Download Print this page

Alcatel-Lucent 7750 SR OS Configuration Manual

Hide thumbs Also See for 7750 SR OS:

Manual (1948 pages)

,

Service manual (1506 pages)

,

Interface configuration manual (628 pages)

Table Of Contents

page of 482

/ 482
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

See also: Service Manual

7750 SR OS

Router Configuration Guide

Software Version: 7750 SR OS 5.0

February 2007

Document Part Number: 93-0073-03-01

*93-0073-03-01*

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 7750 SR OS and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent 7750 SR OS

Page 1 7750 SR OS Router Configuration Guide Software Version: 7750 SR OS 5.0 February 2007 Document Part Number: 93-0073-03-01 *93-0073-03-01*...
Page 2 This document is protected by copyright. Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent.
Page 3: Table Of Contents
Configuring a Confederation ............73 7750 SR OS Router Configuration Guide...
Page 4 Non-Owner Access Ping Reply ............188 Page 4 7750 SR OS QoS Configuration Guide...
Page 5 Redirect Policies ..............278 7750 SR OS QoS Configuration Guide...
Page 6 Filter Command Reference............351 Page 6 7750 SR OS QoS Configuration Guide...
Page 7 Cflowd Command Reference ............463 7750 SR OS QoS Configuration Guide...
Page 8 ................481 Page 8 7750 SR OS QoS Configuration Guide...
Page 9 Show Cflowd Status Output Fields ..........475 7750 SR OS Router Configuration Guide...
Page 10 List of Tables Page 10 7750 SR OS Router Configuration Guide...
Page 11 Cflowd Command Structure ...........443 7750 SR OS Router Configuration Guide...
Page 12 List of Figures Page 12 7750 SR OS Router Configuration Guide...
Page 13: Ip Router Configuration
About This Guide This guide describes logical IP routing interfaces, virtual routers, IP and MAC-based filtering, and cflowd support provided by the 7750 SR OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.
Page 14: List Of Technical Publications
Preface List of Technical Publications The 7750 SR documentation set is composed of the following books: • 7750 SR OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7750 SR OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.
Page 15: Technical Support
If you purchased a service agreement for your 7750 SR-Series router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
Page 16 Preface Page 16 7750 SR OS Router Configuration Guide...
Page 17: Getting Started
VRRP on page 169 configuration IP and MAC filters Filter Policies on page 275 Cflowd Cflowd on page 429 Reference List of IEEE, IETF, and other proprietary entities. Standards and Protocol Support on page 715 7750 SR OS Router Configuration Guide Page 17...
Page 18: Getting Started
Getting Started Page 18 7750 SR OS Router Configuration Guide...
Page 19: Ip Router Configuration
→ Confederations on page 24 → Proxy ARP on page 26 → Internet Protocol Versions on page 27 • Router Configuration Process Overview on page 36 • Configuration Notes on page 39 7750 SR OS Router Configuration Guide Page 19...
Page 20: Configuring Ip Router Parameters
An interface can be associated with the system (loopback address). Network Interface A network interface (a logical IP routing interface) can be configured on one of the following entities: • A physical or logical port • A SONET/SDH channel Page 20 7750 SR OS Router Configuration Guide...
Page 21: System Interface
The system interface is used to preserve connectivity (when routing reconvergence is possible) when an interface fails or is removed. The system interface is used as the router identifier. A system interface must have an IP address with a 32-bit subnet mask. 7750 SR OS Router Configuration Guide Page 21...
Page 22: Ip Addresses
If neither the system interface or router ID are implicitly specified, then the router ID is inherited from the last four bytes of the MAC address. • The router can be derived on the protocol level; for example, BGP. Page 22 7750 SR OS Router Configuration Guide...
Page 23: Autonomous Systems (As)
AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. 7750 SR OS Router Configuration Guide Page 23...
Page 24: Confederations
To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router. Setting BGP policies to select an optimal path through a confederation requires other BGP modifications. Page 24 7750 SR OS Router Configuration Guide...
Page 25: Figure 1: Confederation Configuration
AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 Figure 1: Confederation Configuration 7750 SR OS Router Configuration Guide Page 25...
Page 26: Proxy Arp
Static ARP is used when a 7750 SR OS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7750 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 27: Internet Protocol Versions
IP Router Configuration Internet Protocol Versions The 7750 SR OS implements IP routing functionality, providing support for IP version 4 (IPv4) and IP version 6 (IPv6). IP version 6 (IPv6) (RFC 1883, Internet Protocol, Version 6 (IPv6)) is a newer version of the Internet Protocol designed as a successor to IP version 4 (IPv4) (RFC-791, Internet Protocol).
Page 28: Table 2: Ipv6 Header Field Descriptions
Source Address 128-bit address of the originator of the packet. Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient if a routing header is present). Page 28 7750 SR OS Router Configuration Guide...
Page 29: Ipv6 Applications
IP Router Configuration IPv6 Applications Examples of the IPv6 applications supported by the 7750 SR OS include: • IPv6 Internet exchange peering — Figure 3 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6. IPv6 IX ISP A...
Page 30: Figure 5: Ipv6 Services To Enterprise Customers And Home Users
IPv6 in an environment where not only IPv4 exists but native IPv6 networks depend on IPv4 for greater IPv6 connectivity. 7750 SR OS supports dynamic IPv6 over IPv4 tunneling. The ipv4 source and destination address are taken from configuration, the source address is the ipv4 system address and the ipv4 destination is the next hop from the configured 6over4 tunnel.
Page 31: Ipv6 Provider Edge Router Over Mpls (6Pe)
MP-BGP is the SAFI (value 4) label. The 7750 SR-Series router uses the IPv6 Explicit Null (value 2) label for all the IPv6 prefixes that it advertises and can accept an arbitrary label from its peers. 7750 SR OS Router Configuration Guide Page 31...
Page 32 The egress 6PE router pops the top LDP tunnel label. It sees the IPv6 explicit null label, which indicates an IPv6 packet is encapsulated. It also pops the IPv6 explicit null label and performs an IPv6 route lookup to find out the next hop for the IPv6 packet. Page 32 7750 SR OS Router Configuration Guide...
Page 33: Bidirectional Forwarding Detection
IP TTL of 255 if authentication is not enabled. If authentication is enabled, the IP TTL should be 255 but can still be processed if it is not (assuming the packet passes the enabled authentication mechanism). 7750 SR OS Router Configuration Guide Page 33...
Page 34: Control Packet Format
The “I Hear You” bit. This bit is set to 0 if the transmitting system either is not receiving BFD packets from the remote system, or is in the process of tearing down the BFD session for some reason. Otherwise, during normal operation, it is set to 1. Page 34 7750 SR OS Router Configuration Guide...
Page 35 This is the minimum interval, in microseconds, between received BFD echo Interval packets that this system is capable of supporting. If this value is zero, the transmitting system does not support the receipt of BFD echo packets. 7750 SR OS Router Configuration Guide Page 35...
Page 36: Router Configuration Process Overview
START SET THE SYSTEM NAME CONFIGURE SYSTEM IP ADDRESS CONFIGURE ROUTER ID (optional) AUTONOMOUS SYSTEMS (optional) CONFIGURE CONFEDERATIONS (optional) ENABLE Figure 9: IP Router Configuration Flow Page 36 7750 SR OS Router Configuration Guide...
Page 37: Router Configuration Process Overview
Router Configuration Process Overview Figure 9 displays the process to configure basic router parameters. ROUTER INTERFACE ADDRESS IPV6 ADDRESS NEIGHBOR ROUTER ID (optional) AUTONOMOUS SYSTEM (optional) CONFEDERATION (optional) Figure 10: Router Configuration Components 7750 SR OS Router Configuration Guide Page 37...
Page 38: Router Configuration Process Overview
Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. • Confederation — (Optional) Creates confederation autonomous systems within an AS to reduce the number of IBGP sessions required within an AS. Page 38 7750 SR OS Router Configuration Guide...
Page 39: Configuration Notes
An iom2-20g and a SFM2 card are required to enable the IPv6 CPM filter and per-peer queuing functionality. Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Protocol Support on page 477. 7750 SR OS Router Configuration Guide Page 39...
Page 40 Configuration Notes Page 40 7750 SR OS Router Configuration Guide...
Page 41: Configuring An Ip Router With Cli
Configuring an Autonomous System on page 75 • Service Management Tasks on page 76 → Changing the System Name on page 76 → Modifying Interface Parameters on page 77 → Deleting a Logical IP Interface on page 78 7750 SR OS Router Configuration Guide Page 41...
Page 42: Router Configuration Overview
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7750 SR-Series router, the basic configuration tasks that must be performed are: •...
Page 43: Cli Command Structure
Figure 11: CLI Configuration Context Figure 12 displays the brief CLI command structure to configure the system name. The commands are located under the context. See the 7750 SR OS System Configuration Guide config>system for command syntax and descriptions. ROOT...
Page 44: List Of Commands
Page 44 7750 SR OS Router Configuration Guide...
Page 45 Associates a network Quality of Service (QoS) policy with an IP interface. Enables remote proxy ARP on the interface. remote-proxy-arp Assigns a secondary IP address, IP subnet/broadcast address format to the secondary interface. 7750 SR OS Router Configuration Guide Page 45...
Page 46 Configures the current-hop-limit in the router advertisement messages. It current-hop-limit informs the nodes on the subnet about the hop-limit when originating IPv6 packets. Page 46 7750 SR OS Router Configuration Guide...
Page 47 Configures the rate that ICMP TTL expired messages are issued by the ttl-expired interface. Enables and configures the rate for ICMP host and network destination unreachables unreachable messages issued on the router interface. 7750 SR OS Router Configuration Guide Page 47...
Page 48: Basic Configuration
10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 confederation 1000 members 100 200 300 router-id 10.10.10.103 . . . exit isis exit . . . #------------------------------------------ A:ALA-A> config# Page 48 7750 SR OS Router Configuration Guide...
Page 49: Common Configuration Tasks
Use the following CLI syntax to configure the system name: CLI Syntax: config# system name system-name Example config# system ALA-A config>system# name ALA-A>config>system# exit all ALA-A# 7750 SR OS Router Configuration Guide Page 49...
Page 50 The following example displays the system name output. A#ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit ---------------------------------------------- A#ALA-A>config>system# Page 50 7750 SR OS Router Configuration Guide...
Page 51: Configuring Interfaces
{acl | interface} egress filter ip ip-filter-id filter ipv6 ipv6-filter-id ingress filter ip ip-filter-id filter ipv6 ipv6-filter-id port [port-id | ccag-group] Example config>router> interface “to-ALA-2” config>router>if# address 10.10.24.4/24 config>router>if# port 8/1/1 config>router>if# egress 7750 SR OS Router Configuration Guide Page 51...
Page 52 The following displays the IP configuration output showing the interface information. A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit interface "to-ALA-2" address 10.10.24.4/24 port 8/1/1 egress filter ip 10 exit exit #------------------------------------------ A:ALA-A>config>router# Page 52 7750 SR OS Router Configuration Guide...
Page 53: Configuring Ipv6 Parameters
Use the following CLI syntax to configure IPv6 parameters on a router interface. CLI Syntax: config>router# interface interface-name port port-name ipv6 address {ipv6-address/prefix-length} [eui-64] icmp6 packet-too-big [number seconds] param-problem [number seconds] redirects [number seconds] time-exceeded [number seconds] unreachables [number seconds] neighbor ipv6-address mac-address? 7750 SR OS Router Configuration Guide Page 53...
Page 54 10::1/24 config>router>if>ipv6# exit config>router>if# no shutdown The following displays the configuration output showing the interface information. A:ALA-49>config>router>if# info ---------------------------------------------- address 10.11.10.1/24 port 1/2/37 ipv6 address 10::1/24 exit ---------------------------------------------- A:ALA-49>config>router>if# Page 54 7750 SR OS Router Configuration Guide...
Page 55: Configuring Ipv6 Over Ipv4 Parameters
1.1.1.1/30 config>router>if# port 1/1/1 config>router>if# exit config>router# The following displays the configuration output showing the interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.1" address 1.1.1.1/30 port 1/1/1 exit ---------------------------------------------- A:ALA-49>configure>router# 7750 SR OS Router Configuration Guide Page 55...
Page 56 “ip-1.1.1.1” config>router>if>ipv6# exit The following displays the configuration output showing the interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "system" address 200.200.200.1/32 ipv6 address 3FFE::C8C8:C801/128 exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 56 7750 SR OS Router Configuration Guide...
Page 57 The following displays the configuration showing the OSPF output. A:ALA-49>configure>router# info ---------------------------------------------- ospf area 0.0.0.0 interface "system" exit interface "ip-1.1.1.1" exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7750 SR OS Router Configuration Guide Page 57...
Page 58 The following displays the configuration showing the BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.1 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.2 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 58 7750 SR OS Router Configuration Guide...
Page 59 The following displays the configuration showing the policy output. A:ALA-49>configure>router# info ---------------------------------------------- policy-options policy-statement "ospf3" description "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from 7750 SR OS Router Configuration Guide Page 59...
Page 60 Common Configuration Tasks protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 60 7750 SR OS Router Configuration Guide...
Page 61: Tunnel Egress Node
The following displays the configuration showing the interface information. A:ALA-49>configure>router# info ---------------------------------------------- interface "ip-1.1.1.2" address 1.1.1.2/30 port 1/1/1 exit interface "system" address 200.200.200.2/32 ipv6 address 3FFE::C8C8:C802/128 exit exit ---------------------------------------------- 7750 SR OS Router Configuration Guide Page 61...
Page 62 The following displays the configuration showing the OSPF output. A:ALA-49>configure>router# info ---------------------------------------------- ospf area 0.0.0.0 interface "system" exit interface "ip-1.1.1.2" exit exit exit ---------------------------------------------- A:ALA-49>configure>router# Page 62 7750 SR OS Router Configuration Guide...
Page 63 The following displays the configuration showing the BGP output. A:ALA-49>configure>router# info ---------------------------------------------- export "ospf3" router-id 200.200.200.2 group "main" family ipv4 ipv6 type internal neighbor 200.200.200.1 local-as 1 peer-as 1 exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7750 SR OS Router Configuration Guide Page 63...
Page 64 The following displays the configuration showing the policy output. A:ALA-49>configure>router# info ---------------------------------------------- policy-options policy-statement "ospf3" description "Plcy Stmnt For 'From ospf3 To bgp'" entry 10 description "Entry From Protocol ospf3 To bgp" from Page 64 7750 SR OS Router Configuration Guide...
Page 65 IP Router Configuration protocol ospf3 exit protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router# 7750 SR OS Router Configuration Guide Page 65...
Page 66: Router Advertisement
{seconds | infinite} valid-lifetime {seconds | infinite} reachable-time milli-seconds retransmit-time milli-seconds router-lifetime seconds no shutdown Page 66 7750 SR OS Router Configuration Guide...
Page 67 2592000 config>router>router-advert>if# reachable-time 50000 config>router>router-advert>if# retransmit-time 10000 config>router>router-advert>if# no shutdown config>router>router-advert>if# exit *A:tahi>config>router>router-advert>if>prefix# info detail ---------------------------------------------- interface autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000 reachable-time 50000 retransmit-time 10000 no shutdown ---------------------------------------------- *A:tahi>config>router>router-advert>if>prefix# 7750 SR OS Router Configuration Guide Page 67...
Page 68: Configuring Proxy Arp
The following example displays prefix list configuration command usage. These commands are configured in the context. config>router Example:config>router>policy-options# begin config>router>policy-options# prefix-list prefixlist1 config>router>policy-options>prefix-list# prefix 10.20.30.0/24 through 32 config>router>policy-options>prefix-list# exit config>router>policy-options# prefix-list prefixlist2 config>router>policy-options>prefix-list# prefix 10.10.10.0/24 through 32 config>router>policy-options>prefix-list# exit config>router>policy-options# commit Page 68 7750 SR OS Router Configuration Guide...
Page 69 A:ALA-49>config>router>policy-options# info ---------------------------------------------- prefix-list "prefixlist1" prefix 10.20.30.0/24 through 32 exit prefix-list "prefixlist2" prefix 10.10.10.0/24 through 32 exit policy-statement "ProxyARPpolicy" entry 10 from prefix-list "prefixlist1" exit prefix-list "prefixlist2" exit action reject exit default-action accept 7750 SR OS Router Configuration Guide Page 69...
Page 70 [policy-name...(upto 5 max)] remote-proxy-arp Example config>router# interface “testARP” config>router>if# address 128.251.10.59/24 config>router>if# local-proxy-arp config>router>if# proxy-arp config>router>if>proxy-arp# policy-statement "ProxyARPpolicy" config>router>if>proxy-arp# exit config>router>if# exit A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# Page 70 7750 SR OS Router Configuration Guide...
Page 71: Creating An Ip Address Range
A no service-prefix ip-prefix/mask service prefix cannot be removed while one or more services use address(es) in the range to be removed. CLI Syntax: config>router service-prefix ip-prefix/mask [exclusive] Example config>router# service-prefix 7750 SR OS Router Configuration Guide Page 71...
Page 72: Deriving The Router Id
10.10.0.4/32 config>router>if# address config>router>if# exit The following example displays the router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# Page 72 7750 SR OS Router Configuration Guide...
Page 73: Configuring A Confederation
ALA-E>config>router# confederation 2002 members 200 300 400 ALA-E>config>router# exit ALA-F>config>router# autonomous-system 300 ALA-F>config>router# confederation 2002 members 200 300 400 ALA-F>config>router# exit ALA-G>config>router# autonomous-system 300 ALA-G>config>router# confederation 2002 members 200 300 400 ALA-G>config>router# exit 7750 SR OS Router Configuration Guide Page 73...
Page 74 A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# Page 74 7750 SR OS Router Configuration Guide...
Page 75: Configuring An Autonomous System
The following example displays the autonomous system configuration: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# 7750 SR OS Router Configuration Guide Page 75...
Page 76: Service Management Tasks
"TGIF" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# Page 76 7750 SR OS Router Configuration Guide...
Page 77: Modifying Interface Parameters
ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# 7750 SR OS Router Configuration Guide Page 77...
Page 78: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# Page 78 7750 SR OS Router Configuration Guide...
Page 79: Ip Router Command Reference
[tag tag] [enable | disable] indirect ip-address [ldp [disallow-igp]] — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [tag tag] [enable | disable] black-hole [mcast-ipv4] — [no] triggered-policy 7750 SR OS Router Configuration Guide Page 79...
Page 80 [ip-addr/mask | ip-addr][netmask ] — [no] static-arp — static-arp ip-addr ieee-mac-addr — no static-arp ip-addr — [no] shutdown — tos-marking-state {trusted | untrusted} — no tos-marking-state — unnumbered [ip-addr | ip-int-name] — no unnumbered Page 80 7750 SR OS Router Configuration Guide...
Page 81: Router Advertisement Commands
— [no] autonomous — [no] on-link — preferred-lifetime {seconds | infinite} — no preferred-lifetime — valid-lifetime {seconds | infinite} — no valid-lifetime — reachable-time milli-seconds — no reachable-time — retransmit-time milli-seconds 7750 SR OS Router Configuration Guide Page 81...
Page 82 IP Router Command Reference — no retransmit-time — router-lifetime seconds — no router-lifetime — [no] shutdown Page 82 7750 SR OS Router Configuration Guide...
Page 83: Show Commands
[ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix[/mask]] | [preference preference] | [next-hop ip-address]| [tag tag] — status — tunnel-table [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] — neighbor [interface-name] 7750 SR OS Router Configuration Guide Page 83...
Page 84: Clear Commands
[ip-int-name | ip-address] [headers] [protocol-id] — no packet [ip-int-name | ip-address] — route-table [ip-prefix/prefix-length] [longer] — no route-table — mtrace — [no] misc — [no] packet [query | request | response] — Page 84 7750 SR OS Router Configuration Guide...
Page 85: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7750 SR OS Router Configuration Guide Page 85...
Page 86: Router Global Commands
— The destination address of the aggregate route in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H Page 86 7750 SR OS Router Configuration Guide...
Page 87 BGP instance or rebooting the system with the new configuration. Default No autonomous system number is defined. Parameters as-number — The autonomous system number expressed as a decimal integer. Values 1 - 65535 confederation 7750 SR OS Router Configuration Guide Page 87...
Page 88 — The maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp. Values 0 — 16 Page 88 7750 SR OS Router Configuration Guide...
Page 89 When configuring a new router ID, protocols are not automatically restarted with the new router ID. The next time a protocol is initialized, the new router ID is used. This can result in an interim period of time when different protocols use different router IDs. 7750 SR OS Router Configuration Guide Page 89...
Page 90 — The IP address prefix to include in the service prefix allocation in dotted decimal notation. Values ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 — 32 ipv6-prefix: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H Page 90 7750 SR OS Router Configuration Guide...
Page 91 No static routes are defined. Parameters ip-prefix/prefix-length — The destination address of the static route. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) 7750 SR OS Router Configuration Guide Page 91...
Page 92 [ip-address | ip-int-name] — Specifies the directly connected next hop IP address used to reach the destination. If the next hop is over an unnumbered interface, the ip-int-name of the unnumbered interface (on this node) can be configured. Page 92 7750 SR OS Router Configuration Guide...
Page 93: Table 5: Default Route Preferences
— Adds a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols. Table 5: Default Route Preferences Route Type Preference Configurable Direct attached 7750 SR OS Router Configuration Guide Page 93...
Page 94 — Associates the state of the static route to a BFD session between the local system and the configured nexthop. This keyword cannot be configured if the nexthop is indirect or blackhole keywords are specified. mcast-ipv4 — Specifies peers that are IPv4 multicast capable. Page 94 7750 SR OS Router Configuration Guide...
Page 95: Router Interface Commands
IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing. 7750 SR OS Router Configuration Guide Page 95...
Page 96 / — The forward slash is a parameter delimiter that separates the ip-addr portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip- Page 96 7750 SR OS Router Configuration Guide...
Page 97 This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host- ones) will be received by the IP interface. Default host-ones Values all-ones, host-ones 7750 SR OS Router Configuration Guide Page 97...
Page 98 [receive receive-interval] [multiplier multiplier] no bfd Context config>router> interface Description This command specifies the bi-directional forwarding detection (BFD) parameters for the associated IP interface. If no parameters are defined the default value are used. Page 98 7750 SR OS Router Configuration Guide...
Page 99 ACL — cflowd policy associated with a filter. interface — cflowd policy associated with an IP interface. local-proxy-arp Syntax [no] local-proxy-arp Context config>router>interface ip-int-name Description This command enables local proxy ARP on the interface. Default no local-proxy-arp 7750 SR OS Router Configuration Guide Page 99...
Page 100 This parameter is only valid when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface. Default no ntp-broadcast - receipt of SNTP broadcasts is disabled. port Page 100 7750 SR OS Router Configuration Guide...
Page 101 1/1/3 specifies port 3 of the MDA installed in MDA slot 1on the card installed in chassis slot 1. SONET/SDH interfaces When the port-id represents a POS interface, the port-id must include the channel-id. The POS interface must be configured as a network port. proxy-arp-policy 7750 SR OS Router Configuration Guide Page 101...
Page 102 7750 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7750 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 103 IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-addr and the mask-length or 7750 SR OS Router Configuration Guide Page 103...
Page 104 Static ARP is used when a 7750 SR needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7750 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 105 The no form of the command removes the IP address from the interface, effectively removing the unnumbered property. The interface must be shutdown before no unnumbered is issued to delete the IP address from the interface, or an error message will be generated. 7750 SR OS Router Configuration Guide Page 105...
Page 106 It is recommended to use the system IP address as it is not associated with a particular interface and is therefore always reachable. The system IP address is the default if no ip-addr or ip-int-name is configured. Default no unumbered Page 106 7750 SR OS Router Configuration Guide...
Page 107 — The filter name acts as the ID for the IP filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ip context. Values 1 — 16384 7750 SR OS Router Configuration Guide Page 107...
Page 108 — The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ipv6 context. Values 1— 65535 Page 108 7750 SR OS Router Configuration Guide...
Page 109 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. Default redirects 100 10 — maximum of 100 redirect messages in 10 seconds 7750 SR OS Router Configuration Guide Page 109...
Page 110 By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval. Page 110 7750 SR OS Router Configuration Guide...
Page 111 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. Values 1 — 60 7750 SR OS Router Configuration Guide Page 111...
Page 112 Ethernet interfaces. For interfaces without a MAC address, for example POS interfaces, the Base MAC address of the chassis should be used. icmp6 Syntax icmp6 Context config>router>if>ipv6 Description This command enables the context to configure ICMPv6 parameters for the interface. packet-too-big Page 112 7750 SR OS Router Configuration Guide...
Page 113 The no form of the command disables ICMPv6 redirects. Default 100 10 (when IPv6 is enabled on the interface) Parameters number — Limits the number of redirects issued per the time frame specifed in seconds parameter. Values 10 — 1000 7750 SR OS Router Configuration Guide Page 113...
Page 114 Values 10 — 1000 seconds — Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame. Values 1 — 60 local-proxy-nd Page 114 7750 SR OS Router Configuration Guide...
Page 115 — The IPv6 address assigned to a router interface. Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx- xx-xx-xx-xx-xx. 7750 SR OS Router Configuration Guide Page 115...
Page 116: Router Advertisement Commands
IPv6 packets. Default Parameters number — Specifies the hop limit. Values 0 — 255. A value of zero means there is an unspecified number of hops. managed-configuration Page 116 7750 SR OS Router Configuration Guide...
Page 117 Description This command configures the MTU for the nodes to use to send packets on the link. Default no mtu — the MTU option is not sent in the router advertisement messages. 7750 SR OS Router Configuration Guide Page 117...
Page 118 — Specifies a route must match the most significant bits and have a prefix length. Values 1 — 128 autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix Description This command specifies whether the prefix can be used for stateless address autoconfiguration. Default enabled Page 118 7750 SR OS Router Configuration Guide...
Page 119 — Specifies the remaining length of time in seconds that this prefix will continue to be valid. infinite — Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity. reachable-time 7750 SR OS Router Configuration Guide Page 119...
Page 120 0, 4 — 9000 seconds. 0 means that the router is not a default router on this link. shutdown Syntax [no] shutdown Context config>router>router-advert>if Description This command enables or disables router advertisement on an interface. Page 120 7750 SR OS Router Configuration Guide...
Page 121 IP Router Configuration Default no shutdown 7750 SR OS Router Configuration Guide Page 121...
Page 122 Configuration Commands Page 122 7750 SR OS Router Configuration Guide...
Page 123: Show Commands
ARP Table Output — The following table describes the ARP table output fields: Label Description IP Address The IP address of the ARP entry. The MAC address of the ARP entry. MAC Address The age of the ARP entry. Expiry 7750 SR OS Router Configuration Guide Page 123...
Page 124 Type Interface ------------------------------------------------------------------------------- 10.10.0.3 04:5d:ff:00:00:00 00:00:00 system =============================================================================== A:ALA-A# A:ALA-A# show router ARP to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.13.1 04:5b:01:01:00:02 03:53:09 to-ser1 =============================================================================== A:ALA-A# Page 124 7750 SR OS Router Configuration Guide...
Page 125 The number of packets that were authenticated. Client Packets Authenticate Ok Sample Output A:SR-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail Client Packets Authenticate Ok : 12 =================================================================== A:SR-3> 7750 SR OS Router Configuration Guide Page 125...
Page 126 B:CORE2# show router bfd interface =============================================================================== BFD Interface =============================================================================== Interface name Tx Interval Rx Interval Multiplier ------------------------------------------------------------------------------- net10_1_2 net11_1_2 net12_1_2 net13_1_2 net14_1_2 net15_1_2 net16_1_2 net17_1_2 net18_1_2 net19_1_2 net1_1_2 net1_2_3 net20_1_2 net21_1_2 net22_1_2 net23_1_2 net24_1_2 Page 126 7750 SR OS Router Configuration Guide...
Page 127 Displays the integer used by BFD to declare when the neighbor is down. Mult Sample Output B:CORE2# show router bfd session =============================================================================== BFD Session =============================================================================== Interface State Tx Intvl Rx Intvl Mult 7750 SR OS Router Configuration Guide Page 127...
Page 128 If an IP address or interface name is specified, then only data regarding the specified interface is displayed. Parameters ip-int-name | ip-address — Displays statistics for the specified IP interface. Output Show DHCP Statistics Output — The following table describes the output fields for DHCP. statistics. Page 128 7750 SR OS Router Configuration Guide...
Page 129 DHCP6 statistics (Router: Base) ========================================================================== Msg-type Dropped -------------------------------------------------------------------------- 1 SOLICIT 2 ADVERTISE 3 REQUEST 4 CONFIRM 5 RENEW 6 REBIND 7 REPLY 8 RELEASE 9 DECLINE 10 RECONFIGURE 11 INFO_REQUEST 12 RELAY_FORW 13 RELAY_REPLY 7750 SR OS Router Configuration Guide Page 129...
Page 130 Show DHCP Summary Output — The following table describes the output fields for DHCP summary. Label Description Name of the router interface. Interface Name Indicates whether Option 82 processing is enabled on the interface. Info Option Page 130 7750 SR OS Router Configuration Guide...
Page 131 The name of the router instance. Router Name ECMP False — ECMP is disabled for the instance. True — ECMP is enabled for the instance. The number of ECMP routes configured for path sharing. Configured-ECMP- Routes 7750 SR OS Router Configuration Guide Page 131...
Page 132 (for example, ICMP destination unreachable messages) to report errors during processing and other diagnostic functions. ICMPv6 packets can be used in the neighbor discovery protocol and path MTU discovery. Page 132 7750 SR OS Router Configuration Guide...
Page 133 ------------------------------------------------------------------------------- Sent Total : 10 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits Neighbor Advertisements : 5 =============================================================================== A:SR-3>show>router>auth# 7750 SR OS Router Configuration Guide Page 133...
Page 134 Sample Output B:CORE2# show router icmp6 interface net1_1_2 =============================================================================== Interface ICMPv6 Stats =============================================================================== =============================================================================== Interface "net1_1_2" ------------------------------------------------------------------------------- Received Total : 41 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Page 134 7750 SR OS Router Configuration Guide...
Page 135 — Displays the peers that are IPv6-capable. Output Standard IP Interface Output — The following table describes the standard output fields for an IP interface. Label Description The IP interface name. Interface-Name 7750 SR OS Router Configuration Guide Page 135...
Page 136 Network 3/1/1 11.2.4.4/24 15::2/120 ip-11.4.101.4 Up/Up Up/Up Network 5/2/1 11.4.101.4/24 3FFE::B04:6504/120 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-11.4.113.4 Up/Up Up/Up Network 6/1/1 11.4.113.4/24 3FFE::B04:7104/120 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-11.4.114.4 Up/Up Up/Up Network 6/1/2 11.4.114.4/24 3FFE::B04:7204/120 PREFERRED Page 136 7750 SR OS Router Configuration Guide...
Page 137 Type IP-Address Mode ------------------------------------------------------------------------------- system 10.10.0.3/32 Network =============================================================================== A:ALA-A# A:ALA-A# show router interface to-ser1 =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode ------------------------------------------------------------------------------- to-ser1 10.10.13.3/24 Network =============================================================================== A:ALA-A# A:ALA-A# show router interface exclude-services 7750 SR OS Router Configuration Guide Page 137...
Page 138 Service — The IP interface is a service IP interface. Displays if the broadcast-client global parameter is configured SNTP B.cast The IES identifier. IES ID The QoS policy ID associated with the IP interface. QoS Policy Page 138 7750 SR OS Router Configuration Guide...
Page 139 IPv6 Addr : 3FFE:501:FFFF:100:200:FF:FE00:101/64 INACCESSIBLE IPv6 Addr : FE80::200:FF:FE00:101/64 INACCESSIBLE ------------------------------------------------------------------------------- Details ------------------------------------------------------------------------------- If Index Virt. If Index Last Oper Chg: 02/13/2007 01:00:29 Global If Index : 127 SAP Id : 1/1/1 7750 SR OS Router Configuration Guide Page 139...
Page 140 Summary IP Interface Output — The following table describes the summary output fields for the router IP interfaces.. Label Description Instance The router instance number. The name of the router instance. Router Name The number of IP interfaces in the router instance. Interfaces Page 140 7750 SR OS Router Configuration Guide...
Page 141 Displays the number of seconds until the entry expires. Displays the type of IPv6 interface. Type Displays the interface name. Interface Specifies whether a neighbor is a router. Displays the MTU size. 7750 SR OS Router Configuration Guide Page 141...
Page 142 Policy Output — The following table describes policy output fields. Label Description The policy name. Policy Displays the description of the policy. Description Sample Output B:CORE2# show router policy =============================================================================== Route Policies Page 142 7750 SR OS Router Configuration Guide...
Page 143 Standard Route Table Output — The following table describes the standard output fields for the route table. Label Description The route destination address and mask. Dest Address Next Hop The next hop IP address for the route destination. 7750 SR OS Router Configuration Guide Page 143...
Page 144 B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref ------------------------------------------------------------------------------- 100.10.0.0/16 Black Hole Remote Static 00h03m17s 1 5 ------------------------------------------------------------------------------- No. of Routes: 1 Page 144 7750 SR OS Router Configuration Guide...
Page 145: Sample Output
Total active and available routes are also displayed. Sample Output A:ALA-A# show router route-table summary =============================================================================== Route Table Summary =============================================================================== Active Available 7750 SR OS Router Configuration Guide Page 145...
Page 146 The number of neighbor advertisements sent and time since they were Nbr Advertisement sent. The number of router advertisements received and time since they were Rtr Advertisement received. The number of neighbor advertisements received and time since they were Nbr Advertisement received. Page 146 7750 SR OS Router Configuration Guide...
Page 147 : TRUE Reachable Time : 00h00m00s400ms Router Lifetime : 00h30m01s Retransmit Time : 00h00m00s400ms Hop Limit : 63 Link MTU : 1500 Prefix: 211::/120 Autonomous Flag : FALSE On-link flag : FALSE 7750 SR OS Router Configuration Guide Page 147...
Page 148 On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 23::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 24::/119 Page 148 7750 SR OS Router Configuration Guide...
Page 149 Prefix not present in neighbor router advertisement Prefix: 211::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix not present in neighbor router advertisement 7750 SR OS Router Configuration Guide Page 149...
Page 150 Valid Lifetime : infinite [30d00h00m] Prefix not present in own router advertisement Prefix: 231::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m ------------------------------------------------------------------------------- =============================================================================== A:Dut-A# Page 150 7750 SR OS Router Configuration Guide...
Page 151 00:00:5a:01:00:33 00:00:00 Inv to-ser1a ------------------------------------------------------------------------------- No. of ARP Entries: 1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp 12.200.1.1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1 7750 SR OS Router Configuration Guide Page 151...
Page 152 (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H [0 — 255]D ipv6-prefix-length: 0 — 128 preference preference — Only displays static routes with the specified route preference. Values 0 — 65535 Page 152 7750 SR OS Router Configuration Guide...
Page 153 The number of routes displayed in the list. No. of Routes Sample Output A:ALA-A# show router static-route =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 7750 SR OS Router Configuration Guide Page 153...
Page 154 Service Prefix Output — The following table describes the output fields for service prefix information. Label Description The IP prefix of the range of addresses included in the range for ser- IP Prefix vices. The subnet mask length associated with the IP prefix. Mask Page 154 7750 SR OS Router Configuration Guide...
Page 155 The administrative and operational states for the LDP protocol. The administrative and operational states for the BGP protocol. The maximum number of routes configured for the system. Max Routes Total Routes The total number of routes in the route table. 7750 SR OS Router Configuration Guide Page 155...
Page 156 ================================================================ Admin State Oper State ---------------------------------------------------------------- Router OSPFv2-0 OSPFv2-1 Down Down OSPFv2-2 Down Down OSPFv2-3 Down Down OSPFv2-4 Down Down OSPFv2-5 Down Down OSPFv2-6 Down Down OSPFv2-7 Down Down OSPFv2-8 Down Down Page 156 7750 SR OS Router Configuration Guide...
Page 157 Not configured Not configured Max Routes No Limit Total IPv4 Routes 244277 Total IPv6 Routes Max Multicast Routes No Limit Total Multicast Routes PIM not configured ECMP Max Routes Triggered Policies ================================================================ *A:Performance# 7750 SR OS Router Configuration Guide Page 157...
Page 158 A:ALA-A>config>service# show router tunnel-table =============================================================================== Tunnel Table =============================================================================== DestinationOwner Encap Tunnel Id Pref Nexthop Metric ------------------------------------------------------------------------------- 10.0.0.1/32 sdp 0.0.0.1 10.0.0.1/32 sdp 5 10.0.0.1 10.0.0.1/32 sdp 5 10.0.0.1 10.0.0.1/32 sdp 5 10.0.0.1 =============================================================================== A:ALA-A>config>service# Page 158 7750 SR OS Router Configuration Guide...
Page 159 IP Router Configuration A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- =============================================================================== A:ALA-A>config>service# 7750 SR OS Router Configuration Guide Page 159...
Page 160: Clear Commands
— Specifies the address of the local endpoint of this BFD session. dst-ip ip-address — Specifies the address of the remote endpoint of this BFD session. all — Clears all BFD sessions. Page 160 7750 SR OS Router Configuration Guide...
Page 161 This command clears entries in the forwarding table (maintained by the IOMs). If the slot number is not specified, the command forces the route table to be recalculated. Parameters slot-number — Clears the specified IOM slot. Default all IOMs Values 1 - 10 7750 SR OS Router Configuration Guide Page 161...
Page 162 | ip-addr — The IP interface name or IP interface address. Default all IP interfaces icmp — Specifies to reset the ICMP statistics for the IP interface(s) used for ICMP rate limiting. Page 162 7750 SR OS Router Configuration Guide...
Page 163 Context clear>router Description This command clears all router advertisement counters. Parameters all — Clears all router advertisement counters for all interfaces. interface interface-name — Clear router advertisement counters for the specified interface. 7750 SR OS Router Configuration Guide Page 163...
Page 164: Debug Commands
Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values router-name: Base, management service-id: 1 — 2147483647 Default Base Page 164 7750 SR OS Router Configuration Guide...
Page 165 This command displays the router IP interface table sorted by interface index. Parameters ip-address — Only displays the interface information associated with the specified IP address. Values ipv4-address a.b.c.d (host bits must be 0) ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) 7750 SR OS Router Configuration Guide Page 165...
Page 166 — The IP prefix for prefix list entry in dotted decimal notation. Values ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d [0 — FFFF]H Page 166 7750 SR OS Router Configuration Guide...
Page 167 Syntax [no] misc Context debug>router>mtrace Description This command enables debugging for mtrace miscellaneous. packet Syntax [no] packet [query | request | response] Context debug>router>mtrace Description This command enables debugging for mtrace packets. 7750 SR OS Router Configuration Guide Page 167...
Page 168 Debug Commands Page 168 7750 SR OS Router Configuration Guide...
Page 169: Vrrp
→ VRRP Advertisement Message IP Address List Verification on page 180 • VRRP Configuration Process Overview on page 190 → VRRP Configuration Components on page 191 • Configuration Notes on page 194 7750 SR OS Router Configuration Guide Page 169...
Page 170: Vrrp Overview
VRRP configuration. Internet Backup Master Backup Non-Owner Owner Non-Owner ALA-1 ALA-2 ALA-3 vrld 100 vrld 100 vrld 100 Priority 200 Priority 150 Virtual Router ID (VRID) OSRG006 Figure 13: VRRP Configuration Page 170 7750 SR OS Router Configuration Guide...
Page 171: Vrrp Components
7750 SR OS allows the virtual routers to be configured as non-owners of the IP address. VRRP on a 7750 SR router can be configured to allow non-owners to respond to ICMP echo requests when they become the virtual router master for the virtual router.
Page 172: Primary And Secondary Ip Addresses
A 7750 SR IP interface must always have a primary IP address assigned for VRRP to be active on the interface. 7750 SR OS supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 173: Virtual Router Backup
VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis. For information about non-owner access parameters, refer to VRRP Non-Owner Accessibility on page 188. 7750 SR OS Router Configuration Guide Page 173...
Page 174: Configurable Parameters
VRID. The priority value can only be configured when the defined IP address on the IP interface is different than the virtual router IP address (non-owner mode). Page 174 7750 SR OS Router Configuration Guide...
Page 175: Ip Addresses
These are the IP addresses being used by hosts on the LAN as gateway addresses. Since multi-netting supports 16 IP addresses on the IP interface, up to 16 addresses may be assigned to a specific a virtual router instance. 7750 SR OS Router Configuration Guide Page 175...
Page 176: Message Interval And Master Inheritance
Skew Time = ((256 - priority) / 256) seconds The higher priority value, the smaller the skew time will be. This means that virtual routers with a lower priority will transition to master slower than virtual routers with higher priorities. Page 176 7750 SR OS Router Configuration Guide...
Page 177: Master Down Interval
If preempt disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router. 7750 SR OS Router Configuration Guide Page 177...
Page 178: Vrrp Message Authentication
→ IP header destination IP address – Must be 224.0.0.18 → IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops → IP header protocol field – must be 112 (decimal) Page 178 7750 SR OS Router Configuration Guide...
Page 179 → Authentication data fields – Must be equal to the VRID configured simple text password Any VRRP message not meeting the type 0 verification checks with the exceptions above are silently discarded. 7750 SR OS Router Configuration Guide Page 179...
Page 180: Authentication Data
VRRP advertisement messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The 7750 SR OS implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 181: Inherit Master Vrrp Router's Advertisement Interval Timer
Policies can only be configured in the non-owner VRRP context. For non-owner virtual router instances, if policies are not configured, then the base priority is used as the in-use priority. 7750 SR OS Router Configuration Guide Page 181...
Page 182: Vrrp Priority Control Policies
The base priority is the starting priority for the VRRP instance. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy. Page 182 7750 SR OS Router Configuration Guide...
Page 183: Vrrp Priority Control Policy Delta In-Use Priority Limit
If the result is lower than the delta in-use priority limit, the delta in-use priority limit is used as the in-use priority for the virtual router instance. Otherwise, the in-use priority is set to the base priority less the sum of the delta events. 7750 SR OS Router Configuration Guide Page 183...
Page 184: Priority Event Hold-Set Timers
The new sum is then subtracted from the base priority and compared to the delta in-use priority limit to derive the new in-use priority on the virtual router instance. Page 184 7750 SR OS Router Configuration Guide...
Page 185: Table 6: Lag Events
Set - 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds All ports up Event State Set - 5 ports down Event Threshold 4 ports down Hold Set Timer 2 second 7750 SR OS Router Configuration Guide Page 185...
Page 186 Set - 7 ports down Event Threshold 6 ports down Hold Set Timer 1 second All ports up Event State Cleared - All ports up Event Threshold None Event cleared Hold Set Timer Expired Page 186 7750 SR OS Router Configuration Guide...
Page 187: Host Unreachable Priority Event
When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set. 7750 SR OS Router Configuration Guide Page 187...
Page 188: Vrrp Non-Owner Accessibility
Although RFC 2338 and draft-ietf-vrrp-spec-v2-06.txt states that only VRRP owners can respond to ping and other management-oriented protocols directed to the VRID IP addresses, 7750 SR OS allows an override of this restraint on a per VRRP virtual router instance basis.
Page 189: Non-Owner Access Ssh
IP address. When non-owner access SSH is disabled on a virtual router instance, SSH sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. 7750 SR OS Router Configuration Guide Page 189...
Page 190: Vrrp Configuration Process Overview
SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) TURN UP Figure 14: VRRP Configuration and Implementation Flow Page 190 7750 SR OS Router Configuration Guide...
Page 191: Vrrp Configuration Components
(add, delete, new next hop) occurs relative to the prefix, the policy is notified and takes proper action according to the priority event definition. Figure 16 displays the major components to configure a network interface VRRP instance. 7750 SR OS Router Configuration Guide Page 191...
Page 192: Figure 16: Interface Vrrp Configuration Components
VRRP Advertisement messages. This indicates to backup virtual routers receiving the messages what IP addresses the master is representing. • Policy — (optional) Assigns an existing VRRP priority control policy association with the virtual router instance. Page 192 7750 SR OS Router Configuration Guide...
Page 193: Figure 17: Ies Vrrp Configuration Components
VRRP Advertisement messages. This indicates to backup virtual routers receiving the messages what IP addresses the master is representing. • Policy — (optional) Assigns an existing VRRP priority control policy association with the virtual router instance. 7750 SR OS Router Configuration Guide Page 193...
Page 194: Configuration Notes
The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list. Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Protocol Support on page 715. Page 194 7750 SR OS Router Configuration Guide...
Page 195: Configuring Vrrp With Cli
Modifying Service and Interface VRRP Parameters on page 221 • Modifying Non-Owner Parameters on page 221 • Modifying Owner Parameters on page 221 • Deleting VRRP on an Interface or Service on page 221 7750 SR OS Router Configuration Guide Page 195...
Page 196: Vrrp Configuration Overview
The service customer account must be created prior to configuring an IES or VPRN VRRP instance. • The interface address must be specified in the both the owner and non-owner IES or VPRN or router interface instances. Page 196 7750 SR OS Router Configuration Guide...
Page 197: Vrrp Cli Command Structure
VRRP VRRP CLI Command Structure The 7750 SR OS VRRP command structure is displayed in Figure 18. VRRP policy commands are located under the context. config>vrrp VRRP service configuration commands are located under the config>service>ies> context. VRRP interface configuration commands are located under the interface context.
Page 198 DELTA-IN-USE LIMIT PRIORITY EVENT HOST UNREACHABLE LAG PORT DOWN SERVICE PORT DOWN IES/VPRN ROUTE UNKNOWN INTERFACE VRRP OWNER BACKUP ROUTER NON-OWNER INTERFACE BACKUP VRRP SHOW OWNER VRRP BACKUP INSTANCE NON-OWNER POLICY BACKUP Page 198 7750 SR OS Router Configuration Guide...
Page 199: List Of Commands
VRRP parameters on an interface and in an IES or VPRN service, indicating the configuration level at which each command is implemented with a short command description. Refer to the IES chapter of the 7750 SR OS Services Guide for information about IES command syntax and usage.
Page 200 RIP, when matching the route unknown IP route prefix for a route protocol isis unknown priority control event. protocol rip protocol static Configures the effect the set event has on the virtual router instance in- priority use priority. Page 200 7750 SR OS Router Configuration Guide...
Page 201: Table 8: Cli Commands To Configure Ies Or Vprn Service Vrrp Parameters
• VRRP Type 2 authentication provides an MD5 IP header authentication check on incoming VRRP advertisement messages. Sets/clears the simple text authentication key used for generating authentication-key master VRRP advertisement messages and validating received VRRP advertisements. 7750 SR OS Router Configuration Guide Page 201...
Page 202 • VRRP Type 2 authentication provides an MD5 IP header authentication check on incoming VRRP advertisement messages. Sets/clears the simple text authentication key used for generating authentication-key master VRRP advertisement messages and validating received VRRP advertisements. Page 202 7750 SR OS Router Configuration Guide...
Page 203 IP addresses. Enables the non-owner master to reply to SSH requests directed at ssh-reply the virtual router instances IP addresses. Administratively enables the VRRP instance. no shutdown 7750 SR OS Router Configuration Guide Page 203...
Page 204: Basic Vrrp Configurations
43200 priority 100 delta exit port-down 4/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta protocol bgp Page 204 7750 SR OS Router Configuration Guide...
Page 205: Vrrp Ies Service Parameters
19 owner backup 10.10.36.2 authentication-type password authentication-key "testabc" exit exit interface "testing" create address 10.10.10.16/24 vrrp 12 backup 10.10.10.15 backup 10.10.10.17 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# 7750 SR OS Router Configuration Guide Page 205...
Page 206: Vrrp Router Interface Parameters
"system" address 10.10.0.4/32 exit interface "ethel" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "fatfreddie" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 206 7750 SR OS Router Configuration Guide...
Page 207: Common Configuration Tasks
• message-interval In addition to the common parameters, the following non-owner commands can be configured: • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply • [no] shutdown 7750 SR OS Router Configuration Guide Page 207...
Page 208: Creating Interface Parameters
A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "fred" address 123.123.123.123/24 exit interface "ethel" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# Page 208 7750 SR OS Router Configuration Guide...
Page 209: Configuring Vrrp Policy Components
The following output displays an example of a VRRP policy specifying parameter values that are assumed in the event that a specific port is down: Example: SR1>config>vrrp# config>vrrp# policy 1 config>vrrp>policy$ delta-in-use-limit 50 config>vrrp>policy# priority-event config>vrrp>policy>priority-event# port-down 1/1/2 config>vrrp>policy>priority-event>port-down$ hold-set 43200 config>vrrp>policy>priority-event>port-down# priority 100 delta 7750 SR OS Router Configuration Guide Page 209...
Page 210 The following displays the VRRP policy configuration: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# Page 210 7750 SR OS Router Configuration Guide...
Page 211: Configuring Ies Or Vprn Service Vrrp Parameters
[context service-id] preempt message-interval seconds ping-reply telnet-reply ssh-reply shutdown vrrp vrid owner authentication-type {password} authentication-key [authentication-key | hash-key] [hash|hash2] backup ip-addr init-delay seconds mac ieee-mac-address message-interval seconds 7750 SR OS Router Configuration Guide Page 211...
Page 212: Non-Owner Ies Or Vprn Vrrp Example
The following output displays an example an IES non-owner VRRP configuration: Example: config>service>ies>if# vrrp 1 config>service>ies>if>vrrp$ backup 10.10.0.4/32 config>service>ies>if>vrrp# authentication-type password config>service>ies>if>vrrp# authentication-key 18 config>service>ies>if>vrrp# priority 254 config>service>ies>if>vrrp# policy 1 config>service>ies>if>vrrp# no ssh-reply config>service>ies>if>vrrp# no telnet-reply config>service>ies>if>vrrp# no shutdown Page 212 7750 SR OS Router Configuration Guide...
Page 213 The following example displays the basic non-owner VRRP configuration: A:SR2>config>service>ies# info ---------------------------------------------- interface "mertz" create address 10.10.65.4/24 backup 10.10.0.4/32 vrrp 1 priority 254 policy 1 authentication-type password authentication-key "18" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# 7750 SR OS Router Configuration Guide Page 213...
Page 214: Owner Ies Or Vprn Vrrp
The following example displays the owner VRRP configuration: A:SR2>config>service>ies# info ---------------------------------------------- interface "tuesday" create address 10.10.36.2/24 vrrp 19 owner backup 10.10.36.2 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>service>ies# Page 214 7750 SR OS Router Configuration Guide...
Page 215: Configuring Router Interface Vrrp Parameters
{password} authentication-key [authentication-key | hash-key] [hash|hash2] backup ip-addr init-delay seconds mac ieee-mac-address message-interval seconds 7750 SR OS Router Configuration Guide Page 215...
Page 216: Router Interface Vrrp Non-Owner
10.10.70.1/24 config>router>if# no shutdown config>router>if# vrrp 1 config>router>if>vrrp# backup 10.10.50.2 config>router>if>vrrp# backup 10.10.60.2 config>router>if>vrrp# backup 10.10.70.2 config>router>if>vrrp# backup 10.20.30.41 config>router>if>vrrp# ping-reply config>router>if>vrrp# telnet-reply config>router>if>vrrp# authentication-type password config>router>if>vrrp# authentication-key testabc config>router>if>vrrp# no shutdown Page 216 7750 SR OS Router Configuration Guide...
Page 217 A:SR2>config># info #------------------------------------------ interface "lucy" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply telnet-reply authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config># 7750 SR OS Router Configuration Guide Page 217...
Page 218: Router Interface Vrrp Owner
The following example displays the router interface owner VRRP configuration: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# Page 218 7750 SR OS Router Configuration Guide...
Page 219: Vrrp Configuration Management Tasks
The following example displays the modified VRRP policy configuration: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit port-down 1/1/3 priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# 7750 SR OS Router Configuration Guide Page 219...
Page 220: Deleting A Vrrp Policy
Applied applied to an entity. A:SR2# =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- 200 Explicit None None None None =============================================================================== A:SR2# Page 220 7750 SR OS Router Configuration Guide...
Page 221: Modifying Service And Interface Vrrp Parameters
The following example displays the command usage to delete a VRRP instance from an interface or IES service: Example: config>service#ies 10 config>service>ies# interface “test” config>service>ies>if# vrrp 1 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all 7750 SR OS Router Configuration Guide Page 221...
Page 222 VRRP Configuration Management Tasks Page 222 7750 SR OS Router Configuration Guide...
Page 223: Vrrp Command Reference
— init-delay seconds — no init-delay — mac-address — no — [no] master-int-inherit — message-interval {[seconds] [milliseconds milliseconds]} — no message-interval — [no] ping-reply — policy vrrp-policy-id — no policy 7750 SR OS Router Configuration Guide Page 223...
Page 224 VRRP Command Reference — [no] preempt — priority priority — no priority — [no] ssh-reply — [no] standby-forwarding — [no] telnet-reply — [no] shutdown — [no] traceroute-reply Page 224 7750 SR OS Router Configuration Guide...
Page 225 [delta | explicit] — no priority — protocol protocol — no protocol[protocol] — [no] protocol — [no] protocol ospf — [no] protocol isis — [no] protocol — [no] protocol static 7750 SR OS Router Configuration Guide Page 225...
Page 226 Show Commands show — router — vrrp — instance [interface interface-name [vrid virtual-router-id]] — statistics Clear Commands clear — router — vrrp — instance interface-name [vrid virtual-router-id] — statistics [interface interface-name [vrid virtual-router-id]] Page 226 7750 SR OS Router Configuration Guide...
Page 227: Configuration Commands
4. Execute the authentication-key command and no shutdown command on each backup. The no form of the command reverts to the default value. Default no authentication-key - The authentication key value is the null string. 7750 SR OS Router Configuration Guide Page 227...
Page 228 0 in all octets. VRRP advertisement messages received with authentication type fields containing a value other than 0 will be discarded. Default no authentication - VRRP Type 0 (no authentication) is used . Page 228 7750 SR OS Router Configuration Guide...
Page 229 IP address from the same local subnet as long as each is a different IP address. Up to sixteen backup ip-addr commands can be executed within the same virtual router instance. Executing backup multiple times with the same ip-addr results in no operation performed and no 7750 SR OS Router Configuration Guide Page 229...
Page 230 IP interface- assigned IP addresses. The virtual router IP address must be equal to the primary or one of the secondary IP addresses within the parental IP interface. Page 230 7750 SR OS Router Configuration Guide...
Page 231 Address Parental Association and Non-Owner Virtual Router IP Address Parental Association) on the parental IP interface must already exist. If an associated IP address on the parental IP interface is not configured, the virtual router IP address assignment fails. 7750 SR OS Router Configuration Guide Page 231...
Page 232 MAC is in use by the IP hosts using the virtual router IP address. Many hosts do not monitor unessential ARPs and continue to use the cached non-VRRP MAC address after the virtual router becomes master of the host’s gateway address. Page 232 7750 SR OS Router Configuration Guide...
Page 233 VRRP advertisement message advertisement interval field value. Default no master-int-inherit - The virtual router instance does not inherit the master VRRP router’s advertisement interval timer and uses the locally configured message interval. 7750 SR OS Router Configuration Guide Page 233...
Page 234 — The number of seconds that will transpire before the advertisement timer expires expressed as a decimal integer. Values 1 — 255 milliseconds milliseconds — Specifies the time interval, in milliseconds, between sending advertisement messages. Values 100 — 900 Page 234 7750 SR OS Router Configuration Guide...
Page 235 The preempt command is only available in the non-owner vrrp nodal context. The owner may not be preempted because the priority of non-owners can never be higher than the owner. The owner always preempts all other virtual routers when it is available. 7750 SR OS Router Configuration Guide Page 235...
Page 236 — The base priority used by the virtual router instance expressed as a decimal integer. If no VRRP priority control policy is defined, the base-priority is the in-use priority for the virtual router instance. Values 1 — 254 Page 236 7750 SR OS Router Configuration Guide...
Page 237 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. 7750 SR OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
Page 238 The no form of the command discards all SSH request messages destined to the non-owner virtual router instance IP addresses. Default no ssh-reply - SSH requests to the virtual router instance IP addresses are discarded. Page 238 7750 SR OS Router Configuration Guide...
Page 239 The no form of the command configures discarding all Telnet request messages destined to the non- owner virtual router instance IP addresses. Default no telnet-reply - Telnet requests to the virtual router instance IP addresses are discarded. 7750 SR OS Router Configuration Guide Page 239...
Page 240 IP addresses. This provides a method where non-owner virtual routers backing up the owner may be configured with a subset of virtual router IP addresses and while enabling IP address list match verification. Page 240 7750 SR OS Router Configuration Guide...
Page 241 Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted and than recreated without the owner keyword to remove ownership. 7750 SR OS Router Configuration Guide Page 241...
Page 242: Priority Policy Commands
Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base- priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. Values 1 — 254 Page 242 7750 SR OS Router Configuration Guide...
Page 243 The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail. Default no policy - No VRRP priority control policies are defined. 7750 SR OS Router Configuration Guide Page 243...
Page 244 A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance. Up to 32 priority control events can be configured within the priority-event node. The no form of the command clears any configured priority events. Page 244 7750 SR OS Router Configuration Guide...
Page 245: Priority Policy Event Commands
Once the hold set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the current set effect on the virtual router instances in-use priority can be removed. As with 7750 SR OS Router Configuration Guide Page 245...
Page 246 The no form of the command reverts to the default values. Default 0 delta - The set event will subtract 0 from the base priority (no effect). Page 246 7750 SR OS Router Configuration Guide...
Page 247 The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy. Default delta Values delta, explicit 7750 SR OS Router Configuration Guide Page 247...
Page 248: Priority Policy Port Down Event Commands
The port-id can only be monitored by a single event in this policy. The port can be monitored by multiple VRRP priority control policies. A port and a specific channel on the port are considered Page 248 7750 SR OS Router Configuration Guide...
Page 249 If the port is not provisioned, the event operational state is Set – non-provisioned. If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port. 7750 SR OS Router Configuration Guide Page 249...
Page 250: Priority Policy Lag Events Commands
The lag-port-down event is considered to have a tiered event set state. While the priority impact per number of ports down is totally configurable, as more ports go down, the effect on the associated virtual router instances in-use priority is expected to increase (lowering the priority). When each Page 250 7750 SR OS Router Configuration Guide...
Page 251 If the removed threshold is the current active threshold, the event set thresholds must be re- evaluated after removal. Default no number-down - No threshold for the LAG priority event is created. 7750 SR OS Router Configuration Guide Page 251...
Page 252 LAG equals or exceeds number-of- lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. Values 1 — 8 Page 252 7750 SR OS Router Configuration Guide...
Page 253: Priority Policy Host Unreachable Event Commands
If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared. Multiple unique (different ip-addr) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events. 7750 SR OS Router Configuration Guide Page 253...
Page 254 The hold-set timer be expired and the historical success rate must be met prior to the event operational state becoming cleared. Page 254 7750 SR OS Router Configuration Guide...
Page 255 If the timeout value is larger than the interval value, multiple ICMP echo request messages may be outstanding. Every ICMP echo request message transmitted to the far end host is tracked individually according to the message identifier and sequence number. 7750 SR OS Router Configuration Guide Page 255...
Page 256 — The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded. Values 1 — 60 Page 256 7750 SR OS Router Configuration Guide...
Page 257: Priority Policy Route Unknown Event Commands
The next-hop command is optional. If no next-hop ip-addr commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information. 7750 SR OS Router Configuration Guide Page 257...
Page 258 If protocol is executed without the ospf parameter, a returned route prefix with a source of OSPF will not be considered a match and will cause the event to enter the set state. Page 258 7750 SR OS Router Configuration Guide...
Page 259 Description Operational State Set – non-existent The route does not exist in the route table. Set – inactive The route exists in the route table but is not being used. 7750 SR OS Router Configuration Guide Page 259...
Page 260 — The subnet mask length expressed as a decimal integer associated with the IP prefix defining the route prefix to be monitored by the route unknown priority control event. Values 0 — 32 Page 260 7750 SR OS Router Configuration Guide...
Page 261: Show Commands
If no command line options are specified, summary information for all VRRP instances displays. Parameters interface ip-int-name — Displays detailed information for the VRRP instances on the specified IP interface including status and statistics. Default Summary information for all VRRP instances. 7750 SR OS Router Configuration Guide Page 261...
Page 262: Table 10: Show Vrrp Instance Output
InUse Priority router instance. Msg Int The administrative advertisement message timer used by the master virtual router instance to send VRRP advertisement mes- sages and to derive the master down timer as backup. Page 262 7750 SR OS Router Configuration Guide...
Page 263 Yes — Non-owner masters can to reply to TCP port 23 Telnet Telnet Reply requests directed at the vritual router instances IP addresses. No — Telnet requests to the virtual router instance IP addresses are discarded. 7750 SR OS Router Configuration Guide Page 263...
Page 264 Output Sample Output A:ALA-A# show vrrp instance =============================================================================== VRRP Instances =============================================================================== Interface Name Own Adm Opr State Base InUse Msg Inh Int Int ------------------------------------------------------------------------------- d2hub Backup n/a Backup Addr: 10.10.11.5 =============================================================================== Page 264 7750 SR OS Router Configuration Guide...
Page 265 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Total Discards =============================================================================== A:ALA-A# 7750 SR OS Router Configuration Guide Page 265...
Page 266: Table 11: Show Vrrp Policy Output
The sum of the priorities of all the delta events when multiple Current Delta Sum delta events associated with the priority control policy happen simultaneously. This sum is subtracted from the base priority of the virtual router to give the in-use priority. Page 266 7750 SR OS Router Configuration Guide...
Page 267 Event Oper State The amount of time that must pass before the set state for a Hold Set Remaining VRRP priority control event can transition to the cleared state to dampen flapping events. 7750 SR OS Router Configuration Guide Page 267...
Page 268 =============================================================================== Description : 10.10.200.253 reachability Current Priority: None Applied : No Current Explicit: None Current Delta Sum : None Delta Limit ------------------------------------------------------------------------------- Applied To Base In-use Master Interface Name Master ------------------------------------------------------------------------------- None Page 268 7750 SR OS Router Configuration Guide...
Page 269: Table 12: Show Vrrp Policy Event Output
If the delta-in-use-limit is 0, the sum of the delta priority control events to reduce the virtual router's in-use-priority to 0 can pre- vent it from becoming or staying master. 7750 SR OS Router Configuration Guide Page 269...
Page 270 The amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events. The base priority used by the virtual router instance. Priority Page 270 7750 SR OS Router Configuration Guide...
Page 271 VRRP Policy 1, Event Port Down 1/1/1 =============================================================================== Description Current Priority: None Applied : Yes Current Explicit: None Current Delta Sum : None Delta Limit ------------------------------------------------------------------------------- Applied To Base In-use Master Interface Name Master ------------------------------------------------------------------------------- ies301backup Down 7750 SR OS Router Configuration Guide Page 271...
Page 272 In-use Master Interface Name Master ------------------------------------------------------------------------------- None ------------------------------------------------------------------------------- Priority Control Event Route Unknown 10.10.100.0/24 ------------------------------------------------------------------------------- Priority Priority Effect : Explicit Less Specific : No Default Allowed : No Next Hop(s) : None Page 272 7750 SR OS Router Configuration Guide...
Page 273: Table 13: Show Vrrp Policy Output
Displays the number of version errors. Version Errors Displays the number of checksum errors. Checksum Errors Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# 7750 SR OS Router Configuration Guide Page 273...
Page 274: Clear Commands
All VRRP instances on the IP interface. Values 1 — 255 policy [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. Default All VRRP policies. Values 1 — 9999 Page 274 7750 SR OS Router Configuration Guide...
Page 275: Filter Policies
→ Filter Policy Entities on page 277 → Redirect Policies on page 278 • Creating Redirect Policies on page 282 → Policy Components on page 284 • Configuration Notes on page 294 7750 SR OS Router Configuration Guide Page 275...
Page 276: Filter Policy Configuration Overview
The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria. Page 276 7750 SR OS Router Configuration Guide...
Page 277: Filter Policy Entities
Router interface Router interface Egress multicast group Egress multicast group Egress multicast group VLL SAP, spoke SDP VLL SAP, spoke SDP VLL SAP, spoke SDP IES interface SAP, IES interface SAP, subscriber-interface subscriber-interface 7750 SR OS Router Configuration Guide Page 277...
Page 278: Redirect Policies
Packets are identified by IP filter entries. The redirection action is accomplished and supported with Policy Based Routing. Only IP routed frames can be redirected. Bridged IP packets that match the entry criteria will not be redirected. Page 278 7750 SR OS Router Configuration Guide...
Page 279 IP address as an indirect next hop Policy Based Route (PBR) action. 7750 SR OS Router Configuration Guide Page 279...
Page 280: Web Redirection (Captive Portal)
5. The customer’s web browser will then close the original connection and open a new connec- tion to the web portal. 6. The web portal updates the ACL (directly or through SSC) to remove the redirection policy. 7. The customer connects to the original site. Page 280 7750 SR OS Router Configuration Guide...
Page 281: Figure 19: Web Redirect Traffic Flow
Customer’s subscriber identification string Note that the subscriber identification string is available only when used with subscriber management. Refer to the subscriber management section of the 7750 SR OS Triple Play Guide and the 7750 SR OS Router Configuration Guide Since most web sites are accessed using the domain name the router allows either DNS queries or responds to DNS with the portal’s IP address.
Page 282: Creating Redirect Policies
SPECIFY REDIRECT POLICY IN ENTRY’S FORWARDING ACTION ASSOCIATE FILTER ID TO ROUTER INTERFACE CREATE SERVICE ASSOCIATE INTERFACE TO ROUTER ENTITIES ASSOCIATE FILTER ID TO SAP TURN UP Figure 20: Filter Creation and Implementation Flow Page 282 7750 SR OS Router Configuration Guide...
Page 283: Figure 21: Filter Creation And Implementation Flow
CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE SELECT NETWORK PORT ASSOCIATE FILTER ID TURN UP Figure 21: Filter Creation and Implementation Flow 7750 SR OS Router Configuration Guide Page 283...
Page 284: Policy Components
The destination with the highest priority will be used. • Ping test — Performs connectivity ping tests to validate the ability for the destination to receive redirected traffic. • SNMP test — Performs • URL test — Performs Page 284 7750 SR OS Router Configuration Guide...
Page 285: Figure 23: Filter Policy Components
→ Packet matching criteria — You can input and select criteria to create a specific template through which packets are compared and either forwarded or dropped, depending on the action specified. See Packet Matching Criteria on page 286. 7750 SR OS Router Configuration Guide Page 285...
Page 286: Packet Matching Criteria
Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. Page 286 7750 SR OS Router Configuration Guide...
Page 287 PID allows the filter to match the two-byte IEEE 802.3 LLC SNAP protocol ID that follows the three-byte OUI field. The DSAP and mask accepts decimal and hex in the range of 0 to 65535. 7750 SR OS Router Configuration Guide Page 287...
Page 288: Table 15: Dscp Name To Dscp Value Table
Table 15: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 af33 Page 288 7750 SR OS Router Configuration Guide...
Page 289: Filter Policies
DSCP Value DSCP Value cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 7750 SR OS Router Configuration Guide Page 289...
Page 290: Table 16: Ip Option Values
Experimental Access Control [Estrin] IMITD IMI Traffic Descriptor Extended Internet Protocol ADDEXT Address Extension RTRALT Router alert Selective directed broadcast NSAPA NSAP addresses Dynamic packet state Upstream multicast packet FINN Experimental flow control Page 290 7750 SR OS Router Configuration Guide...
Page 291: Ordering Filter Entries
If a packet does not completely match, the packet continues to the next entry, and then subsequent entries. • If a packet does not completely match any subsequent entries, then the default action is performed. 7750 SR OS Router Configuration Guide Page 291...
Page 292: Figure 24: Filtering Process Example
Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 24: Filtering Process Example Page 292 7750 SR OS Router Configuration Guide...
Page 293: Applying Filters
If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are discarded. 7750 SR OS Router Configuration Guide Page 293...
Page 294: Configuration Notes
Table 17: MAC Match Criteria Exclusivity Rules Frame Format Etype LLC – Header SNAP-OUI SNAP- PID (ssap & dsap) Ethernet – II 802.3 802.3 – snap a. When snap header is present, this is always set to AA-AA. Page 294 7750 SR OS Router Configuration Guide...
Page 295: Ip Filters
• If source or destination address of the Log messages does not match an entry already present in the table, the src/dst-address is stored in a free entry in the minitable. 7750 SR OS Router Configuration Guide Page 295...
Page 296 In case the mini-table has no more free entries, only Total counter is incremented. • At expiry of the summarization interval, the mini-table for each type is flushed to the syslog destination. Page 296 7750 SR OS Router Configuration Guide...
Page 297: Reference Sources
Filter Policies Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Protocol Support on page 715. 7750 SR OS Router Configuration Guide Page 297...
Page 298 Configuration Notes Page 298 7750 SR OS Router Configuration Guide...
Page 299: Configuring Filter Policies With Cli
→ Modifying an IP Filter Policy on page 338 → Deleting a Filter Policy on page 342 → Deleting a Filter Policy on page 342 → Copying Filter Policies on page 349 7750 SR OS Router Configuration Guide Page 299...
Page 300: Filter Cli Command Structure
Filter CLI Command Structure Filter CLI Command Structure Figure 25 displays the 7750 SR OS filter command structure. The filter configuration commands are located under the context and the show commands are under config>filter show>filter show>filter mac ROOT CONFIG FILTER...
Page 301: Figure 26: Redirect Policy Command Structure
Filter Policies Figure 26 displays the 7750 SR OS filter redirect policy command structure. The redirect policy configuration commands are located under the context and the show commands config>filter are under context. show>filter>redirect-policy ROOT CONFIG FILTER REDIRECT-POLICY default-action description entry entry-id...
Page 302: List Of Commands
Creates the drop or forward action associated with the match criteria. If action not specified, the filter policy entry is not taken into account. A text string describing the entry. description Page 302 7750 SR OS Router Configuration Guide...
Page 303 TCP header of an IP packet for IP filter matching. Configures matching on the ACK bit being set or reset in the control bits tcp-ack of the TCP header of an IP packet for IP filter matching. 7750 SR OS Router Configuration Guide Page 303...
Page 304 Configures a destination TCP or UDP port number or port range for an IP dst-port filter match criterion. Configures matching on ICMP code field in the ICMP header of an IP icmp-code packet as an IP filter match criterion. Page 304 7750 SR OS Router Configuration Guide...
Page 305 Configures a source MAC address or range to be used as a MAC filter src-mac match criterion. Configures a destination MAC address or range to be used as a MAC filter dst-mac match criterion. 7750 SR OS Router Configuration Guide Page 305...
Page 306 The OID of the object to be fetched from the destination. Specifies the criterion to adjust the priority based on the test result. return-value The context to enable URL test parameters. url-test Specifies the URL to be probed by the URL test. Page 306 7750 SR OS Router Configuration Guide...
Page 307 Specifies that received log packets are summarized based on the source IP summary-crit src- addr or MAC address. Configures a memory filter log to log until full or to store the most recent wrap-around log entries (circular buffer). 7750 SR OS Router Configuration Guide Page 307...
Page 308: Basic Configuration
20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 27: Applying an IP Filter to an Ingress Interface Page 308 7750 SR OS Router Configuration Guide...
Page 309: Common Configuration Tasks
Creating a MAC Filter Policy on page 320 • Creating Filter Log Policies on page 323 • Applying Filter Policies on page 324 • Apply Filter Policies to Network Port on page 327 7750 SR OS Router Configuration Guide Page 309...
Page 310: Creating An Ip Filter Policy
12 create description "IP-filter" scope template exit ---------------------------------------------- A:ALA-7>config>filter# Use the following CLI syntax to create an exclusive IP filter policy: CLI Syntax: config>filter# ip-filter filter-id description description-string scope {exclusive|template} default-action {drop|forward} Page 310 7750 SR OS Router Configuration Guide...
Page 311 11 create config>filter# description "filter-main" config>filter# scope exclusive The following example displays the exclusive filter policy configuration: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 11 create description "filter-main" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 311...
Page 312: Ip Filter Entry
10 create config>filter>ip-filter>entry$ description “no-91” config>filter>ip-filter>entry# exit The following example displays the IP filter entry configuration. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match exit exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 312 7750 SR OS Router Configuration Guide...
Page 313 "filter-main" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit no action exit entry 20 create match protocol tcp dst-ip 100.0.0.2/32 dst-port eq 80 exit action forward 7750 SR OS Router Configuration Guide Page 313...
Page 314 Common Configuration Tasks exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# Page 314 7750 SR OS Router Configuration Guide...
Page 315 The following example displays the IP filter entry configuration. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7750 SR OS Router Configuration Guide Page 315...
Page 316: Ip Entry Matching Criteria
The following displays a matching configuration. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 316 7750 SR OS Router Configuration Guide...
Page 317: Creating An Ipv6 Filter Policy
"New IPv6 filter info" config>filter>ipv6-filter$ scope exclusive The following example displays the IPv6 filter policy configuration: A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "New IPv6 filter info" scope exclusive exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# tree detail 7750 SR OS Router Configuration Guide Page 317...
Page 318: Ipv6 Filter Entry
The following displays the configuration command usage to create an IPv6 filter entry: Example config>filter# ipv6-filter 11 config>filter>ipv6-filter# entry 1 create config>filter>ipv6-filter>entry# match config>filter>ipv6-filter>entry>match# dst-ip 11::12/128 config>filter>ipv6-filter>entry>match# src-ip 13::14/128 config>filter>ipv6-filter>entry>match$ exit config>filter>ipv6-filter>entry# action drop config>filter>ipv6-filter>entry# exit Page 318 7750 SR OS Router Configuration Guide...
Page 319 The following example displays the IPv6 filter entry configuration. A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "New IPv6 filter info" scope exclusive entry 1 create match dst-ip 11::12/128 src-ip 13::14/128 exit action drop exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# 7750 SR OS Router Configuration Guide Page 319...
Page 320: Creating A Mac Filter Policy
"filter-west" config>filter>mac-filter# scope exclusive config>filter>mac-filter# default-action drop config>filter>mac-filter# The following example displays the MAC filter policy configuration: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 320 7750 SR OS Router Configuration Guide...
Page 321: Mac Filter Entry
90 config>filter>mac-filter# entry 1 config>filter>mac-filter>entry# config>filter>mac-filter>entry# description "allow-104" config>filter>mac-filter>entry# action drop A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 7750 SR OS Router Configuration Guide Page 321...
Page 322: Mac Entry Matching Criteria
The following displays the filter matching configuration. A;ALA-7>config>filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# Page 322 7750 SR OS Router Configuration Guide...
Page 323: Creating Filter Log Policies
1000 config>filter>log# wraparound config>filter>log# no shutdown The following displays the filter matching configuration. A:ALA-48>config>filter>log# info detail --------------------------------------------- description "Test filter log." destination memory 1000 wrap-around no shutdown --------------------------------------------- A:ALA-48>config>filter>log# 7750 SR OS Router Configuration Guide Page 323...
Page 324: Applying Filter Policies
The following displays the command usage to assign IP filters to a service SAP and spoke SDP: Example config# service epipe 103 config>service>epipe# sap 1/1/1.1.1 config>service>epipe>sap# ingress config>service>epipe>sap>ingress# filter ip 10 config>service>epipe>sap>ingress# exit config>service>epipe>sap# egress config>service>epipe>sap>egress# filter mac 92 config>service>epipe>sap>egress# exit config>service>epipe>sap# exit Page 324 7750 SR OS Router Configuration Guide...
Page 325 1/1/1.1.1 create ingress filter ip 10 exit egress filter mac 92 exit exit spoke-sdp 8:8 create ingress filter ip 10 exit egress filter mac 91 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7750 SR OS Router Configuration Guide Page 325...
Page 326: Apply An Ipv6 Filter Policy To An Ies Sap
The following output displays the IPv6 filters assigned to an IES service interface: A:ALA-48>config>service>ies# info ---------------------------------------------- interface "testA" create address 192.22.1.1/24 sap 2/1/3:0 create exit ipv6 ingress filter ipv6 100 egress filter ipv6 100 exit exit ---------------------------------------------- A:ALA-48>config>service>ies# Page 326 7750 SR OS Router Configuration Guide...
Page 327: Apply Filter Policies To Network Port
10 config>router>if# exit A:ALA-48>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "to-104" address 10.0.0.103/24 port 1/1/1 ingress filter ip 10 exit egress filter ip 10 exit exit #------------------------------------------ A:ALA-48>config>router# 7750 SR OS Router Configuration Guide Page 327...
Page 328: Apply An Ipv6 Interface
2 A:config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 filter ipv6 1 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:config>router>if# Page 328 7750 SR OS Router Configuration Guide...
Page 329: Creating A Redirect Policy
[disable| lower-priority priority|raise-priority priority] timeout seconds url-test test-name drop-count consecutive-failures [hold-down seconds] interval seconds return-code return-code-1 [return-code-2] [disable | lower-priority priority | raise-priority priority] timeout seconds url url-string [http-version version-string] [no] shutdown 7750 SR OS Router Configuration Guide Page 329...
Page 330 "redirect1" create destination 10.10.10.104 create description "SNMP_to_104" priority 105 snmp-test "SNMP-1" interval 30 drop-count 30 hold-down 120 exit no shutdown exit destination 10.10.10.105 create priority 95 ping-test timeout 30 drop-count 5 Page 330 7750 SR OS Router Configuration Guide...
Page 331 Filter Policies exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_106" url "http://aww.alcatel.com/ipd/" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 331...
Page 332: Configuring Policy-Based Forwarding For Deep Packet Inspection In Vpls
SAP 1/1/23:5 (which it should not). Figure 28 shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service. For information about configuring services, refer to the 7750 SR OS Services Guide. DPI Box...
Page 333 1/1/21:1 split-horizon-group "split" create disable-learning static-mac 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit no shutdown exit ---------------------------------------------- *A:ALA-48>config>service# 7750 SR OS Router Configuration Guide Page 333...
Page 334 The following example displays the MAC filter configuration: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1 exit exit ---------------------------------------------- *A:ALA-48>config>filter# Page 334 7750 SR OS Router Configuration Guide...
Page 335 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# 7750 SR OS Router Configuration Guide Page 335...
Page 336: Filter Management Tasks
Copying Filter Policies on page 349 Renumbering Filter Policy Entries The 7750 SR OS exits the matching process when the first match is found and then executes the actions in accordance with the specified action. Because the ordering of entries is important, the numbering sequence can be rearranged.
Page 337 40 create exit match entry 30 create dst-ip 10.10.10.91/24 match src-ip 10.10.10.106/24 dst-ip 10.10.10.91/24 exit src-ip 10.10.0.200/24 action drop exit exit action forward exit exit exit ---------------------------------------------- A:ALA-7>config>filter# ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 337...
Page 338: Modifying An Ip Filter Policy
10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit Page 338 7750 SR OS Router Configuration Guide...
Page 339 Filter Policies exit ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 339...
Page 340: Modifying An Ipv6 Filter Policy
The following output displays the modified IPv6 filter output: A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "IPv6 filter for Customer 1" scope exclusive entry 1 create description "Fwds matching packets" match dst-ip 11::12/128 src-ip 13::14/128 exit action forward exit ---------------------------------------------- A:ALA-49>config>filter>ipv6-filter# Page 340 7750 SR OS Router Configuration Guide...
Page 341: Modifying A Mac Filter Policy
1 create description "New entry info" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action forward exit entry 2 create match dot1p 7 7 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 341...
Page 342: Deleting A Filter Policy
To remove a filter from an egress SAP, enter the following CLI commands: CLI Syntax: config>service# [epipe|ies|vpls] service-id sap port-id[:encap-val] egress no filter Example config>service# epipe 5 config>service>epipe# sap 1/1/2:3 config>service>epipe>sap# egress config>service>epipe>sap>ingress# no filter Page 342 7750 SR OS Router Configuration Guide...
Page 343: From A Network Interface
1 exit ---------------------------------------------- A:ALA-49>config>router>if# CLI Syntax: config>router>if# config>router>if# ingress no filter A:ALA-49>config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit egress filter ip 2 filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router>if# 7750 SR OS Router Configuration Guide Page 343...
Page 344 ---------------------------------------------- A:ALA-49>config>router>if# CLI Syntax: config>router>if# ingress no filter ipv6 1 A:ALA-49>config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ingress filter ip 2 exit egress filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router>if# Page 344 7750 SR OS Router Configuration Guide...
Page 345 CLI Syntax: config>router>if# ingress no filter A:ALA-49>config>router>if# ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit egress filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router>if# CLI Syntax: config>router>if# egress no filter A:ALA-49>config>router>if# ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit ---------------------------------------------- A:ALA-49>config>router>if# 7750 SR OS Router Configuration Guide Page 345...
Page 346: From The Filter Configuration
After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id CLI Syntax: config>filter# no ipv6-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter 13 config>filter# no ipv6-filter 100 Page 346 7750 SR OS Router Configuration Guide...
Page 347: Modifying A Redirect Policy
5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_Proxy" url "http://www.alcatel.com" interval 10 timeout 10 return-code 1 4294967295 raise-priority 255 exit no shutdown exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 347...
Page 348: Deleting A Redirect Policy
A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "This is new" scope exclusive entry 1 create filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action forward redirect-policy redirect2 exit entry 2 create description "new entry" ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 348 7750 SR OS Router Configuration Guide...
Page 349: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# 7750 SR OS Router Configuration Guide Page 349...
Page 350 Filter Management Tasks Page 350 7750 SR OS Router Configuration Guide...
Page 351: Filter Command Reference
— no description — default-action {drop | forward} — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope — entry entry-id [time-range time-range-name] [create] — no entry entry-id 7750 SR OS Router Configuration Guide Page 351...
Page 352 — src-port {{lt | gt | eq} src-port-number — src-port range start end} — no src-port — tcp-ack {true | false} — no tcp-ack — tcp-syn {true | false} — no tcp-syn Page 352 7750 SR OS Router Configuration Guide...
Page 353 — scope {exclusive | template} — no scope —MAC filter commands MAC Filter Policy Commands config — filter — mac-filter filter-id [create] — no mac-filter filter-id — description description-string — no description 7750 SR OS Router Configuration Guide Page 353...
Page 354 0x0600..0xffff — no etype — snap-oui {zero | non-zero} — no snap-oui — snap-pid snap-pid — no snap-pid — ssap ssap-value [ssap-mask] — no ssap — src-mac ieee-address [ieee-address-mask] — no src-mac Page 354 7750 SR OS Router Configuration Guide...
Page 355 — no interval — return-code return-code-1 [return-code-2] [disable | lower- priority priority | raise-priority priority] — no return-code return-code-1 [return-code-2] — timeout seconds — no timeout — url-string [http-version version-string] — no 7750 SR OS Router Configuration Guide Page 355...
Page 356 [interval seconds] [repeat repeat] [absolute | rate] — filter (ipv6) ipv6 ipv6-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter mac mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] Page 356 7750 SR OS Router Configuration Guide...
Page 357: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7750 SR OS Router Configuration Guide Page 357...
Page 358: Global Filter Commands
1 — 16384 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. mac-filter Syntax [no] mac-filter filter-id [create] Page 358 7750 SR OS Router Configuration Guide...
Page 359 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured. 7750 SR OS Router Configuration Guide Page 359...
Page 360: Filter Log Destination Commands
1000 entries. The number of entries and wrap-around behavior can be edited. Default log 101 — no filter log destinations defined Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 Page 360 7750 SR OS Router Configuration Guide...
Page 361 Log packets received during the reconfiguration time will be handled as if summary was not active. The no form of the command reverts to the default parameter. Default dst-addr 7750 SR OS Router Configuration Guide Page 361...
Page 362 The no form of the command configures the memory filter log to accept filter log entries until full. When the memory filter log is full, filter logging for the log filter ID ceases. Default wrap-around - the filter log store the most recent filter log entries Page 362 7750 SR OS Router Configuration Guide...
Page 363: Filter Policy Commands
If the policy is removed from the entity, it will become available for assignment to another entity. template — When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or network ports. 7750 SR OS Router Configuration Guide Page 363...
Page 364: General Filter Entry Commands
This command creates or edits an IP, IPv6, or MAC filter entry. Multiple entries can be created using unique entry-id numbers within the filter. The 7750 SR OS implementation exits the filter on the first match found and executes the actions in accordance with the accompanying action command. For this reason, entries must be sequenced correctly from most to least explicit.
Page 365 The no form of the command disables logging for the filter entry. Default no log — no destination filter log ID specified Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7750 SR OS Router Configuration Guide Page 365...
Page 366: Ip Filter Entry Commands
SAPs are supported (including q-in-q, BCP, bridged Ethernet in Frame Relay or ATM). Values sap-id: null [port-id | bundle-id | lag-id | aps-id] dot1q [port-id | bundle-id | lag-id | aps-id]:qtag1 qinq [port-id | bundle-id | lag-id]:qtag1.qtag2 [port-id | bundle-id][:vpi/vci | vpi | vpi1.vpi2] Page 366 7750 SR OS Router Configuration Guide...
Page 367 1 — 128 For example: ALA-12>config# port bundle-ima-5/1.1 ALA-12>config>port# multilink-bundle ima — Specifies Inverse Multiplexing over ATM. An IMA group is a collection of physical links bundled together and assigned to an ATM port. 7750 SR OS Router Configuration Guide Page 367...
Page 368 If the cflowd is either not enabled or set to cflowd interface mode, this command is ignored. The no form removes this command for the system configuration, disallowing the sampling of packets if the ingress interface is in cflowd acl mode. Page 368 7750 SR OS Router Configuration Guide...
Page 369 * — udp/tcp wildcard Protocol Protocol ID Description icmp Internet Control Message 7750 SR OS Router Configuration Guide Page 369...
Page 370 PNNI over IP Protocol Independent Multicast vrrp Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Schedule Transfer Protocol Performance Transparency Protocol isis ISIS over IPv4 crtp Combat Radio Transport Protocol Page 370 7750 SR OS Router Configuration Guide...
Page 371 * — udp/tcp wildcard 7750 SR OS Router Configuration Guide Page 371...
Page 372: Mac Filter Entry Commands
[port-id | bundle-id]:dlci cisco-hdlc slot/mda/port.channel ima-grp bundle-id[:vpi/vci | vpi | vpi1.vpi2] port-id slot/mda/port[.channel] aps-id aps-group-id[.channel] keyword group-id 1 — 64 bundle-type-slot/mda.bundle-num bundle keyword type ima, ppp bundle-num 1 — 128 ccag-id ccag-id.path-id[cc-type]:cc-id ccag keyword Page 372 7750 SR OS Router Configuration Guide...
Page 373 — The virtual circuit identifier. This value is used to validate the VC ID portion of each mesh SDP binding defined in the service. The default value of this object is equal to the service ID. Values 1 — 4294967295 7750 SR OS Router Configuration Guide Page 373...
Page 374 802dot2-llc — Specifies the frame type is Ethernet IEEE 802.2 LLC. 802dot2-snap — Specifies the frame type is Ethernet IEEE 802.2 SNAP. ethernet_II — Specifies the frame type is Ethernet Type II. Page 374 7750 SR OS Router Configuration Guide...
Page 375: Ip Filter Match Criteria
0.0.0.0 — 255.255.255.255 mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 dst-ip 7750 SR OS Router Configuration Guide Page 375...
Page 376 — Specifies an inclusive range of port numbers to be used as a match criteria. The destination port numbers start-port and end-port are expressed as decimal integers. Values 1 — 65535 Page 376 7750 SR OS Router Configuration Guide...
Page 377 This command configures matching on the ICMP type field in the ICMP header of an IP or IPv6 packet as a filter match criterion. This option is only meaningful if the protocol match criteria specifies ICMP (1). 7750 SR OS Router Configuration Guide Page 377...
Page 378 This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0x14 Binary 0bBBBBBBBB 0b0010100 Default 255 (decimal) (exact match) Values 1 — 255 (decimal) Page 378 7750 SR OS Router Configuration Guide...
Page 379 To match on the source IP address, specify the address and its associated mask, e.g. 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 may also be used. The no form of the command removes the source IP address match criterion. 7750 SR OS Router Configuration Guide Page 379...
Page 380 This command configures a source TCP or UDP port number or port range for an IP filter match criterion. The no form of the command removes the source port match criterion. Default No src-port match criterion Page 380 7750 SR OS Router Configuration Guide...
Page 381 The SYN bit is normally set when the source of the packet wants to initiate a TCP session with the specified destination IP address. The no form of the command removes the criterion from the match entry. 7750 SR OS Router Configuration Guide Page 381...
Page 382 — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header. false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 382 7750 SR OS Router Configuration Guide...
Page 383: Mac Filter Match Criteria
To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) dsap Syntax dsap dsap-value [mask] no dsap Context config>filter>mac-filter>entry 7750 SR OS Router Configuration Guide Page 383...
Page 384 — The MAC address to be used as a match criterion. Values HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit mask — A 48-bit mask to match a range of MAC address values. Page 384 7750 SR OS Router Configuration Guide...
Page 385 Syntax snap-oui [zero | non-zero] no snap-oui Context config>filter>mac-filter>entry Description Configures an IEEE 802.3 LLC SNAP Ethernet Frame OUI zero or non-zero value to be used as a MAC filter match criterion. 7750 SR OS Router Configuration Guide Page 385...
Page 386 The no form of the command removes the source mac as the match criteria. Default none Parameters ieee-address — Enter the 48-bit IEEE mac address to be used as a match criterion. Values HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit Page 386 7750 SR OS Router Configuration Guide...
Page 387 — This is optional and may be used when specifying a range of ssap values to use as the match criteria. This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default none Values 0x00 — 0xFF 7750 SR OS Router Configuration Guide Page 387...
Page 388: Policy And Entry Maintenance Commands
This may be required in some cases since the OS exits when the first match is found and executes the actions according to the accompanying action command. This requires that entries be sequenced correctly from most to least explicit. Page 388 7750 SR OS Router Configuration Guide...
Page 389 Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7750 SR OS Router Configuration Guide Page 389...
Page 390: Redirect Policy Commands
This command specifies the number of consecutive requests that must fail for the destination to be declared unreachable. Default drop-count 3 hold-down 0 Parameters consecutive-failures — Specifies the number of consecutive ping test failures before declaring the destination down. Values 1 — 60 Page 390 7750 SR OS Router Configuration Guide...
Page 391 — Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host. Values 1 — 60 priority Syntax priority priority no priority Context config>filter>destination 7750 SR OS Router Configuration Guide Page 391...
Page 392 This command specifies the criterion to adjust the priority based on the test result. Multiple criteria can be specified with the condition that they are not conflicting or overlap. If the returned value is Page 392 7750 SR OS Router Configuration Guide...
Page 393 For example, error code 401 for HTTP is “page not found.” If, while performing this test, the URL is not reachable, you can lower the priority by 10 points so that other means of reaching this destination are prioritized higher than the older one. Default none 7750 SR OS Router Configuration Guide Page 393...
Page 394 This command specifies the URL to be probed by the URL test. Default none Parameters url-string — Specify a URL up to 255 characters in length. http-version version-string — Specifies the HTTP version, 80 characters in length. Page 394 7750 SR OS Router Configuration Guide...
Page 395: Show Commands
SDH and TDM channels, the port ID must include the channel ID. A period “.” separates the physical port from the channel-id. The port must be configured as an access port. If the SONET/SDH port is configured as clear-channel then only the port is specified. 7750 SR OS Router Configuration Guide Page 395...
Page 396 — Specifies the encapsulation value used to identify the SAP on the port or sub-port. If this parameter is not specificially defined, the default value is 0. Values qtag1: 0 — 4094 qtag2 : * | 0 — 4094 Page 396 7750 SR OS Router Configuration Guide...
Page 397 Displays the IP address. IP Address Displays the MAC address. Mac Address Sample Output A:ALA-48# show filter anti-spoof ================================================================== Anti Spoofing Table ================================================================== SapId IP Address Mac Address ------------------------------------------------------------------ ================================================================== A:ALA-48# show filter anti-spoof 7750 SR OS Router Configuration Guide Page 397...
Page 398 1 — 9999 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output. counters — Displays counter information for the specified filter ID. Page 398 7750 SR OS Router Configuration Guide...
Page 399 The number of entries configured in this filter ID. Entries The IP filter policy description. Description The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — 7750 SR OS Router Configuration Guide Page 399...
Page 400 Drop packets matching the filter entry. Drop — The explicit action to perform is forwarding of the Forward — packet. Forward - indirect: ip-addr Forward - interface: ip-int-name Forward - next-hop: ip-addr Page 400 7750 SR OS Router Configuration Guide...
Page 401 : None Protocol Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49>config>filter# 7750 SR OS Router Configuration Guide Page 401...
Page 402 The IP filter policy ID. The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive. Exclusive — The number of entries configured in this filter ID. Entries Page 402 7750 SR OS Router Configuration Guide...
Page 403 Specifies matching packets with a specific IP option or a range of IP IP-Option options in the IP header for IP filter match criteria. Specifies that the SYN bit is disabled. TCP-syn Off — Specifies that the SYN bit is set. On — 7750 SR OS Router Configuration Guide Page 403...
Page 404 On — TCP header of an IP packet. The number of egress filter matches/hits for the filter entry. Egr. Matches Sample Output A:ALA-49# show filter ip 1 associations =============================================================================== IP Filter =============================================================================== Page 404 7750 SR OS Router Configuration Guide...
Page 405 Label Description The IP filter policy ID. IP Filter Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive. Exclusive — 7750 SR OS Router Configuration Guide Page 405...
Page 406 {ipv6-filter-id [entry entry-id] [association | counters]} Context show>filter Description Displays IPv6 filter information. Parameters ipv6-filter-id — Displays detailed information for the specified IPv6 filter ID and filter entries. Values 1 — 65535 Page 406 7750 SR OS Router Configuration Guide...
Page 407 The filter policy is of type template. Scope Template — The filter policy is of type exclusive. Exclusive — The number of entries configured in this filter ID. Entries The IP filter policy description. Description 7750 SR OS Router Configuration Guide Page 407...
Page 408 Specifies matching packets with a specific IP option or a range of IP IP-Option options in the IP header for IP filter match criteria. Specifies that the SYN bit is disabled. TCP-syn Off — Specifies that the SYN bit is set. On — Page 408 7750 SR OS Router Configuration Guide...
Page 409 Matches the ACK bit being set or reset in the control bits of the On — TCP header of an IP packet. The number of egress filter matches/hits for the filter entry. Egr. Matches Sample Output A:ALA-48# show filter ipv6 100 =============================================================================== 7750 SR OS Router Configuration Guide Page 409...
Page 410 The filter policy ID is applied as an ingress filter policy on the inter- (Ingress) face. The filter policy ID is applied as an egress filter policy on the interface. (Egress) The type of service of the service ID. Type Page 410 7750 SR OS Router Configuration Guide...
Page 411 Forward - interface: ip-int-name Forward - next-hop: ip-addr The number of ingress filter matches/hits for the filter entry. Ing. Matches The source TCP or UDP port number or port range. Src. Port 7750 SR OS Router Configuration Guide Page 411...
Page 412 Next Header : Undefined Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== Page 412 7750 SR OS Router Configuration Guide...
Page 413 Applied : Yes Scope : Template Def. Action : Forward Entries Description : test ------------------------------------------------------------------------------- Filter Match Criteria : IPv6 ------------------------------------------------------------------------------- Entry : 10 Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-48# 7750 SR OS Router Configuration Guide Page 413...
Page 414 The More Fragments IP flag is set in the logged packet. Flags M — (IP flags) The Do Not Fragment IP flag is set in the logged packet. DF — The TOS byte value in the logged packet. Page 414 7750 SR OS Router Configuration Guide...
Page 415 Log ID. Summary Log LogID Summary criterion that is used as index into the mini-tables of the Log. Crit1 The description of the filter entry ID which generated the filter log TotCnt entry. 7750 SR OS Router Configuration Guide Page 415...
Page 416 Note: A summary log will be printed only in case TotCnt is different from 0. Only the address types with at least 1 entry in the minitable will be printed. A:ALA-A>config# show filter log 190 =============================================================================== Summary Log[190] Crit1: SrcAddr TotCnt: 723 ArpCnt: Page 416 7750 SR OS Router Configuration Guide...
Page 417 The filter policy is of type Exclusive. Exclusiv — The filter policy ID has not been applied. Applied No — The filter policy ID is applied. Yes — The MAC filter policy description. Description 7750 SR OS Router Configuration Guide Page 417...
Page 418 The entry ID match frame type is Ethernet Type II. Ethernet II — The source MAC address and mask match criterion. When both the Src MAC MAC address and mask are all zeroes, no criterion specified for the fil- ter entry. Page 418 7750 SR OS Router Configuration Guide...
Page 419 Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry : 200 FrameType : 802.2SNAP Description : Not Available Src Mac : 00:00:5a:00:00:00 ff:ff:ff:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : 802.2SNAP 7750 SR OS Router Configuration Guide Page 419...
Page 420 Filter Id Applied : Yes Scope : Template Def. Action : Drop Entries ------------------------------------------------------------------------------- Filter Association : Mac ------------------------------------------------------------------------------- Service Id : 1001 Type : VPLS - SAP 1/1/1:1001 (Egress) =============================================================================== A:ALA-49# Page 420 7750 SR OS Router Configuration Guide...
Page 421 Mac Filter : 200 =============================================================================== Filter Id : 200 Applied : Yes Scope : Exclusive D. Action : Drop Description : Forward SERVER sourced packets ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- 7750 SR OS Router Configuration Guide Page 421...
Page 422 Specifies the amount of time in seconds that is allowed for receiving a Timeout response from the far-end host. If a reply is not received within this time the far-end host is considered unresponsive. Page 422 7750 SR OS Router Configuration Guide...
Page 423 Admin State : Up Oper State : Up SNMP Test : SNMP-1 Interval : 30 Timeout Drop Count : 30 Hold Down : 120 Hold Remain Last Action at : None Taken ------------------------------------------------------------------------------- 7750 SR OS Router Configuration Guide Page 423...
Page 424 URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2005 05:04:15 Action Taken : Disable Priority Change: 0 Return Code =============================================================================== ALA-A# Page 424 7750 SR OS Router Configuration Guide...
Page 425: Clear Commands
— Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. 7750 SR OS Router Configuration Guide Page 425...
Page 426 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. Page 426 7750 SR OS Router Configuration Guide...
Page 427: Monitor Commands
1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be moniitored. Values 1 — 65535 interval — Configures the interval for each display in seconds. 7750 SR OS Router Configuration Guide Page 427...
Page 428 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. Page 428 7750 SR OS Router Configuration Guide...
Page 429: Cflowd
Operation on page 431 → Cflowd Filter Matching on page 432 • Cflowd Configuration Process Overview on page 434 • Cflowd Configuration Components on page 435 • Configuration Notes on page 437 7750 SR OS Router Configuration Guide Page 429...
Page 430: Cflowd Overview
IP addresses, port numbers, AS numbers, etc. Each subsequent packet matching the same parameters of the flow contribute to the byte and packet count of the flow until the flow is terminated and exported to a collector for storage. Page 430 7750 SR OS Router Configuration Guide...
Page 431: Operation
6. If a flow has bee active for a period of time equal to or greater than the active timer (default 30 min.), then depending on the format, if V5, the entry is removed from the flow cache, or, if V8, further processing occurs. 7750 SR OS Router Configuration Guide Page 431...
Page 432: Cflowd Filter Matching
Subsequent packets in the same flow are then forwarded without needing to be matched against the complete set of filters. Specific performance varies depending on the number and complexity of the filters. Page 432 7750 SR OS Router Configuration Guide...
Page 433: Figure 30: V5 And V8 Flow Processing
• When the cflowd cache is cleared. • When other measures are met that apply to aggressively age flows as the cache becomes too full (i.e., overflow percent). 7750 SR OS Router Configuration Guide Page 433...
Page 434: Cflowd Configuration Process Overview
IN AN IP-FILTER ENTRY: FOR CFLOWD ACL MODE: TURN UP ENABLE IP FILTER ENTRY FILTER SAMPLING FOR CFLOWD INTERFACE MODE: ENABLE INTERFACE-DISABLE-SAMPLE APPLY FILTER TO INTERFACE Figure 31: Cflowd Configuration and Implementation Flow Page 434 7750 SR OS Router Configuration Guide...
Page 435: Cflowd Configuration Components
Aggregation — Components of this command specify the types of data to be aggregated. • Autonomous system type — Specifies whether the autonomous system (AS) information included in the flow data is based on the originating AS or peer AS. 7750 SR OS Router Configuration Guide Page 435...
Page 436: Figure 33: Router Interface Cflowd Configuration Components
IP interface is set to cflowd acl. • Interface disable sample — Specifies that traffic matching the associated IP filter entry is not sampled if the IP interface is set to cflowd interface mode. Page 436 7750 SR OS Router Configuration Guide...
Page 437: Configuration Notes
A cflowd option must be specified and enabled on a router interface. • Sampling can only be enabled on either: → An IP filter which is applied to a port or service. → An interface on a port or service. 7750 SR OS Router Configuration Guide Page 437...
Page 438: Reference Sources
Configuration Notes Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Protocol Support on page 715. Page 438 7750 SR OS Router Configuration Guide...
Page 439: Configuring Cflowd With Cli
Specifying Sampling Options in Filter Entries on page 457 • Cflowd Configuration Management Tasks on page 458 → Modifying Global Cflowd Components on page 459 → Modifying Cflowd Collector Parameters on page 460 7750 SR OS Router Configuration Guide Page 439...
Page 440: Cflowd Configuration Overview
Cflowd Configuration Overview The 7750 SR OS implementation of cflowd supports the option to analyze traffic flow. The imple- mentation also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed. Traffic blocked (dropped) by ACL filters is not sent to cflowd for analysis.
Page 441: Collectors
• IP TOS byte The 7750 SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all packets forwarded by the interface are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis.
Page 442 • Source-destination prefix — Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress interface and egress interface. Page 442 7750 SR OS Router Configuration Guide...
Page 443: Cflowd Cli Command Structure
Cflowd Cflowd CLI Command Structure The 7750 SR OS cflowd command structure is displayed in Figure 35. Cflowd configuration commands are located under the context and the show commands are under config>cflowd show>cflowd. ROOT CONFIG CFLOWD ACTIVE-TIMEOUT INACTIVE-TIMEOUT CACHE-SIZE OVERFLOW...
Page 444: List Of Commands
Configures the type of aggregation scheme(s). aggregation Specifies that the aggregation data should be based on autonomous as-matrix system (AS) information. Specifies that the aggregation data is based on destination prefix destination-prefix information. Page 444 7750 SR OS Router Configuration Guide...
Page 445 AS or peer AS. Creates a text description stored in the configuration file for a description configuration context. Administratively enables the cflowd collector. no shutdown 7750 SR OS Router Configuration Guide Page 445...
Page 446: Basic Cflowd Configuration
The following example displays a cflowd configuration. ALA-1>config>cflowd# info detail ---------------------------------------------- active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 collector 10.10.10.103:5 no aggregation autonomous-system-type origin no description no shutdown exit no shutdown ---------------------------------------------- ALA-1>config>cflowd# Page 446 7750 SR OS Router Configuration Guide...
Page 447: Common Configuration Tasks
Active timeout • Inactive timeout • Cache size • Overflow • Rate Collector Components Components that are common to all collector configurations include the following parameters: • Aggregation • Autonomous-system-type • Description 7750 SR OS Router Configuration Guide Page 447...
Page 448: Configuring Cflowd
Enabling Cflowd on Interfaces and Filters on page 453 CLI Syntax: config>cflowd# active-timeout minutes cache-size num-entries inactive-timeout seconds overflow percent rate sample-rate collector ip-address[:port] aggregation as-matrix destination-prefix protocol-port source-destination-prefix source-prefix autonomous-system-type [origin | peer] description description-string no shutdown no shutdown Page 448 7750 SR OS Router Configuration Guide...
Page 449: Enabling Cflowd
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured. ALA-1>config# info detail #------------------------------------------ echo "Cflowd Configuration" #------------------------------------------ cflowd active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 no shutdown exit #------------------------------------------ ALA-1>config# 7750 SR OS Router Configuration Guide Page 449...
Page 450: Configuring Global Cflowd Parameters
Example: config>cflowd# active-timeout 20 config>cflowd# inactive-timeout 10 config>cflowd# overflow 10 config>cflowd# rate 100 The following example displays the common cflowd component configuration: ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ ALA-1>config>cflowd# Page 450 7750 SR OS Router Configuration Guide...
Page 451: Configuring Cflowd Collectors
“AS info collector” config>cflowd>coll>agg# exit config>cflowd# collector 10.10.10.1:2000 config>cflowd>collector$ no shutdown config>cflowd>collector# description "Neighbor collector" config>cflowd>collector# aggregation config>cflowd>coll>agg# protocol-port config>cflowd>coll>agg# source-destination-prefix config>cflowd>collector# no shutdown config>cflowd>coll>agg# exit 7750 SR OS Router Configuration Guide Page 451...
Page 452 20 inactive-timeout 10 overflow 10 rate 100 collector 10.10.10.1:2000 aggregation as-matrix exit description "AS info collector" exit collector 10.10.10.2:5000 aggregation protocol-port source-destination-prefix exit autonomous-system-type peer description "Neighbor collector" exit ----------------------------------------- ALA-1>config>cflowd# Page 452 7750 SR OS Router Configuration Guide...
Page 453: Enabling Cflowd On Interfaces And Filters
Filter Configurations on page 457 Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 21 displays the expected results when specific features are enabled and disabled. 7750 SR OS Router Configuration Guide Page 453...
Page 454: Table 21: Cflowd Configuration Dependencies
IP-filter mode or Command is ignored. No sampling interface- disable-sample cflowd not enabled on occurs. interface Interface mode Traffic matching this IP filter entry interface interface- disable-sample is not sampled. Page 454 7750 SR OS Router Configuration Guide...
Page 455: Specifying Cflowd Options On An Ip Interface
(See Interface Configurations on page 455.) For configuration information, refer to the IP Router Configuration Overview sections of the 7750 SR OS Router Configuration Guide. 4. On the IP filter being used, the option must be explicitly entry>filter-sample enabled.
Page 456: Service Interfaces
Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface. Page 456 7750 SR OS Router Configuration Guide...
Page 457: Specifying Sampling Options In Filter Entries
2. At least one cflowd collector must be configured and enabled. 3. The option must be selected. For configuration interface>cflowd interface information, refer to the Filter Policy Overview sections of the 7750 SR OS Router Configuration Guide. 4. The option config>filter>ip-filter>entry>interface-disable-sample...
Page 458: Cflowd Configuration Management Tasks
[no] raw [no] source-destination-prefix [no] source-prefix autonomous-system-type {origin | peer} no autonomous-system-type description description-string no description [no] shutdown inactive-timeout seconds no inactive-timeout overflow percent no overflow rate sample-rate no rate [no] shutdown Page 458 7750 SR OS Router Configuration Guide...
Page 459: Modifying Global Cflowd Components
Example: config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10 The following example displays the common cflowd component configuration: ALA-1>config>cflowd# info #------------------------------------------ active-timeout 60 overflow 2 rate 10 #------------------------------------------ ALA-1>config>cflowd# 7750 SR OS Router Configuration Guide Page 459...
Page 460: Modifying Cflowd Collector Parameters
10.10.10.1:2000 config>cflowd>collector$ no shutdown config>cflowd>collector# aggregation config>cflowd>coll>agg# no protocol-port config>cflowd>coll>agg# no source-destination-prefix config>cflowd>coll>agg# raw config>cflowd>coll>agg# source-prefix config>cflowd>coll>agg# exit config>cflowd>collector# no autonomous-system-type config>cflowd>collector# description "Test collector" config>cflowd>collector# exit Page 460 7750 SR OS Router Configuration Guide...
Page 461 The following example displays the basic cflowd modifications: ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 description "AS info collector" exit collector 10.10.10.2:5000 aggregation source-prefix exit description "Test collector" exit ----------------------------------------- ALA-1>config>cflowd# 7750 SR OS Router Configuration Guide Page 461...
Page 462 Page 462 7750 SR OS Router Configuration Guide...
Page 463: Cflowd Command Reference
— no overflow — rate sample-rate — no rate — [no] shutdown Show Commands show — cflowd — collector [ip-address[:port]] [detail] — interface [ip-int-name | ip-address] — status Clear Commands clear — cflowd 7750 SR OS Router Configuration Guide Page 463...
Page 464 Cflowd Command Reference Page 464 7750 SR OS Router Configuration Guide...
Page 465: Cflowd Configuration Commands
The no form of this command resets the inactive timeout back to the default value. Default Parameters minutes — The value expressed in minutes before an active flow is exported. Values 1 — 600 7750 SR OS Router Configuration Guide Page 465...
Page 466 To configure aggregation, you must decide which type of aggregation scheme to configure: autonomous system, destination prefix, protocol port, raw, source destination, or source prefix. The no form of this command removes all aggregation types from the collector configuration. Default no aggregation Page 466 7750 SR OS Router Configuration Guide...
Page 467 Description This command configures raw (unaggregated) flow data to be sent in Version 5. The no form of this command removes this type of aggregation from the collector configuration. Default none 7750 SR OS Router Configuration Guide Page 467...
Page 468 Context config>cflowd>collector Description This command creates a text description stored in the configuration file for a configuration context. The no form of this command removes the description string from the context. Page 468 7750 SR OS Router Configuration Guide...
Page 469 Parameters seconds — Specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive. Values 10 — 600 7750 SR OS Router Configuration Guide Page 469...
Page 470 The no form of this command resets the sample rate to the default value. Default 1000 Parameters sample-rate — Specifies the rate at which traffic is sampled. Values 1 — 1000 Page 470 7750 SR OS Router Configuration Guide...
Page 471: Show Commands
The current operational status of this Cflowd remote collector host. Oper The number of Cflowd records that have been transmitted to this Recs Sent remote collector host. The total number of collectors using this IP address. Collectors 7750 SR OS Router Configuration Guide Page 471...
Page 472: Table 23: Show Cflowd Collector Detailed Output Fields
Records Sent collector host. The time when this row entry was last changed. Last Changed The time when the last Cflowd packet was sent to this remote collector Last Pkt Sent host. Page 472 7750 SR OS Router Configuration Guide...
Page 473 — Display only information for the IP interface with the specified IP address. Default all interfaces with cflowd enabled ip-int-name — Display only information for the IP interface with the specified name. Default all interfaces with cflowd enabled 7750 SR OS Router Configuration Guide Page 473...
Page 474 Context show>cflowd Description This command displays basic information regarding the administrative and operational status of cflowd. Output cflowd Status Output — The following table describes the show cflowd status output fields: Page 474 7750 SR OS Router Configuration Guide...
Page 475: Table 24: Show Cflowd Status Output Fields
Inactive Timeout : 15 seconds Cache Size : 65536 entries Overflow : 1% Sample Rate : 1000 Active Flows Total Pkts Rcvd Total Pkts Dropped Aggregation Info : None ==================================================== ALA-1>show>cflowd# status 7750 SR OS Router Configuration Guide Page 475...
Page 476: Clear Commands
This action will trigger all the flows to be exported to the collector(s). The caches restart flow data collection from a fresh state. This command also clears collector statistics, such as, Pkts Sent and Flows Sent. Page 476 7750 SR OS Router Configuration Guide...
Page 477: Standards And Protocol Support
Standards and Protocol Support Standards Compliance draft-ietf-idr-rfc3065bis-05.txt. RFC 3392 Capabilities Advertisement IEEE 802.1d Bridging RFC 4271 BGP-4 (previously RFC 1771) IEEE 802.1p/Q VLAN Tagging RFC 4360 BGP Extended Communities Attribute IEEE 802.1s Multiple Spanning Tree IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1x Port Based Network Access Control IS-IS...
Page 478: Standards And Protocols
Standards and Protocols RFC 4644 Transmission of IPv6 RFC 2453 RIP Version 2 RFC 1377 PPP OSINLCP Packets over Ethernet Networks RFC 1638/2878PPP BCP RSVP-TE RFC 2529 Transmission of IPv6 over RFC 1661 IPv4 Domains without Explicit RFC 2430 A Provider Architecture for RFC 1662 PPP in HDLC-like Framing Tunnels...
Page 479 Standards and Protocols VPLS draft-ietf-secsh-transport.txt SSH RFC 2819 RMON-MIB Transport Layer Protocol draft-ietf-l2vpn-vpls-ldp-08.txtVirtual RFC 2863 IF-MIB Private LAN Services Using LDP draft-ietf-secsh-connection.txt SSH RFC 2864 INVERTED-STACK-MIB Connection Protocol RFC 2987 VRRP-MIB draft-ietf-secsh- newmodes.txt RFC 3014 NOTIFICATION-LOG- PSEUDO-WIRE SSH Transport Layer Encryption Modes RFC 3985 Pseudo Wire Emulation...
Page 480 Standards and Protocols TIMETRA-VRTR-MIB.mib Page 718 Standards and Protocols...
Page 481: Index
IPv6 router ID service management tasks matching criteria system interface DSCP values system name IP option values packets Standards & Protocols policies proprietary MIBS policy entries protocols port-based filtering standards compliance 7750 SR OS Router Configuration Guide Page 481...
Page 482 IP addresses owner and non-owner virtual router virtual router backup virtual router master VRID configuring basic command reference IES parameters non-owner owner management tasks overview router interface non-owner owner VRRP policy parameters Page 482 7750 SR OS Router Configuration Guide...

This manual is also suitable for:

7750 sr series

Save PDF