1. Manuals
  2. Brands
  3. Lucent Manuals
  4. Control Unit
  5. STGR-CM-IP2000-F
  6. Configuration manual

Lucent STGR-CM-IP2000-F Configuration Manual

Ip control module
Hide thumbs
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
Table of Contents

Advertisement

Quick Links

Stinger
®
IP Control Module
Configuration Guide
Part Number: 363-217-011R9.9.1
Issue 2
For software version 9.9.1
September 2006

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STGR-CM-IP2000-F and is the answer not in the manual?

Questions and answers

Related Manuals for Lucent STGR-CM-IP2000-F

Summary of Contents for Lucent STGR-CM-IP2000-F

  • Page 1 Stinger ® IP Control Module Configuration Guide Part Number: 363-217-011R9.9.1 Issue 2 For software version 9.9.1 September 2006...
  • Page 2 Hereby, Lucent Technologies, declares that the equipment documented in this publication is in compliance with the essential require- ments and other relevant provisions of the Radio and Telecommunications Technical Equipment (RTTE) Directive 1999/5/EC. To view the official Declaration of Conformity certificate for this equipment, according to EN 45014, access the Lucent INS online documentation library at http://www.lucentdocs.com/ins.

  • Page 3: Customer Service

    Alternatively, call 1-866-LUCENT8 (1-866-582-3688) from any location in North America, or +353 16924579 in the Europe, Middle East and Africa (EMEA) region, for a menu of Lucent services. Or call +1 510-747-2000 for an operator. You must have an active services agreement or contract.

  • Page 5: Table Of Contents

    Contents About This Guide ................xix Chapter 1 Introduction..................1-1 Stinger IP DSLAM network features ................ 1-1 Introduction to the Stinger IP2000 control module..........1-3 IP2000 model numbers and platform support........... 1-3 IP2000 support for up to 2048 trunk terminated calls ........1-4 Features not currently supported by the IP2000 ..........
  • Page 6 Contents Configuring a soft IP interface for Gigabit Ethernet redundancy ...... 2-6 Configuring Gigabit Ethernet redundancy for RFC 2684 (IPoA) connections .. 2-6 Configuring Gigabit Ethernet redundancy for VLAN bridging ......2-7 Configuring a redundant LAN MBONE............. 2-8 Configuring LACP on Gigabit Ethernet ports (IP2100 only)........2-9 LACP configuration overview................
  • Page 7 Contents Configuring routed VLANs..................3-32 Creating a virtual IP interface for a routed VLAN ........... 3-32 Sample routed VLAN configuration ..............3-33 Applying an IP filter to a routed VLAN ............. 3-35 Assigning a virtual router to a routed VLAN..........3-35 VLAN bridging of IPoA traffic to an upstream BRAS ..........
  • Page 8 Contents Setting RIP options ..................4-11 RIP policy for propagating updates back to the originating subnet... 4-12 RIP triggering .................... 4-12 Limiting the size of UDP packet queues ............ 4-12 Ignoring default routes when updating the routing table......4-13 Suppressing host-route advertisements ............ 4-13 Subscriber profile sharing ................
  • Page 9 Contents Sample host route (BIR/32) configurations............. 4-58 Sample BIR connection on a VDSL port............4-60 Sample use of filters with BIR connections ............. 4-61 Configuring multiple WAN virtual IP interfaces on a BIR connection.... 4-62 Overview of multiple IP address settings ..........4-63 Sample configuration of multiple addresses on a BIR connections ..
  • Page 10 Contents Overview of PPPoA CONNECTION settings..........4-92 Sample PPPoA connection with bidirectional CHAP authentication ..4-93 PPPoA over LLC....................4-94 Verifying the encapsulation type............... 4-94 Example of configuring a PPPoE connection........... 4-95 Overview of PPPoE CONNECTION settings ..........4-95 Sample PPPoE connection using PAP authentication ....... 4-96 Sample PPPoE connection on a VDSL port ..........
  • Page 11 Contents Virtual IP interfaces and interface grouping..........5-24 ATM QoS and IP QoS considerations............5-24 Configuring Ethernet IP traffic shaping ............5-24 Configuring VLAN Ethernet traffic shaping............. 5-25 QoS-related settings in the SYSTEM profile............5-25 Performance recommendations............... 5-25 Configurable queue size for IPTV traffic on DSL links........5-26 Tracking rate adaptation for downstream traffic shaping ........
  • Page 12 Contents Links to LNS servers ..................6-2 Links to PPP clients .................... 6-2 L2TP-related network settings ................6-3 L2TP-related RADIUS configuration..............6-3 Overview of L2TP tunnel authentication..............6-3 System name used for tunnel authentication............ 6-4 How the system finds a matching tunnel ............6-4 Examples of how client-auth-id settings create parallel tunnels .......
  • Page 13 Contents Examples of defining a route on a per-virtual-router basis ......7-9 Specifying an inter-virtual-router route............7-9 Configuring virtual router DNS servers ............7-10 Overview of virtual router DNS settings ........... 7-11 Example of a typical virtual router DNS configuration......7-11 Deleting a virtual router..................
  • Page 14 Contents Sample multicast address range filter .............. 9-10 Configuring multicast client interfaces..............9-11 Overview of multicast client CONNECTION settings ........9-11 Setting IGMP-v2 timers (local profiles only) ........... 9-13 Example of using multiple multicast filters ............. 9-14 Sample multicast video configuration with filters ........... 9-15 Configuring the local MBONE interface............
  • Page 15 Contents Overview of IP filter settings................11-2 Details of IP filter comparison passes ............... 11-4 Filtering on source or destination IP addresses ......... 11-4 Filtering on port numbers ................. 11-5 TCP-established filters ................11-6 Sample IP filters ....................11-7 Sample TCP-established filter..............11-8 Preventing address spoofing..............
  • Page 16 Contents VLAN statistics...................A-34 VLAN clear statistics ..................A-35 PIMv2 MIB support....................A-35 Index ................... Index-1 Stinger® IP Control Module Configuration Guide...
  • Page 17 Figures Figure 1-1 IP2100 control module basic architecture......... 1-6 Figure 1-2 Sample setup showing multicast and unicast video services ..1-16 Figure 1-3 Sample setup showing Internet access and voice over ATM ..1-16 Figure 1-4 Sample setup showing multiple IP flows to a CPE router ....1-17 Figure 2-1 Gigabit Ethernet redundancy for RFC 2684 connectivity ....
  • Page 18 Figures Figure 4-13 BIR interface on a LIM port ............4-56 Figure 4-14 BIR subnet configuration on LIM interface ........4-57 Figure 4-15 BIR/32 configurations ..............4-59 Figure 4-16 Bidirectional filtering on a BIR interface......... 4-61 Figure 4-17 Sample BIR connection with four static IP addresses ..... 4-64 Figure 4-18 DHCP relay for an IPoA terminated PVC ........
  • Page 19 Tables Table 1-1 Overview of network features............1-1 Table 1-2 IP2000 model numbers and platform support ......... 1-3 Table 1-3 IP2100 control module enhancements ..........1-5 Table 1-4 IP2100 model numbers and platform support ......... 1-6 Table 1-5 NP port manager profiles ..............1-9 Table 1-6 Default classification and prioritization...........
  • Page 20 Tables Table 9-2 Sample multicast and unicast client requirements ......9-21 Table 9-3 FFW interfaces registered as MBONE or multicast client....9-27 Table 9-4 Packet flow with multicast traffic as the highest priority flow..9-29 Table 9-5 Packet flow with unicast traffic as the highest priority flow ... 9-29 Table 9-6 Packet flow with interleaving priorities (unicast/multicast) ...

  • Page 21: About This Guide

    About This Guide A Stinger system with an IP control module supports Asynchronous Transfer Mode (ATM) capabilities similar to those in Stinger units with a standard control module, as described in the Stinger ATM Configuration Guide. In addition, an IP control module can terminate and route IP and related traffic.
  • Page 22 About This Guide Documentation conventions Following are all the special characters and typographical conventions used in this manual: Convention Meaning Monospace text Represents text that appears on your computer’s screen, or that could appear on your computer’s screen. Boldface Represents characters that you enter exactly as shown (unless monospace text the characters are also in italics—see Italics, below).
  • Page 23 About This Guide Acronyms used in this guide Authentication, Authorization, and Accounting AAL5 Asynchronous Transfer Mode Adaptation Layer 5 Area Border Router Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Autonomous System External Asynchronous Transfer Mode Backup Designated Router Bridged IP Routing BOOTP Bootstrap Protocol...
  • Page 24 About This Guide Integrated Access Device ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol IPCP IP Control Protocol IPoA Internet Protocol over ATM Internet Service Provider L2TP Layer 2 Tunneling Protocol LACP Link Aggregation Control Protocol Link Aggregation Group LAMP Link Aggregation Marker Protocol (not yet supported)
  • Page 25 About This Guide PMBR PIM Multicast Border Router PNNI Private Network-to-Network Interface Point of Presence POST Power-On Self Test Point-to-Point Protocol PPPoA Point-to-Point over ATM PPPoE Point-to-Point over Ethernet Pay Per View Permanent Virtual Circuit Quality of Service RADIPAD RADIUS IP Address Daemon RADIUS Remote Authentication Dial In User Service RARP...
  • Page 26 Vendor-Specific Attributes Wide Area Network Stinger documentation set The Stinger documentation set consists of the following manuals, which can be found at http://www.lucent.com/support. Read me first: – Edge Access and Broadband Access Safety and Compliance Guide. Contains important safety instructions and country-specific information that you must read before installing a Stinger unit.
  • Page 27 About This Guide PNNI and soft PVCs (SPVCs), and describes the related profiles and commands. – Stinger SNMP Management of the ATM Stack Supplement. Describes SNMP management of ATM ports, interfaces, and connections on a Stinger unit to provide guidelines for configuring and managing ATM circuits through any SNMP management utility.
  • Page 28 About This Guide RFC 3046, DHCP Relay Agent Information Option RFC 2697, A Single Rate Three Color Marker IEEE 802.1Q-1998, IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks IEEE 802.1P, LAN Layer 2 QoS/CoS Protocol for Traffic Prioritization xxvi Stinger®...

  • Page 29: Chapter 1 Introduction

    Introduction Stinger IP DSLAM network features ........1-1 Introduction to the Stinger IP2000 control module.
  • Page 30 Introduction Stinger IP DSLAM network features Table 1-1. Overview of network features (Continued) Category Features Multicast protocols: PIM-SM Multicasting IGMP forwarding (v1, v2) Multicast group management Multicast filters PVC-to-VLAN bridging (1:1) Layer 2 Bridging and VLAN stacking Transparent bridging (IEEE 802.1d) (N:1 VLAN) Classification and Priority-bit marking IGMP snooping DHCP snooping with option 82...

  • Page 31: Introduction To The Stinger Ip2000 Control Module

    IP2000 model numbers and platform support Table 1-2 shows the IP2000 model numbers and platform support: Table 1-2. IP2000 model numbers and platform support Control module number Description Supporting platforms STGR-CM-IP2000-F IP2000 control module Stinger FS/Stinger FS+/ Stinger LS Stinger Compact Remote...

  • Page 32: Ip2000 Support For Up To 2048 Trunk Terminated Calls

    Introduction Introduction to the Stinger IP2000 control module Table 1-2. IP2000 model numbers and platform support (Continued) Control module number Description Supporting platforms STGRRT-SFP-LX Long-haul SFP module, Stinger RT environmentally hardened Stinger Compact Remote IP2000 support for up to 2048 trunk terminated calls Stinger systems with an IP2000 control module can establish 1175 terminated calls with default settings, and with the proper configuration can establish 2048 terminated calls.

  • Page 33: Features Not Currently Supported By The Ip2000

    Introduction Introduction to the Stinger IP2100 control module LOG warning, Shelf 1, Controller-1, Time: 01:08:09-- Please reset the system immediately to make this new change effective and avoid any undesired behavior admin> reset Features not currently supported by the IP2000 The IP2000 control module does not currently support the following features: Link Aggregation Control Protocol (LACP) Rapid Spanning Tree Protocol (RSTP)

  • Page 34: Model Numbers And Platform Support

    Introduction Introduction to the Stinger IP2100 control module Figure 1-1shows the basic system architecture using the IP2100: Figure 1-1. IP2100 control module basic architecture Stinger FS+ IP2100 CM Legacy LIMs GigE Port 2 4 Gbps 155 Mbps Network Processor GigE Port 3 Legacy LIMs HB Annex A LIMs Enhanced...

  • Page 35: Ip2100 Memory Modes

    Introduction Introduction to the Stinger IP2100 control module IP2100 memory modes The IP2100 control module supports selectable operation modes for its fast pattern processor (FPP) classification program memory. By default, it uses a high- performance operation mode, which maximizes classification speed and uses 8MB memory for classification.

  • Page 36: Overview Of Oam-Config Profile Settings

    Introduction Introduction to the Stinger IP2100 control module connections. To maximize user connections system-wide, you can restrict the F5 OAM trunk connections the system creates. See “IP2100 memory modes” on page 1-7 for related information. Overview of OAM-CONFIG profile settings To restrict the number of F5 OAM trunk connections supported by the system, set the following parameter, shown with its default setting: [in OAM-CONFIG]...

  • Page 37: Configurable Ip2100 Port Managers

    Introduction Introduction to the Stinger IP2100 control module Configurable IP2100 port managers The IP2100 control module supports two Gigabit Ethernet ports and a network processor (NP) capacity of approximately 3.9Gbps. An HB LIM can use up to 559Mbps (whereas other LIMs use approximately 152Mbps), which means that the total installed LIM bandwidth of the system could possibly exceed the IP2100 NP capacity.

  • Page 38: Configurable Np-Port Profile Settings

    Introduction Introduction to the Stinger IP2100 control module The NP imposes the following constraints on the selection of the fixed-rate and nonfixed-rate values for each port. Both constraints must be simultaneously met for the rate values to be valid. Fixed-rate + nonfixed-rate bandwidth = aggregate bandwidth Note that the aggregate bandwidth cannot exceed the bandwidth of the interface.
  • Page 39 Introduction Introduction to the Stinger IP2100 control module Parameter Setting Address of the LIM slot, or of the individual Gigabit Ethernet port-address or trunk port, associated with an NP port manager. for LIM slots The address uses the following format: { shelf-M slot-N 0 } The zero port number represents all ports on the LIM.

  • Page 40: Caution About Modifying Np-Port Bandwidth Allocations

    Introduction Introduction to the Stinger IP2100 control module Parameter Setting discrete- This is the default setting. With this setting, fixed-rate the system calculates a fixed/nonfixed ratio that maximizes the aggregate throughput on the interface. flexible- With this setting, the system attempts to use fixed-rate the fixed bandwidth rate specified by the requested-fixed-bandwidth setting as closely...

  • Page 41: How To Recover From A Bandwidth Starvation Condition

    Introduction Introduction to the Stinger IP2100 control module {1 12 0} 540000 444733 BW STARVED {1 13 0} 9359 9393 BW SERVICED {1 14 0} 9359 9393 BW SERVICED {1 15 0} 36805 36805 BW SERVICED {1 16 0} 9359 9393 BW SERVICED {1 17 1}...
  • Page 42 Introduction Introduction to the Stinger IP2100 control module For example, suppose the system supports the following modules: admin> show Controller { first-control-module } ( PRIMARY ): Reqd Oper Slot Type { shelf-1 slot-1 0 } ep-72-hs-gs-adsl2plus { shelf-1 slot-2 0 } stngr-48a-adsl-card { shelf-1 slot-3 0 } ep-72-hs-gs-adsl2plus...

  • Page 43: Features Not Currently Supported By The Ip2100

    Introduction Network architecture overview The following commands modify the default bandwidth setting for the HB LIMs installed in slot 1 and slot 3 to allow approximately 521Mbps of guaranteed data plus approximately 38Mbps of non-guaranteed data: admin> read np-port { 1 1 } admin>...

  • Page 44: Internet And Voice Access

    Introduction Network architecture overview Figure 1-2. Sample setup showing multicast and unicast video services Network side User side Multicast video server Set-top box (STB) Multicast Stinger router IP DSLAM router IP/ATM NET-1 IP multicast Unicast video router IP/ATM server IP unicast IP router NET-2 Internet and voice access...

  • Page 45: Multiplexing Multiple Ip Flows On A Single Atm Vcc

    Introduction Network architecture overview Multiplexing multiple IP flows on a single ATM VCC A Stinger IP DSLAM supports an implementation of Class of Service (CoS) that co- exists with the Stinger ATM QoS implementation. This feature allows transferring multiple IP streams (multicast and unicast) over single user-side ATM virtual circuit with different levels of priority.
  • Page 46 Introduction Network architecture overview Table 1-6 shows a default classification that occurs when no PACKET-FLOWS profile has been applied to the traffic. For information about priority queuing based on flow identification, see Chapter 5, “Ethernet and IP QoS.” Per-VC queuing operates in conjunction with the associated ATM shaping rate. The aggregate rate of the combination of three priority queues (Class of Service Queuing with Strict Priority) associated with a particular ATM virtual circuit is controlled by the SCR (sustained cell rate) configured for the VC.

  • Page 47: Gigabit Ethernet Configuration

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet interfaces....... . 2-1 Configuring Gigabit Ethernet port redundancy ......2-5 Configuring LACP on Gigabit Ethernet ports (IP2100 only) .

  • Page 48: Configuring Gigabit Ethernet Interfaces

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet interfaces link-state-enabled = no enabled = yes ether-group = 0 ether-if-type = utp bridging-enabled = no filter-name = "" duplex-mode = full-duplex pppoe-options = { no no "" } bridging-options = { 0 no no transparent-bridging 0 0 "" 0 } lacp-options = { 65535 active } media-speed-mbit = 100mb auto-negotiate = no...

  • Page 49: Enabling Layer 2 Bridging For Vlan Operations

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet interfaces Parameter Notes about Gigabit Ethernet settings auto-negotiate Enables or disables autonegotiation. Note For the IP2100 control module, you must set this value to the same value as the equipment to which it is connected.

  • Page 50: Checking The Routing Table

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet interfaces Checking the routing table The following command output verifies that the routing table has an entry for the Gigabit Ethernet interface (IP address 100.1.1.3/32): admin> netstat -rn Destination Gateway Pref Met 0.0.0.0/0 1.1.2.1 3817 20.1.2.0/24 ie1-1...

  • Page 51: Configuring Gigabit Ethernet Port Redundancy

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet port redundancy 64 bytes from 100.1.1.10: icmp_seq=6 ttl=255 time=0 ms 64 bytes from 100.1.1.10: icmp_seq=7 ttl=255 time=0 ms --- 100.1.1.10 ping statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 0/0/0 ms The following command displays GMAC statistics that show packet transfer.

  • Page 52: Configuring A Soft Ip Interface For Gigabit Ethernet Redundancy

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet port redundancy Configuring a soft IP interface for Gigabit Ethernet redundancy The soft IP interface is an internal interface that is not associated with a specific physical port, but that can be accessed through the Ethernet interface of whichever controller is primary.

  • Page 53: Configuring Gigabit Ethernet Redundancy For Vlan Bridging

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet port redundancy The following commands configure a soft IP interface on the same subnet: admin> new ip-interface { { 0 0 0 } 1 } admin> set ip-address = 10.99.99.100/24 admin> write -f When you write the profile of the soft interface, the system displays a message: LOG notice, Shelf 1, Controller-1, Time: 11:42:57-- Soft ip will be effective if the ip-addr of primary controller is configured.

  • Page 54: Configuring A Redundant Lan Mbone

    Gigabit Ethernet Configuration Configuring Gigabit Ethernet port redundancy admin> set ip-options ip-routing-enabled = no admin> set bridging-options bridging-group = 95 admin> set bridging-options bridge = yes admin> set bridging-options bridge-type = transparent-bridging admin> set atm-options vci = 95 admin> set atm-options nailed-group = 151 admin>...

  • Page 55: Configuring Lacp On Gigabit Ethernet Ports (Ip2100 Only)

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) The following commands configure the Gigabit Ethernet port in slot 8: admin> read ip-interface { { 1 8 2 } 0 } admin> set ip-address = 10.99.99.101/24 admin> set multicast-allowed = yes admin>...

  • Page 56: Lacp Configuration Overview

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) LACP configuration overview To configure the IP2100 Gigabit Ethernet ports to use link aggregation, you must complete the following steps: Create an ETHER-GROUP profile for the LAG. The profile is indexed by a unique number.
  • Page 57 Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) When you create a virtual ETHERNET profile, some default values are not applicable for Gigabit Ethernet ports. Following are the default settings in a new ETHERNET profile: [in ETHERNET/{ any-shelf any-slot 0 } (new)] interface-address* = { any-shelf any-slot 0 } link-state-enabled = no enabled = yes...

  • Page 58: Ethernet Profile Settings For Physical Ports In A Lag

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) Parameter Setting bridging-options Not currently used by IP control modules. lacp-options Not used in a virtual ETHERNET profile representing a LAG. media-speed-mbit For a virtual ETHERNET profile representing a LAG, this value must be set to 1000mb.

  • Page 59: Lacp Profile Settings

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) Parameter Setting ether-group The index of an ETHER-GROUP profile. When set to 0 (default), the port operates individually. If set to a nonzero value, the system searches for an ETHER- GROUP profile indexed by this value.

  • Page 60: Sample Link Aggregation Configuration

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) Sample link aggregation configuration The following sample configuration bundles the capacity of the two IP2100 Gigabit Ethernet ports into a 2Gb LAG. Create an ETHER-GROUP profile for the LAG. For example: admin>...

  • Page 61: Configuring An N:1 Bridged Vlan That Uses The Aggregated Bandwidth

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) admin> set interface-address physical-address shelf = shelf-1 admin> set interface-address physical-address slot = slot-ether-group admin> set interface-address physical-address item-number = 1 admin> set interface-address logical-item = 555 admin> set ip-address = 185.1.1.10/24 admin>...

  • Page 62: Lacp Implementation Details

    Gigabit Ethernet Configuration Configuring LACP on Gigabit Ethernet ports (IP2100 only) admin> set multicast-forwarding = yes admin> set multiple-mbone mbone-lan 1 physical shelf = shelf-1 admin> set multiple-mbone mbone-lan 1 physical slot = slot-ether-group admin> set multiple-mbone mbone-lan 1 physical item-number = 1 admin>...

  • Page 63: Lacp-Related Diagnostics

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) Limitations – Currently, the Link Aggregation Marker Protocol (LAMP) is not supported. – Single-port LAG is not supported. (You cannot create a LAG that contains a single port.) – LACP cannot be used in conjunction with L2TP.

  • Page 64: Limitations With This Software Version

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) Figure 2-3. Redundant uplinks for a VLAN Upstream Downstream Stinger IP DSLAM Next-hop router CPE-1 Ethernet VLAN 50 switches Redundant uplinks on CM’s GigE ports Limitations with this software version 1:1 VLAN circuit connections and stacked VLAN connections are not currently supported on STP-enabled ports.

  • Page 65: Bridge-Level Stp Settings In The Ether-Group Profile

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) When you create a VLAN-ETHERNET profile with an index in the following format: VLAN-ETHERNET { { shelf-1 slot-ether-group ether-group-ID } VLAN-ID } The system creates a VLAN interface with the specified VLAN-ID on both STP- enabled ports.

  • Page 66: Port-Level Stp Settings In Each Port's Ethernet Profile

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) Parameter Setting bridge-priority The 802.1D Bridge Priority value. Bridge priority forms part of the bridge identifier advertised to other bridges. It is used to determine the root bridge. The lower the number, the higher the priority.

  • Page 67: Sample Configuration With Transparent Bridging

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) Parameter Setting ether-group The index of an ETHER-GROUP profile. When set to 0 (default), the port operates individually. If set to a nonzero value, the system searches for an ETHER- GROUP profile indexed by this value.
  • Page 68 Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) This sample configuration enables the IP2100 GigE ports to participate in STP. It also shows the use of the STP command, which provides detailed information about the STP subsystem. For information about this command, see the Stinger Reference. Create an ETHER-GROUP profile and enable STP.
  • Page 69 Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) {1 8 2} Forwarding 20000 Point-to-Point Running {1 8 3} Forwarding 20000 Point-to-Point Running Configure a VLAN-ETHERNET profile using the group index. This command shows that the two GigE ports are running STP, because the initState column displays Running.

  • Page 70: Routing Implications For Stp-Enabled Ports

    Gigabit Ethernet Configuration Configuring STP on Gigabit Ethernet ports (IP2100 only) admin> set igmp-snooping-enabled = yes admin> set lan-router-interface physical-address shelf = shelf-1 admin> set lan-router-interface physical-address slot = slot-ether-group admin> set lan-router-interface physical-address item-number = 1 admin> set lan-router-interface logical-item = 10 admin>...

  • Page 71: Administrative Tools For Gigabit Ethernet

    Gigabit Ethernet Configuration Administrative tools for Gigabit Ethernet With these two actions, nothing changes from the routing perspective on STP- enabled ports, and no route update messages are generated when one port switches to a Blocking state. The following command displays the contents of the VLAN-MAC to port mapping table: admin>...

  • Page 73: Table 3-1 Definition Of Vlan Terms

    VLAN Configuration IP filters for Ethernet-encapsulated bridged IP datagrams ....3-2 Configuring 1:1 VLAN bridging ........3-2 Configuring N:1 VLAN bridging .

  • Page 74: Chapter 3 Vlan Configuration

    VLAN Configuration IP filters for Ethernet-encapsulated bridged IP datagrams IP filters for Ethernet-encapsulated bridged IP datagrams Systems with an IP2100 control module support IP filtering applied to Ethernet- encapsulated bridged IP datagrams on the DSL side of the following types of Layer 2 connections: 1:1 bridged VLAN circuits N:1 bridged VLAN circuits (with transparent bridging)

  • Page 75: Overview Of Vlan-Ethernet And Connection Settings

    Ethernet interface. The valid range is from 0 to 4095, but for full compatibility with IEEE 802.1Q, Lucent recommends that you do not use the vlan-id values of 0, 1 or 4095. However, the system does not prevent you from assigning these values.
  • Page 76 VLAN Configuration Configuring 1:1 VLAN bridging Parameter Setting pppoe-options Not currently supported. bridging-group Number from 0 to 65535, used to group bridged interfaces. For 1:1 VLAN bridging, this setting must match in the VLAN-ETHERNET and CONNECTION profiles. For N:1 VLAN bridging, this setting must match in the BRIDGE-GROUP, VLAN-ETHERNET and CONNECTION profiles.

  • Page 77: Sample 1:1 Vlan Bridging Configuration

    VLAN Configuration Configuring 1:1 VLAN bridging Sample 1:1 VLAN bridging configuration Figure 3-2 shows a Stinger system bridging a PVC to a VLAN: Figure 3-2. Sample 1:1 VLAN circuit Ethernet side User side Stinger IP DSLAM VLAN 50 User-1 (VLAN 50) [in VLAN-ETHERNET:bridging-options] [in CONNECTION:bridging-options] bridging-group = 34590...

  • Page 78: Configuring N:1 Vlan Bridging

    VLAN Configuration Configuring N:1 VLAN bridging Configuring N:1 VLAN bridging This section describes how to bridge multiple user PVCs onto a VLAN, as shown in Figure 3-3. Figure 3-3. Bridging multiple PVCs to a VLAN Ethernet side Stinger User side IP DSLAM User-1 (VLAN 1) VLAN 1...

  • Page 79: Overview Of Bridge-Group Settings

    VLAN Configuration Configuring N:1 VLAN bridging To optimize its forwarding operations over time, the system uses an IEEE 802.1 transparent bridging algorithm to build a table of known MAC addresses and the port associated with each address. If it receives packets for an unknown MAC address, or if it receives broadcast packets, the traffic is forwarded on all ports that are part of the bridge group except the port on which the packets were received.
  • Page 80 VLAN Configuration Configuring N:1 VLAN bridging Parameter Setting igmp-snooping Enables or disables IGMP snooping. When IGMP is disabled (the default), multicast data streams are forwarded to all ports in the VLAN, even those who have not registered for the multicast. When IGMP snooping is enabled and a Join is received from a subscriber interface, the system snoops the packet and makes an entry in its bridge table, along with the IP...

  • Page 81: Sample Bridge-Group Configuration With Mac Address Aging

    VLAN Configuration Configuring N:1 VLAN bridging Parameter Setting Subprofiles for enabling DHCP snooping or PPPoE dhcp-snooping snooping (or both). When DHCP and PPPoE snooping pppoe-snooping are enabled, the system snoops clients’ DHCP requests and PPPoE Discovery packets and add identifying information to the packets before bridging the packets upstream.

  • Page 82: Sample Bridge-Group Configuration With Igmp Snooping

    VLAN Configuration Configuring N:1 VLAN bridging The next commands modify bridge-group 275 (VLAN 500) to use DSL port blocking, by specifying a “router” interface: admin> read bridge-group 275 admin> set lan-router-interface physical shelf = shelf-1 admin> set lan-router-interface physical slot = first-control-module admin>...

  • Page 83: Vlan And Connection Settings

    VLAN Configuration Configuring N:1 VLAN bridging admin> set lan-router-interface physical item = 2 admin> set lan-router-interface logical-item = 478 admin> write -f When IGMP snooping is enabled and a Join is received from a subscriber interface, the system snoops the packet and makes an entry in its bridge table, along with the IP multicast address.

  • Page 84: Sample N:1 Vlan Bridging Configuration With Address Limiting

    VLAN Configuration Configuring N:1 VLAN bridging Limiting the number of source MAC addresses learned on a transparent bridging interface restricts the number of users that can access the network through a single CPE, and prevents a type of denial-of-service attack in which a user overloads the bridge table by sending heavy traffic from many different source MAC addresses.
  • Page 85 VLAN Configuration Configuring N:1 VLAN bridging If bridging is not enabled, enable it as described in “Enabling layer 2 bridging for VLAN operations” on page 2-3. Then, follow these steps: Create a bridge group. The following group sets the address age-out interval to three minutes and uses DSL port blocking.

  • Page 86: Configuring Dhcp And Pppoe Snooping For Dsl Line Identification

    VLAN Configuration Configuring N:1 VLAN bridging admin> set atm-options vci = 25 admin> set atm-options nailed-group = 51 admin> write -f admin> new connection cpe-2 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options ip-routing = no admin>...

  • Page 87: Figure 3-5 Format When An Interface Ip Address (If-Ip) Is Used

    VLAN Configuration Configuring N:1 VLAN bridging Figure 3-5. Format when an interface IP address (if-ip) is used Relay agent version ID Name of the user VC connection profile (2 octets) (32 octets) if-ip hostname version Interface IP address (4 octets) The hostname field, which is automatically encoded from the hostname of the CONNECTION profile, identifies the DSL end connection.

  • Page 88: Configuring Dhcp Snooping

    VLAN Configuration Configuring N:1 VLAN bridging Configuring DHCP snooping With DHCP snooping, the Stinger system snoops client-to-server DHCP request packets and add identifiers before bridging the packets upstream. Source MAC address learning is performed for packets that are forwarded via transparent bridging. The system also snoops server-to-client DHCP reply packets to remove identifiers before bridging the packets downstream to the destination MAC address of the frame.

  • Page 89: Figure 3-8 Dhcp Snooping Example

    VLAN Configuration Configuring N:1 VLAN bridging Parameter Description enable Enable or disable DHCP snooping for this bridge group. circuit-id | remote-id: Enables or disables suboption 1 (in the circuit-id enable subprofile) or suboption 2 (in the remote-id subprofile). If enabled, the system encodes the hostname of the PVC on which the DHCP Request packet was received.
  • Page 90 VLAN Configuration Configuring N:1 VLAN bridging To configure this VLAN for DHCP snooping, first verify that bridging is enabled on the physical interface. For example: admin> get ethernet { 1 8 2 } bridging-enabled [in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled] bridging-enabled = yes Then, follow these steps on the Stinger system: Create a bridge group and enable DHCP snooping.

  • Page 91: Figure 3-9 Contents Of Fields With Sample Dhcp Snooping Configuration

    VLAN Configuration Configuring N:1 VLAN bridging admin> set bridging-options bridge-type = transparent-bridging admin> set atm-options vpi = 0 admin> set atm-options vci = 57 admin> set atm-options nailed-group = 304 admin> write -f With this configuration, when the client generates a DHCP request, the system adds the following fields to the request packet: Figure 3-9.

  • Page 92: Configuring Pppoe Snooping For Line Identification Of Pppoe Clients

    VLAN Configuration Configuring N:1 VLAN bridging Configuring PPPoE snooping for line identification of PPPoE clients When PPPoE snooping has been configured for the bridge group, the Stinger system snoops incoming PPPoE Discover packets (Ether Type 0x8863) on connections and adds vendor-specific information before bridging packets to an upstream interface such as Ethernet.

  • Page 93: Figure 3-10 Pppoe Vendor-Specific Tag Format

    VLAN Configuration Configuring N:1 VLAN bridging Table 3-5. Packet handling with PPPoE snooping (Continued) Traffic direction PPPoE Discovery packet handling For PPPoE Discovery packets received on the “router” Downstream interface of the bridge group (as defined by the lan-router- interface or wan-router-interface setting), the following actions are performed: PADI and PADR packets are discarded.
  • Page 94 VLAN Configuration Configuring N:1 VLAN bridging vendor-option-string = "" version = 1 dhcp-allow-any-src-port = no [in BRIDGE-GROUP/0:pppoe-snooping:remote-id] enable = no send-hostname-only = no if-ip = 0.0.0.0 vendor-option-string = "" version = 1 dhcp-allow-any-src-port = no Parameter Description enable Enable or disable PPPOE snooping for this bridge group. circuit-id | remote-id: Enables or disables suboption 1 (in the circuit-id enable...

  • Page 95: Figure 3-11 Pppoe Snooping Example

    VLAN Configuration Configuring N:1 VLAN bridging Sample PPPOE snooping configuration Figure 3-4 shows a Stinger system bridging user PVCs onto a VLAN using transparent bridging. The CPE is operating in bridging mode. In this case, PPPoE snooping is enabled in the bridge group, so DSL line identification will be added to upstream PPPoE Discovery packets.

  • Page 96: Configuring Stacked Vlans

    VLAN Configuration Configuring stacked VLANs admin> set bridging-options bridging-group = 451 admin> set bridging-options bridge = yes admin> set bridging-options bridge-type = transparent-bridging admin> write -f Create CONNECTION profiles for bridged PVCs to the CPE devices. The profiles must specify the right bridge group number. admin>...

  • Page 97: Bridging Untagged Frames To Stacked Vlans

    VLAN Configuration Configuring stacked VLANs Note For stacked VLAN connections, the Stinger IP DSLAM does not bridge frames received from one DSL connection to another, even when the connections are configured with the same bridging-group value. This applies even to broadcast and multicast frames.

  • Page 98: Sample Configuration Bridging Untagged Frames

    VLAN Configuration Configuring stacked VLANs Parameter Setting bridge-type Type of bridging. Valid values are transparent- bridging, no-bridging, vlan-circuit, and stacked- vlan. For VLAN stacking, the stacked-vlan setting is required. vlan-stack-user-vlan-id Subscriber's 802.1Q VLAN ID (from 0 to 4095) to be used in stacked-VLAN frames for incoming traffic that contains untagged Ethernet frames.

  • Page 99: Bridging Enterprise Vlan Tagged Frames To Stacked Vlans

    VLAN Configuration Configuring stacked VLANs admin> new vlan-ethernet { { 1 8 2 } 50 } admin> set enabled = yes admin> set bridging-options bridging-group = 9 admin> set bridging-options bridge = yes admin> set bridging-options bridge-type = stacked-vlan admin> write -f Create CONNECTION profiles for users of the NSP VLAN.

  • Page 100: Overview Of Vlan Stacking Settings For Tagged Frames

    VLAN Configuration Configuring stacked VLANs Figure 3-14. Stacked VLAN: Bridging enterprise VLAN-tagged frames Ethernet side DSL side NSP 1 Enterprise VLAN 50 VLANs 1, 2, 3 Stinger Stacked-VLAN IP DSLAM VLAN aware frames CellPipe® 1 Ethernet switch IP subnet 2 VLAN aware Layer 2 core GigE...
  • Page 101 VLAN Configuration Configuring stacked VLANs Following are parameters, shown with default settings, for VLAN stacking of tagged frames: [in FLOW-SERVICES/""] name* = "" service-type = none flow-list = [ { { 0 } { 0 } } { { 0 } { 0 } } { { 0 } { 0 } } { { 0 } { 0 } }+ [in FLOW-SERVICES/"":flow-list] flow-list[1] = { { 0 0 00:00 } { 0 } } flow-list[32] = { { 0 0 00:00 } { 0 } }...

  • Page 102: Sample Configuration For Mapping Tagged Frames

    VLAN Configuration Configuring stacked VLANs Parameter Setting layer2-classifier A flow-list subprofile for defining classification rules to identify a specific layer 2 traffic flow. vlan-id Enterprise VLAN ID in the VLAN-tagged frames of the inbound traffic flow (a number from 0 to 4095). This is the “source”...
  • Page 103 VLAN Configuration Configuring stacked VLANs To configure the stacked VLAN and mapping between enterprise and NSP VLAN IDs, first verify that bridging is enabled on the physical interface. For example: admin> get ethernet { 1 8 2 } bridging-enabled [in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled] bridging-enabled = yes If bridging is not enabled, enable it as described in “Enabling layer 2 bridging for VLAN operations”...

  • Page 104: Configuring Routed Vlans

    VLAN Configuration Configuring routed VLANs Configuring routed VLANs A routed VLAN interface is the interface to which the router's IP address on the VLAN is attached. In a Stinger IP DSLAM system, a routed VLAN interface is always mapped to a virtual IP interface on the Gigabit Ethernet port. Packets received on a routed VLAN interface are routed based on the IP address, and packets are sent through the routed VLAN interface based on an IP routing decision.

  • Page 105: Sample Routed Vlan Configuration

    802.1Q tag value to be added to the IP packets transmitted on the virtual interface. The valid range is from 0 to 4095, but for full compatibility with IEEE 802.1Q, Lucent recommends that you do not use the vlan-id values of 0, 1 or 4095. Sample routed VLAN configuration...
  • Page 106 VLAN Configuration Configuring routed VLANs admin> set bridging-options bridge-type = no-bridging admin> write -f Create an IP-INTERFACE profile with a valid IP address and VLAN enabled. Specify the same VLAN ID used in the VLAN-ETHERNET profile (101 in this example). admin>...

  • Page 107: Applying An Ip Filter To A Routed Vlan

    VLAN Configuration Configuring routed VLANs admin> set atm-options nailed-group = 155 admin> set bir-options enable = yes admin> write -f Applying an IP filter to a routed VLAN You can specify the name of an IP filter in the VLAN-ETHERNET profile to filter traffic routed to that VLAN.

  • Page 108: Vlan Bridging Of Ipoa Traffic To An Upstream Bras

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS The following commands assign the virtual router to a routed VLAN interface: admin> read ip-interface { { 1 8 2 } 101 } admin> set vrouter = vlan2 admin> write -f The following commands specify that the CPE connections named pppoa-1 and bir-1 belongs in the vlan2 virtual routing domain: admin>...

  • Page 109: Downstream Packet Processing

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Downstream packet processing In the downstream direction, the system uses the VLAN ID of the incoming packet to retrieve the bridged IPoA connection parameters, such as VPI-VCI values, before removing the Ethernet header and VLAN tag and constructing the LLC-encapsulated IP packet.

  • Page 110: Overview Of Connection Profile Settings

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Parameter Setting interface-address A logical address of an IP CM GigE port, in which the logical-item number is the BRAS ID. This address uses the following format: { { shelf slot port } bras-id } For example, the following commands create a BRAS profile for an IP CM GigE port with BRAS ID 100: new bras { { 1 8 2 } 100 }...

  • Page 111: Configuring Vlan Bridged Ipoa

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Parameter Setting packet-type bridge-type Packets bridged none vlan-circuit Bridged IP or PPP pack- ets over VLAN none stacked-vlan Bridged IP or PPP pack- ets over stacked VLAN vlan-circuit Routed IPOA packets ipoa over VLAN Routed IPOA packets...
  • Page 112 VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Create a BRAS profile associated with an IP CM GigE port. For example: admin> new bras { { 1 8 2 } 1 } admin> set ip-address = 10.12.1.7/24 admin>...

  • Page 113: Configuring Bridged Ipoa To Multiple Bras With The Same Ip Address

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS admin> set atm-options vpi = 8 admin> set atm-options vci = 101 admin> write -f Create a VLAN-ETHERNET profile with the same bridge group number. admin> new vlan-ethernet { { 1 8 2 } 101 } admin>...
  • Page 114 VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Create a VLAN-ETHERNET profile for VLAN 100. admin> new vlan-ethernet { { 1 8 2 } 100 } admin> set enabled = yes admin> set bridging-options bridging-group = 525 admin>...

  • Page 115: Caveat When Configuring An Unnumbered Interface For Bridged Ipoa

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS admin> set bridging-options packet-type = ipoa admin> set bridging-options bras-id = 2 admin> set atm-options nailed-group = 58 admin> set atm-options vpi = 8 admin> set atm-options vci = 101 admin>...

  • Page 116: Possible Proxy Arp Problems With The Sample Configuration

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS admin> set bridging-options bridge-type=vlan-circuit admin> set bridging-options packet-type = ipoa admin> set bridging-options bras-id = 6 admin> set atm-options nailed-group = 51 admin> set atm-options vpi = 8 admin> set atm-options vci = 100 admin>...

  • Page 117: Conclusions About The Sample Configuration

    VLAN Configuration VLAN bridging of IPoA traffic to an upstream BRAS Conclusions about the sample configuration In summary, before configuring an unnumbered interface for a bridged IPoA connection, you should verify that the network configuration will not cause unexpected results of the VLAN proxy ARP process. VLAN-based ARP table Because the IPoA bridging subsystem can support multiple BRAS with the same IP address on different VLANs, the ARP table must distinguish duplicate addresses by...

  • Page 118: Pppoa Bridging In 1:1 And N:1 Vlan

    VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN If you add a VLAN ARP table entry statically by using arptable -a, the connections that terminate on the BRAS must be bounced manually to populate the new MAC address to the CONNECTION profiles. Note that with this method of updating the VLAN ARP table, the hostname argument is the bras-ip-address from the BRAS profile, and the ip-address field of the BRAS profile is not used, so the system does not enforce the requirement that the bras-ip-...

  • Page 119: Pppoa Bridging In N:1 Vlans

    VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN PPPoA bridging in N:1 VLANs In Figure 3-21, bridge group 2111 supports both PPPoA and PPPoE CPE connections. Figure 3-21. Sample transparent-bridged PPPoA configuration CPE devices BRAS or Stinger IP DSLAM PPPoE Server PPPoA Ethernet...

  • Page 120: Downstream Cpe Configuration Considerations

    VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN Downstream CPE configuration considerations The PPPoA client configuration must meet the following requirements: The CPE configuration must either enable LQM or set up the idle timer. This is required to enable the Stinger system to detect if the upstream server has become unavailable, in order to terminate the session.
  • Page 121 VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN admin> set enable = yes admin> set lan-router-interface physical shelf = shelf-1 admin> set lan-router-interface physical slot = first-control-module admin> set lan-router-interface physical item = 2 admin> set lan-router-interface logical-item = 70 admin>...

  • Page 122: Pppoa Bridging In 1:1 Vlans

    VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN --------- ------------ ----- ------------- ----------- 2111 TRANSPARENT Active cpe-1 To see more information about the session, use the -i option with the interface number. For example: admin> pppoaBriSess -i 35 Translated PPPoA session details: --------------------------------- Interface = 35...

  • Page 123: Downstream Cpe Configuration Considerations

    VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN Downstream CPE configuration considerations The PPPoA client configuration must meet the following requirements: The CPE configuration must either enable LQM or set up the idle timer. This is required to enable the Stinger system to detect if the upstream server has become unavailable, in order to terminate the session.
  • Page 124 VLAN Configuration PPPoA bridging in 1:1 and N:1 VLAN admin> set bridging-options bridge-type = vlan-circuit admin> write -f Create a CONNECTION profile Create a PVC CONNECTION profile that will carry PPPoA. admin> new connection cpe-2 admin> set active = yes admin>...

  • Page 125: Administrative Tools For Vlan

    VLAN Configuration Administrative tools for VLAN Administrative tools for VLAN Commands that provide administrative information about VLAN are available only in the debug environment. If you are managing the system remotely, some of this information is also available through the ip2kstats MIB. For details, see “VLAN- related diagnostics”...
  • Page 126 VLAN Configuration Administrative tools for VLAN 150.150.100.60 00:11:22:33:44:66 0/0/4050 144587 150.150.100.40 00:11:22:33:44:77 0/0/4100 145001 Total arp entries (All VLANs): 3 admin> arptable -c Total arp entries (global and all vrouters): 2 Total arp entries (All VLANs): 3 admin> arptable -f 3-54 Stinger®...

  • Page 127: Ip Routing Configuration

    IP Routing Configuration Introduction to the IP router software ....... . . 4-1 Configuring IP-INTERFACE profiles for Ethernet ports .

  • Page 128: Introduction To The Ip Router Software

    IP Routing Configuration Introduction to the IP router software Routes and interfaces An IP route specifies a destination address, a gateway to the network, and an interface that leads to the gateway. It can also specify metrics and other values associated with the route.

  • Page 129: Displaying The Interface Table

    IP Routing Configuration Introduction to the IP router software Displaying the interface table To display the interface table, use the –i option on the netstat command line: admin> netstat -i Name Net/Dest Address Ipkts Ierr Opkts Oerr 1500 1.112.0.0/16 1.112.26.146 5542 1636 1500 -...

  • Page 130: Ip Control Module Performance Statistics

    IP Routing Configuration Introduction to the IP router software IP control module performance statistics The IP control module controller collects statistics on the number of packets and octets transmitted and received on each LIM interface. These counters are represented in the output of the netstat -i and ifstat commands, and are accessible to an external management utility.

  • Page 131: Table 4-1 Decimal Subnet Masks And Corresponding Prefix Lengths

    IP Routing Configuration Introduction to the IP router software 000 — Reserved for the network (base address) 111 — Reserved for the broadcast address of the subnet Note Be careful with zero subnets (subnets with the same base address as a class A, B, or C network).

  • Page 132: Configuring Ip-Interface Profiles For Ethernet Ports

    IP Routing Configuration Configuring IP-INTERFACE profiles for Ethernet ports Configuring IP-INTERFACE profiles for Ethernet ports The system creates an IP-INTERFACE profile for an Ethernet port when it first detects the presence of the port. Table 4-2. Profiles for configuring logical IP interfaces for Ethernet ports Interface # Type of interface System-generated configuration profiles...

  • Page 133: Configuring A Local Ip Interface

    IP Routing Configuration Configuring IP-INTERFACE profiles for Ethernet ports Parameter Setting IP address of the LAN interface. If the LAN IP address ip-address includes a subnet specification, you must create a static route to another LAN router to enable the system to reach local networks beyond its own subnets.

  • Page 134: Defining A Local Virtual Ip Interface

    IP Routing Configuration Configuring IP-INTERFACE profiles for Ethernet ports Defining a local virtual IP interface You can configure up to 16 IP-INTERFACE profiles for each Ethernet port, with each profile specifying one IP address. However, if you have a link aggregation group (LAG) interface configured, the maximum number of virtual interfaces decreases by For details about using a virtual IP interface for a routed VLAN, see “Configuring routed VLANs”...

  • Page 135: Configuring Ip-Global Network Features

    IP Routing Configuration Configuring IP-GLOBAL network features To prevent the IP router from being used as an intermediary in this type of denial-of- service attack launched from another network, you must disable the router from forwarding directed broadcasts it receives from another network. You must explicitly disable directed broadcasts on all IP interfaces in the system (including the management interface).

  • Page 136: Configuring Dns

    IP Routing Configuration Configuring IP-GLOBAL network features Configuring DNS Domain Name System (DNS) is a TCP/IP service for centralized management of address resolution. You enable DNS lookups by specifying a domain name and the IP addresses of one or more local servers. Some sites maintain multiple DNS servers, each one dedicated to a particular client or location.

  • Page 137: Setting Rip Options

    IP Routing Configuration Configuring IP-GLOBAL network features Setting RIP options The following parameters (shown with default settings) define how the system handles RIP updates: [in IP-GLOBAL] rip-policy = Poison-Rvrs summarize-rip-routes = no rip-trigger = yes rip-pref = 100 dialout-poison = no rip-queue-depth = 0 ignore-def-route = yes suppress-host-routes = no...

  • Page 138: Rip Policy For Propagating Updates Back To The Originating Subnet

    IP Routing Configuration Configuring IP-GLOBAL network features RIP policy for propagating updates back to the originating subnet You can specify a split-horizon or poison-reverse policy for outgoing update packets that include routes received on the same interface on which the update is sent. Split- horizon means that the router does not propagate routes back to the subnet from which they were received.

  • Page 139: Ignoring Default Routes When Updating The Routing Table

    20849 Ignoring default routes when updating the routing table Lucent Technologies recommends enabling the ignore-def-route parameter to prevent routing updates from modifying the default route in the routing table. The following set of commands protects the default route from RIP updates: admin>...

  • Page 140: Subscriber Profile Sharing

    IP Routing Configuration Configuring IP-GLOBAL network features Subscriber profile sharing All Stinger LIMs support profile sharing for incoming subscriber connections. With shared profiles, each session is a separate connection that shares the same name and password. If an IP address is assigned, it must be assigned dynamically so that each session has a unique address.

  • Page 141: Equal Cost Multipath Routing

    IP Routing Configuration Configuring IP-GLOBAL network features Equal cost multipath routing The system supports load balancing of up to four equal cost multipath (ECMP) routes to a given destination. You can configure ECMP routes statically, or the system can learn ECMP routes through RIP updates. ECMP routes must specify the same destination address and different gateway addresses.

  • Page 142: Limitations Of Ecmp Load Balancing

    IP Routing Configuration Configuring IP-GLOBAL network features Limitations of ECMP load balancing The following limitations apply with this software version: The system does not currently look at the metric or cost of multipath routes to determine if they are equal cost. All routes to the same destination with different gateways are considered to be equal cost.

  • Page 143: Sample Downstream Ecmp Configuration

    IP Routing Configuration Configuring IP-GLOBAL network features Sample downstream ECMP configuration Figure 4-1 shows IPoA connections to four DSL CPE. Traffic destined for the ISP POP will be load balanced on these four links. Figure 4-1. Four DSL links using ECMP routes Stinger IP DSLAM 3.3.3.2/8...
  • Page 144 IP Routing Configuration Configuring IP-GLOBAL network features admin> set station = ipoa_6_10 admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 10.10.10.1/8 admin> set ip-options local-address = 10.10.10.2/8 admin> set atm-options vci = 40 admin> set atm-options nailed-group = 260 admin>...

  • Page 145: Example Of Downstream Flow-Based Ecmp

    IP Routing Configuration Configuring IP-GLOBAL network features 7.7.7.1/32 7.7.7.1 wan29 7.7.7.2/32 local 8.0.0.0/8 50.50.50.2 ie1-233 9.0.0.0/8 10.10.10.1 wan30 9.0.0.0/8 7.7.7.1 wan29 9.0.0.0/8 4.4.4.1 wan28 9.0.0.0/8 3.3.3.1 wan27 10.0.0.0/8 10.10.10.1 wan30 10.10.10.1/32 10.10.10.1 wan30 10.10.10.2/32 local 50.0.0.0/8 ie1-233 51696 50.50.50.1/32 local 51696 100.0.0.0/8 51696...
  • Page 146 IP Routing Configuration Configuring IP-GLOBAL network features For example, suppose 15 traffic streams are being forward in the ECMP routes, to 15 different destinations in the 9.0.0.0 network in Figure 4-1 (page 4-17). The packets belonging to each stream will always take the same path across the same DSL link. After configuring the connection and IP-ROUTE profiles as described in “Sample downstream ECMP configuration”...

  • Page 147: Sample Upstream Ecmp Through Routed Vlan Interfaces

    IP Routing Configuration Configuring IP-GLOBAL network features Discarded TX Discarded Error Cells in port/vpi/vci Cells Cells packets packets packets last Pkt 3/ 0/ 40 681 4/ 0/ 71 846 7/ 0/ 35 672 10/ 0/ 40 675 Sample upstream ECMP through routed VLAN interfaces Figure 4-2 shows two upstream ECMP routes to the same destination system.
  • Page 148 IP Routing Configuration Configuring IP-GLOBAL network features admin> set ip-address = 60.60.60.1/8 admin> set vlan-enabled = yes admin> set vlan-id = 678 admin> write -f admin> new vlan { { shelf-1 second-control-module 2 } 233 } admin> set enabled = yes admin>...

  • Page 149: Configuring And Using Address Pools

    IP Routing Configuration Configuring IP-GLOBAL network features Configuring and using address pools An address pool is a range of contiguous addresses on a local IP network or subnet. Pool addresses are available for assignment to incoming connections that request an address.
  • Page 150 IP Routing Configuration Configuring IP-GLOBAL network features Parameter Setting A pool name, required only when TACACS+ pool-name authentication is in use. If TACACS+ authentication is not in use, the name is treated as a comment. must-accept-address- Enables or disables rejection of an assigned IP address assign by an incoming caller during PPP negotiation.
  • Page 151 IP Routing Configuration Configuring IP-GLOBAL network features At startup, syslog notes RADIUS requests to release RADIUS-allocated IP addresses. Some versions of the RADIUS server might time out the request, resulting in log messages indicating the release of global-pool addresses. Defining global pools Global address pools are defined in a global-pools pseudo-user profile on the server running RADIPAD.

  • Page 152: Preventing The Use Of Class Boundary Addresses

    IP Routing Configuration Configuring IP-GLOBAL network features Preventing the use of class boundary addresses If you define address pools that contain more than 254 addresses, be aware that the system allocates the class boundary addresses (n.n.n.0 and n.n.n.255) as valid connection addresses.

  • Page 153: Example Of Configuring Summarized Address Pools

    IP Routing Configuration Configuring IP-GLOBAL network features admin> set assign-count 1 = 510 admin> write -f This pool definition translates to 10.55.178.0/23 (a subnet mask of 255.255.254.0). Following are comparable RADIUS definitions: pools-taos01 Password = "ascend", Service-Type = Outbound-User Ascend-IP-Pool-Definition = "1 10.55.178.1 510" global-pool-ppp Password ="ascend", Service-Type = Outbound-User Ascend-IP-Pool-Definition = "1 10.55.178.1 510"...
  • Page 154 IP Routing Configuration Configuring IP-GLOBAL network features 195.195.195.1 and 195.195.195.5 to the appropriate WAN interfaces. All other traffic to 195.195.195.0/24 is directed to the rj0 interface (it is discarded). Setting the pool-summary flag The following commands enable the pool-summary flag: admin>...

  • Page 155: Examples Of Assigning An Address From A Pool

    IP Routing Configuration Configuring IP-GLOBAL network features destination matches an assigned IP address from the pool are routed properly. However, because the system advertises the entire pool as a route, and only privately knows which IP addresses in the pool are active, a remote network might improperly send the Stinger unit a packet for an inactive IP address.

  • Page 156: Ip Pool Chaining

    IP Routing Configuration Configuring IP-GLOBAL network features client profile must specify dynamic assignment, and the client’s PPP software must be configured to acquire its IP address dynamically. The following commands configure a profile to acquire an address from the first pool that has available addresses: admin>...
  • Page 157 IP Routing Configuration Configuring IP-GLOBAL network features profile contains two IP pool chains (pools 1, 2, 3 and pools 7, 8, 9), with each pool chain containing 30 addresses: pools-JFAN-TNT Password = "ascend", Service-Type = Outbound Ascend-IP-Pool-Chaining = IP-Pool-Chaining-Yes, Ascend-IP-Pool-Definition = "1 11.168.6.10 10", Ascend-IP-Pool-Definition = "2 12.168.6.10 10", Ascend-IP-Pool-Definition = "3 13.168.6.10 10", Ascend-IP-Pool-Definition = "7 17.168.6.10 10",...
  • Page 158 IP Routing Configuration Configuring IP-GLOBAL network features Parameter Setting pool-base-address An array of up to 128 IP addresses to be used as the first address in a pool. These values are used with the assign-count values to define address pools locally. A pool chain contains all of the pools defined in sequence within the array, such as 1, 2, 3.
  • Page 159 IP Routing Configuration Configuring IP-GLOBAL network features The following commands configure profiles to acquire an address from the first pool chain. When the end users initiate a session request, they can acquire an address from 10.1.1.1 to 10.1.1.51, from 11.1.1.1 to 11.1.1.51, or from 12.1.1.1 to 12.1.1.51. If no addresses are available within those ranges, the connection is refused.
  • Page 160 IP Routing Configuration Configuring IP-GLOBAL network features Overview of RADIUS profile settings RADIUS servers use the following attribute-value pairs to define and apply pool chains: RADIUS attribute Value Ascend-IP-Pool-Chaining Enables or disables IP pool chaining in a pseudo-user (85) profile that defines address pools. If this attribute is set to IP-Pool-Chaining-Yes (1), the system treats contiguous IP address pools as a single extended pool space when searching for an available address to assign...
  • Page 161 IP Routing Configuration Configuring IP-GLOBAL network features Example of pool chaining in RADIUS The following pseudo-user profile defines five address pools, which form two pool chains. Notice that the pool numbers are contiguous within a chain. pools-JFAN-TNT Password = "ascend" Service-Type = Outbound, Ascend-IP-Pool-Chaining = IP-Pool-Chaining-Yes, Ascend-IP-Pool-Definition = "1 10.1.1.1 50",...

  • Page 162: Slot-Based Address Assignment

    IP Routing Configuration Configuring IP-GLOBAL network features Slot-based address assignment When you use slot-based address assignment, all connections established on a slot obtain an address from the same pool. If the slot contains a Stinger GE-OLIM, all connections on all remote LIMs connected to that GE-OLIM obtain an address from the same pool.

  • Page 163: Sample Slot-Based Address Configuration Using The Global Router

    IP Routing Configuration Configuring IP-GLOBAL network features Parameter Setting Specifies the physical address of a LIM or GE-OLIM slot and index optionally, a virtual router name. Slot-based address assignment is not enabled for IMA LIMs. Any virtual router for which the pool-selection parameter is set to slot-based (including the global router) uses the slot-vr-config index to select an address pool for incoming connections.
  • Page 164 IP Routing Configuration Configuring IP-GLOBAL network features Configure address pools on the host. For example: admin> read ip-global admin> set pool-summary = yes admin> set pool-selection = slot-based admin> set pool-base-address 11 = 194.194.1.1 admin> set pool-base-address 12 = 194.194.2.1 admin>...

  • Page 165: Expanding The Sample Configuration To Use A Virtual Router

    IP Routing Configuration Configuring IP-GLOBAL network features admin> set ip-options source-if = sip0 admin> set telco-options call-type = off admin> set ppp-options send-auth-mode = pap-ppp-auth admin> set ppp-options recv-password = ascend admin> set pppoe-options pppoe = yes admin> write -f When the PPPoE connection is established, the following command shows that the address assigned to the remote device is in the address space assigned to address pool admin>...

  • Page 166: Configuring Ip-Route Profiles

    IP Routing Configuration Configuring IP-ROUTE profiles admin> set index vrouter = vr1 admin> set address-pool = 5 admin> write -f Modify the PPPoE connection profile to use the virtual router named vr1. For example: admin> read connection pppoe2 admin> set vrouter = vr1 admin>...

  • Page 167: Offloading Routing Overhead To An External Router

    IP Routing Configuration Configuring IP-ROUTE profiles Parameter Settings RIP metric (0–15) for the route. Among routes with the metric same destination address, the higher the metric, the less likely that the system will choose the route. private-route Enables or disables including the route in RIP updates. active-route Enables or disables entering the route in the routing table.

  • Page 168: Creating A Static Route To A Subnet

    IP Routing Configuration Overview of routed subscriber connection features Creating a static route to a subnet When RIP is turned off on an IP interface, the router cannot reach subnets beyond other routers on that interface unless it has a static route to the subnet. To enable access to subnets beyond the local segment, you must configure a static route.

  • Page 169: Cpe Client Considerations

    IP Routing Configuration Overview of routed subscriber connection features value of the system-ip-addr parameter in the IP-GLOBAL profile, or to the management interface IP address. CPE client considerations The subscriber connections can be routed IPoA, PPPoA, PPPoE, or BIR connections. For PPP connections, the system uses the assigned source address during IP NCP negotiation.

  • Page 170: Overview Of Configuration Settings

    IP Routing Configuration Overview of routed subscriber connection features Overview of configuration settings Following are the relevant parameters, shown with default settings: [in IP-INTERFACE/{ { any-shelf any-slot 0 } 0 } ip-address = 0.0.0.0/0 [in IP-INTERFACE/{ { any-shelf any-slot 0 } 0 }:interface address physical-address = { any-shelf any-slot 0 } logical-item = 0 [in CONNECTION/"":ip-options]...

  • Page 171: Figure 4-7 Sample Configuration Using Two Soft Ip Interface Addresses

    IP Routing Configuration Overview of routed subscriber connection features Figure 4-7. Sample configuration using two soft IP interface addresses Soft IP interface addresses Network side User side pipe1 210.10.10.127/24 IPoA 10.0.0.254 10.0.0.1/24 pipe2 Ethernet ( IPoA 10.0.0.254 10.0.0.2/24 pipe3 IPoA 15.9.7.254 15.9.7.1/24 ATM trunk...

  • Page 172: Anti-Spoofing Protection For Ipoa, Bir, Pppoa, And Pppoe Connections

    IP Routing Configuration Overview of routed subscriber connection features admin> set ip-options remote-address = 10.0.0.1/24 admin> set ip-options source-if = sip1 admin> set atm-options vci = 37 admin> set atm-options nailed-group = 301 admin> write -f admin> new connection pipe2 admin>...

  • Page 173: Overview Of Anti-Spoofing Settings

    IP Routing Configuration Overview of routed subscriber connection features Two levels of anti-spoofing protection are provided. Level 1: Source IP address checks At level 1, the system checks the source address of a packet against the remote address of the CONNECTION or RADIUS user profile, and drops packets whose source address doesn’t match.

  • Page 174: Sample Anti-Spoofing Configuration

    IP Routing Configuration Overview of routed subscriber connection features Parameter RADIUS attribute Setting source-ip-check Ascend-Source-IP- Enables or disables level 1 anti-spoofing protection. Check (96) When it is enabled, the system compares the source address in packets received on the WAN interface to the profile’s remote address, and drops nonmatching packets.

  • Page 175: Configuring Ipoa Subscriber Connections

    IP Routing Configuration Configuring IPoA subscriber connections the CPE), packets from both the 2.2.2.x/24 subnet and the 3.3.3.x network will be accepted. Before you begin, enable an DSL interface and configure an ATM circuit from the interface to the LIM’s ATM internal interface. For details about the ATM circuit configuration for PPPoA, see “Configuring an ATM circuit to terminate PPPoA”...

  • Page 176: Typical Connection Ip-Options Settings For Terminating Pvcs

    IP Routing Configuration Configuring IPoA subscriber connections Parameter RADIUS attribute Setting station User-Name (1) Name of the far-end device. active Enables or disables the profile. encapsulation- Framed-Protocol (7) Encapsulation protocol to use for the connection. Must protocol specify ATM for terminating PVCs. Framed-Protocol (7) Stinger systems support the two encapsulation methods atm1483type for carrying routed PDUs in the payload field of ATM...

  • Page 177: Sample Rfc 2684 (Ipoa) Terminating Pvc

    IP Routing Configuration Configuring IPoA subscriber connections Parameter RADIUS attribute Setting Framed-IP-Address IP address of the remote CPE device. remote-address Framed-IP-Netmask local-address Ascend-PPP-Address Local IP address of a numbered interface connection. (253) For a more flexible alternative to this setting, see “Source interface local addresses”...

  • Page 178: Example Of Using A Local-Address Setting For A Numbered Interface

    IP Routing Configuration Configuring IPoA subscriber connections admin> set atm-options nailed-group = 201 admin> write -f permconn-st-1 Password = "ascend" Service-Type = Outbound, Framed-Protocol = ATM-1483, User-Name = "router-1", Framed-IP-Address = 10.7.8.200, Framed-IP-Netmask = 255.255.255.252, Ascend-ATM-Group = 201, Ascend-Route-IP = Route-IP-Yes, Ascend-ATM-Vci = 100 Example of using a local-address setting for a numbered interface A numbered-interface configuration assigns each side of the connection a unique...

  • Page 179: Example Of Routing A Terminated Pvc Across Gigabit Ethernet

    IP Routing Configuration Configuring IPoA subscriber connections admin> set atm-options nailed-group = 211 admin> write -f Following is a comparable RADIUS profile: permconn-st-2 Password = "ascend" Service-Type = Framed-User, Framed-Protocol = ATM-1483, User-Name = "numbered", Ascend-ATM-Group = 211, Ascend-Route-IP = Route-IP-Yes, Ascend-ATM-Vpi = 0, Ascend-ATM-Vci = 36, Framed-IP-Address = 3.3.3.3,...
  • Page 180 IP Routing Configuration Configuring IPoA subscriber connections admin> which -n { 1 2 1 } Nailed group corresponding to port { shelf-1 slot-2 1 } is 51 admin> set atm-options nailed-group = 51 admin> write -f admin> new connection user-2 admin>...

  • Page 181: Example Of Using Ip Routing To Aggregate Pvcs Onto A Trunk Vc

    IP Routing Configuration Configuring IPoA subscriber connections Example of using IP routing to aggregate PVCs onto a trunk VC You can use IP routing to aggregate many IPoA connections from DSL subscribers onto a single virtual circuit to a specific IP destination such as an ISP. Instead of configuring an ATM circuit for each subscriber, you use PVCs that terminate on the IP DSLAM and use IP routing to direct the traffic out on a terminating PVC to the ISP.

  • Page 182: Configuring Bir Subscriber Connections

    IP Routing Configuration Configuring BIR subscriber connections Nailed group corresponding to port { shelf-1 trunk-module-1 2 } is 802 admin> set atm-options nailed-group = 802 admin> write -f This CONNECTION profile creates a static route to the ISP’s destination address across the trunk interface.

  • Page 183: Sample Subnet (Bir/24) Configuration

    IP Routing Configuration Configuring BIR subscriber connections local-address = 0.0.0.0/0 Parameter RADIUS attribute Setting Enables or disables BIR on this interface. enable Ascend-BIR-Enable (70) proxy-arp Ascend-BIR-Proxy Enables or disables proxy Address Resolution Protocol (71) (ARP), which causes the Stinger IP DSLAM to respond as proxy for ARP requests from local hosts for remote hosts on the far end of the link.

  • Page 184: Sample Host Route (Bir/32) Configurations

    IP Routing Configuration Configuring BIR subscriber connections The following commands configure a BIR subnet interface through the DSL CPE bridge in Figure 4-14: admin> new connection bir-1 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 2.2.2.0/24 admin>...

  • Page 185: Figure 4-15 Bir/32 Configurations

    IP Routing Configuration Configuring BIR subscriber connections Figure 4-15. BIR/32 configurations Network side User side Stinger IP DSLAM 4.4.4.5/32 Gigabit Bridge-5 ATM PVCs Ethernet Local address 4.4.4.1/32 Bridge-6 4.4.4.6/32 In Figure 4-15, the local-address value is the same for both BIR interfaces. This is recommended for host routes to the same IP network because it simplifies configuration of the remote hosts, all of which can point to the same local address as the gateway.

  • Page 186: Sample Bir Connection On A Vdsl Port

    IP Routing Configuration Configuring BIR subscriber connections Ascend-Route-IP = Route-IP-Yes, Framed-IP-Address = 4.4.4.5, Framed-IP-Netmask = 255.255.255.255, Ascend-PPP-Addr = 4.4.4.1, Ascend-IF-Netmask = 255.255.255.255, Ascend-ATM-Group = 55, Ascend-ATM-Vci = 111, Ascend-BIR-Enable = BIR-Enable-Yes permconn-cpe-6 Password = "ascend" Service-Type = Outbound, Framed-Protocol = ATM-1483, User-Name = "bir-6", Ascend-Route-IP = Route-IP-Yes, Framed-IP-Address = 4.4.4.6,...

  • Page 187: Sample Use Of Filters With Bir Connections

    IP Routing Configuration Configuring BIR subscriber connections admin> set ether-options usr-up-stream-contract = default admin> set ether-options usr-dn-stream-contract = sats-dn admin> write -f For background information about the ETHER-QOS profile and Ethernet options in CONNECTION profiles, see the Stinger VDSL Line Interface Module (LIM) Guide. Sample use of filters with BIR connections You can apply an IP filter to restrict outbound packets on a BIR interface.

  • Page 188: Configuring Multiple Wan Virtual Ip Interfaces On A Bir Connection

    IP Routing Configuration Configuring BIR subscriber connections The first output filter rule shown below specifies that if the source IP address in a packet is 2.2.2.36/24, the protocol is 17, and the source UDP port is less than 50, the packet is discarded.

  • Page 189: Overview Of Multiple Ip Address Settings

    IP Routing Configuration Configuring BIR subscriber connections Overview of multiple IP address settings Following are the parameters, shown with default settings, for configuring multiple static addresses: [in CONNECTION/"":bir-options:multiple-ip-address] enable = no ip-address-option = [ { 0.0.0.0/0 0.0.0.0/0 } { 0.0.0.0/0 0.0.0.0/0 } { 0.+ [in CONNECTION/"":bir-options:multiple-ip-address:ip-address-option] ip-address-option[1] = { 0.0.0.0/0 0.0.0.0/0 } ip-address-option[2] = { 0.0.0.0/0 0.0.0.0/0 }...

  • Page 190: Sample Configuration Of Multiple Addresses On A Bir Connections

    IP Routing Configuration Configuring BIR subscriber connections Sample configuration of multiple addresses on a BIR connections The sample configuration in this section use the basic network setup and IP addresses shown in Figure 4-17: Figure 4-17. Sample BIR connection with four static IP addresses Set-top box (STB) Stinger 1.1.1.2/8...

  • Page 191: How Routes Are Created For Wan Virtual Interfaces

    IP Routing Configuration Configuring BIR subscriber connections The system then creates WAN virtual interfaces for each of the configured valid addresses. For example, the following ifmgr command, which is available only in the debug environment, shows the initial connection and four WAN virtual interfaces: super>...

  • Page 192: Configuring Dhcp Relay For Ipoa And Bir Connections

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections The host route with the P flag (Private) is not advertised by routing protocols. For more detail about how summary routes work, see “Overview of summary routes” on page 4-27. Configuring DHCP relay for IPoA and BIR connections With DHCP relay, the system transfers messages between a client requesting its IPoA or BIR configuration, and a DHCP server.

  • Page 193: Ip Address Assignments On Dhcp-Configured Wan Virtual Interfaces

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Direct routes associated with the virtual interface are set up during the interface creation. These dynamically created interfaces will be typed virtual, like virtual interfaces on an Ethernet port. IP address assignments on DHCP-configured WAN virtual interfaces Virtual interface addresses have the following characteristics: The IP address of the WAN virtual interface is obtained from the CONNECTION...

  • Page 194: How The System Selects An Interface For Incoming Packets

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections How the system selects an interface for incoming packets The virtual input interface selection for incoming packets is done in the following order: If the source IP address located in the packet matches one of virtual interface remote IP addresses (taking into account the netmask), then the matching virtual interface is selected as the input interface.

  • Page 195: Overview Of Dhcp Relay Agent Settings

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Parameter Setting active Enables or disables DHCP relay. When this parameter is set to yes, the IP DSLAM forwards requests from a client on one network (such as a remote interface) to a DHCP server on another network interface.

  • Page 196: Overview Of Dhcp Option 82 Suboption Settings

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Parameter Setting giaddr-selection This parameter specifies which address to use as the gateway address to populate the giaddr field in DHCP packets. The setting applies only when option 82 is configured.
  • Page 197 IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections [in IP-GLOBAL:bootp-relay:relay-agent-information:circuit-id] enable = no send-hostname-only = no if-ip = 0.0.0.0 vendor-option-string = "" version = 1 dhcp-allow-any-src-port = no [in IP-GLOBAL:bootp-relay:relay-agent-information:remote-id] enable = no send-hostname-only = no if-ip = 0.0.0.0 vendor-option-string = ""...

  • Page 198: Overview Of Ip-Interface And Connection Dhcp Settings

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Parameter Setting circuit-id | remote-id: IP address of one of the control module’s IP interfaces. if-ip If both IDs are enabled, only one interface IP address is needed. If this field is empty, the Stinger uses the system address (IP-GLOBAL:system-ip-addr) if that value has been defined.

  • Page 199: Per-Connection Control Of The Dhcp Relay Giaddr Field

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Parameter Setting max-dynamic-interface Maximum number of dynamic interfaces that can be created by the DHCP ACK packet on the connection. If null, dynamic interface creation is disabled on this interface.

  • Page 200: Samples Of How Various Settings Affect Giaddr Contents

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections and networks. This is a more flexible way to configure addresses via DHCP. The per- connection assignment of a relay-agent address also facilitates growth. When you add a new LIM to a Stinger system, a new address range can be designated for users of that LIM without any reconfiguration of the DHCP server.

  • Page 201: Sending Only A Hostname In The Suboption Fields

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections specifies a DHCP server at 2.2.2.142 (the DHCP server beyond the DHCP relay agent on the IP DSLAM). The IP DSLAM is configured as DHCP relay agent with the DHCP server at 2.2.2.142 across its Gigabit Ethernet interface (2.2.2.2).

  • Page 202: Interoperation With Dhcp Servers That Zero-Delimit Suboption Fields

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Interoperation with DHCP servers that zero-delimit suboption fields Some DHCP servers treat option-82 suboption information fields as zero-delimited strings rather than as an array of bytes. When a suboption information field (circuit-id and remote-id) contains a zero byte in the middle of the field, these DHCP servers consider the zero byte to be the end of the option-82 string.

  • Page 203: Figure 4-20 Sample Dhcp Usage With Lan Management Interface

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Often the system address is set to the IP address of the management interface. By default, this is also the address that populates the giaddr field in DHCP packets the system relays out on a LAN interface.

  • Page 204: Sample Dhcp Relay Configurations For Bir Connections

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set bootp-relay relay-agent enable = yes admin> set bootp-relay relay-agent giaddr-selection = local-ip-address admin> write -f Sample DHCP relay configurations for BIR connections The sample configurations in this section are intended to show how the system behaves with specific global and connection settings.

  • Page 205: Sample Configuration Enabling Relay Agent On A Bir Connection

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 192.168.146.10/24 admin> set ip-options local-address = 192.168.146.200/24 admin> set ip-options bootp-relay-options enable = no admin> set ip-options bootp-relay-options max-dynamic-interface = 0 admin>...

  • Page 206: Sample Configuration With Option 82

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set bir-options enable = yes admin> write -f Sample configuration with option 82 In this sample configuration, the following conditions apply: Relay-agent is enabled on this interface. DHCP option 82 is enabled. The giaddr field of the DHCP packet will contain the Stinger system-ip-address, and the option 82 identifier will be inserted in the DHCP packet.

  • Page 207: Sample Configuration With Option 82 And Multiple Interface Creation

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections Sample configuration with option 82 and multiple interface creation In this sample configuration, the following conditions apply: Relay-agent is enabled on this interface. DHCP option 82 is enabled. The giaddr field of the DHCP packet will contain the Stinger system-ip-address, and the option 82 ID will be inserted in the DHCP packet.

  • Page 208: Sample Configuration On A Vdsl Port With Option 82 And Multiple Interface Creation

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set atm-options nailed-group = 3 admin> set bir-options enable = yes admin> set bir-options proxy-arp = yes admin> write -f Sample configuration on a VDSL port with option 82 and multiple interface creation On very high speed DSL (VDSL) ports, BIR connections use Ethernet encapsulation on the drop.

  • Page 209: Sample Configuration Using The Dhcp Router Option

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set bootp-relay bootp-servers 1 = 11.11.11.45 admin> set bootp-relay relay-agent-information enable = yes admin> set bootp-relay relay-agent allow-multiple-interface = yes admin> set bootp-relay relay-agent circuit-id enable = yes admin>...

  • Page 210: Sample Configuration That Sends Only A Hostname

    IP Routing Configuration Configuring DHCP relay for IPoA and BIR connections admin> set bootp-relay relay-agent-info enable = yes admin> set bootp-relay relay-agent-info allow-multiple-interface = yes admin> set bootp-relay relay-agent-info circuit-id enable = yes admin> set bootp-relay relay-agent-info circuit-id if-ip = 192.168.146.200 admin>...

  • Page 211: Configuring Broadband Ras Subscriber Access

    IP Routing Configuration Configuring broadband RAS subscriber access admin> write -f admin> admin> new vlan-ethernet { { 1 8 2 } 500 } admin> set enabled = yes admin> write -f The following commands configure the BIR connection to obtain its configuration via DHCP: admin>...

  • Page 212: Overview Of Pppoa And Pppoe Topologies

    IP Routing Configuration Configuring broadband RAS subscriber access nailed-group = 1 [in CONNECTION/"":telco-options] call-type = ft1 nailed-groups = 1 Note Because these defaults conflict, it is recommended to set the call-type value to off for all PPP connections. With the default call-type setting of ft1 in a PPP profile, if { 1 1 1 } is enabled (with or without connections), the system generates rolling LOG errors, LOG warning, and LOG information messages.

  • Page 213: Required Setup For Pppoa And Pppoe Connections

    IP Routing Configuration Configuring broadband RAS subscriber access Figure 4-23. PPPoE topology Stinger IP DSLAM Bridge PPPoE Ethernet client PPPoE Required setup for PPPoA and PPPoE connections To enable establishment of PPPoA or PPPoE connections using IP routing, you must complete the following steps: Configure the ANSWER-DEFAULTS profile to accept PPP session requests and require their authentication.
  • Page 214 IP Routing Configuration Configuring broadband RAS subscriber access enabled = yes receive-auth-mode = no-ppp-auth bi-directional-auth = none substitute-send-name = "" lcp-keepalive-period = 0 lcp-missed-keepalives = 4 use-magic-number = no [in ANSWER-DEFAULTS:session-info] idle-timer = 120 max-call-duration = 0 Parameter Setting profiles-required A setting of yes (the default) prevents unauthenticated sessions.

  • Page 215: Terminating Traffic On A Lim Internal Interface

    IP Routing Configuration Configuring broadband RAS subscriber access admin> write -f With this setting, the system accepts session requests that provide any of the supported PPP authentication methods, but it drops requests that do not offer any authentication protocols during session negotiation. The following commands enable bidirectional authentication for sessions that use CHAP and specify the proper settings in the CONNECTION or RADIUS profile: admin>...

  • Page 216: Configuring An Atm Circuit To Terminate Pppoa

    IP Routing Configuration Configuring broadband RAS subscriber access Table 4-4. Required encapsulation types for PPPoA and PPPoE Connection type CONNECTION setting Description PPPoA set atm-options The system can establish a PPPoA connection atm1483type = aal5-vc regardless of the atm1483type setting in the CONNECTION profile, but the CPE must be configured to do VC multiplexing.

  • Page 217: Configuring An Atm Circuit To Terminate Pppoe

    IP Routing Configuration Configuring broadband RAS subscriber access Configuring an ATM circuit to terminate PPPoE The following commands enable an SDSL interface in slot 7 and configure an ATM circuit from the DSL interface to the LIM’s ATM internal interface. To determine the nailed group of a LIM’s internal ATM interface, use the which command.

  • Page 218: Overview Of Pppoa Connection Settings

    IP Routing Configuration Configuring broadband RAS subscriber access Overview of PPPoA CONNECTION settings For background information about IP routing configurations, see “Configuring IPoA subscriber connections” on page 4-49.In addition to those settings, following are relevant PPPoA parameters, shown with default settings, including bidirectional CHAP authentication: [in CONNECTION/""] station* = ""...

  • Page 219: Sample Pppoa Connection With Bidirectional Chap Authentication

    IP Routing Configuration Configuring broadband RAS subscriber access Parameter RADIUS attribute Setting Enables or disables processing of PPPoA packets. Ascend-PPPoA-Enable pppoa PPPoA is enabled by default. If both pppoae and pppoe (318) are set to yes in the same CONNECTION profile, the system automatically detects which protocol is used in the incoming traffic stream and performs the required processing.

  • Page 220: Pppoa Over Llc

    IP Routing Configuration Configuring broadband RAS subscriber access PPPoA over LLC To bring up a PPPoA call, Stinger requires two profiles, atm-ckt and PPPoA. The atm- ckt profile runs between the dsl port and the sar port. Both VC-mux and LLC type of encapsulations use this approach.

  • Page 221: Example Of Configuring A Pppoe Connection

    IP Routing Configuration Configuring broadband RAS subscriber access inUse: hostName: atm1483-encaps : aal5-llc admin>info np connection 1 1 27 Connection Handles sh/sl act cPort dPort type uctl udata dctl ddata 1/1 Y 000000 000000 LIM 0/149 0/148 0/149 0/148 Encaps: PPPoA over LLC - MTU=1524 (50) Control &...

  • Page 222: Sample Pppoe Connection Using Pap Authentication

    IP Routing Configuration Configuring broadband RAS subscriber access remote-address = 0.0.0.0/0 [in CONNECTION/"":ppp-options] recv-password = "" [in CONNECTION/"":pppoe-options] pppoe = no bridge-non-pppoe = no [in CONNECTION/"":telco-options] call-type = ft1 Parameter RADIUS attribute Setting station User-Name (1) Name of the PPP client system. The value is case sensitive, and must exactly match the name the client presents during authentication.

  • Page 223: Sample Pppoe Connection On A Vdsl Port

    IP Routing Configuration Configuring broadband RAS subscriber access admin> set encapsulation-protocol = ppp admin> set ip-options remote-address = 2.2.2.1/29 admin> set ppp-options recv-password = pppoe1!pw admin> set pppoe-options pppoe = yes admin> set telco-options call-type = off admin> write -f Following is a comparable RADIUS user profile: pppoe-1 Password = "pppoe1!pw"...

  • Page 224: Enabling Lcp Keepalives

    IP Routing Configuration Configuring broadband RAS subscriber access The following commands configure a PPPPoE CONNECTION profile. Notice that the CONNECTION profile for PPPoE on VDSL ports uses the same settings as a profile for PPPoE on other types of subscriber ports. admin>...
  • Page 225 Ascend-LCP-Keepalive-Missed-Limit integer Using these attributes requires a server capable of encoding 16-bits VSAs (vendor specific attributes), such as Lucent’s Navis Radius. These attribute-value pairs override the corresponding parameter values set in the answer-defaults profile. Sample LCP keepalive configuration This sample configuration creates a PPP connection profile using LCP keepalives for a remote CellPipe®...

  • Page 226: Table 4-5 Configurable Lcp Echo Interaction With Lqm

    IP Routing Configuration Configuring broadband RAS subscriber access The next set of commands configures a PPPoE connection to the remote CellPipe®: admin> new connection admin> set station = pipe admin> set active = yes admin> set encapsulation-protocol = ppp admin> set ip-options remote-address = 10.10.10.1/24 admin>...

  • Page 227: Enabling Magic-Number Negotiation When Lqm Is Disabled

    IP Routing Configuration Configuring broadband RAS subscriber access 4. With the conditions shown in this row, the system sends LCP Echoes to gauge the quality of the link. The send rate is controlled via the LQM parameters because this is an LQM feature. 5.

  • Page 228: Configuration Overview

    IP Routing Configuration Configuring broadband RAS subscriber access – If the PADI packet specifies an unacceptable service name, the system ignores the packet. – If the PADI packet specifies an acceptable service name, the system responds with a PPPoE Active Discovery Offer (PADO) packet. On receipt of a PADO packet, the client sends a PPPoE Active Discovery Request (PADR) packet.
  • Page 229 IP Routing Configuration Configuring broadband RAS subscriber access The corresponding RADIUS attributes are Ascend vendor-specific, 16-bit. For details about configuring a PPPoE server profile in RADIUS, see “Sample PPPoE server configuration using RADIUS” on page 4-106. Parameter RADIUS attribute Setting name Ascend-PPPOE-Server Name of the profile, up to 23 characters.
  • Page 230 IP Routing Configuration Configuring broadband RAS subscriber access Parameter RADIUS attribute Setting ignore (1) Ignore a PADI if it contains a service name from the service-name-list. This is the default value. With the default empty list, the system accepts all service names in a PADI. With this setting and a non-empty service-name-list, the system rejects all service names from the list and...

  • Page 231: Sample Pppoe Server Configuration Using Local Profiles

    IP Routing Configuration Configuring broadband RAS subscriber access Parameter Setting Name of the default PPPOE-SERVER profile, to be used pppoe-default-server- whenever a CONNECTION has no server-profile name configured, or it has one configured but the specified PPPOE-SERVER profile could not be found. At boot time, if this pppoe-default-server-name has the default value (default) and if no PPPOE-SERVER profiles have been configured locally, the system creates...

  • Page 232: Sample Pppoe Server Configuration Using Radius

    IP Routing Configuration Configuring broadband RAS subscriber access Nailed group corresponding to port { shelf-1 slot-4 73 } is 2271 Enable SDSL interface 1 in slot 4. admin> read sdsl { 1 4 1 } admin> set enabled = yes admin>...

  • Page 233: Table 4-6 Permanent Radius Pppoe Server Profiles

    IP Routing Configuration Configuring broadband RAS subscriber access Table 4-6. Permanent RADIUS PPPoE server profiles Element Description The user name for RADIUS PPPoE server profiles must permpppoe-stg123-1 begin with permpppoe- followed by the system name if one has been defined, followed by a hyphen. For example, if the system name is stg123, all PPPoE server profiles must begin with the string permpppoe-stg123-.
  • Page 234 IP Routing Configuration Configuring broadband RAS subscriber access Table 4-6. Permanent RADIUS PPPoE server profiles (Continued) Element Description Action to take when receiving a PADI or PADR with any Ascend-PPPOE- service name that is listed in an Ascend-PPPOE-Service- Service-Name-Action Name attribute-value pair in this profile. 0 (accept) or 1 (317) (ignore) are valid values.

  • Page 235: Administrative Tools For Ip Routing

    If you issue a refresh command and it fails due to an invalid password, all RADIUS-learned profiles are deleted and no retry is allowed. (If the command fails due to a time-out or network error, the system retries and profiles are not affected.) Syslog messages related to RADIUS PPPoE server configurations When PPPoE servers have been successfully refreshed, you will see the following...

  • Page 237: Ethernet And Ip Qos

    Ethernet and IP QoS Overview of the QoS implementation ....... . . 5-1 Introduction to PACKET-FLOWS profile settings .

  • Page 238: Packet Classification Subsystem

    Ethernet and IP QoS Overview of the QoS implementation Table 5-1. Descriptions of QoS support for routed, bridged, and VLAN traffic Type of QoS Description IP QoS IP QoS uses packet classifiers to select packets. IP QoS supports: priority scheduling with rate limiting IP ToS marking IP QoS can be applied to all terminated routed connections, as well as to routed VLAN interfaces.

  • Page 239: Rate-Limiting, Prioritization, And Scheduling Subsystem

    Ethernet and IP QoS Overview of the QoS implementation Rate-limiting, prioritization, and scheduling subsystem Once the classification has been done, the classification result is passed to the scheduling subsystem, which is responsible for selecting a queue according to the priorities, the rate-limiting result, and scheduling at the connection level. For WAN connections, traffic scheduling and shaping can be influenced by ATM service contracts.

  • Page 240: Configuration Steps

    Ethernet and IP QoS Overview of the QoS implementation Table 5-2. Packet marking supported on egress interfaces Profile Type of egress interface Marking action IP-INTERFACE Routed Ethernet IP ToS VLAN-ETHERNET Routed VLAN IP ToS or Ethernet p-bit VLAN-ETHERNET Bridged VLAN Ethernet p-bit CONNECTION Routed WAN...

  • Page 241: Default Ip Qos Configuration

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings For Ethernet IP or VLAN Ethernet interfaces, select the correct scheduler in the IP-INTERFACE or vlan-ethernet priority configuration. (See “Configuring Ethernet IP traffic shaping” on page 5-24.) Create the classification rules and apply them to the output interface. Because classifiers must be communicated to the underlying system hardware, which can be time intensive when many rules have been defined, a method is provided for batching updates system wide.

  • Page 242: Layer 2 Classifiers

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter or subprofile Purpose Classify an Ethernet bridged layer2-classifier traffic flow. A given PACKET-FLOWS profile can configure either layer2- classifier settings or IP-specific packet-classifier settings, but not both. Classify an IP packet flow. The packet-classifier packets can be routed through the system or bridged Ethernet...

  • Page 243: Packet Classifiers

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter Description vlan-id The 802.1Q/P standard specifies a tag that appends to a MAC frame. The VLAN tag carries both the VLAN ID (12-bit) and Prioritization (3-bit). This parameter can specify a VLAN ID (a number from 0 to 4095). In the case of stacked VLANs, the user-level vlan-id is used instead of the NSP-level vlan-id.
  • Page 244 Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter Description interface-group Interface group number (from 0 to 255) used for classification. Value 0 matches all interfaces, so it means no classification will be performed based on interface group. Up to 256 groups can be created. Interface grouping is configured in the packet- classifier subprofile but it is not IP-specific.

  • Page 245: Caveat About Fragmented Ip Packets

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter Description Packet address/port less than rule’s less address/port. equal Packet address/port same as rule’s address/port. greater Packet address/port greater than rule’s address/port. destination-port Numeric value (from 0 to 65535) used for the destination UDP/TCP port comparison defined by destination-port-comparison.

  • Page 246: Comparisons Of Ip Addresses

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Table 5-3. Comparison passes performed on inbound packet flows (Continued) Comparison pass Description 7. UDP/TCP destination port If the destination address of the packet does not compare as specified to the destination-port of the rule, the comparison fails.

  • Page 247: Comparisons Of Port Numbers

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Comparisons of port numbers Rules can specify a port number to be compared to the source or destination port (or both) in a packet. Note When a nonzero source-port or destination-port is specified in a PACKET-FLOWS profile, the ip-protocol value must be set to either 17 (UDP) or 6 (TCP) and the source-port-comparison or destination-port-comparison parameter must specify the type of comparison to be performed.

  • Page 248: Scheduling And Rate Limiting

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings For example, the following commands specify priority 1 for packets that do not match the configured rule for flow 1: admin> read packet-flows src-netmask-demo admin> set flow 1 packet-classifier source-ip-netmask = 255.255.255.0 admin>...

  • Page 249: Token Buckets In The Single-Rate Three Color Policing Algorithm

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter Setting Priority (from -1 to 7) of the flow when the policer is yellow-queue-priority active and detects traffic above CBS but below EBS. The default value of -1 indicates that yellow traffic must be discarded.

  • Page 250: Using A Single Rate Two-Color Algorithm

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings It is strongly recommended to configure the size of the buckets to be able to store at least two packets. That is the reason why the minimum recommended value for CBS is two times the MTU of the connection.

  • Page 251: Example Of Rate Limiting On A Bir Connection

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Within the single-rate tricolor marker algorithm, the size of the bridged packet is considered as that of the payload, excluding any layer 2 headers or trailers applicable at the IP control module. For example: For a bridged-LLC packet received from a transparent-bridged DSL interface, the LLC and MAC header (Destination Address, Source Address and EtherType fields) are excluded while calculating the packet size for rate-limiting purposes.

  • Page 252: Example Of Rate Limiting On A 1:1 Bridged Vlan

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings admin> set ip-options packet-flows = bir-flow admin> set bir-options enable = yes admin> write -f Example of rate limiting on a 1:1 bridged VLAN This sample configuration creates a PACKET-FLOWS profile that rate limits and prioritizes traffic flows, and applies it to the downstream DLS interface of a 1:1 VLAN circuit.

  • Page 253: Qos Packet Marking For Routed Traffic

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings For bridged and routed VLAN traffic, the 802.1Q VLAN tag can carry both the VLAN ID and a priority value (called a p-bit value). The system can set a p-bit value to carry priority information to other p-bit aware devices along the traffic’s path.

  • Page 254: Overview Of Packet Marking Settings

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings If IGMP snooping is enabled, scheduling priority and p-bit marking for multicast frames can be configured at the IP multicast address level in the packet-classifier subprofile. Note that a finer granularity of classification (using other fields of the IP header) is not supported for multicast packets.

  • Page 255: Example Of Ip Tos Marking On A Routed Vlan Interface

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings Parameter or subprofile Purpose 802.1P priority value (from 0 to ethernet-priority 7) to be set in the VLAN tag of the Ethernet frame. The marking-type parameter must be ethernet-priority for this value to be marked in outbound packets.

  • Page 256: Example Of Ethernet P-Bit Marking

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings admin> set packet-flows = routed-flow admin> write -f Create a PACKET-FLOWS profile for the routed VLAN. admin> new packet-flows routed-flow admin> set marking-type = ip-tos admin> set flow 1 packet-classifier destination-ip-address = 20.0.0.0 admin>...

  • Page 257: Example Of Mapping Atm Qos To A Packet Marking Value

    Ethernet and IP QoS Introduction to PACKET-FLOWS profile settings admin> set flow 3 packet-classifier destination-ip-address = 70.0.0.0 admin> set flow 3 packet-classifier destination-ip-netmask = 255.0.0.0 admin> set flow 3 scheduling queue-priority = 1 admin> set global-packet-marking 2 ethernet-priority = 1 admin>...

  • Page 258: Qos-Related Connection And Interface Settings

    Ethernet and IP QoS QoS-related connection and interface settings QoS-related connection and interface settings The following parameters, shown with default values, are related to QoS handling. Note that the VLAN-ETHERNET scheduling subprofile applies only to bridged VLAN interfaces. For routed VLAN interfaces, the scheduling subprofile in the IP-INTERFACE profile must be used.

  • Page 259: Applying A Packet-Flows Profile To An Output Interface

    Ethernet and IP QoS QoS-related connection and interface settings Parameter Setting Name of the PACKET-FLOWS profile to be attached to packet-flows the output interface. For routed subscriber output interfaces, attach the PACKET-FLOWS profile in the CONNECTION ip- options subprofile. For bridged subscriber output interfaces, attach the profile in the CONNECTION bridging-options subprofile.

  • Page 260: Virtual Ip Interfaces And Interface Grouping

    Ethernet and IP QoS QoS-related connection and interface settings Packet flow processing occurs at the output side of an interface, and is applicable to all statically configured virtual interfaces. A virtual interface and the main interface on the same port do not have to use the same PACKET-FLOWS profile. Virtual IP interfaces and interface grouping When a port has been assigned a qos-interface-group number, the system must be able to determine which virtual IP interface on the port is receiving a packet flow,...

  • Page 261: Configuring Vlan Ethernet Traffic Shaping

    Ethernet and IP QoS QoS-related settings in the SYSTEM profile Configuring VLAN Ethernet traffic shaping VLAN traffic shaping is typically used when different kinds of traffic on a network (such as data, VoIP, and video) are each bridged to different VLAN Ethernet interfaces, and the service provider needs control over the amount of bandwidth each type of traffic can use.

  • Page 262: Configurable Queue Size For Iptv Traffic On Dsl Links

    Ethernet and IP QoS Tracking rate adaptation for downstream traffic shaping The following parameters, shown with default values, provide performance enhancements for interactions with the network processor: [in SYSTEM] np-update-time = 0 np-default-filtering-policy = forward np-fpp-compact-timer = 3600 Setting np-update-time to between 10-20 seconds is strongly recommended, particularly when a large number of filter and/or classification rules are configured on the system.

  • Page 263: How Traffic Shaping Typically Occurs

    Ethernet and IP QoS Tracking rate adaptation for downstream traffic shaping How traffic shaping typically occurs The control module (CM) network processor (NP) shapes downstream traffic by discarding packets received at a higher rate than a connection’s expected ATM QoS. The CM NP selects which packets to discard based on IP CoS priorities as configured in a PACKET-FLOWS profile.

  • Page 264: Examples Of Configuring Qos

    Ethernet and IP QoS Examples of configuring QoS multicast group. So, the LIM actually creates the multicast IP packets. When the CM NP shapes unicast traffic according to the new line rate, it hasn’t yet accounted for the multicast streams being replicated on the LIM. For this reason, unicast traffic suffers a performance penalty if it has a lower priority than multicast traffic and it is being transmitted on a multicast-enabled ADSL2+ HB LIM.

  • Page 265: Prioritizing Ip Packet Flows Based On Dsl Service Contracts

    Ethernet and IP QoS Examples of configuring QoS Prioritizing IP packet flows based on DSL service contracts In this example, the provider configures processing priorities according to the price of the end-user DSL contract. For a low-price service contract (bronze), packet flows are assigned a low processing priority, for a medium-price contract (silver), packet flows will be processed at medium priority, and for a high-price contract (gold), packet flows will have high-priority processing.

  • Page 266: Prioritizing Different Kinds Of Ip Traffic On An Atm Pvc

    Ethernet and IP QoS Examples of configuring QoS admin> new connection user-bronze-1 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 192.168.100.20/32 admin> set ip-options local-address = 192.168.100.202/32 admin> set ip-options qos-interface-group = 1 admin>...

  • Page 267: Figure 5-4 Unicast And Multicast Video Share The Same Priority

    Ethernet and IP QoS Examples of configuring QoS Figure 5-4. Unicast and multicast video share the same priority Network side User side Stinger IP DSLAM Multicast video stream Multicast GigE server 192.168.100.40/32 Unicast video stream 192.168.200.200/32 PPV server The provider classifies IP traffic types as shown in Table 5-7. All control traffic such as IGMP, RIP, and so forth, is assigned the highest priority and has precedence over the scheduled QoS priorities.

  • Page 268: Prioritizing Traffic Using Both Ip And Atm Qos

    Ethernet and IP QoS Examples of configuring QoS Apply the PACKET-FLOWS profile to the output interface (the DSL side). admin> new connection user-1 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 192.168.100.40/32 admin> set ip-options local-address = 192.168.100.204/32 admin>...

  • Page 269: Table 5-9 Sample Bandwidth Limitations

    Ethernet and IP QoS Examples of configuring QoS of-service attack or a Blaster worm attack. This type of security issue must be considered before configuring a packet flow with a high-priority default rule. This sample configuration requires the following basic steps: Configure a PACKET-FLOWS profile for video-pvc.
  • Page 270 Ethernet and IP QoS Examples of configuring QoS Table 5-9. Sample bandwidth limitations (Continued) ATM PVC Bandwidth Service classification 320Kbps downstream rtVBR at 320Kbps data-pvc 128k upstream nrtVBR at 128Kbps The next set of commands defines an ATM-QOS profile for data-pvc downstream traffic: admin>...
  • Page 271 Ethernet and IP QoS Examples of configuring QoS admin> set traffic-descriptor-type = noclp-scr-cdvt admin> set atm-service-category = real-time-vbr admin> set peak-rate-kbits-per-sec = 128 admin> set peak-cell-rate-cells-per-sec = 301 admin> set sustainable-rate-kbits-per-sec = 128 admin> set sustainable-cell-rate-cells-per-sec = 301 admin> set ignore-max-burst-size = no admin>...

  • Page 272: Configuring Bridging Vlan Ethernet Qos

    Ethernet and IP QoS Examples of configuring QoS Configuring bridging VLAN Ethernet QoS In this example, the Stinger IP DSLAM receives pre-tagged VLAN traffic from the CellPipe®. The incoming VLAN traffic is p-bit marked, and the system must mark the p-bit again before sending the stacked frames out to NSP 1.

  • Page 273: Configuring Traffic Shaping And Rate Limiting For A N:1 Vlan Bridging

    Ethernet and IP QoS Examples of configuring QoS admin> set flow 3 scheduling queue-priority = 3 admin> set global-packet-marking 2 ethernet-priority = 1 admin> set global-packet-marking 3 ethernet-priority = 3 admin> set global-packet-marking 4 ethernet-priority = 5 admin> write -f Create the NSP VLAN and apply the PACKET-FLOWS profile.
  • Page 274 Ethernet and IP QoS Examples of configuring QoS Create a bridge group for VLAN 50. For example: admin> new bridge-group admin> set enable = yes admin> set bridging-group = 7 admin> set lan-router-interface physical shelf = shelf-1 admin> set lan-router-interface physical slot = first-control-module admin>...

  • Page 275: Configuring Rate Limiting And Traffic Shaping With Vlan Stacking

    Ethernet and IP QoS Examples of configuring QoS admin> set flow 3 scheduling committed-information-rate = 20 admin> set flow 3 scheduling committed-burst-size = 3000 admin> set flow 3 scheduling excess-burst-size = 4500 admin> write -f Apply the PACKET-FLOWS profile to transparent-bridged CONNECTION profiles.
  • Page 276 Ethernet and IP QoS Examples of configuring QoS To configure the sample rate limiting and traffic shaping with VLAN stacking, follow these steps: Create a PACKET-FLOWS profile for rate-limiting traffic over the NSP VLAN interface. For example: admin> new packet-flows ratelimit-vlan admin>...
  • Page 277 Ethernet and IP QoS Examples of configuring QoS admin> set name = ratelimit-wan admin> set flow 1 packet-classifier destination-ip-address = 224.0.0.0/4 admin> set flow 1 packet-classifier destination-ip-netmask = 240.0.0.0 admin> set flow 1 scheduling queue-priority = 7 admin> set flow 2 packet-classifier source-ip-address = 10.0.0.0/8 admin>...

  • Page 278: Configuring Rate Limiting And Traffic Shaping For 1:1 Vlan Bridging

    Ethernet and IP QoS Examples of configuring QoS Configuring rate limiting and traffic shaping for 1:1 VLAN bridging Figure 5-9 shows a 1:1 vlan-circuit configuration in which a single user-side PVC is bridged to a single VLAN. In this sample configuration, the traffic transmitted over the VLAN interface will be rate-limited based on the flow classification.
  • Page 279 Ethernet and IP QoS Examples of configuring QoS admin> set interface-address physical item-number = 2 admin> set interface-address logical-item = 1 admin> set enabled = yes admin> set bridging-options bridging-group = 7 admin> set bridging-options bridge = yes admin> set bridging-options bridge-type = vlan-circuit admin>...

  • Page 280: Configuring A Pppoe Connection With And Without Line-Rate Tracking

    Ethernet and IP QoS Examples of configuring QoS Configuring a PPPoE connection with and without line-rate tracking The following commands configure a PPPoE connection: admin> new connection admin> set station = pppoe-1 admin> set active = yes admin> set encapsulation-protocol = ppp admin>...
  • Page 281 Ethernet and IP QoS Examples of configuring QoS After the PPPoE session has been established and downstream traffic is being sent, if the underlying DSL line-rate adapts below the configured PCR of 12Mbps to 10Mbps (for example), the CM NP continues to shape traffic at the expected QoS of 12Mbps. As a result, 2Mbps will be discarded on the LIM.

  • Page 282: Configuring A Bir Connection With Line-Rate Tracking

    Ethernet and IP QoS Administrative tools for monitoring IP QoS After the system has bounced the PPPoE session, the CM NP begins to discard packets on the basis of CoS priorities, and no cell discards will be seen on the LIM. For example, the following commands show CM PDU discards incrementing: admin>...

  • Page 283: Example Of Monitoring Routed Traffic Onto Gigabit Ethernet

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Following is the syntax of the stats command in the context of IP QoS monitoring: stats cmd np ipqos ifnum [ up | down ] The cmd argument specifies one of the following actions to be performed on the specified interface (ifnum): enable (Begin monitoring QoS on the specified interface.) disable (Stop monitoring QoS on the specified interface.)

  • Page 284: Obtaining The Ethernet Interface Number

    Ethernet and IP QoS Administrative tools for monitoring IP QoS admin> set name = ipflows admin> set flow 1 packet-classifier source-ip-address = 9.0.0.0/8 admin> set flow 1 packet-classifier source-ip-netmask = 255.0.0.0 admin> set flow 1 scheduling queue-priority = 6 admin> set flow 2 packet-classifier source-ip-address = 8.0.0.0/8 admin>...

  • Page 285: Example Of Monitoring Bridged Vlan Traffic (Transparent Bridging)

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Number of class rules Number of multicast IP flow :0 Number of unicast IP flow PRIORITIES Number of priority Lowest priority Mapping priority/COS :P[0]=5 P[1]=x P[2]=x P[3]=x P[4]=4 P[5]=3 P[6]=2 P[7]=x SCHEDULING Line Rate Data queue Id...

  • Page 286: Creating A Bridged Subscriber Interface And Packet-Flows Profile

    Ethernet and IP QoS Administrative tools for monitoring IP QoS admin> set enabled = yes admin> set bridging-options bridging-group = 572 admin> set bridging-options bridge = yes admin> set bridging-options bridge-type = transparent-bridging admin> set bridging-options packet-flows = pbitmark admin> write -f admin>...

  • Page 287: Obtaining The Interface Numbers

    Ethernet and IP QoS Administrative tools for monitoring IP QoS admin> set flow 1 scheduling queue-priority = 6 admin> set flow 2 packet-classifier source-ip-address = 8.0.0.0/8 admin> set flow 2 packet-classifier source-ip-netmask = 255.0.0.0 admin> set flow 2 scheduling queue-priority = 5 admin>...

  • Page 288: Enabling Monitoring For The Bridged Subscriber Interface

    Ethernet and IP QoS Administrative tools for monitoring IP QoS SCHEDULING Line Rate Data queue Id :274 Scheduler ID PDU type :packet Number of COS queues Scheduling priority Peak Rate (Kbps) TS parameters :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TM parameters :06 0f 7d 00 05 dc 00 01 00 00 00 00 00 00 00 00 admin>...

  • Page 289: Example Of Monitoring 1:1 Vlan Bridged Traffic

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Number of COS queues ATM service category :UBR PCR (cell per sec) TS parameters :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TM parameters :06 4b 00 c8 00 c8 00 02 00 00 00 00 00 00 00 00 admin>...

  • Page 290: Creating The Vlan-Side Profiles

    Ethernet and IP QoS Administrative tools for monitoring IP QoS admin> set flow 2 packet-classifier source-ip-address = 8.0.0.0/8 admin> set flow 2 packet-classifier source-ip-netmask = 255.0.0.0 admin> set flow 2 scheduling queue-priority = 5 admin> set flow 3 packet-classifier source-ip-address = 7.0.0.0/8 admin>...

  • Page 291: Enabling Monitoring In The Upstream Direction

    Ethernet and IP QoS Administrative tools for monitoring IP QoS 007 0:00 000 * 0.0.0.0/32 127.0.0.2/32 008 0:00 000 * 0.0.0.0/32 127.0.0.3/32 009 1:08 000 * wanabe 0.0.0.0/32 127.0.0.3/32 010 0:00 000 * local 0.0.0.0/32 127.0.0.1/32 011 0:00 000 * mcast 0.0.0.0/32 224.0.0.0/32...

  • Page 292: Enabling Monitoring In The Downstream Direction

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Priority MTU drop Queue drop Sched drop Port drop Enabling monitoring in the downstream direction The following commands enable IP QoS monitoring in downstream direction and show that the QoS counters are incremented. admin>...

  • Page 293: Example Of Monitoring Stacked Vlan Bridged Traffic

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Example of monitoring stacked VLAN bridged traffic For stacked-vlan bridged connections, you can enable QoS monitoring on an NSP VLAN interface or on a stacked (pre-tagged or untagged) WAN interface. Enabling QoS monitoring on an NSP VLAN interface For stacked VLAN connections, you enable or disable QoS monitoring on an NSP VLAN interface by using the following commands:...

  • Page 294: Enabling Qos Monitoring On A Stacked Vlan Wan Connection

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Line Rate Data queue Id :263 Scheduler ID PDU type :packet Number of COS queues Scheduling priority Peak Rate (Kbps) TS parameters :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TM parameters :06 0f 7d 00 05 dc 00 00 00 00 00 00 00 00 00 00 The following command disabled QoS monitoring on the NSP VLAN interface:...

  • Page 295: Example Of Displaying A Connection's Traffic Shaping Parameters

    Ethernet and IP QoS Administrative tools for monitoring IP QoS Example of displaying a connection’s traffic shaping parameters Both Stinger IP control modules support the debug-level info np command. For example, the info np conn command displays queue IDs on the CM, which is needed to view traffic shaping parameters on the IP2000 module.

  • Page 296: Displaying A Connection's Traffic Shaping Parameters On The Ip2100

    Ethernet and IP QoS Administrative tools for monitoring IP QoS QOS Configuration Downstream : dn-q Upstream : default Principal DID List: Type cosId Cloned ---------- --------------- ---------- ----- ------ 2006 DATA_EX 55156 UNICAST Layer 2 DID List: Empty Displaying a connection’s traffic shaping parameters on the IP2100 To display traffic shaping parameters on the IP2100 control module, complete the following steps in the debug environment.

  • Page 297: Limitations With The Current Software Version

    Ethernet and IP QoS Limitations with the current software version Filter Configuration : No Filters applied TCP Estab Outgoing Filter: Not enabled QOS Configuration Downstream : dn-q Upstream : default Principal DID List: Type cosId Cloned ---------- --------------- ---------- ----- ------ 2004 CNTL_EX 2005...
  • Page 298 Ethernet and IP QoS Limitations with the current software version Packets that are fragmented by the Stinger IP DSLAM always take the highest priority. Classifications rules for such packets are not applicable. IP QoS does not apply to L2TP connections. When a nonzero source-port or destination-port is specified in a PACKET-FLOWS profile, the ip-protocol value must be set to either 17 (UDP) or 6 (TCP).

  • Page 299: Figure 6-1 L2Tp Tunneling

    L2TP Tunneling Configuration Overview of L2TP tunneling ........6-2 Overview of L2TP tunnel authentication.

  • Page 300: Chapter 6 L2Tp Tunneling Configuration

    L2TP Tunneling Configuration Overview of L2TP tunneling Overview of L2TP tunneling Figure 6-1 shows the elements of an L2TP tunnel through the IP-capable Stinger in LAC mode. Figure 6-1. L2TP tunneling End-to-end user session Mobile client (PPPoA/PPPoE) L2TP tunnel Destination Network 3.3.3.3 1.1.1.1...

  • Page 301: L2Tp-Related Network Settings

    UDP port number to use for the control link. The change does not take effect for existing active links until the link has been dropped. Lucent Technologies recommends that you set the Stinger IP address system-ip-addr parameter in the IP-GLOBAL profile of a Stinger unit that is operating as a LAC, particularly if the unit has multiple interfaces into the IP cloud.

  • Page 302: System Name Used For Tunnel Authentication

    L2TP Tunneling Configuration Overview of L2TP tunnel authentication System name used for tunnel authentication If tunnel authentication is enabled in the L2-TUNNEL-GLOBAL profile and the LAC is requesting a new tunnel, it looks for a system name to send to the LNS as follows: Uses the client-auth-id if specified in the client’s CONNECTION profile.

  • Page 303: Table 6-2 Existing Tunnels To The Same Lns

    L2TP Tunneling Configuration Overview of L2TP tunnel authentication If client-auth-id is not specified in the client’s profile, the system attempts to match the client to an existing tunnel by using only the tunnel server’s IP address (and hostname, if specified). Examples of how client-auth-id settings create parallel tunnels In this example, the LNS system’s DNS hostname is a.example.com (a fully qualified domain name), which resolves to two IP addresses, 1.1.1.1 and 1.1.1.2.

  • Page 304: Configuring L2Tp Global Options

    L2TP Tunneling Configuration Configuring L2TP global options Tunnel-Client-Auth-ID = A-LAC, user2 Password = userpass Tunnel-Type = L2TP, Tunnel-Server-Endpoint = lns.example.com, lns.example.com User-Password = "", Service-Type = Dialout Tunnel-Password = tunpass, Tunnel-Client-Auth-ID = AllMyLACs If user1 calls in first and establishes a tunnel, user2 can reuse that tunnel, as shown in Table 6-4.

  • Page 305: Setting L2Tp Timers And Other Variables

    LAC asks for no flow control for inbound L2TP payloads. Note Lucent Technologies strongly recommends a setting of zero for this parameter. A nonzero setting indicates that the LAC should perform sequencing of the data channel, which is not supported on Stinger IP DSLAMs.
  • Page 306 L2TP Tunneling Configuration Configuring L2TP global options Parameter Setting first-retry-timer Initial interval, in milliseconds, that the system waits before retransmitting control packets in the attempt to establish an L2TP tunnel with an LNS. The valid range is from 100 to 5000. The default is 1000. For details about how this timer works with the retry-count parameter in establishing and maintaining tunnel sessions, see “Retry timers”...

  • Page 307: Retry Timers

    L2TP Tunneling Configuration Configuring L2TP global options Parameter Setting Enable/disable verification of the host name returned verify-remote-host-name by the LNS. When enabled, the LAC compares the hostname returned by the LNS in the Start-Control- Connection-Reply (SCCRP) packet to the server-auth- id value configured in the local TUNNEL-SERVER profile or the Tunnel-Server-Auth-ID value in a RADIUS profile.

  • Page 308: Csn Encoding For Radius Accounting

    L2TP Tunneling Configuration Configuring L2TP global options 3 seconds 3 seconds 4 seconds 4 seconds 5 seconds With the following configured values, retransmission occurs for up to 11 seconds: [in L2-TUNNEL-GLOBAL:l2tp-config] first-retry-timer = 1000 retry-count = 6 The initial transmission and six retransmissions occur at the following intervals: 1 second 1 second 1 second...

  • Page 309: Configuring Client Connections With Ppp Authentication

    L2TP Tunneling Configuration Configuring client connections with PPP authentication This configuration limits the retransmission period for failed (or terminated) tunnel attempts to 11 seconds by reducing the retry count to 6. For details, see “Retry timers” on page 6-9. Configuring client connections with PPP authentication If a PPP client’s profile is configured to initiate an L2TP tunnel, the LAC attempts to open a tunnel after it authenticates the client’s session request by means of a user name and password.
  • Page 310 L2TP Tunneling Configuration Configuring client connections with PPP authentication Parameter RADIUS attribute Setting Enables or disables processing of PPPoE packets. PPPoE Ascend-PPPoE- pppoe-options: is disabled by default. When both pppoe and pppoa are pppoe Enable (74) set to yes, the system automatically detects which protocol is used in the incoming traffic stream and performs the required processing.

  • Page 311: Sample Ppp-Authenticated Client Connection

    L2TP Tunneling Configuration Configuring client connections with PPP authentication Sample PPP-authenticated client connection In the following sample setup, the Stinger negotiates a PPPoA session from a DSL client, including user password authentication. It then initiates the L2TP tunnel, passing the authentication and LCP information on to an LNS across the Gigabit Ethernet interface.

  • Page 312: Sample Ppp-Authenticated Connection With Two Lns Systems

    L2TP Tunneling Configuration Configuring client connections with PPP authentication Following is a comparable RADIUS profile: permconn-ran-1 Password = "ascend", Service-Type = Outbound-User, Framed-Protocol = ATM-CIR, User-Name = cir-141, Ascend-Route-IP = Route-IP-No, Ascend-ATM-Vci = 36, Ascend-ATM-Vpi = 0, Ascend-ATM-Group = 151, Ascend-ATM-Connect-Vci = 35, Ascend-ATM-Connect-Vpi = 0, Ascend-ATM-Connect-Group = 2097...

  • Page 313: Figure 6-3 Primary And Secondary Tunnel End Points

    L2TP Tunneling Configuration Configuring client connections with PPP authentication Figure 6-3. Primary and secondary tunnel end points GigE 1.1.1.200 Session authentication Session authentication user: pppoa-1 user: pppoa-1 Destination password: localpw password: localpw Network 1.1.1.1 LNS endpoint-1 1.1.1.1 Internet 3.3.3.3 2.2.2.2 Destination Network LAC-LNS session authentication:...

  • Page 314: Configuring Connection-Based Tunnel Authentication

    L2TP Tunneling Configuration Configuring connection-based tunnel authentication admin> set ip-options remote-addr = 3.3.3.3 admin> set tunnel-options profile-type = mobile-client admin> set tunnel-options tunneling-protocol = l2tp admin> set tunnel-options primary-tunnel-server = 1.1.1.1 admin> set tunnel-options secondary-tunnel-server = 4.4.4.4 admin> write -f Configuring connection-based tunnel authentication Connection-based tunnel authentication uses values specified in the client’s CONNECTION profile to authenticate a tunnel request.

  • Page 315: Example Of Connection-Based Tunnel Authentication

    L2TP Tunneling Configuration Configuring connection-based tunnel authentication Parameter RADIUS attribute Setting Password used for authenticating the tunnel. Tunnel-Password password (69) Name sent to the tunnel server for authenticating the client-auth-id Tunnel-Client-Auth- tunnel. The name can contain up to 31 characters. The ID (90) Tunnel-Client-Auth-ID attribute can be specified in Access-Response packets and are also generated in...

  • Page 316: Configuring Server-Based Tunnel Authentication

    L2TP Tunneling Configuration Configuring server-based tunnel authentication admin> new connection cir-141 admin> set active = yes admin> set atm-options atm1483type = aal5-llc admin> set atm-options vci = 36 admin> set atm-options nailed-group = 151 admin> set atm-connect-options nailed-group = 2097 admin>...

  • Page 317: Overview Of Server-Based Tunnel Authentication Settings

    L2TP Tunneling Configuration Configuring server-based tunnel authentication Overview of server-based tunnel authentication settings Following are the parameters (shown with default values) for configuring the Stinger unit to use server-based tunnel authentication: [in TUNNEL-SERVER/""] server-endpoint* = "" enabled = yes shared-secret = "" client-auth-id = ""...

  • Page 318: Example Tunnel-Server Password Configuration

    L2TP Tunneling Configuration Configuring server-based tunnel authentication RADIUS user profile or a pseudo-user profile used for authentication only. The Tunnel-Password value must be encrypted by the RADIUS server. Otherwise, tunnel authentication fails. Example TUNNEL-SERVER password configuration The following commands specify the password to be sent to the LNS for authenticating tunnels initiated from local CONNECTION profiles: admin>...

  • Page 319: Sample Server-Based Authentication Configuration

    L2TP Tunneling Configuration Configuring server-based tunnel authentication Sample server-based authentication configuration In the following example setup, the Stinger uses a TUNNEL-SERVER profile to obtain the tunnel authentication information for the LNS at 1.1.1.1. Figure 6-5. Server-based tunnel authentication Session authentication Tunnel authentication user: ppp-user name: stinger-lac...

  • Page 320: Using Tunnel Assignment Ids

    L2TP Tunneling Configuration Using tunnel assignment IDs admin> set atm-options nailed-group = 151 admin> set atm-connect-options nailed-group = 2097 admin> set atm-connect-options atm1483type = aal5-llc admin> write -f The following commands configure a CONNECTION profile for the mobile client and do not specify a tunnel password or client-auth-id name: admin>...

  • Page 321: Example Of Configuring Tunnel Assignment Ids

    L2TP Tunneling Configuration Using tunnel assignment IDs Example of configuring tunnel assignment IDs In this example, the Stinger unit is configured to perform tunnel authentication for L2TP tunnels. The two PPP clients shown in Figure 6-6 are configured to use different tunnels to the LNS on the basis of their tunnel assignment IDs.
  • Page 322 L2TP Tunneling Configuration Using tunnel assignment IDs admin> new connection cir-142 admin> set active = yes admin> set atm-options atm1483type = aal5-llc admin> set atm-options vci = 36 admin> set atm-options nailed-group = 152 admin> set atm-connect-options nailed-group = 2097 admin>...
  • Page 323 L2TP Tunneling Configuration Using tunnel assignment IDs Tunnel-Assignment-ID = sdsl1-taid:1 sdsluser-2 Password = "localpw" User-Service = Framed-User, Framed-Protocol = PPP, Test-Idle-Limit = 0, Tunnel-Type = L2TP :1, Tunnel-Server-Endpoint = 1.1.1.1 :1, Tunnel-Client-Auth-ID = stinger-lac: 1, Tunnel-Password = lac-pass, Tunnel-Assignment-ID = sdsl2-taid:1 RADIUS accounting Stop records display the Tunnel-Assignment-ID used for the user session.

  • Page 324: Administrative Tools For Monitoring L2Tp

    L2TP Tunneling Configuration Administrative tools for monitoring L2TP Administrative tools for monitoring L2TP The stats command, described in detail in the Stinger Reference, now provides options for gathering and displaying traffic statistics related to L2TP and PPPoE connections. Following is the syntax of the stats command in the context of L2TP monitoring: stats stats-cmd np stats-type Command element Description...

  • Page 325: Displaying Pppoe Statistics

    L2TP Tunneling Configuration Limitations with this software version Downstream (LNS -> MC): ----------------------- Rx L2TP Packets: 336 [336 ETH, 0 ATM] control: data: - with Length: - with Sequencing: - with Offset: - bad Version: offset overflow: mobile DID not found: last mobile DID matched: *** fast path (Tx RSP) ***: Displaying PPPoE statistics...

  • Page 326: Impact Of L2Tp Data Sequencing Limitation

    Some LNS systems drop only a fraction of the packets, so troubleshooting the problem can be difficult. For this reason, Lucent Technologies strongly recommends that you turn off sequencing of the L2TP data channels on the LNS when interacting with the Stinger as LAC.

  • Page 327: Chapter 7 Virtual Router Configuration

    Virtual Router Configuration Overview of virtual routing ......... 7-1 Creating a virtual router.

  • Page 328: How Virtual Routers Affect The Routing Table

    Virtual Router Configuration Overview of virtual routing How virtual routers affect the routing table When virtual routers are not defined, the global router maintains a single IP routing table that enables the router to reach any of its many interfaces. In that context, each interface known to the system requires a unique address.

  • Page 329: Creating A Virtual Router

    Virtual Router Configuration Creating a virtual router Creating a virtual router When at least one VROUTER profile is configured, the system-ip-address parameter and the global-vrouter parameter in the IP-GLOBAL profile apply to the global router. All interfaces that are not explicitly assigned to another virtual router are grouped with the global router.

  • Page 330: Example Of Defining A Virtual Router

    Virtual Router Configuration Creating a virtual router Parameter Setting Base address of a pool of contiguous addresses on a local pool-base-address network or subnet. The pool will be exclusively for use by the virtual router. For details about defining address pools, see “Configuring and using address pools”...
  • Page 331 Virtual Router Configuration Creating a virtual router The vr1 virtual router maintains minimal routing and interface tables at this point, as shown in the following sample output: admin> netstat vr1 -rn Destination Gateway IF Pref 127.0.0.0/8 bh0_vr1 6815 127.0.0.1/32 local 6815 127.0.0.2/32 rj0_vr1...
  • Page 332 Virtual Router Configuration Creating a virtual router 0 packets not transmitted due to lack of resources Output histogram: 30 echo replies 1 netmask replies 0 packets received 0 packets received with header errors 0 packets received with address errors 0 packets received forwarded 0 packets received with unknown protocols 0 inbound packets discarded 0 packets delivered to upper layers...

  • Page 333: Defining Address Pools For A Virtual Router

    Virtual Router Configuration Creating a virtual router Defining address pools for a virtual router For information about associating an address pool with a slot and virtual router combination, see “Slot-based address assignment” on page 4-36. The following commands define an address pool for the vr1 virtual router defined in “Example of defining a virtual router”...

  • Page 334: Examples Of Assigning Virtual Router Membership To Interfaces

    Virtual Router Configuration Creating a virtual router Examples of assigning virtual router membership to interfaces The following commands assigns a WAN interface to the vr1 virtual router: admin> read connection router-1 admin> set active = yes admin> set encapsulation-protocol = atm admin>...

  • Page 335: Examples Of Defining A Route On A Per-Virtual-Router Basis

    Virtual Router Configuration Creating a virtual router Parameter Setting Name of a virtual router to use as the route’s next hop. inter-vrouter All packets to the static route’s destination network are sent to the specified virtual router for a routing decision.

  • Page 336: Configuring Virtual Router Dns Servers

    Virtual Router Configuration Creating a virtual router Note Because routing traffic between virtual domains is not fast routed, it is strongly recommended to minimize such traffic. In the following example, the static route specifies the vr1 virtual router as the route’s next hop.

  • Page 337: Overview Of Virtual Router Dns Settings

    Virtual Router Configuration Creating a virtual router Overview of virtual router DNS settings Following are the virtual router-specific DNS parameters (shown with their default settings): [in VROUTER/""] domain-name = "" sec-domain-name = "" dns-primary-server = 0.0.0.0 dns-secondary-server = 0.0.0.0 client-primary-dns-server = 0.0.0.0 client-secondary-dns-server = 0.0.0.0 allow-as-client-dns-info = True Parameter...

  • Page 338: Deleting A Virtual Router

    Lucent Technologies recommends that you reset the system after deleting a virtual router with active connections. If a system reset is not possible, the recommended course of action before deleting the virtual router is to manually tear down its active...
  • Page 339 Virtual Router Configuration Administrative tools for virtual routers Table 7-1. Administrative commands showing optional vrouter arguments (Continued) Command Permissions Usage with optional vrouter argument iproute add [-r vrouter] dest_IPaddress/subnet_mask iproute system gateway_IPaddress [preference] [metric] iproute delete [-r vrouter] dest_IPaddress/subnet_mask [gateway] netstat [vrouter] [-i] [-r] [?] [-n] [-d] [-s identifiers] netstat system...

  • Page 341: Chapter 8 Ospf Configuration

    OSPF Configuration Overview of supported OSPF features ....... . . 8-1 Enabling OSPF systemwide .

  • Page 342: Limited Border Router Capability

    OSPF Configuration Overview of supported OSPF features Diagnostics and traps Note Stinger does not support OSPF on DSL interfaces. OSPF is supported only on ATM trunks (through trunk modules such as OC-3) and Gigabit Ethernet ports (IP2x00 only). Limited border router capability A Stinger IP DSLAM acts as an OSPF internal router with limited border router capability.

  • Page 343: Exchange Of Routing Information

    OSPF Configuration Overview of supported OSPF features same IP network can use different size subnet masks. A packet is routed to the best (longest or most specific) match. Host routes are considered to be subnets whose masks are all ones (0xFFFFFFFF). Note OSPF is useful for networks that use VLSMs.

  • Page 344: Designated And Backup Designated Routers On Broadcast Networks

    OSPF Configuration Overview of supported OSPF features Table 8-1. Description of LSA types LSA type Description Type 7 (ASE) NSSA NSSAs are like stub areas in that they do not receive or originate type 5 LSAs. NSSAs rely solely on default routing for external routes.

  • Page 345: Routing Across Nbma Interfaces

    OSPF Configuration Overview of supported OSPF features Routing across NBMA interfaces An OSPF nonbroadcast multiaccess (NBMA) network is any network that has multiple points of access (more than two routers) and does not support broadcast capability. OSPF routers operate on an NBMA network much as they do on a broadcast network, by using the Hello protocol to form adjacencies and identify the designated router.

  • Page 346: Hierarchical Routing (Areas)

    OSPF Configuration Overview of supported OSPF features Hierarchical routing (areas) If a network becomes too large, the size of the database, time required for route computation, and related network traffic become excessive. You can partition an autonomous system into areas to provide hierarchical routing, with a backbone area connecting the other areas.

  • Page 347: Link-State Routing Algorithms

    OSPF Configuration Overview of supported OSPF features profiles as type 7 LSAs. These imported ASE LSAs have the P-bit enabled, which flags border routers to translate them into type 5 LSAs. You can list the router IDs of NSSA border routers that are translating type 7 LSAs to type 5 LSAs, by entering the ospf translators command.

  • Page 348: Enabling Ospf Systemwide

    OSPF Configuration Enabling OSPF systemwide autonomous system. (See Table 8-3, Table 8-4, and Table 8-5.) The table also includes externally derived routing information. All the routers calculate a routing table of shortest paths, based on the link-state database. Externally derived routing data is advertised throughout the autonomous system but is kept separate from the link-state data.

  • Page 349: Configuring Ospf On Gigabit Ethernet

    OSPF Configuration Configuring OSPF on Gigabit Ethernet To configure the system to use OSPF routing, you must configure each LAN or WAN interface that will support OSPF routing, and enable the protocol systemwide. The following parameters, shown with default values, enable the protocol and specify global settings: [in IP-GLOBAL:ospf-global] enable = no...
  • Page 350 OSPF Configuration Configuring OSPF on Gigabit Ethernet area = 0.0.0.0 area-type = normal hello-interval = 10 dead-interval = 40 priority = 5 authen-type = simple auth-key = ******* key-id = 0 cost = 1 down-cost = 16777215 ase-type = type-1 ase-tag = c0:00:00:00 transit-delay = 1 retransmit-interval = 5...
  • Page 351 OSPF Configuration Configuring OSPF on Gigabit Ethernet Parameter Setting The router uses MD5 encryption and the authentication key ID supplied by the key-id parameter to validate OSPF packet exchanges. For related information, see “Authentication” on page 8-2. Secret key for authenticating traffic in the router’s area. auth-key Enter a text string of up to 8 characters.

  • Page 352: Sample Gigabit Ethernet Interface Configuration

    OSPF Configuration Configuring OSPF on Gigabit Ethernet Parameter Setting broadcast A broadcast-capable network, such as Ethernet. An NBMA network, such as a trunk nonbroadcast interface. point-to- A point-to-point network, consisting of point two routers only. Not used on a broadcast network. poll-interval A read-only parameter used internally to verify settings profile-type...

  • Page 353: Configuring Ospf On An Atm Trunk Interface

    OSPF Configuration Configuring OSPF on an ATM trunk interface The following sample commands show how to configure Stinger-2 in Figure 8-5. The commands assign the IP address 10.168.8.17/24 to the local interface and configure the OSPF router in the backbone area: admin>...

  • Page 354: Sample Ospf Point-To-Point Configuration

    OSPF Configuration Configuring OSPF on an ATM trunk interface These are the same parameters described for enabling OSPF on the Gigabit Ethernet interface. For definitions, see “Overview of IP-INTERFACE OSPF settings” on page 8-9. Sample OSPF point-to-point configuration This example shows how to configure a CONNECTION profile in the system labeled Stinger-2 in Figure 8-6, to enable it to route OSPF across the ATM cloud to Stinger-1.

  • Page 355: Example Of An Nbma Configuration

    OSPF Configuration Configuring OSPF on an ATM trunk interface [in CONNECTION/"":ip-options] local-address = 0.0.0.0/0 [in OSPF-NBMA-NEIGHBOR/""] name* = "" host-name = "" ip-address = 0.0.0.0 dr-capable = no Parameter Setting For an NBMA connection to a GRF® multigigabit non-multicast router, the non-multicast parameter must be set to yes. This causes the translation of the multicast traffic to directed traffic.

  • Page 356: Configuring Global Route Options That Apply To Ospf

    OSPF Configuration Configuring global route options that apply to OSPF admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 90.90.90.2/8 admin> set ip-options local-address = 90.90.90.1/8 admin> set ip-options ospf-options active = yes admin> set ip-options ospf-options authen-type = simple admin>...

  • Page 357: Example Of Importing A Summarized Pool As An Ase

    OSPF Configuration Configuring IP-ROUTE OSPF options Example of importing a summarized pool as an ASE The following commands configure a summarized pool and import it to OSPF with a type 1 OSPF metric: admin> read ip-global admin> set pool-summary = yes admin>...

  • Page 358: Example Of Configuring A Type 7 Lsa In An Nssa

    OSPF Configuration Configuring IP-ROUTE OSPF options Parameter Setting Type of metric to apply to routes learned from RIP. The ase-type default value of type-1 expresses the metric in the same units as the interface cost. With the value of type-2, the metric is larger than any link-state path.

  • Page 359: Example Of Assigning A Cost To A Static Route

    OSPF Configuration Administrative tools for OSPF routing Configure a static route to the remote site. For example: admin> new ip-route type7 admin> set dest = 10.4.5.0/22 admin> set gateway = 10.4.5.7 admin> write -f Example of assigning a cost to a static route The lower the cost assigned to a route, the more likely the router is to choose the route to forward traffic.

  • Page 361: Chapter 9 Ip Multicast Configuration

    IP Multicast Configuration IP multicast forwarding ..........9-1 Configuring MBONE interfaces .

  • Page 362: Network-Side Mbone Interfaces

    IP Multicast Configuration IP multicast forwarding to be a multicast client, initiating and responding to group management messages via Internet Group Management Protocol (IGMP) version-1 or version-2. To receive a transmission, the client interfaces must join a specific multicast group. A multicast group is a Class D IP address (from 224.0.0.0 to 239.255.255.255).

  • Page 363: Ip2100 And Ip2000 Maximum Limits On Multicast And Bridge Groups

    IP Multicast Configuration Configuring MBONE interfaces Unused IP-INTERFACE settings [in IP-INTERFACE/{ { any-shelf any-slot 0 } 0 }] multicast-rate-limit = 100 multicast-group-leave-delay = 0 multicast-group-leave-delay-msec = 0 multicast-service-profile = "" multicast-max-groups = 0 [in IP-INTERFACE/{ { any-shelf any-slot 0 } 0 }:igmp-options] robust-count = 2 query-interval = 125 query-response-interval = 100...

  • Page 364: Overview Of Multiple Mbone Configuration

    IP Multicast Configuration Configuring MBONE interfaces A Stinger IP DSLAM does not support multicast heartbeat monitoring, so the following IP-GLOBAL settings are not used: Unused IP-GLOBAL settings [in IP-GLOBAL] multicast-hbeat-addr = 0.0.0.0 multicast-hbeat-port = 0 multicast-hbeat-slot-time = 0 multicast-hbeat-Number-Slot = 0 multicast-hbeat-Alarm-threshold = 0 multicast-hbeat-src-addr = 0.0.0.0 multicast-hbeat-src-addr-mask = 0.0.0.0...

  • Page 365: Sample Configuration With Multiple Mbone Interfaces

    IP Multicast Configuration Configuring MBONE interfaces Parameter Setting mbone-profile[N] Array of 32 indexed parameters for specifying the name of a local CONNECTION profile that provides access to an MBONE router across a trunk interface. This configures up to 32 WAN MBONE interfaces across trunk ports.

  • Page 366: Sample Mbone Configuration On Gigabit Ethernet Vlans

    IP Multicast Configuration Configuring MBONE interfaces The next commands configure two WAN MBONE interfaces on ATM trunk interfaces: admin> new connection mcast1-17-1 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 3.3.3.3/29 admin> set ip-options multicast-allowed = yes admin>...

  • Page 367: Figure 9-4 Sample Configuration Of Vlan Mbone Interface

    IP Multicast Configuration Configuring MBONE interfaces Figure 9-4. Sample configuration of VLAN MBONE interface Network side (MBONE) User side Multicast video server Stinger IP DSLAM Multicast client interfaces MBONE (LIM ports) 13.13.13.13/24 router { { 1 8 2 } 1 } CPE routers Following is a sample Gigabit Ethernet VLAN MBONE interface configuration.

  • Page 368: Managing Multicast Group Memberships

    IP Multicast Configuration Managing multicast group memberships admin> set multiple-mbone mbone-lan 1 physical-address item = 2 admin> set multiple-mbone mbone-lan 1 logical-item = 1 admin> write -f Managing multicast group memberships To receive a multicast transmission, a client interface must join a specific multicast group.

  • Page 369: Sample Multicast Address Filters

    IP Multicast Configuration Managing multicast group memberships Parameter Setting Specifies whether access to the multicast groups defined filter-type in the filter list will be filtered inclusively or exclusively. With inclusive filtering, client interfaces have access only to those groups specified in the filter list. Currently, exclusive filters (to allow access to all groups except those specified in the filter list) is not supported.

  • Page 370: Sample Multicast Address Range Filter

    IP Multicast Configuration Managing multicast group memberships admin> new mcast-service gold-service admin> set active = yes admin> set filter-type = inclusive admin> set filter-list 1 active = yes admin> set filter-list 1 mcast-ip-address = 239.225.129.119 admin> set filter-list 2 active = yes admin>...

  • Page 371: Configuring Multicast Client Interfaces

    IP Multicast Configuration Configuring multicast client interfaces admin> set ip-options multicast-allowed = yes admin> set ip-options multicast-service-profile = test_234_1 admin> set atm-options nailed-group = 251 admin> write -f If the configuration results in an out-of-range multicast address, or if the same group address is specified in two filter-list subprofiles, the Stinger logs an error message.
  • Page 372 IP Multicast Configuration Configuring multicast client interfaces Parameter Setting Number of seconds to delay before forwarding a Leave multicast-group-leave- delay Group message. The sum of (multicast-group-leave- delay × 1000) plus multicast-group-leave-delay-msec is the number of milliseconds the system waits before forwarding to the MBONE router an IGMP version-2 Leave Group message it receives across a multicast client interface.

  • Page 373: Setting Igmp-V2 Timers (Local Profiles Only)

    IP Multicast Configuration Configuring multicast client interfaces Parameter Setting Specifies whether the virtual circuit is a multicast server multicast-server-vc VC (yes or no). See “Overview of multicast server VC settings” on page 9-23. An array of 20 indexed subprofiles, to enable you to multiple-mcast-filter apply up to 20 mcast-service profiles per user.

  • Page 374: Example Of Using Multiple Multicast Filters

    IP Multicast Configuration Configuring multicast client interfaces Parameter Setting query-response-interval Maximum response time in tenths of a second (from 0 to 1024) inserted into general queries. You can increase this value from its default of 10 seconds to make IGMP traffic less bursty, because host responses will be spread out over a larger interval.

  • Page 375: Sample Multicast Video Configuration With Filters

    IP Multicast Configuration Configuring multicast client interfaces admin> set filter-list 1 mcast-ip-address = 226.10.10.10 admin> set filter-list 1 group-range-count = 1 admin> write -f The following set of commands defines a CONNECTION profile and applies both filters: admin> new connection mpoa-adsl admin>...

  • Page 376: Configuring The Local Mbone Interface

    IP Multicast Configuration Configuring multicast client interfaces Figure 9-5. DSL video application with a local MBONE interface Network side User side Set-top box (STB) Multicast video server 5.5.5.5 Stinger IP DSLAM GigE CPE-1 NET-1 2.2.2.2/29 Multicast router CPE-2 3.3.3.3/29 NET-2 7.7.7.7 Configuring the local MBONE interface The following commands enable the MBONE interface on the Gigabit Ethernet port:...

  • Page 377: Applying A Filter That Restricts The Gige Interface To Video Traffic Only

    IP Multicast Configuration Configuring multicast client interfaces admin> set ip-options multicast-allowed = yes admin> set ip-options multicast-rate-limit = 20 admin> set ip-options multicast-service-profile = gold-service admin> set ip-options multicast-max-groups = 2 admin> set atm-options vci = 100 admin> set atm-options nailed-group = 52 admin>...

  • Page 378: An Alternative Filter To Restrict Each Client Interface

    IP Multicast Configuration Configuring multicast client interfaces An alternative filter to restrict each client interface If you must use a Gigabit Ethernet interface for other applications as well as multicast video, you cannot restrict the type of traffic allowed on the interface. In that case, you can define filters for individual multicast client interfaces, to restrict the those interfaces from handling traffic other than video data and related control messages.

  • Page 379: Sample Multicast Video Configuration With A Remote Mbone Interface

    IP Multicast Configuration Configuring multicast client interfaces Sample multicast video configuration with a remote MBONE interface In the sample setup shown in Figure 9-6, the MBONE interface is configured in Stinger-2, and the multicast client interface is configured in Stinger-1. The connection between the two Stinger units is an ATM PVC.
  • Page 380 IP Multicast Configuration Configuring multicast client interfaces Following is a comparable RADIUS profile: permconn-st-2 Password = "pwd" Service-Type = Outbound, Framed-Protocol = ATM-CIR, User-Name = "mcast-client-pvc", Ascend-ATM-Group = 155, Ascend-Route-IP = Route-IP-No, Ascend-ATM-Vpi = 0, Ascend-ATM-Vci = 35, Ascend-ATM-Connect-Vpi = 0, Ascend-ATM-Connect-Vci = 100, Ascend-ATM-Connect-Group = 802 With this CONNECTION or RADIUS profile, ATM cells received by Stinger-1 from the...

  • Page 381: Atm Qos When Both Multicast And Unicast Clients Are Supported

    IP Multicast Configuration Configuring multicast client interfaces The following command on Stinger-2 checks that the group exists: admin> igmp groups Group Address Members Expire time Counts 230.0.0.9 00:00:31 0 :: 0 S2 *(Mbone) 0 :: 0 S2 The following command displays client interfaces (interface 14 representing the remote client interface): admin>...

  • Page 382: Multicast Server Virtual Circuits

    IP Multicast Configuration Multicast server virtual circuits traffic-descriptor-type = noclp-scr atm-service-category = real-time-vbr peak-rate-kbits-per-sec = 12000 peak-cell-rate-cells-per-sec = 28301 sustainable-rate-kbits-per-sec = 6000 sustainable-cell-rate-cells-per-sec = 14150 minimum-rate-kbits-per-sec = 0 minimum-cell-rate-cells-per-sec = 0 ignore-cell-delay-variation-tolerance = no cell-delay-variation-tolerance = 20 ignore-max-burst-size = no max-burst-size = 30 aal-type = aal-5 early-packet-discard = yes...

  • Page 383: Overview Of Multicast Server Vc Settings

    IP Multicast Configuration Multicast server virtual circuits on the multicast server VC to all DSL clients who have joined the associated multicast group. Note When multiple-multicast-server-vc is configured in the IP-GLOBAL profile, you cannot also configure MBONE or PIM. Overview of multicast server VC settings Following are the parameters, shown with default settings, required for configuring multicast server VCs: [in IP-GLOBAL]...

  • Page 384: Sample Configuration Of Multicast Server Vcs

    IP Multicast Configuration Multicast server virtual circuits Sample configuration of multicast server VCs In the sample setup shown in Figure 9-8, STREAM-1, STREAM-2, STREAM-3 are trunk terminated ATM PVCs configured as multicast server VCs, and user-1, user-2, and user-3 are DSL user connections. Figure 9-8.

  • Page 385: Distributed Multicast With Hb Lims (Ip2100 Only)

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) admin> set ip-options multicast-allowed = yes admin> set ip-options multicast-server-vc = yes admin> set atm-options vci = 41 admin> set atm-options nailed-group = 802 admin> write -f admin> new connection STREAM-3 admin>...

  • Page 386: Conceptual Overview

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) resulting bandwidth requirement (648Mbps) would exceed the backplane bandwidth of 622Mbps. With distributed multicast, the system uses backplane bandwidth for each multicast channel. So up to 622/3 (207) simultaneous video channels can be transmitted to a LIM regardless the number of clients watching a channel.

  • Page 387: Mbone And Multicast Client Interactions On Ffw Interfaces

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) The multicast-capable CM manages its GigE ports and its own FFW interfaces. The multicast-capable HB LIM manages its own WAN interfaces and its FFW interface. MBONE and multicast client interactions on FFW interfaces Table 9-3 shows the MBONE and multicast client behavior of the FFW interfaces: Table 9-3.

  • Page 388: What Happens When A Cpe Leaves A Multicast Group

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) What happens when a CPE leaves a multicast group When an IGMP Leave message is received, each multicast router performs the following steps: Unregister the client from the multicast group. If this is the last active client in the group, proceed to step 3.

  • Page 389: Changes In Packet-Flow Prioritization With Distributed Multicast

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) Each of the HB LIM’s DSL lines supports a maximum of four terminated PVCs or up to eight switched ATM PVCs. OAM support should be limited to no more than 400 connections on a LIM if provisioning the maximum number of eight switched ATM PVCs per port while using unique VPI values for each of the connections on each port.

  • Page 390: Scheduling Priority Of The Hb Lim Ffw Interface

    IP Multicast Configuration Distributed multicast with HB LIMs (IP2100 only) Table 9-6. Packet flow with interleaving priorities (unicast/multicast) Flow # Description of classifier Priority Result flow 1 Unicast traffic classifier priority 7 All unicast traffic will be higher flow 2 Multicast traffic classifier priority 6 priority than...

  • Page 391: Atm Qos For Unicast Traffic On The Hb Lim

    IP Multicast Configuration Administrative tools for IGMP operations ATM QoS for unicast traffic on the HB LIM The HB LIM performs multicast stream replication. However, the same considerations apply as when the IP control module is performing the replication. For details about how to ensure accurate shaping of unicast traffic when both multicast and unicast streams are being processed, see “ATM QoS when both multicast and unicast clients are supported”...

  • Page 393: Chapter 10 Pim-Sm V2 Configuration

    PIM-SM v2 Configuration PIM-SM features supported with this software version....10-2 Overview of PIM-SM configuration ........10-2 Sample PIM-SM system configuration.

  • Page 394: Pim-Sm Features Supported With This Software Version

    PIM-SM v2 Configuration PIM-SM features supported with this software version PIM-SM features supported with this software version PIM-SM is currently supported on Gigabit Ethernet and trunk interfaces. Stinger IP DSLAMs cannot currently operate as PIM Multicast Border Router (PMBR). With the current software, Stinger systems support PIM-SM functionality as shown in Table 10-1: Table 10-1.

  • Page 395: Enabling Multicast And Pim

    PIM-SM v2 Configuration Overview of PIM-SM configuration Configure static mappings between multicast groups and PIM RPs. This is recommended as a failsafe configuration. See “Configuring static mappings between groups and rendezvous points” on page 10-5. Configure an IP-INTERFACE or CONNECTION profile, to enable the system to operate as a PIM router on the Gigabit Ethernet interface, a trunk interface, or both.

  • Page 396: Example Showing Bsr Election And Dynamic Group-Rp Mappings

    PIM-SM v2 Configuration Overview of PIM-SM configuration Parameter Setting Local IP address the Stinger IP DSLAM uses to send cbsr-ip-address BSMs when cbsr-enable is set to yes. This setting is not used when cbsr-enable is set to no. cbsr-priority BSR priority for the Stinger, from 0 (the default) to 255. The priority is used in the election of BSR.

  • Page 397: Configuring Static Mappings Between Groups And Rendezvous Points

    PIM-SM v2 Configuration Overview of PIM-SM configuration BSR Priority : 110 BSR holdtime : 112 BSR Current Frag Tag : 0 BSR HASH masklen : 30 The following commands modify the IP-GLOBAL profile to specify the highest BSR priority for the Stinger IP DSLAM: admin>...

  • Page 398: Configuring Pim On Gigabit Ethernet Or Trunk Interfaces

    PIM-SM v2 Configuration Overview of PIM-SM configuration Following are the parameters, shown with their default settings, for configuring a static group-to-RP mapping: [in PIM-GROUP-RP-MAPPING/””] name* = ““ rp-address = 0.0.0.0 group-address = 0.0.0.0/0 group-mask = 0.0.0.0 Parameter Setting name Text string, up to 31 characters long, that names the mapping between a multicast group and the IP address of an RP.

  • Page 399: Pim Options In The Ip-Interface And Connection Profiles

    PIM-SM v2 Configuration Overview of PIM-SM configuration a router to learn about the neighboring PIM routers on the interface, and the priority field in these messages is used in DR election on the LAN interface. PIM options in the IP-INTERFACE and CONNECTION profiles Following are the parameters, shown with default values, for enabling PIM on the Gigabit Ethernet interface.
  • Page 400 PIM-SM v2 Configuration Overview of PIM-SM configuration Parameter Setting encapsulation-protocol Set to atm for MPOA terminating connections. Stinger IP DSLAMs support the two encapsulation atm1483type methods for carrying routed PDUs in the payload field of AAL type 5, which are defined in RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5.

  • Page 401: Example Of Enabling Pim On The Gigabit Ethernet Interface

    PIM-SM v2 Configuration Overview of PIM-SM configuration Parameter Setting join-prune-interval Number of seconds between sending PIM join/prune messages to PIM neighbors on this interface. A join/prune message consists of a list of groups and a list of joined and pruned sources for each group. The valid range is from 1 to 65535 with a default value of 60 seconds.

  • Page 402: Example Of Enabling Pim On A Trunk Interface

    PIM-SM v2 Configuration Sample PIM-SM system configuration Example of enabling PIM on a trunk interface The following commands enable PIM on an MPOA terminating PVC on a trunk port. A numbered interface is required. For details about numbered interfaces, see “Example of using a local-address setting for a numbered interface”...

  • Page 403: Administrative Tools For Pim-Sm Routing

    PIM-SM v2 Configuration Administrative tools for PIM-SM routing The following commands configure a PVC for multicast client CPE router in Figure 10-1: admin> new connection mcast-client admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 2.2.2.2/32 admin>...
  • Page 404 PIM-SM v2 Configuration Administrative tools for PIM-SM routing In addition, the output of the netstat -s command now includes the total PIM statistics for all PIM-enabled interfaces in the system. For example: admin> netstat -s pim: 25 packets received 24 hello packet received 1 C-RP packets received 38 packets transmitted 26 hello packets sent...

  • Page 405: Chapter 11 Filter Configuration

    Filter Configuration Filter overview ..........11-1 Defining IP filters .

  • Page 406: Filter Rules

    Filter Configuration Defining IP filters Table 11-1. Default filtering behavior (Continued) Filters Action on packets An explicit default rule is applied to All packets that do not match specific filter the connection. rules are forwarded or dropped according to the definition in the default rule (forward = yes or forward = no).
  • Page 407 Filter Configuration Defining IP filters [in FILTER/""] filter-name* = "" [in FILTER/"":input-filters[1]] valid-entry = no forward = no type = gen-filter [in FILTER/"":input-filters[1]:ip-filter] protocol = 0 source-address-mask = 0.0.0.0 source-address = 0.0.0.0 dest-address-mask = 0.0.0.0 dest-address = 0.0.0.0 Src-Port-Cmp = none source-port = 0 Dst-Port-Cmp = none dest-port = 0...

  • Page 408: Details Of Ip Filter Comparison Passes

    Filter Configuration Defining IP filters Parameter Setting Type of comparison to be done on the source UDP/TCP src-port-cmp port. The less (less than) and gtr (greater than) operators are not supported when comparing source port values in traffic destined for an external system. See “Filtering on port numbers”...

  • Page 409: Filtering On Port Numbers

    For a list of well-known port assignments, see RFC 1700, Assigned Numbers. Note For security purposes, Lucent Technologies recommends that you filter all services from outside your domain that are not required. UDP-based services make your network particularly vulnerable to certain types of security attacks.

  • Page 410: Tcp-Established Filters

    Filter Configuration Defining IP filters In this case, the faulty rule specifying the neq operator is not applied. The other rules of the filter are applied to the traffic stream. The following commands show a legal workaround using the less and gtr comparison operator in two rules to accomplish the same effect as using the unsupported neq operator: admin>...

  • Page 411: Sample Ip Filters

    Filter Configuration Defining IP filters Overview of required settings Following are the relevant parameters, shown with default settings. These are the only parameters to be configured for this type of filter. [in FILTER/"":output-filters[1]] valid-entry = no forward = no Type = gen-filter [in FILTER/"":output-filters[1]:ip-filter] protocol = 0 tcp-estab = no...

  • Page 412: Sample Tcp-Established Filter

    Filter Configuration Defining IP filters recommended to ensure the expected behavior in all types of profiles. For an example, see “Sample filter using a generic explicit default rule” on page 11-11. Sample TCP-established filter The following commands configure a filter that drops all TCP packets that are not part of an established connection: admin>...

  • Page 413: An Ip Filter For More Complex Security Issues

    Filter Configuration Defining IP filters admin> set input 1 type = ip-filter admin> set input 1 ip-filter source-address-mask = 255.255.255.192 admin> set input 1 ip-filter source-address = 192.100.50.128 The next set of commands creates input filter #2, which drops packets with a source address equal to the loopback address (127.0.0.0).

  • Page 414: Sample Filter With No Explicit Default Rule

    Filter Configuration Defining IP filters admin> set input 1 type = ip-filter admin> set input 1 ip-filter protocol = 6 admin> set input 1 ip-filter dest-address-mask = 255.255.255.255 admin> set input 1 ip-filter dest-address = 192.9.250.5 admin> set input 1 ip-filter dst-port-cmp = eql admin>...

  • Page 415: Sample Filter With Explicit Default Rule

    Filter Configuration Defining IP filters admin> new filter input-filter-1 admin> set input-filters 1 valid-entry = yes admin> set input-filters 1 forward = yes admin> set input-filters 1 Type = ip-filter admin> set input-filters 1 ip-filter protocol = 17 admin> set input-filters 1 ip-filter source-address-mask = 255.255.255.255 admin>...

  • Page 416: Defining Icmp Filters

    Filter Configuration Defining ICMP filters nonmatching packets including non-IP packets such as ARP packets, you must create a generic-filter rule as default with the action set to forward. The following filter specifies a generic explicit default rule to allow forwarding of all incoming packets that do not match the input filter rules.
  • Page 417 Filter Configuration Defining ICMP filters The parameters are shown here with default values for an output filter. No other parameters in the ip-filter subprofiles apply to ICMP filtering. [in FILTER/"":output-filters[1]:ip-filter] protocol = 0 source-address-mask = 0.0.0.0 source-address = 0.0.0.0 dest-address-mask = 0.0.0.0 dest-address = 0.0.0.0 icmp-type = any Parameter...

  • Page 418: Sample Icmp Filter Configurations

    Filter Configuration Defining ICMP filters Parameter Setting netmask-request RFC 950 Type 17, Netmask request. (‘Address Mask Request’ in RFC 950) netmask-reply RFC 950 Type 18, Netmask reply. (‘Address Mask Reply’ in RFC 950) Sample ICMP filter configurations This section contains the following sample configurations: A filter for blocking incoming Echo-Request packets on one or more DSL user connections A filter for blocking Echo-Request packets from being forwarded to an upstream...
  • Page 419 Filter Configuration Defining ICMP filters admin> set ip-options remote-address = 10.10.10.0/24 admin> set ip-options local-address = 10.10.10.3/32 admin> set session-options data-filter = in-no-echo-req admin> set atm-options nailed-group = 537 admin> set bir-options enable = yes admin> set bir-options proxy-arp = yes admin>...

  • Page 420: Stopping Echo-Request Packets From Being Forwarded Upstream

    Filter Configuration Defining ICMP filters Stopping Echo-Request packets from being forwarded upstream In the following example, a filter is defined to drop outbound ICMP Echo-Request packets, and the filter is applied to a controller Gigabit Ethernet interface. Define the filter to prevent outbound ICMP Echo-Requests. admin>...

  • Page 421: Defining Route Filters

    Filter Configuration Defining route filters admin> write -f Configure a BIR connection for a DSL user and apply the same filter. admin> new connection bir-11-37 admin> set active = yes admin> set encapsulation-protocol = atm admin> set ip-options remote-address = 10.10.10.0/24 admin>...

  • Page 422: Sample Route Filters

    Filter Configuration Defining route filters Parameter Setting Type of filter (ip-filter, gen-filter, route-filter, and type ethernet-filter). Only the parameters in the corresponding subprofile are applicable for the rule. source-address-mask Mask to be applied to the source-address value before comparing that value to the source address of a RIP update packet.

  • Page 423: Sample Route Filter That Configures A Route's Metric

    Filter Configuration Defining Ethernet input filters In this sample route filter, any route that matches rule 1 is rejected, and all other routes are accepted (because they match rule 2). Sample route filter that configures a route’s metric In this example, an output filter identifies the route 11.0.0.0 in outbound RIP packets and assigns a high metric to that route.

  • Page 424: Sample Pppoe And Mac Address Filter

    Filter Configuration Defining Ethernet input filters Parameter Setting Forwarding action for the rule. The default value of no forward causes the system to discard matching packets. type Type of filter (ip-filter, gen-filter, route-filter, and ethernet-filter). Only the parameters in the corresponding subprofile are applicable for the rule.

  • Page 425: Applying A Filter To An Interface

    Filter Configuration Applying a filter to an interface The next commands configure input-filter 3 to discard packets from the MAC address 11:22:33:44:55:66 and to the MAC address 66:22:33:44:55:11: admin> set input 3 Type = ethernet-filter admin> set input 3 valid-entry = yes admin>...

  • Page 426: Applying A Filter To An Ethernet Interface

    Filter Configuration Applying a filter to an interface Following is an example of applying both an IP filter and a route filter to a terminating PVC: admin> read connection cpe-1 admin> set active = yes admin> set encapsulation-protocol = atm admin>...

  • Page 427: Applying An Ethernet Filter To A Vlan Bridging Connection

    Filter Configuration Administrative tools for filters admin> set bridging-options bridge-type = transparent-bridging admin> set filter-name = enet-filter2 admin> write -f For an example of applying a filter to a routed VLAN interface, see “Applying an IP filter to a routed VLAN” on page 3-35. Applying an Ethernet filter to a VLAN bridging connection The following commands create a subscriber VLAN bridging connection and apply the sample Ethernet filter (enet-filter2) created in “Sample PPPoE and MAC...
  • Page 428 Filter Configuration Administrative tools for filters For example, the following sample output shows that no filters are applied to session admin> filterdisp 23 Hostname: man3 No associated filters The following sample output shows filters applied to an externally authenticated session: admin>...

  • Page 429: Appendix A Ip Control Module Diagnostics

    IP Control Module Diagnostics Enabling the debug environment ........A-2 Gigabit Ethernet diagnostics.

  • Page 430: Enabling The Debug Environment

    Under most circumstances, debug commands are not required for monitoring Stinger IP DSLAM operations, and under some circumstances, these commands might produce undesirable results. Use the information with caution. Contact Lucent OnLine Customer Support at http://www.lucent.com/support with questions or concerns. Gigabit Ethernet diagnostics The gmac command provides diagnostic output about the Gigabit Ethernet media access controller (GMAC) driver.
  • Page 431 IP Control Module Diagnostics gmac Command element Description Loopback. -l [-i/e/d/p] -l -i Set port for internal loopback. -l -e Set port for external loopback. -l -d Set port for no loopback -l -p Run loopback test for Ethernet power- on self test (POST).

  • Page 432: Igmp Diagnostics

    IP Control Module Diagnostics IGMP diagnostics txPkt64 txPkt65127 txPkt128255 txPkt256511 txPkt5121023 txPkt1024Max txPktDefer txPktUndSz txUnderFlow txPfcf = 0 txPfcc = 0 txRfcf = 0 txRfcc = 0 txOverFlow txAlmostFull rxOctetsLow = 1646718 rxOctetsHigh rxGoodPackets = 2059 rxPkt64 = 766 rxPkt65127 rx128255 rx256511 = 160...
  • Page 433 IP Control Module Diagnostics igmp The system-level igmp command supports new set of arguments for displaying information obtained by IGMP snooping. The igmp command is supported both on the shelf and the individual LIM slots. Following is the new usage statement, which shows both the existing and new arguments: admin>...
  • Page 434 IP Control Module Diagnostics igmp Command element Description delete [grp_addr With the delete option alone, delete all currently [if_num]] registered multicast groups and their members. If a group address is specified, delete all members of that group. If a group address and interface number are specified, delete that member of the specified group.
  • Page 435 IP Control Module Diagnostics igmp Example The igmp groups command displays information about MBONE interfaces. Details about client member interfaces are maintained on the LIM itself. For example, the following command is invoked on the IP control module of a Stinger system with multicast clients on a DSL interface in slot 6 and an MBONE configured on a Gigabit Ethernet interface: super>...
  • Page 436 IP Control Module Diagnostics igmp hosts The output contains the following fields: Field Description Shelf:Slot Shelf and slot card the MBONE connection is on. Group Interface number of connection. SendCount Number of packets sent across the interface. Example The igmp profile command displays information about MCAST-SERVICE profiles.
  • Page 437 IP Control Module Diagnostics diag igmpsp In the command output, 230.1.1.1 is the group address and two hosts, 10.10.10.2 and 10.10.10.3, have joined the group on interface 1. diag igmpsp Description Enable low-level diagnostics on IGMP services profiles. Permission level debug Usage diag igmpsp...

  • Page 438: Pim-Sm Diagnostics

    IP Control Module Diagnostics PIM-SM diagnostics Receiving Version 2 Response from 6 Joining Group 230.0.0.9 IGMP: Joining new group 230.0.0.9 _sendIGMPTableUpdateMsg: sending IGMP_TAB_ADD to 1:8 _sendUpdateMsgToShelf : client 6 join group 230.0.0.9 vRouterID 0 igmpParseMsg: IGMP packet to 230.0.0.9 type 6 on interface 6 port 6 Receiving Version 2 Response from 6 IGMP: Refreshing group 230.0.0.9 input ifNum 6 PIM-SM diagnostics...
  • Page 439 IP Control Module Diagnostics information is obtained from received C-RP-Advertisements. When the local router is not the BSR, this information is obtained from received RP-Set messages. For example: super> pim rp Group RP-Address RPF neighbor Priority holdtime 224.0.0.0/8 1.1.1.3 1.1.1.3 75:62 234.0.0.0/8 1.1.1.3...
  • Page 440 IP Control Module Diagnostics Description Output field ( pim nbr ) Priority Hello priority of the neighbor. The 0 value indicates that the neighbor does not support the priority option, or the neighbor supports the priority option but has an assigned hello priority of 0.

  • Page 441: Vlan-Related Diagnostics

    IP Control Module Diagnostics VLAN-related diagnostics BSR holdtime : 57 BSR Current Frag Tag : 717 BSR HASH masklen : 30 Fields in the command output have the following meaning: Description Output field ( pim bsr ) Stinger BSR State State of the system relevant to BSR election.
  • Page 442 IP Control Module Diagnostics ifmgr Usage brtbls [-c] |[-i n][-p ifnum] [-s n][-r] Command element Description Show all bridge circuits. -i n Show interfaces on bridge circuit n, or within bridge- group n. -p ifnum Show partner information on ifnum. -s n Show stack user VLANs on bridge circuit n.
  • Page 443 IP Control Module Diagnostics ifmgr Usage ifmgr [options] Command element Description [-r vrouter] Display routing entries. If a virtual router name is specified on the command line, the command displays only the table of the virtual router. If no virtual router name is specified, the command displays the tables for all virtual routers.
  • Page 444 IP Control Module Diagnostics ifmgr 024 0:00 000 * wan24 0.0.0.0/32 0.0.0.0/32 025 0:00 000 * wan25 0.0.0.0/32 0.0.0.0/32 026 1:08 007 * ie-lag-1 0.0.0.0/32 10.10.1.83/32 027 1:08 008 * ie-lag-1-1 - 0.0.0.0/32 10.10.7.83/32 <end> The ifmgr -d command now indicates a virtual STP interface. For example, in the following output, virtual interface 32 is designated ie-stp-1-2111 and the real interface 33 (a routed VLAN) is designated ie1-2111.
  • Page 445 IP Control Module Diagnostics ifmgr Command element Description Interface name. Many of the interface names are ifname described in “Displaying the interface table” on page 4-3. The names ie1 and ie2 represent GigE interfaces. The names sar<shelf>-<slot>-<ifnum> represent SAR interfaces. The names ie-lag-<grp>...
  • Page 446 IP Control Module Diagnostics diag brtbls directed-bcast: management only: macaddr: 00c07b65d579 inp_qcnt: out_qcnt: nexthop: 0.0.0.0 proxy_arp_mode: 0 proxy_arp_head: 0 vRouterID: if_redirServer: 0.0.0.0 if_redirPort: if_redirPort: ATMP tunnel: DISABLED No associated connection profile SNMP ifType: multicastServiceProfile : multicastMaxGroups diag brtbls Description Enable diagnostic printf input for bridge tables. Permission level debug Usage...

  • Page 447: Sar-Related Diagnostics

    IP Control Module Diagnostics SAR-related diagnostics rxUnicastFrames rxMulticastFrames : 0 rxBroadcastFrames : 0 txOctetsHigh txOctetsLow txFrames txUnicastFrames txMulticastFrames : 0 txBroadcastFrames : 0 Example The following command clears the statistics for VLAN 1: super> vlanstats -c { 1 8 2 } 1 Statistics for VLAN 1 cleared SAR-related diagnostics The sar command is available only in the debug environment.

  • Page 448: Network Processor-Related Diagnostics

    IP Control Module Diagnostics Network processor-related diagnostics Example The following command analyzes contents of a frame on Gigabit Ethernet to check the VLAN ID: super> sar -p -a -100 SAR: now dumping the contents of all transmitted packets super> ping -c 1 20.1.2.10 PING 20.1.2.10 (20.1.2.10): 56 data bytes tx 1/61(d) @ a1d46b00 packet len 102 TX packet: (task "_brouterPacketTask"...
  • Page 449 IP Control Module Diagnostics info np Option Description Display link aggregation group (LAG) details. lacp Display LNS entries Display Mobile entries mgrp Display multicast groups. Display the VLAN-MAC to port mapping table in the network processor. pm bwdist Display IP2100 port-manager bandwidth distribution. pm rates Display IP2100 port-manager bandwidth rates.
  • Page 450 IP Control Module Diagnostics info np Scheduler CosQueue PDU Ids: --------- PduID port vpi/vci Tree 000156 0x0401 0/124 3098 000157 0x0200 0/60 3098 000158 0x0401 2/124 3098 000159 0x0200 0/60 3098 VLAN Configuration : Vlan is not enabled Packet Flow configuration: No Packet Flow is attached Multicast Configuration : Multicast is not enabled Bridge Configuration : Bridging is not enabled...
  • Page 451 IP Control Module Diagnostics info np Scheduler CosQueue PDU Ids: --------- None. VLAN Configuration : Vlan-Id 7 Packet Flow configuration: No Packet Flow is attached Multicast Configuration : Multicast is not enabled Bridge Configuration : Bridge Group 20 Transparent Bridging enabled Filter Configuration : No Filters applied QOS Configuration...
  • Page 452 IP Control Module Diagnostics info np Local If Routes for vrouter:main Destination Gateway needArp 1.1.1.3/32 local 000000 9.0.0.0/8 ie1-1 000000 9.9.9.91/32 local 000000 9.9.9.92/32 local 000000 12.0.0.0/8 000000 12.12.12.12/32 local 000000 127.0.0.0/8 000000 127.0.0.1/32 local 000000 127.0.0.2/32 000000 135.254.196.0/24 210.210.210.1 000000 210.0.0.0/8 000000...
  • Page 453 IP Control Module Diagnostics info np Default classification :provided Total Mcast Rules Classified DIDs Classification rules Mapping priority/COS P[0]=x P[1]=5 P[2]=x P[3]=x P[4]=4 P[5]=3 P[6]=2 P[7]=x Main DID list ------------- Type 43514 ucast Classified DID list ------------------- Type 43516 ucast 43518 ucast 43520...
  • Page 454 IP Control Module Diagnostics info np super> info np pm rates NP Port Manager Rates Port{1 1 0} NonFixedRate :552083 Port{1 2 0} NonFixedRate :140896 Port{1 3 0} NonFixedRate :552083 Port{1 4 0} NonFixedRate :140896 Port{1 5 0} NonFixedRate :552083 Port{1 6 0} NonFixedRate :140896 Port{1 7 0} NonFixedRate :140896 CM#8 NonFixedRate :10004...

  • Page 455: Multicast-Capable High-Bandwidth Lim Diagnostics

    IP Control Module Diagnostics Multicast-capable high-bandwidth LIM diagnostics 3123 0 00103336 48 0 00000001 E1010101 235.1.1.1 255 1 12855 12855 12855 Type Learn Tree Act Value Pattern 3123 0 00103237 48 0 00000001 EB010101 Example The info np brit command displays bridge table entries. Its arguments are the bridge group number and (optionally) an interface number.
  • Page 456 IP Control Module Diagnostics info Option Description The VPI on the DSL side. The VCI on the DSL side. ffwbridge -f Display the FFW interface. For details about FFW interfaces, see “Conceptual overview” on page 9-26. mcast -p -g Display all multicast groups in IGMP proxy (routing) mode.

  • Page 457: Snmp Mib For Gmac And Vlan Statistics

    The ip2kstats.mib MIB gathers statistics about the GMAC interface of the IP control module, and also collects statistics on a per-VLAN basis. It is implemented as the following proprietary Lucent enterprise MIB: ip2kStatsGroup OBJECT IDENTIFIER ::= { ascend 51 } The transmit and receive statistics represented in this MIB are also accessible in the command-line interface by using the gmac -d command.

  • Page 458: Gigabit Ethernet Configuration

    IP Control Module Diagnostics SNMP MIB for GMAC and VLAN statistics Gigabit Ethernet configuration The gigEConfigTable is a configuration table for an IP control module GigE interface. It is indexed by the interface index. This MIB table contains the objects shown in Table A-1: Table A-1.

  • Page 459: Table A-3 Gigetxtotaltable Mib Objects

    IP Control Module Diagnostics SNMP MIB for GMAC and VLAN statistics also displayed in the output of the gmac -d command. See “” on page A-33. This MIB table contains the objects shown in Table A-3: Table A-3. GigETxTotalTable MIB objects MIB object Description gigETxTotalOctetsLow...

  • Page 460: Interval Receive Statistics

    IP Control Module Diagnostics SNMP MIB for GMAC and VLAN statistics Table A-3. GigETxTotalTable MIB objects (Continued) MIB object Description Total count of Reset Flow Control packets that gigETxTotalRfcc were sent because the client requested them. Total number of packets in which a write from gigETxTotalOverFlow the physical signaling interface was attempted to a full transmit FIFO.

  • Page 461: Table A-5 Gigerxtotaltable Mib Objects

    IP Control Module Diagnostics SNMP MIB for GMAC and VLAN statistics Table A-5. GigERxTotalTable MIB objects MIB object Description gigERxTotalOctetsLow The lower 32 bits and upper 32 bits of the 64- bit receive packet byte counter, which contains gigERxTotalOctetsHigh a total count of how many bytes have been received in error free packets.

  • Page 462: Vlan Statistics Tables

    IP Control Module Diagnostics SNMP MIB for GMAC and VLAN statistics Table A-5. GigERxTotalTable MIB objects (Continued) MIB object Description Total count of Reset Flow Control packets that gigERxTotalRfc were received. 1. Jumbo packets are not currently supported on the Gigabit Ethernet interface of the IP control modules. VLAN statistics tables To capture and clear VLAN statistics, the following MIB tables are supported: GigE VLAN statistics...

  • Page 463: Vlan Clear Statistics

    IP Control Module Diagnostics PIMv2 MIB support Table A-6. GigEVlanStatTable MIB objects (Continued) MIB object Description Transmit frame counter. Indicates the total gigEVlanTxGoodFrames number of Ethernet frames transmitted on the GigE interface for this VLAN. gigEVlanTxUnicastFrames Unicast transmit frame counter. Indicates the total number of unicast frames transmitted for this VLAN.
  • Page 464 IP Control Module Diagnostics PIMv2 MIB support Table A-8. Current level of support for PIMv2 MIB tables (Continued) PIMv2 MIB table Support in this software version pimRPTable pimRPSetTable pimCandidateRPTable pimComponentTable The snmpwalk, get, and getnext routines are supported for objects in the supported tables.
  • Page 465 IP Control Module Diagnostics PIMv2 MIB support pimRPSetExpiryTime.1.234.255.50397441 = Timeticks: (56) 0:00:00.56 pimRPSetExpiryTime.1.1002.65535.50397441 = Timeticks: (56) 0:00:00.56 pimRPSetExpiryTime.1.1258.65535.50397441 = Timeticks: (56) 0:00:00.56 pimRPSetExpiryTime.1.1514.65535.50397441 = Timeticks: (56) 0:00:00.56 pimRPSetExpiryTime.1.1770.65535.50397441 = Timeticks: (56) 0:00:00.56 Following is sample output of an snmpwalk on pimComponentTable: $ snmpwalk -m all -O s 50.50.50.5 public experimental.pimMIB.pimMIBObjects.pim.pimComponentTable pimComponentBSRAddress.1 = IpAddress: 1.1.1.101...

  • Page 467: Index

    Index ASBR. See OSPF ASE preferences, setting 8-17 AAL5 ATM QoS multiplexing options 4-50, 10-8 IP QoS interactions 5-24 PPPoA 4-86 mapping to packet marking value 5-21 required encapsulation for PPPoA and PPPoE prioritizing IP packet flows based on DSL 4-89 service contracts 5-29 See also PPPoA, PPPoE...
  • Page 468 Index multiple static address allocation 4-62 gmac 2-4, A-2 sample configuration on VDSL ports 4-60 ifmgr A-14 WAN virtual interface configuration 4-62 igmp 9-10, A-4 WAN virtual interface configuration (DHCP) info np A-20 4-66 ipcache 4-109 iproute 4-109 bir-options 4-56 netstat 2-4, 4-2, 4-109 bootp-relay 4-68 ospf 8-19...
  • Page 469 Index suboption configuration 4-71 Ethernet suboptions 1 and 2 4-70 encapsulation on VDSL ports 4-60 LACP on IP2100 dual GigE ports 2-9 DHCP relay 4-66, 4-68 See also LACP 2-16 failover to second server 4-69 for CPE clients 4-74 Ethernet egress scheduling and shaping 5-24 giaddr 4-70 Ethernet input filters.
  • Page 470 Index giaddr field 4-70 igmp-snooping 3-8 giaddr, per-connection control of 4-72 4-23, 4-10 Gigabit Ethernet Integrated Access Device (IAD) 1-16 administrative tools 2-25 integrated voice and data 1-16 configuration options 2-2 interface-group 5-8 diagnostics A-2 interfaces, virtual router membership 7-8 MBONE interface 10-10 Internet access 1-16 network processor setup 2-4...
  • Page 471 Index equal cost multipath routes 4-15 global tunneling configuration 6-10 filtering routing table updates 11-1 how client-auth-id settings create parallel tunnels 6-5 load balancing 4-15 how the system finds a matching tunnel 6-4 route filters 11-1 links to LNS servers 6-2 IP routing table 4-1, 4-2 links to PPP clients 6-2 virtual routers, addresses, and 7-2...
  • Page 472 Index L2TP IP QoS, impact 6-28 transmitting streaming video 9-1, 9-2 video transmission 1-15 Link Aggregation Control Protocol, SeeLACP See also distributed multicast mechanism link state advertisements. See LSAs See also Protocol Independent Multicast Sparse link-state database Mode (PIM-SM v2) adjacencies, and 8-4 multicast backbone.
  • Page 473 Index on WAN interfaces 8-13 PPPoE service names route options, configuring 8-16 configuration in RADIUS 4-106 routing information 8-3 details of negotiation 4-101 summarized pool, importing as an ASE 8-17 LLC link level 4-102 virtual interfaces, limitation 8-2 sample configuration 4-105 VLSM support 8-2 PPPoE snooping, configuration 3-14 ospf-nmba-neighbor 8-15...
  • Page 474 Index qos-interface-group 5-22 Quality of Service. See QoS. sar A-19 queues, depth for UDP packets 4-12 scheduler-queue-size 5-26 queues, per-VC queueing 1-17 scheduling increasing queue size for LIM interfaces 5-26 priority of the HB LIM FFW interface 9-30 QoS subsystem 5-3 security RADIPAD bridging groups isolate VLAN traffic 3-6...
  • Page 475 Index sample configurations 2-21 local 4-8 WAN, DHCP requests 4-66 stub areas, defined 8-6 WAN, IP address lease time 4-67 summarization. See pools Virtual path shaping, limitation on IP2100 1-15 summarized pool, importing as an ASE 8-17 virtual routers system IP address address pools, for 7-4 defining 4-9 configuring 7-4...
  • Page 476 Index authentication 8-2 configuring, example of 8-13 designated router priority 8-4 WAN virtual IP interfaces on BIR connections 4-62 WAN virtual IP interfaces on BIR connections (DHCP) 4-66 wan-router-interface-profile 3-8 which 9-19 Index-10 Stinger® IP Control Module Configuration Guide...

This manual is also suitable for:

Stinger ip2000Stgrrt-sfp-lxStgrrt-cm-ip2000-fStgr-sfp-sxStgr-sfp-lxStinger ip2100 ... Show all

Table of Contents