Download  Print this page

Nokia 7450 ESS Interface Configuration Manual

Ethernet service switch, service router, extensible routing system, virtualized service router
Hide thumbs
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914

Advertisement

Table of Contents
INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5
7450 ETHERNET SERVICE SWITCH
7750 SERVICE ROUTER
7950 EXTENSIBLE ROUTING SYSTEM
VIRTUALIZED SERVICE ROUTER
INTERFACE CONFIGURATION GUIDE
RELEASE 15.0.R5

3HE 11968 AAAC TQZZA 01

Issue: 01

September 2017
Nokia — Proprietary and confidential.
Use pursuant to applicable agreements.

Advertisement

Table of Contents
loading

  Related Manuals for Nokia 7450 ESS

  Summary of Contents for Nokia 7450 ESS

  • Page 1: Issue

    INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 7450 ETHERNET SERVICE SWITCH 7750 SERVICE ROUTER 7950 EXTENSIBLE ROUTING SYSTEM VIRTUALIZED SERVICE ROUTER INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11968 AAAC TQZZA 01 Issue: 01 September 2017 Nokia — Proprietary and confidential. Use pursuant to applicable agreements.
  • Page 2 © 2017 Nokia. Contains proprietary/trade secret information which is the property of Nokia and must not be made available to, or copied or used by anyone outside Nokia without its written authorization. Not to be used or disclosed except in accordance with applicable agreements.
  • Page 3: Table Of Contents

    INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table of Contents Getting Started ................9 About This Guide..................9 Interface Configuration Process ..............11 Interfaces ..................13 Configuration Overview ................13 2.1.1 Chassis Slots and Cards ................13 2.1.2 MCMs .......................15 2.1.3 MDA-a, MDA-aXP, MDA, MDA-XP and MDA-e Modules......15 2.1.4 XMAs/C-XMAs...................18 2.1.5...
  • Page 4 INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.15 Ethernet Local Management Interface (E-LMI) ........109 2.3.2.16 Link Layer Discovery Protocol (LLDP).............110 2.3.2.17 Exponential Port Dampening..............114 2.3.3 Per Port Aggregate Egress Queue Statistics Monitoring......117 Port Cross-Connect (PXC) ..............119 2.4.1 PXC Terminology ..................120 2.4.2 PXC - Physical Port in Cross-Connect (Loopback) Mode .......121 2.4.2.1 Operational State..................122 2.4.3...
  • Page 5 INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 G.8031 Protected Ethernet Tunnels ............172 G.8032 Protected Ethernet Rings............173 Ethernet Port Monitoring .................174 2.10 802.3ah OAM ..................178 2.10.1 OAM Events ....................180 2.10.1.1 Link Monitoring ..................181 2.10.2 Remote Loopback ...................187 2.10.3 802.3ah OAM PDU Tunneling for Epipe Service........188 2.10.3.1 802.3ah Grace Announcement..............188 2.11...
  • Page 6 INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.19.1.9 Forwarding Path Extension (FPE) Commands........279 2.19.1.10 Port APS Commands ................279 2.19.1.11 Ethernet Commands................280 2.19.1.12 Interface Group Handler Commands............288 2.19.1.13 Multilink Bundle Commands ..............288 2.19.1.14 SONET-SDH Commands ................290 2.19.1.15 TDM Commands ..................292 2.19.1.16 DS3 Commands ..................295 2.19.1.17 E1 Commands..................296 2.19.1.18...
  • Page 7 INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.20.1.4 Debug Commands...................633 2.20.1.5 Tools Commands ..................633 2.20.2 Command Descriptions ................634 2.20.2.1 Hardware Show Commands..............635 2.20.2.2 PEQ Show Commands................699 2.20.2.3 APS Show Commands ................706 2.20.2.4 Port Show Commands................710 2.20.2.5 Multilink Bundle Show Commands ............805 2.20.2.6 LAG Show Commands ................825 2.20.2.7 MACsec Show Commands..............836...
  • Page 8 INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11968 AAAC TQZZA 01 Issue: 01...
  • Page 9: Getting Started

    SR OS router. Table 1 Supported SR OS Router Chassis Types 7450 ESS 7750 SR 7950 XRS • 7450 ESS-7/12 running in • 7450 ESS-7/12 running in • 7950 XRS-16c standard mode (not mixed- mixed-mode (not standard • 7950 XRS-20/40...
  • Page 10 Getting Started INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Note: This guide generically covers Release 15.0.Rx content and may contain some content that will be released in later maintenance loads. Refer to the SR OS R15.0.Rx Software Release Notes, part number 3HE 12060 000x TQZZA or the VSR Release Notes, part number 3HE 12092 000x TQZZA, for information on features supported in each load of the Release 15.0.Rx software.
  • Page 11: Interface Configuration Process

    INTERFACE CONFIGURATION GUIDE Getting Started RELEASE 15.0.R5 1.2 Interface Configuration Process Table 2 lists the tasks necessary to configure IOMs and XCMs (also referred to as cards), MDAs and XMAs, and ports. Note: For consistency across platforms, XMAs are modeled in the SR OS (CLI and SNMP) as MDAs.
  • Page 12 Getting Started INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 3HE 11968 AAAC TQZZA 01 Issue: 01...
  • Page 13: Interfaces

    • the term “MDA” is used generically to refer to both MDAs and XMAs Nokia routers provide the capability to configure chassis slots to accept specific card and MDA types and set the relevant configurations before the equipment is actually installed.
  • Page 14 A:SR12-1>config# card 1 A:SR12-1>config>card# card-type iom3-xp The 7450 ESS-7/12, and 7750 SR-7/12, and 7750 SR-12e platforms also support a variety of IMMs in designated chassis slots. IMMs have integrated MDAs. The provisioning requirements depends on the generation of IMM that you use. Refer to the IMM Installation Guide for more information.
  • Page 15: Mcms

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The 7750 SR-e platforms support the IOM-e modules in dedicated slots in the rear of each chassis. The 7750 SR-1e supports one physical IOM-e module. This IOM-e is represented in the CLI as card 1. The 7750 SR-2e supports two physical IOM-e cards.
  • Page 16 =============================================================================== A:ALU-3>config>card# On the 7450 ESS-7/12, 7750 SR-7/12, and 7750 SR-12e, MDAs plug into IOMs. (MDA and MDA-XP modules plug into the IOM3-XP/-B/-C. MDA-e modules plug into the IOM4-e and IOM4-e-B). Up to two MDAs can be provisioned on an IOM.
  • Page 17 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 On the 7750 SR-c12/SR-c4, 7450 ESS-7/12, 7750 SR-7/12, and 7750 SR-12e platforms, MDA names in the CLI start with the letter 'm' (for example, m10-1gb-xp- sfp). The following example displays the card, card-type, mda, and mda-type command usage in the 7750 SR-7: A:SR7>config# card 1...
  • Page 18: Xmas/C-Xmas

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 A:SR1e# admin display-config . . . ---------------------------------------------- echo "Card Configuration" #--------------------------------------------- card 1 card-type iom-e mda 1 mda-type me10-10gb-sfp+ exit mda 4 mda-type me1-100gb-cfp2 exit exit ---------------------------------------------- A:SR1e# 2.1.4 XMAs/C-XMAs Note: For consistency across platforms, XMAs are modeled in the system as MDAs, and unless specified otherwise, the term MDA is used generically in this document to refer to both MDAs and C-XMA/XMAs.
  • Page 19: Cmas

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 echo "Card Configuration " #------------------------------------------ card 1 card-type xcm-x20 mda 1 mda-type cx2-100g-cfp power-priority-level 130 exit mda 2 mda-type cx20-10g-sfp power-priority-level 135 exit exit ---------------------------------------------- A:XRS20# On the 7950 XRS, the show card state output displays an “x” in the name of the XMA and “cx”...
  • Page 20: Versatile Service Module (Vsm)

    A VSM, like an MDA, is installed and provisioned as a pluggable module in an IOM. The VSM is supported on the 7450 ESS-7/12, 7750 SR-7/12, and 7750 SR-12e platforms. The VSM is not supported on the 7950 XRS or on the 7750 SR-c12/c4 platforms.
  • Page 21: Rate Limiting

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 • packet classification and scheduling 2.1.7.1 Rate Limiting The oversubscribed MDA or CMA limits the rate at which traffic can enter the MDA or CMA on a per-port basis. If a port exceeds its configured limits then the excess traffic will be discarded, and 802.3x flow control frames (pause frames) are generated.
  • Page 22 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 • The packet is classified into 16 classes. Typically, these are the eight forwarding classes and each packet is assigned one priority per forwarding class. After classification, the packet is offered to the queuing model. This queuing model is limited to three queues each having four thresholds.
  • Page 23: Channelized Mda/Cma Support

    Each port for the channelized ASAP OC-3/STM-1 MDA supports channelization down to DS-0 and accepts one OC-3/STM-1 SFP small form factor pluggable (SFP) module. The same SFP optics used on Nokia’s SONET/SDH MDAs can be used on the channelized ASAP OC-3/STM-1 MDA.
  • Page 24: Channelized Oc-12/Stm-4 Asap Mdas

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 enables enhanced Layer 1 and Layer 2 data path functionality, for example ATM TM features, MDA-based channel or port queuing, or multilink applications like Inverse ATM Multiplexing (IMA). This MDA is supported on the 7750 SR-7/12 and the 7750 SR-c4/c12 platforms.
  • Page 25: Channelized Oc-3/Stm-1 Circuit Emulation Services (Ces) Cma And Mda

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 E-1 (G.704) channels. Also, 56 kb/s channels cannot be part of a bundle. E-3 ports do not support channelization, only clear channel operation. This MDA is supported on the 7750 SR-7/12 and the 7750 SR-c4/c12 platforms. 2.1.8.7 Channelized OC-3/STM-1 Circuit Emulation Services (CES) CMA and MDA...
  • Page 26: Network Interconnections

    2.1.8.8 Network Interconnections Nokia routers can fill the needs of smaller service providers as well as the more remote point of presence (PoPs) locations for larger service providers. To support the use of lower speed links as network links in the likelihood that lower speed circuits...
  • Page 27: Digital Diagnostics Monitoring

    Interfaces RELEASE 15.0.R5 2.2 Digital Diagnostics Monitoring Some Nokia SFPs, XFPs, QSFPs, CFPs and the MSA DWDM transponder have the Digital Diagnostics Monitoring (DDM) capability where the transceiver module maintains information about its working status in device registers including: • temperature •...
  • Page 28 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 =============================================================================== High Alarm High Warn Low Warn Low Alarm Lane Tx Bias Current (mA) 78.0 75.0 25.0 20.0 Lane Rx Optical Pwr (avg dBm) 2.30 2.00 -11.02 -13.01 ------------------------------------------------------------------------------- Lane ID Temp(C)/Alm Tx Bias(mA)/Alm Tx Pwr(dBm)/Alm Rx Pwr(dBm)/Alm -------------------------------------------------------------------------------...
  • Page 29 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 DDM information is populated into the router’s MIBs, so the DDM data can be retrieved by Network Management using SNMP. Also, RMON threshold monitoring can be configured for the DDM MIB variables to set custom event thresholds if the factory-programmed thresholds are not at the desired levels.
  • Page 30 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 5 DDM Alarms and Warnings Parameter SFP/XFP Units Required? MSA DWDM Temperature - High Alarm - Low Alarm - High Warning - Low Warning Supply Voltage µV - High Alarm - Low Alarm - High Warning - Low Warning TX Bias Current...
  • Page 31: Sfps And Xfps

    The availability of the DDM real-time information and the warning and alarm status is based on the transceiver. It may or may not indicate that DDM is supported. Although some Nokia SFPs support DDM, Nokia has not required DDM support in releases prior to Release 6.0. Non-DDM and DDM-supported SFPs are distinguished by a specific ICS value.
  • Page 32: Ports

    2.3.1 Port Types Before a port can be configured, the slot must be provisioned with a card type and MDA type. Nokia routers support the following port types: • Ethernet — Supported Ethernet port types include: − Fast Ethernet (10/100BASE-T) −...
  • Page 33 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Once the port is changed to hybrid, the default MTU of the port is changed to match the value of 9212 bytes currently used in network mode (higher than an access port), ensuring that both SAP and network VLANs can be accommodated.
  • Page 34 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 When a named pool policy is applied to the hybrid port’s MDA or to the hybrid port, the port’s fair share of total buffers available to the MDA is split into three parts: default pools, named pools local to the port, and named pools on the ports MDA.
  • Page 35: Port Features

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 • APS — Automatic Protection Switching (APS) is a means to provide redundancy on SONET equipment to guard against linear unidirectional or bidirectional failures. The network elements (NEs) in a SONET/SDH network constantly monitor the health of the network. When a failure is detected, the network proceeds through a coordinated pre-defined sequence of steps to transfer (or switchover) live traffic to the backup facility (called protection facility.) This is done very quickly to minimize lost traffic.
  • Page 36: Network Access Control

    2.3.2.2 802.1x Network Access Control Nokia routers support network access control of client devices (PCs, STBs, and so on) on an Ethernet network using the IEEE. 802.1x standard. 802.1x is known as Extensible Authentication Protocol (EAP) over a LAN network or EAPOL.
  • Page 37 RELEASE 15.0.R5 2.3.2.2.1 802.1x Modes Nokia routers support port-based network access control for Ethernet ports only. Every Ethernet port can be configured to operate in one of three different operation modes, controlled by the port-control parameter: • force-auth — Disables 802.1x authentication and causes the port to transition to the authorized state without requiring any authentication exchange.
  • Page 38 EAPOL-start PDU, if it doesn't receive the EAP- Request/ID frame during bootup. The client responds on the EAP-Request/ID with a EAP-Response/ID frame, containing its identity (typically username + password). Figure 2 802.1x Authentication Scenario Client 7450 ESS RADIUS Authentication Server Port Unauthorized EAPOL-Start...
  • Page 39 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The RADIUS server checks the supplied credentials, and if approved will return an Access Accept message to the router. The router notifies the client with an EAP- Success PDU and puts the port in authorized state. 2.3.2.2.3 802.1x Timers The 802.1x authentication procedure is controlled by a number of configurable timers...
  • Page 40 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 • quiet-period — Indicates number of seconds between authentication sessions It is started after logoff, after sending an EAP-Failure message or after expiry of the supplicant-timeout timer. The default value is 60. The range is 1 to 3600. RADIUS timer and scaler: •...
  • Page 41: Macsec

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 2.3.2.2.5 802.1x Configuration and Limitations Configuration of 802.1x network access control on the router consists of two parts: • Generic parameters, which are configured under config>security>dot1x • Port-specific parameters, which are configured under config>port>ethernet>dot1x 801.x authentication: •...
  • Page 42 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 4 802.1 AE LAN-MODE Autheticated Excrypted 802.1AE LAN-MODE DMAC SMAC 802.1AE Header 802.1Q ETYPE Payload 0x88e5 MISEec Ether PACKET TCI/AN SCI (optional) Type NUMBER sw0126 The forwarding on a MACSec packet is performed using the destination MAC address, which is in clear text.
  • Page 43 802.1AE dictates that the 802.1Q VLAN needs to be encrypted. Some vendors give the option of configuring the MACSec on a port with VLAN in clear text. SR OS supports both modes. On the 7750 SR, 7450 ESS, and 7950 XRS, 1/10 Gig cards support both mode of operation.
  • Page 44 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 7 MACsec Key Management Modes (Continued) Keying Explanation SR OS Support Where Used Static CAK PRE SHARED KEY Uses a dynamic Supported Switch to switch MACSec Key Management (MKA) and uses a configured pre shared key to drive the CAK.
  • Page 45 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Figure 7 MACsec Concepts for Static-CAK Node 1 CA1 Node 2 CA1 Port 1/1/1 security zone 1 Port 1/1/1 security zone 1 SC1-node1 SecY 1 SecY 1 TxSC1 TxSC1 TxSA1 (Active) TxSA1 (Inactive) SCI-node2 TxSA2 (Inactive) TxSA2 (Active) RxSC1...
  • Page 46 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 8 MACsec Terms (Continued) MACsec Term Description SA: Security Association In the cases of SR OS 2 SA per SC, each with a different SAK, each SC comprises a succession of SAs. Each SA is identified by the SC identifier, concatenated with a two-bit association number.
  • Page 47 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Figure 8 MACsec Generating the CAK Supplicant Authenticator RADIUS EAP Authentication Server MKA Protocol PSK: PSK: EAPoL for Authentication CAK Value: 128 or 256 CAK Value: CKN Value: 16 Char CAK: CKN Value: derived from EAP or PSK Key Server KEK: ICK:...
  • Page 48 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 9 MACsec Control Plane Supplicant Authenticator RADIUS EAP Authentication Server MKA Protocol PSK: PSK: EAPoL for Authentication CAK Value: 128 or 256 CAK Value: CKN Value: 16 Char CAK: CKN Value: derived from EAP or PSK Key Server KEK: ICK:...
  • Page 49 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 2.3.2.3.7 Each peer operates the MACsec Key Agreement Protocol (MKA). Each node can operate multiple MKAs base on the number of CA that it belongs to. Each instance of MKA is protected by a distinct secure connectivity Association key (CAK), that allows each PAE to ensure that information for a given MKA instance is only accepted from other peer that also possess that CAK, and therefore identifying themselves as members or potential members of the same CA.
  • Page 50 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 To avoid a new participant having to respond to each MKPDU from each partner as it is received, or trying to delay its reply until it is likely that MI MN tuples have been received from all potential partners, each participant maintains and advertises both a live peers list and a potential peers list.
  • Page 51 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 2.3.2.3.10 MACsec Capability, Desire, and Encryption Offset 802.1x-2010 had identified two fields in the MKA PDU. Those fields are: • MACsec Capability • Desire MACsec Capability signals weather MACsec is capable of integrity and confidentiality.
  • Page 52 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 • cipher suite selection • SAK generation and distribution • SA assignment • identifying the CA when two or more CAs merge Each participant in an MKA instance uses the Key Server priority (an 8-bit integer) encoded in each MKPDU to agree on the Key Server.
  • Page 53 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 2.3.2.3.13 P2P (Switch to Switch) Topology In a point-to-point topology, each router needs a single security zone and single Tx- SC for encryption and a single Rx-SC for decryption. Each SC has two SAs. In total for point-to-point topology, four SAs are needed, two RxSA for RxSC1 and two TXSA for TxSC1.
  • Page 54 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 11 Switch Multi-point to Switch Multi-point Topology SAI: (11:22:33:44:55:02, 00, 01) Node 2 CA1 SecY 1 N1 is Server TxSC1-----TxSA1, TxSA2 N1 Send SAK to every body RxSC1-----RxSA1, RxSA2-peer1 RxSC2-----RxSA3, RxSA4-peer2 RxSC32-----RxSA63, RxSA64-peer32 RxSC33-----NA-peer33 SAI: (11:22:33:44:55:01, 00, 01) Node 1 CA1...
  • Page 55 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Note: The operator must ensure that the number of peers do not exceed the limit of maximum peers per security zone or maximum peers per port (for example, exceeds the port max-peer parameter). If the maximum peer is exceeded, the peer connectivity will be random in case of a node failure or packet loss.
  • Page 56: Sonet/Sdh Port Attributes

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.3.17 802.1X Tunneling and Multihop MACsec MACsec is an Ethernet packet and, as with any other Ethernet packet, can be forwarded through multiple switches via Layer 2 forwarding. The encryption and decryption of the packets will be performed via the 802.1x (MKA) capable ports. To ensure that MKA is not terminated on any intermediate switch or router, the user can enable 802.1x tunneling on the corresponding port.
  • Page 57: Sonet/Sdh Path Attributes

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The port’s transmit clock rate can be node or loop timed. The port’s receive clock rate can be used as a synchronization source for the system. The Section Trace (C1) byte can be configured by the user to ensure proper physical cabling. The port can activate and deactivate local line and internal loopbacks.
  • Page 58: Multilink Frame Relay

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 13 Valid SONET and SDH Path Configurations (Continued) Framing Path Configuration Options Max Number of Paths Max Number of Paths Per Physical Port Per Physical Port Per TDM Satellite Port SONET OC3>STS1 SPE>VT GROUP>VT1.5 84 DS1 or 512 n*64 kb/s 84 DS1 SPE>DS1...
  • Page 59 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The MLFR implementation supports FRF.16.1 bundle link integrity protocol to verify serviceability of a member link. 2.3.2.6.1 MLFR Bundle Data Plane FRF.16.1 reuses the UNI/NNI fragmentation procedures defined in FRF.12. Frames on all FR SAP on the MLFR bundle have the UNI/NNI fragmentation header added regardless if they are fragmented or not.
  • Page 60 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.6.2 MLFR Bundle Link Integrity Protocol FRF.16.1 defines a MLFR Bundle Link Integrity Protocol which verifies the serviceability of a member link. If a problem is found on the member link the link integrity protocol will identify the problem, flag the link as unusable, and adjust the Bundle’s available bandwidth.
  • Page 61: Frf.12 End-To-End Fragmentation

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The control messages are encapsulated in a single-fragment frame where the C-bit, the B-bit, and the E-bit are all set. The details of the message format are given in FRF.16.1. Table 14 lists the user configured control parameters with values as specified in FRF.16.1.
  • Page 62: Frf.12 Uni/Nni Link Fragmentation

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 The following is the mode of operation for the fragmentation in the transmit direction of the FR SAP. Frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is, however, not included when the frame size is smaller than the user configured fragmentation size.
  • Page 63: Mlfr/Frf.12 Support Of Aps, Bfd, And Mirroring Features

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The operator must delete all configured FR SAPs on a port before enabling or disabling FRF.12 UNI/NNI on that port. Also, the user must shut down the port in order to change the value of the fragmentation threshold. A FR SAP on a FR circuit with FRF.12 UNI/NNI fragmentation enabled can be part of a VLL, VPLS, IES, or VPRN service.
  • Page 64: Multilink Point-To-Point Protocol (Mlppp)

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.10 Multilink Point-to-Point Protocol (MLPPP) Multilink point-to-point protocol is defined in the IETF RFC 1990, The PPP Multilink Protocol (MP), and provides a way to distribute data across multiple links within an MLPPP bundle to achieve high bandwidth. MLPPP allows for a single frame to be fragmented and transmitted across multiple links.
  • Page 65 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Figure 13 MLPPP 12-bit Fragment Format The required and default format for MP is the 24-bit format. During the LCP state the 12-bit format can be negotiated. The SR-series routers can support and negotiate the alternate 12-bit frame format.
  • Page 66 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.10.3 Sequence Number Sequence numbers can be either 12 or 24 bits long. The sequence number is zero for the first fragment on a newly constructed AVC bundle and increments by one for each fragment sent on that bundle. The receiver keeps track of the incoming sequence numbers on each link in a bundle and reconstructs the desired unbundled flow through processing of the received sequence numbers and B&E bits.
  • Page 67 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 • No async control character map • No link quality monitoring • No compound frames • No self-describing-padding Any non-LCP packets received during this phase must be silently discarded. 2.3.2.10.8 Link Fragmentation and Interleaving Support Link Fragmentation and Interleaving (LFI) provides the ability to interleave high priority traffic within a stream of fragmented lower priority traffic.
  • Page 68: Multi-Class Mlppp

    Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 3. The fragments are then transmitted out the egress port. 4. After the transmission of the fragments has begun, high priority frames arrive in the high priority queue. 5. The transmission of the remaining fragments stops and the high priority packets are transmitted out the egress interface.
  • Page 69 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Table 15 Header Formats Original MLPPP Header Format MC-MLPPP Short Sequence Header Format The new MC-MLPPP header format uses the two (previously unused) bits before the sequence number as the class identifier. This allows four distinct classes of service to be identified into separate re-assembly contexts.
  • Page 70 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 16 Default Packet Forwarding Class to MLPPP Class Mapping (Continued) FC ID FC Name Scheduling Priority MLPPP Class 4- MLPPP Class 3- MLPPP Class (Default) class bundle class bundle 2-class bundle Expedited Non-Expedited Non-Expedited Non-Expedited Non-Expedited...
  • Page 71 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Table 18 MLPPP Class Queue Threshold Parameters Class 0 Class 1 Class 2 Class 3 Queue Threshold (in ms @ Available bundle rate) 2-Class Bundle Default Egress QoS Profile 3-Class Bundle Default Egress QoS Profile 4-Class Bundle Default Egress QoS Profile 4-Class Bundle...
  • Page 72 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 19 MLPPP Class Queue Scheduling Parameters (Continued) WRR Parameters Profile 2 <1% Profile 3 <1% Figure 16 MLPPP Class Queue Scheduling Scheme Class0 > 100% Class1 > MIR Strict Priority Class2 Class3 OSSG259 Note that all queue threshold and queue scheduling parameters are adjusted to the available bundle rate.
  • Page 73 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Ingress MLPPP Class Reassembly For an MLPPP bundle with the multi-class option enabled, there is a default profile for setting the re-assembly timer value for each class. When the pre-defined MLPPP ingress QoS profile 1 is applied to a 4-class bundle, the values of the timers are modified as shown in Table Table 20...
  • Page 74 − Changes to any parameters in the ingress and egress QoS profiles. The CLI commands for the creation of ingress and egress QoS profiles and configuration of the individual QoS parameters are described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide.
  • Page 75: Cisco Hdlc

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 2.3.2.12 Cisco HDLC Cisco HDLC (cHDLC) is an encapsulation protocol for information transfer. It is a bit- oriented synchronous data-link layer protocol that specifies a data encapsulation method on synchronous serial links using frame characters and checksums. cHDLC monitors line status on a serial interface by exchanging keepalive request messages with peer network devices.
  • Page 76 PPP. 2.3.2.12.1 SLARP A cHDLC interface on a Nokia router will transmit a SLARP address resolution reply packet in response to a received SLARP address resolution request packet from peers. The cHDLC interface will not transmit SLARP address resolution request packets.
  • Page 77: Automatic Protection Switching (Aps)

    INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 The two key SONET/SDH parameters are scrambling and signal-label (C2-byte). Scrambling is off by default. The default value of the C2-byte is 0xCF. These two parameters can be modified using the CLI. The other SONET overhead values (for example, j0) follow the same rules as the current POS implementation.
  • Page 78 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 17 APS Protection (Single Chassis APS) and Switchover GigE Working Facility GigE Protection Facility 7750 SR 7750 SR GigE Working Facility GigE Protection Facility 7750 SR 7750 SR GigE Working Facility GigE Protection Facility 7750 SR 7750 SR Data Flow...
  • Page 79 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 • Revertive Switching • Bidirectional 1+1 Switchover Operation Example • Protection of Upper Layer Protocols and Services • APS User-Initiated Requests • APS and SNMP • APS Applicability, Restrictions and Interactions • Sample APS Applications 2.3.2.13.1 Single Chassis and Multi-Chassis APS APS can operate in a single chassis configuration (SC-APS) or in a multi-chassis...
  • Page 80 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 APS on a Single Node (SC-APS) In a single chassis APS both circuits of an APS group are terminated on the same node. The working and protect lines of a single chassis APS group can be: •...
  • Page 81 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 impacted so it is recommended to avoid a mix of platforms in the same MC-APS group where possible. The configuration consistency between the working circuit/ router and the protection circuit/router is not enforced by the 7750 SR. Service or network-specific configuration data is not signaled nor synchronized between the two service routers.
  • Page 82 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.13.2 APS Switching Modes APS behavior and operation differs based on the switching mode configured for the APS group as shown in Table 24. Several switching modes are supported in the router. The switching mode affects how the two directions of a link behave during failure scenarios and how APS tx operates.
  • Page 83 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Bidirectional 1+1 Signaling APS In Bidir 1+1 Sig APS switching mode the Tx data is sent on the active link only (it is not bridged to both links simultaneously). 1+1 signaling, however, is used for full interoperability with signaling-compliant 1+1 architectures.
  • Page 84 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Unidirectional 1+1 Signaling APS In Uni 1+1 Sig APS switching mode the Tx data is sent on the active link only (it is not bridged to both links simultaneously). 1+1 signaling, however, is used for full interoperability with signaling-compliant 1+1 architectures.
  • Page 85 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 − If the remote end indicates an APS switch and the router can RX and TX on the circuit newly selected by the remote end, then the router will move its TX direction and will perform an APS switch of its RX direction (unless the router already TX and RX on the newly selected circuit).
  • Page 86 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 2.3.2.13.3 APS Channel and SONET Header K Bytes The APS channel (bytes K1 and K2 in the SONET header) exchanges APS protocol messages for all APS modes. K1 Byte The switch priority of a request is assigned as indicated by bits 1 through 4 of the K1 byte (as described in the rfc3498 APS-MIB);...
  • Page 87 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Table 26 shows bits 5 to 8 of a K1 byte and K2 Bits 1 to 4 and the channel number code assignments. Table 26 K1 Byte, Bits 5 to 8 (and K2 Bits 1 to 4), Channel Number Code Assignments Channel Number Channel and Notes Code...
  • Page 88 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 27 K2 Byte Functions (Continued) Bits 1 to 8 Function 6 to 8 Line AIS Line RDI Provisioned for bi-directional switching Provisioned for uni-directional switching (reserved for future use) (reserved for future use) (reserved for future use) (reserved for future use) Differences in SONET/SDH Standards for K Bytes...
  • Page 89 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 APS Protection Switching Byte Failure An APS Protection Switching Byte (APS-PSB) failure indicates that the received K1 byte is either invalid or inconsistent. An invalid code defect occurs if the same K1 value is received for 3 consecutive frames (depending on the interface type (framer) used, the 7750 SR may not be able to strictly enforce the 3 frame check per GR-253 and G.783/G.841) and it is either an unused code or irrelevant for the specific switching operation.
  • Page 90 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 APS Far-End Protection Line Failure An APS far-end protection line (APS-FEPL) failure corresponds to the receipt of a K1 byte in 3 consecutive frames that indicates a signal fail (SF) at the far end of the protection line.
  • Page 91 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Table 29 Actions for the Bi-directional Protection Switching Process Status APS Commands Sent in K1 and Action K2 Bytes on Protection Line B -> A A -> B At Site B At Site A No failure No request.
  • Page 92 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Annex B APS Outage Reduction Optimization Typical standard Annex B behavior when a local SF is detected on the primary section (circuit), and this SF is the highest priority request on both the local side and from the remote side as per the APS specifications, is to send a request to the remote end and then wait until a reverse request is received before switching over to the secondary section.
  • Page 93 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Figure 20 shows an example in which the APS working circuit is connected to IOM- 1/MDA-1 and the protection circuit is connected to IOM-2/MDA-1. In this example, assume that the working circuit is currently used to transmit and receive data. Figure 20 APS Working and Protection Circuit Example Flexible FastPath...
  • Page 94 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Switchover Process for Received Data The Flexible Fast-Path complexes for both working and protect circuits are programmed to process ingress. The inactive (protect) circuit however is programmed to ignore all packet data. To perform the switchover from working circuit to the protect circuit the Flexible Fast-Path complex for the working circuit is set to ignore all data while the Flexible Fast-Path complex of the protect circuit will be changed to accept data.
  • Page 95 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Forced Switching of Active to Protection The forced switch of active to protection command switches the active line to the protection line unless a request of equal or higher priority is already in effect. When the forced switch of working to protection command is in effect, it may be overridden either by a lockout of protection or by detecting a signal failure on the protection line.
  • Page 96 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 30 Switching Mode to MIB Mapping (Continued) switching-mode TIMETRA-APS-MIB APS-MIB tApsProtectionType apsConfigDirection Uni 1+1 Sig+Data APS onePlusOne unidirectional (uni-1plus1) apsConfigMode in the APS-MIB is set to onePlusOneOptimized for Annex B operation. 2.3.2.13.10 APS Applicability, Restrictions and Interactions Note: The Release Notes for the relevant SR OS release should be consulted for details about APS restrictions.
  • Page 97 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 IMA APS protection is supported only when the router is connected to another piece of equipment (possibly through an ADM) running a single IMA instance at the far end. By design, the IMA APS implementation is expected to keep the IMA protocol up as long as the far end device can tolerate some frame loss.
  • Page 98 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Table 32 MDA/Port Type Pairing for APS MDA Type Unchannelized Circuit Channelized SONET/SDH SONET/SDH For example: Emulation Any Service Satellite (POS) m4-atmoc12/3- (CES) Any Port For example: For example: (ASAP) m16-oc12/3- m4-choc3-ces- For example: m1-choc12-as- Unchannelized Supported...
  • Page 99 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 APS Switchover During CFM/CPM Switchover An APS switchover immediately before, during or immediately after a CFM/CPM switchover may cause a longer outage than normal. Removing or Failure of a Protect MDA The detection of a CMA/MDA removal or a CMA/MDA failure can take additional time.
  • Page 100 Interfaces INTERFACE CONFIGURATION GUIDE RELEASE 15.0.R5 Figure 21 SC-APS MLPPP on Channelized Access Interfaces Example PDSN, AAA GigE Switch MLS B BITS I/F GigE T1 # 2 EV-DO GigE GigE T3/OC-3/OC-12 DACS T1 # 1 Aggregation DHCP Relay GigE Router A MLS A GigE Switch...
  • Page 101 INTERFACE CONFIGURATION GUIDE Interfaces RELEASE 15.0.R5 Figure 22 MC-APS MLPPP on Channelized Access Interfaces Example PDSN, AAA Aggregation DHCP Relay Router B MLS B GigE T3/OC-3/ Switch OC-12 GigE BITS I/F T1 # 2 EV-DO VRRP GigE GigE DACS OSPF Area T1 # 1 GigE...