RS Switch Router User Guide Release 8.0 36-007-07 Rev.
COPYRIGHT NOTICES ! " # # $ % ! & " ' ( ) * * ' $,$ - $$% ( ' & ) & ' # ' + * ' # ' * * * ' .
REGULATORY COMPLIANCE INFORMATION ( ) * ) ' . SAFETY &= $ @ #" # $ @ ,0/ 0/55#@ 5 D $ @ 5# $ ELECTROMAGNETIC 3## ! @ #" # E E@ E$/00D/55#@ 5 @ 5 D F0F COMPATIBILITY (EMC) 5 D F0F0@ 5 E F "/ G" 0 %E@ 6## 6F0 REGULATORY COMPLIANCE STATEMENTS Note Complies with Part 68, FCC rules. FCC Registration Number 6TGUSA-46505-DE-N Riverstone Networks, Inc. Model WICT1-12 Made in U.S.A.
Warning Changes or modifications made to this device that are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.
VCCI COMPLIANCE STATEMENT ( # ) * ' 6 * # # * ' ' ' ( 5J* ) ?6## A ' J* ) * * 4 * * * * J* SAFETY INFORMATION: CLASS 1 LASER TRANSCEIVERS ! " # " " $ " ( # * )
SAFETY INFORMATION: WICT1-12 T1 CARD Warning ( * ' ' * D 4 * CONSUMER INFORMATION AND FCC REQUIREMENTS 1. This equipment complies with Part 68 of the FCC rules, FCC Registration Number 6TGUSA-46505-DE-N Riverstone Networks Inc. Model WICT1-12 Made in the USA. On the DS1/E1 WAN Module of this equipment is a label that contains, among other information, the FCC registration number and Ringer Equivalence Number (REN) for this equipment.
) ' J* ) * ) *)) ) * J* ) J* ) '* * ) * J* * J* ) & * * ' ) * ' ) * ) ) ) ' ) ( ) * ) * ) * # * .
RIVERSTONE NETWORKS, INC. STANDARD SOFTWARE LICENSE AGREEMENT IMPORTANT: BEFORE UTILIZING THE PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is a legal agreement ("Agreement") between You, the end user, and Riverstone Networks, Inc. ("Riverstone"). BY USING THE ENCLOSED SOFTWARE PRODUCT, YOU ARE AGREEING TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THE RIVERSTONE STANDARD LIMITED WARRANTY, WHICH IS INCORPORATED HEREIN BY REFERENCE.
5. MAINTENANCE AND UPDATES. Updates, upgrades, bug fixes, and maintenance and support services, if any, are provided to You pursuant to the terms of a Riverstone Service and Maintenance Agreement, and only if Riverstone and You enter into such an agreement. Except as specifically set forth in such agreement, Riverstone is under no obligation to provide any updates, upgrades, patches, bug fixes, modifications, enhancements, or maintenance or support services to You.
STANDARD LIMITED WARRANTY Limited Warranty Riverstone Networks, Inc. (“Riverstone”) warrants that for a period of one (1) year from the date of shipment from Riverstone that the Riverstone hardware purchased by Customer (“Hardware”) will be free from defects in materials and workmanship under normal use. This limited warranty extends only to Customer as original purchaser.
data contained in, sorted on, or integrated with any Product returned to Riverstone, whether under warranty or not. Customer is responsible for backing up its programs and data to protect against loss or corruption. Disclaimer.
DECLARATION OF CONFORMITY ADDENDUM " ( ) E$/00D/55# ,0/ 0/55# * " + * " + ! " # # $ % " ( ),- . 5# 7 E$/00D/55# 5# 7 ,0/ 0/55# 5 5 E F 5 D $ / , J* ) ' * F * xii Riverstone Networks RS Switch Router User Guide Release 8.
TABLE OF CONTENTS 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.1 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 2 Maintaining Configuration Files . . . . . . . . . . . . . . . .
4 Hot Swapping Line Cards and Control Modules . . . . . . . . . . . . . . . . . . . . . . 4-1 4.1 Hot Swapping Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.2 4.2.1 4.2.2 4.2.3 Hot Swapping Line Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Deactivating the Line Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.12.2 5.12.3 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Displaying Stackable VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35 6 SmartTRUNK Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 6.1 6.1.1 6.1.2 6.1.3 Configuring SmartTRUNKS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8 ATM Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 8.1 8.1.1 8.1.2 8.1.3 Configuring ATM Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Configuring SONET Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Setting Parameters for the Multi-Rate Line Card. . . . . . . . . . . . . . . . . . . . . . . . . .
10.6 Secondary Subnets and Directly-Connected Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 10.7 Interacting with Relay Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7 11 IP Routing Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 11.1 11.1.1 11.1.2 IP Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.2 12.2.1 12.2.2 12.2.3 12.2.4 12.2.5 Additional Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9 Setting the Backup Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9 Setting the Warmup Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9 Setting the Advertisement Interval. . . . . . .
15 IS-IS Configuration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 15.1 Defining an IS-IS Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 15.2 Configuring IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 15.3 Enabling IS-IS on the RS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17.1.2 17.1.3 17.1.4 17.1.5 17.1.6 Label Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5 Label Distribution and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5 Penultimate Hop Popping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-7 MPLS Tunnels . . . . . . . . . . . . . . . . . . . . . . . .
18.2.8 Simple Route Redistribution Example: Redistribution into OSPF . . . . . . . . . . . . . . . . . . . . . . 18-12 18.3 18.3.1 18.3.2 18.3.3 18.3.4 18.3.5 18.3.6 18.3.7 18.3.8 18.3.9 18.3.10 18.3.11 18.3.12 18.3.13 Configuring Advanced Routing Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-13 Export Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21 Network Address Translation Configuration . . . . . . . . . . . . . . . . . . . . . . . . 21-1 21.1 21.1.1 21.1.2 Configuring NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1 Setting Inside and Outside Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2 Setting NAT Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.4.1 23.4.2 23.4.3 23.4.4 Configuring IPX Addresses to Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3 Configuring Secondary Addresses on an IPX Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3 Configuring IPX Interfaces for a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-4 Specifying IPX Encapsulation Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25.4.2 25.4.3 25.4.4 25.4.5 25.4.6 Placing the Ports on the Same VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 Enabling Layer-4 Bridging on the VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 Creating ACLs to Specify Selection Criteria for Layer-4 Bridging. . . . . . . . . . . . . . . . . . . . . . 25-14 Applying a Layer-4 Bridging ACL to a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28.4 28.4.1 Displaying RMON Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-9 RMON CLI Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-10 28.5 Troubleshooting RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28-12 28.6 Allocating Memory to RMON . . . . . . . . . . . . . . . . . .
30.13 30.13.1 30.13.2 30.13.3 30.13.4 WAN Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-17 Configuring WAN Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-17 The WAN Rate Shaping Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-18 WAN Rate Shaping Example. . . . . . . . . . . . . . . . . . . . .
LIST OF FIGURES Figure 2-1 Commands to save configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Figure 3-1 1000-Base-SX line card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Figure 4-1 Location of offline LED and hot swap button on a 1000Base-SX line card. . . . . . . . . . . . . . . . . . . . .
Figure 15-2 Area 1 detailed view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9 Figure 15-3 Area 2 detailed view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10 Figure 15-4 Area 3 detailed view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figure 17-22 Constrained path selection by administrative group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-105 Figure 17-23 Traffic engineering with IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-109 Figure 18-1 Exporting to RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19 Figure 18-2 Exporting to OSPF . . . . . . . . . . . .
Figure 30-12 Frame Relay over Channelized T1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-80 Figure 30-13 Routed Inter-Office Connections through an ISP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-84 Figure 30-14 Routed Metropolitan Backbone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-91 Figure 31-1 Hardware credit buckets . . . . . . . . . . . . . .
LIST OF TABLES Table 2-1 Commands to change configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Table 2-2 Commands to display configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Table 2-3 File commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Table 2-4 System image commands . . . . . .
Table 30-3 Channelized DS3 Framing and Line Coding Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-31 Table 30-4 Clear Channel T3 and E3 Interface Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-39 Table 30-5 Clear Channel T3 and E3 Framing and Line Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-39 Table 30-6 Timeslot and CIR Assignments . . . . . . . . . . . . . . . . . . . . . . .
1 INTRODUCTION This manual provides information for configuring the Riverstone RS Switch Router software. It details the procedures and provides configuration examples. If you have not yet installed the RS, use the instructions in the Riverstone RS Switch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information. 1.
Document Conventions 1.2 Introduction DOCUMENT CONVENTIONS Commands shown in this manual use the following conventions: Convention Description boldface Indicates commands and keywords that you enter as shown. Indicates arguments for which you supply values. [x] or [] or [x ] Keywords and arguments within a set of square brackets are optional. x|y|z| or [x|y|z|] Keywords or arguments separated by vertical bars indicate a choice.
2 MAINTAINING CONFIGURATION FILES This chapter provides information about configuration files in the Riverstone RS Switch Router (RS). It explains the different types of configuration files and the different procedures involved in changing, displaying, saving, and backing up the files. 2.
Configuration Files Maintaining Configuration Files The following figure illustrates the configuration files and the commands you can use to save your configuration: Scratchpad temporary location; contents lost at reboot Active Startup in effect until reboot remains through reboot (config)# save active (config)# save startup Figure 2-1 Commands to save configurations 2.1.1 Changing Configuration Information The RS provides many commands for changing configuration information.
Maintaining Configuration Files Table 2-2 Configuration Files Commands to display configuration information Task Command Enable Mode: Show active configuration of the system. system show active Show the non-activated configuration changes in the scratchpad. system show scratchpad Show the startup configuration for the next reboot. system show startup Configure Mode: Show active configuration of the system. show active Show the non-activated configuration changes in the scratchpad.
Configuration Files Note 2.1.4 Maintaining Configuration Files If you exit the Configure mode (by entering the exit command or pressing Ctrl+Z), the CLI will ask you whether you want to make the changes in the scratchpad active. Saving the Active Configuration to the Startup Configuration File After you save the configuration commands in the scratchpad, the control module executes the commands and makes the corresponding configuration changes to the RS.
Maintaining Configuration Files - Configuration Files If a particular command has been applied such that it can be expanded on additional interfaces/modules, it is annotated with a “P”. For example, if you enable STP on all ports in the current system, but the RS contains only one module, then the command to enable STP will be applied at a later date when more modules have been added. A command like stp enable et.*.* would be displayed as follows: P: stp enable et.*.
Backing Up and Restoring System Image Files Table 2-3 Maintaining Configuration Files File commands Display a directory of the files in the bootflash or in the PC card. file dir Display the contents of a file in the bootflash. file type [:] Delete the specified file. file delete [:] Copy a file to a different device and/or filename. file copy [:] [:] Erase all files on the specified device.
Maintaining Configuration Files Configuring System Settings If the RS boots up from the PC flash card and cannot find a valid image, it goes into boot prom mode. If the en0 interface is configured and connected to a network, you can download an image to the PC flash by using the system image add command in Enable mode.
Configuring System Settings 2.3.1 Maintaining Configuration Files Setting Daylight Saving Time Daylight saving time (DST) on the RS can be set three different ways: • According to specific days. For example, from the first Sunday of April to the last Saturday of October. • • According to specific dates. For example, from April 1st to October 31st. By setting the RS’s time forward by an hour.
3 CLI AND RS BASICS This chapter provides basic information about the Command Line Interface (CLI) and the RS. It includes: • • • • • • • • How to start the CLI Information about CLI command modes Information about CLI commands Information about line editing commands How to get online help How to set CLI parameters Information about naming RS ports How to set up a basic configuration for the CLI and the RS 3.1 STARTING THE CLI To start the CLI boot up the RS.
Understanding CLI Command Modes 3.2 CLI and RS Basics UNDERSTANDING CLI COMMAND MODES The CLI has four separate command modes. Each command mode controls a group of related commands. This section explains the primary uses for each command mode. 3.2.1 User Mode The initial mode on the RS after booting up is the user mode. The user mode commands are a subset of the enable mode commands. In general, the user commands display basic information and contain basic utilities such as PING.
CLI and RS Basics 3.2.3 Understanding CLI Commands Configure Mode The configure mode provides the capability of configuring and displaying all features and functions on the RS. The commands in this mode are persistent for the current session and future sessions. That is, they can be saved not only in onboard memory but also the startup configuration file. The startup configuration file is the file that the RS boots from.
Using Line Editing Commands Note 3.4 CLI and RS Basics Some CLI modes may have the same commands. For example, the configure mode has port commands. These port commands are for making configuration changes to ports on the RS. The enable mode also has port commands. The port commands found in this mode display port statistics. They are not designed to change the way a port functions like the port commands in the configure mode do.
CLI and RS Basics Using Line Editing Commands Table 3-1 CLI line editing commands (Continued) Command Resulting Action Ctrl+t Transpose the character under the cursor with the character to the left of the cursor. Ctrl-u Delete the line from the beginning of the line to the cursor. Ctrl-v No action. Ctrl+w No action. Ctrl+x Move forward one word. Ctrl-y Paste back what was deleted by the previous Ctrl+k or Ctrl+w command. The text is pasted back at the cursor location.
Getting Help with CLI Commands 3.5 CLI and RS Basics GETTING HELP WITH CLI COMMANDS Interactive help is available in the CLI. Invoke help by entering a question mark (?) character at any command prompt, or after a keyword in any mode. Then press Enter. A set of facility names will display. These are the facilities and commands that can be used in that particular mode.
CLI and RS Basics Setting CLI Parameters Invoking Help Option by Option Alternatively, a command can be entered option by option. First enter the facility name. Then press Enter to execute. For example, enter ip at the configure prompt. The prompt changes to indicate that the context of the current CLI command is changed to ip. Now type a ? character, then press Enter. The options valid for ip are displayed. Choose an option and type it in. For example, type add. Press enter to execute.
Naming RS Ports CLI and RS Basics Command Completion The cli set command completion command controls the behavior of the CLI as commands are entered. When command completion is enabled, the CLI automatically completes a command keyword that is partially entered. To execute, type enough characters of a command keyword to uniquely identify it and the press the Space Bar. The CLI completes the command word and moves to the next command entry point.
CLI and RS Basics 3.7.1 Naming RS Ports Port Type Table 3-2 describes the port type and associated line cards. Table 3-2 Port type designations Type Line Card at Asynchronous Transfer Mode (ATM) cm Cable Modem Termination System (CMTS) e1 Channelized E1 e3 Clear Channel E3 et 10 Base-X/100 Base-X Ethernet gi 1000 Base-X Gigabit Ethernet hs Dual HSSI WAN se Serial WAN so Packet-over-SONET (POS) t1 Channelized T1 t3 Channelized T3 or Clear Channel T3 3.7.
Naming RS Ports Table 3-3 CLI and RS Basics Port numbers for line cards Line Card Port Numbering (Left to Right) 10/100 Base TX 1 2 100 Base FX 3 1 4 2 1000 Base SX/LX 1 2 1000 Base LLX 1 Quad Serial WAN 1,2 3,4 HSSI WAN 1 2 SONET (OC-3c) 1 2 SONET (OC-12c) 1 2 ATM (OC-3) 1 2 16-slot 10/100 Base TX 2 1 4 3 Channelized T1 WIC 1 2 Channelized E1 WIC 1 2 Channelized T3 on the RS 8000 and the RS 8600 1 2 Channelized T3 on the RS 32000 and the RS 38000 1 Multi-rate W
CLI and RS Basics Naming RS Ports For a port numbering example, the port name et.2.8 refers to a port on the Ethernet line card that is located in slot 2, connector 8, while the port name gi.3.2 refers to a port on the Gigabit Ethernet line card located in slot 3, connector 2. There are a few shortcut notations to reference a range of port numbers. For example: • et.(1-3).(1-8) references all the following ports: et.1.1 through et.1.8, et.2.1 through et.2.8, and et.3.1 through et.3.8. • • et.(1,3).
CLI and RS Configuration Example 3.7.5 CLI and RS Basics VC This is the Virtual Channel (VC) number for a Frame Relay interface. 3.7.6 Port Name Example Following is a 1000 Base-SX line card with two gigabit ports: G8M-GSXB1-02 Offline 1000BASE-SX 1 Tx Link Tx Link 2 Hot Online Rx AN Swap Rx AN Gigabit port Gigabit port Figure 3-1 1000-Base-SX line card This line card resides in slot 7 of an RS 8000. The names of the two ports from left to right are gi.7.1 and gi.7.2. 3.
CLI and RS Basics CLI and RS Configuration Example Here are the commands: 1. Set the date and time. rs# system set date year 2001 month april day 30 hour 1 minute 0 second 0 2. Set the monitor’s horizontal and vertical. rs# cli set terminal columns 36 rows 60 3. Set the history buffer size. rs# cli set history size 100 4. Change modes. rs# configure 5. Enable the daylight savings function. rs# configure system set dst-changing s-wk 5 s-dow 1 s-mo 3 e-wk 1 e-dow 7 e-mo 10 e-hr 2 6. Name the RS.
CLI and RS Configuration Example 3-14 Riverstone Networks RS Switch Router User Guide Release 8.
4 HOT SWAPPING LINE CARDS AND CONTROL MODULES 4.1 HOT SWAPPING OVERVIEW Hot swapping is the ability to replace a line card, Control Module, or GBIC (in the RS 32000 and RS 38000 only) while the RS is operating. Hot swapping allows you to remove or install line cards without switching off or rebooting the RS. Swapped-in line cards are recognized by the RS and begin functioning immediately after they are installed. On the RS 8000 and RS 8600, you can hot swap line cards and secondary control modules.
Hot Swapping Line Cards 4.2.1 Hot Swapping Line Cards and Control Modules Deactivating the Line Card To deactivate the line card, do one of the following: • Press the Hot Swap button on the line card. The Hot Swap button is recessed in the line card's front panel. Use a pen or similar object to reach it. When you press the Hot Swap button, the Offline LED lights. Figure 4-1 shows the location of the Offline LED and Hot Swap button on a 1000Base-SX line card.
Hot Swapping Line Cards and Control Modules Hot Swapping One Type of Line Card With Another Do not remove the line card unless the Offline LED is lit. Doing so can cause the RS to crash. Warning 2. Loosen the captive screws on each side of the line card. 3. Carefully remove the line card from its slot in the RS chassis. 4.2.3 Installing a New Line Card To install a new line card: 1.
Hot Swapping a Secondary Control Module Warning Hot Swapping Line Cards and Control Modules You can only hot swap an inactive Control Module. You should never remove the active Control Module from the RS. Doing so will crash the system. The procedure for hot swapping a Control Module is similar to the procedure for hot swapping a line card. You must deactivate the Control Module, remove it from the RS, and insert another Control Module or line card in the slot. 4.4.
Hot Swapping Line Cards and Control Modules Hot Swapping a Switching Fabric Module (RS 8600 only) After you enter this command, the Offline LED on the Control Module lights, and messages appear on the console indicating the Control Module is inoperative. 4.4.2 Removing the Control Module To remove a Control Module from the RS: 1. Make sure that none of the LEDs on the Control Module are lit. 2. Loosen the captive screws on each side of the Control Module. 3.
Hot Swapping a Switching Fabric Module (RS 8600 only) Hot Swapping Line Cards and Control Modules You can only hot swap a Switching Fabric Module if two are installed on the RS 8600. If only one Switching Fabric Module is installed, and you remove it, the RS 8600 will crash. Warning The procedure for hot swapping a Switching Fabric Module is similar to the procedure for hot swapping a line card or Control Module.
Hot Swapping Line Cards and Control Modules 2. Hot Swapping A GBIC (RS 32000 and RS 38000 only) Tighten the captive screws on each side of the Switching Fabric Module to secure it to the chassis. 4.6 HOT SWAPPING A GBIC (RS 32000 AND RS 38000 ONLY) The Gigabit Ethernet line cards have slots for GBICs that can be installed at any time. You can hot swap the GBICs installed in the line cards, as well as the line cards themselves. (For information on hot swapping line cards, see Section 4.
Hot Swapping a WIC Hot Swapping Line Cards and Control Modules Insert GBIC into opening. GBIC is keyed, and will only fit in correct orientation To remove, press tabs on top and bottom of GBIC and pull. Figure 4-4 Installing and removing a GBIC. 4.6.2 Installing a GBIC into the Line Card Install the GBIC into the line card as follows: 1. Hold the GBIC with the network port facing away from the line card. The 20-pin connector should be facing toward the empty GBIC slot of the line card. 2.
5 BRIDGING CONFIGURATION GUIDE The Riverstone RS Switch Router provides the following bridging functions: • • • • Compliance with the IEEE 802.
VLAN Overview 5.3 Bridging Configuration Guide VLAN OVERVIEW Virtual LANs (VLANs) are a means of dividing a physical network into several logical (virtual) LANs. The division can be done on the basis of various criteria, giving rise to different types of VLANs. For example, the simplest type of VLAN is the port-based VLAN. Port-based VLANs divide a network into a number of VLANs by assigning a VLAN to each port of a switching device.
Bridging Configuration Guide VLAN Overview Subnet-based VLANs Subnet-based VLANs are a subset of protocol based VLANs and determine the VLAN of a frame based on the subnet to which the frame belongs. To do this, the switch must look into the network layer header of the incoming frame. This type of VLAN behaves similar to a router by segregating different subnets into different broadcast domains. Multicast-based VLANs Multicast-based VLANs are created dynamically for multicast groups.
VLAN Overview Bridging Configuration Guide Most commonly, an RS is used as a combined switch and router. For example, it may be connected to two subnets S1 and S2. Ports 1-8 belong to S1 and ports 9-16 belong to S2. The required behavior of the RS is that intra-subnet frames be bridged and inter-subnet packets be routed. In other words, traffic between two workstations that belong to the same subnet should be bridged, and traffic between two workstations that belong to different subnets should be routed.
Bridging Configuration Guide Access Ports and Trunk Ports (802.1P and 802.1Q support) Creating a non-IP/non-IPX VLAN In this example, SNA, DECnet, and AppleTalk hosts are connected to et.1.1 and et.2.(1-4). You can associate all the ports containing these hosts to a VLAN called ‘RED’ with the VLAN ID 5. First, create a VLAN named ‘RED’ rs(config)# vlan create RED sna dec appletalk id 5 Next, assign ports to the ‘RED’ VLAN. rs(config)# vlan add ports et.1.1, et.2.(1-4) to RED 5.
Configuring RS Bridging Functions Bridging Configuration Guide 5.5 CONFIGURING RS BRIDGING FUNCTIONS 5.5.1 Configuring Address-based or Flow-based Bridging The RS ports perform address-based bridging by default but can be configured to perform flow-based bridging instead of address-based bridging, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time. The RS performance is equivalent when performing flow-based bridging or address-based bridging.
Bridging Configuration Guide Configuring Spanning Tree To change a port from flow-based bridging to address-based bridging, enter the following command in Configure mode: Change a port from flow-based negate : bridging to address-based port flow-bridging |all-ports bridging. 5.6 CONFIGURING SPANNING TREE Note The ATM modules do not support Spanning Tree Protocol. The RS supports per VLAN spanning tree.
Configuring Spanning Tree Bridging Configuration Guide To enable rapid STP, enter the following command in Configure mode: Enable rapid STP. Note 5.6.2 stp set protocol-version rstp This command is not supported with per-VLAN spanning tree. Adjusting Spanning-Tree Parameters You may need to adjust certain spanning-tree parameters if the default values are not suitable for your bridge configuration.
Bridging Configuration Guide Configuring Spanning Tree Setting a Port Priority You can set a priority for an interface. When two bridges tie for position as the root bridge, you configure an interface priority to break the tie. The bridge with the lowest interface value is elected. To set an interface priority, enter the following command in Configure mode: Establish a priority for a specified interface for default spanning tree.
Configuring Spanning Tree Bridging Configuration Guide Adjusting the Interval between Hello Times You can specify the interval between hello time. To adjust this interval, enter the following command in Configure mode: Specify the interval between hello time for default spanning tree. stp set bridging hello-time Specify the interval between hello times pvst set bridging spanning-tree for a particular instance of spanning tree.
Bridging Configuration Guide 5.6.3 Configuring a Port- or Protocol-Based VLAN STP Dampening STP creates a loop free, active topology in a network by placing ports in a forwarding or blocking state. When a port moves to the forwarding state, it transitions from listening, to learning, and then to forwarding. Whenever this transition happens, there is a chance that some traffic may be lost. If this port state transition happens rarely, the traffic loss is insignificant.
Configuring a Port- or Protocol-Based VLAN 5.7.1 Bridging Configuration Guide Creating a Port or Protocol Based VLAN To create a VLAN, enter the following command in Configure mode. Create a VLAN. 5.7.2 vlan create id Adding Ports to a VLAN To add ports to a VLAN, enter the following command in Configure mode. Add ports to a VLAN. Note 5.7.3 vlan add ports to The ATM modules do not support Spanning Tree Protocol.
Bridging Configuration Guide Configuring VLANs for Bridging You can enable the collection of VLAN statistics on 10/100 and Gigabit Ethernet ports configured as 802.1Q trunk ports. To do so, use the port enable per-vlan-stats command. Then, you can display the statistics by using the port show per-vlan-stats command as illustrated in the following example: rs# port show per-vlan-stats port et.10.4 Traffic Statistics for Port et.10.
Monitoring Bridging Bridging Configuration Guide These filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port. • Secure port filters A secure filter shuts down access to the RS based on MAC addresses. All packets received by a port are dropped.
Bridging Configuration Guide 5.11 GARP/GVRP GARP/GVRP The Generic Attribute Registration Protocol (GARP) is a generic attribute dissemination mechanism. In the case of the GARP VLAN Registration Protocol (GVRP), the attribute is the VLAN ID (VID). GVRP uses GARP Protocol Data Units (PDUs) to register and de-register VLAN IDs on ports.
GARP/GVRP 5.11.2 Bridging Configuration Guide Configuring GARP/GVRP To configure GARP/GVRP on the RS, you should do the following: 1. Enable GVRP functionality on the RS. (GVRP is disabled on the RS by default.) 2. Enable GVRP on individual ports. (GVRP is disabled on all ports on the RS by default.) You can optionally set the following features by using the garp and gvrp commands described in the Riverstone RS Switch Router Command Line Interface Reference Manual: • Enable dynamic VLAN creation.
Bridging Configuration Guide 5.11.3 GARP/GVRP Configuration Example Consider the following configuration example. et.1.2 et.1.3 . et.4.1 et.1.1 R1 et.2.2 et.2.3 R6 R2 7.2 7.3 st.1 st.1 7.1 et.2.1 et.3.2 et.4.2 et.4.3 R5 R4 et.5.2 8.1 8.2 8.3 et.5.1 R7 et.6.1 et.3.1 et.3.3 R3 et.5.3 et.6.2 et.6.3 R8 Figure 5-2 Using GARP/GVRP on a network Routers R4 and R5 pass traffic between two networks.
GARP/GVRP Bridging Configuration Guide The following is the configuration for R1: Create VLAN RED as a port-based VLAN and add ports to it. vlan create red port-based vlan add ports et.1.1-3 to vlan red Enable GVRP gvrp start Enable GVRP on ports et.1.1-3. gvrp enable ports et.1.1-3 Ports et.1.2 and 1.3 do not need to send GARP PDUs because they are connected to devices that are not running GVRP. Therefore, we should set their status to non-participating. gvrp set applicant status non-participant et.1.
Bridging Configuration Guide 5.12 Tunneling VLAN packets across MANs TUNNELING VLAN PACKETS ACROSS MANS The “stackable” VLAN feature on the RS allows you to tunnel multiple VLANs through a metropolitan area network (MAN) over a single backbone VLAN. This feature provides the following benefits: • Traffic for multiple VLANs, or traffic for multiple customers, can be aggregated to run through a MAN over a single backbone VLAN.
Tunneling VLAN packets across MANs Note Bridging Configuration Guide Tunnel entry and exit port are configured as access ports. These ports can receive 802.1q-tagged traffic. In Figure 5-3, customer C1 tags outgoing traffic with the VLAN ID BLUE in the 802.1q headers. Customer C1’s traffic enters the tunnel entry port et.2.1 on R1. On R1, the tunnel entry port et.2.1 is mapped to the backbone VLAN RED. The BLUE-tagged packet received on port et.2.1 is encapsulated with an 802.
Bridging Configuration Guide Tunneling VLAN packets across MANs BLUE VLAN C1 C2 et.2.1 R1 et.4.1 MAN et.3.1 et.5.1 R2 et.6.1 C1 et.7.1 C2 RED VLAN (backbone) GREEN VLAN Figure 5-4 Multiple customers with different VLANs The following is the configuration for R1: ! Create 1 backbone VLAN and 2 customer VLANs vlan create RED port-based vlan create GREEN port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.2.1 to BLUE vlan add ports et.3.
Tunneling VLAN packets across MANs Bridging Configuration Guide The following is the configuration for R2: ! Create 1 backbone VLAN and 2 customer VLANs vlan create RED port-based vlan create GREEN port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.6.1 to BLUE vlan add ports et.7.1 to GREEN vlan add ports et.5.1 to RED ! Make et.5.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.5.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following is the configuration for R1: ! Create 2 backbone VLANs and 1 customer VLAN vlan create RED port-based vlan create GREEN port-based vlan create BLUE port-based ! Add ports to BLUE VLAN vlan add ports et.2.1, et.3.1 to BLUE ! Make et.4.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.4.1 stackable-vlan ! Add et.4.1 to both RED and GREEN backbone VLANs vlan add ports et.4.1 to RED vlan add ports et.4.
Tunneling VLAN packets across MANs Bridging Configuration Guide BLUE RED VLAN C1 C2 et.2.1 R1 et.4.1 et.5.1 et.6.1 C1 et.7.1 C2 et.12.1 C3 et.13.1 C4 R2 et.3.1 GREEN MAN BLUE C3 C4 et.8.1 R3 et.10.1 et.11.1 et.9.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following is the configuration for R2: ! Create 1 backbone VLAN and 2 customer VLANs vlan create RED port-based vlan create GREEN port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.6.1 to BLUE vlan add ports et.5.1 to RED vlan add ports et.7.1 to GREEN ! Make et.5.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.5.
Tunneling VLAN packets across MANs Bridging Configuration Guide The following is the configuration for R4: ! Create 1 backbone VLAN and 2 customer VLANs vlan create PURPLE port-based vlan create GREEN port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.11.1 to PURPLE vlan add ports et.12.1 to BLUE vlan add ports et.13.1 to GREEN ! Make et.11.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.11.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following is the configuration for R1: ! Create backbone VLAN and customer VLAN vlan create RED port-based vlan create BLUE port-based ! Add ports to VLANs vlan add ports et.2.1, et.3.1 to BLUE vlan add ports et.4.1 to RED ! Make et.4.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.4.1 stackable-vlan ! Map tunnel entry ports to backbone VLAN vlan enable stackable-vlan on et.2.
Tunneling VLAN packets across MANs C1 et.2.1 R1 et.3.1 PURPLE VLAN C1 Bridging Configuration Guide et.4.1 MAN et.5.1 et.9.1 R3 et.7.1 et.8.1 R4 PURPLE VLAN BLUE VLAN Figure 5-8 Customer VLAN with multiple tunnel entry ports across multiple routers The following is the configuration for R1: ! Create 1 backbone VLAN and 1 customer VLAN vlan create PURPLE port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.2.1 to BLUE vlan add ports et.3.1 to PURPLE ! Make et.3.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following is the configuration for R2: ! Create 1 backbone VLAN and 1 customer VLAN vlan create RED port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.4.1 to RED vlan add ports et.5.1 to BLUE ! Make et.4.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.4.1 stackable-vlan ! Map tunnel exit ports to backbone VLAN vlan enable stackable-vlan on et.5.
Tunneling VLAN packets across MANs Note Bridging Configuration Guide If you do not want multicast or broadcast traffic from C1 on R1 to be seen by C1 on R3, then configure a different backbone VLAN on R3. STP/GVRP in Customer VLANs Tunneled over Backbone VLAN STP, RSTP, or GARP/GVRP can be run in the customer VLANs which are tunneled over the backbone VLAN. The customer VLAN does not need to be reconfigured in order to be tunneled.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following configuration statements on C1R2 enable STP on port et.8.1, the port that is connected to the tunnel exit port. ! Create customer VLAN vlan create BLUE port-based ! Add port to VLAN vlan add ports et.8.1 to BLUE ! Make port et.8.1 a trunk port vlan make trunk-port et.8.1 ! Enable STP on et.8.1 stp enable port et.8.
Tunneling VLAN packets across MANs Bridging Configuration Guide The following is the configuration for R2: ! Create 1 backbone VLAN and 2 customer VLANs vlan create RED port-based vlan create GREEN port-based vlan create BLUE port-based ! Add port to each VLAN vlan add ports et.6.1 to BLUE vlan add ports et.7.1 to GREEN vlan add ports et.5.1 to RED ! Make et.5.1 both a trunk port and a tunnel backbone port vlan make trunk-port et.5.
Bridging Configuration Guide Tunneling VLAN packets across MANs AQUA VLAN PURPLE VLAN PINK VLAN GREEN VLAN BLUE VLAN C1 ... C5 et.2.1 R1 et.6.1 et.4.1 MAN et.5.1 C1 ... C5 R2 RED VLAN (backbone) Figure 5-10 Multiple VLANs on single tunnel entry port Riverstone Networks RS Switch Router User Guide Release 8.
Tunneling VLAN packets across MANs Bridging Configuration Guide The following is the configuration for R1: ! Create backbone VLAN vlan create RED port-based ! Create customer VLANs vlan create BLUE port-based vlan create GREEN port-based vlan create PINK port-based vlan create PURPLE port-based vlan create AQUA port-based ! Make et.2.1 an access port that can belong to > 1 VLAN vlan make access-port et.2.1 stackable-vlan ! Add ports to VLANs vlan add ports et.2.1 to BLUE vlan add ports et.2.
Bridging Configuration Guide Tunneling VLAN packets across MANs The following is the configuration for R2: ! Create backbone VLAN vlan create RED port-based ! Create customer VLANs vlan create BLUE port-based vlan create GREEN port-based vlan create PINK port-based vlan create PURPLE port-based vlan create AQUA port-based ! Make et.6.1 an access port that can belong to > 1 VLAN vlan make access-port et.6.1 stackable-vlan ! Add ports to VLANs vlan add ports et.6.1 to BLUE vlan add ports et.6.
Tunneling VLAN packets across MANs Bridging Configuration Guide The following explains the display: 1. The ID number of the VLAN, followed by the ID number of the backbone VLAN. 2. The tunnel entry/exit ports, configured with the vlan enable stackable-vlan command. 3. The ports on which multicast, broadcast, or unknown unicast packets are flooded. 4. The tunnel backbone ports, configured with the stackable-vlan option of the vlan make trunk-port command. 5.
6 SMARTTRUNK CONFIGURATION GUIDE This chapter explains how to configure SmartTRUNKs on the RS. A SmartTRUNK is Riverstone’s technology for load balancing and load sharing across a number of ports. SmartTRUNKs are used for building high-performance, high-bandwidth links between Riverstone’s switching platforms. A SmartTRUNK is a group of two or more physical ports that have been combined into a single logical port.
Configuring SmartTRUNKS 4. SmartTRUNK Configuration Guide Specify whether the SmartTRUNK uses SmartTRUNK Load Redistribution (SLR). This step is optional. SLR allows the SmartTRUNK to dynamically move flows from port-to-port to take the best advantage of each link’s current bandwidth. 6.1.1 Creating a SmartTRUNK When creating a SmartTRUNK, assign a name to the SmartTRUNK and then select its control protocol.
SmartTRUNK Configuration Guide 6.1.3 SmartTRUNK Example Configuration Specifying Traffic Load Policy The default policy for assigning flows on the ports of a SmartTRUNK is “link-utilization,” where flows are assigned to the least-used ports in the SmartTRUNK. The other policy for assigning flows to ports is “round-robin,” where flows are assigned to ports on a sequential basis. The traffic distribution policy only affects the initial assignment of L2 and L3 flows to a given port.
SmartTRUNK Example Configuration SmartTRUNK Configuration Guide The following is the configuration for the Cisco 7500 router: interface port-channel 1 ip address 10.1.1.1 255.255.255.0 ip route-cache distributed interface fasteth 0/0 no ip address channel-group 1 The following is the configuration for the Cisco Catalyst 5000 switch: set port channel 3/1-2 on The following is the SmartTRUNK configuration for the RS labeled ‘R1’ in the diagram: smarttrunk create st.
SmartTRUNK Configuration Guide 6.3 Configuring the Link Aggregation Control Protocol (LACP) CONFIGURING THE LINK AGGREGATION CONTROL PROTOCOL (LACP) You can configure Riverstone’s SmartTRUNK to support the 802.3ad Link Aggregation Control Protocol (LACP). When you do so, the SmartTRUNK is treated as the aggregator. As an aggregator, the SmartTRUNK presents a standard IEEE 802.3 service interface and communicates with the MAC client.
Configuring the Link Aggregation Control Protocol (LACP) SmartTRUNK Configuration Guide Configure the aggregator’s (SmartTRUNK’s) LACP properties using the lacp set aggregator command. Here is an example: rs(config)#lacp set aggregator st.
SmartTRUNK Configuration Guide Configuring the Link Aggregation Control Protocol (LACP) R1, R2, R3, and R4 are connected by aggregators (SmartTRUNKs) st.12, st13, st.14, st.23, st.24, and st.34. Notice that st.12, st.13, st.24, and st.34 consist of Gigabit Ethernet links, while st.14 and st.23 consist of 10/100 Ethernet links. Table 6-1 shows the relationship between the aggregators, the RS switches, and the ports contained within the LAGs that bind to their respective aggregator.
Configuring the Link Aggregation Control Protocol (LACP) SmartTRUNK Configuration Guide Configuration for R2: smarttrunk create st.12 protocol lacp smarttrunk create st.23 protocol lacp smarttrunk create st.24 protocol lacp lacp set aggregator st.12 port-type gigabit-Ethernet actor-key 20 partner-key 10 lacp set aggregator st.23 port-type 10-100-Ethernet actor-key 21 partner-key 31 lacp set aggregator st.24 port-type gigabit-Ethernet actor-key 20 partner-key 40 lacp set port gi.1.1,gi.2.
SmartTRUNK Configuration Guide 6.4 SmartTRUNK Load Redistribution SMARTTRUNK LOAD REDISTRIBUTION SmartTRUNK Load Redistribution (SLR) monitors all ports within a SmartTRUNK for utilization. If a port begins to become overloaded, SLR automatically moves some of the port’s flows to other, less utilized ports within the SmartTRUNK. SLR is enabled for the entire SmartTRUNK, and can be used in unison with any control protocol or load policy (see Section 6.1.3, "Specifying Traffic Load Policy" and Section 6.
SmartTRUNK Load Redistribution SmartTRUNK Configuration Guide Status Interval = 1 second Redistribution Interval = 5 Status Intervals then 1 * 5 = 5 seconds per Redistribution Interval. Note To avoid flows “bouncing” back and forth between ports, SLR uses the rule that no moved flow can be returned to the port from which it was moved until at least one Redistribution Interval has passed. Creating an SLR Enabled SmartTRUNK The following is an example of creating a SmartTRUNK that uses SLR: 1.
SmartTRUNK Configuration Guide SmartTRUNK Load Redistribution To monitor SmartTRUNK SLR activity on st.4, enter the following command from Enable mode: rs# smarttrunk show load-redistribution-params st.4 statistics st.4 Link Moving Avg Over Above Above Below Below Port Output Utilization Load Capacity HWM MWM MWM LWM Capacity Ports %capacity %capacity History History History History History Mb/s -------- ----------- ----------- -------- -------- -------- -------- -------- --------et.4.1 38.46 38.
SmartTRUNK Load Redistribution SmartTRUNK Configuration Guide Redistribution of IP Flows The smarttrunk set load-redistribution-params command is used to specify the redistribution of layer-3 flows by setting the ip-redistribute parameter. For example: rs(config)#smarttrunk set load-redistribution-params st.4 redistribute-ip Layer-3 flows, as well as layer-2 flows, will now be affected by SLR on SmartTRUNK st.4. Typically, IP (layer-3) flows are short-lived compared to layer-2 flows.
7 CMTS CONFIGURATION GUIDE This chapter describes how to connect and configure Riverstone’s Cable Modem Termination System (CMTS). The CMTS interface is an RS 8000/8600 series module that supports one transmit (downstream) and four receive (upstream) ports. The RS 8000/8600 chassis with the CMTS module provides wire-speed CMTS integration.
Provisioning the Headend CMTS Configuration Guide G8M-CMTSA-4X1 Link DOCSIS CMTS Rx Link Rx Link Rx Link Rx Tx Offline Online US 1 US 2 US 3 US 4 IF DS Hot Swap Figure 7-1 CMTS Module Front Panel By default the upstream channels are disabled. Use the command line interface to enable the upstream channels before use.
CMTS Configuration Guide 7.3.1 Provisioning the Headend Headend Certification The cable headend plant must pass both analog and digital certification. In the United States, analog certification is an annual measurement procedure mandated by the Federal Communications Commission. Consult with local agencies for local analog certification requirements. 7.3.2 IF-RF-Upconverter The downstream output of the CMTS module is 44 MHz IF (intermediate frequency).
Provisioning the Headend CMTS Configuration Guide To data network G8M-GLXA9-02 1 1000BASE-LX 1000B ASE-LX G8M-GSXA1-02 DOCSIS CMTS G8M-HTXA2-08 1 1 US 1 RS-8000 US 2 US 3 US 4 G8M-HTXA2-08 1 3 4 G8M-CM 5 6 7 8 7 5 3 CM/1 PS2 10/100BASE-TX 10/100B ASE-TX 3 4 5 6 7 2 3 4 5 6 7 G8M-HTXA2-08 1 CONTROL CONTR OL MODULE 8 PWR 10/100BASE-TX 10/100B ASE-TX G8M-HTXA2-08 1 6 4 2 CM PS1 2 2 IF DS 10/100BASE-TX 10/100B ASE-TX 2 1000BASE-SX 1000B ASE-SX 2 G8M-CMTSA-4X1 8
CMTS Configuration Guide 7.3.4 Connecting and Configuring the Downstream DHCP Servers A Dynamic Host Configuration Protocol (DHCP) server must be installed at the headend site to assign an IP address to each cable modem in compliance with DOCSIS specification. The DHCP server must also offer a time-of-day server option that is compliant with RFC-868.
Connecting and Configuring the Downstream 7.4.1 CMTS Configuration Guide Installing and Configuring the Upconverter If you have not already done so, unpack the IF-to-RF upconverter at your headend site and install it near your RS 8000/8600 router. If your router is installed in a rack, install the upconverter in the same rack, if possible. Note 7.4.2 Refer to the user documentation that accompanied your upconverter for safety information and specific installation instructions.
CMTS Configuration Guide 7.4.5 Connecting the Upstream to the Laser Receiver Completing the Downstream Configuration To complete the downstream configuration, you must combine the upconverter output with the main headend broadcast feed into the laser transmitter in the headend. The narrowcast feed, which includes cable modem service and digital video and local access channels, is connected to the laser transmitter input using an 8-way tap and a 3-way splitter.
Configuring the CMTS Module 7.6 CMTS Configuration Guide CONFIGURING THE CMTS MODULE There are two ways to configure the CMTS module for operation, in a routed network and in a bridged network. In the bridged network the CMTS module and the DHCP server must be on the same VLAN. In the routed network, the DHCP server can be located on the routed network.
CMTS Configuration Guide 7.6.2 Configuring the CMTS Module Configuring the CMTS Module in a Routed Network The example procedure in this section shows configuring the CMTS to operate in a routed network. Before preforming the steps in this example procedure you must set up the DHCP server to assign IP addresses in a range that is compatible with the VLAN that the CMTS module and the DHCP server are assigned. Prior to performing this procedure you must also set up the TFTP and DNS servers. 1.
CMTS Configuration Examples 7.7 CMTS Configuration Guide CMTS CONFIGURATION EXAMPLES The following section contains real-world configurations for broadband network layouts. Each example describes how to use the RS’ CMTS capabilities to support multiple ISPs. For all examples, assume that there are two ISPs, AMERILINK and MOONLINK, each with two subscribers. • AMERILINK • Ethernet Network: 50.1.0.0 RF Network: 50.2.0.0 Server: 50.1.1.100 MOONLINK - Ethernet Network: 80.1.0.0 RF Network: 80.2.0.
CMTS Configuration Guide 7.7.1 CMTS Configuration Examples Example One: Multiple ISPs Share a Single DHCP Server In this example, the DHCP server can be run on either the AMERILINK or MOONLINK network. The advantages of this type of configuration are that it is simple, there is only a single database, and the ISP selection is transparent to the user. The disadvantage is that the ISPs must share access to the DHCP server. They can, however, still manage their own TFTP and TOD servers. DHCP Server 30.1.
CMTS Configuration Examples CMTS Configuration Guide Following, is the configuration: ! Configure the RS cmts set headend cm.5.1 auth-str DOCSIS cmts set uschannel cm.5.1 upstream 1 state on ! Configure the VLANs vlan create AMERILINK port-based vlan create MOONLINK port-based vlan create CMTS port-based vlan create DHCP port-based vlan add ports et.1.1 to AMERILINK vlan add ports et.1.2 to MOONLINK vlan add ports cm.5.1 to CMTS vlan add ports et.1.
CMTS Configuration Guide CMTS Configuration Examples Following, is the configuration for the DHCP server: # prevents unknown hosts from getting information from this dhcp server deny unknown-clients; # server requires a declaration for subnet directly attached subnet 30.1.0.0 netmask 255.255.0.0 { } shared-network amerilink_moonlink { # AMERILINK’s network subnet 50.2.0.0 netmask 255.255.0.0 { # modem config file filename “amerilink-modem.cfg”; # time of day option time-servers 50.1.1.
CMTS Configuration Examples # MOONLINK’s network subnet 80.2.0.0 netmask 255.255.0.0 { # modem config file filename “moonlink-mdem.cfg”; # time of day option time-servers 80.1.1.100; option ntp-servers 80.1.1.100; # tftp server next-server 80.1.1.100; option routers 80.2.1.1; host cm1 { hardware ethernet DDEEFF:000001; fixed address 80.2.1.101; } host cm2 { hardware ethernet DDEEFF:000002: fixed address 80.2.1.102; } } 7-14 Riverstone Networks RS Switch Router User Guide Release 8.
CMTS Configuration Guide 7.7.2 CMTS Configuration Examples Example Two: Multiple ISPs with multiple DHCP servers The advantages of this type of configuration are that each ISP manages its own DHCP server, and ISP selection is transparent to the user. The disadvantage is that the MAC to IP address mappings must be mutually exclusive. Otherwise, DHCP conflicts will result. 50.1.1.1 AMERILINK + DHCP Server RS et.1.1 80.1.1.1 MOONLINK + DHCP Server et.1.2 cm.5.1 50.2.1.1/80.2.1.1 AABCC:000001/50.2.1.
CMTS Configuration Examples CMTS Configuration Guide Following, is the AMERILINK DHCP configuration: # prevents unknown hosts from getting information from this dhcp server deny unknown-clients; # modem config file filename “amerilink-modem.cfg”; # time of day option time-servers 50.1.1.100; options ntp-servers 50.1.1.100; # tftp server next server 50.1.1.100; shared network amerilink_moonlink { # AMERILINK’s network : OK TO CONFIGURE subnet 50.2.0.0 netmask 255.255.0.0 { option routers 50.2.1.
CMTS Configuration Guide CMTS Configuration Examples Following, is the MOONLINK DHCP configuration: # prevents unknown hosts from getting information from this dhcp server deny unknown-clients; # modem config file filename “moonlink-modem.cfg”; # time of day option time-servers 80.1.1.100; options ntp-servers 80.1.1.100; # tftp server next server 80.1.1.100; shared network amerilink_moonlink { # AMERILINK’s network : DON’T CONFIGURE subnet 50.2.0.0 netmask 255.255.0.
CMTS Configuration Examples 7.7.3 CMTS Configuration Guide Example Three: Overlapping VLANs with Multiple DHCP Servers and Client-VLAN Bindings The advantage of the client-VLAN bindings configuration is that clients and modems can be on different VLANs. This provides the added flexibility of using modems and Client Premise Equipment (CPEs) in different subnets. Client-VLAN bindings can be configured either from the CLI or through vendor extensions.
CMTS Configuration Guide CMTS Configuration Examples Here is an example of a TFTP configuration file ! This line indicates that this vendor extension is a Riverstone CMTS 43(VSIF) + n1(number of value bytes inside this VSIF) 8(Vendor ID Type) + 3(len) + 02:E0:63(Riverstone OUI) ! TLVs 1 (Default Vlan) + n2(number of value bytes) 1 (Default Vlan ID) + 2(len) + [1-4094] 2 (Default Vlan Priority) + 1(len) + [0-7] /* Optional */ 3 (Default Vlan Type) + 1(len) + [protocol bitmask] /* Optional */ 2 (MAC-IP-VLA
Anti-Spoofing 7.8 CMTS Configuration Guide ANTI-SPOOFING The following examples illustrate methods for anti-spoofing using the RS. The RS in these examples contain the following line cards: • • Slot 1: 8 port 10/100 card Slot 5: CMTS card 7.8.1 Anti-DHCP Spoofing Anti-DHCP spoofing prevents a DHCP server that is behind a cable modem from serving as a provisioning server for nodes on the same cable network.
CMTS Configuration Guide 7.8.2 Anti-Spoofing Anti-IP-spoofing Anti IP-spoofing prevents CPE's on the same network segment from cloning other CPE addresses. In this example, anti-spoofing prevents CPE #1 from cloning CPE #2’s IP address. RS DHCP SERVER 1 50.1.1.1 et.1.1 cm.5.1 DDEEFF: 000001 / 50.2.1.X MODEM #1 00BOCC: D6B4A / 50.2.1.91 CPE #1 DDEEFF: 000002 / 50.2.1.X MODEM #2 00AOCC: D5B3A / 50.2.1.92 CPE #2 Here is the configuration for the RS: ! Configure the RS cmts set headend cm.5.
Anti-Spoofing CMTS Configuration Guide Static and Dynamic Anti-IP Spoofing IP-spoofing can be implemented statically or dynamically. The following sections give examples of each type of anti-spoofing. Static Anti-IP Spoofing Static configuration requires manually assigning an individual MAC address to an individual IP address. Here is an example: ! Configure static anti-IP spoofing cmts set headend cm.5.1 anti-ip-spoofing enable cmts set cpe cm.5.1 macaddr 00BOCC:D6B4A ip 50.2.1.91 cmts set cpe cm.5.
8 ATM CONFIGURATION GUIDE This chapter provides an overview of the Asynchronous Transfer Mode (ATM) features available for the Riverstone RS Switch Router. ATM is a cell switching technology used to establish multiple connections over a physical link. In addition, you can configure each of these connections with its own traffic parameters, providing more control over specific connections within a network.
Configuring ATM Ports 8.1 ATM Configuration Guide CONFIGURING ATM PORTS You can use two different ATM line cards on the RS, the ATM multi-rate line card and the ATM-OC12 line card. The multi-rate line card has two available slots for various Physical Layer (PHY) interface cards. These PHY cards provide the media-specific portion of an ATM interface. The ATM-OC12 line card provides one logical connection through two physical ports (Link1 and Link 2).
ATM Configuration Guide 8.1.2 Configuring ATM Ports Setting Parameters for the Multi-Rate Line Card On the multi-rate line card you can do the following: • Enable cell scrambling for the PDH (plesiochronous digital hierarchy) physical (PHY) interfaces available on the ATM line card, such as the T3 and E3 PHYs. • Select the format for mapping ATM cells into PDH (plesiochronous digital hierarchy) T3 and E3 frames. • Change the default number of bits allocated for the Virtual Path Identifier (VPI).
Configuring ATM Ports ATM Configuration Guide The ATM OC-12 line card has a preset bit allocation scheme for the VPI/VCI pair which cannot be changed: 4 bits set for VPI and 12 bits set for VCI. The ATM multi-rate line card has a default bit allocation of 1 bit allocated for the VPI and 11 bits allocated for the VCI. This default bit allocation scheme provides a VPI range=(0,1) and # of virtual channels=2n=211=2048. If you require more VPIs, you will need to set your VPI bits to some number higher than 1.
ATM Configuration Guide 8.2 Configuring Virtual Channels CONFIGURING VIRTUAL CHANNELS A virtual channel is a point-to-point connection that exists within a physical connection. You can create multiple virtual channels within one physical connection, with each virtual channel having its own traffic profile. The combination of VPI and VCI is known as the VPI/VCI pair, and identifies the virtual channel.
Traffic Shaping ATM Configuration Guide To display traffic statistics for a virtual channel, use the atm show stats command as shown in the following example: RS-8000# atm show stats port at.5.1.1.
ATM Configuration Guide Traffic Shaping Constant Bit Rate (CBR) This service category provides a guaranteed constant bandwidth specified by the Peak Cell Rate (PCR). This service requires only the PCR value. The Sustainable Cell Rate (SCR) and Maximum Burst Size (MBS) values are ignored. This service category is intended for applications that require constant cell rate guarantees such as uncompressed voice or video transmission.
Traffic Management 8.4 ATM Configuration Guide TRAFFIC MANAGEMENT The ATM line cards provide different methods for managing traffic. On the ATM multi-rate line card you can use the following QoS policies to control ATM traffic: Strict Priority, Weighted Fair Queueing (WFQ), or WFQ with Strict Priority. On the ATM OC-12 line card you can prioritize traffic by configuring virtual channel (VC) groups.
ATM Configuration Guide Traffic Management Relative Latency When you use the atm set vcl-qos command to define a VC’s QoS policy, you can set a value for relative latency by specifying the relative-latency parameter. Increasing relative latency can increase the accuracy of the achieved rates. This is because each queue has a quota of bytes to transmit, and the packets that are sent may not exactly equal that quota. Therefore there is going to be either excess bytes sent, or a shortage of bytes sent.
Traffic Management ATM Configuration Guide This feature is advantageous in the case where different priority traffic needs to travel between two end devices. The end devices can essentially share one logical connection (through the VC group) while still prioritizing data up to four different levels. If a connection becomes oversubscribed and packets start dropping, using a VC group ensures that the data traffic passing between the two end devices are ranked by importance.
ATM Configuration Guide • Traffic Management All routing protocol control packets are assigned control priority. Server Client1 201.0.0.1/24 Client2 200.0.0.1/24 202.0.0.1/24 et.1.1 at.1.1 at.1.1 100.0.0.1/24 et.1.1 100.0.0.2/24 et.1.2 et.1.3 RS1 RS2 203.0.0.
Traffic Management ATM Configuration Guide Following are the steps and commands used to configure RS1 in the example: Create a virtual channel. atm create vcl port at.1.1.0.100 Configure an interface on the ATM port. interface create ip atm1 address-netmask 100.0.0.1/24 port at.1.1.0.100 Configure an interface on the ethernet port to which the server is connected. interface create ip 200.0.0.1/24 port et.1.
ATM Configuration Guide Traffic Management Configuring Virtual Channels Groups (OC-12) If the RS’s in Figure 8-1 were connected through ATM OC-12 line cards, you would use VC groups to manage the traffic. Following are the steps and commands for configuring RS1 in the example: Create the virtual channels. atm atm atm atm create create create create vcl vcl vcl vcl port port port port at.1.1.0.100 at.1.1.0.101 at.1.1.0.102 at.1.1.0.103 Create a virtual channel group ‘vg.1’ on slot number 1 of RS1.
Traffic Management ATM Configuration Guide Following are the steps and commands for configuring RS2: Create the same virtual channels on RS2. rs2(config)# atm create vcl port at.1.1.0.100 atm create vcl port at.1.1.0.101 atm create vcl port at.1.1.0.102 atm create vcl port at.1.1.0.103 Create the virtual channel group ‘vg.1’ on slot number 1 of RS2. atm create vcgroup vg.1 slot 1 Add the virtual channels to the VC group created on RS2. atm atm atm atm add add add add vcl vcl vcl vcl at.1.1.0.100 at.
ATM Configuration Guide 8.5 Bridging ATM Traffic BRIDGING ATM TRAFFIC The ATM modules support both flow-based and address-based bridging. Like all the other RS modules, the ATM modules perform address-based bridging by default, but can be configured to perform flow-based bridging. The ATM multi-rate line card supports IP-based VLANs, and the ATM OC-12 line card supports IP and IPX-based VLANs. You can configure an ATM port as an 802.1Q trunk port, enabling it to carry traffic for multiple VLANs.
Bridging ATM Traffic ATM Configuration Guide VLAN A RS et.5.1 at.4.3 et.6.2 VLAN B Figure 8-2 Bridging ATM traffic configuration example 8-16 Riverstone Networks RS Switch Router User Guide Release 8.
ATM Configuration Guide Bridging ATM Traffic Following are the configuration steps for the example: Apply an interface on both ethernet ports. rs(config)# port et.5.1 rs(config)# port et.6.2 interface create ip subnetA address-netmask 11.1.1.1/24 up interface create ip subnetB address-netmask 11.1.2.1/24 up Create two virtual channels, one for each type of traffic. rs(config)# atm create vcl port at.4.3.0.100 rs(config)# atm create vcl port at.4.3.0.
Routing ATM Traffic ATM Configuration Guide To switch packets between two ATM ports, you would specify the atm set cross-connect command for both ports. For example, to configure a cross-connect between at.1.1.0.100 and at.2.1.0.101, enter the following: atm set cross-connect at.1.1.0.100 to at.2.1.0.101 atm set cross-connect at.2.1.0.101 to at.1.1.0.100 Note 8.5.3 You can configure cross-connects on the multi-rate line card only.
ATM Configuration Guide Routing ATM Traffic Subnet A 10.1.1.X/24 Subnet B 20.1.1.X/24 et 2.4 10.1.1.130/24 et 2.3 20.1.1.130/24 RS1 at 4.2 30.1.1.127/24 VPI = 0, VCI =100 CBR, 100 Mbit 40.1.1.127/24 VPI = 0, VCi = 101 UBR, 20 Mbit ATM Network 40.1.1.128/24 VPI = 0, VCi = 101 UBR, 20 Mbit 30.1.1.128/24 VPI = 0, VCI =100 CBR, 100 Mbit at 3.1 RS2 50.1.1.130/24 et 5.1 Subnet C 50.1.1.
Routing ATM Traffic ATM Configuration Guide Following is the configuration for RS1: Configure an interface on each ethernet port. rs1(config)# interface create ip subnetA address-netmask 10.1.1.130/24 port et.2.4 up rs1(config)# interface create ip subnetB address-netmask 20.1.1.130/24 port et.2.3 up Create the virtual channels. rs1(config)# atm create vcl port at.4.2.0.100 rs1(config)# atm create vcl port at.4.2.0.101 Configure an interface on each ATM port.
ATM Configuration Guide Routing ATM Traffic Following is the configuration for RS2: Configure an interface on the ethernet port that leads to Subnet C. rs2(config)# interface create ip subnetC address-netmask 50.1.1.130/24 port et.5.1 up Create the virtual channels on port at.4.2. rs2(config)# atm create vcl port at.3.1.0.100 rs2(config)# atm create vcl port at.3.1.0.101 Configure an interface for each VC. rs2(config)# interface create ip ubrservice address-netmask 40.1.1.128/24 peer-address 40.1.1.
Routing ATM Traffic Note ATM Configuration Guide Specify a peer address if the RS is handling VC-mux encapsulated traffic. In the following example, a connection is established between a video server and three video clients (Video Client 1, Video Client 2, and Video Client 3). The video server routes data through the RS to the video clients. Traffic passes to the video clients through three separate virtual channels. Each virtual channel has a unique service profile.
ATM Configuration Guide Configuring PPP (OC-12) Following is the configuration for the RS: Create the virtual channels that will connect to each video client. rs(config)# atm create vcl port at.2.1.0.101 rs(config)# atm create vcl port at.2.1.0.102 rs(config)# atm create vcl port at.2.1.0.103 Create a VLAN called ‘video’ which supports all protocols. rs(config)# vlan create video ip id 20 Add the VCs to the VLAN. rs(config)# vlan add ports at.2.1.0.101 to video rs(config)# vlan add ports at.2.1.0.
Configuring PPP (OC-12) ATM Configuration Guide RS DSLAM DSL Modem at.1.1 et.1.1 AAA Server 10.1.1.1 Figure 8-5 PPP configuration example Following is the configuration for the RS: Create a virtual channel for the PPP connection. rs(config)# atm create vcl port at.1.1.0.200 Define the PPP service profile. rs(config)# atm define service cm1 srv-cat rt-vbr encaps vc-mux traffic ppp ppp-auth chap Apply the service profile to the VC. atm apply service cm1 port at.2.1.0.
ATM Configuration Guide Configuring PPP (OC-12) To display PPP (Point-to-Point Protocol) statistics for an ATM OC-12 line card, use the atm show ppp command as shown in the following example: rs# atm show ppp port all ---------------------------------------------at.5.
Configuring PPP (OC-12) 8-26 Riverstone Networks RS Switch Router User Guide Release 8.
9 PACKET-OVER-SONET CONFIGURATION GUIDE This chapter explains how to configure and monitor Packet-over-SONET (PoS) on the RS. See the sonet commands section of the Riverstone RS Switch Router Command Line Interface Reference Manual for a description of each command. PoS requires installation of the OC-3c or OC-12c PoS line cards in an RS 8000 or an RS 8600. The OC-3c line card has four PoS ports, while the OC-12c line card has two PoS ports. You must use the “so” prefix for PoS interface ports.
Configuring Packet-over-SONET Links Packet-over-SONET Configuration Guide Source filtering and ACLs can be applied to an IP interface for a PoS link. Unlike WAN ports, the applied filter or ACL presents no limitation. Different filters can be configured on different PoS ports. 9.2 CONFIGURING PACKET-OVER-SONET LINKS To configure a Packet-over-SONET link: 1. On the RS, assign an interface to the PoS port to which you will connect via fiber cable in a point-to-point link.
Packet-over-SONET Configuration Guide Table 9-1 Configuring Automatic Protection Switching PoS optional operating parameters Parameter Default Value Configuration Command Framing SONET sonet set framing sdh|sonet Loopback Disabled sonet set loopback Path tracing (none) sonet set pathtrace Circuit identifier (none) sonet set circuit-id Frame Check Sequence 32-bit sonet set fcs-16-bit Scrambling Enabled sonet set no-scramble 9.
Configuring Automatic Protection Switching 9.3.1 Packet-over-SONET Configuration Guide Configuring Working and Protecting Ports APS on the RS requires configuration of a working port and a corresponding protecting port. You can configure any number of pairs of PoS ports for APS. The limit is the number of PoS ports on the RS. If one module should go down, the remaining ports on other modules will remain operational.
Packet-over-SONET Configuration Guide Specifying Bit Error Rate Thresholds To return the circuit to the working interface after the working interface becomes available, enter the following commands in Configure mode: Enable automatic switchover from the protecting interface sonet set revertive on|off to the working interface after the working interface becomes available. This command can only be applied to a protecting port.
Monitoring PoS Ports 9.5 Packet-over-SONET Configuration Guide MONITORING POS PORTS To display PoS port configuration information, enter one of the following commands in Enable mode: Show framing status, line type, and circuit ID of the optical link. sonet show medium Show working or protecting line, direction, and switch status. sonet show aps Show received path trace. sonet show pathtrace Show loopback status.
Packet-over-SONET Configuration Guide 9.6.1 Example Configurations APS PoS Links Between RS’s The following example shows APS PoS links between two RS’s, router A and router B. Router A so.5.1 pos21 20.11.11.21/24 so.7.2 Router B (working) pos11 20.11.11.20/24 so.13.1 so.13.2 (protecting) Figure 9-2 Automatic protection switching between two routers The following is the configuration for router A: interface create ip pos21 address-netmask 20.11.11.21/24 port so.5.1 sonet set so.7.
Example Configurations Packet-over-SONET Configuration Guide The following is the configuration for router B: interface POS1/0 ip address 40.1.1.2 255.255.0.0 no ip directed-broadcast encapsulation ppp crc 32 pos scramble-atm pos flag c2 22 9.6.3 PoS Link Between the RS and a Juniper Router The following example shows a PoS link between an RS, router A, and a Juniper router, router B. Router A so.6.1 so-1 40.1.1.1/16 Router B 40.1.1.
Packet-over-SONET Configuration Guide 9.6.4 Example Configurations Bridging and Routing Traffic Over a PoS Link The following example shows how to configure a VLAN ‘v1’ that includes the PoS ports on two connected RS’s, router A and router B. Bridged or routed traffic is transmitted over the PoS link. Router A int1 1.1.1.1/8 int1 1.1.1.2/8 Router B so.6.1 so.7.1 gi.3.1 gi.5.1 Figure 9-4 VLAN with PoS links The following is the configuration for router A: port set so.7.
Example Configurations Packet-over-SONET Configuration Guide The packets forwarded across the L2 Ethernet cloud must contain certain Ethernet MAC headers. Otherwise, the packets will be dropped at the edge of the cloud, in this case a L2 switch. To encapsulate an Ethernet MAC header in the PPP frames, the port ‘so.6.1’ PoS port and its peer at the edge of the cloud must be set in the Ethernet bridged encapsulation mode. To enable Ethernet bridged encapsulation on port ‘so.6.
10 DHCP CONFIGURATION GUIDE The Dynamic Host Configuration Protocol (DHCP) server on the RS provides dynamic address assignment and configuration to DHCP capable end-user systems, such as Windows 95/98/NT and Apple Macintosh systems. You can configure the server to provide a dynamic IP address from a pre-allocated pool of IP addresses or a static IP address.
Configuring DHCP 10.1.1 DHCP Configuration Guide Configuring an IP Address Pool To define a pool of IP addresses that the DHCP server can assign to a client, enter the following command in Configure mode: Define pool of IP addresses to be used by dhcp define pool clients. 10.1.2 Configuring Client Parameters You can configure the client parameters shown in the table below.
DHCP Configuration Guide 10.1.3 Updating the Lease Database Configuring a Static IP Address To define a static IP address that the DHCP server can assign to a client with a specific MAC address, enter the following command in Configure mode: Define static IP address for a particular MAC address. 10.1.4 dhcp define static-ip mac-address O P Grouping Scopes with a Common Interface You can apply several scopes to the same physical interface.
Monitoring the DHCP Server DHCP Configuration Guide To force the DHCP server to immediately update its lease database, enter the following command in Enable mode: Force the server to update its lease database. 10.3 dhcp flush MONITORING THE DHCP SERVER To display information from the lease database: Show lease database information.
DHCP Configuration Guide 4. Configuring Secondary Subnets Define DHCP network parameters for the scope ‘scope1’. dhcp scope1 define parameters address-netmask 10.1.0.0/16 gateway 10.1.1.1 lease-time 24 dns-domain acme.com dns-server 10.2.45.67 netbios-name-server 10.1.55.60 5. Define an IP address pool for addresses 10.1.1.10 through 10.1.1.20. dhcp scope1 define pool 10.1.1.10-10.1.1.20 6. Define another IP address pool for addresses 10.1.1.40 through 10.1.1.50. dhcp scope1 define pool 10.1.1.
Secondary Subnets and Directly-Connected Clients 2. DHCP Configuration Guide Define the address pool for ‘scope1’. dhcp scope1 define pool 10.1.1.10-10.1.1.20 3. Define the network parameters for ‘scope2’ with the default gateway 10.2.1.1. dhcp scope2 define parameters address-netmask 10.2.0.0/16 gateway 10.2.1.1 dns-domain acme.com dns-server 10.1.77.88 4. Define the address pool for ‘scope2’. dhcp scope2 define pool 10.2.1.40-10.2.1.50 5. Create a superscope ‘super1’ that includes ‘scope1’.
DHCP Configuration Guide 3. Interacting with Relay Agents Define the network parameters for ‘scope1’ with the default gateway 10.1.1.1. dhcp scope1 define parameters address-netmask 10.1.0.0/16 gateway 10.1.1.1 dns-domain acme.com dns-server 10.1.44.55 4. Define the address pool for ‘scope1’. dhcp scope1 define pool 10.1.1.10-10.1.1.20 5. Define the network parameters for ‘scope2’ with the default gateway 10.2.1.1. dhcp scope2 define parameters address-netmask 10.2.0.0/16 gateway 10.2.1.
Interacting with Relay Agents 2. DHCP Configuration Guide Define a static route to the 10.5.x.x. subnet using the gateway 10.1.7.10 which tells the DHCP server how to send packets to the client on the 10.5.x.x subnet. ip add route 10.5.0.0/16 gateway 10.1.7.10 3. Define the network parameters for ‘scope1’ with the default gateway 10.5.1.1 (the relay agent for the client). dhcp scope1 define parameters address-netmask 10.5.0.0/16 gateway 10.5.1.1 dns-domain acme.com 4.
11 IP ROUTING CONFIGURATION GUIDE The RS supports standards-based TCP, UDP, and IP. This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters. 11.1 IP ROUTING PROTOCOLS The RS supports standards-based unicast and multicast routing. Unicast routing protocol support includes Interior Gateway Protocols and Exterior Gateway Protocols. Multicast routing protocols are used to determine how multicast data is transferred in a routed environment. 11.1.
Configuring IP Interfaces and Parameters IP Routing Configuration Guide Multicast routing protocols are used to determine which routers have directly attached hosts, as specified by IGMP, that have membership to a multicast session. Once host memberships are determined, routers use multicast routing protocols, such as DVMRP, to forward multicast traffic between routers.
IP Routing Configuration Guide 11.2.2 Configuring IP Interfaces and Parameters Configuring IP Interfaces for a VLAN You can configure one IP interface per VLAN. Once an IP interface has been assigned to a VLAN, you can add a secondary IP address to the VLAN. To create a VLAN called IP3, add ports et.3.1 through et.3.4 to the VLAN, then create an IP interface on the VLAN: rs(config)# vlan create IP3 ip rs(config)# vlan add ports et.3.1-4 to IP3 rs(config)# interface create ip int3 address-netmask 10.20.
Configuring Jumbo Frames IP Routing Configuration Guide If you don’t specify which address to borrow, then the first address of ‘int1’ is borrowed. Note 11.3 This feature cannot be used with multicast routing. CONFIGURING JUMBO FRAMES Certain RS line cards support jumbo frames (frames larger than the standard Ethernet frame size of 1518 bytes). To transmit frames of up to 65535 octets, you increase the maximum transmission unit (MTU) size from the default of 1522.
IP Routing Configuration Guide 11.4 Configuring Address Resolution Protocol (ARP) CONFIGURING ADDRESS RESOLUTION PROTOCOL (ARP) The RS allows you to configure Address Resolution Protocol (ARP) table entries and parameters. ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval.
Configuring Reverse Address Resolution Protocol (RARP) IP Routing Configuration Guide To change the interval for sending ARP requests for unresolved entries to 45 seconds: rs# arp set unresolve-timer 45 To change the number of unresolved entries that the RS attempts to resolve to 75: rs# arp set unresolve-threshold 75 11.4.3 Configuring Proxy ARP The RS can be configured for proxy ARP.
IP Routing Configuration Guide 11.5.2 Configuring DNS Parameters Defining MAC-to-IP Address Mappings The rarpd add command allows you to map a MAC address to an IP address for use with RARP. When a host makes a RARP request on the RS, and its MAC address has been mapped to an IP address with the rarp add command, the RARP server on the RS responds with the IP address that corresponds to the host’s MAC address. To map MAC address 00:C0:4F:65:18:E0 to IP address 10.10.10.
Configuring IP Services (ICMP) IP Routing Configuration Guide To configure three DNS servers and configure the RS’s DNS domain name to “mrb.com”: rs(config)# system set dns server “10.1.2.3 10.2.10.12 10.3.4.5” domain mrb.com 11.7 CONFIGURING IP SERVICES (ICMP) The RS provides ICMP message capabilities including ping and traceroute. The ping command allows you to determine the reachability of a certain IP host, while the traceroute command allows you to trace the IP gateways to an IP host. 11.
IP Routing Configuration Guide 11.9 Configuring Direct Broadcast CONFIGURING DIRECT BROADCAST Directed broadcast packets are network or subnet broadcast packets which are sent to a router to be forwarded as broadcast packets. They can be misused to create Denial Of Service attacks. The RS protects against this possibility by not forwarding directed broadcasts, by default. To enable the forwarding of directed broadcasts, use the ip enable directed-broadcast command.
Monitoring IP Parameters IP Routing Configuration Guide The ip show commands display IP information, such as routing tables, TCP/UDP connections, and IP interface configuration, on the RS. The following example displays all established connections and services of the RS. rs# ip show connections Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *:gated-gii *:* tcp 0 0 *:http *:* tcp 0 0 *:telnet *:* udp 0 0 127.0.0.1:1025 127.0.0.
IP Routing Configuration Guide Configuring IP Forwarding 11.12 CONFIGURING IP FORWARDING When the RS receives a packet for routing, it uses either the Hardware Routing Table (HRT) or one of the following forwarding modes to forward the packet: • • • • application-based forwarding (default) destination-based forwarding host-flow-based forwarding custom forwarding profile 11.13 HARDWARE ROUTING TABLE You can enable forwarding using the Hardware Routing Table (HRT) on the RS.
Forwarding Mode IP Routing Configuration Guide 11.15 FORWARDING MODE When the RS receives a packet for routing, it extracts flow information which is used to determine the packets exit port and QoS requirements. By default, the RS uses application-based forwarding wherein it extracts the complete application (layer-4) flow from an IP packet. The RS then matches the packet’s flow information against flows found in the flow table.
IP Routing Configuration Guide • • • Forwarding Mode define a profile apply the profile to a slot enable the profile on a specific port Defining a Profile When you define a custom forwarding profile, you should identify it and specify which fields will be wild carded: Use the following command to define a custom forwarding profile.
Configuring Router Discovery 11.15.4 IP Routing Configuration Guide Using Custom Forwarding with Other RS Features Custom forwarding profiles are used to wildcard certain fields in the IP header. This can cause incompatibility with various RS features that require that these fields not be wild carded. Therefore, whenever custom forwarding is enabled on a port, the RS checks for compatibility with other features that the port supports.
IP Routing Configuration Guide Configuring Router Discovery On systems that support IP multicasting, router advertisements are sent to the ‘all-hosts’ multicast address 224.0.0.1 by default. You can specify that broadcast be used, even if IP multicasting is available. When router advertisements are sent to the all-hosts multicast address or an interface is configured for the limited broadcast address 255.255.255.255, the router advertisement includes all IP addresses configured on the physical interface.
Setting Memory Thresholds IP Routing Configuration Guide To display router discovery information: rs# rdisc show all Task State: Send buffer size 2048 at 812C68F8 Recv buffer size 2048 at 812C60D0 Timers: RouterDiscoveryServer Priority 30 RouterDiscoveryServer_RS2_RS3_IP last: 10:17:21 next: 10:25:05 Task RouterDiscoveryServer: Interfaces: Interface RS2_RS3_IP: Group 224.0.0.1: minadvint 7:30 maxadvint 10:00 lifetime 30:00 Address 10.10.5.
IP Routing Configuration Guide Setting Memory Thresholds The default memory thresholds are shown in Table 11-1. You can use the ip-router global set memory-threshold command to change the thresholds. Table 11-1 Default Memory Thresholds Threshold Level Percentage of Memory 0 12 03 14 05 62 07 64 When a level-1, level-2, or level-3 threshold is reached, the RS may delete routes in the RIB or not add new routes to the RIB, depending upon the routing protocol.
Configuration Examples IP Routing Configuration Guide Table 11-2 RIB Updates When Memory Threshold is Reached Route Protocol Threshold Action BGP level-1 level-2 • A new BGP route is added only if it is the only BGP route to the given destination. • Maximum of 3 routes allowed to a given destination. If there are more than 3 routes to a given destination, a new route replaces an existing route. level-3 • Maximum of 2 routes allowed to a given destination.
12 VRRP CONFIGURATION GUIDE This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the RS. VRRP is defined in RFC 2338. End host systems on a LAN are often configured to send packets to a statically configured default router. If this default router becomes unavailable, all the hosts that use it as their first hop router become isolated on the network. VRRP provides a way to ensure the availability of an end host’s default router.
Configuring VRRP 12.1.1 VRRP Configuration Guide Basic VRRP Configuration Figure 12-1 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2 are both configured with one virtual router (VRID=1). Router R1 serves as the Master and Router R2 serves as the Backup. The four end hosts are configured to use 10.0.0.1/16 as the default route. IP address 10.0.0.1/16 is associated with virtual router VRID=1. Master Backup R1 R2 VRID=1 Interface Addr. = 10.0.0.1/16 VRID=1 Addr.
VRRP Configuration Guide Configuring VRRP Configuration for Router R2 The following is the configuration file for Router R2 in Figure 12-1. 1: 2: 3: 4: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 ip-redundancy create vrrp 1 interface test ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 ip-redundancy start vrrp 1 interface test The configuration for Router R2 is nearly identical to Router R1. The difference is that Router R2 does not own IP address 10.0.0.1/16.
Configuring VRRP VRRP Configuration Guide Master for VRID=1 Backup for VRID=2 Master for VRID=2 Backup for VRID=1 R1 R2 Interface Addr. = 10.0.0.1/16 VRID=1 Addr. = 10.0.0.1/16 VRID=2 Addr. = 10.0.0.2/16 H1 VRID=1 VRID=2 10.0.0.1/16 H2 Default Route = 10.0.0.1/16 10.0.0.2/16 H3 Interface Addr. = 10.0.0.2/16 VRID=1 Addr. = 10.0.0.1/16 VRID=2 Addr. = 10.0.0.2/16 H4 Default Route = 10.0.0.2/16 Figure 12-2 Symmetrical VRRP configuration In this configuration, half the hosts use 10.0.0.
VRRP Configuration Guide Configuring VRRP Configuration of Router R2 The following is the configuration file for Router R2 in Figure 12-2. 1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test ! 4: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 5: ip-redundancy associate vrrp 2 interface test address 10.0.0.
Configuring VRRP VRRP Configuration Guide In this configuration, Router R1 is the Master for virtual router VRID=1 and the primary Backup for virtual routers VRID=2 and VRID=3. If Router R2 or R3 were to go down, Router R1 would assume the IP addresses associated with virtual routers VRID=2 and VRID=3. Router R2 is the Master for virtual router VRID=2, the primary backup for virtual router VRID=1, and the secondary Backup for virtual router VRID=3.
VRRP Configuration Guide Configuring VRRP The following table shows the priorities for each virtual router configured on Router R1. Virtual Router Default Priority Configured Priority VRID=1 – IP address=10.0.0.1/16 255 (address owner) 255 (address owner) VRID=2 – IP address=10.0.0.2/16 100 200 (see line 8) VRID=3 – IP address=10.0.0.3/16 100 200 (see line 9) Configuration of Router R2 The following is the configuration file for Router R2 in Figure 12-3.
Configuring VRRP Note VRRP Configuration Guide Since 100 is the default priority, line 9, which sets the priority to 100, is actually unnecessary. It is included for illustration purposes only. Configuration of Router R3 The following is the configuration file for Router R3 in Figure 12-3. 1: interface create ip test address-netmask 10.0.0.3/16 port et.1.
VRRP Configuration Guide 12.2 Additional Configuration ADDITIONAL CONFIGURATION This section covers settings you can modify in a VRRP configuration, including backup priority, advertisement interval, pre-empt mode, and authentication key. 12.2.1 Setting the Backup Priority As described in Section 12.1.3, "Multi-Backup Configuration", you can specify which Backup router takes over when the Master router goes down by setting the priority for the Backup routers.
Monitoring VRRP 12.2.4 VRRP Configuration Guide Setting Pre-empt Mode When a Master router goes down, the Backup with the highest priority takes over the IP addresses associated with the Master. By default, when the original Master comes back up again, it takes over from the Backup router that assumed its role as Master. When a VRRP router does this, it is said to be in pre-empt mode. Pre-empt mode is enabled by default on the RS.
VRRP Configuration Guide 12.3.1 Monitoring VRRP ip-redundancy trace The ip-redundancy trace command is used for troubleshooting purposes. This command causes messages to be displayed when certain VRRP events occur on the RS. To trace VRRP events, enter the following commands in Enable mode: Display a message when any VRRP event occurs. (Disabled by default.) ip-redundancy trace vrrp events enabled Display a message when a VRRP router changes from one state to another; for example Backup to Master.
Monitoring VRRP To display information about all virtual routers on interface int1: rs# ip-redundancy show vrrp interface int1 VRRP Virtual Router 100 - Interface int1 -----------------------------------------Uptime 0 days, 0 hours, 0 minutes, 17 seconds. State Backup Priority 100 (default value) Virtual MAC address 00005E:000164 Advertise Interval 1 sec(s) (default value) Preempt Mode Enabled (default value) Authentication None (default value) Primary Address 10.8.0.2 Associated Addresses 10.8.0.1 100.0.
VRRP Configuration Guide VRRP Configuration Notes To display VRRP statistics for virtual router 100 on interface int1: rs# ip-redundancy show vrrp 1 interface int1 verbose VRRP Virtual Router 100 - Interface int1 -----------------------------------------Uptime 0 days, 0 hours, 0 minutes, 17 seconds.
VRRP Configuration Notes VRRP Configuration Guide Skew-time = ( (256 - Priority) / 256 ) Therefore, the higher the priority, the faster a Backup router will detect that the Master is down. For example: - Default advertisement-interval = 1 second Default Backup router priority = 100 Master-down-interval = time it takes a Backup to detect the Master is down = (3 * adv-interval) + skew-time = (3 * 1 second) + ((256 - 100) / 256) = 3.
13 RIP CONFIGURATION GUIDE This chapter describes how to configure the Routing Information Protocol (RIP) on the Riverstone RS Switch Router. RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network. RIP uses a hop count metric to measure the distance to a destination.
Configuring RIP Parameters RIP Configuration Guide To add RIP interfaces, enter the following commands in Configure mode. Add interfaces to the RIP process. rip add interface Add gateways from which the RS will accept RIP updates. rip add trusted-gateway Define the list of routers to which RIP sends packets directly, not through multicast or broadcast. rip add source-gateway 13.
RIP Configuration Guide Configuring RIP Parameters Specify that RIP V2 packets that are RIP V1-compatible should be broadcast on this interface. rip set interface |all type broadcast Change the metric on incoming RIP routes. rip set interface |all metric-in Change the metric on outgoing RIP routes. rip set interface |all metric-out Set the authentication method to simple text up to 8 characters.
Monitoring RIP 13.2.1 RIP Configuration Guide Configuring RIP Route Default-Metric You can define the metric used when advertising routes via RIP that were learned from other protocols. The default value for this parameter is 16 (unreachable). To export routes from other protocols into RIP, you must explicitly specify a value for the default-metric parameter. The metric specified by the default-metric parameter may be overridden by a metric specified in the export command.
RIP Configuration Guide Configuration Example Show detailed information of request packets sent by the router. rip trace send request Show RIP timer information. rip show timers 13.4 CONFIGURATION EXAMPLE R1 Interface 1.1.1.1 R2 Interface 3.2.1.1 ! Example configuration ! ! Create interface R1-if1 with ip address 1.1.1.1/16 on port et.1.1 on R-1 interface create ip R1-if1 address-netmask 1.1.1.1/16 port et.1.
Configuration Example 13-6 Riverstone Networks RS Switch Router User Guide Release 8.
14 OSPF CONFIGURATION GUIDE Open Shortest Path First Routing (OSPF) is a shortest path first or link-state protocol. The RS supports OSPF Version 2.0, as defined in RFC 2328. OSPF is an interior gateway protocol that distributes routing information between routers in a single autonomous system. OSPF chooses the least-cost path as the best path.
OSPF Multipath • OSPF Configuration Guide Route Redistribution: Routes learned via RIP, BGP, or any other sources can be redistributed into OSPF. OSPF routes can be redistributed into RIP or BGP. For information on Route Redistribution, refer to Chapter 18, "Routing Policy Configuration". 14.1 OSPF MULTIPATH The RS also supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the RS “discovers” and uses all of them.
OSPF Configuration Guide 14.4 Enabling OSPF ENABLING OSPF OSPF is disabled by default on the RS. To enable or disable OSPF, enter one of the following commands in Configure mode. Enable OSPF. ospf start Disable OSPF. ospf stop 14.5 CONFIGURING OSPF AREAS OSPF areas are a collection of subnets that are grouped in a logical fashion. Each area maintains its own link state database. The area topology is known only within the area.
Configuring OSPF Areas 14.5.1 OSPF Configuration Guide Configuring Summary Ranges To reduce the amount of routing information propagated between areas, you can configure summary-ranges on Area Border Routers (ABRs). On the RS, summary-ranges are created using the ospf add summary-range command – the networks specified using this command describe the scope of an area.
OSPF Configuration Guide Configuring OSPF Areas Additionally, there may be interfaces that are directly attached to the router and therefore should be advertised as reachable from the router. To specify an interface that is directly attached, such as a loopback interface, together with its cost, enter the following command in Configure mode.. Add a stub host to an OSPF area. 14.5.
Configuring OSPF Interfaces 14.6 OSPF Configuration Guide CONFIGURING OSPF INTERFACES To configure an interface for OSPF, first configure an IP interface using the interface create command, then add the interface to an OSPF area. To add an IP interface to an area enter the following command in Configure mode: Add an interface to an OSPF area.
OSPF Configuration Guide 14.6.2 Configuring OSPF Interface Parameters Configuring Interfaces for Point-to-Multipoint Networks As in the case of NBMA networks, a list of neighboring routers reachable over a PMP network should be configured so that the router can discover its neighbors. To specify a reachable neighbor on a point-to-multipoint network, enter the following command in Configure mode: Specify an OSPF point-to-multipoint neighbor. 14.6.
Creating Virtual Links 14.7.1 OSPF Configuration Guide Setting the Interface State OSPF interfaces that are added to an area are enabled by default. You can disable them by using the state disable option with the ospf set interface command. 14.7.2 Setting the Default Cost of an OSPF Interface The RS calculates the default cost of an OSPF interface using the reference bandwidth and the interface bandwidth. The default reference bandwidth is 1000.
OSPF Configuration Guide Configuring OSPF Parameters To configure virtual links, enter the following commands in the Configure mode. Create a virtual link. ospf add virtual-link neighbor transit-area Set virtual link parameters.
Configuring OSPF Parameters OSPF Configuration Guide Parameter Description router-dead interval The interval the router waits after receiving no Hello packets from its neighbor before considering it as down. transit delay The estimated time it takes to transmit an LSA update. 14.9.1 Configuring OSPF Global Parameters The following sections describe parameters that can be set only at the global level.
OSPF Configuration Guide Configuring OSPF Parameters ospf set export-limit Specifies how many ASEs will be generated and flooded in each batch. The default is 250. Specifies AS external link advertisement default parameters. ospf set ase-defaults [preference ]| [cost ]|[type ] | [inherit-metric] [tag ] [as} Configuring Support for Opaque LSAs The RS supports opaque LSAs as defined in RFC 2370.
Monitoring OSPF OSPF Configuration Guide 14.10 MONITORING OSPF The Riverstone RS Switch Router provides two different command sets to display the various OSPF tables: • ospf monitor commands allow you to display the OSPF tables for the router on which the commands are being entered, as well as for other remote Riverstone RS Switch Routers running OSPF. The ospf monitor commands can be used to display a concise version of the various OSPF tables.
OSPF Configuration Guide Monitoring OSPF Following is an example of the ospf show statistics interface command. It displays the number of each type of LSA that was processed. rs# ospf show statistics interface 190.135.89.227 Statistics for Interface 190.135.89.
OSPF Configuration Examples Note OSPF Configuration Guide For additional information on the sample output and the other ospf monitor and ospf show commands, refer to the Riverstone RS Switch Router Command Line Interface Reference Manual. 14.11 OSPF CONFIGURATION EXAMPLES For all examples in this section, refer to the configuration shown in Figure 14-1.
OSPF Configuration Guide 14.11.1 OSPF Configuration Examples Exporting All Interface & Static Routes to OSPF Router R1 has several static routes. We will export these static routes as type-2 OSPF routes. The interface routes will be redistributed as type-1 OSPF routes. 1. Create a nOSPF export destination for type-1 routes to redistribute certain routes into OSPF as type 1 OSPF-ASE routes. ip-router policy create ospf-export-destination ospfExpDstType1 type 1 metric 1 2.
OSPF Configuration Examples 3. Create an OSPF export destination for type-2 routes. ip-router policy create ospf-export-destination ospfExpDstType2 type 2 metric 4 4. Create an OSPF export destination for type-2 routes with a tag of 100. ip-router policy create ospf-export-destination ospfExpDstType2t100 type 2 tag 100 metric 4 5. Create a RIP export source. ip-router policy create rip-export-source ripExpSrc 6. Create a Static export source.
OSPF Configuration Guide OSPF Configuration Examples 12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPF-ASE routes into RIP.
OSPF Configuration Guide OSPF Configuration Examples 14-18 Riverstone Networks RS Switch Router User Guide Release 8.
15 IS-IS CONFIGURATION GUIDE This chapter provides an overview of the Intermediate System-Intermediate System (IS-IS) routing protocol features available for the Riverstone RS Switch Router. IS-IS is a link state hierarchical routing protocol. In IS-IS, a router is an Intermediate System (IS), and a routing sub domain is an area. An IS-IS area can contain a number of routers and end devices.
Enabling IS-IS on the RS IS-IS Configuration Guide To enable IS-IS on an interface, enter the following command in Configure mode: Creates an IS-IS interface on a router. isis add interface |all 15.3 ENABLING IS-IS ON THE RS IS-IS is disabled on the RS by default. To enable IS-IS on the RS, enter the following command in Configure mode: Enables IS-IS on the router. 15.
IS-IS Configuration Guide Setting IS-IS Global Parameters To set the time interval between PSNP transmissions, enter the following command in Configure mode: Sets the PSNP interval. 15.4.3 isis set psn-interval Setting the System ID A system ID is a unique 12 hexadecimal number that uniquely identifies the IS in the routing domain. A system ID is assigned to the IS by default, but can be overwritten using the following command.
Setting IS-IS Global Parameters 15.4.6 IS-IS Configuration Guide Setting IS-IS Authentication The RS supports four levels of authentication for IS-IS: authentication between neighbors, within an area, within a domain, and authentication of SNPs. The first three levels of authentication can use either MD5 or simple authentication. (For additional information about these authentication methods, refer to Chapter 18.1.5, "Authentication.") The following sections describe each level of authentication.
IS-IS Configuration Guide Setting IS-IS Interface Parameters SNP Authentication This type of authentication controls the processing of SNPs (both CSNPs and PSNPs). When the router receives an SNP, it authenticates it by checking the password (which is the same as the password set using the isis set interface password command). To configure SNP authentication, enter the following command in Configure mode: Sets authentication for SNPs. 15.
Setting IS-IS Interface Parameters 15.5.2 IS-IS Configuration Guide Setting Interface Parameters for a Designated Intermediate System (DIS) On a broadcast network, routers elect a DIS, which advertises all links to the attached routers. The following parameters are used during DIS election and by the interface, if it is elected as the DIS. These parameters can be set globally, or for Level-1 or Level-2 interfaces only.
IS-IS Configuration Guide Displaying IS-IS Information In the example above, interfaces gig1 through gig3 will not forward an LSPs if the LSP is received by any interface in mesh group 10. Additionally, interface gig4 will not forward an LSP, regardless of the interface on which it is received. 15.6 DISPLAYING IS-IS INFORMATION The RS provides a number of commands which you can use to view information about your IS-IS configuration. The isis show all command displays all the router’s IS-IS tables.
Displaying IS-IS Information IS-IS Configuration Guide Area 49.da01 R2 L1 21/16 R3 L1 L1 20/16 21/16 R4 R1 Area 49.da03 L2 100/8 R8 105/8 L2 R5 L1 40/16 Area 49.da04 L2 115/8 C10 L1 30/16 R6 R9 110/8 L2 L1 31/16 Area 49.da02 R7 Network Topology Overview Figure 15-1 Network overview 15-8 Riverstone Networks RS Switch Router User Guide Release 8.
IS-IS Configuration Guide Displaying IS-IS Information Area 49.da01 21.1.1.1/16 23.1.1.1/16 et.1.1 R2 vlan 21net 21/16 21.1.1.2/16 L1 et.1.3 24.1.1.1/16 R3 et.1.1 20.1.1.2/16 et.1.2 20/16 L1 20.1.1.1/16 21/16 L1 et.1.2 et.1.1 et.1.1 22.1.1.1/16 R1 et.1.4 21.1.1.3/16 R4 25.1.1.1/16 100.1.1.1/8 hs.5.1 100/8 L2 IS-IS Area 1 Figure 15-2 Area 1 detailed view Riverstone Networks RS Switch Router User Guide Release 8.
Displaying IS-IS Information IS-IS Configuration Guide 100/8 L2 100.1.1.2/8 hs.5.1 115.1.1.1/8 105/8 L2 105.1.1.2/8 et.1.3 115/8 L2 et.1.8 R5 30.1.1.1/16 et.1.2 L1 30/16 30.1.1.2/16 R6 et.1.2 Area 49.da02 31.1.1.1/16 et.1.3 31/16 L1 31.1.1.2/16 et.1.3 R7 IS-IS Area 2 Figure 15-3 Area 2 detailed view 15-10 Riverstone Networks RS Switch Router User Guide Release 8.0 110.1.1.1/8 et.1.
IS-IS Configuration Guide Displaying IS-IS Information Area 49.da03 41.1.1.1/16 et.1.1 105.1.1.1/8 R8 et.1.3 105/8 L2 et.1.2 40.1.1.1/16 L1 40/16 et.1.2 40.1.1.2/16 R9 et.1.1 42.1.1.1/16 IS-IS Area 3 Figure 15-4 Area 3 detailed view Riverstone Networks RS Switch Router User Guide Release 8.
Displaying IS-IS Information IS-IS Configuration Guide Area 49.da04 115.1.1.2/8 L2 115/8 C10 51.1.1.1/16 L1 51/16 et.1.2 51.1.1.2/16 52.1.1.1/16 52/16 52.1.1.2/16 se.4.3 L1 R11 110.1.1.2/8 110/8 L2 IS-IS Area 4 Figure 15-5 Area 4 detailed view The following sections show the configuration for each router within this network. Note that explanations (in italics) precede each command or set of commands. 15-12 Riverstone Networks RS Switch Router User Guide Release 8.
IS-IS Configuration Guide Displaying IS-IS Information R1 Configuration The following is the configuration for R1 in Area 1. R1 has a Level 1 IS-IS interface and a Level 2 IS-IS interface. R1(config)# sh Running system configuration: ! ! Last modified from Console on 2000-06-29 12:13:03 ! To configure the WAN port hs.5.1: 1 : port set hs.5.1 wan-encapsulation ppp speed 45000000 clock internal-clock-51mhz ! To configure IP interfaces: 2 : interface create ip 20net address-netmask 20.1.1.1/16 port et.1.
Displaying IS-IS Information R2 Configuration The following is the configuration for router R2 in Area 1: R2(config)# sh Running system configuration: To configure the IP VLAN, 21net: 1 : vlan create 21net ip 2 : vlan add ports et.1.3,et.1.4 to 21net ! To configure ports et.1.1 and et.1.2, and VLAN 21net as separate IP interfaces: 3 : interface create ip 23net address-netmask 23.1.1.1/16 port et.1.1 4 : interface create ip 21net address-netmask 21.1.1.
IS-IS Configuration Guide Displaying IS-IS Information R3 Configuration The following is the configuration for router R3 in Area 1: R3(config)# sh Running system configuration: ! ! Last modified from Console on 2000-06-28 22:48:47 ! To configure IP interfaces: 1 : interface create ip 21net address-netmask 21.1.1.2/16 port et.1.3 2 : interface create ip 24net address-netmask 24.1.1.1/16 port et.1.1 ! To configure router R3’s area: 3 : isis add area 49.
Displaying IS-IS Information R4 Configuration The following is the configuration for R4 in Area 1: R4(config)# sh Running system configuration: ! ! Last modified from Console on 2000-06-28 17:50:12 ! To configure IP interfaces: 1 : interface create ip 21net address-netmask 21.1.1.3/16 port et.1.4 2 : interface create ip 25net address-netmask 25.1.1.1/16 port et.1.1 ! To configure router R4’s area: 3 : isis add area 49.
IS-IS Configuration Guide Displaying IS-IS Information R5 Configuration The following is the configuration for R5 in Area 2: R5(config)# sh Running system configuration: ! ! Last modified from Console on 2000-07-06 09:31:01 ! To set WAN encapsulation for port hs.5.1: 1 : port set hs.5.1 wan-encapsulation ppp speed 45000000 clock internal-clock-51mhz ! To create IP interfaces: 2 3 4 5 6 : : : : : interface interface interface interface interface ! create create create create add ip ip 35net port et.
Displaying IS-IS Information R6 Configuration The following is the configuration for R6 in Area 2: R6(config)# sh Running system configuration: ! ! Last modified from Console on 2000-07-06 08:36:43 ! To configure IP interfaces: 1 : interface create ip 110net address-netmask 110.1.1.1/8 port et.1.4 2 : interface create ip 31net address-netmask 31.1.1.1/16 port et.1.3 3 : interface create ip 30net address-netmask 30.1.1.2/16 port et.1.
IS-IS Configuration Guide Displaying IS-IS Information R7 Configuration The following is the configuration for R7 in Area 2: R7(config)# sh Running system configuration: ! ! Last modified from Console on 2000-07-04 15:18:34 ! To configure an IP interface: 1 : interface create ip 31net address-netmask 31.1.1.2/16 port et.1.
Displaying IS-IS Information R9 Configuration The following is the configuration for R9 in Area 3: R9(config)# sh Running system configuration: ! ! Last modified from Console on 2000-06-28 11:32:26 ! To create IP interfaces: 1 : interface create ip 40net address-netmask 40.1.1.2/16 port et.1.2 2 : interface create ip 42net address-netmask 42.1.1.1/16 port et.1.1 ! To configure the IS-IS area of router R9: 3 : isis add area 49.
IS-IS Configuration Guide Displaying IS-IS Information C10 Configuration The following is the configuration for the C10 Cisco router in Area 4: Router#sh ru Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname Router ! ! clns routing ! interface Serial0/0 ip address 52.1.1.1 255.255.0.0 ip router isis 49.
Displaying IS-IS Information C10 Configuration (continued) interface Ethernet1/1 ip address 110.1.1.2 255.0.0.0 ip router isis 49.0004 isis circuit-type level-2-only isis priority 10 level-1 ! interface Ethernet1/2 ip address 111.1.1.2 255.0.0.0 ip router isis 49.0004 isis circuit-type level-2-only isis priority 10 level-1 ! interface Ethernet1/3 no ip address shutdown ! interface Ethernet1/4 no ip address shutdown ! interface Ethernet1/5 no ip address shutdown ! router isis 49.0004 net 49.0004.0200.3301.
IS-IS Configuration Guide Displaying IS-IS Information R11 Configuration The following is the configuration for R11 in Area 4: R11(config)# sh Running system configuration: ! ! Last modified from Console on 2000-06-28 10:19:40 ! To configure the WAN port se.4.3: 1 : port set se.4.3 wan-encapsulation ppp speed 45000000 ! To configure IP interfaces: 2 : interface create ip 52net address-netmask 52.1.1.2/16 port se.4.3 3 : interface create ip 51net address-netmask 51.1.1.2/16 port et.1.
Displaying IS-IS Information 15-24 Riverstone Networks RS Switch Router User Guide Release 8.
16 BGP CONFIGURATION GUIDE The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version, BGP-4, was published in 1994 (RFC 1771). BGP is typically run between Internet Service Providers. It is also frequently used by multi-homed ISP customers, as well as in large commercial networks.
Basic BGP Tasks 16.2 BGP Configuration Guide BASIC BGP TASKS This section describes the basic tasks necessary to configure BGP on the RS. Due to the abstract nature of BGP, many BGP designs can be extremely complex. For any one BGP design challenge, there may only be one solution out of many that is relevant to common practice. When designing a BGP configuration, it may be prudent to refer to information in RFCs, Internet drafts, and books about BGP.
BGP Configuration Guide Basic BGP Tasks If you do not explicitly specify the router ID, then an ID is chosen implicitly by the RS. A secondary address on the loopback interface (the primary address being 127.0.0.1) is the most preferred candidate for selection as the router ID.
Basic BGP Tasks 16.2.4 BGP Configuration Guide Adding a BGP Peer To add BGP peers to BGP peer groups, enter the following command in Configure mode. Add a host to a BGP peer group.
BGP Configuration Guide Basic BGP Tasks For example: “.” Matches any single AS number as the AS path. “700.*” Matches all AS paths coming from an AS that starts with 700. “.* [^700 800]” Matches all paths that do not end with AS numbers 700 and 800 and have at least one AS. “[1-64999]*” Matches a path that has only valid exterior AS numbers. “700 800 [^100]” Matches AS numbers 700 and 800 and any other AS number except 100.
Basic BGP Tasks BGP Configuration Guide To export all active routes from 284 or 813 or 814 or 815 or 816 or 3369 or 3561 to autonomous system 64800. ip-router policy create aspath-regular-expression someAspath ".*(284|813|814|815|816|3369|3561) .
BGP Configuration Guide Basic BGP Tasks 3. Exit Configure mode. 4. Re-enter Configure mode. 5. Add the peer-host back to the peer-group. If the as-count option is part of the startup configuration, the above steps are unnecessary. 16.2.8 Creating BGP Confederations In a BGP autonomous system, each iBGP router has to peer with all other iBGP routers over a direct link. This is known as a "routing mesh." In a large AS, the number of peers and the number links between peers can be significant.
Basic BGP Tasks • BGP Configuration Guide To prevent looping of routing announcements within the confederation, the AS-path attribute uses two new path segment types: as-confed-set and as-confed-sequence are similar to the as-set and as-sequence attributes, except they are only used within a confederation. The confederation structure is hidden whenever an EBGP session takes place between a router in a sub-AS and a router outside the confederation.
BGP Configuration Guide 16.2.
Basic BGP Tasks BGP Configuration Guide route-map-in (import) or route-map-out (export) option of the bgp set peer-group or bgp set peer-host commands. For example, the following commands apply the route map with the identifier ’1’ for routes that are exported to the peer group ’pub1’: bgp create peer-group pub1 type external autonomous-system 3937 bgp add peer-host 14.2.3.23 group pub1 bgp set peer-group pub1 route-map-out 1 For EBGP, route maps can be applied to either a peer group or a peer host.
BGP Configuration Guide Basic BGP Tasks Defining Actions in Route Map Conditions When a route matches a condition configured with the permit keyword, the specified action is taken.
Basic BGP Tasks 2. BGP Configuration Guide Enable the route-map on incoming traffic from router R1. For example, the following command applies the route-map ’1’ to routes imported from the peer group ’r1’: bgp set peer-group r1 route-map-in 1 in-sequence 1 3. Add the interface name to the BGP accounting table. For example, the following command enables BGP accounting on the interface ’customerA’: ip enable bgp-actg-on customerA 4. Start BGP accounting.
BGP Configuration Guide BGP Configuration Examples The example output shown above displays the number of packets and bytes sent at the interface 'int1'. The user has sent 111 packets of size 130 bytes that fell into bucket 1 (traffic index 1). For example, a ping request (with a data size of 84 bytes) was sent 111 times. Use the ip clear bgp-actg command to clear BGP accounting statistics.
BGP Configuration Examples • BGP Configuration Guide BGP accounting 16.3.1 BGP Peering Session Example The router process used for a specific BGP peering session is known as a BGP speaker. A single router can have several BGP speakers. Successful BGP peering depends on the establishment of a neighbor relationship between BGP speakers. The first step in creating a BGP neighbor relationship is the establishment of a TCP connection (using TCP port 179) between peers.
BGP Configuration Guide BGP Configuration Examples AS-1 AS-2 R1 1.1 1.1 10.0.0.1/16 R2 10.0.0.2/16 Legend: Physical Link Peering Relationship Figure 16-2 Sample BGP peering session The CLI configuration for router R1 is as follows: interface create ip et.1.1 address-netmask 10.0.0.1/16 port et.1.1 # # Set the AS of the router # ip-router global set autonomous-system 1 # # Set the router ID # ip-router global set router-id 10.0.0.
BGP Configuration Examples BGP Configuration Guide The gated.conf file for router R1 is as follows: autonomoussystem 1 ; routerid 10.0.0.1 ; bgp yes { group type external peeras 2 { peer 10.0.0.2 ; }; }; The CLI configuration for router R2 is as follows: interface create ip et.1.1 address-netmask 10.0.0.2/16 port et.1.1 ip-router global set autonomous-system 2 ip-router global set router-id 10.0.0.2 bgp create peer-group pg2w1 type external autonomous-system 1 bgp add peer-host 10.0.0.
BGP Configuration Guide BGP Configuration Examples Multihomed transit ASs can use IBGP between EBGP-speaking routers in the AS to synchronize their routing tables. IBGP requires a full-mesh configuration; all EBGP speaking routers must have an IBGP peering session with every other EBGP speaking router in the AS. An IGP, like OSPF, could possibly be used instead of IBGP to exchange routing information between EBGP speakers within an AS.
BGP Configuration Examples BGP Configuration Guide In this example, OSPF is configured as the IGP in the autonomous system. The following lines in the router R6 configuration file configure OSPF: # # Create a secondary address for the loopback interface # interface add ip lo0 address-netmask 172.23.1.26/30 ospf create area backbone ospf add interface to-R4 to-area backbone ospf add interface to-R1 to-area backbone # # This line is necessary because we want CISCO to peer with our loopback # address.
BGP Configuration Guide BGP Configuration Examples The following lines on the Cisco router set up IBGP peering with router R6. router bgp 64801 ! ! Disable synchronization between BGP and IGP ! no synchronization neighbor 172.23.1.26 remote-as 64801 ! ! Allow internal BGP sessions to use any operational interface for TCP ! connections ! neighbor 172.23.1.26 update-source Loopback0 16.3.
BGP Configuration Examples BGP Configuration Guide The CLI configuration for router R1 is as follows: bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.2 group ebgp_multihop ! ! Specify the multihop option, which indicates EBGP multihop. ! bgp set peer-host 18.122.128.2 group ebgp_multihop multihop The gated.conf file for router R1 is as follows: autonomoussystem 64800 ; routerid 0.0.0.
BGP Configuration Guide BGP Configuration Examples The gated.conf file for router R2 is as follows: static { 18.122.0.0 masklen 16 gateway 17.122.128.4 ; }; The CLI configuration for router R3 is as follows: interface create ip to-R2 address-netmask 17.122.128.4/16 port et.4.2 interface create ip to-R4 address-netmask 18.122.128.4/16 port et.4.4 ip add route 16.122.0.0/16 gateway 17.122.128.3 The gated.conf file for router R3 is as follows: static { 16.122.0.0 masklen 16 gateway 17.122.128.
BGP Configuration Examples BGP Configuration Guide The gated.conf file for router R4 is as follows: autonomoussystem 64800 ; routerid 0.0.0.1 ; bgp yes { traceoptions state ; group type external peeras 64801 { peer 18.122.128.2 gateway 16.122.128.3 16.3.4 Community Attribute Example The following configuration illustrates the BGP community attribute. Community is specified as one of the parameters in the optional attributes list option of the ip-router policy create command.
BGP Configuration Guide BGP Configuration Examples AS-64901 AS-64902 ISP2 ISP1 R11 1.6 172.25.1.1/16 172.25.1.2/16 1.1 R13 1.1 1.6 172.26.1.2/16 192.168.20.2/16 AS-64900 AS-64899 192.168.20.1/16 100.200.12.1/24 100.200.13.1/24 1.1 1.3 172.26.1.1/16 192.169.20.1/16 1.6 R10 1.8 CS1 192.169.20.2/16 1.8 1.6 R14 CS2 10.200.14.1/24 1.1 10.200.15.1/24 1.
BGP Configuration Examples BGP Configuration Guide AS-64901 AS-64902 ISP1 ISP2 R11 172.25.1.1/16 172.25.1.2/16 R13 10.220.1.1/16 192.168.20.2/16 AS-64900 Legend: 192.168.20.1/16 Physical Link 100.200.12.20/24 CS1 100.200.13.1/24 R10 Peering Relationship Information Flow Figure 16-6 Sample BGP configuration (well-known community) The Community attribute can be used in three ways: 1.
BGP Configuration Guide BGP Configuration Examples In Figure 16-5, router R11 has the following configuration: # # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64901) # ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64901 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64901) # ip-router policy create optional-attributes-list color2 communi
BGP Configuration Examples BGP Configuration Guide In Figure 16-5, router R13 has the following configuration: ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 ip-router policy create optional-attributes-list color2 community-id 155 autonomous-system 64902 ip-router policy create bgp-import-source 902color1 optional-attributes-list color1 autonomous-system 64899 sequence-number 1 ip-router policy create bgp-import-source 902color2 optional-attributes-list c
BGP Configuration Guide BGP Configuration Examples In Figure 16-5, router R10 has the following configuration: # # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64902) # ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64902) # ip-router policy create optional-attributes-list color2 communi
BGP Configuration Examples BGP Configuration Guide Any communities specified with the optional-attributes-list option are sent in addition to any received with the route or associated with a BGP export destination. The community attribute may be a single community or a set of communities. A maximum of 10 communities may be specified. The community attribute can take any of the following forms: • Specific community The specific community consists of the combination of the AS-value and community ID.
BGP Configuration Guide 16.3.5 BGP Configuration Examples Local Preference Examples There are two methods of specifying the local preference with the bgp set peer-group command: • Setting the local-pref option. This option can only be used for the internal, routing, and IGP group types and is not designed to be sent outside of the AS.
BGP Configuration Examples BGP Configuration Guide 10.200.12.1/24 10.200.13.1/24 10.200.14.1/24 10.200.15.1/24 AS-64900 1.1 1.3 R10 1.1 R11 192.169.20.2/16 192.169.20.1/16 1.6 1.6 192.168.20.1/16 172.28.1.1/16 EBGP EBGP 192.168.20.2/16 172.28.1.2/16 1.1 R12 1.3 AS-64901 1.1 R13 1.3 1.3 172.25.1.1/16 172.25.1.2/16 1.6 1.6 172.27.1.1/16 172.26.1.1/16 172.26.1.2/16 172.27.1.2/16 R14 1.3 1.
BGP Configuration Guide BGP Configuration Examples Using the local-pref Option For router R12’s CLI configuration file, local-pref is set to 194: bgp set peer-group as901 local-pref 194 For router R13, local-pref is set to 204. bgp set peer-group as901 local-pref 204 Using the set-pref Option The formula used to compute the local preference is as follows: Local_Pref = 254 – (global protocol preference for this route) + set-pref metric Note A value greater than 254 will be reset to 254.
BGP Configuration Examples BGP Configuration Guide Note the following when using the set-pref option: • All routers in the same network that are running ROSRD and participating in IBGP should use the set-pref option, and the set-pref metric should be set to the same value.
BGP Configuration Guide BGP Configuration Examples Routers R4 and R6 inform router C1 about network 172.16.200.0/24 through External BGP (EBGP). Router R6 announced the route with a MED of 10, whereas router R4 announces the route with a MED of 20. Of the two EBGP routes, router C1 chooses the one with a smaller MED. Thus router C1 prefers the route from router R6, which has a MED of 10.
BGP Configuration Examples BGP Configuration Guide Router R8 has the following CLI configuration: interface add ip xleapnl address-netmask 212.19.192.2/24 interface create ip hobbygate address-netmask 212.19.199.62/24 port et.1.2 interface create ip xenosite address-netmask 212.19.198.1/24 port et.1.7 interface add ip lo0 address-netmask 212.19.192.1/30 bgp create peer-group webnet type external autonomous system 64901 bgp add peer-host 194.109.86.5 group webnet # # Create an aggregate route for 212.19.
BGP Configuration Guide BGP Configuration Examples Figure 16-10 shows a sample configuration that uses route reflection. AS-64900 AS-64902 192.68.222.1 R14 R8 192.68.20.2 EBGP Peer EBGP Peer AS-64901 192.68.20.1 R12 R9 R13 172.16.30.2 IBGP Cluster Client IBGP Cluster Client IBGP Cluster Client R11 R10 IBGP Non-Cluster Client Figure 16-10Sample BGP configuration (route reflection) In this example, there are two clusters.
BGP Configuration Examples BGP Configuration Guide Router R11 has router R12 and router R13 as client peers and router R10 as non-client peer. The following line in router R11’s configuration file specifies it to be a route reflector bgp set peer-group rtr11 reflector-client Even though the IBGP Peers are not fully meshed in AS 64901, the direct routes of router R14, that is, 192.68.222.
BGP Configuration Guide BGP Configuration Examples Notes on Using Route Reflection • Two types of route reflection are supported: - By default, all routes received by the route reflector from a client are sent to all internal peers (including the client’s group, but not the client itself). - If the no-client-reflect option is enabled, routes received from a route reflection client are sent only to internal peers that are not members of the client's group.
BGP Configuration Examples BGP Configuration Guide In Figure 16-11, R9 and R10 are included in AS 64706, which is a sub-AS of the confederation with the AS number 64705. R9 has the following CLI configuration: ip-router ip-router ip-router ip-router global global global global set set set set router-id 182.1.1.
BGP Configuration Guide BGP Configuration Examples In Figure 16-11, R11 and R12 are included in AS 64707, which is a sub-AS of the confederation with the AS number 64705. R11 has the following CLI configuration. ip-router ip-router ip-router ip-router global global global global set set set set router-id 186.1.1.
BGP Configuration Examples BGP Configuration Guide R13 has the following CLI configuration: ip-router global set router-id 13.1.1.1 ip-router global set autonomous-system 64902 ip-router global set trace-state on bgp create peer-group rtr12 type external autonomous-system 64705 bgp add peer-host 172.16.225.1 group rtr12 bgp start R8 has the following CLI configuration: ip-router global set autonomous-system 64901 ip-router global set router-id 134.141.178.
BGP Configuration Guide BGP Configuration Examples On R11, the same route is prepended with the sub-AS (64706) to which R10 belongs: r11# bgp show routes all BGP table : Local router ID is 186.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network ------*>3/8 172.16.224/24 * 172.16.225/24 Next Hop -------172.16.220.2 172.16.224.2 172.16.224.
BGP Configuration Examples 16.3.10 BGP Configuration Guide Route Map Example Figure 16-12 shows a simple BGP configuration in which routes received on R2 for the networks 15.4.0.0/16 and 15.5.0.0/16 are set with community IDs 1:1 and 1:2, respectively. The routes are exported to R8 with these community IDs. On R8, BGP routes with the specified community IDs are to be monitored via BGP accounting (see Section 16.3.11, "BGP Accounting Examples," for more information). AS-2 15.4.0.0/16 15.5.0.0/16 R2 15.
BGP Configuration Guide BGP Configuration Examples Router R8 has the following CLI configuration: ip-router global set autonomous-system 65100 ip-router policy create community-list 11 "1:1" ip-router policy create community-list 12 "1:2" route-map 11 permit 1 match-community-list 11 set-traffic-index 1 route-map 11 permit 2 match-community-list 12 set-traffic-index 2 bgp create peer-group ebgp autonomous-system 2 type external bgp add peer-host 15.2.1.
BGP Configuration Examples BGP Configuration Guide To enable BGP accounting on an interface, enter CLI commands like the following: ip enable bgp-actg-on int1 ip bgp-accounting start accounting To see the BGP accounting information: rs8# ip show interfaces all bgp-actg Interface:gitoy Bucket Packets Bytes 0 0 0 1 33760 2160640 2 33760 2160640 Note For BGP accounting to take effect, the RS must be selecting BGP for the route.
BGP Configuration Guide BGP Configuration Examples IBGP Accounting Example In the example below, routers R1 and R2 are running IBGP/RIP, so they exchange routes automatically. Customer traffic from 13.1.1.5 is being routed to the destination 14.1.1.1/16. The customer is connected to router R1 through the interface ’customerA.’ The route to 14.1.0.0/16 is a direct route on router R2 and is learned by R1, which sets the traffic index to 1. Enable accounting on this interface AS-1 Customer 13.1.1.5 13.1.1.
BGP Configuration Examples BGP Configuration Guide R1 has the following configuration: interface create ip toR2 address-netmask 12.1.1.1/16 port et.3.2 interface create ip customerA address-netmask 13.1.1.1/16 port et.3.1 ip enable bgp-actg-on customerA, ip bgp-accounting start accounting ip-router global set autonomous-system 1 ip-router global set router-id 10.50.7.1 bgp bgp bgp bgp bgp create peer-group ibgp type routing autonomous-system 1 add peer-host 12.1.1.
BGP Configuration Guide BGP Configuration Examples Use the bgp-actg option with the ip show interfaces command to display BGP accounting information for the interface. For example: rs# ip show interfaces customerA bgp-actg Interface:customerA Bucket Packets 0 0 1 111 Bytes 0 14430 BGP DSCP Accounting You can choose to have route-specific traffic statistics broken down by DSCP values.
BGP Configuration Examples BGP Configuration Guide Router R2 has the following CLI configuration: ip-router global set autonomous-system 2 bgp create peer-group tored type external autonomous-system 65100 bgp add peer-host 15.2.1.3 group tored bgp set preference 99 bgp start Router R8 has the following CLI configuration: ip-router global set autonomous-system 65100 route-map 1 permit 1 match-prefix network 15.4.0.0/16 set-traffic-index 10 route-map 1 permit 2 match-prefix network 15.5.0.
BGP Configuration Guide BGP Configuration Examples To view the BGP accounting information collected on R8: r8# ip show interfaces all bgp-actg Interface:int1 Bucket DSCP Packets 10 1 239376 10 2 239201 10 3 239001 10 4 238801 10 5 238601 10 6 238401 10 7 238597 10 8 238401 10 10 238254 10 17 238401 11 11 238189 11 15 237801 11 17 239206 11 20 239387 12 12 238176 12 14 237601 12 18 239001 Bytes 15320064 15308864 15296064 15283264 15270464 15257664 15270208 15257664 15248256 15257664 15244096 15219264 153
BGP Configuration Examples 16-50 Riverstone Networks RS Switch Router User Guide Release 8.
17 MPLS CONFIGURATION Multiprotocol Label Switching (MPLS) is a technology that enables routers to forward traffic based on a simple label embedded into the packet header. A router can simply examine the label to determine the next hop for the packet, rather than perform a much more complex route lookup on the destination IP address.While originally designed to speed up layer 3 routing of packets, label-based switching can provide other benefits to IP networks.
MPLS Architecture Overview 17.1 MPLS Configuration MPLS ARCHITECTURE OVERVIEW A forwarding equivalence class (FEC) is a group of IP packets that are forwarded over the same path with the same forwarding treatment.
MPLS Configuration MPLS Architecture Overview Network Layer Header MPLS Label of m to B ot Ex p er im en ta l St ac k Link Layer Header Label Time to Live 3 bits 1 bit 20 bits 8 bits 32 bits Figure 17-2 Encoding of an MPLS label A series of two or more MPLS labels, or a label stack, can be encoded after the data link and before the network layer header. The top label in the label stack appears earliest in the packet and the bottom label appears last, as shown in Figure 17-3.
MPLS Architecture Overview - MPLS Configuration swap the label at the top of the label stack with a new label, then add (push) a new label onto the label stack Label stacks allow for hierarchical routing operations: for example, packets can be routed within an ISP network as well as at a higher, domain level. This allows MPLS packets to be tunneled through backbone networks. For more information about using MPLS tunneling, see Section 17.1.5, "MPLS Tunnels.
MPLS Configuration 17.1.2 MPLS Architecture Overview Label Binding As mentioned previously, in a non-MPLS network the assignment or binding of a packet to an FEC is based solely on the destination IP address in the packet header. In an MPLS network, packets that belong to the same FEC follow the same path, although more than one FEC can be mapped to a single LSP.
MPLS Architecture Overview MPLS Configuration Label Distribution Protocols An LSP is defined by the set of labels from the ingress LSR to the egress LSR. When an LSR assigns a label to an FEC, it must let other LSRs in the path know about the label and its meaning. Label distribution protocols help to establish the LSP by providing a set of procedures that LSRs can use to distribute labels.
MPLS Configuration MPLS Architecture Overview Label Advertising Mode An LSR can advertise label bindings to its peers in one of two modes: • It can make an independent decision to bind a label to an FEC and distribute that binding to its peers—this is called independent mode. • It can bind a label to a particular FEC if it is the egress LSR for that route or if it has already received a label binding for that FEC from its next hop for the route—this is called ordered mode.
MPLS Architecture Overview MPLS Configuration Label Stack: 5 R1 22 26 29 7 7 7 R2 RA RB 7 RC R3 R4 Tunnel LSP label assigned label swapped, new label is pushed label swapped label swapped (Penultimate Hop in Tunnel) label stack is popped (Penultimate Hop in LSP) label stack is popped Figure 17-6 LSP tunneling R1 assigns the label “5” to packets for the LSP to R4. At R2, the label value is swapped from “5” to “7.
MPLS Configuration MPLS Architecture Overview Incoming Label Map (ILM) The ILM contains mappings of labels to output channels and ports. Each entry in the ILM provides an index into the OTT. When an MPLS labeled packet arrives at the RS, the router uses the top label to perform a lookup in the ILM table. From the ILM table entry, the RS determines the proper channel and port on which to forward the packet onto the LSP.
MPLS Architecture Overview • • • the END_OF_TUNNEL label is the only label on the label stack the ILM entry indicates that this node is at the end of the outermost MPLS domain the explicit null label (label value 0) is the only label on the stack 17-10 Riverstone Networks RS Switch Router User Guide Release 8.
MPLS Configuration 17.2 Enabling and Starting MPLS on the RS ENABLING AND STARTING MPLS ON THE RS You must enable and start MPLS on all routers and all router interfaces that may become part of an LSP. You must also enable and start either RSVP or LDP on the same routers and router interfaces2. When you enable MPLS and either RSVP or LDP on the RS, MPLS uses RSVP or LDP to set up the configured LSPs.
Enabling and Starting MPLS on the RS MPLS Configuration In the above example, RSVP is enabled on the interface ‘int1’. No RSVP processing occurs on the router until RSVP is started with the rsvp start command and no LSP creation occurs until MPLS is enabled and started. You can optionally configure RSVP, using the rsvp set commands, before starting RSVP. For more information about configuring RSVP, see Section 17.3, "RSVP Configuration.
MPLS Configuration 17.3 RSVP Configuration RSVP CONFIGURATION Network hosts use the Resource Reservation Protocol (RSVP) to request certain qualities of service from the network for application data flows. Routers also use RSVP to deliver quality of service (QoS) requests to all nodes on the path of a data flow, and to establish and maintain refresh states to provide the requested service. Resources, such as link bandwidth, are reserved on each node along a data path as a result of RSVP requests.
RSVP Configuration 17.3.1 MPLS Configuration Establishing RSVP Sessions RSVP includes the following types of messages: • Path messages travel from the potential sender of the data flow to the receiver and include traffic specifications and QoS requirements provided by the sender. Path messages establish the RSVP path between the sender and the path flow destination, storing a path state in each router along the way. The path state includes the unicast IP address of the previous hop.
MPLS Configuration RSVP Configuration Table 17-3 RSVP parameters on the RS Parameter Default Value Command to Change Default Value path refresh interval 30 seconds rsvp set global path-refresh-interval path multiplier 3 rsvp set global path-multiplier reservation refresh interval 30 seconds rsvp set global resv-refresh-interval reservation multiplier 3 rsvp set global resv-multiplier (Disabled) rsvp set interface hello-enable hello interval 3 seconds rsvp set global hello-in
RSVP Configuration MPLS Configuration The path-refresh-interval and resv-refresh-interval are the periods of time between the generation of successive refresh messages by an RSVP neighbor. The path-refresh-interval or resv-refresh-interval is set locally at each RSVP router; this value is sent to neighbor routers in Path and Resv messages, respectively. The receiving RSVP node uses the values contained in the messages to calculate the path-lifetime or resv-lifetime for the path or reservation state.
MPLS Configuration RSVP Configuration If an RSVP neighbor on the interface does not support hello packets, soft state timeouts are used to detect loss of state information. By default, RSVP hello packets are sent at 3-second intervals. You can change this interval with the rsvp set global hello-interval command. For example, the following command sets the sending of RSVP hello packets to 5-second intervals: rsvp set global hello-interval 5 By default, the RSVP hello multiplier is 3.
RSVP Configuration 17.3.5 MPLS Configuration Blockade Aging Interval A “killer reservation” situation occurs when an RSVP reservation request effectively denies service to any other request. For example, an RSVP node attempting (and failing) to make a large reservation can prevent smaller reservation requests from being forwarded and established. On the RS, when there is a reservation error, the offending request enters a blockade state for a predetermined amount of time.
MPLS Configuration RSVP Configuration If message aggregation is enabled on an interface, traffic headed to a specific destination is aggregated at 5-second intervals. You can change this interval with the rsvp set global bundle-interval command. For example, the following command sets RSVP message aggregation to 7-second intervals: rsvp set global bundle-interval 7 Message ID Extensions The RS supports message ID extensions, as defined by RFC 2961.
RSVP Configuration MPLS Configuration intervals. On the RS, the default interval for sending message acknowledgements is 1 second. You can change this interval with the rsvp set global msgack-interval command. For example, the following command sets the transmission of message acknowledgements to 3-second intervals: rsvp set global msgack-interval 3 17.3.
MPLS Configuration 17.4 LDP Configuration LDP CONFIGURATION LDP is a set of procedures and messages that allow LSRs to establish an LSP through a network by mapping network-layer routing information to data-link layer switched paths. The LSP can have an endpoint at a directly attached neighbor or it may have an endpoint at an egress LSR with switching enabled via transit LSRs.
LDP Configuration 17.4.2 MPLS Configuration Monitoring LDP Sessions In addition to discovering LDP peers, sending hello packets also allows LDP nodes to detect link or peer node failures. When LDP is started, the RS sends out LDP hello packets every 5 seconds by default. The hello message includes a hold time value that tells the router’s peers how long to wait for a hello message.
MPLS Configuration 17.4.3 LDP Configuration Remote Peers Note that only directly-connected peers are automatically discovered when LDP is started on the RS. If you need the router to establish LDP communications with an LSR that is not directly connected, use the ldp add remote-peer command to specify the router ID of the remote LSR. Note The router ID of the remote LDP peer must be the loopback address of the remote router.
LDP Configuration 17.4.5 MPLS Configuration MD5 Password Protection Since LDP uses TCP as its transport, you can use the IETF standard MD5 signature option to protect LDP session connections. Use the ldp set md5-password command to set an MD5 password on a per-router, per-interface, or per-peer basis. For example, the following command sets the MD5 password ‘p55717’ for LDP sessions with the peer 100.100.100.102: ldp set md5-password p55717 peer 100.100.100.
MPLS Configuration LDP Configuration The following shows LDP filter commands configured on the router rs1. The first command specifies that bindings for 6.6.6.6/32 from the neighbor router 6.6.6.6 are not to be used for LSP establishment. The second command allows all other bindings from the same neighbor router to be accepted and used for LSP establishment. Note that the more restrictive filter command has the lower sequence number and will be executed first.
LDP Configuration MPLS Configuration You can also define an LDP prefix filter with the ldp add prefix-filter command. Once defined, the prefix filter can be used in multiple LDP filter commands. For example, if you want to restrict both outgoing and incoming label requests for certain IP addresses, define an LDP prefix filter first. In the following example, the ldp add prefix-filter command defines a prefix filter for the host node 10.10.10.101.
MPLS Configuration 17.5 Configuring L3 Label Switched Paths CONFIGURING L3 LABEL SWITCHED PATHS The RS supports two basic types of LSPs: • Static LSPs require that you configure all routers and assign all labels in the path. This is similar to configuring static routes on the router, and there is no reporting of errors or statistics. MPLS must be enabled. No signaling protocol is used, so you do not need to enable RSVP or LDP.
Configuring L3 Label Switched Paths MPLS Configuration For example, the following command on a transit LSR looks at packets arriving on the interface MPLS-R2IN. Packets that have a label value of ‘50’ have their labels replaced by the value ‘100’ before they are sent to the next-hop IP address 20.1.1.2. mpls set interface MPLS-R2IN label-map 50 swap 100 next-hop 20.1.1.2 PHP LSR Configuration In a static LSP, the PHP LSR removes (pops) the label stack and then forwards the packet to the egress LSR.
MPLS Configuration Configuring L3 Label Switched Paths Timesaver Click on the router name (in blue) to see the corresponding configuration. IP traffic to 50.1/16 network R1 Egress LSR Intermediate/ PHP LSR Ingress LSR gi.1.1 10.1.1.1 gi.1.1 10.1.1.2 R2 gi.1.2 Label = 50 20.1.1.1 to 50.1/16 network gi.1.1 20.1.1.2 R3 gi.1.2 30.1.1.1 Label removed Figure 17-8 L3 static label switched path Router R1 has the CLI configuration shown below.
Configuring L3 Label Switched Paths MPLS Configuration At router R2, packets arriving on interface MPLS-R2IN that are labeled ‘50’ are assigned the label ‘100’ and forwarded to the next-hop router (R3) at 20.1.1.2. Note the mpls set interface command in the following configuration for R2: ! Create the MPLS interfaces on this router interface create ip MPLS-R2IN address-netmask 10.1.1.1/16 port. gi.1.1 interface create ip MPLS-R2OUT address-netmask 20.1.1.1/16 port gi.1.
MPLS Configuration Configuring L3 Label Switched Paths You can use the mpls show policy command to display information on MPLS policies. All configured policies are shown; policies that are applied to LSPs are shown to be “INUSE.” The following shows an example of the output from router R1; note that the policy ‘POL1’ is shown to be “INUSE.” R1# mpls show policy all Name Type Destination Port Source Port TOS Prot Use ----------- ---- --------------- ------ ------------- ------ --- ----- ----POL1 L3 50.1.
Configuring L3 Label Switched Paths MPLS Configuration information to each router in the LSP. In non-MPLS networks, explicit routing of packets requires the packet to carry the identity of the explicit route. With MPLS, it is possible to have packets follow an explicit route by having the label represent the route. With an explicit LSP, each LSR in the path does not independently choose the next hop. Explicit LSPs are useful for policy routing or traffic engineering.
MPLS Configuration Configuring L3 Label Switched Paths Configuring the LSP You can then specify the explicit path as the primary or secondary path for the LSP by specifying the parameter primary or secondary with the mpls set label-switched-path commands. For example, the mpls create label-switched-path command shown below creates an LSP L1 to the destination address 100.1.1.1.
Configuring L3 Label Switched Paths MPLS Configuration Table 17-7 LSP and explicit path parameters Parameter Description LSP Path exclude Exclude specified administrative groups. (For more detailed explanations of administrative groups and example configurations, see Section 17.7.1, "Administrative Groups.") X from Address of the local router (default is the local router ID). X hop-limit The maximum number of hops, including the ingress and egress LSR, allowed in this LSP. (See "Hop Limit".
MPLS Configuration Configuring L3 Label Switched Paths See "Dynamic L3 LSP Configuration Example" for details on how to configure a dynamic LSP on the RS. Adaptive LSP An LSP can be rerouted if the explicit path is reconfigured or unable to connect. When an LSP is rerouting, the existing path is torn down even if the new optimized route is not yet set up for traffic.
Configuring L3 Label Switched Paths MPLS Configuration If you are using IGP shortcuts, the LSP metric value can be added to other IGP metrics to determine the total cost of the path. IGP path and LSP metric values can be compared to determine the preferred path. For more information about using LSPs as IGP shortcuts, see Section 17.7.3, "IGP Shortcuts.
MPLS Configuration Configuring L3 Label Switched Paths Standby The secondary path is an alternate path to a destination and is only used if the primary path can no longer reach the destination. If the LSP switches from the primary to the secondary path, it will revert back to the primary when it becomes available. The switch from the primary to the secondary path can take awhile as timeouts and retries need to be exhausted.
Configuring L3 Label Switched Paths MPLS Configuration operates in standby mode. Both paths are configured to be adaptive; that is, during route recalculation, the LSP waits until the new optimized route is set up before tearing down the previous LSP. In this example, RSVP is the signaling protocol used (LDP can also be used, as traffic engineering is not being utilized). Additionally, a dynamic LSP will be configured from RS router R5 to the router JN1 and another from R6 to R7.
MPLS Configuration Configuring L3 Label Switched Paths The following is the configuration for router R5: ! Create interfaces interface interface interface interface create create create add ip ip 30net address-netmask 30.1.1.1/16 port et.1.2 ip 33net address-netmask 33.1.1.1/16 port et.1.5 ip 20net address-netmask 20.1.1.1/16 port et.5.1 lo0 address-netmask 98.1.1.1/16 ! Configure router ip-router global set autonomous-system 64977 ip-router global set router-id 98.1.1.
Configuring L3 Label Switched Paths The following is the configuration for router R6: ! Create interfaces interface create ip 30net address-netmask 30.1.1.2/16 port et.1.2 interface create ip 31net address-netmask 31.1.1.1/16 port et.1.3 interface create ip 99net address-netmask 99.1.1.1/16 port et.1.1 ! Configure router ip-router global set router-id 99.1.1.
MPLS Configuration Configuring L3 Label Switched Paths Dynamic and Static L3 LSP Configuration Example In Figure 17-10, R1 is the ingress LSR for both a dynamic LSP and a static LSP. The dynamic LSP has a primary path and one secondary path. Only traffic to the 150.10.0.0/16 network is forwarded on the dynamic LSP, while only traffic to the 160.10.0.0/16 network is forwarded on the static LSP; traffic filtering is performed by defining and applying different policies to the LSPs.
Configuring L3 Label Switched Paths MPLS Configuration R1 has the following configuration: ! Configure interfaces interface create ip R1R4 address-netmask 200.135.89.73/26 port gi.2.1 interface create ip R1R2 address-netmask 200.135.89.4/28 port gi.2.2 interface add ip lo0 address-netmask 1.1.1.1/16 mpls add interface all rsvp add interface all ! Configure OSPF ip-router global set router-id 1.1.1.1 ospf create area backbone ospf add interface R1R4 to-area backbone ospf add stub-host 1.1.1.
MPLS Configuration Configuring L3 Label Switched Paths R2 has the following configuration: ! Configure interfaces interface create ip R2R1 address-netmask 200.135.89.5/28 port gi.4.2 interface create ip R2R3 address-netmask 16.128.11.10/24 port gi.4.1 interface add ip lo0 address-netmask 2.2.2.2/16 mpls add interface all rsvp add interface all ! Configure OSPF ip-router global set router-id 2.2.2.2 ospf create area backbone ospf add interface R2R1 to-area backbone ospf add stub-host 2.2.2.
Configuring L3 Label Switched Paths R4 has the following configuration: ! Configure interfaces interface create ip R4R1 address-netmask 200.135.89.76/26 port gi.4.1 interface create ip R4R5 address-netmask 201.135.89.131/26 port gi.4.2 interface add ip lo0 address-netmask 4.4.4.4/16 mpls add interface all rsvp add interface all ! Configure OSPF ip-router global set router-id 4.4.4.4 ospf create area backbone ospf add interface R4R1 to-area backbone ospf add stub-host 4.4.4.
MPLS Configuration Configuring L3 Label Switched Paths The following is an example of the output of the mpls show label-switched-paths d1 command issued at R1. Note that the state of LSP ‘d1’ is “Up” and the label value 17 is assigned to outgoing packets on this LSP. R1# mpls show label-switched-paths d1 Ingress LSP: LSPname To d1 3.3.3.3 From 1.1.1.1 State LabelIn LabelOut Up 17 The following is an example of the output of the mpls show label-switched-paths d1 verbose command issued at R1.
Configuring L3 Label Switched Paths MPLS Configuration hop-limit: 255 opt-int: 0 sec. ott-index: 1 ref-count: 1 explicit-path: dp2l num-hops: 2 200.135.89.4 - loose 16.128.11.7 - loose If the link between R1 and R4 becomes unavailable, the configured primary path for the dynamic LSP cannot be used. The configured secondary path is then used for the LSP. A message like the following is displayed: 2001-04-06 16:13:24 %MPLS-I-LSPPATHSWITCH, LSP "d1" switching to Secondary Path "dp2l".
MPLS Configuration Configuring L3 Label Switched Paths attributes: <> Path-Signalling-Parameters: attributes: inherited-attributes: retry-limit: 5000 retry-int: 3 sec. retry-count: 5000 next_retry_int: 600 sec. bps: 20000000 preference: 7 hop-limit: 255 opt-int: 0 sec. ott-index: 1 ref-count: 1 explicit-path: dp2l num-hops: 2 200.135.89.4 - loose 16.128.11.7 - loose Riverstone Networks RS Switch Router User Guide Release 8.
Configuring L3 Label Switched Paths MPLS Configuration BGP Traffic over an LSP Configuration Example In traditional BGP networks, BGP must be run on every router in order to provide packet forwarding. If BGP routing information is not propagated to all routers, including backbone routers, packets may not be able to be routed to their BGP destinations. You can run MPLS in a BGP network to remove BGP routing from backbone routers.
MPLS Configuration Note Configuring L3 Label Switched Paths By default, routes are automatically advertised between EBGP peers. However, routes are not automatically advertised between IBGP multihop peers. Therefore, in the example configuration, you need to configure routes from AS63498 and AS 65498 to be redistributed to the IBGP peers in AS 64498. The following is the configuration for R7: ! Configure interfaces interface create ip rt7-rt3 address-netmask 137.1.1.7/24 port et.1.
Configuring L3 Label Switched Paths MPLS Configuration R3 is the both the ingress LSR for the LSP to R6 and the egress LSR for the LSP from R6. The following is the configuration for R3: ! Configure interfaces interface create ip rt3-rt7.mp address-netmask 137.2.2.3/24 port et.7.8 interface create ip rt3-rt1.mp address-netmask 113.2.2.3/24 port gi.3.1 interface add ip lo0 address-netmask 3.3.3.3/32 ! Configure BGP ip-router global set router-id 3.3.3.
MPLS Configuration Configuring L3 Label Switched Paths R1 is the transit LSR for the LSPs from R3 to R6 and from R6 to R3. The following is the configuration for R1: ! Configure interfaces interface create ip rt1-rt3.mp address-netmask 113.2.2.1/24 port gi.3.2 interface create ip rt1-rt6.mp2 address-netmask 116.3.3.1/24 port gi.3.1 interface add ip lo0 address-netmask 1.1.1.1/32 ! Configure OSPF ip-router global set router-id 1.1.1.1 ospf create area backbone ospf add stub-host 1.1.1.
Configuring L3 Label Switched Paths MPLS Configuration R6 is the both the ingress LSR for the LSP to R3 and the egress LSR for the LSP from R3.The following is the configuration for R6: ! Configure interfaces interface create ip rt6-rt9 address-netmask 169.1.1.6/24 port et.7.2 interface create ip rt6-rt1.mp2 address-netmask 116.3.3.6/24 port gi.4.2 ! Configure BGP interface add ip lo0 address-netmask 6.6.6.6/32 ip-router global set router-id 6.6.6.
MPLS Configuration Configuring L3 Label Switched Paths MPLS with CMTS for Multiple ISPs Configuration Example Utilizing MPLS technology, Multiple Service Operators (MSOs) can dedicate LSPs to each supported ISP, allowing subscribers to be separated onto appropriate pipelines. Differentiating ISP traffic enables ISPs and MSOs to deliver value-added services, such as tailored service level agreements (SLAs) to each individual subscriber and improved voice-based technologies.
Configuring L3 Label Switched Paths Note MPLS Configuration The configuration examples shown in this section are for Riverstone’s DOCSIS 1.0 CMTS hardware and software. See Chapter 7, "CMTS Configuration Guide" for more information about configuring CMTS on RS routers. The following is the configuration for R1: ! Configure CMTS cmts set headend cm.15.1 hashed-auth-str xBFakK cmts set uschannel cm.15.1 upstream 1-4 state on cmts set relay-agent interface cmts giaddr 160.10.1.
MPLS Configuration Configuring L3 Label Switched Paths mpls set label-switched-path dynamic1MSO policy MSO150 ! Create LSP for AT&T ISP mpls create label-switched-path dynamic3ATT to 3.3.3.3 no-cspf mpls set label-switched-path dynamic3ATT primary dp1 mpls create policy ATT12 src-ipaddr-mask 160.12.0.0/16 mpls set label-switched-path dynamic3ATT policy ATT12 ! Create LSP for AOL ISP mpls create label-switched-path dynamic2AOL to 3.3.3.3 no-cspf mpls create policy AOL11 src-ipaddr-mask 160.11.0.
Configuring L3 Label Switched Paths MPLS Configuration rsvp add interface R2toR3 rsvp start The following is the configuration for R3: ! Configure VLAN vlan create MSOPROVISIONING port-based id 100 vlan add ports et.3.1 to MSOPROVISIONING ! Configure interfaces interface create ip R3toR2 address-netmask 220.1.1.1/16 port gi.12.1 interface create ip MSOPROVISIONING address-netmask 150.10.1.13/16 vlan MSOPROVISIONING interface add ip lo0 address-netmask 3.3.3.
MPLS Configuration Configuring L3 Label Switched Paths mpls set label-switched-path dynamic2.2AOL primary dp1.2 mpls set label-switched-path dynamic2.2AOL policy AOL11.2 ! Create LSP for AT&T ISP mpls create label-switched-path dynamic3.2ATT to 1.1.1.1 no-cspf mpls create policy ATT12.2 dst-ipaddr-mask 160.12.0.0/16 mpls set label-switched-path dynamic3.2ATT primary dp1.2 mpls set label-switched-path dynamic3.2ATT policy ATT12.
Configuring L3 Label Switched Paths MPLS Configuration option routers 160.10.1.1; option time-servers 150.10.1.2; option ntp-servers 150.10.1.2; next-server 150.10.1.2; option time-offset -25200; } shared-network MULTIPLE-ISP { #AOL #ip-range 160.11.1.10-160.11.5.254 subnet 160.11.0.0 netmask 255.255.0.0 { option routers 160.10.1.1; option domain-name-servers xxx.xxx.xxx.xxx; option domain-name "AOL.com" } host AOL1 { hardware ethernet 00:e0:6f:02:f5:09; fixed-address 160.11.1.
MPLS Configuration Configuring L3 Label Switched Paths 2. Open the properties for the scope. 3. Click the Advanced tab. 4. Select the Make this scope a secondary check box. 5. In the Primary scope field, select the scope that you want to designate as the primary. (This must be one of the other scopes for the server.) 6. Click OK. 7. Reload the DHCP server. Riverstone Networks RS Switch Router User Guide Release 8.
Configuring L2 Tunnels 17.6 MPLS Configuration CONFIGURING L2 TUNNELS Riverstone’s layer-2 (L2) MPLS implementation supports the encapsulation and transport of L2 Protocol Data Units (PDUs) across an MPLS network, as described in the Martini Internet-Draft. This feature allows you to use MPLS labels, instead of network layer encapsulation, to tunnel L2 frames across a backbone MPLS network. For metro service providers, this has many important benefits: • Scalability of 802.1q and IP VPN services.
MPLS Configuration Configuring L2 Tunnels This section describes how to configure the ingress, transit, and egress LSRs for a static L2 LSP, as shown in Figure 17-13. Ingress LSR gi.2.1 R1 Transit LSR gi.3.1 gi.4.1 R2 Egress LSR gi.5.1 gi.6.1 Label = 200 Label = 100 R3 gi.7.1 Label removed Figure 17-13 Static L2 path (unidirectional) Ingress LSR Configuration To configure an L2 static path on R1: 1.
Configuring L2 Tunnels MPLS Configuration Transit LSR Configuration In a static L2 LSP, transit LSRs can change (swap) the label value at the top of the label stack. Use the mpls set portlist command to configure the static L2 LSP on the RS.
MPLS Configuration Configuring L2 Tunnels Timesaver Click on the router name (in blue) to see the corresponding configuration Label removed gi.2.1 Label = 201 R1 gi.3.1 gi.4.1 Label = 101 R2 gi.5.1 gi.6.1 Label = 200 Label = 100 R3 gi.7.1 Label removed L2 Static Paths: TO-R3 TO-R1 Figure 17-14 Static L2 paths (bi-directional) Router R1 has the following configuration: ! Create L2 static path TO-R3 mpls create l2-policy P1 dst-mac any src-mac 000000:01e000 vlan 1 in-port-list gi.2.
Configuring L2 Tunnels MPLS Configuration Router R3 has the following configuration: ! Create L2 static path TO-R1 mpls create l2-policy P2 src-mac any dst-mac 000000:01e000 vlan 1 in-port-list gi.7.1 out-port-list gi.6.1 mpls create l2-static-path TO-R1 next-hop-mac 000285:057900 push 101 mpls set l2-static-path TO-R1 policy P2 ! Configure egress LER for L2 static path TO-R3 mpls set portlist in-port-list gi.6.
MPLS Configuration 17.6.2 Configuring L2 Tunnels Configuring Dynamic L2 Labels In Figure 17-15, layer-2 frames are received at the ingress LSR R1, then transmitted to the egress LSR R2 across an MPLS network through a tunnel LSP. At the ingress LSR, a virtual circuit (VC) label is added to the L2 frame. The VC label is used to inform the egress LSR how to treat the received packet and the interface on which the frame is to be output.
Configuring L2 Tunnels Note MPLS Configuration The MTU size for MPLS ports must be at least 22 bytes more than the MTU size of incoming non-MPLS traffic; additional bytes are required for multiple labels. The default maximum transmission unit (MTU) size for non-MPLS ports on the RS is 1522 bytes. The default MTU size for ports on MPLS-enabled line cards on the RS is 1568 bytes, which allows for multiple MPLS labels).
MPLS Configuration 3. - If you are using the VLAN ID as the FEC, specify the vlan option with the ldp add l2-fec command. - If you are using the incoming port as the FEC, specify the customer-id option with the ldp add l2-fec command. - If you are using a combination of VLAN ID and incoming port as the FEC, specify both the vlan and customer-id options with the ldp add l2-fec command. Configure the LDP-signaling VLAN and interface.
Configuring L2 Tunnels MPLS Configuration L2 Tunneling Based on VLAN ID Configuration Examples The FEC-to-label binding for a virtual circuit can be based on the VLAN ID assigned to a customer by a service provider. Figure 17-16 shows a customer VLAN with an ID of 100, and another customer VLAN with an ID of 200. The VLANs are mapped to VC labels that are distributed via LDP. LDP-signaling VLANs carry the signaling necessary to establish the LDP connection.
MPLS Configuration Configuring L2 Tunnels ! Configure the LDP peers and label bindings ldp ldp ldp ldp ldp add interface lo0 add remote-peer 111.1.1.3 adds R3 as LDP peer add l2-fec vlan 100 to-peer 111.1.1.3 sends label mapping for VLAN ID 100 to R3 add l2-fec vlan 200 to-peer 111.1.1.3 sends label mapping for VLAN ID 200 to R3 start ! Create the LDP-signaled VLAN and interface vlan create ldp_in port-based id 110 vlan add ports gi.4.1 to ldp_in interface create ip to_r2_1 address-netmask 200.1.1.
Configuring L2 Tunnels MPLS Configuration ! If tunnel LSP uses RSVP: mpls mpls mpls rsvp rsvp rsvp add interface add interface start add interface add interface start to_r1 to_r3 to_r1 to_r3 ! If tunnel LSP uses LDP: mpls add interface to_r1 mpls add interface to_r3 mpls start ldp add interface to_r1 ldp add interface to_r3 ldp start ! Configure IGP (in this example, OSPF is the IGP) ip-router global set router-id 111.1.1.
MPLS Configuration Configuring L2 Tunnels ! Create the LDP-signaling VLAN and interface vlan create ldp_in1 port-based id 120 vlan add ports gi.3.2 to ldp_in1 interface create ip to_r2 address-netmask 220.1.1.
Configuring L2 Tunnels MPLS Configuration Figure 17-17 shows two VLANs, with sites that are connected to routers R1, R3, and R5. The VLANs are mapped to VC labels that are distributed via LDP. The tunnel LSPs can use either LDP or RSVP as the signaling protocol; configuration commands for RSVP tunnel signaling are shown for this example. Timesaver Click on the router name (in blue) to see the corresponding configuration. Customer VLAN 100 Customer VLAN 100 Customer VLAN 200 R2 R1 gi.4.1 gi.14.1 gi.
MPLS Configuration Note Configuring L2 Tunnels If you configure more than one tunnel LSP to the same destination, you can specify the preferred LSP to be used with the transport-lsp option of the ldp set l2-fec command. You can also specify if an alternate LSP can be used. The transport-lsp option of the ldp set l2-fec command allows you to assign a specific LSP to specific customer traffic. This provides a way to offer different LSP services to different customers.
Configuring L2 Tunnels MPLS Configuration mpls set path to_rs5_primary ip-addr 220.1.1.2 type strict hop 3 ! Configure tunnel LSP to R3 with explicit path p1 mpls create label-switched-path to_rs3_rsvp to 111.1.1.3 no-cspf preference 10 mpls set label-switched-path to_rs3_rsvp primary p1 no-cspf retry-interval 5 mtu 1000 ! Configure tunnel LSP to R5 mpls create label-switched-path to_rs5_rsvp to 111.1.1.5 no-cspf mpls create policy dip_to_rs5 dst-ipaddr-mask 152.1.0.
MPLS Configuration Configuring L2 Tunnels ospf add interface all to-area backbone ospf add stub-host 111.1.1.2 to-area backbone cost 5 ospf start ! Configure MPLS mpls add interface to_rs1 mpls add interface to_rs3 mpls start ! Configure RSVP rsvp add interface to_rs1 rsvp add interface to_rs3 rsvp start Two LSPs are configured on R3: one is from R3 to R5, while the other is from R3 to R1 and restricted to traffic destined for the 124.2.0.0/16 subnet.
Configuring L2 Tunnels MPLS Configuration ! Create tunnel LSP to R1 mpls create label-switched-path to_rs1_rsvp to 111.1.1.1 no-cspf mpls create policy dip_to_rs1 dst-ipaddr-mask 124.2.0.0/16 mpls set label-switched-path to_rs1_rsvp policy dip_to_rs1 ! Create tunnel LSP to R5 mpls create label-switched-path to_rs5_rsvp to 111.1.1.
MPLS Configuration Configuring L2 Tunnels ! Configure RSVP rsvp add interface to_rs3 rsvp add interface to_rs5 rsvp start Two LSPs are configured on R5. The LSP from R5 to R1 is configured with a loose explicit path of 2 hops and is restricted to traffic destined for the 124.2.0.0/16 subnet. The LSP from R5 to R3 is configured with a primary and secondary path.
Configuring L2 Tunnels MPLS Configuration mpls set path to_rs3_primary ip-addr 110.1.1.1 type strict hop 3 ! Create explicit path to_rs3_secondary to R3 mpls create path to_rs3_secondary num-hops 5 mpls set path to_rs3_secondary ip-addr 220.1.1.2 type strict hop 1 mpls set path to_rs3_secondary ip-addr 220.1.1.1 type strict hop 2 mpls set path to_rs3_secondary ip-addr 201.1.1.1 type strict hop 3 mpls set path to_rs3_secondary ip-addr 200.1.1.2 type strict hop 4 mpls set path to_rs3_secondary ip-addr 210.
MPLS Configuration Configuring L2 Tunnels ! Configure LDP ldp add interface lo0 adds R1 as LDP peer adds R3 as LDP peer to-peer 111.1.1.3 send VLAN 100 mapping to R3 to-peer 111.1.1.3 send VLAN 200 mapping to R3 to-peer 111.1.1.1 send VLAN 100 mapping to R1 to-peer 111.1.1.1 send VLAN 200 mapping to R1 ldp add remote-peer 111.1.1.1 ldp add remote-peer 111.1.1.
Configuring L2 Tunnels MPLS Configuration L2 Tunneling Based on Ports Configuration Examples The FEC-to-label binding for a virtual circuit can be based on the port on which traffic arrives. One or more incoming ports are mapped to a logical customer ID number, which is then mapped to an FEC. In Figure 17-18, ports gi.6.1 on R1 and gi.12.1 on R3 are mapped to customer ID 1. Ports gi.3.1 on R1 and gi.13.1 on R3 are mapped to customer ID 2.
MPLS Configuration Configuring L2 Tunnels ! Create the LDP-signaling VLAN and interface vlan create ldp_in port-based id 110 vlan add ports gi.4.1 to ldp_in interface create ip to_r2_1 address-netmask 200.1.1.
Configuring L2 Tunnels MPLS Configuration ! If tunnel LSP uses LDP: mpls add interface to_r1 mpls add interface to_r3 mpls start ldp add interface to_r1 ldp add interface to_r3 ldp start ! Configure IGP (in this example, OSPF is the IGP) ip-router global set router-id 111.1.1.2 ospf create area backbone ospf add interface all to-area backbone ospf add stub-host 111.1.1.
MPLS Configuration Configuring L2 Tunnels ! If tunnel LSP uses LDP: mpls add interface to_r2 mpls start ldp add interface to_r2 ldp start ! Configure IGP (in this example, OSPF is the IGP) ip-router global set router-id 111.1.1.3 ospf create area backbone ospf add interface to_r2 to-area backbone ospf add stub-host 111.1.1.3 to-area backbone cost 5 ospf start Riverstone Networks RS Switch Router User Guide Release 8.
Configuring L2 Tunnels MPLS Configuration In Figure 17-19, ports gi.6.2, gi.2.1, and gi.5.1 on R1, port gi.15.1 on R3, and port gi.12.2 on R5 are mapped to customer ID 10. The customer IDs are mapped to VC labels that are distributed via LDP. The tunnel LSPs can use either LDP or RSVP as the signaling protocol; configuration commands for RSVP tunnel signaling are shown for this example. Note The ports that are mapped to a single customer ID number must be either all trunk ports or all access ports.
MPLS Configuration Configuring L2 Tunnels Two LSPs are configured on R1. The LSP from R1 to R5 is configured with a strict explicit path of 3 hops (R1, R6, and R5) and is restricted to traffic destined for the 152.1.0.0/16 subnet. The LSP from R1 to R3 is configured with a loose explicit path of 2 hops. The following is the configuration for R1: ! Configure VLANs and interfaces customer ports must be trunk ports for 802.1q packets vlan make trunk-port gi.6.2 customer ports must be trunk ports for 802.
Configuring L2 Tunnels MPLS Configuration mpls set label-switched-path to_rs5_rsvp primary to_rs5_primary no-cspf retry-interval 5 preference 30 ! Start MPLS mpls start ! Configure RSVP rsvp add interface to_rs2_1 rsvp add interface to_rs2_second rsvp start ! Configure LDP ldp add interface lo0 ldp map ports gi.6.2 customer-id 10 map ports to customer-id 10 ldp map ports gi.2.1 customer-id 10 ldp map ports gi.5.1 customer-id 10 ldp add remote-peer 111.1.1.
MPLS Configuration Configuring L2 Tunnels rsvp add interface to_RS3 rsvp start Two LSPs are configured on R3: one is from R3 to R5, while the other is from R3 to R1 and is restricted to traffic destined for the 124.2.0.0/16 subnet. The following is the configuration for R3: ! Configures VLANs and interfaces vlan make trunk-port gi.15.1 customer ports must be trunk ports for 802.1q packets vlan create ldp_if1 id 120 vlan create ip_ldp port-based id 175 vlan add ports gi.12.
Configuring L2 Tunnels ldp add l2-fec customer-id 10 to-peer 111.1.1.5 MPLS Configuration send customer-id mapping to R5 ldp start R4 is a transit LSR with interfaces to R3 and R5. The following is the configuration for R4: ! Configure VLANs and interfaces vlan create rsvp_vlan1 ip id 140 vlan add ports gi.3.2 to rsvp_vlan1 interface create ip to_rs3 address-netmask 110.1.1.2/16 port gi.3.1 interface create ip to_rs5 address-netmask 100.1.1.
MPLS Configuration Configuring L2 Tunnels ! Configure OSPF ip-router global set router-id 111.1.1.5 ospf create area backbone ospf add interface lo0 to-area backbone ospf add interface to_rs6 to-area backbone ospf add stub-host 111.1.1.
Configuring L2 Tunnels MPLS Configuration rsvp add interface to_rs6 rsvp add interface to_rs4 rsvp start ! Configure LDP ldp add interface lo0 map port gi.12.2 to customer-id 10 adds R1 as LDP peer to-peer 111.1.1.1 send customer-id mapping to R1 adds R3 as LDP peer to-peer 111.1.1.3 send customer-id mapping to R3 ldp map ports gi.12.2 customer-id 10 ldp add remote-peer 111.1.1.1 ldp add l2-fec customer-id 10 ldp add remote-peer 111.1.1.
MPLS Configuration Configuring L2 Tunnels L2 Tunneling Based on VLAN ID and Port Configuration Examples The FEC-to-label binding for a virtual circuit can be based on both a customer-specified VLAN ID and the port on which the traffic arrives. Each combination of VLAN ID and logical customer ID (which represents the incoming port) is mapped to a single FEC. Figure 17-20 shows two VLANs with sites that are connected to routers R1 and R3. Port gi.6.1 on R1 and gi.12.1 on R3 provide access for the VLANs.
Configuring L2 Tunnels MPLS Configuration ! Configure the LDP peers and label bindings ldp ldp ldp ldp add add map add interface lo0 remote-peer 111.1.1.3 adds R3 as LDP peer ports gi.6.1 customer-id 10 maps port gi.6.1 to customer-id 50 l2-fec customer-id 10 vlan 100 to-peer 111.1.1.3 sends label mapping for customer-id 10/VLAN ID 100 to R3 ldp add l2-fec customer-id 10 vlan 200 to-peer 111.1.1.
MPLS Configuration Configuring L2 Tunnels ! If tunnel LSP uses RSVP: mpls mpls mpls rsvp rsvp rsvp add interface add interface start add interface add interface start to_r1 to_r3 to_r1 to_r3 ! If tunnel LSP uses LDP: mpls add interface to_r1 mpls add interface to_r3 mpls start ldp add interface to_r1 ldp add interface to_r3 ldp start ! Configure IGP (in this example, OSPF is the IGP) ip-router global set router-id 111.1.1.
Configuring L2 Tunnels MPLS Configuration ! Configure LDP peers and label bindings ldp ldp ldp ldp add add map add interface lo0 remote-peer 111.1.1.1 adds R1 as LDP peer ports gi.12.1 customer-id 10 maps port gi.12.1 to customer-id 10 l2-fec customer-id 10 vlan 100 to-peer 111.1.1.1 sends label mapping for customer-id 10/VLAN 100 to R1 ldp add l2-fec customer-id 10 vlan 200 to-peer 111.1.1.
MPLS Configuration Configuring L2 Tunnels Figure 17-21 shows two VLANs (with IDs 50 and 60) that enter R1 on port gi.2.2. VLAN 50 traffic enters R3 on port gi.15.1, while VLAN 60 traffic enters R5 on port gi.6.2. The VLAN ID/port combinations are mapped to VC labels that are distributed via LDP. The tunnel LSPs can use either LDP or RSVP as the signaling protocol; configuration commands for RSVP tunnel signaling are shown for this example. Timesaver Customer VLAN 50 Customer VLAN 60 gi.2.
Configuring L2 Tunnels MPLS Configuration vlan add ports gi.4.2 to ldp_in2 vlan add ports gi.4.1 to ldp_in vlan add ports gi.2.2 to to_rs3_only vlan add ports gi.2.2 to to_rs5_only interface create ip to_rs2 address-netmask 200.1.1.1/16 vlan ldp_in interface create ip to_rs6 address-netmask 201.1.1.1/16 vlan ldp_in2 LDP-signaling VLAN interface LDP-signaling VLAN interface interface add ip lo0 address-netmask 111.1.1.1/32 ! Configure OSPF ip-router global set router-id 111.1.1.
MPLS Configuration Configuring L2 Tunnels rsvp start ! Configure LDP ldp add interface lo0 maps port gi.2.2 to customer-id 20 adds R3 as LDP peer adds R5 as LDP peer vlan 50 to-peer 111.1.1.3 sends label mapping for customer-id 20/VLAN ldp map ports gi.2.2 customer-id 20 ldp add remote-peer 111.1.1.3 ldp add remote-peer 111.1.1.5 ldp add l2-fec customer-id 20 50 to R3 ldp add l2-fec customer-id 20 vlan 60 to-peer 111.1.1.
Configuring L2 Tunnels MPLS Configuration Two LSPs are configured on R3: one is from R3 to R5, while the other is from R3 to R1 and restricted to traffic destined for the 124.2.0.0.16 subnet. The following is the configuration for R3: ! Create VLANs and interfaces vlan create ldp_if1 id 120 vlan create ip_ldp port-based id 175 vlan create to_rs1_only ip id 50 vlan add ports gi.12.2 to ip_ldp vlan add ports gi.12.1 to ldp_if1 vlan add ports gi.15.
MPLS Configuration Configuring L2 Tunnels R4 is a transit LSR with interfaces to R3 and R5. The following is the configuration for R4: ! Create VLANs and interfaces vlan create rsvp_vlan1 ip id 140 vlan add ports gi.3.2 to rsvp_vlan1 interface create ip to_rs3 address-netmask 110.1.1.2/16 port gi.3.1 interface create ip to_rs5 address-netmask 100.1.1.2/16 vlan rsvp_vlan1 interface add ip lo0 address-netmask 111.1.1.4/32 ! Configure OSPF ip-router global set router-id 111.1.1.
Configuring L2 Tunnels MPLS Configuration ospf add stub-host 111.1.1.5 to-area backbone cost 5 ospf add interface to_rs4 to-area backbone ospf start ! Configure MPLS mpls add interface to_rs6 mpls add interface to_rs4 ! Create explicit path to_rs3_primary to R3 mpls create path to_rs3_primary num-hops 3 mpls set path to_rs3_primary ip-addr 100.1.1.1 type strict hop 1 mpls set path to_rs3_primary ip-addr 100.1.1.2 type strict hop 2 mpls set path to_rs3_primary ip-addr 110.1.1.
MPLS Configuration Configuring L2 Tunnels map port gi.6.2 to customer-id 20 adds R1 as LDP peer vlan 60 to-peer 111.1.1.1 sends label mapping for customer-id 20/VLAN ldp map ports gi.6.2 customer-id 20 ldp add remote-peer 111.1.1.1 ldp add l2-fec customer-id 20 60 to R1 ldp start R6 is a transit LSR with interfaces to R1 and R5. The following is the configuration for R6: ! Configure VLANs and interfaces vlan create ip_signal ip id 12 vlan add ports gi.4.1,gi.5.
Traffic Engineering 17.7 MPLS Configuration TRAFFIC ENGINEERING One of the most important applications of MPLS is traffic engineering. Traffic engineering allows you to optimize the utilization of network resources and traffic performance throughout a network.
MPLS Configuration Traffic Engineering To set up administrative groups, do the following: 1. Create the administrative groups with the mpls create admin-group command. Assign each group a decimal value between 1-32. You must create identical group names and assign the same value to each group on all routers in the MPLS domain. For example: mpls create admin-group sector1 group-value 1 2. Assign one or more groups to an interface with the mpls set interface command.
Traffic Engineering MPLS Configuration The mpls show interface command shows the interfaces configured on an RS and the administrative group, if any, that is applied to an interface. For example, in the following output the administrative group sector1 is applied to the interfaces R2R3 and R2R1b: rs# mpls show interface all Interface State Administrative groups lo Up lo Up R2R3 Up sector1 R2R1 Up R2R1b Up sector1 17.7.
MPLS Configuration Traffic Engineering Constrained Path Selection Configuration Example for OSPF Traffic Engineering The following example illustrates constrained path selection based on an administrative group with OSPF as the IGP. The same administrative group must be configured on all routers in the LSP. In the example shown in Figure 17-22, the administrative group ‘SKY’ with a value of 7 is created on all LSRs and applied to the following interfaces: R1R2b on R1, R2R1b and R2R3 on R2, and R3R2 on R3.
Traffic Engineering MPLS Configuration ! Configure LSP with admin-group constraint (do not specify no-cspf parameter) mpls create label-switched-path LSP1 to 3.3.3.3 include sky !Enable and start MPLS and RSVP mpls mpls rsvp rsvp rsvp add interface R1R2 start add interface R1R2 add interface R1R2b start The following is the configuration for R2: ! Create interfaces interface interface interface interface create create create add ip ip R2R1 address-netmask 16.128.11.7/24 port gi.6.
MPLS Configuration Traffic Engineering The following is the configuration for R3: ! Create interfaces interface create ip R3R2 address-netmask 201.135.89.195/26 port gi.1.2 interface add ip lo0 address-netmask 3.3.3.3/16 ! Configure OSPF ip-router global set router-id 3.3.3.3 ospf create area backbone ospf add stub-host 3.3.3.
Traffic Engineering MPLS Configuration On R1, the mpls show label-switched-paths command with the verbose option displays the selected path in the cspf-path section (shown in bold in the example output below). Note that the hops are the interfaces where the administrative group SKY is applied on the routers: R1# mpls show label-switched-paths LSP1 verbose Label-Switched-Path: LSP1 to: 3.3.3.3 state: Up proto: setup-pri: 7 attributes: <> from: 1.1.1.
MPLS Configuration Traffic Engineering Constrained Path Selection Configuration Example for IS-IS Traffic Engineering The following examples shows the configuration of two constrained path LSPs from R1 to R4: • • LSP1 includes the administrative group ‘red’ LSP2 includes the administrative group ‘green’ and the bandwidth constraint of 8 megabits per second IS-IS is the IGP running on all routers in the network. IS-IS MD5 authentication is also configured.
Traffic Engineering isis add interface lo0 isis add interface to-R2 isis set system-id 13.1313.1313.
MPLS Configuration Traffic Engineering ip-router authentication create key-chain test1 key ed301c4c0a9b1171 type primary id 255 (key is encrypted) isis add area 53.da05 isis add interface lo0 isis add interface to-R3 isis add interface to-R5 isis add interface to-R1 isis set system-id 12.1212.1212.
Traffic Engineering MPLS Configuration ! Create interfaces interface add ip lo0 address-netmask 15.15.15.15/32 interface create ip to-R2 address-netmask 192.1.1.15/24 vlan to-R2 interface create ip to-R5 address-netmask 187.1.1.15/16 vlan to-R5 interface create ip to-R4 address-netmask 185.1.1.15/16 vlan to-R4 ! Configure IS-IS ip-router global set router-id 15.15.15.15 ip-router authentication create key-chain test1 key ed301c4c0a9b1171 id 255 type primary (key is encrypted) isis add area 53.
MPLS Configuration Traffic Engineering vlan create 53net ip vlan add ports et.13.22 to 53net vlan make trunk-port et.14.23 ! Create interfaces interface create ip to-R3 address-netmask 185.1.1.24/16 vlan to-R3 interface create ip to-R3 address-netmask 185.1.1.24/16 port et.16.23 interface create ip 53net address-netmask 53.1.1.22/16 vlan 53net ! Configure IS-IS ip-router global set router-id 124.124.124.
Traffic Engineering MPLS Configuration ! Create interfaces interface create ip to-R2 address-netmask 186.1.1.26/8 vlan to-R2 interface create ip to-R3 address-netmask 187.1.1.26/16 vlan to-R3 ! Configure IS-IS ip-router global set router-id 126.126.126.126 ip-router authentication create key-chain test1 key ed301c4c0a9b1171 type primary id 255 (key is encrypted) isis add area 53.da05 isis add interface lo0 isis add interface to-R2 isis add interface to-R3 isis set level 1 isis set system-id 26.2626.2626.
MPLS Configuration Traffic Engineering Path-Signalling-Parameters: attributes: <> inherited-attributes: <> retry-limit: 5000 retry-int: 3 sec. retry-count: 5000 next_retry_int: 0.000000 sec. bps: 0 preference: 7 hop-limit: 255 opt-int: 600 sec. ott-index: 3 ref-count: 1 mtu: 0 cspf-path: num-hops: 4 153.1.1.13 - strict 153.1.1.12 - strict 192.1.1.15 - strict 185.1.1.24 - strict include: red record-route: 153.1.1.12 192.1.1.15 185.1.1.
Traffic Engineering MPLS Configuration 185.1.1.24 - strict include: green record-route: 153.1.1.12 186.1.1.26 187.1.1.15 185.1.1.24 The following command shows the IS-IS adjacencies on R1: R1# isis show adjacencies Adjacencies Interface System State Level Hold(s) SNPA to-R2 R2 up L1 9 802.2 0:0:0:a3:62:61 The following command shows the IS-IS traffic engineering database on R1: R1# isis show ted TED database: NodeID: R2(12.12.12.12) Age: 1099 secs Protocol: IS-IS(1) To: 1212.1212.
MPLS Configuration Color: Traffic Engineering 0x2 Static BW: 100 Mbps Reservable BW: 100 Mbps Available BW [priority]: [0] 100 Mbps [1] 100 Mbps [2] 100 Mbps [3] 100 Mbps [4] 100 Mbps [5] 100 Mbps [6] 100 Mbps [7] 100 Mbps NodeID: 1212.1212.1212.0b00 Age: 1081 secs Protocol: IS-IS(1) To: 1313.1313.1313.00 To: 1212.1212.1212.00 NodeID: 1212.1212.1212.0d00 Age: 1076 secs Protocol: IS-IS(1) To: 1515.1515.1515.00 To: 1212.1212.1212.00 NodeID: 1212.1212.1212.
Traffic Engineering To: MPLS Configuration 1515.1515.1515.06, Local: 187.1.1.15 Color: 0x8 Static BW: 20 Mbps Reservable BW: 20 Mbps Available BW [priority]: [0] 20 Mbps [1] 20 Mbps [2] 20 Mbps [3] 20 Mbps [4] 20 Mbps [5] 20 Mbps [6] 20 Mbps [7] 20 Mbps To: 1212.1212.1212.0d, Local: 192.1.1.15, Remote: 192.1.1.
MPLS Configuration Traffic Engineering Available BW [priority]: To: [0] 12 Mbps [1] 12 Mbps [2] 12 Mbps [3] 12 Mbps [4] 12 Mbps [5] 12 Mbps [6] 12 Mbps [7] 12 Mbps 1212.1212.1212.0e, Local: 186.1.1.26, Remote: 186.1.1.12 Color: 0x8 Static BW: 20 Mbps Reservable BW: 20 Mbps Available BW [priority]: 17.7.
Traffic Engineering MPLS Configuration IS-IS IGP Shortcuts Example Refer to the example routing network shown in Figure 17-23. On R1, packets for the destination 53.1.0.0/16 (on R4) use the gateway IP address 153.1.1.12 as the immediate next-hop. In the routing table display on R1 shown below, the entry for destination 53.1.0.0/16 is shown in bold: R1# ip show routes Destination Gateway Owner Netif ----------- ------- ----- ----- 10.61.0.0/16 directly connected - en0 12.12.12.12 153.1.1.
MPLS Configuration Traffic Engineering Now, the routing table on R1 includes the constrained path LSPs configured in "Constrained Path Selection Configuration Example for IS-IS Traffic Engineering". Packets to the destination 53.1.0.0/16, as well as other destinations, can be forwarded using the LSPs LSP1 or LSP2, as shown in the routing table display below: R1# ip show routes Destination Gateway Owner Netif ----------- ------- ----- ----- 10.61.0.0/16 directly connected - en0 12.12.12.
Traffic Engineering MPLS Configuration Advertising IGP Shortcuts IGP shortcuts need to be advertised so that other routers in the autonomous system can calculate paths that use the LSP. You advertise these shortcuts with the isis add label-switched-path command for IS-IS networks and with the ospf add label-switched-path command for OSPF networks. Note Each LSP is advertised as a unidirectional, point-to-point link.
18 ROUTING POLICY CONFIGURATION The RS family of routers supports extremely flexible routing policies.
Preference Routing Policy Configuration Table 18-1 Default preference values Preference Defined by CLI Command Default Direct connected networks ip-router global set interface 0 OSPF routes ospf 10 Static routes from config ip add route 60 RIP routes rip set preference 100 Point-to-point interface 110 Routes to interfaces that are down ip-router global set interface down-preference 120 Aggregate/generate routes aggr-gen 130 OSPF AS external routes ospf set ase-defaults preference
Routing Policy Configuration Preference In some cases, a combination of the associated attributes can be specified to identify the routes to be imported. Note It is quite possible for several BGP import policies to match a given update. If more than one policy matches, the first matching policy will be used. All later matching policies will be ignored. For this reason, it is generally desirable to order import policies from most to least specific.
Preference Routing Policy Configuration Export-Destination This component specifies the destination where the routes are to be exported. It also specifies the attributes associated with the exported routes. The interface, gateway, or the autonomous system to which the routes are to be redistributed are a few examples of export-destinations. The metric, type, tag, and AS-Path are a few examples of attributes associated with the exported routes.
Routing Policy Configuration Preference A route will match the most specific filter that applies. Specifying more than one filter with the same destination, mask, and modifiers generates an error. There are three possible formats for a route filter. Not all of these formats are available in all places. In most cases, it is possible to associate additional options with a filter.
Preference • Routing Policy Configuration Route-Filter Aggregate-Destination This component specifies the aggregate/summarized route. It also specifies the attributes associated with the aggregate route. The preference to be associated with an aggregate route can be specified using this component. Aggregate-Source This component specifies the source of the routes contributing to an aggregate/summarized route.
Routing Policy Configuration Configuring Simple Routing Policies Authentication Methods There are two main authentication methods: Simple Password In this method, an authentication key of up to 8 characters is included in the packet. If this does not match what is expected, the packet is discarded. This method provides little security, as it is possible to learn the authentication key by watching the protocol packets.
Configuring Simple Routing Policies Routing Policy Configuration The general syntax of the redistribute command is as follows: ip-router policy redistribute from-proto to-proto [network [exact|refines|between ]] [metric |restrict] [source-as ] [target-as ] The from-proto parameter specifies the protocol of the source routes.
Routing Policy Configuration Configuring Simple Routing Policies To redistribute direct routes, enter one of the following commands in Configure mode: To redistribute direct routes into RIP. ip-router policy redistribute from-proto direct to-proto rip network all To redistribute direct routes into OSPF. ip-router policy redistribute from-proto direct to-proto ospf network all 18.2.
Configuring Simple Routing Policies 18.2.6 Routing Policy Configuration Redistributing Aggregate Routes The aggregate parameter causes an aggregate route with the specified IP address and subnet mask to be redistributed. Note The aggregate route must first be created using the aggr-gen command. This command creates a specified aggregate route for routes that match the aggregate.
Routing Policy Configuration Configuring Simple Routing Policies !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.190.1.2 ip add route 160.1.5.0/24 gateway 120.190.1.
Configuring Simple Routing Policies 18.2.8 Routing Policy Configuration Simple Route Redistribution Example: Redistribution into OSPF For all examples given in this section, refer to the configurations shown in Figure 18-2.
Routing Policy Configuration Note Configuring Advanced Routing Policies The network parameter specifying the network-filter is optional. The default value for this parameter is all, indicating all networks. Since in the above example, we would like to export all static and direct routes into OSPF, we have not specified this parameter. Exporting All RIP, Interface & Static Routes to OSPF Note Also export interface, static, RIP, OSPF, and OSPF-ASE routes into RIP.
Configuring Advanced Routing Policies Routing Policy Configuration Import policies control the importation of routes from routing protocols and their installation in the routing database (Routing Information Base and Forwarding Information Base). Import policies determine which routes received from other systems are used by the RS routing process. Using import policies, it is possible to ignore route updates from an unreliable peer and give better preference to routes learned from a trusted peer. 18.3.
Routing Policy Configuration 18.3.2 Configuring Advanced Routing Policies If specified, is the identifier of the route-filter associated with this export-policy. If there is more than one route-filter for any export-destination and export-source combination, then the ip-router policy export destination source command should be repeated for each .
Configuring Advanced Routing Policies Routing Policy Configuration After you create one or more building blocks, they are tied together by the ip-router policy import command. To create route import policies, enter the following command in Configure mode: Create an import policy.
Routing Policy Configuration Configuring Advanced Routing Policies • Aggregate-Destination - This component specifies the aggregate/summarized route. It also specifies the attributes associated with the aggregate route. The preference to be associated with an aggregate route can be specified using this component. • Aggregate-Source - This component specifies the source of the routes contributing to an aggregate/summarized route.
Configuring Advanced Routing Policies 18.3.9 Routing Policy Configuration Creating an Aggregate Source To create an aggregate source, enter the following command in Configure mode: Create an aggregate source. ip-router policy create aggr-gen-source protocol 18.3.10 Import Policies Example: Importing from RIP The importation of RIP routes may be controlled by any of protocol, source interface, or source gateway.
Routing Policy Configuration Configuring Advanced Routing Policies ) ( ! % ( ' " $ Figure 18-1 Exporting to RIP The configuration commands shown below for router R1: • • • Determine the IP address for each interface.
Configuring Advanced Routing Policies Routing Policy Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.4 interface create ip to-r42 address-netmask 140.1.2.
Routing Policy Configuration 2. Configuring Advanced Routing Policies Create a RIP import source with the gateway as 140.1.1.41 since we would like to import all routes except the 10.51.0.0/16 route from this gateway. ip-router policy create rip-import-source ripImpSrc144 gateway 140.1.1.41 3. Create the Import-Policy, importing all routes except the 10.51.0.0/16 route from gateway 140.1.1.41.
Configuring Advanced Routing Policies Routing Policy Configuration For all examples in this section, refer to the configuration shown in Figure 18-2. 18-22 Riverstone Networks RS Switch Router User Guide Release 8.
Routing Policy Configuration • Configuring Advanced Routing Policies Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.
Configuring Advanced Routing Policies 18.3.12 Routing Policy Configuration Export Policies Example: Exporting to RIP Exporting to RIP is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) to most specific (gateway). It is not possible to set metrics for exporting RIP routes into RIP. Attempts to do this are silently ignored. If no export policy is specified, RIP and interface routes are exported into RIP.
Routing Policy Configuration Configuring Advanced Routing Policies ! RIP Interface Configuration. Create a RIP interfaces, and set ! their type to (version II, multicast).
Configuring Advanced Routing Policies 5. Routing Policy Configuration Create the export-policy redistributing the statically created default route, and all (RIP, Direct) routes into RIP.
Routing Policy Configuration 5. Configuring Advanced Routing Policies Create the Export-Policy redistributing the statically created default route, and all (RIP, Direct) routes into RIP.
Configuring Advanced Routing Policies 5. Routing Policy Configuration Create the Export-Policy, redistributing all static routes reachable over interface 130.1.1.1 and all (RIP, Direct) routes into RIP.
Routing Policy Configuration 5. Configuring Advanced Routing Policies Create a Aggregate export source since we would to export/redistribute an aggregate/summarized route. ip-router policy create aggr-export-source aggrExpSrc 6. Create a RIP export source since we would like to export RIP routes. ip-router policy create rip-export-source ripExpSrc 7. Create a Direct export source since we would like to export Direct routes. ip-router policy create direct-export-source directExpSrc 8.
Configuring Advanced Routing Policies Routing Policy Configuration For all examples in this section, refer to the configuration shown in Figure 18-2. The following configuration commands for router R1: • • • Determine the IP address for each interface Specify the static routes configured on the router Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces.
Routing Policy Configuration 2. Configuring Advanced Routing Policies Create a OSPF export destination for type-2 routes since we would like to redistribute certain routes into OSPF as type 2 OSPF-ASE routes. ip-router policy create ospf-export-destination ospfExpDstType2 type 2 metric 4 3. Create a Static export source since we would like to export static routes. ip-router policy create static-export-source statExpSrc 4.
Configuring Advanced Routing Policies 1. Routing Policy Configuration Enable RIP on interface 120.190.1.1/16. rip add interface 120.190.1.1 rip set interface 120.190.1.1 version 2 type multicast 2. Create a OSPF export destination for type-1 routes. ip-router policy create ospf-export-destination ospfExpDstType1 type 1 metric 1 3. Create a OSPF export destination for type-2 routes. ip-router policy create ospf-export-destination ospfExpDstType2 type 2 metric 4 4.
Routing Policy Configuration 7. Configuring Advanced Routing Policies Create a Direct export source. ip-router policy create direct-export-source directExpSrc 8. Create the Export-Policy for redistributing all interface, RIP and static routes into OSPF.
Configuring Advanced Routing Policies 18-34 Riverstone Networks RS Switch Router User Guide Release 8.
19 MULTICAST ROUTING CONFIGURATION Multicast routing on the RS is supported through DVMRP and IGMP. IGMP is used to determine host membership on directly attached subnets. DVMRP is used to determine forwarding of multicast traffic between RS’s.
Configuring IGMP Multicast Routing Configuration DVMRP uses the Reverse Path Multicasting (RPM) algorithm to perform pruning. In RPM, a source network rather than a host is paired with a multicast group. This is known as an (S,G) pair. RPM permits the RS to maintain multiple (S,G) pairs. On the RS, DVMRP can be configured on a per-interface basis. An interface does not have to run both DVMRP and IGMP. You can start and stop DVMRP independently from other multicast routing protocols.
Multicast Routing Configuration 19.3.2 Configuring IGMP Configuring IGMP Query Interval You can configure the RS with a different IGMP Host Membership Query time interval. The interval you set applies to all ports on the RS. The default query time interval is 125 seconds. To configure the IGMP host membership query time interval, enter the following command in Configure mode: Configure the IGMP host membership query time interval. igmp set queryinterval 19.3.
Configuring DVMRP Multicast Routing Configuration To configure a static IGMP group on an interface, enter the following command in Configure mode: # ' *
Multicast Routing Configuration Configuring DVMRP To configure neighbor timeout or prune time, enter one of the following commands in Configure mode: Configure the DVMRP neighbor timeout. dvmrp set interface neighbor-timeout Configure the DVMRP prune time. 19.4.4 dvmrp set interface prunetime Configuring the DVMRP Routing Metric You can configure the DVMRP routing metric associated with a set of destinations for DVMRP reports. The default metric is 1.
Monitoring IGMP & DVMRP Multicast Routing Configuration To prevent the RS from forwarding any data destined to a scoped group on an interface, enter the following command in the Configure mode: Configure the DVMRP scope. 19.4.6 dvmrp set interface scope Configuring a DVMRP Tunnel The RS supports DVMRP tunnels to the MBONE (the multicast backbone of the Internet). You can configure a DVMRP tunnel on a router if the other end is running DVMRP.
Multicast Routing Configuration Configuration Example Show information about multicasts registered by IGMP. l2-tables show igmp-mcast-registration Show IGMP status on a VLAN. l2-tables show vlan-igmp-status Show all multicast Source, Group entries. mulitcast show cache Show all interfaces running multicast protocols (IGMP, DVMRP). multicast show interfaces Show all multicast routes. multicast show mroutes 19.6 CONFIGURATION EXAMPLE The following is a sample RS configuration for DVMRP and IGMP.
Configuration Example ! Set IGMP Query Interval ! igmp set queryinterval 30 ! ! Enable DVMRP ! dvmrp enable interface 10.135.89.10 dvmrp enable interface 172.1.1.10 dvmrp enable interface 207.135.122.11 dvmrp enable interface 207.135.89.64 dvmrp enable interface 10.40.1.10 ! ! Set DVMRP parameters ! dvmrp set interface 172.1.1.10 neighbor-timeout 200 ! ! Start DVMRP ! dvmrp start 19-8 Riverstone Networks RS Switch Router User Guide Release 8.
20 IP POLICY-BASED FORWARDING CONFIGURATION You can configure the RS to route IP packets according to policies that you define. IP policy-based routing allows network managers to engineer traffic to make the most efficient use of their network resources. IP policies forward packets based on layer-3 or layer-4 header information.
Configuring IP Policies 20.1.1 IP Policy-Based Forwarding Configuration Defining an ACL Profile An ACL profile specifies the criteria packets must meet to be eligible for IP policy routing. You define profiles with the acl command. For IP policy routing, the RS uses the packet-related information from the acl command and ignores the other fields. For example, the following acl command creates a profile called “prof1” for telnet packets going from network 9.1.0.0 to network 15.1.0.
IP Policy-Based Forwarding Configuration Configuring IP Policies Creating Multi-Statement IP Policies An IP policy can contain more than one ip-policy statement. For example, an IP policy can contain one statement that sends all packets matching a profile to one next-hop gateway, and another statement that sends packets matching a different profile to a different next-hop gateway.
Configuring IP Policies IP Policy-Based Forwarding Configuration Verifying Next-Hop Gateways The ip-policy set pinger on command can be used to check the availability of next-hop gateways by periodically querying them with ICMP_ECHO_REQUESTS. Only gateways that respond to these requests are used for forwarding packets.
IP Policy-Based Forwarding Configuration IP Policy Configuration Examples Application verification, whether a simple TCP handshake or a user-defined action-response check, involves opening and closing a connection to a next-hop gateway. Some applications require specific commands for proper closure of the connection. For example, a connection to an SMTP server application should be closed with the “quit” command. You can configure the RS to send a specific string to close a connection on a server.
IP Policy Configuration Examples 20.2.1 IP Policy-Based Forwarding Configuration Routing Traffic to Different ISPs Sites that have multiple Internet service providers can create IP policies that cause different user groups to use different ISPs. You can also create IP policies to select service providers based on various traffic types. In the sample configuration in Figure 20-1, the policy router is configured to divide traffic originating within the corporate network between different ISPs (100.1.1.
IP Policy-Based Forwarding Configuration 20.2.2 IP Policy Configuration Examples Prioritizing Service to Customers An ISP can use policy-based routing on an access router to supply different customers with different levels of service. The sample configuration in Figure 20-2 shows an RS using an IP policy to classify customers and route traffic to different networks based on customer type. ISP High-Cost, High Availability Network 100.1.1.1 Premium Customer 10.50.*.* et.1.1 Policy Router et.1.
IP Policy Configuration Examples 20.2.3 IP Policy-Based Forwarding Configuration Authenticating Users through a Firewall You can define an IP policy that authenticates packets from certain users via a firewall before accessing the network. If, for some reason the firewall is not responding, the packets to be authenticated are dropped. Figure 20-3 illustrates this kind of configuration. Firewall contractors 10.50.1.0/24 11.1.1.1 Policy 12.1.1.1 Router Router Rout- Servers full-timers 10.50.2.
IP Policy-Based Forwarding Configuration 20.2.4 IP Policy Configuration Examples Firewall Load Balancing Figure 20-4 shows a simplified example of firewall load balancing. This example shows how to provide protection from a complete firewall failure, but it does not show how to protect against asymmetrical paths if a single link failure occurs. FireWall 1 13.1.1.4 15.1.1.3 20.1.1.1/24 Server 1 Policy Router 1 Policy Router 2 13.1.1.3 15.1.1.4 192.168.1.1/24 Virtual IP Addresses: 12.1.1.1:21 12.1.
IP Policy Configuration Examples IP Policy-Based Forwarding Configuration On Policy Router 1, an ACL profile allows traffic from the clients to the virtual IP addresses of the server (12.1.1.0/24). IP policy configuration will distribute the traffic across the two next hops (the firewalls) based on a hashing of the source IP address (the client’s address, as provided by DHCP). The following is the configuration for Policy Router 1 in Figure 20-4.
IP Policy-Based Forwarding Configuration Monitoring IP Policies On Policy Router 2, load balancing groups an ACL profile allows traffic to pass to the clients. IP policy configuration will distribute the traffic across the two next hops (the firewalls) based on a hashing of the destination IP address (the client’s address). The following is the configuration for Policy Router 2 in Figure 20-4. ! Create server VLAN vlan create vServices ip id 10 vlan add ports et.1.1 to vServices vlan add ports et.1.
Monitoring IP Policies IP Policy-Based Forwarding Configuration For example, to display information about an active IP policy called “p1”, enter the following command in Enable mode: rs# ip-policy show policy-name p1 -------------------------------------------------------------------------------IP Policy name : p1 Applied Interfaces : int1 Load Policy : first available ACL --prof1 prof2 everything Source IP/Mask -------------9.1.1.5/32 2.2.2.2/32 anywhere Dest. IP/Mask ------------15.1.
IP Policy-Based Forwarding Configuration Monitoring IP Policies 14. The number of packets that have matched the profile since the IP policy was applied (or since the ip-policy clear command was last used) 15. The method by which IP policies are applied with respect to dynamic or statically configured routes; possible values are Policy First, Policy Only, or Policy Last. 16. The list of next-hop gateways in effect for the policy statement. 17.
Monitoring IP Policies 20-14 Riverstone Networks RS Switch Router User Guide Release 8.
21 NETWORK ADDRESS TRANSLATION CONFIGURATION Network Address Translation (NAT) allows an IP address used within one network to be translated into a different IP address used within another network. NAT is often used to map addresses used in a private, local intranet to one or more addresses used in the public, global Internet.
Forcing Flows through NAT 21.1.1 Network Address Translation Configuration Setting Inside and Outside Interfaces When NAT is enabled, address translation is only applied to those interfaces which are defined to NAT as “inside” or “outside” interfaces. NAT only translates packets that arrive on a defined inside or outside interface. To specify an interface as inside (local) or outside (global), enter the following command in Configure mode. Define an interface as inside or outside for NAT.
Network Address Translation Configuration Managing Dynamic Bindings You force address translation of all flows to and from the inside local pool by entering the following command in Configure mode. Force all flows to and from local address pool to be translated. 21.3 nat set secure-plus on|off MANAGING DYNAMIC BINDINGS As mentioned previously, dynamic address bindings expire only after a period of non-use or when they are manually deleted.
NAT and ICMP Packets Network Address Translation Configuration You create NAT dynamic bindings for DNS by entering the following command in Configure mode. Enable NAT with dynamic address binding for DNS query/reply. nat create dynamic local-acl-pool global-pool DNS packets that contain addresses that match the ACL specified by outside-local-acl-pool are translated using local addresses allocated from inside-global-pool.
Network Address Translation Configuration Monitoring NAT If PAT is enabled, NAT checks packets for the FTP PORT command. If a packet is to be translated (as determined by the ACL specified for the dynamic address binding), NAT creates a dynamic binding for the PORT command. An outside host will only see a global IP address in an FTP response and not the local IP address. 21.7 MONITORING NAT To display NAT information, enter the following command in Enable mode. Display NAT information. 21.
Configuration Examples 2. Network Address Translation Configuration Next, define the interfaces to be NAT “inside” or “outside”: nat set interface 10-net inside nat set interface 192-net outside 3. Then, define the NAT static rules: nat create static protocol ip local-ip 10.1.1.2 global-ip 192.50.20.2 Using Static NAT Static NAT can be used when the local and global IP addresses are to be bound in a fixed manner.
Network Address Translation Configuration 21.8.2 Configuration Examples Dynamic Configuration The following example configures a dynamic address binding for inside addresses 10.1.1.0/24 to outside address 192.50.20.0/24: 2* * . ( * ) / % ) $ / % % * ! / % 0 ' F ? / %A ' $ F ? $ / %A Figure 21-2 Dynamic address binding configuration 1.
Configuration Examples Network Address Translation Configuration Using Dynamic NAT Dynamic NAT can be used when the local network (inside network) is going to initialize the connections. It creates a binding at run time when a packet is sent from a local network, as defined by the NAT dynamic local ACl pool.
Network Address Translation Configuration 3. Configuration Examples Then, define the NAT dynamic rules by first creating the source ACL pool and then configuring the dynamic bindings: acl lcl permit ip 10.1.1.0/24 nat create dynamic local-acl-pool lcl global-pool 192.50.20.1-192.50.20.3 enable-ip-overload Using Dynamic NAT with IP Overload Dynamic NAT with IP overload can be used when the local network (inside network) will be initializing the connections using TCP or UDP protocols.
Configuration Examples 1. Network Address Translation Configuration The first step is to create the interfaces: interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1 interface create ip 192-net address-netmask 192.50.20.1/24 port et.2.2 2. Next, define the interfaces to be NAT “inside” or “outside”: nat set interface 10-net inside nat set interface 192-net outside 3.
Network Address Translation Configuration 21.8.5 Configuration Examples Dynamic NAT with Outside Interface Redundancy The following example configures a dynamic address binding for inside addresses 10.1.1.0/24 to outside addresses 192.50.20.0/24 on interface 192-net and to outside addresses 201.50.20.0/24 on interface 201-net: 2* * .
Configuration Examples 3. Network Address Translation Configuration Then, define the NAT dynamic rules by first creating the source ACL pool and then configuring the dynamic bindings: acl lcl permit ip 10.1.1.0/24 nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24 matching-interface 192-net nat create dynamic local-acl-pool lcl global-pool 210.50.20.
22 WEB HOSTING CONFIGURATION Accessing information on websites for both work or personal purposes is becoming a normal practice for an increasing number of people. For many companies, fast and efficient web access is important for both external customers who need to access the company websites, as well as for users on the corporate intranet who need to access Internet websites.
Load Balancing 22.1.1 Web Hosting Configuration Creating the Server Group To use load balancing, you create a logical group of load balancing servers and define a virtual IP address that the clients will use to access the server pool. The following example configures the “abccompany-www” load balancing group: rs(config)# load-balance create group-name abccompany-www virtual-ip 207.135.89.
Web Hosting Configuration Load Balancing There are several configurable levels of session persistence: • TCP persistence: a binding is determined by the matching the source IP/port address as well as the virtual destination IP/port address. For example, requests from the client address of 134.141.176.10:1024 to the virtual destination address 207.135.89.16:80 is considered one session and would be directed to the same load balancing server (for example, the server with IP address 10.1.1.1).
Load Balancing Web Hosting Configuration The following example adds servers to the “abccompany-www” load balancing group: rs(config)# load-balance add host-to-group 10.1.1.1-10.1.1.4 group-name abccompany-www port 80 You can add backup servers to a load balancing group by specifying the status backup parameter in the load-balance add host-to-group command.
Web Hosting Configuration 22.1.4 Load Balancing Optional Group or Server Operating Parameters The load-balance set server-options command and load-balance set group-options command have several parameters that affect the operations of individual servers or the entire group of load balancing servers. In many cases, there are default parameter values and you only need to specify a different value if you wish to change the default operation.
Load Balancing Web Hosting Configuration Checking Servers and Applications The RS automatically performs the following types of verification for the attached load balancing servers/applications: • Verifies the state of the server by sending a ping to the server at 5-second intervals. If the RS does not receive a reply from a server after four ping requests, the server is considered to be “down.
Web Hosting Configuration Load Balancing Verifying Extended Content (Comprehensive Server Checking) You can also have the RS verify the content of an application on one or more load balancing servers. For this type of verification, specify the following: • A string that the RS sends to a single server or to the group of load balancing servers. The string can be a simple HTTP command to get a specific HTML page.
Load Balancing Web Hosting Configuration The following example sets the status of port 80 at address 135.142.179.14 to up: rs # load-balance set server-status server-ip 135.142.179.14 server-port 80 group-name engservers status up 22.1.7 Load Balancing and FTP File Transfer Protocol (FTP) packets require special handling with load balancing, because the FTP packets contain IP address information within the data portion of the packet.
Web Hosting Configuration Load Balancing For VSRP to run properly, configure the same load balancing group on the two RS’s. (Note that the group’s configuration on both RS’s should be exactly the same.) Then, enter the load-balance create state-mirror-peer command and the load-balance add group-for-mirroring command on both RS’s. VSRP Example The group www.fast.net is configured on two RS’s. The IP address of RS A is 100.1.1.1 and the IP address of RS B is 100.1.1.2.
Load Balancing 22.1.11 Web Hosting Configuration Displaying Load Balancing Information To display load balancing information, enter the following commands in Enable mode: Show the groups of load balancing servers. load-balance show virtual-hosts [group-name ][virtual-ip ][virtual-port |ip] Show source-destination bindings.
Web Hosting Configuration Load Balancing Web Hosting with One Virtual Group and Multiple Destination Servers In the following example, a company web site is established with a URL of www.abccompany.com. The system administrator configures the networks so that the RS forwards web requests among four separate servers, as shown below. 4 J* ' ' * 4 J* ) 6 * ! .
Load Balancing Web Hosting Configuration The following is an example of how to configure a simple verification check where the RS will issue an HTTP command to retrieve an HTML page and check for the string “OK”: load-balance set group-options abccompany-www acv-command “GET /test.html” acv-reply “OK” read-till-index 25 The read-till-index option is not necessary if the file test.html contains “OK” as the first two characters.
Web Hosting Configuration Load Balancing The network shown above can be created with the following load-balance commands: load-balance protocol tcp load-balance protocol tcp load-balance protocol tcp load-balance load-balance load-balance create group-name quick-www virtual-ip 207.135.89.16 virtual-port 80 create group-name quick-ftp virtual-ip 207.135.89.16 virtual-port 21 create group-name quick-smtp virtual-ip 207.135.89.16 virtual-port 25 add host-to-group 10.1.1.
Load Balancing Web Hosting Configuration The following example illustrates this. " D )* , E 4 J* .
Web Hosting Configuration Load Balancing Session and Netmask Persistence In the following example, traffic to a company web site (www.abccompany.com) is distributed between two separate servers. In addition, client traffic will have two separate ranges of source IP addresses. The same load balancing server will handle requests from clients of the same source IP subnet address. " * . / % (/ * ) ) H * ) " * (/ .
Load Balancing Web Hosting Configuration Load Balancing with NAT In the following example, several services (including DNS) are distributed between two separate servers. Occasionally, the load balancing server will need to make its own DNS request to the Internet in order to resolve a client’s DNS request. Network Address Translation (NAT) on the RS allows the load balancing servers to use a “global” IP address for Internet requests.
Web Hosting Configuration Web Caching The network shown in the example can be created with the following commands: ! create the load-balance load-balance load-balance load balancing group 'service2' with virtual IP address 135.1.1.1 create group-name service2 virtual-ip 135.1.1.1 protocol udp add host-to-group 10.1.1.1-10.1.1.
Web Caching Web Hosting Configuration Creating the Cache Group You can specify either a range of contiguous IP addresses or a list of up to four IP addresses to define the servers when the cache group is created. If you specify multiple servers, load balancing is based on the destination address of the request. If any cache server fails, traffic is redirected to the other active servers.
Web Hosting Configuration 22.2.2 Web Caching Configuration Example In the following example, a cache group of seven local servers is configured to store Web objects for users in the local network: # " . ED E$ ED E$ " .
Web Caching Web Hosting Configuration In the preceding example, a bypass list for testweb1 is created. The list has an address range of 135.142.179.14 to 135.142.179.21. HTTP requests for these sites will not be redirected Proxy Server Redundancy Some networks use proxy servers that receive HTTP requests on a non-standard port number (i.e., not port 80). When the proxy server is available, all HTTP requests are handled by the proxy server.
Web Hosting Configuration Web Caching • weighted round robin, a variation of the round-robin policy where the RS selects the cache server according to its assigned weight • weighted hash. When you select either weighted round robin or weighted hash, you will need to specify the weight of the server group with the web-cache set server-options command.
Web Caching 22.2.4 Web Hosting Configuration Monitoring Web-Caching To display Web-caching information, enter the following commands in Enable mode. Show information for all caching policies and all server lists. web-cache show all Show caching policy information. web-cache show cache-name |all Show cache server information. web-cache show servers cache |all Show statistics for the specified cache policy.
23 IPX ROUTING CONFIGURATION The Internetwork Packet Exchange (IPX) is a datagram connectionless protocol for the Novell NetWare environment. You can configure the RS for IPX routing and SAP. Routers interconnect different network segments and by definitions are network layer devices. Thus routers receive their instructions for forwarding a packet from one segment to another from a network layer protocol. IPX, with the help of RIP and SAP, perform these Network Layer Task.
SAP (Service Advertising Protocol) 23.2 IPX Routing Configuration SAP (SERVICE ADVERTISING PROTOCOL) SAP provides routers with a means of exchanging internetwork service information. Through SAP, servers advertise their services and addresses. Routers gather this information and share it with other routers. This allows routers to create and dynamically maintain a database of internetwork service information. SAP allows a router to exchange information with a neighboring SAP agent.
IPX Routing Configuration Note Configuring IPX Interfaces and Parameters Interfaces bound to a single port go down when the port goes down but interfaces bound to a VLAN remain up as long as at least one port in that VLAN remains active. The procedure for creating an IPX interface depends on whether you are binding that interface to a single port or a VLAN. Separate discussions on the different procedures follow. Note 23.3.4 You cannot assign IPX interfaces for LAN and WAN to the same VLAN.
Configuring IPX Interfaces and Parameters IPX Routing Configuration To configure a secondary address on an IPX interface, enter the following command in Configure mode: Add a secondary address and encapsulation type to an existing IPX interface. Note 23.4.3 interface add ipx address output-mac-encapsulation Configuring a secondary address on an IPX interface requires updated RS hardware.
IPX Routing Configuration Configuring IPX Routing Configure 802.3 IPX encapsulation. interface create ipx output-mac-encapsulation ethernet_802.3 Configure 802.2 IPX encapsulation. interface create ipx output-mac-encapsulation ethernet_802.2_ipx 23.5 CONFIGURING IPX ROUTING By default, IPX routing is enabled on the RS. 23.5.1 Enabling IPX RIP IPX RIP is enabled by default on the RS.
Configuring IPX Routing IPX Routing Configuration To add an entry into the Server Information Table, enter the following command in Configure mode: Add a SAP table entry. ipx add sap 23.5.5 Controlling Access to IPX Networks To control access to IPX networks, you create access control lists and then apply them with filters to individual interfaces.
IPX Routing Configuration Configuring IPX Routing Creating an IPX Type 20 Access Control List IPX type 20 access control lists control the forwarding of IPX type 20 packets. To create an IPX type 20 access control list, enter the following command in Configure mode: Create an IPX type 20 access control list. acl permit|deny ipxtype20 Creating an IPX SAP Access Control List IPX SAP access control lists control which SAP services are available on a server.
Monitoring an IPX Network IPX Routing Configuration Creating an IPX RIP Access Control List IPX RIP access control lists control which RIP updates are allowed. To create an IPX RIP access control list, perform the following task in the Configure mode: Create an IPX RIP access control list. acl permit|deny ipxrip Once an IPX RIP access control list has been created, you must apply the access control list to an IPX interface.
IPX Routing Configuration • • • Configuration Examples Adds a RIP access list Adds a SAP access list Adds a GNS access list ! Create interface ipx1 with ipx address AAAAAAAA interface create ipx ipx1 address AAAAAAAA port et.1.1 output-mac-encapsulation ethernet_802.2_IPX ! ! Create interface ipx2 with ipx address BBBBBBBB interface create ipx ipx2 address BBBBBBBB port et.1.2 output-mac-encapsulation ethernet_802.
Configuration Examples 23-10 Riverstone Networks RS Switch Router User Guide Release 8.
24 ACCESS CONTROL LIST CONFIGURATION This chapter explains how to configure and use Access Control Lists (ACLs) on the RS. ACLs are lists of selection criteria for specific types of packets. When used in conjunction with certain RS functions, ACLs allow you to restrict Layer-3/4 traffic going through the router. This chapter contains the following sections: • • Section 24.1, "ACL Basics," explains how ACLs are defined and how the RS evaluates them. • Section 24.
ACL Basics Access Control List Configuration The selection criteria you can specify in an ACL rule depends on the type of ACL you are creating. For IP, TCP, and UDP ACLs, the following selection criteria can be specified: • • • • • • Source IP address Destination IP address Source port number Destination port number Type of Service (TOS) The accounting keyword specifies that LFAP accounting information about the flows that match the ‘permit’ rule are sent to the configured Flow Accounting Server (FAS).
Access Control List Configuration ACL Basics Each field in an ACL rule is position sensitive. For example, for a rule for TCP traffic, the source address must be followed by the destination address, followed by the source socket and the destination socket, and so on. Not all fields of an ACL rule need to be specified. If a particular field is not specified, it is treated as a wildcard or “don't care” condition. However, if a field is specified, that particular field will be matched against the packet.
ACL Basics Access Control List Configuration If you were to reverse the order of the two rules: acl 101 permit tcp any any any any acl 101 deny tcp 10.2.0.0/16 any any any all TCP packets would be allowed to go through, including traffic from subnet 10.2.0.0/16. This is because TCP traffic coming from 10.2.0.0/16 would match the first rule and be allowed to go through. The second rule would not be looked at since the first match determines the action taken on the packet. 24.1.
Access Control List Configuration ACL Basics If a packet comes in from a network other than 10.1.20.0/24, you might expect the packet to go through because it doesn’t match the first rule. However, that is not the case because of the implicit deny rule. With the implicit deny rule attached, the rule looks like this: acl 102 deny ip 10.1.20.0/24 any any any acl 102 deny any any any any any A packet coming from 10.1.20.0/24 would not match the first rule, but would match the implicit deny rule.
Creating and Modifying ACLs Note Access Control List Configuration The ports that are associated with the interface to which the ACL is applied must reside on updated RS hardware. The following ACL illustrates this feature: acl 101 permit tcp established acl 101 apply interface int1 input Any incoming TCP packet on interface int1 is examined, and if the packet is in response to an internal request, it is permitted; otherwise, it is rejected.
Access Control List Configuration Creating and Modifying ACLs The following ACL commands stored the text file acl.changes will be used to redefine ACL 101 and apply the ACL to interface int12: acl 101 deny tcp 10.11.0.0/16 10.12.0.0/16 acl 101 permit tcp 10.11.0.0 any acl 101 apply interface int12 input If the changes are accessible from a TFTP server, you can upload and make the changes take effect by issuing commands like the following: rs# rs# rs# rs# copy copy copy copy tftp://10.1.1.
Using ACLs 24.3 Access Control List Configuration USING ACLS It is important to understand that an ACL is simply a definition of packet characteristics specified in a set of rules. An ACL must be enabled in one of the following ways: • Applying an ACL to an interface, which permits or denies traffic to or from the RS. ACLs used in this way are known as interface ACLs. • Applying an ACL to a service, which permits or denies access to system services provided by the RS.
Access Control List Configuration 24.3.2 Using ACLs Applying ACLs to Services ACLs can also be created to permit or deny access to system services provided by the RS; for example, HTTP or Telnet servers. This type of ACL is known as a Service ACL. By definition, a Service ACL is for controlling inbound packets to a service on specific interfaces on the router.
Using ACLs 24.3.4 Access Control List Configuration Using ACLs as Profiles You can use the acl command to define a profile. A profile specifies the criteria that addresses, flows, hosts, or packets must meet to be relevant to certain RS features. Once you have defined an ACL profile, you can use the profile with the configuration command for that feature. For example, the Network Address Translation (NAT) feature on the RS allows you to create address pools for dynamic bindings.
Access Control List Configuration Using ACLs For example, you can define an IP policy that causes all telnet packets travelling from source network 9.1.1.0/24 to destination network 15.1.1.0/24 to be forwarded to destination address 10.10.10.10. You use a Profile ACL to define the selection criteria (in this case, telnet packets travelling from source network 9.1.1.0/24 to destination network 15.1.1.0/24).
Using ACLs Access Control List Configuration The following command creates a rate limit definition that causes flows matching Profile ACL prof2’s selection criteria (that is, traffic from 1.2.2.2) to be restricted to 10 Mbps for each flow. If this rate limit is exceeded, the packets are dropped.
Access Control List Configuration Using ACLs Using Profile ACLs with the Port Mirroring Facility Port mirroring refers to the RS’s ability to copy traffic on one or more ports to a “mirror” port, where an external analyzer or probe can be attached. In addition to mirroring traffic on one or more ports, the RS can mirror traffic that matches selection criteria defined in a Profile ACL. For example, you can mirror all IGMP traffic on the RS.
Enabling ACL Logging Access Control List Configuration The following command creates a Web caching policy that prevents packets matching Profile ACL prof4’s selection criteria (that is, packets with a source address of 10.10.10.10 and a destination address of 1.2.3.4) from being redirected to a cache server. Packets that match the profile’s selection criteria are sent to the Internet instead.
Access Control List Configuration Monitoring ACLs When ACL logging is turned on, the router prints out a message on the console about whether a packet is dropped or forwarded. If you have a Syslog server configured for the RS, the same information will also be sent to the Syslog server. The following commands define an ACL and apply the ACL to an interface. In this case, logging is enabled for a specific ACL rule: acl 101 deny ip 10.2.0.
Monitoring ACLs 24-16 Riverstone Networks RS Switch Router User Guide Release 8.
25 SECURITY CONFIGURATION The RS provides security features that help control access to the RS and filter traffic going through the RS. Access to the RS can be controlled by: • • • • • Enabling RADIUS Enabling TACACS Enabling TACACS+ Password authentication Secure shell protocol Traffic filtering on the RS enables: • • Layer-2 security filters - Perform filtering on source or destination MAC addresses.
Configuring RS Access Security Security Configuration You can configure up to five RADIUS server targets on the RS. A timeout is set to tell the RS how long to wait for a response from RADIUS servers. Note Verify parameter values before saving radius commands to the active or startup configuration file on the RS. Any misconfiguration can effectively lock you out of the CLI.
Security Configuration Configuring RS Access Security To monitor RADIUS, enter the following commands in Enable mode: Show 7 &" server statistics. radius show stats Show all 7 &" parameters. radius show all 25.1.2 Configuring TACACS In addition, Enable mode access to the RS can be made secure by enabling a Terminal Access Controller Access Control System (TACACS) client. Without TACACS, TACACS+, or RADIUS enabled, only local password authentication is performed on the RS.
Configuring RS Access Security Security Configuration To configure TACACS+ security, enter the following commands in Configure mode: Specify a TACACS+ server and configure server-specific parameters. tacacs-plus set server Set time that TACACS+ server is ignored after it has tacacs-plus set deadtime failed. Set authentication key for TACACS+ server. tacacs-plus set key Determine the RS action if there is no server response within a given time.
Security Configuration 25.1.4 Configuring RS Access Security Configuring Passwords The RS provides password authentication for accessing the User and Enable modes. If TACACS, TACACS+, or RADIUS is not enabled on the RS, only local password authentication is performed. To configure RS passwords, enter the following commands in Configure mode: Set User mode password. system set password login Set Enable mode password. system set password enable 25.1.
Layer-2 Security Filters Security Configuration The SSH server on r1 responds with its public host and server keys. The client on r2 checks the received host key to make sure that the key has not changed since the last SSH session between the client and this server. If the host key is different from the host key used in the last SSH session with this server, you are asked if you want to continue to connect to the server.
Security Configuration Layer-2 Security Filters Static entry filters These filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port. Secure port filters A secure filter shuts down access to the RS based on MAC addresses. All packets received by a port are dropped.
Layer-2 Security Filters 25.2.3 Security Configuration Configuring Layer-2 Static Entry Filters Static entry filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port.
Security Configuration Layer-2 Security Filters To configure Layer-2 secure port filters, enter the following commands in Configure mode: Configure a source secure port filter. filters add secure-port name direction source vlan in-port-list Configure a destination secure port filter. 25.2.
Layer-2 Security Filters Security Configuration Example 1: Address Filters Source filter: The consultant is not allowed to access any file servers. The consultant is only allowed to interact with the engineers on the same Ethernet segment – port et.1.1. All traffic coming from the consultant’s MAC address will be dropped. filters add address-filter name consultant source-mac 001122:334455 vlan 1 in-port-list et.1.1 Destination filter: No one from the engineering group (port et.1.
Security Configuration Layer-2 Security Filters or filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow Flow static entry: Restrict "login multicasts" originating from the consultant from reaching the finance servers. filters add static-entry name consult-to-mcasts source-mac 001122:334455 dest-mac 010000:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.
Layer-3 Access Control Lists (ACLs) Security Configuration To allow ONLY the engineering manager access to the engineering servers, you must "punch" a hole through the secure-port wall. A "source static-entry" overrides a "source secure port". filters add static-entry name eng-mgr source-mac 080060:123456 vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow Destination secure port: To block access to all file servers on all ports from port et.1.
Security Configuration Layer-4 Bridging and Filtering To illustrate this, the following diagram shows an RS serving as a bridge for a consultant host, file server, and an engineering host, all of which reside on a single subnet. Router et.1.1 Consultant 1.1.1.1/24 et.1.2 File Server 1.1.1.2/24 et.1.3 Engineer 1.1.1.
Layer-4 Bridging and Filtering 25.4.2 Security Configuration Placing the Ports on the Same VLAN Once you have created a VLAN for the ports to be used in layer-4 bridging, you add those ports to the VLAN. To add ports to a VLAN, enter the following command in Configure mode: Add ports to a VLAN. vlan add ports to To add the ports in the example in Figure 25-2, to the blue VLAN you would enter the following command: rs(config)# vlan add ports et.1.1,et.1.2,et.1.3 to blue 25.4.
Security Configuration Layer-4 Bridging and Filtering The following is an example: acl 100 permit ip any any smtp acl 100 deny ip any any http acl 200 permit any any smtp acl 200 permit any any http acl 200 permit any any ftp ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other than SMTP is denied. ACL 200 explicitly permits SMTP, HTTP, and FTP traffic.
Layer-4 Bridging and Filtering Security Configuration • If you use a SmartTRUNK in a with Layer-4 Bridging VLAN, the RS maintains the packet order on a per-flow basis, rather than per-MAC pair. This means that for traffic between a MAC pair consisting of more than one flow, the packets may be disordered if they go through a SmartTRUNK. For traffic that doesn’t go through a SmartTRUNK, the per-MAC pair packet order is kept.
26 QOS CONFIGURATION The RS allows network managers to identify traffic and set Quality of Service (QoS) policies without compromising wire speed performance. The RS can guarantee bandwidth on an application by application basis, thus accommodating high-priority traffic even during peak periods of usage. QoS policies can be broad enough to encompass all the applications in the network, or relate specifically to a single host-to-host application flow.
Layer-2, Layer-3 and Layer-4 Flow Specification QoS Configuration Separate buffer space is allocated to each of these four priority queues. By default, buffered traffic in higher priority queues is forwarded ahead of pending traffic in lower priority queues. This is the strict priority queuing policy. During heavy loads, low-priority traffic can be dropped to preserve the throughput of the higher-priority traffic.
QoS Configuration • RS Queuing Policies IPX - Destination network – 1 Source network – 2 Destination node – 3 Source node – 4 Destination port – 5 Source port – 6 Interface – 7 Use the qos precedence ip and qos precedence ipx commands to change the default precedence. 26.3 RS QUEUING POLICIES There are two types of queuing policies you can use on the RS: Strict priority – Assures the higher priorities of throughput but at the expense of lower priorities.
Traffic Prioritization for Layer-2 Flows 26.4.1 QoS Configuration Configuring Layer-2 QoS When applying QoS to a layer-2 flow, priority can be assigned as follows: • • The frame gets assigned a priority within the switch. Select low, medium, high or control. The frame gets assigned a priority within the switch, and if the exit ports are VLAN trunk ports, the frame is assigned an 802.1p priority. Select a number from 0 to 7.
QoS Configuration Traffic Prioritization for Layer-2 Flows For example, the following command creates the priority map all-low which maps all 802.1p priorities to the low internal priority queue: qos create priority-map all-low 0 low 1 low 2 low 3 low 4 low 5 low 6 low 7 low Once a priority map is created, it can then be applied to a set of ports, as shown in the following example: qos apply priority-map all-low ports et.1.1-4, gi.4.* In the above example, ports et.1.1-4 and ports gi.4.
Traffic Prioritization for Layer-3 & Layer-4 Flows 26.5 QoS Configuration TRAFFIC PRIORITIZATION FOR LAYER-3 & LAYER-4 FLOWS QoS policies applied at Layer-3 and -4 allow you to assign priorities based on specific fields in the IP and IPX headers. You can set QoS policies for IP flows based on source IP address, destination IP address, source TCP/UDP port, destination TCP/UDP port, type of service (TOS) and transport protocol (TCP or UCP).
QoS Configuration 26.5.2 Configuring RS Queueing Policy Configuring IPX QoS Policies To configure an IPX QoS policy, perform the following tasks: 1. Identify the Layer-3 or 4 flow, and set the IPX QoS policy. 2. Specify the precedence for the fields within an IPX flow. Setting an IPX QoS Policy To set a QoS policy on an IPX traffic flow, enter the following command in Configure mode: Set an IPX QoS policy.
Weighted Random Early Detection (WRED) 26.6.1 QoS Configuration Allocating Bandwidth for a Weighted-Fair Queuing Policy If you enable the weighted-fair queuing policy on the RS, you can allocate bandwidth for the queues on the RS. To allocate bandwidth for each queue, enter the following command in the Configure mode: Allocate bandwidth for a weighted-fair queuing policy. 26.
QoS Configuration Weighted Random Early Detection (WRED) The exponential-weighting-constant parameter specifies how fast the average queue size changes in response to changes in the actual queue depth. In effect, the rate of change of the average queue size can be dampened. The exponential-weighting-constant accepts values from zero (0) to three (3) when WRED is applied to input queues, and from zero (0) to seven (7) when WRED is applied to output queues.
ToS Rewrite 26.8 QoS Configuration TOS REWRITE IP packets that use different paths are subject to delays, as there is little inherent knowledge of how to optimize the paths for different packets from different applications or users. The IP protocol actually provides a facility, which has been part of the IP specification since the protocol’s inception, for an application or upper-layer protocol to specify how a packet should be handled. This facility is called the Type of Service (ToS) octet.
QoS Configuration • • • • • ToS Rewrite Source port Destination port ToS Port Interface When an IP packet is received, the ToS field of the packet is ANDed with the and the resulting value is compared with the ANDed value of and of the QoS policy. If the values are equal, the values of the and parameters will be written into the packet. The and parameters use values ranging from 0 to 255.
Monitoring QoS QoS Configuration The following example will rewrite the ToS Precedence and the ToS fields to 5 and 30 if the incoming packet is from the 10.10.10.0/24 network with the ToS Precedence field set to 2 and the ToS field set to 7. In this example, the MBZ bit is included in the ToS field. The figure below shows how the parameter values are derived. Incoming Packet: 0 1 0 0 0 ToS Precedence = 2 Mask (look at all bits): Rewritten ToS byte for 10.10.10.
QoS Configuration Limiting Traffic Rate 26.10 LIMITING TRAFFIC RATE Note Some commands in this facility require updated RS hardware. Rate limiting provides the ability to control the usage of a fundamental network resource, bandwidth. It allows you to limit the rate of traffic that flows through the specified interfaces, thus reserving bandwidth for critical applications.
Limiting Traffic Rate Note 26.10.1 QoS Configuration You can configure a maximum of 24 port and aggregate rate limiting policies per RS line card. Rate Limiting Modes Per-flow and flow-aggregate rate limiting is enabled on the RS by default. If you need to create aggregate or input port-level rate limiting policies, you must enable the aggregate rate limiting mode on each affected line card.
QoS Configuration Limiting Traffic Rate To define a per-flow rate limit policy and apply the policy to an interface, enter the following commands in Configure mode: Define a per-flow rate limit policy. rate-limit input acl rate exceed-action drop-packets | set-priority-low | set-priority-medium | set-priority-high [sequence ] Apply a per-flow rate limit profile to rate-limit apply interface | all an interface. 26.10.
Limiting Traffic Rate QoS Configuration To define a port rate limit policy, use the following commands in the Configure mode: Define a port rate limit policy to limit incoming traffic on a port. rate-limit port-level input rate port {drop-packets | no-action | lower-priority | lower-priority-except-control | tos-precedence-rewrite | tos-precedence-rewrite-lower-priority } Define a port rate limit policy to limit outgoing traffic on a port.
QoS Configuration Limiting Traffic Rate To define an aggregate rate limit policy and apply the policy to an interface, use the following commands in the Configure mode: Define an aggregate rate limit policy.
Limiting Traffic Rate 26.10.6 QoS Configuration Example Configurations This section includes examples of rate limiting policy configurations. Per-Flow Rate Limiting The following is an example of configuring per-flow rate limiting on the RS. 1.1.1.1/8 et.1.1 Backbone et.1.8 2.2.2.2/8 Router et.1.2 3.3.3.3/8 ipclient1 ipclient2 Figure 26-5 Per-flow rate limiting Traffic from two interfaces, ipclient1 with IP address 1.2.2.2 and ipclient2 with IP address 3.1.1.
QoS Configuration Limiting Traffic Rate Aggregate Rate Limiting In the following example, incoming FTP and HTTP traffic to the subnetwork 122.132.0.0/16 will be rate limited to 4 Mbps and 2 Mbps, respectively: system enable aggregate-rate-limiting slot 1 interface create ip engintf address-netmask 122.132.10.23/16 port et.1.6 acl engftp permit ip 122.132.0.0/16 any any 20 rate-limit engftp aggregate acl engftp rate 4000000 drop-packets acl enghttp permit ip 122.132.0.
Limiting Traffic Rate 26-20 Riverstone Networks RS Switch Router User Guide Release 8.
27 PERFORMANCE MONITORING The RS is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the RS, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain information on performance statistics and traffic forwarding. Thus the RS provides the capability to monitor performance at Layer 2, 3, and 4. Layer-2 performance information is accessible to SNMP through MIB-II and can be displayed by using the l2-tables command in the CLI.
Configuring the RS for Port Mirroring Performance Monitoring Show multicast statistics. statistics show multicast Show port error statistics. statistics show port-errors Show potential physical layer errors. statistics show phy-errors Show port normal statistics. statistics show port-stats Show RMON etherStats statistics. statistics show rmon Show traffic summary statistics. statistics show summary-stats Show most active tasks. statistics show top Show TCP statistics.
Performance Monitoring 27.2 Monitoring Broadcast Traffic MONITORING BROADCAST TRAFFIC The RS allows you to monitor broadcast traffic for one or more ports, and for the control module. You can specify that a port be shut down if its broadcast traffic reaches a certain rate limit for a particular period of time. Additionally, you can configure the RS to shut down for a specified period, if the packets sent to the control module reach a certain limit during a specified time interval.
Monitoring Broadcast Traffic 27-4 Riverstone Networks RS Switch Router User Guide Release 8.
28 RMON CONFIGURATION You can employ Remote Network Monitoring (RMON) in your network to help monitor traffic at remote points on the network. With RMON, data collection and processing is done with a remote probe, namely the RS. The RS also includes RMON agent software that communicates with a network management station via SNMP. Because information is only transmitted from the RS to the management station when required, SNMP traffic on the network and the management station’s processing load are reduced.
Configuring and Enabling RMON 28.1.1 RMON Configuration Example of RMON Configuration Commands The following are examples of the commands to configure and enable RMON on the RS: 1 : port flow-bridging et.5.(3-8) * ! 2 : interface add ip en0 address-netmask 10.50.6.9/16 ! 3 : system set contact "usama" 4 : system set location Riverstone Networks, Inc.
RMON Configuration Configuring and Enabling RMON You can configure each level of RMON support independently of each other with default tables on or off. For example, you can configure Lite with default tables on for ports et.1.(1-8) and then configure Standard with no default tables for the same ports. You cannot configure Lite on one set of ports and Standard on another set of ports. Lite RMON Groups This section describes the RMON groups that are enabled when you specify the Lite support level.
Configuring and Enabling RMON RMON Configuration Professional RMON Groups The Professional RMON groups correspond to the RMON 2 groups defined in RFC 2021. While RMON 1 groups allow for the monitoring of packets at the MAC layer, RMON 2 groups focus on monitoring traffic at the network and application layers. The Professional RMON groups are shown in the table below.
RMON Configuration Professional groups: Using RMON Protocol Distribution Address Map Application Layer/Network Layer Host Application Layer/Network Layer Matrix A row in the control table is created for each port on the RS, with the owner set to “monitor”. If you want, you can change the owner by using the appropriate rmon command. See the section Section 28.3, "Configuring RMON Groups" in this chapter for more the command to configure a specific group. Note 28.
Configuring RMON Groups RMON Configuration To find out which host or user is using these applications/protocols on this port, use the following command: rs# rmon show al-matrix et.5.5 RMON II Application Layer Host Table Index: 500, Port: et.5.5, Inserts: 4, Deletes: SrcAddr DstAddr Packets ------------------10.50.89.88 15.15.15.3 1771 10.50.89.88 15.15.15.3 1125 10.50.89.88 15.15.15.3 1122 10.50.89.88 15.15.15.3 3 28.3 0, Owner: monitor Octets Protocol ------ -------272562 *ether2.
RMON Configuration To configure the Filter group, you must configure both the Channel and Filter control tables.
Configuring RMON Groups RMON Configuration To configure the Protocol Distribution group. rmon protocol-distribution index port [owner ] [status enable|disable] To configure the User History group, you must configure the group of objects to be monitored and apply the objects in the group to the User History control table.
RMON Configuration • Displaying RMON Information Rising and falling event index values are 15, which will trigger the previously-configured Event. rs#(config) rmon alarm index 20 variable 1.3.6.1.2.1.31.1.5.0 interval 300 startup both type absolute-value rising-threshold 1 falling-threshold 1 rising-event-index 15 falling-event-index 15 owner "help desk" 28.
Displaying RMON Information RMON Configuration To show all user history logs. rmon show user-history To show probe configuration. rmon show probe-config [basic] [net-config] [trap-dest] 1To display Ethernet statistics and related statistics for WAN ports, RMON has to be activated on that port. To activate RMON on a port, use the frame-relay define service or ppp define service command, and the frame-relay apply service or ppp apply service command. For additional information, refer to Section 30.4.
RMON Configuration Displaying RMON Information The following shows the same rmon show hosts command with a filter applied so that only hosts with inpkts greater than 500 are displayed: rs# rmon apply cli-filter 4 rs# rmon show hosts et.5.4 RMON I Host Table Filter: inpkts > 500 Address Port InPkts --------------00001D:9D8138 et.5.4 1204 01000C:CCCCCC et.5.4 2389 0180C2:000000 et.5.4 1540 080020:835CAA et.5.4 940 FFFFFF:FFFFFF et.5.
Troubleshooting RMON 28.5 RMON Configuration TROUBLESHOOTING RMON If you are not seeing the information you expected with an rmon show command, or if the network management station is not collecting the desired statistics, first check that the port is up. Then, use the rmon show status command to check the RMON configuration on the RS. Check the following fields on the rmon show status command output: rs# rmon show status RMON Status ----------* RMON is ENABLED * RMON initialization successful.
RMON Configuration 28.6 Allocating Memory to RMON ALLOCATING MEMORY TO RMON RMON allocates memory depending on the number of ports enabled for RMON, the RMON groups that have been configured, and whether or not default tables have been turned on or off. Enabling RMON with all groups (Lite, Standard, and Professional) with default tables uses approximately 300 Kbytes per port. If necessary, you can dynamically allocate additional memory to RMON.
Allocating Memory to RMON RMON Configuration The maximum amount of memory that you can allocate to RMON depends upon the RS model, as shown in the table below. Table 28-4 Maximum memory allocations to RMON RS platform Maximum memory RS 32000 96 MB RS 8600 48 MB RS 8000 24 MB RS 3000, RS 2100, RS 2000, RS 1000 12 MB 28-14 Riverstone Networks RS Switch Router User Guide Release 8.
29 LFAP CONFIGURATION GUIDE 29.1 OVERVIEW The Lightweight Flow Accounting Protocol (LFAP) agent, as originally defined in RFC 2124, is a TCP-oriented protocol used to push accounting information collected on the RS to a flow accounting server. The LFAP agent uses ACLs to determine the IP traffic on which accounting information will be collected.
Configuring the LFAP Agent on the RS LFAP Configuration Guide • One or more accounting servers. The main responsibility of the accounting server is to listen for LFAP messages from the RS on the network and collect the information. A single accounting server can collect data from multiple RS. • Optional 3rd party billing/accounting application. Figure 29-1 shows the interactions between LFAP on the RS, the accounting server, and a third party billing and accounting application.
LFAP Configuration Guide Monitoring the LFAP Agent on the RS The accounting 15-minutes keyword tells the accounting server what size flow records to create. It does not affect the RS. For example, the accounting 15-minutes keyword causes the accounting server to break flows on exact 15 minute boundaries (e.g. 10:00, 10:15, 10:30, etc.). This allows the billing application to calculate a bit rate.
Monitoring the LFAP Agent on the RS 29-4 Riverstone Networks RS Switch Router User Guide Release 8.
30 WAN CONFIGURATION This chapter provides an overview of: • • • • Wide Area Network (WAN) applications in Section 30.2, "Configuring WAN Interfaces". • Clear Channel T3 and E3 configurations inSection 30.17, "Clear Channel T3 and E3 Services Overview". • • • Inverse Multiplxer in Section 30.14, "Inverse Multiplexer Overview". Frame Relay configuration in Section 30.3, "Frame Relay Overview". PPP configuration in Section 30.7, "Point-to-Point Protocol (PPP) Overview".
Configuring WAN Interfaces WAN Configuration For example, you would specify a frame relay serial WAN port located at router slot 4, port 1, on VC 100 as “se.4.1.100.” Using the same approach, a PPP high-speed serial interface (HSSI) WAN port located at router slot 3, port 2 would be identified as “hs.3.2.” 30.2 CONFIGURING WAN INTERFACES Configuring IP and IPX interfaces for the WAN is generally the same as for the LAN.
WAN Configuration Configuring WAN Interfaces The following command line displays an example for a VLAN: rs(config)# interface create ip IPWAN address-netmask 10.50.1.1/16 peer-address 10.50.1.2 vlan BLUE Mapped Addresses Mapped peer IP/IPX addresses are very similar to static addresses in that InArp is disabled for Frame Relay and the address negotiated in IPCP/IPXCP is ignored for PPP. Mapped addresses are most useful when you do not want to specify the peer address using the interface create command.
Configuring WAN Interfaces 30.2.3 WAN Configuration Forcing Bridged Encapsulation WAN for the RS has the ability to force bridged packet encapsulation. This feature has been provided to facilitate seamless compatibility with Cisco routers, which expect bridged encapsulation in certain operating modes. The following command line displays an example for Frame Relay: rs(config)# frame-relay set fr-encaps-bgd ports hs.5.2.
WAN Configuration Configuring WAN Interfaces Link Integrity Links with high packet loss or links that are extremely over-subscribed may not perform as well with compression enabled. If this is the situation on your network, you should not enable compression histories. This applies only to PPP compressions. In Frame Relay compression, histories are always used. Compression histories take advantage of data redundancy between packets.
Configuring WAN Interfaces WAN Configuration levels of bandwidth allocated than less time-sensitive traffic such as file transfers or e-mail. Simply adding more and more bandwidth to a network is not a viable solution to the problem. WAN access is extremely expensive, and there is a limited (albeit huge) supply. Therefore, making the most effective use of existing bandwidth is now a more critical issue than ever before.
WAN Configuration Frame Relay Overview Congestion Management One of the most important features of configuring the RS to ensure Quality of Service is the obvious advantage gained when you are able to avoid network congestion. The following topics touch on a few of the most prominent aspects of congestion avoidance when configuring the RS. Random Early Discard (RED) Random Early Discard (RED) allows network operators to manage traffic during periods of congestion based on policies.
Configuring Frame Relay Interfaces for the RS 30.3.2 WAN Configuration Permanent Virtual Circuits (PVCs) WAN interfaces can take advantage of connections that assure a minimum level of available bandwidth at all times. These standing connections, called Permanent Virtual Circuits (PVCs), allow you to route critical packet transmissions from host to peer without concern for network congestion significantly slowing, let alone interrupting, your communications.
WAN Configuration Note Monitoring Frame Relay WAN Ports The RS comes with a set of “default values” for Frame Relay interface configuration settings, which means that setting up a Frame Relay service profile is not absolutely necessary to begin sending and receiving Frame Relay traffic on your RS.
Frame Relay Port Configuration 30.6 WAN Configuration FRAME RELAY PORT CONFIGURATION To configure frame relay WAN ports, you must first define the type and location of the WAN interface, optionally “set up” a library of configuration settings, then apply those settings to the desired interface(s). The following examples are designed to give you a small model of the steps necessary for a typical frame relay WAN interface specification.
WAN Configuration • Configuring PPP Interfaces Finally, when the network-layer protocols have been configured, both the host and remote peer can send packets to one another using any and all of the configured network-layer protocols. The link will remain active until explicit LCP or NCP frames instruct the host and/or the peer router to close the link, or until some external event (i.e., user interruption or system time-out) takes place.
Configuring PPP Interfaces Note WAN Configuration The RS comes with a set of default values for PPP interface configuration settings, which means that setting up a PPP service profile is not absolutely necessary to begin sending and receiving PPP traffic on your RS. After you configure one or more service profiles for your PPP interface(s), you can then apply a service profile to active PPP WAN ports, specifying their behavior when handling PPP traffic.
WAN Configuration Monitoring PPP WAN Ports The following table describes the commands for configuring MLP: Add PPP port(s) to an MLP bundle. ppp add-to-mlp port Create MLP bundle(s). ppp create-mlp slot Set MLP encapsulation format. ppp set mlp-encaps-format ports [format short-format] Set the size of frames that fragmented for transmission on an MLP bundle.
PPP Port Configuration WAN Configuration 30.10 PPP PORT CONFIGURATION To configure PPP WAN ports, you must first define the type and location of the WAN interface, optionally “set up” a library of configuration settings, then apply those settings to the desired interface(s). The following examples are designed to give you a small model of the steps necessary for a typical PPP WAN interface specification.
WAN Configuration Cisco HDLC WAN Port Configuration 30.11 CISCO HDLC WAN PORT CONFIGURATION To configure Cisco HDLC ports, you must first define the type and location of the WAN interface, optionally “set up” a library of configuration settings, then apply those settings to the desired interface(s). The following examples are designed to give you a small model of the steps necessary for a Cisco HDLC WAN interface specification.
Cisco HDLC Configuration Example 30.11.3 WAN Configuration Assigning IP Addresses to a Cisco HDLC WAN Port The interface address of the local Cisco HDLC WAN port and peer address must conform to the following rules: 1. The interface and peer addresses should belong to the same subnet. 2. The host part of the addresses should be either 1 or 2. If the host part of the interface address is 1, then the peer address should be 2, and vice-versa. For example on routers RS1 and RS2, in subnet 123.45.67.
WAN Configuration WAN Rate Shaping 30.13 WAN RATE SHAPING WAN rate shaping provides a way to send traffic from Ethernet ports out through a WAN port in a controlled and equitable manner. For instance, incoming traffic from several Ethernet ports enter the WAN network through a single serial port. Normally, the Ethernet flows would compete with each other for bandwidth through the serial port, resulting in congestion and dropped packets.
WAN Rate Shaping Note WAN Configuration If Be is defined in a rate shaping template, a good rule of thumb is to set its value roughly equal to Bc / 2. Use the wan apply command to apply the template to a WAN port. Specify Ethernet flows within the wan apply command using one of the following identifiers: Destination IP address Any Ethernet flow attempting to reach this destination IP address is rate shaped according to the template.
WAN Configuration WAN Rate Shaping Next, the number of bits from each rate-shaped Ethernet flow is measured as they pass through the WAN port. These measurements are taken during equal sampling intervals (Tc), which are some fraction of one second. During a sampling interval, if the number of bits from a flow exceeds a pre-set value, called the Committed Burst Size (Bc), the rate shaping algorithm stops the Ethernet flow from sending packets directly through the WAN port.
WAN Rate Shaping WAN Configuration 2. The number of bits sent through the WAN port exceeds Bc. If Be is not defined or if there is no extra bandwidth available on the WAN interface, packets begin to be queued. 3. The number of bits sent through the WAN port exceeds Bc. This occurs only if Be is defined and there is extra bandwidth available. 4. The number of bits sent through the WAN port has exceeds Bc + Be, and packets are queued. 5.
WAN Configuration WAN Rate Shaping From Metro Backbone, Subnet 124.141.77.0/24 To Metro Backbone t3.6.1 R2 WAN t3.6.1 et.2.1 Switch One Floor One Figure 30-2 R1 et.2.7 et.3.
WAN Rate Shaping WAN Configuration Once the templates are applied, all Ethernet flows on R1 originating from ports et.2.1, et.2.7, and et.3.8 are rate shaped to a maximum of 150 kbps, while Ethernet flows on R2 originating from subnet 124.141.77.0 are rate shaped to a maximum of 170 Kbps in the opposite direction. 30.13.4 Using WAN Rate Shaping The following section lists a few situations to keep in mind when using WAN rate shaping.
WAN Configuration WAN Rate Shaping Performing Rate Limiting If the burst-queue-depth is set to zero for a particular template, WAN rate shaping for the affected flows effectively becomes rate limiting. This switch to rate limiting occurs because without a queue, packets are simply dropped whenever the bit rate of a flow reaches Bc and/or Be. Non-Rate Shaped Flows If Ethernet flows that are not controlled by a WAN rate shaping template are mixed with flows that are controlled.
Inverse Multiplexer Overview WAN Configuration 30.14 INVERSE MULTIPLEXER OVERVIEW The Inverse Multiplexer (IMUX) feature allows the Riverstone RS Switch Router to inter-operate with those Cabletron Systems products that only support the WAN IMUX (Wide Area Networking Inverse Multiplexer) feature. The RS Switch Router already implements a method of WAN link aggregation using Multilink PPP (MPPP) as detailed in RFC1990. The IMUX functionality is added as an extension to the MPPP functionality.
WAN Configuration WAN Configuration Examples 30.15 WAN CONFIGURATION EXAMPLES 30.15.1 Simple Configuration File The following is an example of a simple configuration file used to test frame relay and PPP WAN ports: port set hs.5.1 wan-encapsulation frame-relay speed 45000000 port set hs.5.2 wan-encapsulation ppp speed 45000000 interface create ip fr1 address-netmask 10.1.1.1/16 port hs.5.1.100 interface create ip ppp2 address-netmask 10.2.1.1/16 port hs.5.2 interface create ip lan1 address-netmask 10.
WAN Configuration Examples WAN Configuration R5 100.100.100.5 se.4.1 100.100.100.4 se.6.3 et.1.1 50.50.50.15 50.50.50.5 SmartBits IP packet generator PPP wan-encaps. subnet S1 R4 SmartBits IP 30.30.30.13 100.100.100.4 se.6.1 100.100.100.3 se.2.1 et.1.1 30.30.30.3 100.100.100.3 100.100.100.1 R1 Frame Relay wan-encaps. subnet S1 VC = 304 PPP wan-encaps. subnet S3 R3 hs.4.1 hs.4.2 130.130.130.3 Frame Relay wan-encaps. subnet S1 VC = 103 hs.3.1 hs.3.2 hs.7.1 120.120.120.1 R2 120.
WAN Configuration WAN Configuration Examples Router R1 Configuration File The following configuration file applies to Router R1. Configuration for ROUTER R1 ---------------------------------------------------------------------port set hs.7.1 wan-encapsulation frame-relay speed 45000000 port set hs.3.1 wan-encapsulation frame-relay speed 45000000 port set hs.3.2 wan-encapsulation ppp speed 45000000 port set et.1.* duplex full frame-relay create vc port hs.7.1.106 frame-relay create vc port hs.3.1.
WAN Configuration Examples WAN Configuration Router R3 Configuration File The following configuration applies to Router 3. Configuration for ROUTER R3 ---------------------------------------------------------------------port set se.2.1 wan-encapsulation frame-relay speed 1500000 port set et.1.* duplex full port set hs.4.1 wan-encapsulation frame-relay speed 45000000 port set hs.4.2 wan-encapsulation ppp speed 45000000 frame-relay create vc port se.2.1.304 frame-relay create vc port hs.4.1.
WAN Configuration WAN Configuration Examples Router R5 Configuration File The following configuration file applies to Router R5 !Configuration for ROUTER R5 port set se.4.1 wan-encapsulation ppp speed 1500000 port set et.1.* duplex full vlan create s1 id 200 interface create ip lan1 address-netmask 50.50.50.5/16 port et.1.1 vlan add ports se.4.1 to s1 interface create ip s1 address-netmask 100.100.100.
Channelized T1, E1 and T3 Services Overview WAN Configuration 30.16 CHANNELIZED T1, E1 AND T3 SERVICES OVERVIEW The Channelized T1 and E1 services are full duplex TDM services that provide aggregation for low speed services that have different bandwidth requirements, such as voice, data, video, and so on, using one or more 64 kbps (DS0) channels.
WAN Configuration Channelized T1, E1 and T3 Services Overview Table 30-2 T1 and E1 Framing and Line Coding Schemes Interface Framing Line Coding T1 • • • • Bipolar 8 zero substitution (B8ZS) • • High-density bipolar 3 (HDB3) Extended Superframe Format (ESF) Superframe — D4 Framing (SF) Alternate Mark Inversion (AMI) Japanese variants of these formats are also supported: S • E1 • • 'FB ) 'FB ) CRC4, cyclic redundancy check 4 NOCRC4, International (Si) Bits used Warning 30.16.
Channelized T1, E1 and T3 Services Overview WAN Configuration DS1 Test Port Control for the RS 32000 and RS 38000 CT3 Each Channelized T3 port has an associated T1 test port, which provides access to any of the DS1 channels within a Channelized T3 (see Figure 30-4). You can configure the test port in either monitor or break-out mode. • In monitor mode, you may connect an external analyzer to a test port to allow transparent monitoring of data on a given selected DS1 channel.
WAN Configuration Channelized T1, E1 and T3 Services Overview Configuring a Channelized T1 Interface The following commands are an example of configuring a basic Channelized T1 interface. rs(config)# port set t1.2.(1-4) framing esf fdl ansi lbo -7.5db rs(config)# port set t1.2.(1-4):1 timeslots 1-24 wan-encapsulation ppp For the Channelized T1 interface example: • • • • • • port set t1.2.(1-4):1 - Configures the following parameters for ports 1 through 4.
Channelized T1, E1 and T3 Services Overview WAN Configuration Basic Channelized T1, E1 and T3 Interface Functions MLPs Multilink PPP (MLPs) is a set of multiple physical links grouped into a logical pipe called an MLP bundle. Channelized T1 and E1 MLPs can be used for splitting, recombining and sequencing datagrams. Create a MLP with Channelized T1 lines using the following commands. rs(config)# ppp create-mlp mp.1 slot 2 rs(config)# ppp add-to-mlp mp.1 port t1.2.
WAN Configuration Channelized T1, E1 and T3 Services Overview Configuring Frame Relay over Channelized T1, E1 and T3 Interfaces Configure Frame Relay over a Channelized T1, E1 or T3 interface as follows: port set t1.4.1:1 timeslots 1-4 wan-encapsulation frame-relay port set e1.5.1:1 timeslots 1-4 wan-encapsulation frame-relay port set t3.6.1:1 timeslots 1-4 wan-encapsulation frame-relay frame-relay create vc port t1.4.1:1.103 frame-relay create vc port e1.5.1:1.105 frame-relay create vc port t3.6.1:1.
Channelized T1, E1 and T3 Services Overview WAN Configuration Example: Configuring Loopbacks and Using BERT Testing on a DS1 Interface This example shows the use of BERT to test a structured DS1 interface for a duration of one hour. enable config !----------------------------------------------------------------------------! Configure loopback !----------------------------------------------------------------------------port set t1.2.1 framing esf lbo -7.5db port set t1.2.
WAN Configuration Channelized T1, E1 and T3 Services Overview Example: Configuring Loopbacks and Using BERT Testing on a DS3 Interface This example shows the use of BERT to do an internal test of the 15th DS1 line of a DS3 interface for a duration of one hour. enable config !----------------------------------------------------------------------------! Configure loopback !----------------------------------------------------------------------------port set t3.2.
Channelized T1, E1 and T3 Services Overview WAN Configuration Example: Configuring Loopbacks and Using BERT Testing on a Channelized E1 Interface This example shows the use of BERT to test a structured E1 interface for a duration of one hour. enable config !----------------------------------------------------------------------------! Configure loopback !----------------------------------------------------------------------------port set e1.3.1 framing nocrc4 international-bits 0 port set e1.3.
WAN Configuration Clear Channel T3 and E3 Services Overview 30.17 CLEAR CHANNEL T3 AND E3 SERVICES OVERVIEW Clear Channel T3 and E3 utilizes the full DS3 bandwidth for data transmission as shown in Table 30-4. Table 30-4 Clear Channel T3 and E3 Interface Rates Interface Capacity (Mbps) T3 44.736 E3 34.368 30.17.1 Clear Channel T3 and E3 Service Interface Module Each Clear Channel T3 and E3 WAN Interface Card (WIC) has one port, and an internal CSU/DSU.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration 30.18 SCENARIOS FOR DEPLOYING CHANNELIZED T1, E1 AND T3 This section describes some scenarios for deploying Channelized T1, E1 and T3. There are nine scenarios, which cover the deployment for: • • Bridged MSP MTU/MDU aggregation (see Section 30.18.1) Routed inter-office connections through an Internet Service Provider (ISP) • With only Channelized T1 on the RS 8000 and RS 8600 (see Section 30.18.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 MTU/MDU MTU/MDU rsite3 rsite4 MTU/MDU rsite2 MTU/MDU T1 ( x 4 ) T1 ( x 4 ) rsite5 T1 ( x 4 ) T1 ( x 4 ) MTU/MDU TELCO (PSTN) MTU/MDU hqsite T1 ( x 4 ) rsite6 T1 ( x 4 ) T1 ( x 4 ) RS 3000 MTU/MDU rsite7 T3 ( 28 T1s) POS Internet RS 32000 Metropolitan Sevice Provider Figure 30-5 Bridged MSP MTU/MDU Aggregation Riverstone Networks RS Switch Router User Guide Release 8.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration Metropolitan Service Provider RS 32000 Configuration The following configuration applies to the RS 32000 router at the Metropolitan Service Provider. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 hqsite RS 3000 Configuration The following configuration applies to the RS 3000 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the MSP: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 30.18.2 WAN Configuration Scenario 2: Routed Inter-Office Connections with Only T1 on RS 8x00 In this scenario, a company’s sites share data that is held at the Internet Service Provider (ISP). The company’s head office contains an RS 8600, and the remote sites each have an RS 3000. To access the shared data or the Internet, all sites have four T1 lines grouped into a Multilink PPP bundle to connect to the ISP, and so are just one hop away.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 rsite3 T1 RS 3000 120.210.2.1/24 RS 3000 120.210.3.1/24 T1 rsite4 T1 T1 RS 3000 120.210.4.1/24 T1 hqsite rsite5 T1 RS 8600 120.210.1.1/24 T1 T1 rsite6 rsite7 RS 3000 120.210.7.1/24 RS 3000 120.210.5.1/24 T1 RS 3000 120.210.6.1/24 TELCO (PSTN) T1 ( x 4 ) T3 T1 ( x 4 ) 12.20.10.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration ISP RS 32000 Configuration The following configuration applies to the RS 32000 router at the ISP. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 hqsite RS 8600 Configuration The following configuration applies to the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the ISP: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration rsite2 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite2. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the ISP: !----------------------------------------------------------------------------port set t1.2.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite3 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite3. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the ISP: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 30.18.3 WAN Configuration Scenario 3: Routed Inter-Office Connections with T1 and T3 on RS 8x00 In this scenario, a company’s sites share data that is held at the Internet Service Provider (ISP). The company’s head office contains an RS 8600, and the remote sites each have an RS 3000. All remote sites have four T1 lines grouped into a Multilink PPP bundle to connect to the RS 8600 at the head office.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 T1 RS 3000 120.210.2.1/24 rsite3 RS 3000 120.210.3.1/24 T1 ( x 4 ) T1 ( x 4 ) T1 rsite4 RS 3000 120.210.4.1/24 hqsite T1 ( x 4 ) T1 ( x 4 ) RS 8600 120.210.1.1/24 RS 3000 120.210.5.1/24 rsite6 T1 ( x 4 ) T1 ( x 4 ) rsite5 T1 RS 3000 120.210.6.1/24 rsite7 T3 RS 3000 120.210.7.1/24 12.20.10.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration ISP RS 32000 Configuration The following configuration applies to the RS 32000 router at the ISP. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 hqsite RS 8600 Configuration The following configuration applies to the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration The following configuration applies to the T1 interfaces on the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the ISP: !----------------------------------------------------------------------------port set t1.5.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite2. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to hqsite: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration rsite3 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite3. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to the hqsite: !----------------------------------------------------------------------------port set t1.
WAN Configuration 30.18.4 Scenarios for Deploying Channelized T1, E1 and T3 Scenario 4: Routed Metropolitan Backbone with Only T1 on RS 8x00 In this scenario, a number of service providers are connected by a Metropolitan Backbone. The backbone consists of RS 32000 connected by Packet Over SONET (POS) links. An MSP provides a Channelized T3 service using an RS 32000.
Scenarios for Deploying Channelized T1, E1 and T3 Figure 30-8 Routed Metropolitan Backbone with Only T1 on RS 8x00 30-58 Riverstone Networks RS Switch Router User Guide Release 8.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 Metropolitan Service Provider RS 32000 Configuration The following configuration applies to the RS 32000 router at the Metropolitan Service Provider. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration hqsite RS 8600 Configuration The following configuration applies to the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the MSP: !----------------------------------------------------------------------------port set t1.2.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the MSP: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration Internet Service Provider B RS 32000 Configuration The following configuration applies to the RS 32000 router at Internet Service Provider B. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 Application Service Provider RS 8000 Configuration The following configuration applies to the RS 8000 router at the Application Service Provider.
Scenarios for Deploying Channelized T1, E1 and T3 30.18.5 WAN Configuration Scenario 5: Routed Metropolitan Backbone with T1 and T3 on RS 8x00 In this scenario, a number of service providers are connected by a Metropolitan Backbone. The backbone consists of RS 32000 connected by Packet Over SONET (POS) links. An MSP provides a Channelized T3 service using an RS 32000. A company has two sites that connect to this service: • • The head office (hqsite) connects using a T3 line from an RS 8600.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 hqsite T1 ( x 4 ) Unstructured T1 RS 8600 110.210.23.17/28 rsite Fractional T1 RS 3000 110.210.23.33/28 T3 Internet Service Provider B POS RS 32000 150.25.50.9/24 POS Metropolitan Service Provider RS 32000 140.22.44.10/24 POS POS T3 T3 Internet RS 32000 136.21.206.22/24 110.25.30.5/24 RS 8000 RS 8000 Content Provider Figure 30-9 130.65.20.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration Metropolitan Service Provider RS 32000 Configuration The following configuration applies to the RS 32000 router at the Metropolitan Service Provider. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 hqsite RS 8600 Configuration The following configuration applies to the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration The following configuration applies to the T1 interfaces on the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to the rsite: !----------------------------------------------------------------------------port set t1.2.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the hqsite: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration Internet Service Provider B RS 32000 Configuration The following configuration applies to the RS 32000 router at Internet Service Provider B. !----------------------------------------------------------------------------!Configuration for the RS 32000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 Content Provider RS 8000 Configuration The following configuration applies to the RS 8000 router at the Content Provider. !----------------------------------------------------------------------------!Configuration for the RS 8000 T1 interfaces !----------------------------------------------------------------------------port set t3.4.
Scenarios for Deploying Channelized T1, E1 and T3 30.18.6 WAN Configuration Scenario 6: Routed Inter-Office Connections with E1 on RS8x00 In this scenario, a company’s sites share data that is held at the Internet Service Provider (ISP). The company’s head office contains an RS 8600, and the remote sites each have an RS 3000. To access the shared data or the Internet, all sites have four E1 lines grouped into a Multilink PPP bundle to connect to the ISP, and so are just one hop away.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 rsite3 E1 RS 3000 120.210.2.1/24 RS 3000 120.210.3.1/24 E1 rsite4 E1 E1 RS 3000 120.210.4.1/24 E1 hqsite rsite5 E1 RS 8600 120.210.1.1/24 E1 E1 rsite6 rsite7 RS 3000 120.210.7.1/24 RS 3000 120.210.5.1/24 E1 RS 3000 120.210.6.1/24 TELCO (PSTN) E1 ( x 4 ) E3 E1 ( x 4 ) 12.20.10.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration hqsite RS 8600 Configuration The following configuration applies to the RS 8600 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8600 E1 interfaces !----------------------------------------------------------------------------!E1 interfaces to the ISP: !----------------------------------------------------------------------------port set e1.2.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite2. !----------------------------------------------------------------------------!Configuration for the RS 3000 E1 interfaces !----------------------------------------------------------------------------!E1 interfaces to the ISP: !----------------------------------------------------------------------------port set e1.2.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration rsite3 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite3. !----------------------------------------------------------------------------!Configuration for the RS 3000 E1 interfaces !----------------------------------------------------------------------------!E1 interfaces to the ISP: !----------------------------------------------------------------------------port set e1.2.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 Figure 30-11 shows the network layout for this scenario. The tables following the figure show the commands used to configure the interfaces for the routers at the various locations. Only the configurations of the Channelized T1 and E1 interfaces on each router are described. Hardware Requirements Router Hardware Requirements RS 8600 (USA) 1 Multi-Rate WAN module with 1 T1 WIC. RS 8000 (Europe) 1 Multi-Rate WAN module with 1 E1 WIC.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration RS 8000 Configuration (Europe) The following configuration applies to the RS 8000 router.
WAN Configuration 30.18.8 Scenarios for Deploying Channelized T1, E1 and T3 Scenario 8: Configuring Frame Relay over Channelized T1 Interfaces In this scenario, a Channelized T1 link on an RS 8600 is used to connect a company’s headquarters to six remote sites. The headquarters site has an RS 8600, with a Channelized T1 interface. The Channelized T1 interface is configured to use the ESF framing. Each remote site is assigned a consecutive range of four timeslots as shown in Table 30-6.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration rsite3 rsite4 t1.2.1:1.106 110.110.130.2/24 rsite2 t1.2.1:1.106 110.110.120.2/24 t1.2.1:1.107 110.110.115.4/24 rsite1 t1.2.1:1.106 110.110.140.2/24 rsite5 T1 T1 t1.2.1:1.106 110.110.150.2/24 T1 rsite6 T1 t1.2.1:1.106 110.110.110.2/24 t1.2.1:1.107 110.110.115.3/24 t1.2.1:1.106 110.110.160.2/24 T1 t1.2.1:1.106 t1.2.1:1.107 t1.2.1:2.106 t1.2.1:2.107 t1.2.1:3.106 t1.2.1:4.106 t1.2.1:5.106 t1.2.1:6.
WAN Configuration Scenarios for Deploying Channelized T1, E1 and T3 rsite2 RS 3000 Configuration port set t1.2.1 framing esf lbo -7.5db port set t1.2.1:1 timeslots 5-8 wan-encapsulation frame-relay interface create ip rs2_hq_1 address-netmask 110.110.120.2/24 port t1.2.1:1.106 up interface create ip rs2_hq_2 address-netmask 110.110.115.4/24 port t1.2.1:1.107 up frame-relay create vc port t1.2.1:1.
Scenarios for Deploying Channelized T1, E1 and T3 WAN Configuration rsite6 RS 3000 Configuration port set t1.2.1 framing esf lbo -7.5db port set t1.2.1:1 timeslots 21-24 wan-encapsulation frame-relay interface create ip rs6_hq address-netmask 110.110.160.2/24 port t1.2.1:1.106 up frame-relay create vc port t1.2.1:1.106 frame-relay define service CIRforR6toHQ cir 128000 bc 256000 frame-relay apply service CIRforR6toHQ ports t1.2.1:1.106 hqsite RS 8600 Configuration port set t1.2.1 framing esf lbo -7.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 30.19 SCENARIOS FOR DEPLOYING CLEAR CHANNEL T3 AND E3 This section describes some scenarios for deploying Clear Channel T3.There are two scenarios, which cover the deployment for: • • Routed inter-office connections through an Internet Service Provider (ISP) (see Section 30.19.1) Routed Metropolitan Backbone (see Section 30.19.2) 30.19.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration rsite2 T1 RS 3000 120.210.2.1/24 rsite3 RS 3000 120.210.3.1/24 T1 ( x 4 ) T1 ( x 4 ) T1 rsite4 RS 3000 120.210.4.1/24 hqsite T1 ( x 4 ) rsite5 T1 ( x 4 ) RS 8600 120.210.1.1/24 RS 3000 120.210.5.1/24 rsite6 T1 ( x 4 ) T1 ( x 4 ) T1 RS 3000 120.210.6.1/24 rsite7 T3 RS 3000 120.210.7.1/24 12.20.10.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 ISP RS 8000 Configuration The following configuration applies to the RS 8000 router at the ISP. !----------------------------------------------------------------------------!Configuration for the RS 8000 Clear Channel T3 interface to the Internet !----------------------------------------------------------------------------port set t3.2.1 cablelength 200 wan-encapsulation ppp interface create ip to_internet address-netmask 155.32.2.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration hqsite RS 8000 Configuration The following configuration applies to the RS 8000 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 The following configuration applies to the T1 interfaces on the RS 8000 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the ISP: !----------------------------------------------------------------------------port set t1.5.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration rsite2 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite2. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to hqsite: !----------------------------------------------------------------------------port set t1.2.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 rsite3 RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite3. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to the hqsite: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Clear Channel T3 and E3 30.19.2 WAN Configuration Scenario 2: Routed Metropolitan Backbone In this scenario, a number of service providers are connected by a Metropolitan Backbone. The backbone consists of RS 8000s connected by Clear Channel T3 (CCT3) links. An MSP provides a Channelized T3 (CT3) service using an RS 8000. A company has two sites that connect to this service: • • The head office (hqsite) connects using a Channelized T3 line from an RS 8000.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 hqsite T1 ( x 4 ) Unstructured T1 RS 8600 110.210.23.17/28 rsite Fractional T1 RS 3000 110.210.23.33/28 T3 155.15.5.0/24 CCT3 RS 8600 150.25.50.9/24 Internet Service Provider B Metropolitan Service Provider RS 8600 140.22.44.10/24 CCT3 CCT3 135.22.34.0/24 145.33.45.0/24 T3 110.25.30.5/24 130.65.20.8/24 RS 8000 RS 8000 Content Provider CCT3 T3 RS 8600 136.21.206.22/24 137.2.56.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration Metropolitan Service Provider RS 8000 Configuration The following configuration applies to the RS 8000 router at the Metropolitan Service Provider. !----------------------------------------------------------------------------!Configuration for the RS 8000 Clear Channel T3 interfaces !----------------------------------------------------------------------------port set t3.2.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 hqsite RS 8000 Configuration The following configuration applies to the RS 8000 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8000 Channelized T3 interface !----------------------------------------------------------------------------port set t3.4.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration The following configuration applies to the T1 interfaces on the RS 8000 router at the head office, hqsite. !----------------------------------------------------------------------------!Configuration for the RS 8000 T1 interfaces !----------------------------------------------------------------------------!Bundled T1 interfaces to the rsite: !----------------------------------------------------------------------------port set t1.2.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 rsite RS 3000 Configuration The following configuration applies to the RS 3000 router at the remote site, rsite. !----------------------------------------------------------------------------!Configuration for the RS 3000 T1 interfaces !----------------------------------------------------------------------------!T1 interfaces to the hqsite: !----------------------------------------------------------------------------port set t1.2.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration Internet Service Provider A RS 8000 Configuration The following configuration applies to the RS 8000 router at Internet Service Provider A. !----------------------------------------------------------------------------!Configuration for the RS 8000 Clear Channel T3 interfaces !----------------------------------------------------------------------------port set t3.2.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 Internet Service Provider B RS 8000 Configuration The following configuration applies to the RS 8000 router at Internet Service Provider B. !----------------------------------------------------------------------------!Configuration for the RS 8000 Clear Channel T3 interfaces !----------------------------------------------------------------------------port set t3.2.
Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration Content Provider RS 8000 Configuration The following configuration applies to the RS 8000 router at the Content Provider. !----------------------------------------------------------------------------!Configuration for the RS 8000 T1 interfaces !----------------------------------------------------------------------------port set t3.4.
WAN Configuration Scenarios for Deploying Clear Channel T3 and E3 Riverstone Networks RS Switch Router User Guide Release 8.
Scenarios for Deploying Clear Channel T3 and E3 30-100 Riverstone Networks RS Switch Router User Guide Release 8.
31 SERVICE CONFIGURATION The service facility is used to configure rate limiting. It has been designed to reduce the amount of work it takes to configure a large number of things that require the same configuration. The service facility reduces the complexity of configuring rate limiting on the RS. This facility can be applied across a variety of network configurations such as an individual flow or an aggregate of flows. Additionally, it can be used to configure committed access rates and burst rates.
Service Facility Rate Limiting Types Service Configuration Once created, acl1 becomes bound to the policy and the policy becomes bound to the IP address specified in the policy. Because it is bound, it can not be used at another IP address. A new policy has to be created with the same rate limits. That requires more commands. With the service facility, the policy need only be configured once for any number of addresses. Additionally, an ACL does not have to be created.
Service Configuration Creating a Service 31.2 CREATING A SERVICE 31.2.1 Aggregate Rate Limiting Service An aggregate rate limiting policy can not be applied to an interface that spans ports on more than one channel. For example, an aggregate rate limiting policy can not be applied to the interface ip2 if it interfaces with a VLAN that consists of ports et.1.(1-4) and et.2.(1-4). The aggregate rate limiting mode will need to be enabled on the line card to be able to configure aggregate rate limiting.
Creating a Service Service Configuration Both the credit count and the replenish rate are calculated by the RS according to the rate-limiting profile defined in the configuration. The RS uses a special algorithm to determine the best credit count and replenish rate to achieve optimum bandwidth control. Figure 31-1 shows the operation of the hardware credit bucket.
Service Configuration Creating a Service Here is an example: ! Create a flow-aggregate service, limiting an aggregate flow to 10 million bps, drops packets if the rate is exceeded ! and distributed across 10 flows rs(config)# service testaggregate create rate-limit flow-aggregate rate 10000000 exceed-action drop-packets distribute-among 10 31.2.3 Per-Flow Rate Limiting Service Per-flow rate limiting is enabled on the RS by default.
Applying a Service 31.2.4 Service Configuration Burst-Safe Rate Limiting Service This command creates a burst-safe type rate limiting. Burst-safe allows an administrator to configure committed access rates (CAR) and burst-safe rates for any aggregate of flows. The CAR rate is the rate that is always guaranteed. The burst-safe rate is the best effort rate. This is the rate where some traffic may not get through. It is added bandwidth in part for bursty periods. See the note in 31.
Service Configuration Applying a Service Here are two examples: ! Apply a service to an interface rs(config)# service userflow1 apply rate-limit acl useracl1 interface userinterface1 ! Apply a service to a port rs(config)# service mktaggregate apply rate-limit acl mktacl port et.3.3 31.3.2 Applying Services Using the MF-Classifier Command The service apply rate-limit mf-classifier command is used to apply services to interfaces or ports using MF Classifiers.
Showing a Service Service Configuration 31.4 SHOWING A SERVICE 31.4.1 Aggregate, Flow-Aggregate, Per-Flow, and Burst-Safe Show Commands To show these services, use the following commands: Display an aggregate, flowaggregate, per- flow or burst-safe service.
Service Configuration 31.4.2 Showing a Service Show All Command To show all services, use the following command: Display all services.
Port-level Rate Limiting 31.5 Service Configuration PORT-LEVEL RATE LIMITING Note Port-level rate limiting is not yet supported by Service. Use a port-level rate limiting policy if incoming or outgoing traffic on a particular port needs to be rate limited. Unlike other types of rate limiting policies, do not specify an ACL when defining this type of policy. Port-level rate limiting policies do not need to be applied to an interface and they take effect when they are created.
Service Configuration Service Configuration Examples The configuration shown in Figure 31-2 is created with the following commands: ! Enable aggregate rate limiting rs(config)# system enable aggregate-rate-limiting ! Create the service rs(config)# service aggregate1 create rate-limit aggregate rate 5000000 drop-packets ! Apply the service to S1, S2, S3 and S4 rs(config)# service aggregate1 apply rate-limit qainterface1 source-addr-mask 10.9.2.
Service Configuration Examples Service Configuration Following is the configuration: Customers MAN customerflow1 lawoffices.com 181.171.161.15 customerflow2 Burst-Safe=1000000 corporationone.com 171.161.151.14 CAR=9000000 customergroup2 101.99.98.97/24 corporationtwo.com 161.151.141.13 Burst-Safe=100000 CAR=4000000 customergroup1 100.99.98.97/24 Figure 31-3 Burst-Safe Configuration 31-12 Riverstone Networks RS Switch Router User Guide Release 8.
Service Configuration Rate Limiting Configuration Examples The configuration shown in Figure 31-2 is created with the following commands: ! Create the burst-safe service for customerflow1 rs(config)# service customergroup1 create rate-limit burst-safe car-rate 1000000 car-lower-priority burst-rate 100000 burst-drop-packets ! Set the traffic priority rs(config)# qos set ip customerflow1 high 181.171.161.15/24 100.99.98.
Rate Limiting Configuration Examples Service Configuration vlan create client1 ip vlan create client2 ip vlan create backbone ip vlan add ports et.1.1 to client1 vlan add ports et.1.2 to client2 vlan add ports et.1.8 to backbone interface create ip ipclient1 vlan client1 address-netmask 1.1.1.1/8 interface create ip ipclient2 vlan client2 address-netmask 3.3.3.3/8 interface create ip backbone vlan backbone address-netmask 2.2.2.2/8 acl 100 permit ip 1.2.2.2 acl 200 permit ip 3.1.1.