>router>bgp>igp-shortcut ldp 7710 SR OS Router Configuration Guide Page 81...
Page 82 FEC origination of IGP learned routes and subscriber/host routes statically configured or dynamically learned over subscriber IES interfaces. An LDP LSP used as a shortcut by IPv4 packets may also be tunneled using the LDP-over-RSVP feature. Page 82 7710 SR OS Router Configuration Guide...
Page 83: Deriving The Router Id
{ip-address/mask | ip-address netmask} [broad- cast all-ones | host-ones] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# 7710 SR OS Router Configuration Guide Page 83...
Page 84: Configuring A Confederation
A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# Page 84 7710 SR OS Router Configuration Guide...
Page 85: Configuring An Autonomous System
The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# 7710 SR OS Router Configuration Guide Page 85...
Page 86: Configuring Overload State On A Single Sfm
IGP will cause PIM to join the new path and prune the old path, which effectively reroutes the multicast traffic downstream. When the problem is resolved, the overload condition is cleared, which will cause the traffic to be routed back to the router. Page 86 7710 SR OS Router Configuration Guide...
Page 87: Service Management Tasks
"TGIF" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# 7710 SR OS Router Configuration Guide Page 87...
Page 88: Modifying Interface Parameters
A:ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# Page 88 7710 SR OS Router Configuration Guide...
Page 89: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# 7710 SR OS Router Configuration Guide Page 89...
Page 90 Page 90 7710 SR OS Router Configuration Guide...
Page 91: Ip Router Command Reference
Router Interface IPv6 Commands on page 95 • Router Advertisement Commands on page 96 • Show Commands on page 97 • Clear Commands on page 99 • Debug Commands on page 100 7710 SR OS Router Configuration Guide Page 91...
Page 92 [tag tag] [enable | disable] indirect ip-address [ldp | rsvp-te [disallow-igp]] [cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]] — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [tag tag] [enable | disable] black-hole [mcast-family] — [no] triggered-policy Page 92 7710 SR OS Router Configuration Guide...
Page 93 — no lsr-load-balancing — ieee-mac-addr — no — [no] multihoming primary|secondary [hold-time holdover-time] — network-domain network-domain-name — no network-domain — [no] ntp-broadcast — port port-name — no port — [no] proxy-arp-policy 7710 SR OS Router Configuration Guide Page 93...
Page 94 — no address — description description-string — no description — [no] shutdown config — system — lsr-load-balancing hashing-algorithm — no lsr-load-balancing For router interface VRRP commands, see VRRP Command Reference on page 263. Page 94 7710 SR OS Router Configuration Guide...
Page 95 [ policy-name...(up to 5 max)] — no proxy-nd-policy — [no] urpf-check — mode {strict | loose} — no mode — [no] urpf-check — mode {strict | loose} — no mode 7710 SR OS Router Configuration Guide Page 95...
Page 96 — valid-lifetime {seconds | infinite} — no valid-lifetime — reachable-time milli-seconds — no reachable-time — retransmit-time milli-seconds — no retransmit-time — router-lifetime seconds — no router-lifetime — [no] shutdown — [no] use-virtual-mac Page 96 7710 SR OS Router Configuration Guide...
Page 97 — application [app-name] [dscp-dot1p] — dscp-map [dscp-name] — static-arp [ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix /mask]| [preference preference] | [next-hop ip-address] | [tag tag] [detail] — status 7710 SR OS Router Configuration Guide Page 97...
Page 98 — routes — tunnel-table [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] — neighbor [interface-name] Page 98 7710 SR OS Router Configuration Guide...
Page 99 — tunnel tunnel-id — statistics — neighbor {all | ip-address} — neighbor [interface ip-int-name | ip-address] — router-advertisement — router-advertisement [interface interface-name] — forwarding-table [slot-number] — interface [ip-int-name | ip-addr] [icmp] 7710 SR OS Router Configuration Guide Page 99...
Page 100 — no route-table — tunnel-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id]| sdp [sdp-id sdp-id]] — mtrace — [no] misc — [no] packet [query | request | response] — [interface tms-interface] api [detail] tms-interface Page 100 7710 SR OS Router Configuration Guide...
Page 101: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 101...
Page 102: Router Global Commands
Parameters ip-prefix — The destination address of the aggregate route in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d Page 102 7710 SR OS Router Configuration Guide...
Page 103 No autonomous system number is defined. Parameters autonomous-system — The autonomous system number expressed as a decimal integer. Values 1 — 4294967295 confederation Syntax confederation confed-as-num members as-number [as-number...up to 15 max] 7710 SR OS Router Configuration Guide Page 103...
Page 104 — The maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp. Values 0 — 32 Page 104 7710 SR OS Router Configuration Guide...
Page 105 LFA next-hop in RTM. Thus, the IP prefix will resolve to the multiple equal-cost primary next-hops that provide the required protection. The no form of this command disables the IP FRR feature on the system Default no ip-fast-reroute 7710 SR OS Router Configuration Guide Page 105...
Page 106 — Specifies the policy name. Values 32 chars max network-domains Syntax network-domains Context config>router Description This command opens context for defining network-domains. This command is applicable only in the base routing context. Page 106 7710 SR OS Router Configuration Guide...
Page 107 If a system interface address is not configured, use the last 32 bits of the chassis MAC address. Parameters router-id — The 32 bit router ID expressed in dotted decimal notation or as a decimal value. 7710 SR OS Router Configuration Guide Page 107...
Page 108 [0 — FFFF]H [0 — 255]D ipv6-prefix-length: 0 — 128 Values exclusive When this option is specified, the addresses configured are exclusively used for services and cannot be assigned to network ports. Page 108 7710 SR OS Router Configuration Guide...
Page 109 0 — 7 dot1p-app-name — Specifies the Dot1p application name. Values arp, isis, pppoe dscp Syntax dscp dscp-name fc fc-name no dscp dscp-name Context config>router>sgt-qos Description This command configures DSCP name to FC mapping. 7710 SR OS Router Configuration Guide Page 109...
Page 110 [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole [mcast-family] {prefix-list prefix-list- name [all | none]} Context config>router Description This command creates static route entries for both the network and access routes. Page 110 7710 SR OS Router Configuration Guide...
Page 111 Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is according to the default preference table defined in Table 5 on page 113 7710 SR OS Router Configuration Guide Page 111...
Page 112 The configured ip-addr is not directly connected to a network configured on this node. The destination can be reachable via multiple paths. The indirect address can only resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address. Page 112 7710 SR OS Router Configuration Guide...
Page 113: Table 5: Default Route Preferences
In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route. The administrative state is maintained in the configuration file. 7710 SR OS Router Configuration Guide Page 113...
Page 114 — This optional parameter enables the ability to log transitions between active and in-active based on the CPE connectivity check. Events should be sent to the system log, syslog and SNMP traps. Page 114 7710 SR OS Router Configuration Guide...
Page 115 Only next-hop is allowed with any extra parameters. *B:Dut-C>config>router# show router "management" static-? static-arp static-route *B:Dut-C>config>router# show router "management" static-route =============================================================================== Static Route Table (Router: management) Family: IPv4 7710 SR OS Router Configuration Guide Page 115...
Page 116 *B:Dut-C>config>router# show router "management" static-route ipv6 =============================================================================== Static Route Table (Router: management) Family: IPv6 =============================================================================== Prefix Pref Type Act Next Hop Interface ------------------------------------------------------------------------------- 1::/96 3000::AC1F:7567 management ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== *B:Dut-C>config>router# Page 116 7710 SR OS Router Configuration Guide...
Page 117: Router Interface Commands
IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing. 7710 SR OS Router Configuration Guide Page 117...
Page 118 The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of Page 118 7710 SR OS Router Configuration Guide...
Page 119 IP interface. Default host-ones Values all-ones, host-ones allow-directed-broadcasts Syntax [no] allow-directed-broadcasts Context config>router>interface Description This command enables the forwarding of directed broadcasts out of the IP interface. 7710 SR OS Router Configuration Guide Page 119...
Page 120 The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault. Page 120 7710 SR OS Router Configuration Guide...
Page 121 — Specifies the direction to collect traffic flow samples. Values ingress-only — Enables ingress sampling only on the associated interface. egress-only — Enables egress sampling only on the associated interface. both — Enables both ingress and egress cflowd sampling. 7710 SR OS Router Configuration Guide Page 121...
Page 122 Syntax [no] ldp-shortcut Context config>router Description This command enables the resolution of IGP routes using LDP LSP across all network interfaces participating in the IS-IS and OSPF routing protocol in the system. Page 122 7710 SR OS Router Configuration Guide...
Page 123 When the LDP synchronization timer expires, the link cost is restored and is re-advertised. IGP will announce a new best next-hop and LDP will use it if the label binding for the neighbor’s FEC is available. 7710 SR OS Router Configuration Guide Page 123...
Page 124 — Specifies the time interval for the IGP-LDP synchronization timer in seconds. Values 1 – 1800 loopback Syntax [no] loopback Context config>router>interface Description This command configures the interface as a loopback interface. Default Not enabled lsr-load-balancing Syntax lsr-load-balancing hashing-algorithm no lsr-load-balancing Context config>router>if Page 124 7710 SR OS Router Configuration Guide...
Page 125 — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses. 7710 SR OS Router Configuration Guide Page 125...
Page 126 LAG, is defined.. Single interfaces can be associated with multiple network-domains. Default per default “default” network domain is assigned ntp-broadcast Syntax [no] ntp-broadcast Context config>router>interface Page 126 7710 SR OS Router Configuration Guide...
Page 127 1 — 336 bpgrp-id bpgrp-type-bpgrp-num bpgrp keyword type ima, ppp bpgrp-num 1 — 256 aps-id aps-group-id[.channel] keyword group-id 1 — 16 lag-id lag-id keyword 1 — 64 7710 SR OS Router Configuration Guide Page 127...
Page 128 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 129 The no form of the command removes the QoS policy association from the SAP or IP interface, and the QoS policy reverts to the default. Default qos 1 — IP interface associated with network QoS policy 1. 7710 SR OS Router Configuration Guide Page 129...
Page 130 — The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-addr from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the Page 130 7710 SR OS Router Configuration Guide...
Page 131 Static ARP is used when a 7710 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7710 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 132 When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all IES and network IP interface as untrusted. Page 132 7710 SR OS Router Configuration Guide...
Page 133 It is recommended to use the system IP address as it is not associated with a particular interface and is therefore always reachable. The system IP address is the default if no ip-addr or ip-int-name is configured. Default no unnumbered 7710 SR OS Router Configuration Guide Page 133...
Page 134 The reachability for this address is advertised via IGPs and LDP protocols to allow the resolution of BGP routes advertised with this address. The no form of the command disables this setting. Default no multihoming Page 134 7710 SR OS Router Configuration Guide...
Page 135 — The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-addr from a traditional dotted decimal mask. The mask 7710 SR OS Router Configuration Guide Page 135...
Page 136 The no form of the command puts an entity into the administratively enabled state. Default no shutdown mh-secondary-interface Syntax [no] mh-secondary-interface Page 136 7710 SR OS Router Configuration Guide...
Page 137 This is to allow the reset of the network to reconverge after a router failure before the anycast based label assignments are flushed from the forwarding plane. Values 0-65535 Default 7710 SR OS Router Configuration Guide Page 137...
Page 138 The no form of the command removes flowspec filtering from an IP interface. Default No interfaces have flowspec enabled. filter Syntax filter ip ip-filter-id filter ipv6 ipv6-filter-id no filter [ip ip-filter-ip] [ipv6 ipv6-filter-id] Context config>router>if>ingress config>router>if>egress Page 138 7710 SR OS Router Configuration Guide...
Page 139 — The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ipv6 context. Values 1— 65535 7710 SR OS Router Configuration Guide Page 139...
Page 140 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. Page 140 7710 SR OS Router Configuration Guide...
Page 141 The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval. 7710 SR OS Router Configuration Guide Page 141...
Page 142 The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. Page 142 7710 SR OS Router Configuration Guide...
Page 143 Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used. icmp6 Syntax icmp6 Context config>router>if>ipv6 Description This command enables the context to configure ICMPv6 parameters for the interface. 7710 SR OS Router Configuration Guide Page 143...
Page 144 The no form of the command disables ICMPv6 redirects. Default 100 10 (when IPv6 is enabled on the interface) Page 144 7710 SR OS Router Configuration Guide...
Page 145 Values 10 — 1000 seconds — Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame. Values 1 — 60 7710 SR OS Router Configuration Guide Page 145...
Page 146 This command can only be used on Ethernet media. The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address. Page 146 7710 SR OS Router Configuration Guide...
Page 147 — The IPv6 address assigned to a router interface. Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx- xx-xx-xx-xx-xx. 7710 SR OS Router Configuration Guide Page 147...
Page 148: Router Advertisement Commands
IPv6 packets. Default Parameters number — Specifies the hop limit. Values 0 — 255. A value of zero means there is an unspecified number of hops. Page 148 7710 SR OS Router Configuration Guide...
Page 149 — Specify the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages. Values 3 — 1350 Syntax [no] mtu mtu-bytes Context config>router>router-advert>if Description This command configures the MTU for the nodes to use to send packets on the link. 7710 SR OS Router Configuration Guide Page 149...
Page 150 [0 — 255]D ipv6-prefix-length 0 — 128 prefix-length — Specifies a route must match the most significant bits and have a prefix length. Values 1 — 128 autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix Page 150 7710 SR OS Router Configuration Guide...
Page 151 — Specifies the remaining length of time in seconds that this prefix will continue to be valid. infinite — Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity. 7710 SR OS Router Configuration Guide Page 151...
Page 152 — The length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination. Values 0, 4 — 9000 seconds. 0 means that the router is not a default router on this link. Page 152 7710 SR OS Router Configuration Guide...
Page 153 If the virtual router is not the master, no router advertisement messages are sent. The no form of the command disables sending router advertisement messages. Default no use-virtual-mac 7710 SR OS Router Configuration Guide Page 153...
Page 154 Page 154 7710 SR OS Router Configuration Guide...
Page 155: Show Commands
Inv — The ARP entry is an inactive static ARP entry (invalid). Oth — The ARP entry is a local or system ARP entry. Sta — The ARP entry is an active static ARP entry. 7710 SR OS Router Configuration Guide Page 155...
Page 156 Type Interface ------------------------------------------------------------------------------- 10.10.0.3 04:5d:ff:00:00:00 00:00:00 system =============================================================================== A:ALA-A# A:ALA-A# show router ARP to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.13.1 04:5b:01:01:00:02 03:53:09 to-ser1 =============================================================================== A:ALA-A# Page 156 7710 SR OS Router Configuration Guide...
Page 157 The number of packets that were authenticated. Client Packets Authenticate Ok Sample Output A:ALU-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail Client Packets Authenticate Ok : 12 =================================================================== A:ALU-3> 7710 SR OS Router Configuration Guide Page 157...
Page 158 Remote State : Up (3) Remote Diag : 0 (None) Remote Mode : Async Remote Min Tx : 1000 Remote Mult Last Recv (ms) : 367 Remote Min Rx : 10 =============================================================================== *A:Dut-C# Page 158 7710 SR OS Router Configuration Guide...
Page 159 =============================================================================== *A:Dut-B# session Syntax session [src ip-address [dst ip-address] | detail] session [type type] session [summary] Context show>router>bfd Description This command displays session information. 7710 SR OS Router Configuration Guide Page 159...
Page 160 Up (3) 10.2.1.3 pim isis 50968 50718 port-1-2 Up (3) 3FFE::A02:103 static bgp cpm-np port-1-2 Up (3) =============================================================================== *A:Dut-B# A:Dut-B# show router bfd session src 3FFE::A01:102 dest 3FFE::A01:103 =============================================================================== BFD Session Page 160 7710 SR OS Router Configuration Guide...
Page 161 *A:Dut-B# show router bfd session ipv4 =============================================================================== BFD Session =============================================================================== Interface State Tx Intvl Rx Intvl Multipl Remote Address Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- port-1-1 Up (3) 10.1.1.3 pim isis 51532 51279 7710 SR OS Router Configuration Guide Page 161...
Page 162 *A:Dut-D# show router bfd session summary ============================= BFD Session Summary ============================= Termination Session Count ----------------------------- central cpm-np iom, slot 1 iom, slot 2 iom, slot 3 iom, slot 4 iom, slot 5 Total ============================= *A:Dut-D# Page 162 7710 SR OS Router Configuration Guide...
Page 163 The number of packets received from the DHCP clients. Transmitted Pack- The number of packets transmitted to the DHCP clients. Received Mal- The number of malformed packets received from the DHCP clients. formed Packets 7710 SR OS Router Configuration Guide Page 163...
Page 164 4 Hop Count Limit reached 5 Missing Relay Msg option, or illegal msg type 6 Unable to determine destinatinon client Itf 7 Out of Memory 8 No global Pfx on Client Itf Page 164 7710 SR OS Router Configuration Guide...
Page 165 Sample Output A:ALA-1# show router dhcp summary =============================================================================== DHCP6 Summary (Router: Base) =============================================================================== Interface Name Used/Max Relay Admin Oper Relay SapId Resol. Used/Max Server Admin Oper Server ------------------------------------------------------------------------------- interfaceServiceDefault NoServerCo* sap:1/2/12:1 0/8000 7710 SR OS Router Configuration Guide Page 165...
Page 166 True — ECMP is enabled for the instance. The number of ECMP routes configured for path sharing. Configured-ECMP-Routes Sample Output A:ALA-A# show router ecmp =============================================================================== Router ECMP =============================================================================== Instance Router Name ECMP Configured-ECMP-Routes ------------------------------------------------------------------------------- Base True =============================================================================== A:ALA-A# Page 166 7710 SR OS Router Configuration Guide...
Page 167 FIB Display ======================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------ 131.132.133.134/32 OSPF 66.66.66.66 (loop7) Next-hop type: tunneled, Owner: RSVP, Tunnel-ID: <out-ifindex-from-route> ------------------------------------------------------------------------ Total Entries : 1 ------------------------------------------------------------------------ ======================================================================== *A:Dut-C# show router fib 1 1.1.1.1/32 =============================================================================== 7710 SR OS Router Configuration Guide Page 167...
Page 168 1.2.3.2 (to_Dut-B) 10.20.1.3/32 LOCAL 10.20.1.3 (system) 20.12.0.43/32 STATIC vprn1:mda-1-1 20.12.0.44/32 STATIC vprn1:mda-2-1 20.12.0.45/32 STATIC vprn1:mda-2-2 20.12.0.46/32 STATIC vprn1:mda-3-1 100.0.0.1/32 vprn1:mda-1-1 vprn1:mda-3-1 138.203.71.202/32 STATIC 10.12.0.2 (itfToArborCP_02) ------------------------------------------------------------------------------- Total Entries : 15 ------------------------------------------------------------------------------- =============================================================================== Page 168 7710 SR OS Router Configuration Guide...
Page 169 Global ICMPv6 Stats =============================================================================== Received Total : 14 Errors Destination Unreachable : 5 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 0 7710 SR OS Router Configuration Guide Page 169...
Page 170 Echo Reply The number of echo replies. Router Advertise- The number of times the router advertised its location. ments Neighbor Adver- The number of times the neighbor router advertised its location. tisements Page 170 7710 SR OS Router Configuration Guide...
Page 171 — Displays packet statistics for an interface on the router. summary — Displays summary IP interface information for the router. exclude-services — Displays IP interface information, excluding IP interfaces configured for customer services. Only core network IP interfaces are displayed. 7710 SR OS Router Configuration Guide Page 171...
Page 172 Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------- ip-100.0.0.2 Up/Up Up/Up Network lag-1 100.0.0.2/10 3FFE:1::2/64 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-100.128.0.2 Up/Up Up/Up Network lag-2 100.128.0.2/10 3FFE:2::2/64 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-11.2.4.4 Up/Up Down/Down Network 1/1/1 11.2.4.4/24 15::2/120 Page 172 7710 SR OS Router Configuration Guide...
Page 173 Up/Up Up/Up Network system 200.200.200.4/32 3FFE::C8C8:C804/128 PREFERRED ------------------------------------------------------------------------------- Interfaces : 15 =============================================================================== A:ALA-A# A:ALA-A# show router interface 10.10.0.3/32 =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode ------------------------------------------------------------------------------- system 10.10.0.3/32 Network =============================================================================== A:ALA-A# 7710 SR OS Router Configuration Guide Page 173...
Page 174 Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled. Oper State Down — The IP interface is operationally disabled. Up — The IP interface is operationally enabled. Page 174 7710 SR OS Router Configuration Guide...
Page 175 — Interface cflowd analysis is applied to the interface. none — No Cflowd analysis is applied to the interface. Sample Output A:Dut-A# show router interface ip-10.10.1.1 detail =============================================================================== Interface Table (Router: Base) 7710 SR OS Router Configuration Guide Page 175...
Page 176 Time (seconds) - 10 IPCP Address Extension Details Peer IP Addr*: Not configured Peer Pri DNS*: Not configured ------------------------------------------------------------------------------- *A:Dut-A# *A:Dut-C# show router 1 interface "mda-3-1" detail =============================================================================== Interface Table (Service: 1) =============================================================================== Page 176 7710 SR OS Router Configuration Guide...
Page 177 : 864512 Tx Pkts : 13552 Tx Bytes : 867328 Tx Discard Pkts TMS Health Information Status : Up Version : Peakflow TMS 5.6 (build BHDF) Mitigations Status message : (Unavailable) =============================================================================== with 7710 SR OS Router Configuration Guide Page 177...
Page 178 Admin State : Up Oper (v4/v6) : Up/Down Protocols : None IP Addr/mask : 20.12.0.46/32 Address Type : Primary IGP Inhibit : Disabled Broadcast Address : Host-ones HoldUp-Time Track Srrp Inst ------------------------------------------------------------------------------- Details Page 178 7710 SR OS Router Configuration Guide...
Page 179 A:ALA-A# show router interface summary =============================================================================== Router Summary (Interfaces) =============================================================================== Instance Router Name Interfaces Admin-Up Oper-Up ------------------------------------------------------------------------------- Base =============================================================================== routes Syntax routes alternative Context show:router>isis Description This command displays IS-IS route information. 7710 SR OS Router Configuration Guide Page 179...
Page 180 10.20.3.3 10.20.1.4/32 2/Int. Dut-D 10.20.4.4 10.20.1.5/32 2/Int. Dut-C 10.20.3.3 10.20.1.6/32 2/Int. Dut-D 10.20.4.4 10.20.3.0/24 1/Int. Dut-B 0.0.0.0 10.20.4.0/24 1/Int. Dut-B 0.0.0.0 10.20.5.0/24 2/Int. Dut-C 10.20.3.3 10.20.6.0/24 2/Int. Dut-D 10.20.4.4 10.20.9.0/24 2/Int. Dut-D Page 180 7710 SR OS Router Configuration Guide...
Page 181 2/Int. Dut-D 10.20.4.4 10.20.10.0/24 2/Int. Dut-C 10.20.3.3 ---------------------------------------------------------------------------- Routes : 11 Flags: LFA = Loop-Free Alternate nexthop ============================================================================ *A:Dut-B# bindings Syntax bindings active Context show>router>ldp Description This command displays LDP bindings information. 7710 SR OS Router Configuration Guide Page 181...
Page 182 A - Apipe Service, F - Fpipe Service, I - IES Service, R - VPRN service P - Ipipe Service, WP - Label Withdraw Pending, C - Cpipe Service BU - Alternate Next-hop for Fast Re-Route, TLV - (Type, Length: Value) ======================================================================== LDP Prefix Bindings ======================================================================== Page 182 7710 SR OS Router Configuration Guide...
Page 183 No Matching Entries Found ======================================================================== ======================================================================== mvpn Syntax mvpn Context show>router router-instance Description This command displays Multicast VPN related information. The router instance must be specified. Sample Output *A:Dut-C# show router 1 mvpn 7710 SR OS Router Configuration Guide Page 183...
Page 184 Specifies the link-layer address. MAC Address Displays the current administrative state. State Displays the number of seconds until the entry expires. Displays the type of IPv6 interface. Type Displays the interface name. Interface Page 184 7710 SR OS Router Configuration Guide...
Page 185 — Displays information for a specific network domain. Sample *A:Dut-T>config>router# show router network-domains =============================================================================== Network Domain Table =============================================================================== Network Domain Description ------------------------------------------------------------------------------- net1 Network domain 1 default Default Network Domain ------------------------------------------------------------------------------- Network Domains : 2 =============================================================================== *A:Dut-T>config>router# 7710 SR OS Router Configuration Guide Page 185...
Page 186 ------------------------------------------------------------------------------- SDPs : 1 =============================================================================== *A:Dut-T>config>service# policy Syntax policy [name | damping | prefix-list name | as-path name | community name | admin] Context show>router Description This command displays policy-related information. Page 186 7710 SR OS Router Configuration Guide...
Page 187 Sample Output B:CORE2# show router policy =============================================================================== Route Policies =============================================================================== Policy Description ------------------------------------------------------------------------------- fromStatic ------------------------------------------------------------------------------- Policies : 1 =============================================================================== B:CORE2# policy-edits Syntax policy-edits Context show>router Description This command displays edited policy information. 7710 SR OS Router Configuration Guide Page 187...
Page 188 Standard Route Table Output — The following table describes the standard output fields for the route table. Label Description Dest Address The route destination address and mask. Next Hop The next hop IP address for the route destination. Page 188 7710 SR OS Router Configuration Guide...
Page 189 10.20.1.3/32 [L] Remote ISIS 00h00m58s 15 10.10.12.3 3 10.20.1.4/32 [L] Remote ISIS 00h00m58s 15 10.10.4.4 10 10.20.1.5/32 [L] Remote ISIS 00h00m58s 15 10.10.12.3 13 10.20.1.6/32 [L] Remote ISIS 00h00m58s 15 10.10.4.4 20 7710 SR OS Router Configuration Guide Page 189...
Page 190 10.20.1.5/32 Remote ISIS 00h02m05s 15 10.10.12.3 13 10.10.4.4 (LFA) 20 10.20.1.6/32 Remote ISIS 00h02m05s 15 10.10.4.4 20 10.10.12.3 (LFA) 23 ---------------------------------------------------------------------------- No. of Routes: 16 Flags: Backup = BGP backup routeLFA = Loop-Free Alternate nexthop Page 190 7710 SR OS Router Configuration Guide...
Page 191 B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref ------------------------------------------------------------------------------- 100.10.0.0/16 Black Hole Remote Static 00h03m17s 1 5 ------------------------------------------------------------------------------- No. of Routes: 1 7710 SR OS Router Configuration Guide Page 191...
Page 192 ISIS 00h43m55s 1.2.3.2 10.12.0.0/24 Local Local 00h44m29s itfToArborCP_02 10.20.1.1/32 Remote ISIS 00h44m24s 1.1.3.1 10.20.1.2/32 Remote ISIS 00h44m28s 1.2.3.2 10.20.1.3/32 Local Local 00h44m32s system 20.12.0.43/32 Remote Static 00h44m31s vprn1:mda-1-1 20.12.0.44/32 Remote Static 00h44m31s Page 192 7710 SR OS Router Configuration Guide...
Page 193 *A:Dut-B# show router route-table next-hop-type tunneled =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------- 10.10.5.0/24 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 10.10.10.0/24 Remote OSPF 00h02m20s 10.20.1.5 (tunneled:RSVP:1) 1100 7710 SR OS Router Configuration Guide Page 193...
Page 194 =============================================================================== *A:Dut-C# *A:Dut-C# show router route-table summary =============================================================================== Route Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- Static Direct Host BGP (Backup) VPN Leak OSPF ISIS ISIS (LFA) Aggregate Sub Mgmt Managed Page 194 7710 SR OS Router Configuration Guide...
Page 195 VPN Leak OSPF ISIS 3296 6383 ISIS (LFA) 1499 Aggregate Sub Mgmt Managed ------------------------------------------------------------------------------- Total 5006 9570 =============================================================================== NOTE: ISIS LFA routes and BGP Backup routes are not counted towards the total. 7710 SR OS Router Configuration Guide Page 195...
Page 196 Max Advert Inter- The maximum interval between sending router advertisement mes- sages. Managed Config True — Indicates that DHCPv6 has been configured. False — Indicates that DHCPv6 is not available for address config- uration. Page 196 7710 SR OS Router Configuration Guide...
Page 197 : FALSE On-link flag : FALSE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 49710d06h Valid Lifetime : 49710d06h 7710 SR OS Router Configuration Guide Page 197...
Page 198 On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 24::/119 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 25::/120 Page 198 7710 SR OS Router Configuration Guide...
Page 199 Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix not present in neighbor router advertisement Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 49710d06h Valid Lifetime : 49710d06h 7710 SR OS Router Configuration Guide Page 199...
Page 200 Valid Lifetime : infinite [30d00h00m] Prefix not present in own router advertisement Prefix: 231::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m =============================================================================== A:Dut-A# Page 200 7710 SR OS Router Configuration Guide...
Page 201 00:00:5a:40:00:01 00:00:00 Sta to-ser1 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1a ------------------------------------------------------------------------------- No. of ARP Entries: 1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp 12.200.1.1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 7710 SR OS Router Configuration Guide Page 201...
Page 202 /mask — Displays static routes only matching the specified ip-prefix and mask. Values ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 — 32 ipv6-prefix: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D ipv6-prefix-length: 0 — 128 Page 202 7710 SR OS Router Configuration Guide...
Page 203 IP interface is down. Y — The static route is active. No. of Routes The number of routes displayed in the list. Sample Output A:ALA-A# show router static-route =============================================================================== 7710 SR OS Router Configuration Guide Page 203...
Page 204 Nexthop : [address | LSP label & name] Nexthop type: [IP|LDP|RSVP-TE] Interface : Metric Prefence : Active : [Y|N] Admin State : [Up|Down] Tag : BFD: [enable|disabled] CPE-check: [enabled|disabled] State: [Up|Down] Target : <address> Page 204 7710 SR OS Router Configuration Guide...
Page 205 ================================================= Address Ranges reserved for Services ================================================= IP Prefix Mask Exclusive ------------------------------------------------- 172.16.1.0 true 172.16.2.0 false ================================================= A:ALA-A# sgt-qos Syntax sgt-qos Context show>router Description This command displays self-generated traffic QoS related information. 7710 SR OS Router Configuration Guide Page 205...
Page 206 Router Status Output — The following table describes the output fields for router status information. Label Description Router The administrative and operational states for the router. OSPF The administrative and operational states for the OSPF protocol. The administrative and operational states for the RIP protocol. Page 206 7710 SR OS Router Configuration Guide...
Page 207 244285 Total IPv6 Routes Max Multicast Routes No Limit Total Multicast Routes PIM not configured ECMP Max Routes Triggered Policies ================================================================ *A:Performance# *A:Performance# configure router ospf [1..31] shutdown *A:Performance# show router status 7710 SR OS Router Configuration Guide Page 207...
Page 208 Not configured Not configured Max Routes No Limit Total IPv4 Routes 244277 Total IPv6 Routes Max Multicast Routes No Limit Total Multicast Routes PIM not configured ECMP Max Routes Triggered Policies ================================================================ *A:Performance# Page 208 7710 SR OS Router Configuration Guide...
Page 209 GRE tunnels are not the same as SDP tunnels that use the GRE encapsulation type. When the auto-bind command is used when configuring a VPRN service, it means the MP-BGP 7710 SR OS Router Configuration Guide Page 209...
Page 210 Tunnel Id Pref Nexthop Metric ------------------------------------------------------------------------------- 10.0.0.1/32 0.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 =============================================================================== A:ALA-A>config>service# A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- =============================================================================== Page 210 7710 SR OS Router Configuration Guide...
Page 211 Active Active Setup history since 04/17/2009 18:38:41 Total Total Failed Failed Failed Auth =============================================================================== *A:Dut-C# Values ipv6-address x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 characters maximum, mandatory for link local addresses 7710 SR OS Router Configuration Guide Page 211...
Page 212: Clear Commands
— Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router Description This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. Page 212 7710 SR OS Router Configuration Guide...
Page 213 Syntax dhcp Context clear>router Description This command enables the context to clear DHCP related information. dhcp6 Syntax dhcp6 Context clear>router Description This command enables the context to clear DHCP6 related information. 7710 SR OS Router Configuration Guide Page 213...
Page 214 This command deletes routes created as a result of ICMP redirects received on the management interface. Parameters all — Clears all routes. ip-address — Clears the routes associated with the specified IP address. Page 214 7710 SR OS Router Configuration Guide...
Page 215 — - Resets the statistics associated with uRPF failures. statistics — - Resets the IP interface traffic statistics. l2tp Syntax l2pt Context clear>router Description This command enables the context to clear L2PT data. 7710 SR OS Router Configuration Guide Page 215...
Page 216 If no IP address or interface name is specified, then statistics are cleared for all configured interfaces. If an IP address or interface name is specified, then only data regarding the specified interface is cleared. Parameters ip-address | ip-int-name — Displays statistics for the specified IP interface. Page 216 7710 SR OS Router Configuration Guide...
Page 217 Context clear>router Description This command clears all router advertisement counters. Parameters all — Clears all router advertisement counters for all interfaces. interface interface-name — Clear router advertisement counters for the specified interface. 7710 SR OS Router Configuration Guide Page 217...
Page 218: Debug Commands
Syntax router router-instance Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values router-name: Base, management service-id: 1 — 2147483647 Page 218 7710 SR OS Router Configuration Guide...
Page 219 Description This command enables ICMP6 debugging. interface Syntax [no] interface [ip-int-name | ip-address| ipv6-address | ipv6-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. 7710 SR OS Router Configuration Guide Page 219...
Page 220 — The IP prefix for prefix list entry in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H Page 220 7710 SR OS Router Configuration Guide...
Page 221 Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. 7710 SR OS Router Configuration Guide Page 221...
Page 222 Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. Page 222 7710 SR OS Router Configuration Guide...
Page 223: Vrrp
 Non-Owner Access SSH on page 244  VRRP Advertisement Message IP Address List Verification on page 234 • VRRP Configuration Process Overview on page 245 • Configuration Notes on page 246 7710 SR OS Router Configuration Guide Page 223...
Page 224: Vrrp Overview
VRRP configuration. Internet Backup Master Backup Non-Owner Owner Non-Owner ALA-1 ALA-2 ALA-3 vrld 100 vrld 100 vrld 100 Priority 200 Priority 150 Virtual Router ID (VRID) OSRG006 Figure 12: VRRP Configuration Page 224 7710 SR OS Router Configuration Guide...
Page 225: Vrrp Components
This is a common mechanism that allows multiple local subnet attachment on a single routing interface. Up to four virtual routers are possible on a single Alcatel-Lucent IP interface. The virtual routers must be in the same subnet. Each virtual router has its own VRID, state machine and messaging instance.
Page 226: Primary And Secondary Ip Addresses
An IP interface must always have a primary IP address assigned for VRRP to be active on the interface. Alcatel-Lucent routers supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 227: Virtual Router Backup
VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis. For information about non-owner access parameters, refer to VRRP Non-Owner Accessibility on page 243. 7710 SR OS Router Configuration Guide Page 227...
Page 228: Configurable Parameters
Configurable Parameters In addition to backup IP addresses, to facilitate configuration of a virtual router on Alcatel-Lucent routers, the following parameters can be defined in owner configurations: • Virtual Router ID (VRID) on page 228 • Message Interval and Master Inheritance on page 230 •...
Page 229: Ip Addresses
These are the IP addresses being used by hosts on the LAN as gateway addresses. Multi-netting supports 16 IP addresses on the IP interface, up to 16 addresses can be assigned to a specific a virtual router instance. 7710 SR OS Router Configuration Guide Page 229...
Page 230: Message Interval And Master Inheritance
Skew Time = (((256 - priority) * Master_Adver_Interval) / 256) centiseconds The higher priority value, the smaller the skew time will be. This means that virtual routers with a lower priority will transition to master slower than virtual routers with higher priorities. Page 230 7710 SR OS Router Configuration Guide...
Page 231: Master Down Interval
If preempt disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router. 7710 SR OS Router Configuration Guide Page 231...
Page 232: Vrrp Message Authentication
 IP header destination IP address – Must be 224.0.0.18  IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops  IP header protocol field – must be 112 (decimal) Page 232 7710 SR OS Router Configuration Guide...
Page 233  Authentication data fields – Must be equal to the VRID configured simple text password Any VRRP message not meeting the type 0 verification checks with the exceptions above are silently discarded. 7710 SR OS Router Configuration Guide Page 233...
Page 234: Authentication Data
VRRP advertisement messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The Alcatel-Lucent routersimplementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 235: Inherit Master Vrrp Router's Advertisement Interval Timer
Policies can only be configured in the non-owner VRRP context. For non-owner virtual router instances, if policies are not configured, then the base priority is used as the in-use priority. 7710 SR OS Router Configuration Guide Page 235...
Page 236: Vrrp Priority Control Policies
The base priority is the starting priority for the VRRP instance. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy. Page 236 7710 SR OS Router Configuration Guide...
Page 237: Vrrp Priority Control Policy Delta In-Use Priority Limit
The allowed range of the Delta In-Use Priority Limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance. 7710 SR OS Router Configuration Guide Page 237...
Page 238: Vrrp Priority Control Policy Priority Events
This extends the amount of time that must expire before entering the cleared state. For an example of a hold-set timer setting, refer to LAG Degrade Priority Event on page 239. Page 238 7710 SR OS Router Configuration Guide...
Page 239: Port Down Priority Event
Table 6: LAG Events Time LAG Port State Parameter State Comments All ports down Event State Set - 8 ports down Event Threshold 6 ports down Hold Set Timer 5 seconds Set to hold-set parameter 7710 SR OS Router Configuration Guide Page 239...
Page 240 Event Threshold 2 ports down Hold Set Timer Expired Four ports down Event State Set - 2 ports down Event Threshold 4 ports down Hold Set Timer 5 seconds Set to hold-set parameter Page 240 7710 SR OS Router Configuration Guide...
Page 241: Host Unreachable Priority Event
The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next hop parameter can be defined. 7710 SR OS Router Configuration Guide Page 241...
Page 242 When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set. Page 242 7710 SR OS Router Configuration Guide...
Page 243: Vrrp Non-Owner Accessibility
IP address. When non-owner access Telnet is disabled on a virtual router instance, Telnet sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. 7710 SR OS Router Configuration Guide Page 243...
Page 244: Non-Owner Access Ssh
IP address. SSH is applicable to IPv4 VRRP only. When non-owner access SSH is disabled on a virtual router instance, SSH sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. Page 244 7710 SR OS Router Configuration Guide...
Page 245: Vrrp Configuration Process Overview
SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) ENABLE Figure 13: VRRP Configuration and Implementation Flow 7710 SR OS Router Configuration Guide Page 245...
Page 246: Configuration Notes
The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list.  For IPv6, one of the backup addresses configured must be the link-local address of the owner VRRP instance. Page 246 7710 SR OS Router Configuration Guide...
Page 247: Configuring Vrrp With Cli
Modifying Service and Interface VRRP Parameters on page 262 • Modifying Non-Owner Parameters on page 262 • Modifying Owner Parameters on page 262 • Deleting VRRP on an Interface or Service on page 262 7710 SR OS Router Configuration Guide Page 247...
Page 248: Vrrp Configuration Overview
The service customer account must be created prior to configuring an IES or VPRN VRRP instance. • The interface address must be specified in the both the owner and non-owner IES, VPRN or router interface instances. Page 248 7710 SR OS Router Configuration Guide...
Page 249: Basic Vrrp Configurations
100 delta exit port-down 1/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta protocol bgp exit exit ---------------------------------------------- 7710 SR OS Router Configuration Guide Page 249...
Page 250: Vrrp Ies Service Parameters
10.10.36.2 authentication-type password authentication-key "testabc" exit exit interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 250 7710 SR OS Router Configuration Guide...
Page 251: Configure Vrrp For Ipv6
FD10:D68F:1:221::FFFD/64 link-local-address FE80::D68F:1:221:FFFD preferred vrrp 219 backup FE80::D68F:1:221:FFFF priority 254 ping-reply exit exit sap ccag-1.a:921 create description "cross connect to VPLS 921" exit exit no shutdown ---------------------------------------------- *A:nlt7750-3>config>service>ies# 7710 SR OS Router Configuration Guide Page 251...
Page 252: Vrrp Router Interface Parameters
"system" address 10.10.0.4/32 exit interface "test1" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 252 7710 SR OS Router Configuration Guide...
Page 253: Common Configuration Tasks
In addition to the common parameters, the following non-owner commands can be configured: • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply (IPv4 only) • [no] shutdown 7710 SR OS Router Configuration Guide Page 253...
Page 254: Creating Interface Parameters
A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA" address 123.123.123.123/24 exit interface "testB" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# Page 254 7710 SR OS Router Configuration Guide...
Page 255: Configuring Vrrp Policy Components
The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# 7710 SR OS Router Configuration Guide Page 255...
Page 256: Configuring Service Vrrp Parameters
The following displays a basic non-owner VRRP configuration example: A:SR2>config>service>ies# info ---------------------------------------------- interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 256 7710 SR OS Router Configuration Guide...
Page 257: Owner Service Vrrp
The following displays the owner VRRP configuration example: A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# 7710 SR OS Router Configuration Guide Page 257...
Page 258: Configuring Router Interface Vrrp Parameters
A:SR2>config># info #------------------------------------------ interface "if-test" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply telnet-reply authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config># Page 258 7710 SR OS Router Configuration Guide...
Page 259: Router Interface Vrrp Owner
Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# 7710 SR OS Router Configuration Guide Page 259...
Page 260: Vrrp Configuration Management Tasks
The following example displays the modified VRRP policy configuration: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit port-down 1/1/3 priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# Page 260 7710 SR OS Router Configuration Guide...
Page 261: Deleting A Vrrp Policy
Applied applied to an entity. A:SR2# =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- 200 Explicit None None None None =============================================================================== A:SR2# 7710 SR OS Router Configuration Guide Page 261...
Page 262: Modifying Service And Interface Vrrp Parameters
The following example displays the command usage to delete a VRRP instance from an interface or IES service: Example: config>service#ies 10 config>service>ies# interface “test” config>service>ies>if# vrrp 1 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all Page 262 7710 SR OS Router Configuration Guide...
Page 263: Vrrp Command Reference
Router Interface IPv6 Commands on page 265 • Router Interface IPv6 VRRP Commands on page 266 • VRRP Priority Control Event Policy Commands on page 266 • Show Commands on page 268 • Clear Commands on page 268 7710 SR OS Router Configuration Guide Page 263...
Page 264 — [no] traceroute-reply * Note that VRRP commands are applicable to router interfaces, IES interfaces and VPRN, The authentication-key, authentication-type, bfd-enable, and ssh-reply commands are applicable only to IPv4 contexts, not IPv6. Page 264 7710 SR OS Router Configuration Guide...
Page 265 — no unreachables — link-local-address ipv6-address [preferred] — no link-local-address — [no] local-proxy-nd — neighbor ipv6-address [mac-address] — no neighbor ipv6-address — proxy-nd-policy policy-name [ policy-name...(up to 5 max)] — no proxy-nd-policy 7710 SR OS Router Configuration Guide Page 265...
Page 266 — no hold-set — interval seconds — no interval — priority priority-level [{delta | explicit}] — no priority — timeout seconds — no timeout — [no] lag-port-down lag-id — hold-clear seconds Page 266 7710 SR OS Router Configuration Guide...
Page 267 — no priority — protocol protocol — no protocol[protocol] — [no] protocol — [no] protocol bgp -vpn — [no] protocol ospf — [no] protocol isis — [no] protocol — [no] protocol static 7710 SR OS Router Configuration Guide Page 267...
Page 268 — no events interface ip-int-name [vrid virtual-router-id] — no events interface ip-int-name vrid virtual-router-id ipv6 — packets — packets interface ip-int-name [vrid virtual-router-id] — packets interface ip-int-name vrid virtual-router-id ipv6 — no packets Page 268 7710 SR OS Router Configuration Guide...
Page 269 VRRP — no packets interface ip-int-name [vrid virtual-router-id] — no packets interface ip-int-name vrid virtual-router-id ipv6 7710 SR OS Router Configuration Guide Page 269...
Page 270 Page 270 7710 SR OS Router Configuration Guide...
Page 271: Configuration Commands
— The authentication key. Allowed values are any string up to 8 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 271...
Page 272 IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. Page 272 7710 SR OS Router Configuration Guide...
Page 273 Parent IP addresses: 10.10.10.10/24 11.11.11.11/24 Virtual router IP addresses: 10.10.10.11 Invalid (not equal to parent IP address) 10.10.10.10 Associated (same as parent IP address 10.10.10.10) 10.10.11.11 Invalid (not equal to parent IP address) 7710 SR OS Router Configuration Guide Page 273...
Page 274 IP interface IP address is attempted and fails. All virtual router IP addresses associated with the parental IP interface IP address must be deleted prior Page 274 7710 SR OS Router Configuration Guide...
Page 275 A single virtual router instance may only have a single virtual router IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. 7710 SR OS Router Configuration Guide Page 275...
Page 276 IP interface assigned IP addresses. The virtual router IP address must be a valid IP address within one of Page 276 7710 SR OS Router Configuration Guide...
Page 277 IP address must be in the same subnet of the parental IP interface IP address or equal to one of the the parent interface addresses for owner virtual router instances. Values ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x::d.d.d.d x: [0..FFFF]H d: [0..255]D 7710 SR OS Router Configuration Guide Page 277...
Page 278 Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command configures a VRRP initialization delay timer. Parameters seconds — Specifies the initialization delay timer for VRRP, in seconds. Values 1 — 65535 Page 278 7710 SR OS Router Configuration Guide...
Page 279 The master-int-inherit command has no effect when the virtual router instance is operating as master. 7710 SR OS Router Configuration Guide Page 279...
Page 280 The skew time portion is used to slow down virtual routers with relatively low priority values when competing in the master election process. The command is available in both non-owner and owner vrrp nodal contexts. Page 280 7710 SR OS Router Configuration Guide...
Page 281 — No VRRP priority control policy is associated with the virtual router instance. Parameters policy-id — The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp- policy-id must already exist for the command to function. Values 1 — 9999 7710 SR OS Router Configuration Guide Page 281...
Page 282 Syntax priority base-priority no priority Context config>router>if>vrrp config>router>if>ipv6>vrrp Description This command configures the base router priority for the virtual router instance used in the master election process. Page 282 7710 SR OS Router Configuration Guide...
Page 283 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. 7710 SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
Page 284 Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Page 284 7710 SR OS Router Configuration Guide...
Page 285 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. This limitation can be disregarded for certain applications. Ping, SSH and Telnet can each be individually enabled or disabled on a per-virtual-router-instance basis. 7710 SR OS Router Configuration Guide Page 285...
Page 286 The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router. Page 286 7710 SR OS Router Configuration Guide...
Page 287 IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot 7710 SR OS Router Configuration Guide Page 287...
Page 288 The vrid must be deleted and than recreated without the owner keyword to remove ownership. Page 288 7710 SR OS Router Configuration Guide...
Page 289: Priority Policy Commands
Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base- priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. Values 1 — 254 7710 SR OS Router Configuration Guide Page 289...
Page 290 The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail. Default none Page 290 7710 SR OS Router Configuration Guide...
Page 291 A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance. Up to 32 priority control events can be configured within the priority-event node. The no form of the command clears any configured priority events. 7710 SR OS Router Configuration Guide Page 291...
Page 292: Priority Policy Event Commands
It is possible, on some event types, to have another set action reload the hold-set timer. This extends the amount of time that must expire before entering the cleared state. Page 292 7710 SR OS Router Configuration Guide...
Page 293 If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, thus, there is no impact on the in-use priority. The no form of the command reverts to the default values. 7710 SR OS Router Configuration Guide Page 293...
Page 294 The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy. Default delta Values delta, explicit Page 294 7710 SR OS Router Configuration Guide...
Page 295: Priority Policy Port Down Event Commands
The events hold-set timer has no effect on the removal procedure. Default no port-down — No port down priority control events are defined. Parameters port-id — The port ID of the port monitored by the VRRP priority control event. 7710 SR OS Router Configuration Guide Page 295...
Page 296 If the port is not provisioned, the event operational state is Set – non-provisioned. If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port. Page 296 7710 SR OS Router Configuration Guide...
Page 297: Priority Policy Lag Events Commands
If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7710 SR OS Router Configuration Guide Page 297...
Page 298 A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold. Page 298 7710 SR OS Router Configuration Guide...
Page 299 LAG equals or exceeds number-of- lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. Values 1 — 8 7710 SR OS Router Configuration Guide Page 299...
Page 300: Priority Policy Host Unreachable Event Commands
If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared. Multiple unique (different ip-address) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events. Page 300 7710 SR OS Router Configuration Guide...
Page 301 If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7710 SR OS Router Configuration Guide Page 301...
Page 302 The no form of the command reverts to the default value. Default Parameters seconds — The number of seconds between the ICMP echo request messages sent to the host IP address for the host unreachable priority event. Values 1 — 60 Page 302 7710 SR OS Router Configuration Guide...
Page 303 — The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded. Values 1 — 60 7710 SR OS Router Configuration Guide Page 303...
Page 304: Priority Policy Route Unknown Event Commands
The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information. Page 304 7710 SR OS Router Configuration Guide...
Page 305 — This parameter defines BGP as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The bgp parameter is not exclusive from the other available protocol parameters. If protocol is executed without the bgp parameter, 7710 SR OS Router Configuration Guide Page 305...
Page 306 If the route prefix is removed, becomes inactive or fails to meet the event criteria, the event is in the set state. The command creates a route-unknown node identified by prefix/mask-length and containing event control commands. Page 306 7710 SR OS Router Configuration Guide...
Page 307 The no form of the command is used to remove the specific prefix/mask-length monitoring event. The event can be removed at anytime. When the event is removed, the in-use priority of all associated 7710 SR OS Router Configuration Guide Page 307...
Page 308 Values ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0) mask 0 — 32 ipv6-address/prefix: ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0..FFFF]H prefix-length 1 — 128 Page 308 7710 SR OS Router Configuration Guide...
Page 309: Show Commands
Down — Indicates that the administrative state of the VRRP instance is down. Up — Indicates that the operational state of the VRRP instance is up. Down — Indicates that the operational state of the VRRP instance is down. 7710 SR OS Router Configuration Guide Page 309...
Page 310 VRRP master with a lower priority. No — The preempt mode is disabled and prevents the non-owner vir- tual router instance from preempting another, less desirable virtual router. Page 310 7710 SR OS Router Configuration Guide...
Page 311 The date and time when operational state of the virtual router changed to master. For a backup virtual router, this value specifies the date and time when it received the first VRRP advertisement message from the virtual router which is the current master. 7710 SR OS Router Configuration Guide Page 311...
Page 312 Become Master Master Changes Adv Sent : 103 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Page 312 7710 SR OS Router Configuration Guide...
Page 313 : 23 Adv Received Pri Zero Pkts Sent Pri Zero Pkts Rcvd: 0 Preempt Events Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors 7710 SR OS Router Configuration Guide Page 313...
Page 314 When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the cur- rent explicit priorities will be used as the in-use priority for the virtual router. Page 314 7710 SR OS Router Configuration Guide...
Page 315 If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation. 7710 SR OS Router Configuration Guide Page 315...
Page 316 Event Type & ID Event Oper State Hold Set Priority In Remaining &Effect ------------------------------------------------------------------------------- Host Unreach 10.10.200.252 Expired 20 Del Host Unreach 10.10.200.253 Expired 10 Del Route Unknown 10.10.100.0/24 Expired 1 Exp =============================================================================== A:ALA-A# Page 316 7710 SR OS Router Configuration Guide...
Page 317 Down — Indicates that the operational state of the VRRP instance is down. Base Pri The base priority used by the virtual router instance. InUse Priority The current in-use priority associated with the VRRP virtual router instance. 7710 SR OS Router Configuration Guide Page 317...
Page 318 Value In Use Yes — The event is currently affecting the in-use priority of some virtual router. Page 318 7710 SR OS Router Configuration Guide...
Page 319 Priority Control Event Host Unreachable 10.10.200.252 ------------------------------------------------------------------------------- Priority : 20 Priority Effect : Delta Interval : 1 sec Timeout : 1 sec Drop Count Hold Set Config : 0 sec Hold Set Remaining: Expired 7710 SR OS Router Configuration Guide Page 319...
Page 320: Table 7: Show Vrrp Statistics Output
Table 7: Show VRRP Statistics Output Label Description Displays the number of virtual router ID errors. VR Id Errors Displays the number of version errors. Version Errors Displays the number of checksum errors. Checksum Errors Page 320 7710 SR OS Router Configuration Guide...
Page 321 VRRP Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# 7710 SR OS Router Configuration Guide Page 321...
Page 322: Monitor Commands
Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Total Discards =============================================================================== Page 322 7710 SR OS Router Configuration Guide...
Page 323 Preempted Events Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Total Discards Addr List Errors Auth Failures Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 =============================================================================== *A:ALA-A# 7710 SR OS Router Configuration Guide Page 323...
Page 324: Clear Commands
This command clears statistics for VRRP instances on an IP interface or VRRP priority control poli- cies. Parameters interface ip-int-name — Clears the VRRP statistics for all VRRP instances on the specified IP inter- face. Page 324 7710 SR OS Router Configuration Guide...
Page 325 [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. Default All VRRP policies. Values 1 — 9999 ipv6 — Clears IPv6 statistics for the specified interface. 7710 SR OS Router Configuration Guide Page 325...
Page 326: Vrrp Debug Commands
Description This command enables debugging for VRRP packets. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id — Displays the specified VRID. Page 326 7710 SR OS Router Configuration Guide...
Page 327: Filter Policies
Filter Policy Entities on page 329  Redirect Policies on page 331  Web Redirection (Captive Portal) on page 332 • Creating and Applying Policies on page 334 • Configuration Notes on page 346 7710 SR OS Router Configuration Guide Page 327...
Page 328: Filter Policy Configuration Overview
The filter policy evaluation process stops when the first complete match is found and triggers the execution of the action defined. Page 328 7710 SR OS Router Configuration Guide...
Page 329: Filter Policy Entities
MAC Filter IPv6 Filter Security CPM filter Security CPM filter Security CPM filter CRON TOD-suite CRON TOD-suite CRON TOD-suite Router interface Router interface Egress multicast group Egress multicast group Egress multicast group 7710 SR OS Router Configuration Guide Page 329...
Page 330 Epipe SAP, spoke SDP Fpipe SAP, spoke SDP Fpipe SAP, spoke SDP Fpipe SAP, spoke SDP Ipipe SAP, spoke SDP Ipipe SAP, spoke SDP Ipipe SAP, spoke SDP Pseudowire template Pseudowire template Pseudowire template Page 330 7710 SR OS Router Configuration Guide...
Page 331: Redirect Policies
IPv4 address as an indirect next hop Policy Based Route (PBR) action. 7710 SR OS Router Configuration Guide Page 331...
Page 332: Web Redirection (Captive Portal)
5. The customer’s web browser will then close the original connection and open a new connec- tion to the web portal. 6. The web portal updates the ACL (directly or through SSC) to remove the redirection policy. 7. The customer connects to the original site. Page 332 7710 SR OS Router Configuration Guide...
Page 333: Figure 14: Web Redirect Traffic Flow
Refer to the subscriber management section of the SROS Triple Play Guide and the SR OS Router Configuration Guide. Since most web sites are accessed using the domain name the router allows either DNS queries or responds to DNS with the portal’s IP address. 7710 SR OS Router Configuration Guide Page 333...
Page 334: Creating And Applying Policies
ASSOCIATE FILTER ID TO SAP SAVE CONFIGURATION Figure 15: Filter Creation and Implementation Flow Figure 16 displays the process to create a filter policy and apply that policy to a service or network port. Page 334 7710 SR OS Router Configuration Guide...
Page 335: Figure 16: Creating And Applying Filter Policies
CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE SELECT NETWORK PORT OR IP INTERFACE ASSOCIATE FILTER ID or FILTER NAME SAVE CONFIGURATION Figure 16: Creating and Applying Filter Policies 7710 SR OS Router Configuration Guide Page 335...
Page 336: Packet Matching Criteria
MAC filters. Type and scale of each criteria supported depends on the platform, please see your Alcatel-Lucent representative for further details. As few or as many match parameters can be specified as required, but all conditions within a single filter policy entry must be met in order for the packet to be considered a match and the specified action performed.
Page 337 A new mac-filter type attribute is defined to control the use of inner-tag/outer-tag match criteria and must be set to vid to allow the use of inner-tag/outer0-tag match criteria. 7710 SR OS Router Configuration Guide Page 337...
Page 338: Table 9: Dscp Name To Dscp Value Table
Table 9: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 Page 338 7710 SR OS Router Configuration Guide...
Page 339 DSCP Value DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 7710 SR OS Router Configuration Guide Page 339...
Page 340: Table 10: Ip Option Values
Experimental Access Control [Estrin] IMITD IMI Traffic Descriptor Extended Internet Protocol ADDEXT Address Extension RTRALT Router alert Selective directed broadcast NSAPA NSAP addresses Dynamic packet state Upstream multicast packet FINN Experimental flow control Page 340 7710 SR OS Router Configuration Guide...
Page 341: Ordering Filter Entries
If a packet does not match, the packet continues to the next entry, and so on until a match is found or until all entries are compared. • If a packet does not completely match any entries, then the default action is performed. 7710 SR OS Router Configuration Guide Page 341...
Page 342: Figure 17: Filtering Process Example
Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 17: Filtering Process Example Page 342 7710 SR OS Router Configuration Guide...
Page 343: Match-List For Filter Policies
Figure 19 depicts how the IOM/CPM filter policy illustrated at the top of this section changes with a filter match list usage (using IPv4 address prefix list in this example). 7710 SR OS Router Configuration Guide Page 343...
Page 344 Please refer to SROS Release Notes for what objects can be grouped into a filter match list for IOM and CPM filter policies. Page 344 7710 SR OS Router Configuration Guide...
Page 345 If the packets do not match any filter entries, they are discarded or forwarded based on the default action specified in the policy. 7710 SR OS Router Configuration Guide Page 345...
Page 346: Configuration Notes
When a large (complex) filter is configured, it may take a few seconds to load and initiate the filter policy configuration. • The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and be inactive. Page 346 7710 SR OS Router Configuration Guide...
Page 347: Mac Filters
Table 11: MAC Match Criteria Exclusivity Rules Frame Format Etype LLC – Header SNAP-OUI SNAP- PID (ssap & dsap) Ethernet – II 802.3 802.3 – snap Note: When snap header is present, this is always set to AA-AA. 7710 SR OS Router Configuration Guide Page 347...
Page 348: Ip Filters
If source or destination address of the log messages does not match an entry already present in the table, the source/destination address is stored in a free entry in the mini- table. Page 348 7710 SR OS Router Configuration Guide...
Page 349 In case the mini-table has no more free entries, only total counter is incremented. • At expiry of the summarization interval, the mini-table for each type is flushed to the syslog destination. 7710 SR OS Router Configuration Guide Page 349...
Page 350 Page 350 7710 SR OS Router Configuration Guide...
Page 351: Configuring Filter Policies With Cli
Renumbering Filter Policy Entries on page 372  Modifying a Filter Policy on page 374  Deleting a Filter Policy on page 376  Deleting a Filter Policy on page 376  Copying Filter Policies on page 379 7710 SR OS Router Configuration Guide Page 351...
Page 352: Basic Configuration
20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 20: Applying an IP Filter to an Ingress Interface Page 352 7710 SR OS Router Configuration Guide...
Page 353: Common Configuration Tasks
• Optionally, an existing filter policy can have a Filter Name assigned, that can then be used in CLI to reference that filter policy including assigning it to SAPs and/or network interfaces. 7710 SR OS Router Configuration Guide Page 353...
Page 354: Ip Filter Policy
IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 354 7710 SR OS Router Configuration Guide...
Page 355: Ip Filter Entry
The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit no action exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 355...
Page 356 20 create match protocol tcp dst-ip 100.0.0.2/32 dst-port eq 80 exit action forward exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# Page 356 7710 SR OS Router Configuration Guide...
Page 357 IP interface is set to cflowd interface mode. The following displays an IP filter entry configuration example: A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" no filter-sample no interface-disable-sample match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7710 SR OS Router Configuration Guide Page 357...
Page 358: Creating An Ipv6 Filter Policy
Configuring and applying IPv6 filter policies is optional. IPv6 Filter Policy must be configured separately from IP (IPv4) filter policy. The configuration mimics IP Filter policy configuration. Please see Creating an IP Filter Policy on page 353. Page 358 7710 SR OS Router Configuration Guide...
Page 359: Creating A Mac Filter Policy
At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive type normal exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 359...
Page 360 "filter-wan-man" scope template type isid entry 1 create description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids" match isid 150 exit action forward exit Page 360 7710 SR OS Router Configuration Guide...
Page 361 1 create match frame-type ethernet_II ouiter-tag 85 4095 exit action drop exit entry 2 create match frame-type ethernet_II ouiter-tag 43 4095 exit action drop exit ---------------------------------------------- A:TOP_NODE>config>filter>mac-filter# 7710 SR OS Router Configuration Guide Page 361...
Page 362: Mac Filter Entry
• Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# Page 362 7710 SR OS Router Configuration Guide...
Page 363 "IPv4PrefixBlacklist" description "default IPv4 prefix blacklist" prefix 10.0.0.0/21 prefix 10.254.0.0/24 exit exit ip-filter 10 scope template filter-name "IPv4PrefixBlacklistFilter" entry 10 match src-ip ip-prefix-list IPv4PrefixBlacklist exit action drop exit exit --------------------------------------------- 7710 SR OS Router Configuration Guide Page 363...
Page 364: Creating Filter Log Policies
Creating Filter Log Policies The following displays a filter matching configuration example. A:ALA-48>config>filter>log# info detail --------------------------------------------- description "Test filter log." destination memory 1000 wrap-around no shutdown --------------------------------------------- A:ALA-48>config>filter>log# Page 364 7710 SR OS Router Configuration Guide...
Page 365 10 exit egress filter mac 92 exit exit spoke-sdp 8:8 create ingress filter ip “epipe sap default filter” exit egress filter mac 91 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7710 SR OS Router Configuration Guide Page 365...
Page 366: Apply An Ipv6 Filter Policy To An Ies Sap
The following output displays the IPv6 filters assigned to an IES service interface: A:ALA-48>config>service>ies# info ---------------------------------------------- interface "testA" create address 192.22.1.1/24 sap 1/1/3:0 create exit ipv6 ingress filter ipv6 100 egress filter ipv6 100 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# Page 366 7710 SR OS Router Configuration Guide...
Page 367 The following displays IPv4 and IPv6 filters applied to an interface at ingress and egress. A:config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 filter ipv6 1 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:config>router>if# 7710 SR OS Router Configuration Guide Page 367...
Page 368: Creating A Redirect Policy
95 ping-test timeout 30 drop-count 5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_106" url "http://aww.alcatel.com/ipd/" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# Page 368 7710 SR OS Router Configuration Guide...
Page 369: Configuring Policy-Based Forwarding For Deep Packet Inspection In Vpls
SAP 1/1/23:5 (which it should not). Figure shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service. For information about configuring services, refer to the 7710 SR OS Services Guide. DPI Box...
Page 370 The following displays a MAC filter configuration example: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1 exit exit ---------------------------------------------- *A:ALA-48>config>filter# Page 370 7710 SR OS Router Configuration Guide...
Page 371 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# 7710 SR OS Router Configuration Guide Page 371...
Page 372: Filter Management Tasks
10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 The following displays the original filter entry order on the left side and the reordered filter entries on the right side: Page 372 7710 SR OS Router Configuration Guide...
Page 373 40 create exit match entry 30 create dst-ip 10.10.10.91/24 match src-ip 10.10.10.106/24 dst-ip 10.10.10.91/24 exit src-ip 10.10.0.200/24 action drop exit exit action forward exit exit exit ---------------------------------------------- A:ALA-7>config>filter# ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 373...
Page 374: Modifying An Ip Filter Policy
10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create description "new entry" match dst-ip 10.10.10.104/32 exit action drop exit entry 10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit Page 374 7710 SR OS Router Configuration Guide...
Page 375 Filter Policies entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 375...
Page 376: Deleting A Filter Policy
After you have removed the filter from the SAPs network interfaces, you can delete the filter as shown in the following example. Example config>filter# no ip-filter 11 Page 376 7710 SR OS Router Configuration Guide...
Page 377 5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_Proxy" url "http://www.alcatel.com" interval 10 timeout 10 return-code 1 4294967295 raise-priority 255 exit no shutdown exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 377...
Page 378: From The Filter Configuration
A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "This is new" scope exclusive entry 1 create filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action forward redirect-policy redirect2 exit entry 2 create description "new entry" ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 378 7710 SR OS Router Configuration Guide...
Page 379: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# 7710 SR OS Router Configuration Guide Page 379...
Page 380 Page 380 7710 SR OS Router Configuration Guide...
Page 381: Filter Command Reference
DHCP Filter Policy Commands config — filter — dhcp-filter filter-id [create] — no dhcp-filter filter-id — description description-string — no description — entry entry-id [create] — no entry entry-id — action {bypass-host-creation} — action drop 7710 SR OS Router Configuration Guide Page 381...
Page 382 — no icmp-code — icmp-type icmp-type — no icmp-type — ip-option ip-option-value [ip-option-mask] — no ip-option — multiple-option {true | false} — no multiple-option — option-present {true | false} — no option-present Page 382 7710 SR OS Router Configuration Guide...
Page 383 — snap-oui {zero | non-zero} — no snap-oui — snap-pid snap-pid — no snap-pid — ssap ssap-value [ssap-mask] — no ssap — src-mac ieee-address [ieee-address-mask] — no src-mac — renum old-entry-id new-entry-id 7710 SR OS Router Configuration Guide Page 383...
Page 384 — scope {exclusive | template} — no scope — type filter-type Page 384 7710 SR OS Router Configuration Guide...
Page 385 — no interval — return-code return-code-1 [return-code-2] [disable | lower- priority priority | raise-priority priority] — no return-code return-code-1 [return-code-2] — timeout seconds — no timeout — url-string [http-version version-string] — no 7710 SR OS Router Configuration Guide Page 385...
Page 386 [interval seconds] [repeat repeat] [absolute | rate] — filter ipv6 ipv6-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter mac mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Page 386 7710 SR OS Router Configuration Guide...
Page 387: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7710 SR OS Router Configuration Guide Page 387...
Page 388: Global Filter Commands
— Specifies the IP filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. Page 388 7710 SR OS Router Configuration Guide...
Page 389 — The MAC filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. 7710 SR OS Router Configuration Guide Page 389...
Page 390 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured. Page 390 7710 SR OS Router Configuration Guide...
Page 391: Dhcp Filter Commands
— The option must (partially) match a specified ASCII string. Values Up to 127 characters exact — This option requires an exact match of a hex or ascii string. invert-match — Requires the option not to (partially) match. 7710 SR OS Router Configuration Guide Page 391...
Page 392: Filter Log Destination Commands
1000 entries. The number of entries and wrap-around behavior can be edited. Default log 101 Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 Page 392 7710 SR OS Router Configuration Guide...
Page 393 Log packets received during the reconfiguration time will be handled as if summary was not active. The no form of the command reverts to the default parameter. 7710 SR OS Router Configuration Guide Page 393...
Page 394 The no form of the command configures the memory filter log to accept filter log entries until full. When the memory filter log is full, filter logging for the log filter ID ceases. Default wrap-around Page 394 7710 SR OS Router Configuration Guide...
Page 395: Filter Policy Commands
ID to reference the given policy in the CLI. Default no filter-name Parameters filter-name — A string of up to 64 characters uniquely identifying this filter policy. scope Syntax scope {exclusive | template} no scope Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter 7710 SR OS Router Configuration Guide Page 395...
Page 396 The no form of the command reverts to the default. Default none Parameters entry entry-id — Specifies at what place the filter entries received from RADIUS will be inserted in the filter. Values 1 — 65535 Page 396 7710 SR OS Router Configuration Guide...
Page 397 — Regular match criteria are allowed; ISID or VID filter match criteria not allowed. isid — Only ISID match criteria are allowed. vid — On.y VID match criteria are allowed on ethernet_II frame types. 7710 SR OS Router Configuration Guide Page 397...
Page 398: General Filter Entry Commands
Syntax log log-id no log Context config>filter>ip-filter>entry config>filter>ipv6-filter>entry config>filter>mac-filter>entry Description This command creates the context to enable filter logging for a filter entry and specifies the Page 398 7710 SR OS Router Configuration Guide...
Page 399 The no form of the command disables logging for the filter entry. Default no log Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7710 SR OS Router Configuration Guide Page 399...
Page 400 — The name of the egress IP interface where matching packets will be forwarded from. This parameter is only valid for unnumbered point-to-point interfaces. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. Page 400 7710 SR OS Router Configuration Guide...
Page 401 Default drop Parameters drop — Specifies packets matching the entry criteria will be dropped. forward — Specifies packets matching the entry criteria will be forwarded. 7710 SR OS Router Configuration Guide Page 401...
Page 402 (AND function) before the action associated with the match is executed. A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. The no form of the command removes the match criteria for the entry-id. Page 402 7710 SR OS Router Configuration Guide...
Page 403 ICMP for IPv6 ipv6-no-nxt No Next Header for IPv6 ipv6-opts Destination Options for IPv6 iso-ip ISO Internet Protocol eigrp EIGRP ospf-igp OSPFIGP ether-ip Ethernet-within-IP Encapsulation encap Encapsulation Header pnni PNNI over IP 7710 SR OS Router Configuration Guide Page 403...
Page 404 * — udp/tcp wildcard Page 404 7710 SR OS Router Configuration Guide...
Page 405: Mac Filter Entry Commands
0 — 4094 Ethernet QinQ The SAP is identified by two 802.1Q tags on the port. qtag2: 0 — 4094 Note that a 0 qtag1 value also accepts untagged packets on the dot1q port. 7710 SR OS Router Configuration Guide Page 405...
Page 406 802dot3 — Specifies the frame type is Ethernet IEEE 802.3. 802dot2-llc — Specifies the frame type is Ethernet IEEE 802.2 LLC. 802dot2-snap — Specifies the frame type is Ethernet IEEE 802.2 SNAP. Page 406 7710 SR OS Router Configuration Guide...
Page 407 Filter Policies ethernet_II — Specifies the frame type is Ethernet Type II. 7710 SR OS Router Configuration Guide Page 407...
Page 408: Ip Filter Match Criteria
— A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes. mask — The subnet mask length expressed as a decimal integer. Values 1 — 32 Page 408 7710 SR OS Router Configuration Guide...
Page 409 Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information. The no form of the command removes the destination port match criterion. Default none 7710 SR OS Router Configuration Guide Page 409...
Page 410 MF bit set to zero and have the Fragment Offset field also set to zero. icmp-code Syntax icmp-code icmp-code no icmp-code Context config>filter>ip-filter>entry>match config>filter>ipv6-filter>entry>match Description Configures matching on ICMP/ICMPv6 code field in the ICMP/ICMPv6 header of an IPor IPv6 Page 410 7710 SR OS Router Configuration Guide...
Page 411 IP header as an IP filter match criterion. The option-type octet contains 3 fields: 1 bit copied flag (copy options in all fragments) 2 bits option class 5 bits option number 7710 SR OS Router Configuration Guide Page 411...
Page 412 — Specifies matching on IP packets that contain more than one option field in the header. false — Specifies matching on IP packets that do not contain multiple option fields present in the header. Page 412 7710 SR OS Router Configuration Guide...
Page 413 — The subnet mask length expressed as a decimal integer. Values 1 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 7710 SR OS Router Configuration Guide Page 413...
Page 414 | gt | eq — Specifies the operator to use relative to src-port-number for specifying the port number match criteria. lt specifies all port numbers less than src-port-number match. gt specifies all port numbers greater than src-port-number match. eq specifies that src-port-number must be an exact match. Page 414 7710 SR OS Router Configuration Guide...
Page 415 The SYN bit is normally set when the source of the packet wants to initiate a TCP session with the specified destination IP address. The no form of the command removes the criterion from the match entry. Default no tcp-syn 7710 SR OS Router Configuration Guide Page 415...
Page 416 Description This command adds an IPv4 address prefix to an existing IPv4 address prefix match list. The no form of this command deletes the specified prefix from the list. Operational notes: Page 416 7710 SR OS Router Configuration Guide...
Page 417 — A valid IPv4 address prefix in dotted decimal notation. Values 0.0.0.0 to 255.255.255.255 (host bit must be 0) prefix-length — Length of the entered IP prefix. Values 1 — 32 7710 SR OS Router Configuration Guide Page 417...
Page 418: Mac Filter Match Criteria
0bBBB 0b100 To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) Page 418 7710 SR OS Router Configuration Guide...
Page 419 Configures a destination MAC address or range to be used as a MAC filter match criterion. The no form of the command removes the destination mac address as the match criterion. Default no dst-mac 7710 SR OS Router Configuration Guide Page 419...
Page 420 The no form of the command removes the previously entered etype field as the match criteria. Default no etype Parameters ethernet-type — The Ethernet type II frame Ethertype value to be used as a match criterion expressed in hexadecimal. Values 0x0600 — 0xFFFF Page 420 7710 SR OS Router Configuration Guide...
Page 421 — Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero. snap-pid Syntax snap-pid pid-value no snap-pid Context config>filter>mac-filter>entry Description Configures an IEEE 802.3 LLC SNAP Ethernet Frame PID value to be used as a MAC filter match criterion. 7710 SR OS Router Configuration Guide Page 421...
Page 422 To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 Default 0xFFFFFFFFFFFF (exact match) Values 0x00000000000000 — 0xFFFFFFFFFFFF Page 422 7710 SR OS Router Configuration Guide...
Page 423 — This is optional and may be used when specifying a range of ssap values to use as the match criteria. This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default none Values 0x00 — 0xFF 7710 SR OS Router Configuration Guide Page 423...
Page 424: Policy And Entry Maintenance Commands
ID. If the destination filter ID exists, either overwrite must be specified or an error message will be returned. If overwrite is specified, the function of copying from source to destination occurs in a ‘break before make’ manner and therefore should be handled with care. Page 424 7710 SR OS Router Configuration Guide...
Page 425 Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7710 SR OS Router Configuration Guide Page 425...
Page 426: Redirect Policy Commands
This command specifies the number of consecutive requests that must fail for the destination to be declared unreachable. Default drop-count 3 hold-down 0 Parameters consecutive-failures — Specifies the number of consecutive ping test failures before declaring the destination down. Values 1 — 60 Page 426 7710 SR OS Router Configuration Guide...
Page 427 — Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host. Values 1 — 60 priority Syntax priority priority no priority Context config>filter>destination 7710 SR OS Router Configuration Guide Page 427...
Page 428 This command specifies the criterion to adjust the priority based on the test result. Multiple criteria can be specified with the condition that they are not conflicting or overlap. If the returned value is Page 428 7710 SR OS Router Configuration Guide...
Page 429 For example, error code 401 for HTTP is “page not found.” If, while performing this test, the URL is not reachable, you can lower the priority by 10 points so that other means of reaching this destination are prioritized higher than the older one. Default none 7710 SR OS Router Configuration Guide Page 429...
Page 430 This command specifies the URL to be probed by the URL test. Default none Parameters url-string — Specify a URL up to 255 characters in length. http-version version-string — Specifies the HTTP version, 80 characters in length. Page 430 7710 SR OS Router Configuration Guide...
Page 431: Show Commands
— Displays information on the specified filter entry ID for the specified filter ID only. Values 1 — 65535 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output. 7710 SR OS Router Configuration Guide Page 431...
Page 432 *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total: =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- 10001 Template Yes fSpec-1 Template Yes BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Num IP filters: 2 =============================================================================== *A:Dut-C>config>filter# Page 432 7710 SR OS Router Configuration Guide...
Page 433 Fragments are not a matching criteria. All fragments and non- Off — fragments implicitly match. Specifies that traffic sampling is disabled. Sampling Off — Specifies that traffic matching the associated IP filter entry is On — sampled. 7710 SR OS Router Configuration Guide Page 433...
Page 434 The state of the TCP ACK flag is not considered as part of the Off — match criteria. as part of the match criteria. Egr. Matches The number of egress filter matches/hits for the filter entry. Page 434 7710 SR OS Router Configuration Guide...
Page 435 : Template Def. Action : Drop Radius Ins Pt: n/a CrCtl. Ins Pt: n/a Entries BGP Entries Description : (Not Specified) ------------------------------------------------------------------------------- Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry Description : (Not Specified) 7710 SR OS Router Configuration Guide Page 435...
Page 436 Show Filter (with time-range specified) — If a time-range is specified for a filter entry, the following is displayed. A:ALA-49# show filter ip =============================================================================== IP Filter =============================================================================== Filter Id : 10 Applied : No Scope : Template Def. Action : Drop Entries Page 436 7710 SR OS Router Configuration Guide...
Page 437 Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Forward Next Hop : 172.22.184.101 Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# 7710 SR OS Router Configuration Guide Page 437...
Page 438 The ICMP type match criterion. indicates no ICMP type ICMP Type Undefined specified. Configures a match on all non-fragmented IP packets. Fragment False — Configures a match on all fragmented IP packets. True — Page 438 7710 SR OS Router Configuration Guide...
Page 439 On — The option fields are not checked. Multiple Option Off — Packets containing one or more option fields in the IP header On — will be used as IP filter match criteria. 7710 SR OS Router Configuration Guide Page 439...
Page 440 Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160 Applied : No Scope : Template Def. Action : Drop Page 440 7710 SR OS Router Configuration Guide...
Page 441 Ingress counters count the packets with Layer 2 encapsulation. Sample Output *A:ALA-48# show filter ipv6 100 counters =============================================================================== IPv6 Filter =============================================================================== Filter Id : 100 Applied : No Scope : Template Def. Action : Forward 7710 SR OS Router Configuration Guide Page 441...
Page 442 The filter policy is of type exclusive. Exclusive — The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — The IP filter policy description. Description Page 442 7710 SR OS Router Configuration Guide...
Page 443 The source IP address and mask match criterion. indicates 0.0.0.0/0 no criterion specified for the filter entry. The destination IP address and mask match criterion. indi- Dest. IP 0.0.0.0/0 cates no criterion specified for the filter entry. 7710 SR OS Router Configuration Guide Page 443...
Page 444 The destination TCP or UDP port number or port range. Dest. Port The DiffServ Code Point (DSCP) name. Dscp The ICMP code field in the ICMP header of an IP packet. ICMP Code Page 444 7710 SR OS Router Configuration Guide...
Page 445 : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-48# Output Show Filter Associations — The following table describes the fields that display when the associations keyword is specified. 7710 SR OS Router Configuration Guide Page 445...
Page 446 Configures a match on all fragmented IP packets. True — Fragments are not a matching criteria. All fragments and non- Off — fragments implicitly match. Sampling Specifies that traffic sampling is disabled. Off — Page 446 7710 SR OS Router Configuration Guide...
Page 447 IP filter match criteria. TCP-ack Configures a match on packets with the ACK flag set to False — false. Configured a match on packets with the ACK flag set to true. True — 7710 SR OS Router Configuration Guide Page 447...
Page 448 The filter policy is of type template. Scope Template — The filter policy is of type exclusive. Exclusive — The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — Page 448 7710 SR OS Router Configuration Guide...
Page 449 Ing. Matches : 160 pkts (14400 bytes) Egr. Matches : 80 pkts (6880 bytes) Entry : 10 Ing. Matches : 80 pkts (7200 bytes) Egr. Matches : 80 pkts (6880 bytes) ==================================================================================== A:ALA-48# 7710 SR OS Router Configuration Guide Page 449...
Page 450 The more fragments IP flag is set in the logged packet. Flags M — The do not fragment IP flag is set in the logged packet. (IP flags) DF — The TOS byte value in the logged packet. Page 450 7710 SR OS Router Configuration Guide...
Page 451 Summary criterion that is used as index into the mini-tables of the log. TotCnt The total count of logs. ArpCnt Displays the total number of ARP messages logged for this log ID. 7710 SR OS Router Configuration Guide Page 451...
Page 452 Note: A summary log will be printed only in case TotCnt is different from 0. Only the address types with at least 1 entry in the minitable will be printed. A:ALA-A>config# show filter log 190 =============================================================================== Summary Log[190] Crit1: SrcAddr TotCnt: 723 ArpCnt: 06-06-06-06-06-06 06-06-06-06-06-05 06-06-06-06-06-04 06-06-06-06-06-03 Page 452 7710 SR OS Router Configuration Guide...
Page 453 Values 1 — 65535 Output No Parameters Specified — When no parameters are specified, a brief listing of IP filters is produced. The following table describes the command output for the command. 7710 SR OS Router Configuration Guide Page 453...
Page 454 The destination MAC address and mask match criterion. When both the Dest MAC MAC address and mask are all zeroes, no criterion specified for the filter entry. Page 454 7710 SR OS Router Configuration Guide...
Page 455 : Forward Ing. Matches Egr. Matches Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : Ethernet 7710 SR OS Router Configuration Guide Page 455...
Page 456 =============================================================================== A:ALA-49# Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. Page 456 7710 SR OS Router Configuration Guide...
Page 457 Def. Action : Forward Entries Description : Description for Mac Filter Policy id # 8 ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts (5440 bytes) 7710 SR OS Router Configuration Guide Page 457...
Page 458 The MAC filter policy description. Description and its entries is produced. The following table describes the command output for the command. Label Description The MAC filter policy ID. MAC Filter Filter Id Page 458 7710 SR OS Router Configuration Guide...
Page 459 Filter entry matches a non-zero value for the Ethernet Esnap-oui-zero Non-Zero — SNAP OUI. Filter entry matches a zero value for the Ethernet SNAP OUI. Zero — No Ethernet SNAP OUI value specified. Undefined — 7710 SR OS Router Configuration Guide Page 459...
Page 460 Egr. Matches: 0 pkts Entry : 50 FrameType : Ethernet Description : entry 50 Src Mac : 00:00:01:66:00:00 00:00:0f:ff:00:00 Dest Mac LI Source : No Ing. Matches: 0 pkts Egr. Matches: 0 pkts Page 460 7710 SR OS Router Configuration Guide...
Page 461 1/1/6:9 (Egress) Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. 7710 SR OS Router Configuration Guide Page 461...
Page 462 LI Mac Filter =============================================================================== Filter Id : testLiMacFilter Associated : Yes Entries Description : test LI Mac filter setup ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 10 Description : entry 10 Page 462 7710 SR OS Router Configuration Guide...
Page 463 Specifies the operational value of the priority for this destination. The highest operational priority across multiple destinations is used as the preferred destination. Admin Priority Specifies the configured base priority for the destination. 7710 SR OS Router Configuration Guide Page 463...
Page 464 Test test test test =============================================================================== ALA-A>config>filter# ALA-A>config>filter# show filter redirect-policy redirect1 =============================================================================== Redirect Policy =============================================================================== Redirect Policy: redirect1 Applied : Yes Description : New redirect info Active Dest : 10.10.10.104 ------------------------------------------------------------------------------- Page 464 7710 SR OS Router Configuration Guide...
Page 465 : Up Oper State : Down URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2007 05:04:15 Action Taken : Disable 7710 SR OS Router Configuration Guide Page 465...
Page 466 Show Commands Priority Change: 0 Return Code =============================================================================== ALA-A# Page 466 7710 SR OS Router Configuration Guide...
Page 467: Clear Commands
1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. 7710 SR OS Router Configuration Guide Page 467...
Page 468 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. Page 468 7710 SR OS Router Configuration Guide...
Page 469: Monitor Commands
— The IP filter policy ID. Values 1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be moniitored. Values 1 — 65535 7710 SR OS Router Configuration Guide Page 469...
Page 470 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. Page 470 7710 SR OS Router Configuration Guide...
Page 471: Cflowd
• Cflowd Overview on page 472  Operation on page 473  Cflowd Filter Matching on page 477 • Cflowd Configuration Process Overview on page 478 • Configuration Notes on page 479 7710 SR OS Router Configuration Guide Page 471...
Page 472: Cflowd Overview
IP addresses, port numbers, AS numbers, etc. Each subsequent packet matching the same parameters of the flow contribute to the byte and packet count of the flow until the flow is terminated and exported to a collector for storage. Page 472 7710 SR OS Router Configuration Guide...
Page 473: Operation
6. If a flow has been active for a period of time equal to or greater than the active timer (default 30 minutes), then the entry is removed from the flow cache. 7710 SR OS Router Configuration Guide Page 473...
Page 474: Version 9
V8 record format. Figure 23 depicts Version 5, Version 8, Version 9, and Version 10 flow processing. Page 474 7710 SR OS Router Configuration Guide...
Page 475: Figure 23: V5, V8, V9, V10, And Flow Processing
• When the user executes a clear cflowd command. • When other measures are met that apply to aggressively age flows as the cache becomes too full (such as overflow percent). 7710 SR OS Router Configuration Guide Page 475...
Page 476 IPv4, IPv6, and MPLS. Version 10 is interoperable with RFC 5150 and 5102. Page 476 7710 SR OS Router Configuration Guide...
Page 477: Cflowd Filter Matching
Subsequent packets in the same flow are then forwarded without needing to be matched against the complete set of filters. Specific performance varies depending on the number and complexity of the filters. 7710 SR OS Router Configuration Guide Page 477...
Page 478: Cflowd Configuration Process Overview
Cflowd ACL, where IP filters must be created with entries containing the action filter- sampled. In this mode only traffic matching these filter entries will be subject to the cflowd sampling process. Page 478 7710 SR OS Router Configuration Guide...
Page 479: Configuration Notes
A cflowd option must be specified and enabled on a router interface. • Sampling must be enabled on either:  An IP filter which is applied to a port or service.  An interface on a port or service. 7710 SR OS Router Configuration Guide Page 479...
Page 480 Page 480 7710 SR OS Router Configuration Guide...
Page 481: Configuring Cflowd With Cli
Specifying Sampling Options in Filter Entries on page 498 • Cflowd Configuration Management Tasks on page 501  Modifying Global Cflowd Components on page 501  Modifying Cflowd Collector Parameters on page 502 7710 SR OS Router Configuration Guide Page 481...
Page 482: Cflowd Configuration Overview
Cflowd Configuration Overview The 7710 SR OS implementation of cflowd supports the option to analyze traffic flow. The imple- mentation also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed. Traffic Sampling Traffic sampling does not examine all packets received by a router.
Page 483: Collectors
• MPLS labels The 7710 SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all IP packets forwarded by the inter- face are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis.
Page 484 Source-destination prefix — Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress interface and egress interface. • Raw — Flows are not aggregated and are sent to the collector in a V5 record. Page 484 7710 SR OS Router Configuration Guide...
Page 485: Basic Cflowd Configuration
A:ALA-1>config>cflowd# info detail ---------------------------------------------- active-timeout 30 cache-size 65536inactive-timeout 15 overflow 1 rate 1000 collector 10.10.10.103:2055 version 9 no aggregation autonomous-system-type origin description "V9 collector" no shutdown exit template-retransmit 330 exit no shutdown ---------------------------------------------- A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 485...
Page 486: Common Configuration Tasks
Global Cflowd Components The components common (global) to all instances of cflowd include the following parameters: • Active timeout • Inactive timeout • Cache size • Overflow • Rate • Template retransmit Page 486 7710 SR OS Router Configuration Guide...
Page 487: Configuring Cflowd
{version [5 | 8 | 9 |10]} aggregation as-matrix destination-prefix protocol-port source-destination-prefix source-prefix template-set {basic | mpls-ip} autonomous-system-type [origin | peer] description description-string no shutdown no shutdown 7710 SR OS Router Configuration Guide Page 487...
Page 488: Enabling Cflowd
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured. A:ALA-1>config# info detail #------------------------------------------ echo "Cflowd Configuration" #------------------------------------------ cflowd active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 template-retransmit 600 no shutdown exit #------------------------------------------ A:ALA-1>config# Page 488 7710 SR OS Router Configuration Guide...
Page 489: Configuring Global Cflowd Parameters
The following example displays a common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 489...
Page 490: Configuring Cflowd Collectors
"AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation protocol-port source-destination-prefix exit autonomous-system-type peer description "Neighbor collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Version 9 Collector example: collector 10.10.10.9:2000 version 9 description "v9collector" template-set mpls-ip no shutdown Page 490 7710 SR OS Router Configuration Guide...
Page 491 IP version (60) ICMP Type & Code (32) BGP Source ASN (16) BGP Dest ASN (17) Source IPv4 Prefix Length (9) Dest IPv4 Prefix Length (13) MPLS-IPv4 Template: IPv4 Src Addr (8) 7710 SR OS Router Configuration Guide Page 491...
Page 492 Protocol (4) IPv6 Options Hdr (64) IPv6 Next Header (193) IPv6 Flow Label (31) TOS (5) IP version (60) IPv6 ICMP Type & Code (139) BGP Source ASN (16) BGP Dest ASN (17) Page 492 7710 SR OS Router Configuration Guide...
Page 493 Egress Interface (14) Packet Count (2) Byte Count (1) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) 7710 SR OS Router Configuration Guide Page 493...
Page 494 IP version (60) ICMP Type & Code (32) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) Page 494 7710 SR OS Router Configuration Guide...
Page 495: Enabling Cflowd On Interfaces And Filters
Specifying Cflowd Options on an IP Interface on page 496  Interface Configurations on page 496  Service Interfaces on page 497 • Specifying Sampling Options in Filter Entries on page 498  Interface Configurations on page 496 7710 SR OS Router Configuration Guide Page 495...
Page 496: Specifying Cflowd Options On An Ip Interface
3. The interface>cflowd interface option must be selected. For configuration information, refer to the Filter Policy Overview section of the 7710 SR OS Router Configuration Guide. 4. To omit certain types of traffic from being sampled when the interface sampling is enabled, the config>filter>ip-filter>entry>interface-disable-sample option may be...
Page 497: Service Interfaces
Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface. 7710 SR OS Router Configuration Guide Page 497...
Page 498: Specifying Sampling Options In Filter Entries
3. On the IP interface being used, the interface>cflowd acl option must be selected. (See Interfcace Configuration) For configuration information, refer to the IP Router Confguration Overview section of the 7710 SR OS Router Configuration Guide. 4. On the IP filter being used, the entry>filter-sample option must be explicitly enabled for the entries matching the traffic that should be sampled.
Page 499: Dependencies
Filter Configurations on page 498 Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 13 displays the expected results when specific features are enabled and disabled. 7710 SR OS Router Configuration Guide Page 499...
Page 500 Interface mode All IP traffic ingressing the none interface interface is subject to sampling. Interface mode Filter level action is ignored. All filter sampled interface traffic ingressing the interface is subject to sampling. Page 500 7710 SR OS Router Configuration Guide...
Page 501: Cflowd Configuration Management Tasks
Example: config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10 The following example displays the common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 60 overflow 2 rate 10 #------------------------------------------ A:ALA-1>config>cflowd# 7710 SR OS Router Configuration Guide Page 501...
Page 502: Modifying Cflowd Collector Parameters
The following displays basic cflowd modifications: A:ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 version 5 description "AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation source-prefix exit description "Test collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Page 502 7710 SR OS Router Configuration Guide...
Page 503: Cflowd Command Reference
— template-set {basic | mpls-ip} — inactive-timeout seconds — no inactive-timeout — overflow percent — no overflow — rate sample-rate — no rate — [no] shutdown — template-retransmit seconds — no template-retransmit 7710 SR OS Router Configuration Guide Page 503...
Page 504 [ip-int-name | ip-address] — status Tools Commands tools — dump — cflowd — top-protocols [clear] — top-flows [ipv4 | ipv6 | mpls] [clear] — packet-size [ipv4 | ipv6] [clear] Clear Commands clear — cflowd Page 504 7710 SR OS Router Configuration Guide...
Page 505: Cflowd Configuration Commands
The no form of this command resets the inactive timeout back to the default value. Default Parameters minutes — The value expressed in minutes before an active flow is exported. Values 1 — 600 7710 SR OS Router Configuration Guide Page 505...
Page 506 — The IP address of the flow data collector in dotted decimal notation. :port — The UDP port of flow data collector. Values 1— 65535 Default 2055 version — The version of the flow data collector. Values 5, 8, 9, 10 Default Page 506 7710 SR OS Router Configuration Guide...
Page 507 The no form removes this type of aggregation from the collector configuration. Default none protocol-port Syntax [no] protocol-port Context config>cflowd>collector>aggregation Description This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number. 7710 SR OS Router Configuration Guide Page 507...
Page 508: Table 14: Cflowd Configuration Dependencies
[no] source-prefix Context config>cflowd>collector>aggregation Description This command configures cflowd aggregation based on source prefix information. The no form of this command removes this type of aggregation from the collector configuration. Default none Page 508 7710 SR OS Router Configuration Guide...
Page 509 The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. The no form of this command administratively enables an entity. 7710 SR OS Router Configuration Guide Page 509...
Page 510 Parameters seconds — Specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive. Values 10 — 600 Page 510 7710 SR OS Router Configuration Guide...
Page 511 Context config>cflowd Description This command specifies the interval for sending template definitions. Default Parameters seconds — The value expressed in seconds before sending template definitions. Values 10 — 600 7710 SR OS Router Configuration Guide Page 511...
Page 512 Page 512 7710 SR OS Router Configuration Guide...
Page 513: Show Commands
The current operational status of this Cflowd remote collector host. Oper The number of Cflowd records that have been transmitted to this Recs Sent remote collector host. The total number of collectors using this IP address. Collectors 7710 SR OS Router Configuration Guide Page 513...
Page 514 The UDP port number on the remote Cflowd collector host to receive Port the exported Cflowd data. A user-provided descriptive string for this Cflowd remote collector Description host. Version The version of the flow data sent to the collector. Page 514 7710 SR OS Router Configuration Guide...
Page 515 Records Sent : 1260 Last Changed : 09/03/2009 17:24:04 Last Pkt Sent : 09/03/2009 18:07:10 ------------------------------------------------------------------------------- Sent Open Errors ------------------------------------------------------------------------------- =============================================================================== Address : 138.120.135.103 Port : 9555 Description : Test v8 Collector 7710 SR OS Router Configuration Guide Page 515...
Page 516 — Display only information for the IP interface with the specified IP address. Default all interfaces with cflowd enabled. ip-int-name — Display only information for the IP interface with the specified name. Default all interfaces with cflowd enabled. Page 516 7710 SR OS Router Configuration Guide...
Page 517 Oper IPv4 IPv6 Address Oper IPv6 ------------------------------------------------------------------------------- ipv4ipv6NamedIf Base intf/ing 5.5.5.5/24 55::55/128 ipv4NamedIf acl-egr 10.10.10.10/24 Down ipv6NamedIf Base i/f-both Down 1234:5678::9/128 ------------------------------------------------------------------------------- Interfaces : 3 =============================================================================== B:sr-002# show cflowd interface 11.10.1.2 =============================================================================== 7710 SR OS Router Configuration Guide Page 517...
Page 518 The maximum amount of time, in minutes, before an active flow Active Timeout will be exported. If an individual flow is active for this amount of time, the flow is exported and a new flow is created. Page 518 7710 SR OS Router Configuration Guide...
Page 519 Dropped Flows: 0 ? equal to “total flows trashed” in cflowdStatsTotal Pkts Rcvd : 801600 Total Pkts Dropped : 0 Times flow created 160000 Times flow matched 224428382 Total flows flushed 150000 7710 SR OS Router Configuration Guide Page 519...
Page 520 Overflow : 1% Sample Rate Active Flows : 34 Total Pkts Rcvd : 801600 Total Pkts Dropped =============================================================================== Version Info =============================================================================== Version Status Sent Open Errors ------------------------------------------------------------------------------- Enabled Enabled Enabled Enabled =============================================================================== Page 520 7710 SR OS Router Configuration Guide...
Page 521: Table 15: Show Cflowd Collector Output Fields
(Number of seconds since last clear / total flows) Displays the percentage of bandwidth consumed by the associated Bandwidth Total protocol type. (Total protocol bytes / total bytes of all flows) 7710 SR OS Router Configuration Guide Page 521...
Page 522: Table 16: Show Cflowd Collector Detailed Output Fields
Displays the protocol flag markings. Flgs Pkts Displays the total number of packets sampled for this flow (since stats were last cleared). vRtr-ID Displays the vRouter context the flow was sample in. Page 522 7710 SR OS Router Configuration Guide...
Page 523 Src Port vRtr ID DstIP (upto IPv6) Egress i/f Dst Port Proto Flags Nexthop (uptoIPv6) Total Pkts Avg Pkt Active(sec) 2001:0db8:85a3:0000:0000:8a2e:0370:7334 60005 10020 0x12 2001:0db8:85a3:0000:0000:8a2e:0280:1234 60325 20010 0x23 2001:0db8:85a3:0000:0000:8a2e:1234:5678 1234567890 1500 13600 …… 7710 SR OS Router Configuration Guide Page 523...
Page 524 .000 .250 .000 .000 .010 .100 .500 .090 .000 .000 .000 .000 .000 .000 .000 576 1024 1536 2048 2560 3072 3584 4096 4608 9000 .000 .000 .000 .050 .000 .000 .000 .000 .000 .000 .000 .000 Page 524 7710 SR OS Router Configuration Guide...
Page 525: Clear Commands
This action will trigger all the flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global stats collector stats listed in the cflowd show commands. 7710 SR OS Router Configuration Guide Page 525...
Page 526 Page 526 7710 SR OS Router Configuration Guide...
Page 527: Standards And Protocol Support
Standards and Protocol Support Standards Compliance RFC 3623 Graceful OSPF Restart – GR RFC 4659 BGP-MPLS IP Virtual Private helper Network (VPN) Extension for IPv6 IEEE 802.1ab-REV/D3 Station and RFC 3630 Traffic Engineering (TE) Media Access Control Connectivity Extensions to OSPF Version 2 RFC 4684 Constrained Route Discovery Distribution for Border Gateway...
Page 528 Standards and Protocols RFC 3567 Intermediate System to RFC 2545 Use of BGP-4 Multiprotocol RFC 4604 Using IGMPv3 and MLDv2 Intermediate System (ISIS) Extension for IPv6 Inter-Domain for Source-Specific Multicast Cryptographic Authentication Routing RFC 4607 Source-Specific Multicast for RFC 3719 Recommendations for RFC 2710 Multicast Listener Discovery Interoperable Networks using IS-IS (MLD) for IPv6RFC 2740 OSPF for...
Page 529 Standards and Protocols RFC 3478 Graceful Restart Mechanism draft-newton-mpls-te-dynamic- RFC 5881 BFD IPv4 and IPv6 (Single for LDP – GR helper overbooking-00 A Diffserv-TE Hop) Implementation Model to RFC 5036 LDP Specification RFC 5883 BFD for Multihop Paths dynamically change booking factors RFC 5283 LDP extension for Inter-Area during failure events VRRP...
Page 530 Standards and Protocols Services (previously draft-ietf- draft-ietf-pwe3-redundancy-bit-06.txt, l2vpn-vpls-mcast-reqts-04) Pseudowire Preferential Forwarding RFC 1626 Default IP MTU for use over Status bit definition ATM AAL5 draft-ietf-l2vpn-vpls-mcast-reqts-04 draft-ietf-pwe3-redundancy-06.txt, RFC 2514 Definitions of Textual draft-ietf-l2vpn-signaling-08 Pseudowire (PW) Redundancy Conventions and PSEUDOWIRE OBJECT_IDENTITIES for ATM RFC6391 Flow Aware Transport of Management Pseudowires over an MPLS PSN...
Page 531 Standards and Protocols MEF-8 Implementation Agreement for GR-1244-CORE Clocks for the RFC 2573 SNMP-Target-&-notification- the Emulation of PDH Circuits over Synchronized Network: Common Metro Ethernet Networks, October Generic Criteria, Issue 3, May 2005 RFC 2574 SNMP-User-based-SMMIB 2004 ITU-T G.8261 Telecommunication RFC 2575 SNMP-View-based ACM- RFC 5287 Control Protocol Extensions Standardization Section of ITU,...
Page 532 Standards and Protocols TIMETRA-CFLOWD-MIB.mib TIMETRA-CHASSIS-MIB.mib TIMETRA-CLEAR-MIB.mib TIMETRA-FILTER-MIB.mib TIMETRA-GLOBAL-MIB.mib TIMETRA-IGMP-MIB.mib TIMETRA-ISIS-MIB.mib TIMETRA-LAG-MIB.mib TIMETRA-LDP-MIB.mib TIMETRA-LOG-MIB.mib TIMETRA-MIRROR-MIB.mib TIMETRA-MPLS-MIB.mib TIMETRA-NG-BGP-MIB.mib TIMETRA-OAM-TEST-MIB.mib TIMETRA-OSPF-NG-MIB.mib TIMETRA-OSPF-V3-MIB.mib TIMETRA-PIM-NG-MIB.mib TIMETRA-PORT-MIB.mib TIMETRA-PPP-MIB.mib TIMETRA-QOS-MIB.mib TIMETRA-RIP-MIB.mib TIMETRA-ROUTE-POLICY-MIB.mib TIMETRA-RSVP-MIB.mib TIMETRA-SECURITY-MIB.mib TIMETRA-SERV-MIB.mib TIMETRA-SUBSCRIBER- MGMTMIB.mib TIMETRA-SYSTEM-MIB.mib TIMETRA-TC-MIB.mib TIMETRA-VRRP-MIB.mib TIMETRA-VRTR-MIB.mib Page 532 Standards and Protocols...
Page 533: Index
ID IPv6 service management tasks system interface matching criteria system name DSCP values IP option values VRRP packets overview policies components policy entries IP address owner port-based filtering 7710 SR OS Router Configuration Guide Page 533...
Page 534 IP addresses owner and non-owner virtual router virtual router backup virtual router master VRID configuring basic command reference IES parameters non-owner owner management tasks overview router interface non-owner owner VRRP policy parameters Page 534 7710 SR OS Router Configuration Guide...