Cisco 837 Router and SOHO 97 Router Cabling and Setup Quick Start Guide (French) CISCO sur FNAC.COM

 

 

 

Voir également d'autres Guide CISCO :

Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2

Cisco-Introduction-to-the-Security-Appliance

Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x

Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x

Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x

Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x

Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide, Release 4.2.x

Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x

Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x

Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x

CHAPITRE 4-1 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Français 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 • Garantie limitée Cisco d'un an sur le matériel • Vérification des éléments livrés avec le routeur • Connexion du routeur • Configuration du routeur • Félicitations ! Vous avez terminé la configuration. • Obtention de documentation • Vos commentaires sur la documentation • Assistance technique • Obtention de publications et d'informations complémentaires4-2 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Garantie limitée Cisco d'un an sur le matériel Garantie limitée Cisco d'un an sur le matériel Des conditions spécifiques s'appliquent à la garantie de votre matériel et aux prestations de services dont vous pouvez bénéficier pendant la période de validité de cette garantie. Votre déclaration formelle de garantie, qui inclut la garantie et les accords de licence applicables aux logiciels Cisco, est disponible sur le site Cisco.com. Démarrez votre navigateur et accédez à l'URL suivante : http://www.cisco.com/en/US/products/prod_warranties_listing.html Vous pouvez également vous rendre sur le site Web de l'assistance technique et des services Cisco pour obtenir une aide : http://www.cisco.com/public/Support_root.shtml. Vérification des éléments livrés avec le routeur Respectez les étapes de la procédure suivante pour vérifier que tous les éléments nécessaires ont été livrés avec le routeur. Étape 1 Les éléments livrés avec votre routeur sont les suivants. Si l'un des éléments manque ou est endommagé, contactez votre service clientèle. Remarque Le câble ADSL standard est un câble direct bleu lavande. Si le câble qui a été commandé est un câble ADSL croisé, il est bleu lavande avec une bande bleue. Étape 2 Localisez la référence du produit. L'étiquette mentionnant la référence du routeur Cisco 837 se trouve sur la partie arrière gauche du châssis. Figure 4-1 Emplacement de la référence du produit 1 Câble Ethernet jaune 5 Documentation produit 2 Câble ADSL bleu lavande 6 Câble de console bleu clair (RJ-45 à DB-9) 3 Adaptateur secteur de bureau 7 Câble modem pour les gammes de routeurs SOHO/800 (commandé séparément) 4 Cordon d'alimentation noir INTERNET (E1) 4 3 2 1 Cisco 831 +18 VCC CONSOLE ETHERNET 10-BASE-T ORDINATEURS (E0) ETHERNET 10-BASE-T MARCHE ARRÊT Réf. : AAANNNNXXXX 121480 SN: AAANNNNXXXX4-3 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Connexion du routeur Connexion du routeur La Figure 4-2 montre l'installation type d'un routeur Cisco 837 ou SOHO 97. Figure 4-2 Installation type d'un routeur Cisco 837 ou SOHO 97 Procédez comme suit pour connecter le routeur à l'adaptateur secteur, à votre réseau local et au réseau de votre fournisseur de services : Étape 1 Si vous connectez plus de quatre PC au routeur, connectez ce dernier à un commutateur ou à un concentrateur à l’aide d'un câble Ethernet jaune, comme le montre la Figure 4-2. Étape 2 Pour connecter un PC directement au routeur, procédez comme indiqué dans la Figure 4-2. Mettez le PC hors tension afin qu'il obtienne une adresse IP du routeur lorsqu'il sera remis sous tension. Vous pouvez connecter d'autres PC aux ports Ethernet numérotés restants. Étape 3 Le port console est un port de service auquel vous pouvez connecter un terminal ou un PC pour configurer le logiciel à l'aide de l'interface CLI (command-line interface) ou résoudre les problèmes rencontrés avec le routeur. Si vous voulez accéder à la console du routeur, connectez un PC ou un terminal au port console sur le routeur. Pour plus d'informations, consultez le document Cisco 837 and SOHO 97 Hardware Installation Guide (Routeurs Cisco 837 et SOHO 97 - Guide d'installation matérielle). Remarque En connectant le port console à un modem asynchrone à l’aide du câble modem pour les gammes de routeurs SOHO/800 (disponible en option), vous pouvez doter le routeur de fonctionnalités de sauvegarde et de gestion à distance. Reportez-vous au document Cisco 831 Router and SOHO 91 Router Hardware Installation Guide (Routeurs Cisco 831 et SOHO 91 - Guide d'installation matérielle) pour plus d'informations. Cisco 837 CONSOLE ADSLoISDN +18 VDC ETHERNET 10BASET COMPUTERS (E0)a 4 3 2 1 1X 2X 1X 2X 1 121524 1 2 3 4 54-4 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Configuration du routeur Étape 4 Connectez le port ADSL du routeur à la prise murale du téléphone à l'aide du câble ADSL bleu lavande. Si la ligne ADSL sert aussi à la communication vocale, vous pouvez empêcher toute interruption de la transmission de données en connectant le routeur à un filtre ADSL ou en installant des microfiltres entre les téléphones ou les télécopieurs et la prise murale. Étape 5 Raccordez le cordon d'alimentation au routeur comme indiqué dans la Figure 4-2 et mettez le routeur sous tension. Assurez-vous d'utiliser l'adaptateur secteur livré avec le routeur. Le routeur n'accepte pas d'autres adaptateurs secteur Cisco. Configuration du routeur Le routeur est livré avec un outil de configuration basé sur le Web que vous exécutez à partir d'un navigateur Web. Instructions de configuration SDM Si le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage rapide du gestionnaire de routeur SDM) fait partie de votre kit d'accessoires, alors Cisco Router and Security Device Manager (SDM) est chargé sur le routeur. Reportez-vous à ce document pour configurer votre routeur Cisco 837. Le lien suivant permet d'accéder à plus d'informations sur SDM, notamment aux notes de version et à d'autres documentations SDM. http://www.cisco.com/en/US/products/sw/secursw/ps5318/ Remarque SDM n'est pas livré avec les routeurs SOHO 97. Instructions de configuration du logiciel CRWS Si vous n'avez pas reçu le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage rapide du gestionnaire de routeur SDM), cela signifie que Cisco Router Web Setup (CRWS) est chargé sur votre routeur. Les instructions de ce guide vous expliquent comment configurer le routeur à l'aide du logiciel CRWS. Ce logiciel s'exécute avec les versions 3.0 à 4.7 de Netscape et les versions 4 et supérieures d'Internet Explorer. Le logiciel CRWS (Cisco Router Web Setup) est installé sur le routeur. Il sert à configurer la connexion du routeur à Internet. Le logiciel CRWS s'exécute avec les versions 3.0 à 4.7 de Netscape et les versions 4 et supérieures d'Internet Explorer. Pour démarrer le logiciel CRWS et configurer le routeur, respectez la procédure suivante : Étape 1 Démarrez ou redémarrez un PC connecté à l'un des ports Ethernet (1, 2, 3 ou 4) du routeur. Étape 2 Lancez un navigateur Web. Assurez-vous que le navigateur est configuré pour travailler en mode connexion. • Dans Internet Explorer, cliquez sur le menu Fichier et assurez-vous que l'option Travailler hors connexion est désactivée. • Dans Netscape, l'option Travailler hors ligne du menu Fichier est désactivée par défaut. 4-5 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Configuration du routeur Étape 3 Tapez l'URL (Universal Resource Locator) indiquée dans la Figure 4-3. Figure 4-3 Tapez l'URL http://10.10.10.1 Le tableau de bord du logiciel CRWS (Figure 4-4) doit apparaître après 1 à 2 minutes. Figure 4-4 Tableau de bord du logiciel CRWS Conseil Si le tableau de bord de CRWS ne s'affiche pas lorsque vous entrez l'URL http://10.10.10.1, testez la connexion entre le PC et le routeur en procédant comme suit : • Assurez-vous que le témoin OK du routeur est allumé et vérifiez la connexion des câbles entre le routeur et le PC. • Si la page d'accueil CRWS ne s'affiche toujours pas, vérifiez que l'option « Travailler hors connexion » du navigateur est désactivée. • Si la page Web refuse toujours de s'afficher, assurez-vous que le PC est configuré pour la réception automatique d'une adresse IP. Sélectionnez Démarrer/Exécuter, tapez winipcfg dans la fenêtre Exécuter et examinez l'adresse se trouvant dans le champ de l'adresse IP. Cette adresse doit être au 4-6 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Configuration du routeur format 10.10.10.X, où X est un nombre supérieur ou égal à 2 (par exemple, 10.10.10.2 ou 10.10.10.3). Si le format de l’adresse IP n'est pas conforme, suivez les instructions du Conseil à la page 4-6 pour configurer le PC afin d'obtenir une adresse IP automatiquement. Relancez ensuite le logiciel CRWS. Étape 4 Si vous souhaitez une configuration standard, cliquez sur le lien Router Setup (Configuration du routeur) de la page d'accueil, puis cliquez sur Quick Setup (Configuration rapide). Entrez ensuite le nom d'utilisateur et le mot de passe attribués par votre fournisseur d'accès Internet et suivez la procédure indiquée sur la page affichée. Étape 5 Si vous devez configurer des fonctions particulières, comme le protocole NAT (Network Address Translation), cliquez sur les liens correspondants de la page d'accueil et complétez les écrans de configuration. Étape 6 Cliquez sur le lienMot de passe du routeur de la page d'accueil et définissez un mot de passe pour le routeur. Étape 7 Sélectionnez Démarrer/Exécuter et tapez winipcfg dans le champ Ouvrir de la fenêtre Exécuter. Lorsque la fenêtre Configuration IP s'affiche, cliquez sur Libérer, puis sur Renouveler pour respectivement libérer et renouveler l'adresse IP du PC. Vous pouvez également ouvrir une fenêtre DOS et saisir ipconfig /release pour libérer l'adresse IP du PC. Entrez ensuite ipconfig /renew pour la renouveler. Étape 8 Ouvrez un navigateur Web sur le PC et connectez-vous à un site Web. Conseil Si vous n'avez pas pu démarrer CRWS, cela indique peut-être que votre PC n'est pas configuré pour obtenir une adresse IP automatiquement. Vous pouvez utiliser les informations suivantes si votre PC s'exécute sous Microsoft Windows NT ou Microsoft Windows 95, 98 ou 2000. Pour les autres versions de Microsoft Windows, consultez la documentation livrée avec le PC. 1. Mettez le PC en route et ouvrez le Panneau de configuration. 2. Double-cliquez sur l'icône Réseau pour afficher la fenêtre correspondante. 3. Vérifiez que le protocole TCP/IP a été ajouté et associé à l'adaptateur Ethernet. L'icône TCP/IP représente un câble en Y dans la fenêtre Configuration de Microsoft Windows 95, 98, 2000, ME et XP et dans la fenêtre Protocole de Microsoft Windows NT. Si cette icône n'est pas visible, cliquez sur Ajouter, puis ajoutez Microsoft TCP/IP. 4. Pour vérifier si le PC est configuré pour obtenir une adresse IP automatiquement, cliquez sur l'icône TCP/IP représentant un câble, puis sélectionnez l'onglet Adresse IP dans la fenêtre Propriétés TCP/IP. Si ce n'est déjà fait, cochez la case Obtenir automatiquement une adresse IP. Les champs Adresse IP et Masque de sous-réseau doivent être grisés. 5. Pour accepter toutes les modifications et quitter cette fenêtre, cliquez sur OK. Cliquez ensuite sur OK dans la fenêtre Réseau. 6. Si vous y êtes invité, cliquez sur Oui pour redémarrer le PC. 7. Revenez à l'Étape 3 de la section Configuration du routeur page 4-4. Pour plus d'informations sur la configuration du protocole TCP/IP, consultez le manuel Guide de dépannage de la configuration Web d'un routeur Cisco disponible sur le CD de documentation produit des gammes Cisco 800 et SOHO .4-7 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Félicitations ! Vous avez terminé la configuration. Félicitations ! Vous avez terminé la configuration. Si vous parvenez à vous connecter à un site Web, cela indique que le câblage et la configuration de votre routeur ont réussi. Vous pouvez désormais utiliser le routeur pour accéder à Internet. Pour configurer d'autres fonctionnalités, cliquez sur les liens CRWS appropriés et entrez les valeurs de configuration du routeur. Les autres sections de ce guide de démarrage rapide présentent des informations sur la documentation connexe des gammes Cisco 800 et SOHO. Informations complémentaires sur le routeur Pour plus d'informations, consultez les documents suivants : • Cisco 837 Router and SOHO 97 Router Hardware Installation Guide (Routeurs Cisco 837 et SOHO 97 - Guide d'installation matérielle) : fournit des informations détaillées concernant le câblage et le matériel pour les routeurs Cisco 837 et SOHO 97. • Cisco 800 Series Router Software Configuration Guide (Routeurs Cisco 800 – Guide de configuration logicielle) : fournit des informations détaillées sur la configuration des routeurs Cisco 800. • Cisco 828 Router and SOHO 78 Router Hardware Installation Guide (Routeurs Cisco 828 et SOHO 78 - Guide d'installation matérielle) : fournit des informations détaillées concernant le câblage et le matériel pour les routeurs Cisco 828 et SOHO 78. • Cisco 828 Router and SOHO 78 Router Software Configuration Guide (Routeurs Cisco 828 et SOHO 78 - Guide de configuration logicielle) : fournit des instructions de configuration détaillées pour les routeurs Cisco 828 et SOHO 78. • Cisco Router Web Setup Troubleshooting Guide (Guide de dépannage de la configuration Web d'un routeur Cisco) : fournit des informations de base sur la configuration du routeur. • Upgrading Memory in Cisco 800 Series Routers (Routeurs Cisco 800 – Mise à niveau de la mémoire) : fournit des informations sur la mise à niveau de la mémoire des routeurs Cisco 800. La documentation Cisco la plus récente est disponible sur Internet à partir des sites suivants : • http://www.cisco.com • http://www-china.cisco.com • http://www-europe.cisco.com Obtention de documentation La documentation Cisco est disponible sur le site Cisco.com. Cisco propose aussi divers moyens pour obtenir une assistance technique et d'autres ressources techniques. Les sections qui suivent expliquent comment obtenir des informations techniques de Cisco Systems. Cisco.com Vous pouvez accéder à la documentation Cisco la plus récente à l'adresse suivante : http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html4-8 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Vos commentaires sur la documentation Vous pouvez accéder au site Web de Cisco à l'adresse suivante : http://www.cisco.com Vous pouvez accéder aux sites Web internationaux de Cisco à l'adresse suivante : http://www.cisco.com/public/countries_languages.shtml Commande de documentation Vous trouverez les instructions de commande de documentation à l'adresse suivante : http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm Vous pouvez commander de la documentation Cisco comme suit : • Les utilisateurs inscrits sur Cisco.com (clients directs de Cisco) peuvent commander de la documentation à l'adresse suivante : http://www.cisco.com/en/US/partner/ordering/index.shtml • Les utilisateurs non inscrits sur Cisco.com peuvent se procurer de la documentation par l'intermédiaire d'un représentant de compte local en appelant le siège social de Cisco Systems (Californie, États-Unis) au numéro 408 526-7208 ou, en Amérique du Nord, en composant le 800 553-NETS (6387). Vos commentaires sur la documentation Vous pouvez envoyer vos commentaires sur la documentation technique à l'adresse bug-doc@cisco.com. Pour envoyer vos commentaires par courrier ordinaire, utilisez le coupon-réponse situé à l'arrière de la couverture de votre document ou, à défaut, écrivez à l'adresse suivante : Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 États-Unis Vos commentaires sont les bienvenus. Assistance technique Pour tous les clients, partenaires, revendeurs et distributeurs en possession de contrats de service Cisco valides, le centre d'assistance technique Cisco propose une assistance hors pair disponible 24 heures sur 24. Le site Web d'assistance technique Cisco sur Cisco.com propose des ressources en ligne très complètes. En outre, le centre d'assistance technique (TAC) Cisco fournit une assistance téléphonique. Si vous n'avez pas de contrat de service Cisco valide, contactez votre revendeur.4-9 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Assistance technique Site Web d'assistance technique Cisco Ce site propose des documents et outils en ligne pour dépanner et résoudre les problèmes techniques liés aux technologies et produits Cisco. Il est disponible 24 heures sur 24, 365 jours par an à l'adresse suivante : http://www.cisco.com/techsupport Pour accéder aux outils du site, vous devez être inscrit à Cisco.com et posséder un ID utilisateur ainsi qu'un mot de passe. Si vous êtes en possession d'un contrat de service valide mais que vous n'avez ni ID utilisateur ni de mot de passe, connectez-vous à l'adresse suivante pour vous inscrire : http://tools.cisco.com/RPF/register/register.do Soumission d'une demande de service Utiliser l'outil de demande de service en ligne sur le TAC est le moyen le plus rapide d'ouvrir des demandes de service S3 et S4. (Ces demandes correspondent à une dégradation minimale du fonctionnement de votre réseau ou à une demande d'information produit.) Lorsque vous avez décrit la situation, l'outil de demande de service du TAC vous propose automatiquement les solutions recommandées. Si cela ne résout pas le problème, votre demande de service est affectée à un ingénieur du TAC Cisco. Vous trouverez l'outil de demande de service du TAC à l'adresse suivante : http://www.cisco.com/techsupport/servicerequest Pour les demandes de service S1 ou S2 ou si vous n'avez pas d'accès à Internet, contactez le TAC Cisco par téléphone. (Vous soumettez ce type de demandes quand votre réseau opérationnel est très dégradé ou paralysé.) Ces demandes sont affectées immédiatement aux ingénieurs du TAC Cisco pour préserver le bon fonctionnement de vos activités. Pour ouvrir une demande de service par téléphone, composez l'un des numéros suivants : Asie-Pacifique : +61 2 8446 7411 (Australie : 1 800 805 227) Zone EMEA : +32 2 704 55 55 États-Unis : 1 800 553 2447 Pour consulter la liste complète des contacts du TAC Cisco, rendez-vous à l'adresse : http://www.cisco.com/techsupport/contacts Définition de la gravité des demandes de service Cisco a défini des niveaux de gravité de sorte que toutes les demandes de service observent un format standard. Gravité 1 (S1) : votre réseau est « paralysé » ou la situation a un impact très négatif sur vos activités commerciales. Vous et Cisco engagerez 24 heures sur 24 toutes les ressources nécessaires pour résoudre le problème. Gravité 2 (S2) : le fonctionnement d'un réseau existant est très dégradé ou des aspects importants de vos activités commerciales sont affectés par les performances inadéquates des produits Cisco. Vous et Cisco engagerez des ressources à temps plein pendant les heures de bureau normales pour résoudre le problème. Gravité 3 (S3) : les performances de votre réseau sont affectées mais la plupart de vos activités commerciales restent fonctionnelles. Vous et Cisco engagerez des ressources pendant les heures de bureau normales pour rétablir des niveaux de service satisfaisants.4-10 Cisco 837 Router and Cisco SOHO 97 Router Cabling and Setup Quick Start Guide 78-14782-07 Chapitre 4 Configuration et câblage des routeurs Cisco 837 et SOHO 97 Obtention de publications et d'informations complémentaires Gravité 4 (S4) : vous avez besoin d'informations ou d'assistance concernant des fonctionnalités, l'installation ou la configuration de produits Cisco. L'impact sur vos activités commerciales est faible, voire nul. Obtention de publications et d'informations complémentaires Des informations sur les produits, les technologies et les solutions réseau Cisco sont disponibles en ligne et sous forme imprimée. • La boutique Cisco Marketplace offre un grand choix d'ouvrages Cisco, de guides de référence et de produits. Pour la découvrir, rendez-vous à l'adresse suivante : http://www.cisco.com/go/marketplace/ • Le Catalogue des produits Cisco détaille les produits réseau proposés par Cisco Systems, ainsi que les services clients gérant les commandes et les demandes d'assistance. Accédez au Catalogue des produits Cisco en tapant l'URL suivante : http://cisco.com/univercd/cc/td/doc/pcat/ • Cisco Press publie une large gamme d'ouvrages traitant de l'administration réseau, des formations et des certifications. Les utilisateurs débutants comme les plus expérimentés y trouveront des informations utiles. Pour connaître les dernières publications de Cisco Press et consulter d'autres informations, visitez le site de Cisco Press à l'adresse suivante : http://www.ciscopress.com • Le magazine Packet destiné aux utilisateurs techniques de Cisco Systems détaille comment maximiser les investissements Internet et réseau. Chaque trimestre, il présente les dernières tendances en matière de réseaux, les innovations technologiques ainsi que les produits et solutions Cisco. Il donne des conseils pour le déploiement et le dépannage des réseaux et propose des exemples de configuration, des études de cas relatives à la clientèle, des informations sur les certifications et les formations et des liens vers des ressources plus détaillées accessibles en ligne. Vous pouvez accéder au magazine Packet à l'adresse suivante : http://www.cisco.com/packet • Le journal trimestriel Internet Protocol Journal publié par Cisco Systems s'adresse aux ingénieurs concernés par la conception, le développement et l'exploitation de réseaux Internet et intranet publics et privés. Vous pouvez y accéder à l'adresse suivante : http://www.cisco.com/ipj • Cisco propose des formations de niveau international sur les réseaux. Les programmes en cours sont présentés à l'adresse suivante : http://www.cisco.com/en/US/learning/index.html CHAPITRE 4-1 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Français 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 • Garantie limitée Cisco d’un an sur le matériel • Vérification des éléments livrés avec le routeur • Connexion du routeur • Configuration du routeur • Félicitations ! Vous avez terminé la configuration. • Obtention de documentation • Vos commentaires sur la documentation • Assistance technique • Obtention de publications et d’informations complémentaires4-2 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Garantie limitée Cisco d’un an sur le matériel Garantie limitée Cisco d’un an sur le matériel Des conditions spécifiques s’appliquent à la garantie de votre matériel et aux prestations de services dont vous pouvez bénéficier pendant la période de validité de cette garantie. Votre déclaration formelle de garantie, qui inclut la garantie et les accords de licence applicables aux logiciels Cisco, est disponible sur le site Cisco.com. Démarrez votre navigateur et accédez à l’URL suivante : http://www.cisco.com/en/US/products/prod_warranties_listing.html Vous pouvez également vous rendre sur le site Web de l’assistance technique et des services Cisco pour obtenir une aide : http://www.cisco.com/public/Support_root.shtml. Durée de la garantie sur le matériel Un (1) an Procédure de remplacement, réparation ou remboursement du matériel Cisco ou son centre de service sera en mesure d’expédier une pièce de rechange dans un délai de dix (10) jours suivant la réception de la demande d’autorisation de retour de matériel (ARM). Le délai effectif de livraison pourra varier en fonction de la destination. Cisco se réserve le droit de rembourser le prix d’achat comme seule garantie. Pour recevoir un numéro d’autorisation de retour de matériel (ARM) Contactez la société auprès de laquelle vous avez acheté le produit. Si vous avez acheté le produit directement auprès de Cisco, contactez votre responsable des ventes Cisco. Complétez les informations ci-dessous et conservez-les comme référence. Vérification des éléments livrés avec le routeur Respectez les étapes de la procédure suivante pour vérifier que tous les éléments nécessaires ont été livrés avec le routeur. Étape 1 La Figure 4-1 présente les éléments livrés avec le routeur. Si l’un des éléments manque ou est endommagé, contactez votre service clientèle. Produit acheté auprès de Numéro de téléphone du vendeur Modèle du produit Référence du produit Numéro du contrat de maintenance4-3 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Vérification des éléments livrés avec le routeur Figure 4-1 Éléments livrés avec le routeur Étape 2 Vérifiez quel câble ADSL a été livré avec le routeur. Le routeur est livré avec un des câbles ADSL suivants, spécifié lors de la commande du routeur : un câble ADSL standard direct RJ-11 à RJ-11, croisé RJ-11 à RJ-11 ou direct RJ-11 à RJ-45. Étape 3 Localisez la référence du produit. L’étiquette mentionnant la référence du routeur Cisco 836 se trouve sur la partie arrière gauche du châssis. Figure 4-2 Emplacement de la référence du produit 1 Câble Ethernet jaune 5 Cordon d’alimentation noir 2 Câble ADSL bleu lavande 6 Documentation produit 3 Câble S/T RNIS orange (commandé séparément) 7 Câble de console bleu clair (RJ-45 à DB-9) 4 Adaptateur secteur de bureau 5 6 121478 2 Autre documentation Guide de démarrage rapide INTERNET (E1) 4 3 2 1 Cisco 831 +18 VCC CONSOLE ETHERNET 10-BASE-T ORDINATEURS (E0) ETHERNET 10-BASE-T MARCHE ARRÊT Réf. : AAANNNNXXXX 121480 SN: AAANNNNXXXX4-4 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Connexion du routeur Connexion du routeur La Figure 4-3 montre l’installation type d’un routeur Cisco 836 ou SOHO 96. Figure 4-3 Installation type d’un routeur Cisco 836 ou SOHO 96 Cisco 836 CONSOLE ISDN S/T ADSLoISDN +18 VDC ETHERNET 10BASET COMPUTERS (E0)a 4 3 2 1 1X 2X 1X 2X 1 121520 1 2 4 5 34-5 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Configuration du routeur Procédez comme suit pour connecter le routeur à l’adaptateur secteur, à votre réseau local et au réseau de votre fournisseur de services : Étape 1 Si vous connectez plus de quatre PC au routeur, connectez ce dernier à un commutateur ou à un concentrateur à l’aide d’un câble Ethernet jaune, comme le montre la Figure 4-3. Étape 2 Pour connecter un PC directement au routeur, procédez comme indiqué dans la Figure 4-3. Mettez le PC hors tension afin qu’il obtienne une adresse IP du routeur lorsqu’il sera remis sous tension. Vous pouvez connecter d’autres PC aux ports Ethernet numérotés restants. Étape 3 Le port console est un port de service auquel vous pouvez connecter un terminal ou un PC pour configurer le logiciel à l’aide de l’interface CLI (command-line interface) ou résoudre les problèmes rencontrés avec le routeur. Si vous voulez accéder à la console du routeur, connectez un PC ou un terminal au port console. Pour plus d’informations, consultez le document Cisco 836 and SOHO 96 Hardware Installation Guide (Routeurs Cisco 836 et SOHO 96 - Guide d’installation matérielle). Étape 4 Facultatif. Pour la sauvegarde et la gestion à distance, vous pouvez connecter le port S/T RNIS à une terminaison réseau (NT1) ou à un filtre ADSL à l’aide du câble S/T RNIS orange (disponible en option). Pour plus d’informations, consultez le document Cisco 836 and SOHO 96 Hardware Installation Guide (Routeurs Cisco 836 et SOHO 96 - Guide d’installation matérielle). Étape 5 Branchez le câble ADSL sur le port ADSLoRNIS du routeur et sur le filtre ADSL ou la prise murale. Si vous utilisez un filtre ADSL, connectez-le à la prise murale à l’aide d’un câble à paire torsadée non blindée de catégorie 5. Étape 6 Raccordez le cordon d’alimentation au routeur comme indiqué dans la Figure 4-3 et mettez le routeur sous tension. Assurez-vous d’utiliser l’adaptateur secteur livré avec le routeur. Attention L’appareil est prévu pour fonctionner avec des systèmes d’alimentation TN. Attention Ce produit dépend des installations du bâtiment pour la protection contre les courts-circuits (surtension). Assurez-vous qu’un fusible ou un disjoncteur (maximum 240VCA, 16 A, 120 V CA, 15 A aux États-Unis) est utilisé sur les conducteurs de phase (tous les conducteurs sous tension). Attention Cet appareil doit être mis à la terre. Assurez-vous que le système hôte est raccordé à la terre en cours d’utilisation. Configuration du routeur Le routeur est livré avec un outil de configuration basé sur le Web que vous exécutez à partir d’un navigateur Web. Instructions de configuration SDM Si le manuel Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage rapide du gestionnaire de routeur SDM) fait partie de votre kit d’accessoires, alors Cisco Router and Security Device Manager (SDM) est chargé sur le routeur. Reportez-vous à ce document pour configurer votre routeur Cisco 836.4-6 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Configuration du routeur Le lien suivant permet d’accéder à plus d’informations sur SDM, notamment aux notes de version et à d’autres documentations SDM. http://www.cisco.com/en/US/products/sw/secursw/ps5318/ Remarque SDM n’est pas livré avec les routeurs SOHO 96. Instructions de configuration du logiciel CRWS Si vous n’avez pas reçu le Cisco Router and Security Device Manager (SDM) Quick Start Guide (Guide de démarrage rapide du gestionnaire de routeur SDM), alors Cisco Router Web Setup (CRWS) est chargé sur votre routeur. Les instructions de ce guide vous expliquent comment configurer le routeur à l’aide du logiciel CRWS. Ce logiciel s’exécute avec les versions 3.0 à 4.7 de Netscape et les versions 4 et supérieures d’Internet Explorer. Pour démarrer le logiciel CRWS et configurer le routeur, respectez la procédure suivante : Étape 1 Démarrez ou redémarrez un PC connecté à l’un des ports Ethernet (1, 2, 3 ou 4) du routeur. Il n’est pas nécessaire que le PC soit connecté directement au routeur. Il peut être connecté par l’intermédiaire d’un commutateur ou d’un concentrateur. Étape 2 Lancez un navigateur Web. Assurez-vous que le navigateur est configuré pour travailler en mode connexion. • Dans Internet Explorer, cliquez sur le menu Fichier et assurez-vous que l’option Travailler hors connexion est désactivée. • Dans Netscape, l’option Travailler hors ligne du menu Fichier est désactivée par défaut. Étape 3 Tapez l’URL (Universal Resource Locator) indiquée dans la Figure 4-4. Figure 4-4 Tapez l’URL http://10.10.10.1 Le tableau de bord du logiciel CRWS (Figure 4-5) doit apparaître après 1 à 2 minutes.4-7 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Configuration du routeur Figure 4-5 Tableau de bord du logiciel CRWS Conseil Si le tableau de bord de CRWS ne s’affiche pas lorsque vous entrez l’URL http://10.10.10.1, testez la connexion entre le PC et le routeur en procédant comme suit : • Assurez-vous que le témoin OK du routeur est allumé et vérifiez la connexion des câbles entre le routeur et le PC. • Si la page d’accueil CRWS ne s’affiche toujours pas, vérifiez que l’option « Travailler hors connexion » du navigateur est désactivée. • Si la page Web refuse toujours de s’afficher, assurez-vous que le PC est configuré pour la réception automatique d’une adresse IP. Sélectionnez Démarrer/Exécuter, tapez winipcfg dans la fenêtre Exécuter et examinez l’adresse se trouvant dans le champ de l’adresse IP. Cette adresse doit être au format 10.10.10.X, où X est un nombre supérieur ou égal à 2 (par exemple, 10.10.10.2 ou 10.10.10.3). Si le format de l’adresse IP n’est pas conforme, suivez les instructions du Conseil à la page 4-8 pour configurer le PC afin d’obtenir une adresse IP automatiquement. Relancez ensuite le logiciel CRWS. Étape 4 Si vous souhaitez une configuration standard, cliquez sur le lien Router Setup (Configuration du routeur) de la page d’accueil, puis cliquez sur Quick Setup (Configuration rapide). Entrez ensuite le nom d’utilisateur et le mot de passe attribués par votre fournisseur d’accès Internet et suivez la procédure indiquée sur la page affichée. Étape 5 Si vous devez configurer des fonctions particulières, comme le protocole NAT (Network Address Translation), cliquez sur les liens correspondants de la page d’accueil et complétez les écrans de configuration.4-8 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Félicitations ! Vous avez terminé la configuration. Étape 6 Cliquez sur le lien Router Password (Routeur - Mot de passe) de la page d’accueil et définissez un mot de passe pour le routeur. Étape 7 Sélectionnez Démarrer/Exécuter et tapez winipcfg dans le champ Ouvrir de la fenêtre Exécuter. Lorsque la fenêtre Configuration IP s’affiche, cliquez sur Libérer, puis sur Renouveler pour respectivement libérer et renouveler l’adresse IP du PC. Vous pouvez également ouvrir une fenêtre Exécuter et saisir ipconfig /release pour libérer l’adresse IP du PC. Entrez ensuite ipconfig /renew pour la renouveler. Étape 8 Ouvrez un navigateur Web sur le PC et connectez-vous à un site Web. Conseil Si vous n’avez pas pu démarrer CRWS, cela indique peut-être que votre PC n’est pas configuré pour obtenir une adresse IP automatiquement. Vous pouvez utiliser les informations suivantes si votre PC s’exécute sous Microsoft Windows NT ou Microsoft Windows 95, 98 ou 2000. Pour les autres versions de Microsoft Windows, consultez la documentation livrée avec le PC. 1. Mettez le PC en route et ouvrez le Panneau de configuration. 2. Double-cliquez sur l’icône Réseau pour afficher la fenêtre correspondante. 3. Vérifiez que le protocole TCP/IP a été ajouté et associé à l’adaptateur Ethernet. L’icône TCP/IP représente un câble en Y dans la fenêtre Configuration de Microsoft Windows 95, 98, 2000, ME et XP et dans la fenêtre Protocole de Microsoft Windows NT. Si cette icône n’est pas visible, cliquez sur Ajouter, puis ajoutez Microsoft TCP/IP. 4. Pour vérifier si le PC est configuré pour obtenir une adresse IP automatiquement, cliquez sur l’icône TCP/IP représentant un câble, puis sélectionnez l’onglet Adresse IP dans la fenêtre Propriétés TCP/IP. Si ce n’est déjà fait, cochez la case Obtenir automatiquement une adresse IP. Les champs Adresse IP et Masque de sous-réseau doivent être grisés. 5. Pour accepter toutes les modifications et quitter cette fenêtre, cliquez sur OK. Cliquez ensuite sur OK dans la fenêtre Réseau. 6. Si vous y êtes invité, cliquez sur Oui pour redémarrer le PC. 7. Revenez à l’Étape 3 de la section Configuration du routeur page 4-5. Pour plus d’informations sur la configuration du protocole TCP/IP, consultez le manuel Guide de dépannage de la configuration Web d'un routeur Cisco disponible sur le Cisco.com. Félicitations ! Vous avez terminé la configuration. Si vous parvenez à vous connecter à un site Web, cela indique que le câblage et la configuration de votre routeur ont réussi. Vous pouvez désormais l’utiliser pour accéder à Internet. Pour configurer d’autres fonctionnalités, cliquez sur les liens CRWS appropriés et entrez les valeurs de configuration du routeur.4-9 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Obtention de documentation Informations complémentaires sur le routeur Pour plus d’informations, consultez les documents suivants : • Cisco 836 Router and SOHO 96 Router Hardware Installation Guide (Routeurs Cisco 836 et SOHO 96 - Guide d’installation matérielle) : fournit des informations détaillées concernant le câblage et le matériel pour les routeurs Cisco 836 et SOHO 96. • Cisco 800 Series Router Software Configuration Guide (Routeurs Cisco 800 – Guide de configuration logicielle) : fournit des informations détaillées sur la configuration des routeurs Cisco 800. • Regulatory Compliance and Safety Information for Cisco 800 Series and SOHO Series Routers (Routeurs des gammes Cisco 800 et SOHO – Informations relatives au respect des réglementations et à la sécurité) : fournit des informations sur les normes de sécurité et les réglementations internationales pour tous les routeurs des gammes Cisco 800 et SOHO. • Upgrading Memory in Cisco 800 Series Routers (Routeurs Cisco 800 – Mise à niveau de la mémoire) : fournit des informations sur la mise à niveau de la mémoire des routeurs Cisco 800. La documentation Cisco la plus récente est disponible sur Internet à partir des sites suivants : • http://www.cisco.com • http://www-china.cisco.com • http://www-europe.cisco.com Obtention de documentation La documentation Cisco est disponible sur le site Cisco.com. Cisco propose aussi divers moyens pour obtenir une assistance technique et d’autres ressources techniques. Les sections qui suivent expliquent comment obtenir des informations techniques de Cisco Systems. Cisco.com Vous pouvez accéder à la documentation Cisco la plus récente à l’adresse suivante : http://www.cisco.com/en/US/support/index.html Vous pouvez accéder au site Web de Cisco à l’adresse suivante : http://www.cisco.com Vous pouvez accéder aux sites Web internationaux de Cisco à l’adresse suivante : http://www.cisco.com/public/countries_languages.shtml Commande de documentation Vous trouverez les instructions de commande de documentation à l’adresse suivante : http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html4-10 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Vos commentaires sur la documentation Vous pouvez commander de la documentation Cisco comme suit : • Les utilisateurs inscrits sur Cisco.com (clients directs de Cisco) peuvent commander de la documentation à l’adresse suivante : http://www.cisco.com/en/US/partner/ordering/index.shtml • Les utilisateurs non inscrits sur Cisco.com peuvent se procurer de la documentation par l’intermédiaire d’un représentant de compte local en appelant le siège social de Cisco Systems (Californie, États-Unis) au numéro 408 526-7208 ou, en Amérique du Nord, en composant le 800 553-NETS (6387). Vos commentaires sur la documentation Vous pouvez envoyer vos commentaires sur la documentation technique à l’adresse bug-doc@cisco.com. Pour envoyer vos commentaires par courrier ordinaire, utilisez le coupon-réponse situé à l’arrière de la couverture de votre document ou, à défaut, écrivez à l’adresse suivante : Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 États-Unis Vos commentaires sont les bienvenus. Assistance technique Pour tous les clients, partenaires, revendeurs et distributeurs en possession de contrats de service Cisco valides, le centre d’assistance technique Cisco propose une assistance hors pair disponible 24 heures sur 24. Le site Web d’assistance technique Cisco sur Cisco.com propose des ressources en ligne très complètes. En outre, le centre d’assistance technique (TAC) Cisco fournit une assistance téléphonique. Si vous n’avez pas de contrat de service Cisco valide, contactez votre revendeur. Site Web d’assistance technique Cisco Ce site propose des documents et outils en ligne pour dépanner et résoudre les problèmes techniques liés aux technologies et produits Cisco. Il est disponible 24 heures sur 24, 365 jours par an à l’adresse suivante : http://www.cisco.com/techsupport Pour accéder aux outils du site, vous devez être inscrit à Cisco.com et posséder une ID utilisateur ainsi qu’un mot de passe. Si vous êtes en possession d’un contrat de service valide mais que vous n’avez ni ID utilisateur ni de mot de passe, connectez-vous à l’adresse suivante pour vous inscrire : http://tools.cisco.com/RPF/register/register.do4-11 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Assistance technique Soumission d’une demande de service Utiliser l’outil de demande de service en ligne sur le TAC est le moyen le plus rapide d’ouvrir des demandes de service S3 et S4. (Ces demandes correspondent à une dégradation minimale du fonctionnement de votre réseau ou à une demande d’information produit.) Lorsque vous avez décrit la situation, l’outil de demande de service du TAC vous propose automatiquement les solutions recommandées. Si cela ne résout pas le problème, votre demande de service est affectée à un ingénieur du TAC Cisco. Vous trouverez l’outil de demande de service du TAC à l’adresse suivante : http://www.cisco.com/techsupport/servicerequest Pour les demandes de service S1 ou S2 ou si vous n’avez pas d’accès à Internet, contactez le TAC Cisco par téléphone. (Vous soumettez ce type de demandes quand votre réseau opérationnel est très dégradé ou paralysé.) Ces demandes sont affectées immédiatement aux ingénieurs du TAC Cisco pour préserver le bon fonctionnement de vos activités. Pour ouvrir une demande de service par téléphone, composez l’un des numéros suivants : Asie-Pacifique : +61 2 8446 7411 (Australie : 1 800 805 227) Zone EMEA : +32 2 704 55 55 États-Unis : 1 800 553 2447 Pour consulter la liste complète des contacts du TAC Cisco, rendez-vous à l’adresse : http://www.cisco.com/techsupport/contacts Définition de la gravité des demandes de service Cisco a défini des niveaux de gravité de sorte que toutes les demandes de service observent un format standard. Gravité 1 (S1) : votre réseau est « paralysé » ou la situation a un impact très négatif sur vos activités commerciales. Vous et Cisco engagerez 24 heures sur 24 toutes les ressources nécessaires pour résoudre le problème. Gravité 2 (S2) : le fonctionnement d’un réseau existant est très dégradé ou des aspects importants de vos activités commerciales sont affectés par les performances inadéquates des produits Cisco. Vous et Cisco engagerez des ressources à temps plein pendant les heures de bureau normales pour résoudre le problème. Gravité 3 (S3) : les performances de votre réseau sont affectées mais la plupart de vos activités commerciales restent fonctionnelles. Vous et Cisco engagerez des ressources pendant les heures de bureau normales pour rétablir des niveaux de service satisfaisants. Gravité 4 (S4) : vous avez besoin d’informations ou d’assistance concernant des fonctionnalités, l’installation ou la configuration de produits Cisco. L’impact sur vos activités commerciales est faible, voire nul.4-12 Cisco 836 Router and Cisco SOHO 96 Router Cabling and Setup Quick Start Guide 78-14767-06 Chapitre 4 Guide de démarrage rapide - Configuration et câblage des routeurs Cisco 836 et SOHO 96 Obtention de publications et d’informations complémentaires Obtention de publications et d’informations complémentaires Des informations sur les produits, les technologies et les solutions réseau Cisco sont disponibles en ligne et sous forme imprimée. • La boutique Cisco Marketplace offre un grand choix d’ouvrages Cisco, de guides de référence et de produits. Pour la découvrir, rendez-vous à l’adresse suivante : http://www.cisco.com/go/marketplace/ • Le Catalogue des produits Cisco détaille les produits réseau proposés par Cisco Systems, ainsi que les services clients gérant les commandes et les demandes d’assistance. Accédez au Catalogue des produits Cisco en tapant l’URL suivante : http://cisco.com/univercd/cc/td/doc/pcat/ • Cisco Press publie une large gamme d’ouvrages traitant de l’administration réseau, des formations et des certifications. Les utilisateurs débutants comme les plus expérimentés y trouveront des informations utiles. Pour connaître les dernières publications de Cisco Press et consulter d’autres informations, visitez le site de Cisco Press à l’adresse suivante : http://www.ciscopress.com • Le magazine Packet destiné aux utilisateurs techniques de Cisco Systems détaille comment maximiser les investissements Internet et réseau. Chaque trimestre, il présente les dernières tendances en matière de réseaux, les innovations technologiques ainsi que les produits et solutions Cisco. Il donne des conseils pour le déploiement et le dépannage des réseaux et propose des exemples de configuration, des études de cas relatives à la clientèle, des informations sur les certifications et les formations et des liens vers des ressources plus détaillées accessibles en ligne. Vous pouvez accéder au magazine Packet à l’adresse suivante : http://www.cisco.com/packet • Le journal trimestriel Internet Protocol Journal publié par Cisco Systems s’adresse aux ingénieurs concernés par la conception, le développement et l’exploitation de réseaux Internet et intranet publics et privés. Vous pouvez y accéder à l’adresse suivante : http://www.cisco.com/ipj • Cisco propose des formations de niveau international sur les réseaux. Les programmes en cours sont présentés à l’adresse suivante : http://www.cisco.com/en/US/learning/index.html Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26081-03THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xiii Changes to This Document xiii Obtaining Documentation and Submitting a Service Request xiv C H A P T E R 1 Configuring Profiles on the Cisco ASR 9000 Series Router 1 Restrictions of Scale Profiles 1 Information About Profiles 2 Information About Scale Profiles 2 Information About Feature Profiles 2 Relationship Between Scale and Feature Profiles 2 How to Configure Profiles 3 Configuring the Scale Profile 3 Configuring the Feature Profile 5 Additional References 7 C H A P T E R 2 Secure Domain Routers on the Cisco ASR 9000 Series Router 9 Prerequisites for Working with Secure Domain Routers 9 Information About Configuring Secure Domain Routers 10 What Is a Secure Domain Router? 10 Owner SDR and Administration Configuration Mode 10 SDR Access Privileges 10 Root-System Users 11 root-lr Users 11 Other SDR Users 12 Designated Shelf Controller (DSC) 12 Default Configuration of the Router 12 Cisco IOS XR Software Package Management 12 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 iiiAdditional References 13 C H A P T E R 3 Upgrading and Managing Software on Cisco ASR 9000 Series Router 15 Overview of Cisco IOS XR Software Packages 16 Package Installation Envelopes 16 Summary of Cisco IOS XR Software Packages 16 Packages in the Cisco IOS XR Unicast Routing Core Bundle 17 Software Maintenance Upgrades 17 Filename Component Description 17 PIE Filenames and Version Numbers 19 Copying the PIE File to a Local Storage Device or Network Server 20 Information About Package Management 20 Summary of Package Management 20 Adding Packages 21 Activating Packages 21 Activating Multiple Packages or SMUs 22 Activating All Packages Added in a Specific Operation 22 Adding and Activating a Package with a Single Command 22 Upgrading and Downgrading Packages 22 Committing the Active Software Set 22 Rolling Back to a Previous Installation Operation 22 Upgrading Packages 23 Downgrading Packages 23 Impact of Package Version Changes 24 Impact of Package Activation and Deactivation 24 Delaying the Return of the CLI Prompt 25 Displaying Installation Log Information 25 Examples 25 Package Management Procedures 27 Activation and Deactivation Prerequisites 27 Obtaining and Placing Cisco IOS XR Software 28 Transferring Installation Files from a Network File Server to a Local Storage Device 29 Preparing for Software Installation Operations 31 Examples 34 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x iv OL-26081-03 ContentsAdding and Activating Packages 41 Examples 47 Committing the Active Package Set 49 Examples 50 Upgrading to Cisco IOS XR Software Release 4.0 51 Deactivating and Removing Cisco IOS XR Software Packages 57 Examples 61 Rolling Back to a Previous Software Set 62 Displaying Rollback Points 62 Displaying the Active Packages Associated with a Rollback Point 63 Rolling Back to a Specific Rollback Point 63 Rolling Back to the Last Committed Package Set 64 Additional References 64 C H A P T E R 4 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router 67 Disk Mirroring Prerequisites 67 Information About Disk Mirroring 68 How to Enable Disk Mirroring 69 Enabling Disk Mirroring 69 Replacing the Secondary Mirroring Device 71 Replacing the Primary Mirroring Device 72 Configuration Examples for Enabling Disk Mirroring 76 Additional References 77 C H A P T E R 5 Software Entitlement on the Cisco ASR 9000 Series Router 79 Prerequisites for Configuring Software Entitlement 80 Restrictions for Cisco IOS XR Software Entitlement 80 Information About Cisco IOS XR Software Entitlement 80 What Is Software Entitlement? 80 Types of Licenses 81 Router License Pools 81 Chassis-Locked Licenses 81 Slot-Based Licenses 81 Features that Require Licenses After a Software Image Upgrade 82 How to Configure Cisco IOS XR Software Entitlement 83 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 v ContentsAdding a License for a New Feature 83 Backing Up Licenses 85 Examples 86 Restoring Licenses 87 Examples 88 Troubleshooting License Issues after a Software Upgrade 88 Additional References 88 C H A P T E R 6 Managing the Router Hardware 91 Prerequisites for Managing Router Hardware 92 Displaying Hardware Status 92 Displaying SDR Hardware Version Information 92 Displaying System Hardware Version Information 95 Displaying Software and Hardware Information 98 Displaying SDR Node IDs and Status 99 Displaying Router Node IDs and Status 100 Displaying Router Environment Information 101 Displaying RP Redundancy Status 104 Displaying Field-Programmable Device Compatibility 105 RSP Redundancy and Switchover 107 Establishing RSP Redundancy 107 Determining the Active RP in a Redundant Pair 108 Role of the Standby RSP 109 Summary of Redundancy Commands 109 Automatic Switchover 110 RSP Redundancy During RSP Reload 110 Manual Switchover 110 Communicating with a Standby RP 111 Reloading, Shutting Down, or Power Cycling a Node 111 Reloading the Active RSP 113 Flash Disk Recovery 115 Using Controller Commands to Manage Hardware Components 115 Formatting Hard Drives, Flash Drives, and Other Storage Devices 115 Removing and Replacing Cards 116 Removing Line Cards 117 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x vi OL-26081-03 ContentsReplacing a Line Card with the Same Media Type and Port Count 118 Replacing a Line Card with the Same Media Type and a Different Port Count 118 Replacing a Line Card or PLIM with a Different Media Type 118 Upgrading the CPU Controller Bits 119 Examples 119 Additional References 119 C H A P T E R 7 Upgrading FPD on the Cisco ASR 9000 Series Router 123 Prerequisites for FPD Image Upgrades 124 Overview of FPD Image Upgrade Support 124 Automatic FPD Upgrade 124 How to Upgrade FPD Images 125 Configuration Examples for FPD Image Upgrade 128 show hw-module fpd Command Output: Example 128 show fpd package Command Output: Example 130 upgrade hw-module fpd Command Output: Example 139 show platform Command Output: Example 140 Troubleshooting Problems with FPD Image Upgrades 140 Power Failure or Removal of a SPA During an FPD Image Upgrade 140 Performing a SPA FPD Recovery Upgrade 141 Performing a SIP FPD Recovery Upgrade 141 Additional References 141 C H A P T E R 8 Configuring Manageability on Cisco ASR 9000 Series Router 145 Information About XML Manageability 146 How to Configure Manageability 146 Configuring the XML Agent 146 Configuration Examples for Manageability 147 Enabling VRF on an XML Agent: Examples 147 Additional References 148 C H A P T E R 9 Configuring Call Home on the Cisco ASR 9000 Series Router 151 About Call Home 151 Destination Profiles 152 Call Home Alert Groups 152 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 vii ContentsCall Home Message Levels 153 Obtaining Smart Call Home 154 Configuring Call Home 155 Configuring Contact Information 155 Configuring and Activating Destination Profiles 158 Associating an Alert Group with a Destination Profile 160 Configuring Email 163 Enabling Call Home 165 C H A P T E R 1 0 Implementing NTP on the Cisco ASR 9000 Series Router 169 Prerequisites for Implementing NTP on Cisco IOS XR Software 170 Information About Implementing NTP 170 How to Implement NTP on Cisco IOS XR Software 171 Configuring Poll-Based Associations 171 Configuring Broadcast-Based NTP Associates 173 Configuring NTP Access Groups 176 Configuring NTP Authentication 177 Disabling NTP Services on a Specific Interface 179 Configuring the Source IP Address for NTP Packets 181 Configuring the System as an Authoritative NTP Server 182 Updating the Hardware Clock 184 Verifying the Status of the External Reference Clock 185 Examples 186 Configuration Examples for Implementing NTP 186 Additional References 189 C H A P T E R 1 1 Implementing Object Tracking on Cisco IOS XR Software 191 Prerequisites for Implementing Object Tracking 191 Information About Object Tracking 192 How to Implement Object Tracking 192 Tracking Whether an Interface Is Up or Down 192 Tracking the Line Protocol State of an Interface 193 Tracking IP Route Reachability 196 Building a Track Based on a List of Objects 198 Building a Track Based on a List of Objects - Threshold Percentage 201 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x viii OL-26081-03 ContentsBuilding a Track Based on a List of Objects - Threshold Weight 202 Configuration Examples for Configuring Object Tracking 204 Additional References 206 C H A P T E R 1 2 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router 209 Prerequisites for Implementing Physical and Virtual Terminals 210 Information About Implementing Physical and Virtual Terminals 210 Line Templates 210 Line Template Configuration Mode 210 Line Template Guidelines 211 Terminal Identification 212 vty Pools 212 How to Implement Physical and Virtual Terminals on Cisco IOS XR Software 212 Modifying Templates 212 Creating and Modifying vty Pools 214 Monitoring Terminals and Terminal Sessions 216 Configuration Examples for Implementing Physical and Virtual Terminals 217 Additional References 219 C H A P T E R 1 3 Implementing SNMP on the Cisco ASR 9000 Series Router 223 Prerequisites for Implementing SNMP 224 Restrictions for SNMP Use on Cisco IOS XR Software 224 Information About Implementing SNMP 224 SNMP Functional Overview 224 SNMP Manager 224 SNMP Agent 224 MIB 225 SNMP Notifications 225 SNMP Versions 226 Comparison of SNMPv1, v2c, and v3 227 Security Models and Levels for SNMPv1, v2, v3 228 SNMPv3 Benefits 229 SNMPv3 Costs 230 User-Based Security Model 230 View-Based Access Control Model 230 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 ix ContentsMIB Views 231 Access Policy 231 IP Precedence and DSCP Support for SNMP 231 How to Implement SNMP on Cisco IOS XR Software 231 Configuring SNMPv3 231 Configuring SNMP Trap Notifications 234 Setting the Contact, Location, and Serial Number of the SNMP Agent 237 Defining the Maximum SNMP Agent Packet Size 238 Changing Notification Operation Values 240 Setting IP Precedence and DSCP Values 241 Configuring MIB Data to be Persistent 243 Configuring LinkUp and LinkDown Traps for a Subset of Interfaces 244 Configuration Examples for Implementing SNMP 247 Configuring SNMPv3: Examples 247 Configuring Trap Notifications: Example 250 Setting an IP Precedence Value for SNMP Traffic: Example 251 Setting an IP DSCP Value for SNMP Traffic: Example 251 Additional References 251 C H A P T E R 1 4 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router 255 Prerequisites for Periodic MIB Data Collection and Transfer 255 Information About Periodic MIB Data Collection and Transfer 256 SNMP Objects and Instances 256 Bulk Statistics Object Lists 256 Bulk Statistics Schemas 256 Bulk Statistics Transfer Options 256 Benefits of Periodic MIB Data Collection and Transfer 257 How to Configure Periodic MIB Data Collection and Transfer 257 Configuring a Bulk Statistics Object List 257 Configuring a Bulk Statistics Schema 258 Configuring Bulk Statistics Transfer Options 261 Monitoring Periodic MIB Data Collection and Transfer 264 Periodic MIB Data Collection and Transfer: Example 265 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x x OL-26081-03 ContentsC H A P T E R 1 5 Implementing CDP on the Cisco ASR 9000 Series Router 267 Prerequisites for Implementing CDP 267 Information About Implementing CDP 268 How to Implement CDP on Cisco IOS XR Software 269 Enabling CDP 269 Modifying CDP Default Settings 270 Monitoring CDP 272 Examples 273 Configuration Examples for Implementing CDP 275 Additional References 275 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 xi Contents Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x xii OL-26081-03 ContentsPreface This book presents configuration information and examples for System Management of the Cisco IOS XR software. The preface for Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide consists of the following sections: • Changes to This Document, page xiii • Obtaining Documentation and Submitting a Service Request, page xiv Changes to This Document This table lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Configuring Periodic MIB Data Collection and Transfer module was added. OL-26081-03 August 2012 The Object Tracking module was added. Information regarding image filenames was added to the topic: Filename Component Description, on page 17. OL-26081-02 May 2012 OL-26081-01 December 2011 Initial release of this document. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 xiiiObtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x xiv OL-26081-03 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Configuring Profiles on the Cisco ASR 9000 Series Router Your router caters to different market segments on the service provider edge space. Your router is capable of supporting a wide range of market segments and features, but to make the software more efficient, you must configure the appropriate profiles to achieve the results you require. • Different customers have different network architectures, and this puts different scale demands on the router. By configuring the scale profile, you can configure your router to accommodate your needs. • The software supports a wide range of features. To optimize performance, each feature profile enables a subset of the total available features for a release. You must configure the appropriate profile to enable the features that you require. Table 2: Feature History for Configuring Profiles Release Modification Release 3.9.1 The scale profile was introduced The scale profile configuration was moved to admin mode. The feature profile was introduced. Release 4.0.1 This model contains the following topics: • Restrictions of Scale Profiles, page 1 • Information About Profiles, page 2 • How to Configure Profiles, page 3 • Additional References, page 7 Restrictions of Scale Profiles Video monitoring is not supported with the L3XL scale profile. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 1Information About Profiles Information About Scale Profiles A scale profile is a user-configurable setting that tunes the router to perform more efficiently depending on how the router is being used. You should configure a scale profile before deploying the router to production use. Your router can be used for different market segments on the service provider edge space. Because different customers have different network architectures, which can place different scale demands on the router, it is important to configure the scale profile so that your router works as efficiently as possible within the architecture that you are using. Possible scenarios that are taken into account by the scale profile are: • Use of the router as a Layer 2 transport device, thus requiring the support of high Layer 2 scale numbers. • Use of the router primarily as a Layer 3 box that provides Layer 3 virtual private network (VPN)services, thus requiring the support of a high number of Layer 3 routes. Information About Feature Profiles To allow sufficient computation capabilities within the router, the available features within the Cisco IOS XR software image are bundled. A feature profile determines which bundle of features is available for you to use. Although you can always configure a feature, if the feature is not supported by the active feature profile, you cannot use it. There are two feature profiles available on your router: • The default profile that supports all Cisco IOS XR software features except for IEEE 802.1ah provider backbone bridge (PBB). • The L2 profile that supports all Cisco IOS XR software features including IEEE 802.1ah PBB, but does not support IPv6, reverse-path forwarding (RPF) or netflow. If the feature profile that you have configured on your router does notsupport a feature that you have configured, warning messages are displayed on the console, and the feature does not work. A configured feature profile takes affect only after you reload all the line cards on the router. Relationship Between Scale and Feature Profiles Although you are not limited in your selection of scale and feature profiles in relation to each other, we recommend using one of the following pairs: • Default scale profile with default feature profile. • Default scale profile with Layer 2 feature profile. • Layer 3 scale profile with default feature profile. Other pairs are not recommended. Note that the Layer 3 XL scale profile does not support video monitoring. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 2 OL-26081-03 Configuring Profiles on the Cisco ASR 9000 Series Router Information About ProfilesHow to Configure Profiles Configuring the Scale Profile Before you deploy your router, you should configure the scale profile to make the system most efficient for your specific network architecture. Before You Begin In general, the route switch processor (RSP) with 4 GB of memory is capable of loading 1.3 million IPv4 routes. However, consider using an 8 GB RSP if the router needs to hold a large number of routes. SUMMARY STEPS 1. admin 2. configure 3. hw-module profile scale{default | l3 | l3xl} 4. Use one of these commands: • end • commit 5. reload location {all | node-id} 6. show running-config 7. show hw-module profile DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 configure Enters administration configuration mode. Example: RP/0/RSP0/CPU0:router(admin)# configure Step 2 Step 3 hw-module profile scale{default | l3 | l3xl} Specifies the scale profile for the router. Example: RP/0/RSP0/CPU0:router(admin-config)# hw-module profile • default —efficient for deployments that require large Layer 2 MAC tables(up to 512,000 entries) and a relatively small number of Layer 3 routes (less than 512,000). scale l3xl Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 3 Configuring Profiles on the Cisco ASR 9000 Series Router How to Configure ProfilesCommand or Action Purpose • l3 —efficient for deployments that require more Layer 3 routes (up to 1 million) and smaller Layer 2 MAC tables (less than 128,000 entries). Sun Nov 14 10:04:27.109 PST In order to activate this new memory resource profile, you must manually reboot the system. • l3xl —efficient for deployments that require a very large number of Layer 3 routes (up to 1.3 million) and minimal Layer 2 functionality. Note that the support for up to 1.3 million routes is split into IPv4 scaled support and IPv4/IPV6 scaled support. You can configure up to 1.3 million IPv4 routes, or up to 1 million IPv4 routes with 128,000 IPv6 routes. Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(admin-config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(admin-config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Reloads the entire router or all line cards in the chassis. If you are changing the scale profile to, or from, the l3xl value, you must perform a reload of reload location {all | node-id} Example: RP/0/RSP0/CPU0:router(admin)# reload location 0/0/cpu0 Step 5 the entire system before the change is enabled. Use the reload location all command. For all other changesto the scale profile, you must reload all line cards in the router. Use the reload location node-id command for each line card separately. or RP/0/RSP0/CPU0:router(admin)# reload location all show running-config Displays the configured scale profile. Example: RP/0/RSP0/CPU0:router(admin)# show running-config hw-module profile scale Step 6 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 4 OL-26081-03 Configuring Profiles on the Cisco ASR 9000 Series Router Configuring the Scale ProfileCommand or Action Purpose Displays the active scale profile. If the scale profile is different than the configured profile, the line cards have not been reloaded as required for the scale profile configuration to take place. show hw-module profile Example: RP/0/RSP0/CPU0:router# show hw-module profile scale Step 7 Configuring the Feature Profile Before deploying your router you should determine that the feature profile is consistent with the features that you need to use. If it is not, use this task to configure a different profile. SUMMARY STEPS 1. admin 2. configure 3. hw-module profile feature{default | l2} 4. Use one of these commands: • end • commit 5. reload location {all | node-id} 6. show running-config 7. show hw-module profile feature DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 configure Enters administration configuration mode. Example: RP/0/RSP0/CPU0:router(admin)# configure Step 2 Step 3 hw-module profile feature{default | l2} Specifies the feature profile for the router. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 5 Configuring Profiles on the Cisco ASR 9000 Series Router Configuring the Feature ProfileCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(admin-config)# hw-module profile • default—supports all features except provider backbone bridge (PBB). • l2—supports PBB, but does not support IPv6, reverse-path feature l2 forwarding (RPF) and netflow. Wed Dec 8 08:29:54.053 PST L2 feature profile does NOT support the following features: IPv6, RPF, Netflow. In order to activate this new memory resource profile, you must manually reboot the line cards. Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(admin-config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(admin-config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Reloads a line card. Before the feature profile configuration becomes effective, you must reload all line cards in the router. Use the reload location node-id command for each line card separately. reload location {all | node-id} Example: RP/0/RSP0/CPU0:router(admin)# reload location 0/0/cpu0 Step 5 show running-config Displays the configured feature profile. Example: RP/0/RSP0/CPU0:router(admin)# show running-config hw-module profile feature Step 6 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 6 OL-26081-03 Configuring Profiles on the Cisco ASR 9000 Series Router Configuring the Feature ProfileCommand or Action Purpose Displays the active feature profile. If the active profile is different from the configured profile, the line cards have not been reloaded as required for the feature profile configuration to take place. show hw-module profile feature Example: RP/0/RSP0/CPU0:router# show hw-module profile feature all Step 7 What to Do Next If you see warning messages to the console indicating that the active feature profile does not match the configured profile, you must reload the affected line card so that the configured profile matches the active profile. LC/0/1/CPU0:Nov 5 02:50:42.732 : prm_server[236]: Configured 'hw-module profile feature l2' does not match active 'hw-module profile feature default'. You must reload this line card in order to activate the configured profile on this card or you must change the configured profile. If you see warning messages to the console indicating that some features do not match the feature profile, you should either change the feature profile configuration, or remove the non-supported features. LC/0/1/CPU0:Nov 5 02:50:42.732 : prm_server[236]: Active 'hw-module profile feature l2' does not support IPv6, RPF, or Netflow features. Please remove all unsupported feature configurations. Additional References Related Documents Related Topic Document Title Hardware Redundancy and Node Administration on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Profile commands Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR master command index Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 7 Configuring Profiles on the Cisco ASR 9000 Series Router Additional ReferencesStandards and RFCs Standard/RFC Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIB MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Technical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 8 OL-26081-03 Configuring Profiles on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 2 Secure Domain Routers on the Cisco ASR 9000 Series Router Secure domain routers (SDRs) are a means of dividing a single physical system into multiple logically separated routers. Cisco ASR 9000 Series Routers are single-shelf routers that only support one SDR—the owner SDR. Table 3: Feature History for Secure Domain Routers on Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. This module contains the following topics: • Prerequisites for Working with Secure Domain Routers, page 9 • Information About Configuring Secure Domain Routers, page 10 • Additional References, page 13 Prerequisites for Working with Secure Domain Routers Initial Setup • The router must be running the Cisco IOS XR software . • The root-system username and password must be assigned as part of the initial configuration. • For more information on booting a router and performing initial configuration, see Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide. Required Cards for Each SDR • Route switch processor (RSP) pair must be installed for the SDR. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 9Task ID Requirements • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Maximum SDR Configurations • Only one owner SDR is supported. Non-owner SDRs are not supported Information About Configuring Secure Domain Routers What Is a Secure Domain Router? Cisco routers running Cisco IOS XR software can be partitioned into multiple, independent routers known assecure domain routers(SDRs). SDRs are a means of dividing a single physicalsystem into multiple logically separated routers. SDRs perform routing functions the same as a physical router, but they share resources with the rest of the system. For example, the software, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions, such as chassis-control and switch fabric, are shared with the rest of the system. Note Cisco ASR 9000 Series Routers are single-shelf routers that only support one SDR—the owner SDR. Owner SDR and Administration Configuration Mode The owner SDR is created at system startup and cannot be removed. This owner SDR performs system-wide functions, including the creation of additional non-owner SDRs. You cannot create the owner SDR because it always exists, nor can you completely remove the owner SDR because it is necessary to manage the router. By default, all nodes in the system belong to the owner SDR. The owner SDR also provides access to the administration EXEC and administration configuration modes. Only users with root-system privileges can access the administration modes by logging in to the primary route switch processor (RSP) for the owner SDR (called the designated shelf controller, or DSC). Administration modes are used to view and manage system-wide resources and logs. Related Topics SDR Access Privileges, on page 10 SDR Access Privileges Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated privileges. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 10 OL-26081-03 Secure Domain Routers on the Cisco ASR 9000 Series Router Information About Configuring Secure Domain Routers• Only users with root-system privileges can access the administration EXEC and administration configuration modes. • Users with other access privileges can access features according to their assigned privileges for a specific SDR. For more information about AAA policies, see the Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide. Related Topics Root-System Users, on page 11 root-lr Users, on page 11 Other SDR Users, on page 12 Root-System Users Users with root-system privileges have access to system-wide features and resources. The root-system user is created during the initial boot and configuration of the router. The root-system user has the following privileges: • Access to administration EXEC and administration configuration commands. • Ability to create other users with similar or lower privileges. • Complete authority over the chassis. • Ability to install and activate software packages for the router. • Ability to view the following admin plane events (owner SDR logging system only): ? Software installation operations and events. ? System card boot operations, such as card booting notifications and errors, heartbeat-missed notifications, and card reloads. ? Card alphanumeric display changes. ? Environment monitoring events and alarms. ? Fabric control events. ? Upgrade progress information. root-lr Users Users with root-lr privileges can log in to an SDR only and perform configuration tasks that are specific to that SDR. The root-lr group has the following privileges: • Ability to configure interfaces and protocols. • Ability to create other users with similar or lower privileges on the SDR. • Ability to view the resources assigned to their particular SDR. The following restrictions apply to root-lr users: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 11 Secure Domain Routers on the Cisco ASR 9000 Series Router SDR Access Privileges• Users with root-lr privileges cannot enter administration EXEC or configuration modes. • Users with root-lr privileges cannot add or remove nodes from an SDR. • Users with root-lr privileges cannot create root-system users. • The highest privilege a non-owner SDR user can have is root-lr. Other SDR Users Additional usernames and passwords can be created by the root-system or root-lr users to provide more restricted access to the configuration and management capabilities of the owner SDR. Designated Shelf Controller (DSC) In a router running Cisco IOS XR software, one RSP is assigned the role of DSC. The DSC provides system-wide administration and control capability, including access to the administration EXEC and administration configuration modes. For more information on DSCs, refer to Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide. Default Configuration of the Router When a router is brought up, the nodes assigned to the router are activated with the default software package profile. In Cisco IOS XR software, the default software profile is defined by the last install operation. To view the default software profile, use the show install active summary command in administration EXEC mode. Any new nodes that are configured to the router boot with the default software profile listed in the output of this command. RP/0/RSP0/CPU0:router# show install active summary Tue Jul 21 06:10:48.321 DST Active Packages: disk0:comp-asr9k-mini-3.9.0.14I disk0:asr9k-adv-video-3.9.0.14I disk0:asr9k-fpd-3.9.0.14I disk0:asr9k-k9sec-3.9.0.14I disk0:asr9k-mgbl-3.9.0.14I disk0:asr9k-mcast-3.9.0.14I disk0:asr9k-mpls-3.9.0.14I For detailed instructions to add and activate software packages, see the Upgrading and Managing Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. See also the Software Package Management Commands on Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference. Note Cisco IOS XR Software Package Management Software packages are added to the DSC of the system from administration EXEC mode. Once added, a package can be activated for the system. For detailed instructions regarding software package management, Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 12 OL-26081-03 Secure Domain Routers on the Cisco ASR 9000 Series Router Designated Shelf Controller (DSC)see the Upgrading and Managing Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. See also the Software Package Management Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference. • To access install commands, you must be a member of the root-system user group with access to the administration EXEC mode. • Most show install commands can be used in the EXEC mode of an SDR to view the details of the active packages for that SDR. Related Topics Default Configuration of the Router, on page 12 Additional References The following sections provide references related to SDR configuration. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration information for a router using the Cisco IOS XR software Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR master command reference Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Cisco IOS XR interface configuration commands Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about AAA policies, including instructions to create and modify users and username access privileges Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 13 Secure Domain Routers on the Cisco ASR 9000 Series Router Additional ReferencesMIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 14 OL-26081-03 Secure Domain Routers on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 3 Upgrading and Managing Software on Cisco ASR 9000 Series Router The Cisco IOS XR software is divided into software packages so that you can select which features run on your router. This module describes the concepts and tasks necessary to add feature packages, upgrade the active set of packages, roll back to a previously active set of packages, and perform other related package management tasks. For complete descriptions of the commands listed in this module, see Related Documents, on page 65. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 4: Feature History for Upgrading and Managing Cisco IOS XR Software Release Modification Release 3.7.2 The feature was introduced. A procedure to upgrade software from Cisco IOS XR Release 3.x was introduced. See Upgrading to Cisco IOS XR Software Release 4.0, on page 51. Support for installation commands was removed from EXEC mode. The ability to install software on a specific SDR was removed. Release 4.0.0 This module contains the following topics: • Overview of Cisco IOS XR Software Packages, page 16 • Information About Package Management, page 20 • Package Management Procedures, page 27 • Rolling Back to a Previous Software Set, page 62 • Additional References, page 64 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 15Overview of Cisco IOS XR Software Packages Cisco IOS XR software is divided into software packages so that you can select which features run on your router. Each package contains the components to perform a specific set of router functions, such as routing, security, or modular services card (MSC) support. Bundles are groups of packages that can be downloaded as a set. For example, Cisco IOS XR Unicast Routing Core Bundle (known as mini) providesthe main packages for use on every router. Adding a package to the router does not affect the operation of the router—it only copies the package files to a local storage device on the router, known as the boot device (such as the compact flash drive). To make the package functional on the router, you must activate it for one or more cards. To upgrade a package, you activate a newer version of the package. When the automatic compatibility checks have been passed, the new version is activated, and the old version is deactivated. Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs or the package to which the SMU applies to be automatically deactivated. Note To downgrade a package, you activate an older version of the package. When the automatic compatibility checks have been passed, the older version is activated, and the newer version is deactivated. Note For more information on the features and components included in each package, refer to the release notes. Package Installation Envelopes Package Installation Envelopes (PIEs) are nonbootable files that contain a single package or a set of packages (called a composite package or bundle). Because the files are nonbootable, they are used to add software package files to a running router. PIE files have a pie extension. When a PIE file contains software for a specific bug fix, it is called a software maintenance upgrade (SMU). Files with the vm extension are bootable installation files used only to replace all current Cisco IOS XR software. These files are installed from ROM Monitor mode, which causes significant router downtime. Cisco Systems recommends installing or upgrading software packages only using PIE files as described in this document. For more information on vm files, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Note Summary of Cisco IOS XR Software Packages Every router includes a basic set of required packages contained in the Cisco IOS XR Unicast Routing Core Bundle. Additional optional packages can be added and activated on the router to provide specific features. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 16 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Overview of Cisco IOS XR Software PackagesPackages in the Cisco IOS XR Unicast Routing Core Bundle The packages contained in the Cisco IOS XR Unicast Routing Core Bundle are as follows: • Operating system (OS) and minimum boot image (MBI)—Kernel, file system, memory management, and other slow changing core components. • Base—Interface manager, system database, checkpoint services, configuration management, other slow-changing components. • Infra—Resource management: rack, fabric, secure domain router (SDR). • Routing—RIB, BGP, ISIS, OSPF, EIGRP, RIP, RPL. • Forwarding—FIB, ARP, QoS, ACL, and other components. • LC— Line card drivers. The filename for this bundle is: asr9k-mini.pie-version. Refer to the release notes for additional information on the specific features provided by each package. Software Maintenance Upgrades An SMU is a PIE file that contains fixes for a specific defect. A composite SMU is a PIE file that contains SMUs for more than one package. SMUs are added and activated using the same procedures as other PIE files. SMUs are created to respond to immediate issues and do not include new features. Typically, SMUs do not have a large impact on router operations. SMU versions are synchronized to the package major, minor, and maintenance versions they upgrade. SMUs are not an alternative to maintenance releases. They provide quick resolution of immediate issues. All bugsfixed by SMUs are integrated into the maintenance releases. For information on available SMUs, contact Cisco Technical Support, as described in Obtaining Technical Assistance in the monthly What’s New in Cisco Product Documentation. Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs, or the package to which the SMU applies, to be automatically deactivated. Note Filename Component Description The filename componentsfor all packages are described in Table 5: Composite- and Single-Package Filename Components, on page 17. Table 5: Composite- and Single-Package Filename Components Component Description Identifiesthe platform for which the software package is designed. • The platform designation is “asr9k.” platform Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 17 Upgrading and Managing Software on Cisco ASR 9000 Series Router Summary of Cisco IOS XR Software PackagesComponent Description Identifies a specific composite package. • The only composite PIE file at this time is named “mini” and includes all packages described in the Cisco IOS XR Unicast Routing Core Bundle. composite_name Identifies the type of package the file supports (package_type applies only to single-package PIEs). Package types include: • mcast—Multicast package • mgbl—Manageability package • mpls—MPLS package • k9sec—Security package • diags—Diagnostics package • fpd—Field-programmable device package • doc—Documentation package package_type Identifies the major release of this package. • A major release occurs when there is a major architectural change to the product (for example, a major new capability is introduced). • All packages operating on the router must be at the same major release level. • A major release is the least frequent release and may require a router reboot. major Identifies the minor release of this package. • A minor release contains one or more of the following: ? New features ? Bug fixes • The minor release version does not have to be identical for all software packages operating on the router, but the operating packages must be certified by Cisco as compatible with each other. • A minor release may require a router reboot. minor Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 18 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Summary of Cisco IOS XR Software PackagesComponent Description Identifies the maintenance release of this package. • A maintenance release contains a collection of bug fixes for a package. • The maintenance release version does not have to be identical for all software packages operating on the router, but the major and minor versions of the maintenance release must match those of the package being updated. • A maintenance release does not usually require a router reboot. maintenance SMUs only. Identifies a DDTS 1 number that describes the problem this SMU addresses. DDTS is the method used to track known bugs and the resolutions or workarounds for those issues. ddts In Cisco IOS XR Software Release 4.0, the software packages were reorganized into functionally well-defined and independently-releasable packages. These reorganized packages are identified by the -p in the filename. These packages are not compatible with packages released prior to Release 4.0. When upgrading to Release 4.0 or above, special upgrade instructions must be followed. p Identifies images that are compatible with both the Cisco CRS-1 and Cisco CRS-3 routers. Starting with Cisco IOS XR Release 4.2, -px releases replace the -p releases. px 1 distributed defect tracking system Related Topics Summary of Cisco IOS XR Software Bundles PIE Filenames and Version Numbers PIE filenames have two formats: one for composite-package PIEs (bundles) and one for single-package PIEs. A composite-package file is a PIE file that contains multiple packages. Note Hyphens in the filename are part of the filename. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 19 Upgrading and Managing Software on Cisco ASR 9000 Series Router PIE Filenames and Version NumbersTable 6: PIE Filenames, on page 20 shows the filenames for available PIE types. Table 6: PIE Filenames Software Delivery Type Filename Example platform-composite_name.pie- asr9k-mini.pie-3.7.2 major.minor.maintenance Composite (Bundle) PIE Single package PIE platform-package_type.-p.pie-major.minor.maintenance asr9k-mpls.pie-3.7.2 Composite SMU platform-p.composite_name.ddts.pie Copying the PIE File to a Local Storage Device or Network Server To add an optional package or upgrade or downgrade a package, you must copy the appropriate PIE file to a local storage device or to a network file server to which the router has access. If you need to store PIE files on the router, we recommended storing PIE files on the harddisk. Flash disk0: serves as the boot device for packages that have been added or activated on the system. Flash disk1: is used as a backup for disk0:. Before copying PIE files to a local storage device, use the dir command to check to see if the required PIE files are already on the device. Tip Information About Package Management Summary of Package Management The general procedure for adding optional packages, upgrading a package or package set, or downgrading packages on the router is as follows: 1 Copy the package file or files to a local storage device or file server. 2 Add the package or packages on the router using the command install add . 3 Activate the package or packages on the router using the install activate command. 4 Commit the current set of packages using the install commit command. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 20 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Information About Package ManagementFigure 1: Process to Add, Activate, and Commit Cisco IOS XR Software Packages, on page 21 illustrates key steps in the package management process. Figure 1: Process to Add, Activate, and Commit Cisco IOS XR Software Packages Adding Packages Use the install add command to unpack the package software files from a PIE file and copy them to the boot device (usually disk0:) of your router. From administration EXEC mode, the package software files are added to the boot device of the DSC of the router, as well as all active and standby Route Processors (RPs) and fabric shelf controllers (SCs) installed on the router. The disk that holds the unpacked software files is also known as the boot device. By default, flash disk0: is used as the boot device. To use an alternate storage device, such as flash disk1:, see the Router Recovery with ROM Monitor module of Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Remember that all RSPs in a system must use the same boot device. If the boot device on the primary RSP is flash disk0:, then the standby RSP must also have a flash disk0:. Note Activating Packages Software packages remain inactive until activated with the install activate command. After a package has been added to the router , use the install activate command to activate the package or SMUs for all valid cards. Information within the package is used to verify compatibility with the target cards and with the other active software. Actual activation is performed only after the package compatibility and application programming interface (API) compatibility checks have been passed. Activating a Package on the Router To activate a package on your router, use the install activate command in administration EXEC mode. The install activate command also activatesthe package on all administration plane nodes and resources, including service processors (SPs), fabric SCs, fan controllers, alarm modules, and power modules. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 21 Upgrading and Managing Software on Cisco ASR 9000 Series Router Summary of Package ManagementActivating Multiple Packages or SMUs To install multiple packages or software maintenance upgrades (SMUs) with a single command, use the install activate command and either specify up to 16 packages by repeating device: package arguments or use wildcard syntax to specify multiple packages. Some SMUs may require a reload. If the operation requires a node reload, the user is prompted before the installation operation occurs. Activating All Packages Added in a Specific Operation To install all packages that were added in a specific install add operation, use the install activate command with the id add-id keyword and argument, specifying the operation ID of the install add operation. You can specify up to 16 operations in a single command. Adding and Activating a Package with a Single Command To add and activate a package with a single command, use the install add command with the activate keyword from administration EXEC mode. Upgrading and Downgrading Packages To upgrade a package, activate the newer version of the package; the older version is automatically deactivated. To downgrade a package, activate the older version of the package; the newer version is automatically deactivated. Actual activation is performed only after the compatibility checks have been passed. Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs, or the package to which the SMU applies, to be automatically deactivated. Note Committing the Active Software Set When a package is activated on the router , it becomes part of the current running configuration. To make the package activation persistent across reloads, enter the install commit command in administration EXEC mode. On startup, the DSC of the SDR loads the committed software set. If the system is restarted before the active software set is saved with the install commit command, the previously committed software set is used. Note Rolling Back to a Previous Installation Operation Although the term commit sounds final, the Cisco IOS XR software provides the flexibility to roll back the selected package set to previously saved package sets. Each time a package is activated or deactivated, a rollback point is created that defines the package set that is active after the package activation or deactivation. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 22 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Summary of Package ManagementThe software also creates a rollback point for the last committed package set. If you find that you prefer a previous package set over the currently active package set, you can use the install rollback command to make a previously active package set active again. Related Topics Rolling Back to a Previous Software Set, on page 62 Upgrading Packages To upgrade a package that is currently active on your router, add and activate a newer version of the same package (see Figure 2: Example of a Maintenance Release Package Upgrade, on page 23). The older version of the software package is deactivated automatically. These actions are permitted only after the package compatibility checks and API version compatibility checks have been passed. Deactivated packages are not removed from the router. To remove inactive package files, use the install remove command. Upgrading or downgrading a software package can cause a process to restart or a new process to start. Use the test option to preview the impact of the package activation. Caution Figure 2: Example of a Maintenance Release Package Upgrade Related Topics Deactivating and Removing Cisco IOS XR Software Packages, on page 57 Downgrading Packages To downgrade a software package, activate an older version on one or more cards for which that package is already active. The newer version of the same software package is deactivated automatically. These actions are performed only after the package compatibility checks and API version compatibility checks have been passed. Deactivated packages are not removed from the router. To remove inactive package files, use the install remove command. See the Related Topics section for links to more information. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 23 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading PackagesRelated Topics Deactivating and Removing Cisco IOS XR Software Packages, on page 57 Impact of Package Version Changes Each package version change has a different impact on the operation of the router, depending on the type of package and whether the upgrade is for a major, minor, or maintenance release. The following resources can provide more information on the impact of a package version change: • See Related Topics for more information on the typical impact for major, minor, and maintenance releases. • Forspecific information about the impact of an upgrade, consult the release notesfor the package release, and test the impact of the package activation by adding the test option to the install activate command. • The Cisco IOS XR Software Selector tool also contains information on package version compatibility. Related Topics PIE Filenames and Version Numbers, on page 19 Obtaining and Placing Cisco IOS XR Software, on page 28 Impact of Package Activation and Deactivation Activation or deactivation of a package can have an immediate impact on the system. The system can be affected in the following ways: • When a new package is activated, any new CLI commands for the package are added to the router. The router need not be restarted or reloaded. • When a package is deactivated, the commands associated with the features being deactivated are removed from the router. The commands are no longer available to the user. • During a software package deactivation, upgrade, or downgrade, any incompatible configurations are removed from the running configuration of the router, and saved to a file. Messages for incompatible configurations are displayed. Incompatible configurations are those configurationsthat are notsupported by the new version of the software package. You must address any issues that result from the revised configuration and reapply the configuration, if necessary. Note • New processes may be started. • Running processes may be stopped or restarted. • All processes in the cards may be restarted. Restarting processes in the cards is equivalent to a soft reset. • The cards may reload. • No impact: no processes in the card may be affected. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 24 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Impact of Package Version ChangesWhen activating and deactivating packages, use the test option to test the effects of a command without impacting the running system. After the activation or deactivation process completes, enter the show install log command to display the process results. Tip Delaying the Return of the CLI Prompt By default, the CLI prompt is returned to the screen before the installation operation is complete, which allows you to enter other commandsthat are not installation commands. If additional installation requests are attempted before the first operation is complete, they are not run. To delay the return of the CLI prompt until an installation operation is complete, enter the install command with the synchronous keyword. For example: install add disk1:pie-file synchronous install activate disk0:package synchronous To determine if an install command is currently running, enter the show install request command. Displaying Installation Log Information The install log provides information on the history of the installation operations. Each time an installation operation is run, a number is assigned to that operation. • Use the show install log command to display information about both successful and failed installation operations. • The show install log command with no arguments displays a summary of all installation operations. Specify the request-id argument to display information specific to an operation. Use the detail or verbose keywords to display details for specific operation. • Use the detail or verbose keywords to display detailed information, including file changes, nodes that could be reloaded, impact to processes, and impact to Dynamic Link Libraries (DLLs). By default, the install log stores up to 50 entries. Use the clear install log-history command to reset the number of entries to any value from 0 to 255. Tip Examples Displaying install log Entries: Example The following example displays information for the install requests. Use the verbose keyword to display detailed information, including files changes, impact to processes, and impact to DLLs. RP/0/RSP0/CPU0:router(admin)# show install log verbose Install operation 1 started by user 'labuser' at 17:48:51 UTC Sat Jun 03 2009. install add /disk1:asr9k-diags-p.pie-PD34-06.06.07 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 25 Upgrading and Managing Software on Cisco ASR 9000 Series Router Delaying the Return of the CLI Prompt/disk1:asr9k-k9sec-p.pie-PD34-06.06.07 /disk1:asr9k-mcast-p.pie-PD34-06.06.07 /disk1:asr9k-mgbl-p.pie-PD34-06.06.07 /disk1:asr9k-mpls-p.pie-PD34-06.06.07 Install operation 1 completed successfully at 17:51:32 UTC Sat Jun 03 2009. Install logs: Install operation 1 'install add /disk1:asr9k-diags-p.pie-PD34-06.06.07 /disk1:asr9k-k9sec-p.pie-PD34-06.06.07 /disk1:asr9k-mcast-p.pie-PD34-06.06.07 /disk1:asr9k-mgbl-p.pie-PD34-06.06.07 /disk1:asr9k-mpls-p.pie-PD34-06.06.07' started by user 'labuser' at 17:48:51 UTC Sat Jun 03 2009. Info: The following packages are now available to be activated: Info: Info: disk0:asr9k-diags-3.7.2.1I Info: disk0:asr9k-k9sec-3.7.2.1I Info: disk0:asr9k-mcast-3.7.2.1I Info: disk0:asr9k-mgbl-3.7.2.1I Info: disk0:asr9k-mpls-3.7.2.1I Info: Install operation 1 completed successfully at 17:51:32 UTC Sat Jun 03 2009. Install operation 2 started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2009. install activate disk0:asr9k-diags-3.7.2.1I disk0:asr94k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2009. Summary: Install method: parallel Summary of changes on nodes 0/1/SP, 0/6/SP, 0/SM0/SP, 0/SM1/SP, 0/SM2/SP,0/SM3/SP: Activated: asr9k-diags-3.7.2.1I No processes affected Summary of changes on nodes 0/1/CPU0, 0/6/CPU0: Activated: asr9k-diags-3.7.2.1I asr9k-mcast-3.7.2.1I asr9k-mpls-3.7.2.1I 1 asr9k-mpls processes affected (0 updated, 1 added, 0 removed, 0 impacted) 2 asr9k-mcast processes affected (0 updated, 2 added, 0 removed, 0 impacted) Summary of changes on nodes 0/RP0/CPU0, 0/RP1/CPU0: Activated: asr9k-diags-3.7.2.1I asr9k-k9sec-3.7.2.1I asr9k-mcast-3.7.2.1I asr9k-mgbl-3.7.2.1I asr9k-mpls-3.7.2.1I 6 asr9k-mgbl processes affected (0 updated, 6 added, 0 removed, 0 impacted) 8 asr9k-mpls processes affected (0 updated, 8 added, 0 removed, 0 impacted) 7 asr9k-k9sec processes affected (0 updated, 7 added, 0 removed, 0 impacted) 14 asr9k-mcast processes affected (0 updated, 14 added, 0 removed, 0 impacted) Install logs: Install operation 2 'install activate disk0:asr9k-diags-3.7.2.1I disk0:asr9k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I' started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2009. Info: The changes made to software configurations will not be Info: persistent across system reloads. Use the command 'admin install Info: commit' to make changes persistent. Info: Please verify that the system is consistent following the Info: software change using the following commands: Info: show system verify --More-- The following example displays information for a specific install request. Use the detail keyword to display additional information, including impact to processes and nodes impacted. RP/0/RSP0/CPU0:router(admin)# show install log 2 detail Install operation 2 started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2009. install activate disk0:asr9k-diags-3.7.2.1I disk0:asr9k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2006. Summary: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 26 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Displaying Installation Log InformationInstall method: parallel Summary of changes on nodes 0/1/SP, 0/6/SP, 0/SM0/SP, 0/SM1/SP, 0/SM2/SP, 0/SM3/SP: Activated: asr9k-diags-3.7.2.1I No processes affected Summary of changes on nodes 0/1/CPU0, 0/6/CPU0: Activated: asr9k-diags-3.7.2.1I asr9k-mcast-3.7.2.1I asr9k-mpls-3.7.2.1I 1 asr9k-mpls processes affected (0 updated, 1 added, 0 removed, 0 impacted) 2 asr9k-mcast processes affected (0 updated, 2 added, 0 removed, 0 impacted) Summary of changes on nodes 0/RP0/CPU0, 0/RP1/CPU0: Activated: asr9k-diags-3.7.2.1I asr9k-k9sec-3.7.2.1I asr9k-mcast-3.7.2.1I asr9k-mgbl-3.7.2.1I asr9k-mpls-3.7.2.1I 6 asr9k-mgbl processes affected (0 updated, 6 added, 0 removed, 0 impacted) 8 asr9k-mpls processes affected (0 updated, 8 added, 0 removed, 0 impacted) 7 asr9k-k9sec processes affected (0 updated, 7 added, 0 removed, 0 impacted) 14 asr9k-mcast processes affected (0 updated, 14 added, 0 removed, 0 impacted) Install logs: Install operation 2 'install activate disk0:asr9k-diags-3.7.2.1I disk0:asr9k-k9sec-3.7.2.1I disk0:asr9k-mcast-3.7.2.1I disk0:asr9k-mgbl-3.7.2.1I disk0:asr9k-mpls-3.7.2.1I' started by user 'labuser' at 18:06:32 UTC Sat Jun 03 2006. Info: The changes made to software configurations will not be Info: persistent across system reloads. Use the command 'admin install Info: commit' to make changes persistent. Info: Please verify that the system is consistent following the Info: software change using the following commands: Info: show system verify Info: install verify packages Install operation 2 completed successfully at 18:07:48 UTC Sat Jun 03 2006. Package Management Procedures Note Review the concepts about package management before performing the tasks described in this module. Related Topics Information About Package Management, on page 20 Activation and Deactivation Prerequisites The following prerequisites must be met for a package to be activated or deactivated: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • Verify that all cards are installed and operating properly. For example, do not activate or deactivate packages while cards are booting, while cards are being upgraded or replaced, or when you anticipate an automatic switchover activity. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 27 Upgrading and Managing Software on Cisco ASR 9000 Series Router Package Management Procedures• If a ROM Monitor upgrade is required for the software package, the upgrade must be completed before the package is activated. For ROM Monitor upgrade information and procedures, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. • Check the sanity of the configuration file system and recover from any internal inconsistencies by using the cfs check command. RP/0/RSP0/CPU0:router# cfs check Tue Sep 20 07:22:03.374 DST Creating any missing directories in Configuration File system...OK Initializing Configuration Version Manager...OK Syncing commit database with running configuration...OK • Clear any inconsistency alarms and remove any failed configurations using the clear configuration inconsistency command. An inconsistency alarm is set when there is a failure to restore the configuration; this can occur during router startup, or when a line card or route switch processor (RSP) card is inserted or removed. If an inconsistency alarm is set, a message similar to the following example is displayed: RP/0/0/CPU0:May 26 11:58:40.662 : cfgmgr-rp[130]: %MGBL-CONFIGCLI-3 BATCH_CONFIG_FAIL : 28 config(s) failed during startup. To view failed config(s) use the command - "show configuration failed startup" When the inconsistency alarm is set, all configuration commit operations fail until the alarm is cleared. • Although more than one version of a software package can be added to a storage device, only one version of a package can be active for any card. • Some packages require the activation or deactivation of other packages. • The package being activated must be compatible with the current active software set. Activation is performed only after the package compatibility checks and API version compatibility checks have been passed. If a conflict is found, an on-screen error message is displayed. While a software package is being activated, other requests are not allowed to run on any of the impacted nodes. Package activation is completed when a message similar to the following appears: Install operation 2 completed successfully at 20:30:29 UTC Mon Nov 14 2005. Each CLI install request is assigned a request ID, which can be used later to review the events. Obtaining and Placing Cisco IOS XR Software This section contains information to locate the available software packages and to transfer them either to a local storage device or to a network server. When this is done, the package or packages can be added and activated on the router . There are two primary ways to obtain packages in Cisco IOS XR software: • Request the software from Cisco on a flash disk that you can insert into the removable flash disk slot (usually flash disk1:). Flash disk1: is optional. When it is installed, flash disk1: can be used to store PIE files, which can then be used to add new software to the boot device (usually flash disk0:). • Download the Cisco IOS XR software packages to a local storage device of the DSC, such as flash disk1:, or to a remote server, such as a tftp or rcp server. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 28 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Obtaining and Placing Cisco IOS XR SoftwareThe boot device is the local disk on the DSC where Cisco IOS XR software is added and activated. PIE files should not be stored on this boot device. The default boot device is disk0:. All PIE files should be stored on flash disk1:. Transferring Installation Files from a Network File Server to a Local Storage Device If the Cisco IOS XR software PIE files are located on a remote TFTP, FTP, SFTP, or rcp server, you can copy the files to a local storage device such as disk1:. When the PIE files are located on a local storage device, the software packages can be added and activated on the router from that storage device. Table 7: Download Protocols Supported by Cisco IOS XR Software, on page 29 describes the supported server protocols, and the CLI syntax used copy files from each server type to the local storage device. Cisco IOS XR software PIE files can also be added to the router boot device directly from the remote server. Tip Note Consult your system administrator for the location and availability of your network server. Table 7: Download Protocols Supported by Cisco IOS XR Software Name Description TFTP allowsfilesto be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password). It is a simplified version of FTP. Some Cisco IOS XR software images may be larger than 32 MB, and the TFTP services provided by some vendors may not support a file this large. If you do not have access to a TFTP server that supports files larger than 32 MB, download the software image using FTP or rcp. Note Trivial File Transfer Protocol FTP is part of the TCP/IP protocol stack and requires a username and password. File Transfer Protocol The rcp protocol uses TCP to ensure the reliable delivery of data, and rcp downloads require a usernames. Remote Copy Protocol SFTP is part of the SSHv2 feature in the Security package and provides for secure file transfers. For more information, see the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide. SSH File Transfer Protocol Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 29 Upgrading and Managing Software on Cisco ASR 9000 Series Router Obtaining and Placing Cisco IOS XR SoftwareThe router commands listed in Table 8: Commands for Copying Package Files to the Router, on page 30 show how to copy package files to the router using three types of file transfer protocols. Table 8: Commands for Copying Package Files to the Router Server Type Command and Examples The following command syntax is used: copy tftp:// hostname_or_ipaddress/ directory-path / pie-name disk1: Example: RP/0/RSP0/CPU0:router# copy tftp://10.1.1.1/images/compasr9k-mini.pie disk1: TFTP The following command syntax is used: copy ftp:// username : password @ hostname_or_ipaddress / directory-path / pie-name disk1: Example: RP/0/RSP0/CPU0:router# copy ftp://john:secret@10.1.1.1/images/ comp-asr9k-mini.pie disk1: FTP The following command syntax is used: copy rcp:// username @ hostname_or_ipaddress / directory-path / pie-name disk1: Example: RP/0/RSP0/CPU0:router# copy rcp://john@10.1.1.1/images/ comp-asr9k-mini.pie disk1: rcp Table 9: Command Variablesfor Copying and Adding Packagesfrom a Network Server, on page 30 describes the command variables for copying packages from a network server. Table 9: Command Variables for Copying and Adding Packages from a Network Server Variable Description Host name or IP address of the server that stores the source file. hostname_or_ipaddress Name of the PIE file (package). See the Overview of Cisco IOS XR Software Packages, on page 16 for descriptions of the available packages. pie-name Required for FTP and rcp only and must be a valid username on the FTP or rcp server. username Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 30 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Obtaining and Placing Cisco IOS XR SoftwareVariable Description Required for FTP only. If a password is not provided, the networking device accepts anonymous FTP. password The specified directory should be a directory under the home directory of the user. In the rcp and FTP examplesin Table 8: Commandsfor Copying Package Files to the Router, on page 30, the file being downloaded is in a subdirectory called “images” in the home directory of the user “john.” For FTP and rcp services, directory-path is the directory relative to the username home directory. If you want to specify an absolute path for the directory, you must add a "/" following the server address. Note directory-path When the installation files have been transferred to a network file server or the router, you are ready to activate or upgrade the software. Files with the vm extension are bootable installation files used only to replace all current Cisco IOS XR software. These files are installed from ROM monitor mode and cause significant router downtime. We recommend installing or upgrading software packages using PIE files only, as described in this chapter. See Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide for information on installing from vm files. Note Related Topics Adding and Activating Packages, on page 41 Overview of Cisco IOS XR Software Packages, on page 16 Preparing for Software Installation Operations This section includes instructions to prepare for software installation operations. Activation is performed only after the automatic package compatibility and API version compatibility checks have been passed. If a conflict is found, an on-screen error message is displayed. Note Before You Begin Before adding or activating Cisco IOS XR software: • Update the ROM Monitor software, if necessary. • Determine if a software change is required. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 31 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation Operations• Verify that the new package is supported on your system. Some software packages require that other packages or package versions be activated, and some packages only support specific cards. • Review the release notes for important information related to that release and to help determine the package compatibility with your router configuration. • Verify that the system is stable and prepared for the software changes. SUMMARY STEPS 1. admin 2. show diag 3. Update the ROMMON software if necessary. 4. show install active 5. show install pie-info device:package [ brief | detail | verbose ] 6. verify packages 7. exit 8. (Optional) show system verify start 9. (Optional) show system verify [ detail | report ] 10. show clock DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Displays the ROMMON software version for all cards in the system. Verify that the correct ROMMON software version is installed before upgrading a Cisco IOS XR software package. show diag Example: RP/0/RSP0/CPU0:router(admin)# show diag Step 2 See Related Topics for information regarding the required ROM Monitor (ROMMON) software version. Note Updates the ROMMON software. For instructions, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Update the ROMMON software if necessary. Step 3 Displays the active software on the router for the owner SDR. Use this command to determine what software should be added, upgraded or downgraded on the show install active Example: RP/0/RSP0/CPU0:router(admin)# show install active Step 4 router, and to compare to the active software report after installation operations are complete. You can also display the active packages for a specific node, and view results in detailed or summary mode. See the Software Package Management Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference for more information. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 32 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsCommand or Action Purpose Displays information imbedded in the package. The following keywords provide three levels of information: show install pie-info device:package [ brief | detail | verbose ] Step 5 Example: RP/0/RSP0/CPU0:router(admin)# • brief (default)—Displays the expiration date of the file, the size, and the installed package name. The expiration date is used for certifying the package. • detail—Displays the package components, the compatible cards, the expiration date, file size, and the installed package name. show install pie-info disk1:/asr9k-mcast-p.pie-3.8.30 • verbose—Displays information from the detail display and sub-component information. Always review the release notes for the software package for important information related to that release and to help determine the package compatibility with your router configuration. Note Verifies that there are no corrupted software files. The consistency of a previously installed software set is verified against the package file from which it originated. verify packages Example: RP/0/RSP0/CPU0:router(admin)# install verify packages Step 6 This command can be used as a debugging tool to verify the validity of the files that constitute the packages, to determine if there are any corrupted files. This command also checks for corruptions of installation state files and MBI image files. This command is particularly useful when issued after the activation of a package or upgrading the Cisco IOS XR software to a major release. The install verify packages command can take up to two minutes per package to process. Note exit Exits administration EXEC mode and returns to EXEC mode. Example: RP/0/RSP0/CPU0:router(admin)# exit Step 7 (Optional) Starts the system status check. show system verify start Example: RP/0/RSP0/CPU0:router# show system verify start Step 8 (Optional) Displayssystem statusinformation. A variety of information is displayed including the memory and CPU usage, process status, protocol status, and other status information. Use this information to verify that the system is stable. show system verify [ detail | report ] Example: RP/0/RSP0/CPU0:router# show system verify Step 9 • detail—Displays additional information at the card and processor level, including actual numbers. • report—Displays the same information as the default show system verify command Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 33 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsCommand or Action Purpose Although most of the output should display the status “OK,” some processes may show other output, such as “Warning.” This does not specifically indicate a problem. Contact your Cisco technical support representative for more information on the output of this command. Note Verifiesthat the system clock is correct. Software operations use certificates based on router clock times. show clock Example: RP/0/RSP0/CPU0:router# show clock Step 10 Related Topics Activation and Deactivation Prerequisites, on page 27 Examples Verifying That the ROM Monitor Version Is Correct: Example In the following example, the ROM Monitor software version is displayed in the “ROMMON:” field for each card. For instructions to upgrade the ROM Monitor software, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Note RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# show diag Mon Jun 22 12:55:10.554 PST NODE module 0/RSP0/CPU0 : MAIN: board type 0x100302 S/N: FOC1230803H Top Assy. Number: 68-3160-04 PID: A2K-RSP-4G-HDD= UDI_VID: VP4 HwRev: V4.8 New Deviation Number: 0 CLEI: IPUCARJBAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A MONLIB: QNXFFS Monlib Version 3.2 ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: Compact Flash : V1.0 XbarSwitch0 : V1.3 XbarSwitch1 : V1.3 XbarArbiter : V1.0 XbarInterface : V0.0 IntCtrl : V1.14 ClkCtrl : V1.13 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 34 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsPuntFPGA : V1.5 HD : V3.0 USB0 : V77.20 USB1 : V77.20 CPUCtrl : V1.17 UTI : V1.6 LIU : V1.0 MLANSwitch : V0.0 EOBCSwitch : V2.0 CBC (active partition) : v1.2 CBC (inactive partition) : v1.1 NODE fantray 0/FT0/SP : MAIN: board type 0x900211 S/N: Top Assy. Number: 32-0000-00 PID: UDI_VID: HwRev: V32.0 New Deviation Number: 0 CLEI: PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: CBC (active partition) : v4.0 CBC (inactive partition) : v0.13 NODE fantray 0/FT1/SP : MAIN: board type 0x900211 S/N: Top Assy. Number: 32-0000-00 PID: UDI_VID: HwRev: V32.0 New Deviation Number: 0 CLEI: PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: CBC (active partition) : v4.0 CBC (inactive partition) : v0.13 NODE module 0/1/CPU0 : MAIN: board type 0x20207 S/N: FOC123081J6 Top Assy. Number: 68-3182-03 PID: A9K-40GE-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.8 PHYCtrl : V0.6 40 Port Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 35 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsNODE module 0/4/CPU0 : MAIN: board type 0x2020a S/N: FOC123081JA Top Assy. Number: 68-3183-02 PID: A9K-8T/4-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: IPU3AE0CAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.10 PHYCtrl : V0.7 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PHY4 : V0.16 PHY5 : V0.16 PHY6 : V0.16 PHY7 : V0.16 8 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE module 0/6/CPU0 : MAIN: board type 0x20208 S/N: FHH12250033 Top Assy. Number: 68-3184-02 PID: A9K-4T-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PortCtrl : V0.10 PHYCtrl : V0.7 4 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE power-module 0/PM0/SP : MAIN: board type 0xf00188 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 36 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsS/N: Top Assy. Number: 341-00032-01 PID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: NODE power-module 0/PM1/SP : MAIN: board type 0xf00188 S/N: Top Assy. Number: 341-00032-01 PID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: NODE power-module 0/PM2/SP : MAIN: board type 0xf00188 S/N: Top Assy. Number: 341-00032-01 PID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: Rack 0 - ASR-9010 Chassis, Includes Accessories RACK NUM: 0 S/N: PID: ASR-9010 Backplane VID: 0.1 Desc: ASR-9010 Chassis, Includes Accessories CLEI: NOCLEI Top Assy. Number: 68-1234-56 Displaying the Active Software for the Entire System: Example The following example displays the active packages for the entire system. Use this information to determine if a software change is required: RP/0/RSP0/CPU0:router(admin)# show install active summary Mon Jun 22 13:01:46.438 PST Default Profile: SDRs: Owner Active Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-k9sec-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mgbl-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 37 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsDisplaying Information About the Contents of a PIE File: Example In the following example, information is displayed about the manageability PIE. This command displays the expiry date of the package, the cards supported by the package, and other details. Use this information to verify the compatibility of the package with your system and other software packages. A software activation is performed only after the automatic package compatibility and API version compatibility checks have been passed. If a conflict is found, an on-screen error message is displayed. Note RP/0/RSP0/CPU0:router(admin)# show install pie-info disk1:/ asr9k-mgbl-p.pie-3.8.0 detail Contents of pie file '/disk1:/asr9k-mgbl-p.pie-3.8.0': Expiry date : Jan 19, 2007 02:55:56 UTC Uncompressed size : 17892613 asr9k-mgbl-3.8.0 asr9k-mgbl V3.8.0[00] Manageability Package Vendor : Cisco Systems Desc : Manageability Package Build : Built on Wed May 10 08:04:58 UTC 2006 Source : By edde-bld1 in /vws/aga/production/3.8.0/asr9k/workspace for c28 Card(s): RP, DRP, DRPSC Restart information: Default: parallel impacted processes restart Components in package asr9k-mgbl-3.8.0, package asr9k-mgbl: manageability-cwi V[r33x/2] Craft Web Interface related binaries ae asr9k-feature-ipsla V[r33x/1] IPSLA time stamping feature doc-asr9k-mgbl V[r33x/2] Contains the man page documentation for asr9ks --More-- Verifying That There Are No Corrupted Software Files: Example The following sample output verifies the consistency of the currently active software against the file from which it originated: RP/0/RSP0/CPU0:router(admin)# install verify packages Mon Jun 22 13:19:08.590 PST Install operation 3 '(admin) install verify packages' started by user 'debbie' via CLI at 13:19:08 DST Mon Jun 22 2009. The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)#Info: This operation can take up to 2 minutes per package being verified. Info: Please be patient. Info: 0/6/CPU0 [LC] [SDR: Owner] Info: meta-data: [SUCCESS] Verification Successful. Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies. Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification Info: Successful. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 38 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsInfo: 0/1/CPU0 [LC] [SDR: Owner] Info: meta-data: [SUCCESS] Verification Successful. Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies. Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: 0/4/CPU0 [LC] [SDR: Owner] Info: meta-data: [SUCCESS] Verification Successful. Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies. Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: 0/RSP0/CPU0 [RP] [SDR: Owner] Info: meta-data: [SUCCESS] Verification Successful. Info: /install/asr9k-fpd-3.9.0.12I: [ERROR] Detected anomalies. Info: /install/asr9k-mpls-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-mgbl-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-mcast-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-k9sec-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-os-mbi-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-base-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-admin-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-fwdg-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-lc-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-rout-3.9.0.12I: [SUCCESS] Verification Successful. Info: /install/asr9k-diags-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: /install/asr9k-scfclient-3.9.0.12I: [SUCCESS] Verification Info: Successful. Info: Verification Summary: Info: 0/6/CPU0: ERROR. Anomalies found. Info: 0/1/CPU0: ERROR. Anomalies found. Info: 0/4/CPU0: ERROR. Anomalies found. Info: 0/RSP0/CPU0: ERROR. Anomalies found. Info: Anomalies found on the primary RP. Info: No standby RP is present. Info: Please contact your technical services representative to repair Info: the system. Install operation 3 completed successfully at 13:21:29 DST Mon Jun 22 2009. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 39 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation OperationsVerifying the Current System Status: Example The following example shows how to prepare for system verification: RP/0/RSP0/CPU0:router# show system verify start Storing initial router status ... done. The following example shows output from running the show system verify command. Although most of the output should display the status “OK,” some processes may show other output, such as “Warning.” This does not specifically indicate a problem. Contact your Cisco technical support representative for more information on the output of this command. Note RP/0/RSP0/CPU0:router# show system verify Getting current router status ... System Verification Report ========================== - Verifying Memory Usage - Verified Memory Usage : [OK] - Verifying CPU Usage - Verified CPU Usage : [OK] - Verifying Blocked Processes - Verified Blocked Processes : [OK] - Verifying Aborted Processes - Verified Aborted Processes : [OK] - Verifying Crashed Processes - Verified Crashed Processes : [OK] - Verifying LC Status - Verified LC Status : [OK] - Verifying QNET Status Unable to get current LC status info - Verified QNET Status : [FAIL] - Verifying GSP Fabric Status - Verified GSP Fabric Status : [OK] - Verifying GSP Ethernet Status gsp WARNING messages for router Current set of gsp ping nodes does not match initial set of nodes - Verified GSP Ethernet Status : [WARNING] - Verifying POS interface Status - Verified POS interface Status : [OK] - Verifying TenGigE interface Status - Verified TenGigE interface Status : [OK] - Verifying TCP statistics - Verified TCP statistics : [OK] - Verifying UDP statistics tcp_udp_raw WARNING messages for router UDP Packets sent has not increased during this period. - Verified UDP statistics : [WARNING] - Verifying RAW statistics - Verified RAW statistics : [OK] - Verifying RIB Status - Verified RIB Status : [OK] - Verifying CEF Status - Verified CEF Status : [OK] - Verifying CEF Consistency Status - Verified CEF Consistency Status : [OK] - Verifying BGP Status Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 40 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Preparing for Software Installation Operations- Verified BGP Status : [OK] - Verifying ISIS Status - Verified ISIS Status : [OK] - Verifying OSPF Status - Verified OSPF Status : [OK] - Verifying Syslog Messages - Verified Syslog Messages : [OK] System may not be stable. Please look into WARNING messages. Verifying That the System Clock Is Correct: Example The following example displays the current system clock setting: RP/0/RSP0/CPU0:router# show clock 02:14:51.474 PST Wed Jan 28 2009 Adding and Activating Packages The procedure in this section describes how to upgrade or add Cisco IOS XR software PIE files that are stored on a local storage device, such as flash disk1:, or on a remote TFTP, FTP, SFTP, or rcp server. The PIE software file can include any of the following: • The Cisco IOS XR Unicast Routing Core Bundle (six packages in one composite PIE file) • Any of the optional packages (one package per PIE file) • Software maintenance upgrades (SMUs) When you need to add and activate two or more of the preceding package types, you should add and activate them in the order listed above. When adding and activating two or more packages, optional packages can be activated together. Also, if the operation is a reload, multiple packages can be activated together. For example, five reload SMUs can be activated together or the Cisco IOS XR Unicast Routing Core Bundle plus the SMUs and optional packages can be activated together. Note For a description of the software management process, see the Related Topics section. These instructions are also used to downgrade software packages. By default, installation operations are performed asynchronously: the CLI prompt is returned before the operation is complete, allowing the operator to continue work while the installation is completed in the background. Use the synchronous keyword at the end of install commands to delay the return of the CLI prompt until an installation operation is complete. See the Related Topicssection for more information. Note Before You Begin Before upgrading or adding packages from flash disk1:, verify that the following prerequisites have been met: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 41 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating Packages• Verify that the ROMMON version is correct. For instructions on upgrading ROM Monitor, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. • All packages to be upgraded or added are present on a local storage device (flash disk1:) or a network file server. • Prerequisites for the activation of packages are met as described in the Prerequisites section. • Complete the procedures described in the Preparing for Software Installation Operations, on page 31 section. To use the automatic FPD upgrade feature, the fpd auto-upgrade command must be enabled in administration configuration mode. Note SUMMARY STEPS 1. Connect to the console port and log in. 2. (Optional) dir device : 3. admin 4. Use one of the following commands: • install add [source source-path | tar] device file [activate] • install add [source source-path | tar] tftp:// hostname_or_ipaddress / directory-path / file [activate] • install add [source source-path | tar] ftp:// username : password @ hostname_or_ipaddress / directory-path / file [activate] • install add [ source source-path | tar] rcp:// username @ hostname_or_ipaddress / directory-path / file [activate] 5. (Optional) show install inactive summary 6. install activate {id add-id | device package} [test] [location node-id] [pause sw-change] [prompt-level {all | none}] [auto-abort-timer time 7. Repeat Step 4, on page 43 through Step 6, on page 44 until all packages are activated. 8. (Optional) show install active summary 9. (Optional) install verify packages 10. (Optional) exit 11. (Optional) show system verify start 12. admin 13. (Optional) install commit 14. Upgrade the field-programmable device (FPD) software, if necessary. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 42 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesDETAILED STEPS Command or Action Purpose Step 1 Connect to the console port and log in. Establishes a CLI management session with the SDR. Connect to the console port for the active DSC. For more information on console connections, see Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide. (Optional) Displays the package files that are available for package upgrades and additions. dir device : Example: RP/0/RSP0/CPU0:router# dir disk1: Step 2 Only PIE files can be added and activated using this procedure. Note Step 3 admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Some show install commands can be entered in EXEC mode on an SDR. Note Unpacks a PIE file from localstorage device or network server and adds the package files to the boot device of the router. The boot device is located on the DSC. Step 4 Use one of the following commands: • install add [source source-path | tar] device file [activate] • If the tar keyword is used, all PIE files contained in the tar file are unpacked. • install add [source source-path | tar] tftp:// hostname_or_ipaddress/ directory-path / file [activate] • If the source keyword is used, the source-path specifies the directory path that is used for multiple filenames in the same directory. • install add [source source-path | tar] ftp:// username : password @ hostname_or_ipaddress / directory-path / file [activate] The following arguments are used when adding a package from a PIE file located on a network server: • install add [ source source-path | tar] rcp:// username @ hostname_or_ipaddress / directory-path / file [activate] • device:—Name of the localstorage device where the PIE file is stored, such as disk1:. Example: RP/0/RSP0/CPU0:router(admin)# install add • file—Name of the PIE file you want to add. If the tar keyword is used, the file argument is the name of a tar file containing one or more PIE files or directories containing PIE files. disk1:asr9k-mgbl.pie-3.8.30.1i or RP/0/RSP0/CPU0:router(admin)# install add source • hostname_or_ipaddress—Host name or IP address of the network file server. tftp://10.1.1.1/images/ asr9k-k9sec-p.pie asr9k-mpls-p.pie asr9k-mcast-p.pie • directory-path—Network file server path that leads to or the PIE file to be added. RP/0/RSP0/CPU0:router(admin)# install add • username—Username that has access privileges to the directory in which the PIE file is stored. ftp://john:secret@10.1.1.1/images/asr9k-k9sec-p.pie Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 43 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesCommand or Action Purpose • password—Password associated with the username that has access privileges to the directory in which the PIE file is stored. or RP/0/RSP0/CPU0:router(admin)# install add tar • activate—Automatically activates the software package after it is successfully added. rcp://john@10.1.1.1/images/asr9k-iosxr-3.6.0.tar Multiple versions of a software package can be added to the storage device without impacting the running configuration, but only one version of a package can be activated for a card. Note The automatic FPD upgrade occurs only when the FPD pie is added and activated together with the install PIE. Tip (Optional) Displays the inactive packages on the router. Verify that the package added in the previous step appears in the display. show install inactive summary Example: RP/0/RSP0/CPU0:router(admin)# show install inactive summary Step 5 Activates a package that was added to the router. Skip thisstep if the package was activated earlier with the install add command. install activate {id add-id | device package} [test] [location node-id] [pause sw-change] [prompt-level {all | none}] [auto-abort-timer time Step 6 Example: RP/0/RSP0/CPU0:router(admin)# install activate disk0:asr9k-mgbl-3.8.30 • id add-id—Specifies the package using the operation ID of the install add operation in which you added the package. The operation ID is provided in the output of the install add command. You can also use show install log to display installation operation IDs. • device:package—Specifiesthe package by name. Replace the device:package argument with the name of the boot device and inactive package, which can be displayed as described in the previous step. Press ? after a partial package name to display all possible matches available for activation. If there is only one match, press [TAB] to fill in the rest of the package name. Note • location node-id—Activates a package for a specific card (node). To display a list of node IDs for the entire system, enter the show platform command in administration EXEC mode. A package cannot be activated on a single node unless some version of the package being activated is already active on all nodes. By default, packages are activated for all cards supported by that package. Note • pause sw-change—Pausesthe operation after preparatory checks and before the configuration is locked for the actual activation. This action enables you to hold the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 44 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesCommand or Action Purpose operation while you perform configuration changes, and proceed with the activation whenever you choose. This operation is useful, for example, if your workflow involves configuring a router out of the network during software installation and you want to minimize the time that the router is out of the network. Follow the onscreen instructions to control the pausing and completion of the operation. • prompt-level—Use a prompt-level of all to view all stages of the installation process and to specify whether to continue or not. • auto-abort-timer—Specifies an abort timer value, in minutes, which when expired loads the last committed loadpath. The default is 60 minutes.The timer is disabled by default.After the installation, if the activated software is working correctly, use the install commit command to cancel the timer and commit the new loadpath. The package being activated must be compatible with the currently active software to operate. When an activation is attempted, the system runs an automatic compatibility check to ensure that the package is compatible with the other active software on the router. The activation is permitted only after all compatibility checks have been passed. Note When activating packages, use the test option to test the effects of a command without impacting the running system. After the activation process finishes, enter the show install log command to display the process results. Tip The automatic FPD upgrade occurs only when the FPD pie is added and activated together with the install PIE. Tip Repeat Step 4, on page 43 through Step 6, on page 44 until Activates additional packages as required. all packages are activated. Step 7 (Optional) Displays all active packages. Use this display to determine if the correct packages are active: show install active summary Example: RP/0/RSP0/CPU0:router(admin)# show install active Step 8 (Optional) Verifies the consistency of a installed software set with the package file from which it originated. This command can be install verify packages Example: RP/0/RSP0/CPU0:router(admin)# install verify packages Step 9 used as a debugging tool to verify the validity of the files that constitute the packages, to determine if there are any corrupted files. This command also checksfor corruptions of installation state files and MBI image files. This command is particularly Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 45 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesCommand or Action Purpose useful when issued after the activation of a package or upgrading the Cisco IOS XR software to a major release. The install verify packages command can take up to two minutes per package to process. Note (Optional) Exits administration EXEC mode and returns to EXEC mode. exit Example: RP/0/RSP0/CPU0:router(admin)# exit Step 10 (Optional) Starts the system status check. show system verify start Example: RP/0/RSP0/CPU0:router# show system verify start Step 11 admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 12 (Optional) Commits the current set of packages on the router so that these packages are used if the router is restarted. install commit Example: RP/0/RSP0/CPU0:router# dir disk1: RP/0/RSP0/CPU0:router(admin)# install commit Step 13 For more information, see the Related Topics section. Whenever a Cisco IOS XR software image is released that supports SPAs and SIPs, a companion SPA or SIP FPD image Upgrade the field-programmable device (FPD) software, if necessary. Step 14 is bundled with the Cisco IOS XR software release. Generally , the FPD image is not automatically upgraded. You must manually upgrade the FPD image running on the SPA or SIP when you upgrade the Cisco IOS XR software image. FPD versions must be compatible with the Cisco IOS XR software that is running on the router. If you have enabled the fpd auto-upgrade command and add and activate the FPD PIE together with the software installation PIE, the FPD image is automatically upgraded before the router is rebooted. Note For information on FPDs, including instructions to upgrade FPD images, see the Upgrading FPD Cisco IOS XR Software section. Related Topics Obtaining and Placing Cisco IOS XR Software, on page 28 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 46 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesActivation and Deactivation Prerequisites, on page 27 Preparing for Software Installation Operations, on page 31 Information About Package Management, on page 20 Downgrading Packages, on page 23 PIE Filenames and Version Numbers, on page 19 Committing the Active Package Set, on page 49 Examples Adding a Package: Example The following example shows how to add the contents of a PIE file on disk1: to the boot device. Because the software package is added to the boot device by default, it is not necessary to specify the destination device in the CLI. RP/0/RSP0/CPU0:router(admin)# install add disk1:asr9k-mpls-p.pie-3.7.2 synchronous Install operation 4 'install add /disk1:asr9k-mpls.pie synchronous' started by user 'cisco' at 18:10:18 UTC Sat Apr 08 2009. Info: The following package is now available to be activated: Info: Info: disk0:asr9k-mpls-3.7.2 Info: Install operation 4 completed successfully at 18:14:11 UTC Sat Apr 08 2009. The following example shows how to add the contents of a PIE file on a TFTP server to the boot device: RP/0/RSP0/CPU0:router(admin)# install add tftp://209.165.201.1/ asr9k-mpls.pie synchronous Install operation 4 '(admin) install add /tftp://209.165.201.1/asr9k-mpls.pie synchronous' started by user 'cisco' at 18:16:18 UTC Thu Jan 03 2009. Info: The following package is now available to be activated: Info: Info: disk0:asr9k-mpls-3.7.2 Info: Install operation 4 completed successfully at 18:19:10 UTC Thu Jan 03 2009. Activating a Package: Example The following example shows the activation of the MPLS package. The package is activated on the boot device disk0:. RP/0/RSP0/CPU0:router(admin)# install activate disk0: asr9k-mpls-3.7.2 synchronous Install operation 15 'install activate disk0:asr9k-mpls-3.7.2 synchronous' started by user 'lab' at 19:15:33 UTC Sat Apr 08 2009. Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command 'admin install commit' to make Info: changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages Install operation 5 completed successfully at 19:16:18 UTC Sat Apr 08 2009. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 47 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesActivating a Package by Specifying an Operation ID: Example The following example shows the activation of the MPLS package using the operation ID of the install add operation that added the package: RP/0/RSP0/CPU0:router(admin)# install activate id 4 Install operation 5 '(admin) install activate id 4' started by user 'lab' via CLI at 18:20:17 UTC Thu Jan 03 2009. Info: This operation will activate the following package: Info: disk0:asr9k-mpls-3.7.2 Info: Install Method: Parallel Process Restart The install operation will continue asynchronously. Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command '(admin) install commit' to Info: make changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages Install operation 5 completed successfully at 18:21:30 UTC Thu Jan 03 2009. Adding and Activating a Package from an FTP File Server with One Command: Example To add and activate a package with a single command, enter the install add command with the activate keyword. In the following example, the Manageability PIE located on disk1: is verified, unpacked, and added to the boot device disk0. Because this operation is performed in administration EXEC mode, the package is activated for all SDRs in the system. RP/0/RSP0/CPU0:router(admin)# install add disk1: asr9k-mgbl-p.pie-3.7.2 activate Install operation 4 'install add /disk1:asr9k-mgbl-p.pie-3.7.2 activate' started by user 'cisco' at 07:58:56 UTC Wed Mar 01 2009. The install operation will continue asynchronously. :router(admin)#Part 1 of 2 (add software): Started Info: The following package is now available to be activated: Info: Info: disk0:asr9k-mgbl-3.7.2 Info: Part 1 of 2 (add software): Completed successfully Part 2 of 2 (activate software): Started Info: The changes made to software configurations will not be persistent across system reloads. Use the command 'admin install Info: commit' to make changes persistent. Info: Please verify that the system is consistent following the software change using the following commands: Info: show system verify Info: install verify packages Part 2 of 2 (activate software): Completed successfully Part 1 of 2 (add software): Completed successfully Part 2 of 2 (activate software): Completed successfully Install operation 4 completed successfully at 08:00:24 UTC Wed Mar 01 2009. Displaying the Active Packages: Example The following example displays a summary of the active packages on a router. Because this operation is performed in administration EXEC mode, the active packages for all SDRs are displayed. RP/0/RSP0/CPU0:router(admin)# show install active summary Mon Jun 22 23:41:19.509 PST Default Profile: SDRs: Owner Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 48 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Adding and Activating PackagesActive Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-k9sec-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mgbl-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I Committing the Active Package Set When a package is activated, it becomes part of the current running configuration. To make the package activation persistent across system-wide reloads, enter the install commit command. On startup, DSC of the owner SDR loads this committed software set. If the system is reloaded before the current active software is committed with the install commit command, the previously committed software set is used. If the system is reloaded before the current active software is committed with the install commit command, the previously committed software set is used. Before committing a package set, verify that the SDR is operating correctly and is forwarding packets as expected. Tip SUMMARY STEPS 1. admin 2. install commit 3. show install committed [detail | summary | verbose] [location node-id] DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Commits the current set of packages on the router so that these packages are used if the router is restarted. install commit Example: RP/0/RSP0/CPU0:router(admin)# install commit Step 2 show install committed [detail | summary | verbose] Displays which packages are committed. [location node-id] Step 3 Example: RP/0/RSP0/CPU0:router(admin)# show install committed Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 49 Upgrading and Managing Software on Cisco ASR 9000 Series Router Committing the Active Package SetExamples Committing the Active Package Set: Example In the following example, the active software packages are committed on the router: RP/0/RSP0/CPU0:router(admin)# install commit Install operation 16 'install commit' started by user 'lab' at 19:18:58 UTC Sat Apr 08 2009. Install operation 16 completed successfully at 19:19:01 UTC Sat Apr 08 2009. Displaying the Committed Package Versions: Example In the following example, the committed packages are shown for the owner SDR: RP/0/RSP0/CPU0:router(admin)# show install committed Tue Jun 23 05:11:29.968 PST Secure Domain Router: Owner Node 0/RSP0/CPU0 [RP] [SDR: Owner] Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/mbiasr9k-rp.vm Committed Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-k9sec-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mgbl-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I Node 0/1/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Committed Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I Node 0/4/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Committed Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I Node 0/6/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Committed Packages: disk0:comp-asr9k-mini-3.9.0.12I disk0:asr9k-fpd-3.9.0.12I disk0:asr9k-mcast-3.9.0.12I disk0:asr9k-mpls-3.9.0.12I As with the show install active command, the show install committed command may display a composite package that represents all packages in the Cisco IOS XR Unicast Routing Core Bundle. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 50 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Committing the Active Package SetUpgrading to Cisco IOS XR Software Release 4.0 In Cisco IOS XR Software Release 4.0, the software packages were reorganized into functionally well-defined and independently-releasable packages. For this reason, when you upgrade from a software release prior to Release 4.0, you must perform the following procedure in order to synchronize all of the software packages according to the reorganized structure. General information regarding the the addition and activation of software packages is not covered in this procedure. The main difference between the standard upgrade procedure and the procedure required to upgrade from Release 3.x to 4.x is that the later requires the addition of one additional software package, known as the upgrade package (asr9k-upgrade-p.pie). Before You Begin Before performing this procedure, see the adding and activating software package procedures described in this module. SUMMARY STEPS 1. admin 2. install add tftp:// hostname_or_ipaddress / directory-path / mandatory-bundle-pie 3. install add tftp:// hostname_or_ipaddress / directory-path / asr9k-upgrade-p.pie 4. install activate device:mandatory-bundle-pie device:upgrade-package 5. install deactivate device:upgrade-package 6. (Optional) install commit 7. install remove device:upgrade-package DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Unpacks the mandatory bundle PIE file from a network server and adds the package file to the boot device of the router. install add tftp:// hostname_or_ipaddress / directory-path / mandatory-bundle-pie Example: RP/0/RSP0/CPU0:router(admin)# install add tftp://10.1.1.1/auto/tftpboot/usr/400/asr9k-mini-p.pie Step 2 Refer to the standard procedure to add and activate packages to see other options of PIE file locations and a description of the various arguments for the install add command. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 51 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0Command or Action Purpose Unpacks the upgrade PIE file from a network server and adds the package file to the boot device of the router. install add tftp:// hostname_or_ipaddress / directory-path / asr9k-upgrade-p.pie Example: RP/0/RSP0/CPU0:router(admin)# install add tftp://10.1.1.1/auto/tftpboot/usr/400/asr9k-upgrade-p.pie Step 3 Activates the package that was added to the router together with the upgrade package. install activate device:mandatory-bundle-pie device:upgrade-package Step 4 Example: RP/0/RSP0/CPU0:router(admin)# install activate disk0:asr9k-mini-p-4.0.0 disk0:asr9k-upgrade-p-4.0.0 The bundle of mandatory packages and the upgrade bundle are activated together to perform the successful upgrade from release 3.x to 4.x. Note Deactivates the upgrade package on the router. For specific information regarding the deactivation and install deactivate device:upgrade-package Example: RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:asr9k-upgrade-p-4.0.0 Step 5 removal of software packages, refer to the general procedure. (Optional) Commits the current set of packages so that these packages are used if the router is restarted. Packages install commit Example: RP/0/RSP0/CPU0:router(admin)# install commit Step 6 can be removed only if the deactivation operation is committed. install remove device:upgrade-package Removes the inactive upgrade package. Example: RP/0/RSP0/CPU0:router(admin)# install remove disk0:asr9k-upgrade-p-4.0.0 Step 7 The following example illustrates the upgrade operation: RP/0/RSP0/CPU0:router(admin)# install add /tftp://223.255.254.254/auto/tftpboot/users/user/ asr9k-mini-p.pie Fri Jul 9 03:53:11.052 UTCRP/0/RP1/CPU0:Jul 9 03:53:12.053 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED : Install operation 4 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mini-p.pie' started by user 'lab' Install operation 4 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mini-p.pie' started by user 'lab' via CLI at 03:53:12 UTC Fri Jul 09 2010. The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)# Info: The following package is now available to be activated: Info: disk0:asr9k-mini-p-4.0.0 Info: The package can be activated across the entire router. Info: RP/0/RP1/CPU0:Jul 9 04:32:26.152 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 52 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0Info: Install operation 4 completed successfully Info: Install operation 4 completed successfully at 04:32:26 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# install add /tftp://223.255.254.254/auto/tftpboot/users/user/ asr9k-mpls-p.pie Fri Jul 9 05:07:52.237 UTCRP/0/RP1/CPU0:Jul 9 05:07:53.710 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED : Info: Install operation 5 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mpls-p.pie' Info: started by user 'lab' Info: Install operation 5 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-mpls-p.pie' Info: started by user 'lab' via CLI at 05:07:53 UTC Fri Jul 09 2010. Info: The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)# Info: RP/0/RP1/CPU0:Jul 9 05:09:08.854 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 5 completed successfully Info: The following package is now available to be activated: Info: disk0:asr9k-mpls-p-4.0.0 Info: The package can be activated across the entire router. Info: Install operation 5 completed successfully at 05:09:08 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router# install add /tftp://223.255.254.254/auto/tftpboot/users/user/ asr9k-upgrade-p.pie Fri Jul 9 05:10:31.133 UTCRP/0/RP1/CPU0:Jul 9 05:10:32.156 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED : Info: Install operation 6 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-upgrade-p.pie' Info: started by user 'lab' Info: Install operation 6 '(admin) install add /tftp://223.255.254.254/auto/tftpboot/users/user/asr9k-upgrade-p.pie' Info: started by user 'lab' via CLI at 05:10:32 UTC Fri Jul 09 2010. Info: The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)#RP/0/RP1/CPU0: Jul 9 05:11:55.634 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Info: Install operation 6 completed successfully Info: The following package is now available to be activated: Info: disk0:asr9k-upgrade-p-4.0.0 Info: The package can be activated across the entire router. Info: Install operation 6 completed successfully at 05:11:55 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# install activate disk0:asr9k-mini-p-4.0.0 disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0 Fri Jul 9 05:23:23.150 UTC Install operation 7 '(admin) install activate disk0:asr9k-mini-p-4.0.0 disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0' Info: started by user 'lab'RP/0/RP1/CPU0:Jul 9 05:23:24.161 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED : Info: Install operation 7 '(admin) install activate disk0:asr9k-mini-p-4.0.0 disk0:asr9k-upgrade-p-4.0.0 disk0:asr9k-mpls-p-4.0.0' Info: started by user 'lab' via CLI at 05:23:24 UTC Fri Jul 09 2010.\ 1% complete: Info: The operation can still be aborted (ctrl-c for options) Info: This operation will reload the following nodes in parallel: Info: 0/RP1/CPU0 (HRP) (SDR: Owner) Info: 0/SM0/SP (Fabric-SP) (Admin Resource)Proceed with this install operation (y/n)? [y]| Info: 1% complete: The operation can still be aborted (ctrl-c for options) Info: Install Method: Parallel Reload/ 1% complete: The operation can still be aborted (ctrl-c for options) Info: The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)#SP/0/SM0/SP: Jul 9 05:36:41.152 : insthelper[62]: %INSTALL-INSTHELPER-6-RELOAD_NODE_INFO : Info: As part of install operation 7 this node (0/SM0/SP) will now reload. Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command '(admin) install commit' to Info: make changes persistent. Info: Please verify that the system is consistent following the software RP/0/RP1/CPU0:Jul 9 05:36:43.962 : instdir[235]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Info: Install operation 7 completed successfully Info: change using the following commands: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 53 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0Info: show system verify Info: install verify packages Info: Install operation 7 completed successfully at 05:36:43 UTC Fri Jul 09 2010. rebooting .........................Initializing DDR SDRAM...found 4096 MB Initializing ECC on bank 0Initializing ECC on bank 1 Initializing ECC on bank 2 Initializing ECC on bank 3 Turning off data cache, using DDR for first time Initializing NVRAM...Testing a portion of DDR SDRAM ...done Reading ID EEPROMs ............................ Initializing SQUID ... Initializing PCI ...PCI0 device[1]: Vendor ID 0x10eePCI0 device[1]: Device ID 0x300ePCI1 device[1]: Device ID 0x1100PCI1 device[1]: Vendor ID 0x1013PCI1 device[2]: Device ID 0x680PCI1 device[2]: Vendor ID 0x1095PCI1 device[3]: Device ID 0x5618PCI1 device[3]: Vendor ID 0x14e4Configuring MPPs ... Configuring PCMCIA slots ...System Bootstrap, Version 1.53(20090311:225342) [CRS-1 ROMMON], Copyright (c) 1994-2009 by Cisco Systems, Inc. Acquiring backplane mastership ... successful Preparing for fan initialization............. ready Setting fan speed to 4000 RPMs successfulReading backplane EEPROM ... Released backplane mastership ...Board type is 0x100002 (1048578) Switch 0 initialized Switch 0 Port fe1: link up (100Mb Full Duplex Copper) Enabling watchdogG4(7457-NonSMP-MV64360 Rev 3) platform with 4096 MB of main memory.... CARD_RACK_NUMBER: 0 CARD_SLOT_NUMBER: 1 CPU_INSTANCE: 1 RACK_SERIAL_NUMBER: TBC08052402 MBI Validation starts ... using Control Plane Ethernet. DEBUG : Driving up signal strength for Intel LXT971 Our MAC address is 0005.9a3e.89da Interface link changed state to UP. Interface link state up. MBI validation sending request. HIT CTRL-C to abort MBI validation sending request. HIT CTRL-C to abort MBI validation sending request. HIT CTRL-C to abort MBI validation sending request. HIT CTRL-C to abort MBI validation sending request. HIT CTRL-C to abort No MBI confirmation received from dSCboot: booting from bootflash:disk0/asr9k-os-mbi-4.0.0/mbiasr9k-rp.vm .................................................................................... ################################################################################## Restricted Rights LegendUse, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS XR Software for the Cisco XR Router, Version 4.0.0 Copyright (c) 2010 by Cisco Systems, Inc. Jul 09 05:39:21.334 : Install (Node Preparation): Booting with software activated by previous install operation,errno=2 RP/0/RP1/CPU0Jul 9 05:44:45.941: syslogd_helper: [89]: dsc_event_handler: Got SysMgr dSC event : 1 RP/0/RP1/CPU0:Jul 9 05:45:11.354 : shelfmgr[306]: %PLATFORM-SHELFMGR-3-POWERDOWN_RESET : Node 0/2/SP is powered off due to admin power off request ios con0/RP1/CPU0 is now available Press RETURN to get started. RP/0/RP1/CPU0:Jul 9 05:45:27.453 : instdir[216]: %INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not committed. If the system reboots then the committed software will be used. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 54 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0Use 'install commit' to commit the active software. SYSTEM CONFIGURATION IN PROCESS The startup configuration for this device is presently loading. This may take a few minutes. You will be notified upon completion. Please do not attempt to reconfigure the device until this process is complete. User Access VerificationUsername: labPassword: RP/0/RSP0/CPU0:router# admin Fri Jul 9 05:45:55.941 UTC RP/0/RSP0/CPU0:router(admin)# show platform Fri Jul 9 05:45:59.805 UTCNode Type PLIM State Config State --------------------------------------------------------------------------------------- 0/2/SP MSC(SP) N/A UNPOWERED NPWR,NSHUT,MON 0/RP1/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON 0/SM0/SP FC-40G/S(SP) N/A MBI-RUNNING PWR,NSHUT,MON 0/SM1/* UNKNOWN N/A PRESENT PWR,NSHUT,MON RP/0/RP1/CPU0:ios(admin)# RP/0/RP1/CPU0:Jul 9 05:46:08.411 : instdir_lr[217]: %INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not committed. If the system reboots then the committed software will be used. Use 'install commit' to commit the active software. RP/0/RP1/CPU0:Jul 9 05:50:40.918 : placed[283]: LR-PLANE-READY DECLARATIONSYSTEM CONFIGURATION COMPLETED RP/0/RP1/CPU0:Jul 9 05:50:57.293 : ifmgr[213]: %PKT_INFRA-LINK-3-UPDOWN : Interface MgmtEth0/RP1/CPU0/0, changed state to Down RP/0/RP1/CPU0:Jul 9 05:50:57.313 : ifmgr[213]: %PKT_INFRA-LINK-3-UPDOWN : Interface MgmtEth0/RP1/CPU0/0, changed state to Up RP/0/RSP0/CPU0:router(admin)# show platform Fri Jul 9 05:59:36.266 UTC Node Type PLIM State Config State --------------------------------------------------------------------------------------- 0/2/SP MSC(SP) N/A UNPOWERED NPWR,NSHUT,MON 0/RP1/CPU0 RP(Active) N/A IOS XR RUN PWR,NSHUT,MON 0/SM0/SP FC-40G/S(SP) N/A IOS XR RUN PWR,NSHUT,MON 0/SM1/* UNKNOWN N/A PRESENT PWR,NSHUT,MON RP/0/RSP0/CPU0:router(admin)# install commit Fri Jul 9 05:59:41.851 UTC Install operation 8 '(admin) install commit' started by user 'lab' via CLI at 05:59:43 UTC Fri Jul 09 2010./ 20% complete: The operation can no longer be aborted (ctrl-c for options)- 20% complete: The operation can no longer be aborted (ctrl-c for options)\ 100% complete: The operation can no longer be aborted (ctrl-c for options) RP/0/RP1/CPU0:Jul 9 05:59:46.402 : instdir[216]: %INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same as the committed software. Install operation 8 completed successfully at 05:59:46 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# install deactivate disk0: asr9k-upgrade-p-4.0.0 Fri Jul 9 05:59:58.082 UTC Install operation 9 '(admin) install deactivate disk0:asr9k-upgrade-p-4.0.0'started by user 'lab' via CLI at 05:59:59 UTC Fri Jul 09 2010. 1% complete: The operation can still be aborted (ctrl-c for options)- 1% complete: The operation can still be aborted (ctrl-c for options) Info: Install Method: Parallel Process Restart\ 1% complete: The operation can still be aborted (ctrl-c for options) The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)# Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command '(admin) install commit' to Info: make changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages RP/0/RP1/CPU0:Jul 9 06:01:45.662 : instdir[216]: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 55 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0%INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not committed. If the system reboots then the committed software will be used. Use 'install commit' to commit the active software. Install operation 9 completed successfully at 06:01:45 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# install commit Fri Jul 9 06:01:53.583 UTC Install operation 10 '(admin) install commit' started by user 'lab' via CLI at06:01:54 UTC Fri Jul 09 2010./ 20% complete: The operation can no longer be aborted (ctrl-c for options)- 20% complete: The operation can no longer be aborted (ctrl-c for options)\ 100% complete: The operation can no longer be aborted (ctrl-c for options) RP/0/RP1/CPU0:Jul 9 06:01:57.807 : instdir[216]: %INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is now the same as the committed software. Install operation 10 completed successfully at 06:01:57 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# RP/0/RSP0/CPU0:router(admin)# RP/0/RSP0/CPU0:router(admin)# install remove disk0: asr9k-upgrade-p-4.0.0 Fri Jul 9 06:04:57.676 UTC Install operation 11 '(admin) install remove disk0:asr9k-upgrade-p-4.0.0'started by user 'lab' via CLI at 06:04:58 UTC Fri Jul 09 2010./ 1% complete: The operation can no longer be aborted (ctrl-c for options) Info: This operation will remove the following packages: Info: disk0:asr9k-fpd-4.0.0 Info: disk0:asr9k-doc-4.0.0 Info: disk0:asr9k-k9sec-4.0.0 Info: disk0:asr9k-sbc-4.0.0 Info: disk0:asr9k-diags-4.0.0 Info: disk0:asr9k-mgbl-4.0.0 Info: disk0:asr9k-mcast-4.0.0 Info: disk0:asr9k-mpls-4.0.0 Info: disk0:asr9k-rout-4.0.0 Info: disk0:asr9k-fwdg-4.0.0 Info: disk0:asr9k-lc-4.0.0 Info: disk0:asr9k-admin-4.0.0 Info: disk0:asr9k-upgrade-p-4.0.0- 1% complete: The operation can no longer be aborted (ctrl-c for options) Info: After this install remove the following install rollback point will Info: no longer be reachable, as the required packages will not be present: Info: 7\ 1% complete: The operation can no longer be aborted (ctrl-c for options) Proceed with removing these packages? [confirm]| 1% complete: The operation can no longer be aborted (ctrl-c for options) The install operation will continue asynchronously. RP/0/RSP0/CPU0:router(admin)#SP/0/SM0/SP:Jul 9 06:05:03.902 : envmon[117]: %PLATFORM-ENVMON-4-ALARM : MINOR_HI alarm cleared by host__temp__Inlet0 Install operation 11 completed successfully at 06:05:33 UTC Fri Jul 09 2010. RP/0/RSP0/CPU0:router(admin)# RP/0/RSP0/CPU0:router(admin)# show install act Fri Jul 9 06:08:11.372 UTC Secure Domain Router: Owner Node 0/RP1/CPU0 [HRP] [SDR: Owner] Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-4.0.0/mbiasr9k-rp.vm Active Packages: disk0:asr9k-mpls-p-4.0.0 disk0:asr9k-mini-p-4.0.0 Admin Resources: Node 0/SM0/SP [Fabric-SP] [Admin Resource] Boot Device: bootflash: Boot Image: /disk0/asr9k-os-mbi-4.0.0/sp/mbiasr9k-sp.vm Active Packages: disk0:asr9k-mini-p-4.0.0 RP/0/RSP0/CPU0:router(admin)# Related Topics Activation and Deactivation Prerequisites, on page 27 Adding and Activating Packages, on page 41 Deactivating and Removing Cisco IOS XR Software Packages, on page 57 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 56 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Upgrading to Cisco IOS XR Software Release 4.0Deactivating and Removing Cisco IOS XR Software Packages When a package is deactivated, it is no longer active on the router, but the package files remain on the boot disk. The package files can be reactivated later, or they can be removed from the disk. A package is deactivated using the following methods: • When a newer version of a package is activated, the earlier version of the package is automatically deactivated. See Related Topics for more information. Activating a software maintenance upgrade (SMU) does not cause any earlier SMUs or the package to which the SMU applies to be automatically deactivated. Note • When an earlier version of a package is activated, the newer version is deactivated automatically. See Related Topics for more information. • A specific package is deactivated using the install deactivate command. This command turns off the package features for a card or card type. Before You Begin The following are the restrictions when deactivating and removing Cisco IOS XR Software packages: • A package cannot be deleted if it is part of the running or committed software of the SDR. • A package cannot be deactivated if that package is required by another active package. When a deactivation is attempted, the system runs an automatic check to ensure that the package is not required by other active packages. The deactivation is permitted only after all compatibility checks have been passed. • Router reloads: If the deactivation requires a router reload, a confirmation prompt appears. Use the install deactivate command with the prompt-level none keywords to automatically ignore any reload confirmation prompts and proceed with the package deactivation. The router reloads if required. • Node reloads: If a software operation requires a node reload, the configuration register for that node should be set to autoboot. If the config-register for the node is not set to autoboot, then the system automatically changes the setting and the node reloads. A message describing the change is displayed. • FPD versions must be compatible with the Cisco IOS XR software that is running on the router; if an incompatibility exists between an FPD version and the Cisco IOS XR software, the device with the field-programmable gate array (FPGA) may not operate properly until the incompatibility is resolved. For information on FPDs, including instructions to upgrade FPD images, see the Upgrading FPD Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services RouterInterface and Hardware Component Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 57 Upgrading and Managing Software on Cisco ASR 9000 Series Router Deactivating and Removing Cisco IOS XR Software PackagesSUMMARY STEPS 1. Connect to the console port and log in. 2. admin 3. install deactivate { id add-id | device : package } [ location node-id ][ test ] [ pause sw-change ] 4. (Optional) show install inactive summary 5. (Optional) install verify packages 6. exit 7. (Optional) show system verify start 8. (Optional) show system verify [ detail | report ] 9. admin 10. (Optional) install commit 11. (Optional) install remove { id add-id | device : package | inactive }[ test ] DETAILED STEPS Command or Action Purpose Step 1 Connect to the console port and log in. Establishes a CLI management session with the SDR. Connect to the console port for the active DSC. For more information on console connections, see Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide. admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 2 install deactivate { id add-id | device : Deactivates a package on all SDRs a router. package } [ location node-id ][ test ] [ pause sw-change ] Step 3 • To deactivate all packagesthat were added in one or more specific install add operations, orspecify packages by name, use the id add-id keyword Example: RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:asr9k-diags-3.7.2 and argument. The operation ID of an install add operation is indicated in the syslog displayed during the operation and in the output of the show install log command. • Use the location node-id keyword and argument to deactivate the package for a specific node, if supported. • Use the pause sw-change keywords to pause the operation after preparatory checks and before the configuration is locked for the actual deactivation. This enables you to hold the operation while you perform configuration changes, and proceed with the deactivation whenever you choose. This is useful, for example, if your workflow involves configuring a router out of the network during software changes and you want to minimize the time that the router is out of the network. Follow the onscreen instructions to control the pausing and completion of the operation. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 58 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Deactivating and Removing Cisco IOS XR Software PackagesCommand or Action Purpose Press ? after a partial package name to display all possible matches available for deactivation. If there is only one match, press [TAB] to fill in the rest of the package name. When a package is deactivated for an SDR from administration EXEC mode, a notification message appears on the console for that SDR, with information on the impact of the deactivation. Note (Optional) Displays the inactive packages on the router. show install inactive summary Example: RP/0/RSP0/CPU0:router(admin)# show install inactive summary Step 4 (Optional) Verifies the consistency of an installed software set with the package file from which it originated. This command can be used as a debugging tool to install verify packages Example: RP/0/RSP0/CPU0:router(admin)# install verify packages Step 5 verify the validity of the files that constitute the packages, to determine if there are any corrupted files. This command also checks for corruptions of installation state files and MBI image files. This command is particularly useful when issued after the activation of a package or upgrading the Cisco IOS XR software to a major release. The install verify packages command can take up to two minutes per package to process. Note exit Exits administration EXEC mode and returns to EXEC mode. Example: RP/0/RSP0/CPU0:router(admin)# exit Step 6 (Optional) Starts the system status check. show system verify start Example: RP/0/RSP0/CPU0:router# show system verify start Step 7 (Optional) Displays system status information. A variety of information is displayed including the memory and CPU usage, process status, protocol status, and show system verify [ detail | report ] Example: RP/0/RSP0/CPU0:router# show system verify Step 8 other status information. Use this information to verify that the system is stable. • detail—Displays additional information at the card and processor level, including actual numbers. • report—Displays the same information as the default show system verify command Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 59 Upgrading and Managing Software on Cisco ASR 9000 Series Router Deactivating and Removing Cisco IOS XR Software PackagesCommand or Action Purpose Although most of the output should display the status “OK,” some processes may show other output, such as “Warning.” This does not specifically indicate a problem. Contact your Cisco technicalsupport representative for more information on the output of this command. Note admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 9 (Optional) Commits the current set of packages so that these packages are used if the router isrestarted. Packages can be removed only if the deactivation operation is committed. install commit Example: RP/0/RSP0/CPU0:router(admin)# install commit Step 10 This command is entered in administration EXEC mode. Note (Optional) Removes the inactive package. install remove { id add-id | device : package | inactive }[ test ] Step 11 Example: RP/0/RSP0/CPU0:router(admin)# install • Only inactive packages can be removed. • Packages can be removed only if they are deactivated from all cards in the router. remove disk0:asr9k-diags-3.8.30 • The package deactivation must be committed. • To remove a specific inactive package from a storage device, use the install remove command with the device: package arguments. • To remove all packages that were added in one or more specific install add operations, use the id add-id keyword and argument. The operation ID of an install add operation isindicated in the syslog displayed during the operation and in the output of the show install log command. If you specify packages according to operation ID, all the packages that were added by the specified operation must still be on the router. • To remove all inactive packages from all nodes in the system, use the install remove command with the inactive keyword. Related Topics Adding and Activating Packages, on page 41 Committing the Active Package Set, on page 49 Committing the Active Package Set, on page 49 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 60 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Deactivating and Removing Cisco IOS XR Software PackagesExamples In the following examples, a package is deactivated from the router. The changes are committed and the inactive package is removed from the router. Deactivating the Package: Example RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:asr9k -diags-.7.2 Install operation 27 'install deactivate disk0:asr9k-diags-3.7.2' started by user 'lab' at 23:29:37 UTC Sat Apr 15 2009. The install operation will continue asynchronously. Info: The changes made to software configuration Info: across system reloads. Use the command 'admin install commit' to make Info: changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages Install operation 27 completed successfully at 23:30:22 UTC Sat Apr 15 2009. Committing the Active Software Set: Example RP/0/RSP0/CPU0:router(admin)# install commit Install operation 29 'install commit' started by user 'lab' at 23:39:21 UTC Sat Apr 15 20090. Install operation 29 completed successfully at 23:39:24 UTC Sat Apr 15 2009. Displaying the Inactive Packages: Example RP/0/RSP0/CPU0:router(admin)# show install inactive summary Default Profile: SDRs: Owner Inactive Packages: disk0:asr9k-diags-3.7.2 Removing the Inactive Package from the Router: Example The following example shows how to remove an inactive package. In this example, the operation is run in test mode. The operation is confirmed and the package is removed. RP/0/RSP0/CPU0:router(admin)# install remove disk0:asr9k-diags-3.7.2 test Install operation 30 'install remove disk0:hfr-diags-3.7.2 test' started by user 'lab' at 23:40:22 UTC Sat Apr 15 2009. Warning: No changes will occur due to 'test' option being specified. The Warning: following is the predicted output for this install command. Info: This operation will remove the following package: Info: disk0:asr9k-diags-3.7.2 Info: After this install remove the following install rollback points will Info: no longer be reachable, as the required packages will not be present: Info: 4, 9, 10, 14, 15, 17, 18 Proceed with removing these packages? [confirm] y The install operation will continue asynchronously. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 61 Upgrading and Managing Software on Cisco ASR 9000 Series Router Deactivating and Removing Cisco IOS XR Software PackagesInstall operation 30 completed successfully at 23. Pausing Before Configuration Lock: Example The following example shows how to deactivate a package, pausing the operation before locking the configuration for the actual software deactivation. While the operation is paused, you can enter a configuration mode and perform configurations. When you want to complete the operation, enter the install operationid complete command, or the install operation id attach synchronous command. RP/0/RSP0/CPU0:router(admin)# install deactivate disk0:comp-asr9k -3.7.2.07I.CSCsr09575-1.0.0 pause sw-change Install operation 12 '(admin) install deactivate disk0:comp-asr9k-3.7.2.07I.CSCsr09575-1.0.0 pause sw-change' started by user 'admin' via CLI at 09:06:26 BST Mon Jul 07 2009. Info: This operation will reload the following nodes in parallel: Info: 0/0/CPU0 (RP) (SDR: Owner) Info: 0/1/CPU0 (LC(E3-GE-4)) (SDR: Owner) Info: 0/5/CPU0 (LC(E3-OC3-POS-4)) (SDR: Owner) Proceed with this install operation (y/n)? [y] The install operation will continue asynchronously. Info: Install Method: Parallel Reload Info: Install operation 12 is pausing before the config lock is applied for Info: the software change as requested by the user. Info: No further install operations will be allowed until the operation is resumed. Info: Please continue the operation using one of the following steps: Info: - run the command '(admin) install operation 12 complete'. Info: - run the command '(admin) install operation 12 attach synchronous' and then Info: answer the query. Rolling Back to a Previous Software Set Cisco IOS XR software allows you to roll back one or more SDRs to a previous committed or uncommitted software set. Use the show install rollback ? command to view the available rollback points and use the install rollback to command to roll back the SDR to a previous software set. You can also use the install rollback to committed command to roll back to the most recent committed software set. Note Rollback operations can be performed by running the command in administration EXEC or EXEC mode. Displaying Rollback Points A rollback point is created every time a software package is activated, deactivated, or committed. Use the show install rollback ? command to display the eligible rollback points. RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# show install rollback ? 0 ID of the rollback point to show package information for 2 ID of the rollback point to show package information for In this example, the rollback points are 0 and 2. The rollback point with the highest number is the current software point. For example, if the last installation operation was operation 3 (activating the MPLS package) then the highest rollback point is 3, which is the same as the current software (MPLS package activated). Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 62 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Rolling Back to a Previous Software SetTo easily identify specific rollback points, you can assign a label or description to a rollback point using the install label command. You can enter the command in either administration EXEC mode or EXEC mode. Displaying the Active Packages Associated with a Rollback Point To display the active packages associated with a rollback point, use the show install rollback command with the point-id argument. This command displays the packages that are active if you roll back one or more SDRs to that installation point. For example, the show install rollback 2 command displays the packages that are active if you roll back to rollback point 2. RP/0/RSP0/CPU0:router(admin)# show install rollback 0 Tue Jun 23 06:25:06.493 PST ID: 0, Label: Timestamp: 23:11:20 UTC Sat Oct 28 2000 Secure Domain Router: Owner Node 0/RSP0/CPU0 [RP] [SDR: Owner] Boot Device: disk0: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/mbiasr9k-rp.vm Rollback Packages: disk0:comp-asr9k-mini-3.9.0.12I Node 0/1/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Rollback Packages: disk0:comp-asr9k-mini-3.9.0.12I Node 0/4/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Rollback Packages: disk0:comp-asr9k-mini-3.9.0.12I Node 0/6/CPU0 [LC] [SDR: Owner] Boot Device: mem: Boot Image: /disk0/asr9k-os-mbi-3.9.0.12I/lc/mbiasr9k-lc.vm Rollback Packages: disk0:comp-asr9k-mini-3.9.0.12I You can enter the command in either administration EXEC mode or EXEC mode. For more information on the command options, see the Software Package Management Commands on Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference. Note Rolling Back to a Specific Rollback Point You can roll back to a specific rollback point, including a noncommitted software set: • If you roll back to the most recent noncommitted rollback point (with the highest number), you do not need to reload the router. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 63 Upgrading and Managing Software on Cisco ASR 9000 Series Router Displaying the Active Packages Associated with a Rollback Point• You can repeat the rollback process one rollback point at a time without reloading if you always choose the most recent rollback point. • If you choose a rollback point that is older than the most recent point, the impacted nodes reload, interrupting data traffic on those nodes. Before the reload occurs, you are prompted to confirm the install rollback operation. In the following example, the system is rolled back to noncommitted rollback point 8: RP/0/RSP0/CPU0:router(admin)# install rollback to 8 Install operation 10 'install rollback to 8' started by user 'cisco' at 07:49:26 UTC Mon Nov 14 2009. The install operation will continue asynchronously. Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command 'admin install commit' to make Info: changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages The currently active software is the same as the committed software. Install operation 10 completed successfully at 07:51:24 UTC Mon Nov 14 2009. Rolling Back to the Last Committed Package Set Use the install rollback to committed command to roll back to the last committed package set. In the following example, the owner SDR is rolled back to the last committed package set: RP/0/RSP0/CPU0:router(admin)# install rollback to committed Install operation 27 'install rollback to committed' started by user 'lab' at 16:41:38 UTC Sat Nov 19 2009. Info: The rollback to committed software will require a reload of impacted Info: nodes because it is over multiple activation & deactivation Info: operations. Info: This operation will reload the following node: Info: 0/RP1/CPU0 (RP) (SDR: Owner) Info: This operation will reload all RPs in the Owner SDR, and thereby Info: indirectly cause every node in the router to reload. Proceed with this install operation? [confirm] Updating Commit Database. Please wait...[OK] Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command 'admin install commit' to make Info: changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages Install operation 27 completed successfully at 16:42:23 UTC Sat Nov 19 2009. Additional References The following sections provide referencesrelated to software package management on Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 64 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Rolling Back to the Last Committed Package SetRelated Documents Related Topic Document Title Software Package Management Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR install commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Cisco IOS XR getting started material Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR master command index Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide ROM Monitor Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 65 Upgrading and Managing Software on Cisco ASR 9000 Series Router Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 66 OL-26081-03 Upgrading and Managing Software on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 4 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router This module describes the process to configure disk mirroring in Cisco IOS XR software. For complete descriptions of the commands listed in this module, see Related Documents, on page 77. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 10: Feature History for Disk Mirroring for Cisco IOS XR Software Release Modification Release 3.7.2 Disk mirroring was introduced. This module contains the following topics: • Disk Mirroring Prerequisites, page 67 • Information About Disk Mirroring, page 68 • How to Enable Disk Mirroring, page 69 • Configuration Examples for Enabling Disk Mirroring, page 76 • Additional References, page 77 Disk Mirroring Prerequisites Before enabling disk mirroring, the following conditions must be met: • You must be in a user group associated with a task group that includesthe proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. • The secondary storage device specified for the mirroring must be installed in the same node as the primary boot device. The supported storage devices are disk0: and disk1:. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 67• The secondary storage device must be the same size or larger than the designated primary storage device. • The secondary storage device must be partitioned. The primary partition on the secondary storage device must be large enough to contain all data on the primary boot device. This can be an issue if the primary boot device has not yet been partitioned. For example, in the situation where both the primary boot device and the secondary storage device are 1 GB in size, the primary boot device contains 950 MB of data, and the secondary storage device is already partitioned to 800 MB in the primary partition and 200 MB in the secondary partition. In such a case, the 950 MB of data from the primary boot device does not fit on the secondary storage device because of the partition. Such a configuration is rejected and an error is displayed. You need to replace the secondary storage device with a higher capacity device. For information about disk partition sizes,see Related Topics. Note Although compactflash: can be used as the secondary device on a Performance Route Processor (PRP–2), there is an issue with the ROM Monitor not being able to boot the minimum boot image (MBI) from the secondary device if the device is not disk0: or disk1:. In such a situation, you would need to go into ROMMON mode and boot the PRP-2 manually using the MBI on the compactflash:. Note Related Topics Information About Disk Mirroring, on page 68 Information About Disk Mirroring The route switch processor (RSP) card has a primary storage device that is used to store installation packages and configuration files. This primary storage device is referred to as the primary boot device and is essential for booting the RSP and its normal operation. Disk mirroring replicates the critical data on the primary boot device onto another storage device on the same RSP, henceforth referred to as the secondary device. If the primary boot device fails, applications continue to be serviced transparently by the secondary device, thereby avoiding a switchover to the standby RSP. The failed primary storage device can be replaced or repaired without disruption of service. Disk mirroring should only mirror critical data on the primary boot device onto a secondary storage device and not any noncritical data such as logging data. To separate critical data from noncritical data, the disk devices need to be partitioned. Disk0: is partitioned to disk0: and disk0a:; disk1: is partitioned to disk1: and disk1a:. Disk0: and disk1: are used for critical data, whereas disk0a: and disk1a: are used for logging data and other noncritical data. Before you can configure disk mirroring on the RSP, you must have partitioned the secondary storage device. The sizes of disk partitions are related to the total disk size, and are provided in Table 11: Size of Disk Partitions in Relation to Size of Disk, on page 68. Table 11: Size of Disk Partitions in Relation to Size of Disk Size of Disk Primary Partition Percentage Secondary Partition Percentage less than 900 MB Partitioning not supported Partitioning not supported 900 MB to 1.5 GB 80% 20% Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 68 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Information About Disk MirroringSize of Disk Primary Partition Percentage Secondary Partition Percentage 1.5 GB to 3 GB 60% 40% more than 3 GB 50% 50% How to Enable Disk Mirroring The tasks in this section describe how to enable and manage disk mirroring. Enabling Disk Mirroring Complete the following instructions to enable disk mirroring. After disk mirroring is configured, if there is a fault on the primary boot drive or it cannot be accessed for any reason, control is automatically transferred to the secondary storage device. SUMMARY STEPS 1. format secondary-device partition [ location node-id ] 2. Remove any noncritical data from the primary boot device. 3. configure 4. mirror location node-id Primary-device Secondary-device 5. Use one of these commands: • end • commit 6. show mirror [ location node-id ] 7. mirror verify location node-id DETAILED STEPS Command or Action Purpose format secondary-device partition [ Partitions the secondary storage device into two partitions. location node-id ] Step 1 • If the device is already partitioned, you do not need to perform this step. Example: RP/0/RSP0/CPU0:router# format disk1: partition Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 69 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router How to Enable Disk MirroringCommand or Action Purpose The primary boot device should contain installation packages and configuration files only. Log files can be copied to the “a” partition of the secondary device, for example disk1a: . Remove any noncritical data from the primary boot device. Step 2 configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 3 Enables disk mirroring of the primary-device to the secondary-device . mirror location node-id Primary-device Secondary-device Step 4 Example: If the primary boot device is not partitioned, the following occurs: • The contents of the primary device are replicated to the secondary device RP/0/RSP0/CPU0:router(config)# mirror location 0/ rsp0/cpu0 disk0:disk1: • Control of the mirroring server switches to the secondary storage device. • The primary device is partitioned. • Data is replicated back to the primary boot device. Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 70 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Enabling Disk MirroringCommand or Action Purpose Displays disk mirroring information for an RSP node. It also provides the status of the synchronization between the primary and secondary devices. show mirror [ location node-id ] Example: RP/0/RSP0/CPU0:router# show mirror location 0/ rsp0/cpu0 Step 6 mirror verify location node-id Verifies disk synchronization for disk mirroring on an RSP node. Example: Step 7 RP/0/RSP0/CPU0:router# mirror verify location 0/ rsp0/cpu0 Replacing the Secondary Mirroring Device Follow this procedure if you need to replace the secondary boot device used in the disk mirroring process. SUMMARY STEPS 1. show mirror [location node-id] 2. mirror pause [location node-id] 3. show mirror [location node-id] 4. unmount secondary-device [location node-id] 5. Remove the device and insert a new device. 6. format secondary-device partition [location node-id] 7. show media [location node-id] 8. mirror resume [location node-id] 9. show mirror [location node-id] DETAILED STEPS Command or Action Purpose Verifies that mirroring is active. In the output, the Current Mirroring State should be redundant. show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 1 mirror pause [location node-id] Temporarily pauses disk mirroring. Example: RP/0/RSP0/CPU0:router# mirror pause Step 2 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 71 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Replacing the Secondary Mirroring DeviceCommand or Action Purpose Verifies that mirroring has paused. In the output, the Current Mirroring State should be paused. show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 3 unmount secondary-device [location node-id] Unmounts the secondary device. Example: RP/0/RSP0/CPU0:router# unmount disk1: Step 4 Step 5 Remove the device and insert a new device. format secondary-device partition [location node-id] Formats the device. Example: RP/0/RSP0/CPU0:router# format disk1: partition Step 6 Verifies that the device is formatted. The output should display the device that you formatted. show media [location node-id] Example: RP/0/RSP0/CPU0:router# show media Step 7 mirror resume [location node-id] Resumes mirroring. Example: RP/0/RSP0/CPU0:router# mirror resume Step 8 Verifies that mirroring has restarted. In the output, the Current Mirroring State should be Syncing. show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 9 It can take 15 to 30 minutes for the mirroring process to complete. The exact time depends on the number of packages or files on the boot device. When the mirroring is complete, the Current Mirroring State should be Redundant. Replacing the Primary Mirroring Device In the event that your primary boot disk is defective and you need to replace it while disk mirroring is enabled, perform this task. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 72 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Replacing the Primary Mirroring DeviceSUMMARY STEPS 1. show mirror [location node-id] 2. configure 3. mirror location node-id Primary-device Secondary-device 4. Use one of these commands: • end • commit 5. show mirror [location node-id] 6. mirror pause [location node-id] 7. show mirror 8. unmount secondary-device [location node-id] 9. Remove the device and insert a new device. 10. show media [location node-id] 11. (Optional) format secondary-device partition [location node-id] 12. mirror resume [location node-id] 13. show mirror [location node-id] 14. configure 15. mirror location node-id Primary-device Secondary-device 16. show mirror [location node-id] DETAILED STEPS Command or Action Purpose Verifies that mirroring is in the redundant state. In the output, the Current Mirroring State should be redundant. If mirroring is not in show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 1 the redundant state, you cannot proceed with the procedure. You must wait until mirroring is in the redundant state. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 2 Swaps the device roles such that the primary mirroring device now becomes the secondary device and the secondary mirroring device becomes the primary device. mirror location node-id Primary-device Secondary-device Example: RP/0/RSP0/CPU0:router(config)# mirror Step 3 location 0/ RSP0 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 73 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Replacing the Primary Mirroring DeviceCommand or Action Purpose /CPU0 disk1:disk0: Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Verifies that the primary device is now the secondary device and vice versa. In the output, if disk0: was the primary disk that you want to replace, it should now be listed as the secondary device. show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 5 mirror pause [location node-id] Temporarily pauses disk mirroring. Example: RP/0/RSP0/CPU0:router# mirror pause Step 6 Verifies that mirroring has paused. In the output, the Current Mirroring State should be paused. show mirror Example: RP/0/RSP0/CPU0:router# show mirror Step 7 Unmounts the secondary device which is the device that you want to replace. Initially, this was the primary device. unmount secondary-device [location node-id] Example: RP/0/RSP0/CPU0:router# unmount disk1: Step 8 Step 9 Remove the device and insert a new device. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 74 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Replacing the Primary Mirroring DeviceCommand or Action Purpose Verifies that the new disk is partitioned. You should see that the new device is mounted. If the new device is not partitioned, format the device as indicated in the next step. show media [location node-id] Example: RP/0/RSP0/CPU0:router# show media Step 10 (Optional) Formats the device. You only need to perform this step if the new device is not partitioned. format secondary-device partition [location node-id] Example: RP/0/RSP0/CPU0:router# format disk1: partition Step 11 mirror resume [location node-id] Resumes mirroring. Example: RP/0/RSP0/CPU0:router# mirror resume Step 12 Verifies that mirroring has restarted. In the output, the Current Mirroring State should be Syncing. show mirror [location node-id] Example: RP/0/RSP0/CPU0:router# show mirror Step 13 It can take 15 to 30 minutes for the mirroring process to complete. The exact time depends on the number of packages or files on the boot device. When the mirroring is complete, the Current Mirroring State should be Redundant. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 14 Swaps the device roles back so that the newly inserted device becomes the primary device. mirror location node-id Primary-device Secondary-device Example: RP/0/RSP0/CPU0:router(config)# mirror Step 15 location 0/ RSP0 /CPU0 disk0:disk1: show mirror [location node-id] Verifies that the new device is now the primary device. Example: RP/0/RSP0/CPU0:router# show mirror Step 16 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 75 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Replacing the Primary Mirroring DeviceConfiguration Examples for Enabling Disk Mirroring Enabling Disk Mirroring: Example In the following example, disk mirroring is enabled on a router: format disk1: partition This operation will destroy all data on "disk1:" and partition device. Continue? [confirm] y Device partition disk1: is now formated and is available for use. configure mirror location 0/0/cpu0 disk0:disk1: commit show mirror Command Output: Example RP/0/RSP0/CPU0:router(admin)# show mirror location all Tue Dec 7 13:02:26.520 PST Mirror Information for 0/RSP0/CPU0. ======================================================== Mirroring Enabled Configured Primary: disk0: Configured Secondary: disk1: Current Mirroring State: Redundant Current Physical Primary: disk0: Current Physical Secondary: disk1: Mirroring Logical Device: disk0: Mirroring Logical Device2: disk1: Physical Device State Flags -------------------------------------------------------- disk0: Available Enabled disk1: Available Enabled compactflash: Available (null) Available disk0a: Available disk1a: Available compactflasha: Not Present harddisk: Available Mirroring Rommon Variable BOOT_DEV_SEQ_CONF = disk0:;disk1: BOOT_DEV_SEQ_OPER = disk0:;disk1: MIRROR_ENABLE = Y mirror verify Command Output: Example RP/0/RSP0/CPU0:router# mirror verify Mirror Verify Information for 0/0/CPU0. ======================================================== Primary device and secondary device are fully synchronized. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 76 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Configuration Examples for Enabling Disk MirroringAdditional References The following sections provide references related to disk mirroring configuration. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration information for a router using the Cisco IOS XR software Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR command master list Boot Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR boot commands Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 77 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 78 OL-26081-03 Configuring Disk Mirroring on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 5 Software Entitlement on the Cisco ASR 9000 Series Router Cisco IOS XR software contains all the supported features for a given release. Before the introduction of software entitlement on Cisco IOS XR software, you could freely activate all available software packages on your network devices and could enable all the bundled features. To enable the pay-as-you-grow model—where you pay only for the features that you need today—but can upgrade when necessary while keeping your investment safe, software entitlement has been introduced. Licensing enables you to purchase individual software features and upgrade hardware capacity in a safe and reliable way. For complete descriptions of the commands listed in this module, see Related Documents, on page 89. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 12: Feature History for Software Entitlement Release Modification Release 3.9.0 The software entitlement feature was introduced. This model contains the following topics: • Prerequisites for Configuring Software Entitlement, page 80 • Restrictions for Cisco IOS XR Software Entitlement, page 80 • Information About Cisco IOS XR Software Entitlement, page 80 • How to Configure Cisco IOS XR Software Entitlement, page 83 • Troubleshooting License Issues after a Software Upgrade, page 88 • Additional References, page 88 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 79Prerequisites for Configuring Software Entitlement You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for Cisco IOS XR Software Entitlement The following features may not work as expected unless the appropriate licenses are installed: • Layer 3 VPN routing and forwarding (VRF) • G.709 support for supported 10-Gigabit Ethernet line cards • Video monitoring If you configure and remove VRFs after installing the license, any VRFs configured prior to installing the license are not recognized. You need to reconfigure these VRFs. Note Information About Cisco IOS XR Software Entitlement To configure process placement policies, you need to understand the concepts described in this module. What Is Software Entitlement? Software entitlement is a system that consists of a license manager on a Cisco IOS XR device that manages licenses for various software and hardware features. The license manager parses and authenticates a license before accepting it. The software features on the router use the license manager APIs to check out and release licenses. Licenses are stored in persistent storage on the router. Core routing features are available for use without any license. The following features can be enabled on your router using licenses: Layer 3 VPN Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3 VPN license for the line card slot on which the feature is being configured. If the advanced IP license is enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be configured on a line card. If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured on the line card. See the following modulesin Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide for information about Layer 3 VPN configurations: • Implementing MPLS Layer 3 VPNs on the Cisco ASR 9000 Series Router • Implementing Virtual Private LAN Services on the Cisco ASR 9000 Series Router Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 80 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Prerequisites for Configuring Software EntitlementG.709 If a G.709 license is available, G.709 can be enabled on 10-Gigabit Ethernet interfaces on the following line cards: • 2-port 10 Gigabit Ethernet / 20-port Gigabit Ethernet line card • 8-port 10 Gigabit Ethernet line card Refer to the Configuring Dense Wavelength Division Multiplexing Controllers on the Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide. Video Monitoring Video monitoring can be enabled for the Cisco ASR 9000 chassis by using a video monitoring license. Types of Licenses The following types of licenses are currently defined: • Permanent licenses—Licensesthat enable a designated feature permanently, aslong asthe license resides on the router. • Evaluation or metered licenses—Licenses that enable a feature for a limited period of time. The feature stops working immediately on license expiry. If multiple evaluation licenses are added for the same feature, the expiry period is counted from when the first evaluation license is added to the router. Router License Pools License pools are maintained by the router. By default, all added licenses are allocated to the owner SDR license pool, and they can be freely allocated to any slot in the router. Features on cards belonging to the owner SDR are granted licenses based on availability in the owner SDR license pool. Chassis-Locked Licenses Licenses are locked to a unique device identifier (UDI). The UDI is comprised of the chassis serial number, along with a license operation ID number. The license operation ID is incremented by the license manager every time there is a successful license add or remove operation. The complete set of UDI information can be displayed using the show license udi command. The license manager parses the user-provided license and verifies that it is valid for the chassis it is running on and determines if the license is being readded. Slot-Based Licenses Feature licenses are allocated to router slots and not cards. Therefore, if a card is replaced, the existing license is applied to the newly inserted card. For example, if you have eight licenses for Layer 3 VPN in the system, you can configure Layer 3 VPN features on any eight cards in the router, and the licenses are allocated to the slots within which the cards are installed. If a card is removed from one of these licensed slots, say slot 3, and Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 81 Software Entitlement on the Cisco ASR 9000 Series Router Types of Licensesentered into an empty slot with no license, say slot 5, the license remains with slot 3 and the feature cannot be activated on slot 5 with the permanent license entered earlier by the user. In this case, you can release the license to the appropriate license pool by removing the configuration of the card (while it is inserted), or by using the license move slot command. When you configure the feature on slot 5, the license is checked out. Features that Require Licenses After a Software Image Upgrade When you upgrade your Cisco IOS XR software image from a release that does notsupportsoftware entitlement to one that does, a warning message is displayed to the console port for each feature that requires a license. You must acquire either an evaluation license or a permanent license in order to continue using any features that require a license. During an install activate operation, if the installation fails to acquire a license (through the license manager) for a package that requires licensing then the install operation is allowed but a warning message similar to the following is displayed: Install operation 10 '(admin) install activate disk0:asr9k-optic-4.0.1.06I' started by user 'root' via CLI at 09:57:15 pst Tue Aug 10 2010. RP/0/RSP0/CPU0:Aug 10 09:57:15.058 : instdir[206]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_STARTED : Install operation 10 '(admin) install activate disk0:asr9k-optic-4.0.1.06I' started by user 'root' / 1% complete: The operation can still be aborted (ctrl-c for options)RP/0/RSP0/CPU0: Aug 10 09:57:18.691 : licmgr[237]: %LICENSE-LICMGR-4-PACKAGE_LICENSE_INVALID : Package A9K-ADV-OPTIC-LIC activated without a valid license/ valid configuration Warning: There is no valid license for the following package: Warning: Warning: disk0:asr9k-optics-supp-4.0.1.06I Warning: Info: Install Method: Parallel Process Restart \ 1% complete: The operation can still be aborted (ctrl-c for options)RP/0/RSP0/CPU0: Aug 10 09:57:18.692 : instdir[206]: %INSTALL-INSTMGR-4-INSTALL_OPERATION_WARNING : A warning occurred during install operation 10. See 'show install log 10 detail' for more information. The install operation will continue asynchronously. LC/0/0/CPU0:Aug 10 09:57:46.358 : sysmgr[87]: %OS-SYSMGR-7-INSTALL_NOTIFICATION : notification of software installation received LC/0/0/CPU0:Aug 10 09:57:46.389 : sysmgr[87]: %OS-SYSMGR-7-INSTALL_FINISHED : software installation is finished LC/0/1/CPU0:Aug 10 09:57:46.477 : sysmgr[90]: %OS-SYSMGR-7-INSTALL_NOTIFICATION : notification of software installation received LC/0/1/CPU0:Aug 10 09:57:46.482 : sysmgr[90]: %OS-SYSMGR-7-INSTALL_FINISHED : software installation is finished RP/0/RSP0/CPU0:Aug 10 09:58:01.402 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_NOTIFICATION : notification of software installation received RP/0/RSP0/CPU0: Aug 10 09:58:01.417 : sysmgr[95]: %OS-SYSMGR-7-INSTALL_FINISHED : software installation is finished Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command '(admin) install commit' to Info: make changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages RP/0/RSP0/CPU0:Aug 10 09:58:11.154 : instdir[206]: %INSTALL-INSTMGR-4-ACTIVE_SOFTWARE_COMMITTED_INFO : The currently active software is not committed. If the system reboots then the committed software will be used. Use 'install commit' to commit the active software. RP/0/RSP0/CPU0:Aug 10 09:58:11.155 : instdir[206]: %INSTALL-INSTMGR-6-INSTALL_OPERATION_COMPLETED_SUCCESSFULLY : Install operation 10 completed successfully Install operation 10 completed successfully at 09:58:11 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 82 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Features that Require Licenses After a Software Image Upgradepst Tue Aug 10 2010. If you activate an SMU whose corresponding package requires a license but a license was not acquired successfully, then the install operation is allowed but a warning message similar to the following is displayed: Wed Nov 25 15:02:23.418 PST Install operation 8 started by user 'lab' via CLI at 14:59:46 PST Wed Nov 25 2009. (admin) install activate id 7 Install operation 8 completed successfully at 15:02:13 PST Wed Nov 25 2009. Install logs: Install operation 8 '(admin) install activate id 7' started by user 'lab' via CLI at 14:59:46 PST Wed Nov 25 2009. Info: This operation will activate the following packages: Info: disk0:comp-asr9k-4.0.0.3P.CSCee40001-1.0.0 Info: disk0:comp-asr9k-4.0.0.3P.CSCee30001-1.0.0 Info: disk0:comp-asr9k-4.0.0.3P.CSCee20001-1.0.0 Info: disk0:comp-asr9k-4.0.0.3P.CSCee10001-1.0.0 Info: The following SMUs are not being activated as they do not apply to Info: any packages on the router: Info: Info: disk0:asr9k-diags-supp-4.0.0.3P.CSCee30001-1.0.0 Info: disk0:asr9k-fpd-4.0.0.3P.CSCee40001-1.0.0 Info: Warning: There is no valid license found for package 'disk0:asr9k-mcast-supp-4.0.0.3P' Warning: when activating SMU 'disk0:asr9k-mcast-supp-4.0.0.3P.CSCee10001-1.0.0'. Warning: There is no valid license found for package 'disk0:asr9k-mgbl-supp-4.0.0.3P' Warning: when activating SMU 'disk0:asr9k-mgbl-supp-4.0.0.3P.CSCee20001-1.0.0'. Warning: Info: The following sequence of sub-operations has been determined to minimize any Info: impact: Info: Sub-operation 1: Info: Install Method: Parallel Process Restart Info: asr9k-mcast-supp-4.0.0.3P.CSCee10001-1.0.0 Info: Info: Sub-operation 2: Info: Install Method: Parallel Process Restart Info: asr9k-mgbl-supp-4.0.0.3P.CSCee20001-1.0.0 Info: Info: The changes made to software configurations will not be persistent Info: across system reloads. Use the command '(admin) install commit' to Info: make changes persistent. Info: Please verify that the system is consistent following the software Info: change using the following commands: Info: show system verify Info: install verify packages Install operation 8 completed successfully at 15:02:13 PST Wed Nov 25 2009. Related Topics Adding a License for a New Feature, on page 83 How to Configure Cisco IOS XR Software Entitlement Adding a License for a New Feature This task describes how to acquire a permanent license for a feature that you have purchased or an evaluation license for a feature that you have arranged with your sales representative to try. Use this procedure to replace evaluation licenses with permanent licenses. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 83 Software Entitlement on the Cisco ASR 9000 Series Router How to Configure Cisco IOS XR Software EntitlementBefore You Begin You must have purchased the feature for which you are adding the license. When you purchase the feature, you are provided with a product authorization key (PAK) that you use to download the license. SUMMARY STEPS 1. admin 2. show license udi 3. http://www.cisco.com/go/license 4. Copy the license to your TFTP server. 5. admin 6. license add license-name [ sdr sdr-name ] 7. license license-name location { all | node-id } 8. exit DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Displays the UDI of the chassis. This consists of a product identifier (PID), serial number (S/N), and operation identifier (Operation ID). show license udi Example: Step 2 RP/0/0/CPU0:router# admin Mon Jul 13 04:36:30.715 PST RP/0/RSP0/CPU0:router(admin)# show license udi Mon Jul 13 04:36:32.715 PST Local Chassis UDI Information: PID : ASR-9010-AC S/N : FOX1232H67M Operation ID: 1 Go to the license tool on Cisco.com. You must log in to the site before you can access the license tool. Follow the instructions for Step 3 http://www.cisco.com/go/license product license registration. You are required to enter the feature PAK and the chassis UDI to acquire the license. If you are installing a permanent license, you should have received the PAK when you purchased the feature. If you are installing an evaluation license, your sales representative should provide you with the PAK. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 84 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Adding a License for a New FeatureCommand or Action Purpose You will be issued a license. You can copy the license and store it on your computer, or alternatively, you can request that the Step 4 Copy the license to your TFTP server. license be sent to you in an e-mail. When you have received the license, copy it to a TFTP server that is accessible by your router. Enters administration EXEC mode on the router to which you want to add the license. admin Example: RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# Step 5 Adds the license to the SDR license pool. By default, the license is added to the owner SDR license pool. license add license-name [ sdr sdr-name ] Example: Step 6 RP/0/RSP0/CPU0:router(admin)# license add tftp://192.10.10.10/mylicenses/lc40g_lic license license-name location { all | node-id } Binds the license to the slot where it is to be used. Example: RP/0/RSP0/CPU0:router(admin-config)# license A9K-ADV-OPTIC-LIC location 0/0/CPU0 Step 7 exit Exits administration EXEC mode. Example: RP/0/RSP0/CPU0:router(admin)# exit Step 8 What to Do Next To use the feature associated with the added license, you must configure it on your router. To configure Layer 3 VPN,see the Implementing MPLS Layer 3 VPNs on Cisco IOS XR Software module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. To verify that your Layer 3 VPN configuration is operational, use the show rsi interface all global command. Backing Up Licenses When your router is configured with the licenses that you require, you should perform this task to back up all licenses. Backing up licenses makes it easier to restore them if there is a problem. SUMMARY STEPS 1. admin 2. license backup backup-file 3. show license backup backup-file Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 85 Software Entitlement on the Cisco ASR 9000 Series Router Backing Up LicensesDETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Backs up all licenses on the router to a backup file in the specified location. The backup file can be a local file or a remote file on a TFTP or RCP server. license backup backup-file Example: RP/0/RSP0/CPU0:router(admin)# license backup disk1:/license_back Step 2 License command "license backup disk1:/license_back" completed successfully. show license backup backup-file Displays the contents of the backup file. Example: Step 3 RP/0/RSP0/CPU0:router(admin)# show license backup disk1:/license_back Examples The following example shows sample output from the show license backup command. RP/0/RSP0/CPU0:router(admin)# show license backup disk1:/license_back Local Chassis UDI Information: S/N : TBA09370035 Operation ID: 5 Licenses : FeatureID Type #installed CRS-MSC-40G Slot based, Permanent 2 XC-L3VPN Slot based, Permanent 1 RP/0/RSP0/CPU0:router(admin)# show license backup disk0:/lic_backup.pkg Tue Jul 27 17:12:44.982 pst Local Chassis UDI Information: S/N : FOX1316G5TL Operation ID: 9 FeatureID: A9K-ADV-OPTIC-LIC (Slot based, Permanent) Total licenses 1 Pool: Owner 1 Allocated Node(s): 0/0/CPU0 1 [Owner] Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 86 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Backing Up LicensesFeatureID: A9K-ADV-VIDEO-LIC (Slot based, Evaluation) Total licenses 1 Pool: Owner 1 Allocated Node(s): 0/RSP0/CPU0 1 [Owner] FeatureID: A9K-AIP-LIC-B (Slot based, Permanent) Total licenses 2 Pool: Owner 2 Allocated Node(s): 0/6/CPU0 1 [Owner] 0/1/CPU0 1 [Owner] FeatureID: A9K-AIP-LIC-E (Slot based, Permanent) Total licenses 2 Pool: Owner 2 Allocated Node(s): 0/4/CPU0 1 [Owner] FeatureID: A9K-iVRF-LIC (Slot based, Permanent) Total licenses 1 Pool: Owner 1 FeatureID: A9K-iVRF-LIC (Slot based, Evaluation) Total licenses 3 Pool: Owner 3 Allocated Node(s): 0/1/CPU0 1 [Owner] Restoring Licenses If your licenses become corrupted, and you have previously created a backup of your licenses, you can perform this task to restore the licenses to your router. Before You Begin You must have created a backup file of your licenses before you can restore them on your router. SUMMARY STEPS 1. admin 2. show license backup backup-file 3. license restore backup-file DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 87 Software Entitlement on the Cisco ASR 9000 Series Router Restoring LicensesCommand or Action Purpose Displays the contents of the backup file. You should verify the contents of the backup file before you restore your licenses. show license backup backup-file Example: RP/0/RSP0/CPU0:router(admin)# show license backup disk1:/license_back Step 2 Restores all licenses on the router from a backup file in the specified location. This can be a local file, or a remote file on a TFTP or RCP server. license restore backup-file Example: RP/0/RSP0/CPU0:router(admin)# license restore disk1:/license_back Step 3 Examples The following example shows sample output from the license restore command. RP/0/RSP0/CPU0:router(admin)# license restore disk1:/license_back Info: This command will erase all existing licenses. Info: It is strongly recommended to backup existing licenses first. Do you wish to proceed? [yes/no]: y License command "license restore disk1:/license_back" completed successfully. Troubleshooting License Issues after a Software Upgrade In the instance that you were running Cisco IOS XR Release 3.9.0 and had the optic feature enabled on a interface and the A9K-ADV-OPTIC-LIC license was active on a particular slot, when you upgrade to Cisco IOS XR Release 4.0.0, the A9K-ADV-OPTIC-LIC license is still active, but you may get the following warning message: RP/0/RSP0/CPU0:Jul 27 14:22:22.594 : licmgr[236]: %LICENSE-LICMGR-4-PACKAGE_LOCATION_LICENSE_INVALID : Feature associated to package A9K-ADV-OPTIC-LIC configured on node 0/4/CPU0 without a valid license To solve this issue, configure the license command in administration EXEC mode. This binds the A9K-ADV-OPTIC-LIC license to the slot on which you are using the license. For example: RP/0/RSP0/CPU0:router(admin-config)# license A9K-ADV-OPTIC-LIC location 0/4/CPU0 RP/0/RSP0/CPU0:router(admin-config)# commit Additional References The following sections provide references related to Cisco IOS XR software entitlement. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 88 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Troubleshooting License Issues after a Software UpgradeRelated Documents Related Topic Document Title Software Entitlement Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR software entitlement commands Implementing MPLS Layer 2 VPNs module of Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Layer 2 VPN configuration Implementing MPLS Layer 3 VPNs on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Layer 3 VPN configuration Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR software commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Information on getting started with Cisco IOS XR software Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 89 Software Entitlement on the Cisco ASR 9000 Series Router Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 90 OL-26081-03 Software Entitlement on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 6 Managing the Router Hardware This chapter describes the command-line interface (CLI) techniques and commands used to manage and configure the hardware components of a router running the Cisco IOS XR software. For complete descriptions of the commands listed in this module, see Additional References, on page 119. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 13: Feature History for Managing Router Hardware with Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. This module contains the following topics: • Prerequisites for Managing Router Hardware, page 92 • Displaying Hardware Status, page 92 • RSP Redundancy and Switchover, page 107 • Reloading, Shutting Down, or Power Cycling a Node, page 111 • Flash Disk Recovery, page 115 • Using Controller Commands to Manage Hardware Components, page 115 • Formatting Hard Drives, Flash Drives, and Other Storage Devices, page 115 • Removing and Replacing Cards, page 116 • Upgrading the CPU Controller Bits, page 119 • Additional References, page 119 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 91Prerequisites for Managing Router Hardware You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Displaying Hardware Status This section describes how to display different types of hardware status information. Displaying SDR Hardware Version Information To display hardware version information for the components assigned to a secure domain router (SDR), connect to the designated shelf controller (DSC) and enter the show diag command in EXEC mode. The displayed information includes the card serial number and the ROMMON software version. The syntax for the show diag command in EXEC mode is: show diag [node-id | details | summary] In the following example, the show diag command displays information for all nodes in the SDR: RP/0/RSP0/CPU0:router# show diag Mon Jun 29 00:36:41.576 PST NODE module 0/RSP0/CPU0 : MAIN: board type 0x100302 S/N: FOC1230803H Top Assy. Number: 68-3160-04 PID: A2K-RSP-4G-HDD= UDI_VID: VP4 HwRev: V4.8 New Deviation Number: 0 CLEI: IPUCARJBAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A MONLIB: QNXFFS Monlib Version 3.2 ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: Compact Flash : V1.0 XbarSwitch0 : V1.3 XbarSwitch1 : V1.3 XbarArbiter : V1.0 XbarInterface : V0.0 IntCtrl : V1.14 ClkCtrl : V1.13 PuntFPGA : V1.5 HD : V3.0 USB0 : V77.20 USB1 : V77.20 CPUCtrl : V1.17 UTI : V1.6 LIU : V1.0 MLANSwitch : V0.0 EOBCSwitch : V2.0 CBC (active partition) : v1.2 CBC (inactive partition) : v1.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 92 OL-26081-03 Managing the Router Hardware Prerequisites for Managing Router HardwareNODE module 0/1/CPU0 : MAIN: board type 0x20207 S/N: FOC123081J6 Top Assy. Number: 68-3182-03 PID: A9K-40GE-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.8 PHYCtrl : V0.6 40 Port Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE module 0/4/CPU0 : MAIN: board type 0x2020a S/N: FOC123081JA Top Assy. Number: 68-3183-02 PID: A9K-8T/4-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: IPU3AE0CAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.10 PHYCtrl : V0.7 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PHY4 : V0.16 PHY5 : V0.16 PHY6 : V0.16 PHY7 : V0.16 8 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE module 0/6/CPU0 : MAIN: board type 0x20208 S/N: FHH12250033 Top Assy. Number: 68-3184-02 PID: A9K-4T-B Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 93 Managing the Router Hardware Displaying SDR Hardware Version InformationUDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PortCtrl : V0.10 PHYCtrl : V0.7 4 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 In the following example, the show diag command displays information for a single node: RP/0/RSP0/CPU0:router# show diag 0/6/cpu0 Mon Jun 29 00:41:43.450 PST NODE module 0/6/CPU0 : MAIN: board type 0x20208 S/N: FHH12250033 Top Assy. Number: 68-3184-02 PID: A9K-4T-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PortCtrl : V0.10 PHYCtrl : V0.7 4 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 94 OL-26081-03 Managing the Router Hardware Displaying SDR Hardware Version InformationDisplaying System Hardware Version Information To display hardware version information for all or some of the components assigned in a system, connect to the designated shelf controller (DSC) and enter the show diag command in administration EXEC mode. When this command is entered in administration EXEC mode, you can display information on RSPs, line cards, and system components such as the chassis, fan trays, and power supplies. If you enter the show diag command in EXEC mode, the software displays only the hardware assigned to the SDR to which you are connected. Note The syntax for the show diag command in administration EXEC mode is: show diag [node-id | chassis | details | fans | memory | power-supply | summary] Tip For information on the software version, use the show version command. In the following example, the show diag command displays information for all nodes in the system: RP/0/RSP0/CPU0:router(admin)# show diag Mon Jun 29 01:21:04.571 PST NODE module 0/RSP0/CPU0 : MAIN: board type 0x100302 S/N: FOC1230803H Top Assy. Number: 68-3160-04 PID: A2K-RSP-4G-HDD= UDI_VID: VP4 HwRev: V4.8 New Deviation Number: 0 CLEI: IPUCARJBAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A MONLIB: QNXFFS Monlib Version 3.2 ROMMON: Version 1.0(20081208:173612) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: Compact Flash : V1.0 XbarSwitch0 : V1.3 XbarSwitch1 : V1.3 XbarArbiter : V1.0 XbarInterface : V0.0 IntCtrl : V1.14 ClkCtrl : V1.13 PuntFPGA : V1.5 HD : V3.0 USB0 : V77.20 USB1 : V77.20 CPUCtrl : V1.17 UTI : V1.6 LIU : V1.0 MLANSwitch : V0.0 EOBCSwitch : V2.0 CBC (active partition) : v1.2 CBC (inactive partition) : v1.1 NODE fantray 0/FT0/SP : MAIN: board type 0x900211 S/N: Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 95 Managing the Router Hardware Displaying System Hardware Version InformationTop Assy. Number: 32-0000-00 PID: UDI_VID: HwRev: V32.0 New Deviation Number: 0 CLEI: PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: CBC (active partition) : v4.0 CBC (inactive partition) : v0.13 NODE fantray 0/FT1/SP : MAIN: board type 0x900211 S/N: Top Assy. Number: 32-0000-00 PID: UDI_VID: HwRev: V32.0 New Deviation Number: 0 CLEI: PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: CBC (active partition) : v4.0 CBC (inactive partition) : v0.13 NODE module 0/1/CPU0 : MAIN: board type 0x20207 S/N: FOC123081J6 Top Assy. Number: 68-3182-03 PID: A9K-40GE-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.8 PHYCtrl : V0.6 40 Port Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE module 0/4/CPU0 : MAIN: board type 0x2020a S/N: FOC123081JA Top Assy. Number: 68-3183-02 PID: A9K-8T/4-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: IPU3AE0CAA Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 96 OL-26081-03 Managing the Router Hardware Displaying System Hardware Version InformationNP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PortCtrl : V0.10 PHYCtrl : V0.7 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PHY4 : V0.16 PHY5 : V0.16 PHY6 : V0.16 PHY7 : V0.16 8 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE module 0/6/CPU0 : MAIN: board type 0x20208 S/N: FHH12250033 Top Assy. Number: 68-3184-02 PID: A9K-4T-B UDI_VID: V1D HwRev: V0.0 New Deviation Number: 0 CLEI: Board State : IOS XR RUN PLD: Motherboard: N/A, Processor: 0x8004 (rev: 2.2), Power: N/A ROMMON: Version 1.0(20081208:174521) [ASR9K ROMMON] Board FPGA/CPLD/ASIC Hardware Revision: NP0 : V3.194 NP1 : V3.194 NP2 : V3.194 NP3 : V3.194 XbarInterface : V18.4 Bridge0 : V0.38 Bridge1 : V0.38 CPUCtrl : V0.15 USB : V77.20 PHY0 : V0.16 PHY1 : V0.16 PHY2 : V0.16 PHY3 : V0.16 PortCtrl : V0.10 PHYCtrl : V0.7 4 Port Ten Gigabit Ethernet Daughter board : V0.0 CBC (active partition) : v2.2 CBC (inactive partition) : v2.1 NODE power-module 0/PM0/SP : MAIN: board type 0xf00188 S/N: Top Assy. Number: 341-00032-01 PID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: NODE power-module 0/PM1/SP : MAIN: board type 0xf00188 S/N: Top Assy. Number: 341-00032-01 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 97 Managing the Router Hardware Displaying System Hardware Version InformationPID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: NODE power-module 0/PM2/SP : MAIN: board type 0xf00188 S/N: Top Assy. Number: 341-00032-01 PID: A9K-3KW-AC UDI_VID: V00 HwRev: V0.0 New Deviation Number: 0 CLEI: ACACACACAC PLD: Motherboard: N/A, Processor: N/A, Power: N/A ROMMON: Board FPGA/CPLD/ASIC Hardware Revision: Rack 0 - ASR-9010 Chassis, Includes Accessories RACK NUM: 0 S/N: PID: ASR-9010 Backplane VID: 0.1 Desc: ASR-9010 Chassis, Includes Accessories CLEI: NOCLEI Top Assy. Number: 68-1234-56 In the following example, the show diag command displays information for a single system component: RP/0/RSP0/CPU0:router(admin)# show diag chassis Mon Jun 29 01:25:05.711 PST Rack 0 - ASR-9010 Chassis, Includes Accessories RACK NUM: 0 S/N: PID: ASR-9010 Backplane VID: 0.1 Desc: ASR-9010 Chassis, Includes Accessories CLEI: NOCLEI Top Assy. Number: 68-1234-56 Displaying Software and Hardware Information The show version command displays a variety of system information, including the hardware and software versions, router uptime, boot settings (including the configuration register), and active software. The following is sample output from the show version command: RP/0/RP0/CPU0:router# show version Sat Aug 1 22:52:39.089 DST Cisco IOS XR Software, Version 3.9.0.16I[DT_IMAGE] Copyright (c) 2009 by Cisco Systems, Inc. ROM: System Bootstrap, Version 1.1(20090521:183759) [ASR9K ROMMON], router uptime is 1 day, 2 hours, 34 minutes Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 98 OL-26081-03 Managing the Router Hardware Displaying Software and Hardware InformationSystem image file is "bootflash:disk0/asr9k-os-mbi-3.9.0.16I/mbiasr9k-rp.vm" cisco ASR9K Series (MPC8641D) processor with 4194304K bytes of memory. MPC8641D processor at 1333MHz, Revision 2.2 2 Management Ethernet 12 TenGigE 40 GigabitEthernet 219k bytes of non-volatile configuration memory. 975M bytes of compact flash card. 33994M bytes of hard disk. 1605616k bytes of disk0: (Sector size 512 bytes). 1605616k bytes of disk1: (Sector size 512 bytes). Configuration register on node 0/RSP0/CPU0 is 0x102 Boot device on node 0/RSP0/CPU0 is disk0: Package active on node 0/RSP0/CPU0: asr9k-scfclient, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-scfclient-3.9.0.16I Built on Thu Jul 30 12:09:40 DST 2009 By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for c4.2.1-p0 asr9k-adv-video, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-adv-video-3.9.0.16I Built on Thu Jul 30 13:49:37 DST 2009 By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for c4.2.1-p0 asr9k-fpd, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-fpd-3.9.0.16I Built on Thu Jul 30 12:26:21 DST 2009 By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for c4.2.1-p0 asr9k-diags, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-diags-3.9.0.16I Built on Thu Jul 30 12:09:43 DST 2009 By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for c4.2.1-p0 asr9k-k9sec, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-k9sec-3.9.0.16I Built on Thu Jul 30 12:25:25 DST 2009 By sjc-lds-208 in /auto/ioxbuild7/production/3.9.0.16I.DT_IMAGE/asr9k/workspace for c4.2.1-p0 asr9k-mgbl, V 3.9.0.16I[DT_IMAGE], Cisco Systems, at disk0:asr9k-mgbl-3.9.0.16I Built on Thu Jul 30 13:48:16 DST 2009 --More-- Displaying SDR Node IDs and Status In EXEC mode, the show platform command displays information for all nodes assigned to the owner SDR. For each node, this information includes the host card type, the operational state, and the configuration state. To display information on a single node, enter the command with a node ID. The syntax for the show platform command is: show platform [node-id] The following example displays the status for all nodes in the SDR to which you are connected: RP/0/RSP0/CPU0:router# show platform Mon Aug 3 07:39:01.416 DST Node Type State Config State ----------------------------------------------------------------------------- 0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON 0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON 0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 99 Managing the Router Hardware Displaying SDR Node IDs and Status0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON The node-id appears in the rack/slot/module notation, and the node-id components are as follows: • rack —In a single-shelf system the rack number is always “0.” • slot —Number of the physical slot in which the card is installed. • module —Subslot number of a system hardware component. Table 14: Node ID Components, on page 100 summarizes the node-id for each type of card. Table 14: Node ID Components Module (the entity on the card that is the target of the command) Slot (the physical slot in which the card is installed) Card Type (the card to Rack (always “0”) which your are issuing commands) Route switch processor 0 RSP0 and RSP1 CPU0 0-X (SFP and XFP module number on the line card) 4-7 (6-slot chassis) 0–7 (10-slot chassis) 40-Port Gigabit Ethernet 0-255 Line Card 8-Port 10-Gigabit Ethernet Line Card 4-Port 10-Gigabit Ethernet Line Card PM0-PM5 (10-slot — chassis) PM0-PM2 (6-slot chassis Power Modules 0 Fan controller cards 0 FC0–FC1 — Displaying Router Node IDs and Status In administration EXEC mode, the show platform command displays information for all router nodes. In administration EXEC mode, the command display also includes additional node IDs such as those for fabric cards, alarm modules, and fan controllers. For each node, this information includes the host card type, the operational state, and the configuration state. To display information on a single node, enter the command with a node ID. The syntax for the show platform command is: show platform [node-id] The following example displays the status for all nodes in the system: RP/0/RSP0/CPU0:router(admin)# show platform Sat Mar 24 05:02:18.569 DST Node Type State Config State ----------------------------------------------------------------------------- Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 100 OL-26081-03 Managing the Router Hardware Displaying Router Node IDs and Status0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON 0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON 0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON 0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON The node-id appears in the rack/slot/module notation, and the node-id components are as follows: • rack —In a single-shelf system the rack number is always “0.” • slot —Number of the physical slot in which the card is installed. • module —Subslot number of a system hardware component. Table 14: Node ID Components, on page 100 summarizes the node-id argument for each type of card. Displaying Router Environment Information The show environment command displays hardware information for the system, including fan speeds, LED indications, power supply voltage and current information, and temperatures. The syntax for the show environment command is: show environment [options] You can use the show environment command options to limit the detail in the command display. To view the command options, enter the show environment ? command. The following example shows the full environment status report: RP/0/RSP0/CPU0:router(admin)# show environment Mon Jun 29 04:32:07.587 PST Temperature Information --------------------------------------------- R/S/I Modules Inlet Hotspot Temperature Temperature (deg C) (deg C) 0/1/* host 31.5 39.5 0/RSP0/* host 26.6 36.6 0/4/* host 29.8 38.8 0/6/* host 32.7 42.0 0/FT0/* host 27.2 28.2 0/FT1/* host 27.4 30.2 Voltage Information Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 101 Managing the Router Hardware Displaying Router Environment Information--------------------------------------------- R/S/I Modules Sensor (mV) Margin 0/1/* host IBV 10647 n/a host 5.0V 4929 n/a host VP3P3_CAN 3288 n/a host 3.3V 3301 n/a host 2.5V 2516 n/a host 1.8VB 1810 n/a host 1.2VB 1193 n/a host 1.8VA 1800 n/a host 0.9VB 884 n/a host 1.2V_LDO_BRG0 1193 n/a host 1.2V_LDO_BRG1 1195 n/a host 1.8VC 1811 n/a host 1.5VB 1505 n/a host 1.5VA 1503 n/a host 1.1V(1.05V_CPU) 1052 n/a host 0.75VA 751 n/a host 0.75VB_0.75VC 754 n/a host 1.1VB 1102 n/a host 1.2V_TCAM0 1003 n/a host 1.2V_TCAM1 1000 n/a host 1.0V_Bridge_LDO 998 n/a host 1.0VB 1043 n/a host 0.75VD_and_0.75VE 752 n/a host 1.2V_TCAM2 1005 n/a host 1.2V_TCAM3 1002 n/a host 1.5VC 1504 n/a host 1.8VD 1803 n/a host 1.1VC 1099 n/a host ZARLINK_3.3V 3272 n/a host ZARLINK_1.8V 1808 n/a host 1.2V_DB 1195 n/a host 3.3V_DB 3316 n/a host 2.5V_DB 2534 n/a host 1.5V_DB 1509 n/a 0/RSP0/* host 0.75VTT 749 n/a host 0.9VTT_A 910 n/a host 0.9VTT_B 904 n/a host IBV 10586 n/a host 5.0V 5013 n/a host VP3P3_CAN 3277 n/a host 3.3V 3299 n/a host 2.5V 2518 n/a host 1.8VB 1807 n/a host 1.2VA 1205 n/a host 1.2VB 1202 n/a host 1.05V 1047 n/a host 1.2VD 1205 n/a host 1.8VA 1811 n/a host 1.5V 1496 n/a host 1.9V 1887 n/a 0/4/* host IBV 10627 n/a host 5.0V 4917 n/a host VP3P3_CAN 3279 n/a host 3.3V 3296 n/a host 2.5V 2522 n/a host 1.8VB 1805 n/a host 1.2VB 1188 n/a host 1.8VA 1796 n/a host 0.9VB 881 n/a host 1.2V_LDO_BRG0 1192 n/a host 1.2V_LDO_BRG1 1195 n/a Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 102 OL-26081-03 Managing the Router Hardware Displaying Router Environment Informationhost 1.8VC 1806 n/a host 1.5VB 1510 n/a host 1.5VA 1503 n/a host 1.1V(1.05V_CPU) 1048 n/a host 0.75VA 753 n/a host 0.75VB_0.75VC 757 n/a host 1.1VB 1105 n/a host 1.2V_TCAM0 1003 n/a host 1.2V_TCAM1 1000 n/a host 1.0V_Bridge_LDO 997 n/a host 1.0VB 1037 n/a host 0.75VD_and_0.75VE 755 n/a host 1.2V_TCAM2 1004 n/a host 1.2V_TCAM3 1005 n/a host 1.5VC 1505 n/a host 1.8VD 1808 n/a host 1.1VC 1104 n/a host ZARLINK_3.3V 3285 n/a host ZARLINK_1.8V 1806 n/a host 1.2V_DB 1205 n/a host 3.3V_DB 3318 n/a host 2.5V_DB 2493 n/a host 1.5V_DB 1497 n/a host 1.8V_DB 1825 n/a host 5.0V_XFP_DB 5001 n/a host 1.2VB_DB 1228 n/a 0/6/* host IBV 10628 n/a host 5.0V 4893 n/a host VP3P3_CAN 3281 n/a host 3.3V 3297 n/a host 2.5V 2524 n/a host 1.8VB 1804 n/a host 1.2VB 1204 n/a host 1.8VA 1795 n/a host 0.9VB 881 n/a host 1.2V_LDO_BRG0 1194 n/a host 1.2V_LDO_BRG1 1193 n/a host 1.8VC 1815 n/a host 1.5VB 1495 n/a host 1.5VA 1503 n/a host 1.1V(1.05V_CPU) 1052 n/a host 0.75VA 752 n/a host 0.75VB_0.75VC 749 n/a host 1.1VB 1001 n/a host 1.2V_TCAM0 999 n/a host 1.2V_TCAM1 1002 n/a host 1.0V_Bridge_LDO 995 n/a host 1.0VB 1050 n/a host 0.75VD_and_0.75VE 752 n/a host 1.2V_TCAM2 1002 n/a host 1.2V_TCAM3 995 n/a host 1.5VC 1502 n/a host 1.8VD 1802 n/a host 1.1VC 1101 n/a host ZARLINK_3.3V 3273 n/a host ZARLINK_1.8V 1804 n/a host 1.2V_DB 1200 n/a host 3.3V_DB 3314 n/a host 2.5V_DB 2496 n/a host 1.5V_DB 1496 n/a host 1.8V_DB 1824 n/a host 5.0V_XFP_DB 5004 n/a host 1.2VB_DB 1227 n/a LED Information --------------------------------------------- R/S/I Modules LED Status Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 103 Managing the Router Hardware Displaying Router Environment Information0/RSP0/* host Critical-Alarm Off host Major-Alarm Off host Minor-Alarm Off host ACO Off Fan Information --------------------------------------------- Fan speed (rpm): FAN0 FAN1 FAN2 FAN3 FAN4 FAN5 FAN6 FAN7 FAN8 FAN9 FAN10 FAN11 0/FT0/* 3510 3510 3510 3540 3510 3570 3480 3570 3510 3510 3510 3510 0/FT1/* 3540 3510 3450 3540 3480 3600 3480 3450 3540 3540 3480 3540 Power Supply Information --------------------------------------------- R/S/I Modules Sensor Watts 0/PM0/* host PM 3000 0/PM1/* host PM 3000 0/PM2/* host PM 3000 Power Shelves Type: AC Total Power Capacity: 9000W Protected Power Capacity: 4500W Worst Case Power Used: 3145W Slot Max Watts ---- --------- 0/1/CPU0 375 0/RSP0/CPU0 250 0/RSP1/CPU0 350 0/4/CPU0 375 0/6/CPU0 375 0/FT0/SP 710 (default) 0/FT1/SP 710 (default) Worst Case Protected Power Available: 1355W Displaying RP Redundancy Status The show redundancy command displays the redundancy status of the route switch processors (RSPs). This command also displays the boot and switch-over history for the RSPs. The show redundancy operates in EXEC and administration EXEC mode. In the following example, the show redundancy command displays the redundancy status for a redundant RSP pair: RP/0/RSP0/CPU0:router(admin)# show redundancy Mon Jun 29 04:49:26.098 PST Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 104 OL-26081-03 Managing the Router Hardware Displaying RP Redundancy StatusRedundancy information for node 0/RSP0/CPU0: ========================================== Node 0/RSP0/CPU0 is in ACTIVE role Node 0/RSP0/CPU0 has no valid partner Reload and boot info ---------------------- A9K-RSP-4G reloaded Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago Active node booted Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago Active node reload "Cause: Turboboot completed successfully" Displaying Field-Programmable Device Compatibility The show hw-module fpd command displaysfield-programmable device (FPD) compatibility for all modules or a specific module. The syntax for the show hw-module fpd command is: show hw-module fpd location {all | node-id} The show hw-module fpd operates in EXEC and administration EXEC mode. The following example shows how to display FPD compatibility for all modules in the router: RP/0/RSP1/CPU0:router# show hw-module fpd location all Mon Jun 29 05:38:50.332 PST ===================================== ========================================== Existing Field Programmable Devices ========================================== HW Current SW Upg/ Location Card Type Version Type Subtype Inst Version Dng? ============ ======================== ======= ==== ======= ==== =========== ==== 0/RSP0/CPU0 A9K-RSP-4G 4.8 lc fpga3 0 1.13 No lc fpga1 0 1.5 No lc fpga2 0 1.14 No lc cbc 0 1.2 No lc fpga4 0 1.6 No lc rommon 0 1.0 No -------------------------------------------------------------------------------- 0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 1 4.0 No -------------------------------------------------------------------------------- 0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 2 4.0 No -------------------------------------------------------------------------------- 0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.8 No lc cbc 0 2.2 No lc cpld1 0 0.15 No lc rommon 0 1.0 No -------------------------------------------------------------------------------- 0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- 0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.10 No lc cbc 0 2.2 No lc cpld2 0 0.7 No lc cpld1 0 0.15 No lc cpld3 0 0.3 No lc rommon 0 1.0 No lc fpga3 0 14.42 No -------------------------------------------------------------------------------- 0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- 0/6/CPU0 A9K-4T-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.10 No lc cbc 0 2.2 No lc cpld2 0 0.7 No Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 105 Managing the Router Hardware Displaying Field-Programmable Device Compatibilitylc cpld1 0 0.15 No lc cpld3 0 0.3 No lc rommon 0 1.0 No lc fpga3 0 14.42 No -------------------------------------------------------------------------------- 0/6/CPU0 A9K-4T-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- The following example shows how to display FPD compatibility for a specific module in the router: RP/0/RSP1/CPU0:router# show hw-module fpd location 0/4/cpu0 Thu Nov 19 21:43:49.599 UTC ===================================== ========================================== Existing Field Programmable Devices ========================================== HW Current SW Upg/ Location Card Type Version Type Subtype Inst Version Dng? ============ ======================== ======= ==== ======= ==== =========== ==== 0/4/CPU0 A9K-SIP-700 1.13 lc fpga1 0 0.22 No lc cbc 0 3.03 No lc hsbi 0 3.00 No lc rommon 0 1.02 No lc fpga2 0 5.14 No lc cpld1 0 0.14 No -------------------------------------------------------------------------------- Table 15: show hw-module fpd Field Descriptions Field Description Location of the module in the rack/slot/module notation. Location Card Type Module part number. HW Version Hardware model version for the module. Hardware type. Can be one of the following types: • spa—Shared port adapter • lc—Line card Type FPD type. Can be one of the following types: • fabldr—Fabric downloader • fpga1—Field-programmable gate array • fpga2—Field-programmable gate array 2 • fpga3—Field-programmable gate array 3 • fpga4—Field-programmable gate array 4 • fpga5—Field-programmable gate array 5 • rommonA—Read-only memory monitor A • rommon—Read-only memory monitor B Subtype Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 106 OL-26081-03 Managing the Router Hardware Displaying Field-Programmable Device CompatibilityField Description FPD instance. The FPD instance uniquely identifies an FPD and is used by the FPD process to register an FPD. Inst Current SW Version Currently running FPD image version. Specifies whether an FPD upgrade or downgrade is required. A downgrade isrequired in rare cases when the version of the FPD image has a higher major revision than the version of the FPD image in the current Cisco IOS XR software package. Upg/Dng? RSP Redundancy and Switchover This section describes RSP redundancy and switchover commands and issues. Establishing RSP Redundancy Your router has two slots for RSPs: RSP0 and RSP1 (see Figure 3: Redundant Set of RSPs Installed in Slots RSP0 and RSP1 in an 8-Slot Chassis, on page 108). RSP0 is the slot on the left, facing the fron of the chassis, Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 107 Managing the Router Hardware RSP Redundancy and Switchoverand RSP1 isthe slot on right. These slots are configured for redundancy by default, and the redundancy cannot be eliminated. To establish RSP redundancy, install RSPs into both slots. Figure 3: Redundant Set of RSPs Installed in Slots RSP0 and RSP1 in an 8-Slot Chassis Determining the Active RP in a Redundant Pair During system startup, one RSP in each redundant pair becomes the active RSP. You can tell which RSP is the active RSP in the following ways: • The active RSP can be identified by the green Primary LED on the faceplate of the card. The active RSP is indicated when the Primary LED is on. The alphanumeric LED display on the RSP displays ACTV RP. • The slot of the active RSP is indicated in the CLI prompt. For example: RP/0/RSP1/CPU0:router# In this example, the prompt indicates that you are communicating with the active RSP in slot RSP1. See Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide for a complete description of the CLI prompt. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 108 OL-26081-03 Managing the Router Hardware Determining the Active RP in a Redundant Pair• Enter the show redundancy command in EXEC mode to display a summary of the active and standby RSP status. For example: RP/0/RSP0/CPU0:router(admin)# show redundancy Mon Jun 29 04:49:26.098 PST Redundancy information for node 0/RSP0/CPU0: ========================================== Node 0/RSP0/CPU0 is in ACTIVE role Node 0/RSP0/CPU0 has no valid partner Reload and boot info ---------------------- A9K-RSP-4G reloaded Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago Active node booted Thu Jun 11 15:20:50 2009: 2 weeks, 3 days, 13 hours, 28 minutes ago Active node reload "Cause: Turboboot completed successfully" Role of the Standby RSP The second RSP to boot in a redundant pair automatically becomes the standby RSP. While the active RSP manages the system and communicates with the user interface, the standby RSP maintains a complete backup of the software and configurations for all cards in the system. If the active RSP fails or goes off line for any reason, the standby RSP immediately takes control of the system. Summary of Redundancy Commands RSP redundancy is enabled by default in the Cisco IOS XR software, but you can use the commands described in Table 16: RSP Redundancy Commands, on page 109 to display the redundancy status of the cards or force a manual switchover. Table 16: RSP Redundancy Commands Command Description Displays the redundancy status of the RSPs. This command also displays the boot and switch-over history for the RSPs. show redundancy Forces a manualswitchover to the standby RSP. This command works only if the standby RSP is installed and in the “ready” state. redundancy switchover Displaysthe statusfor node, including the redundancy status of the RSP cards. In EXEC mode, this command displays status for the nodes assigned to the SDR. In administration EXEC mode, this command displays status for all nodes in the system. show platform Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 109 Managing the Router Hardware Role of the Standby RSPAutomatic Switchover Automatic switchover from the active RSP to the standby RSP occurs only if the active RSP encounters a serious system error, such as the loss of a mandatory process or a hardware failure. When an automatic switchover occurs, the RSPs respond as follows: • If a standby RSP is installed and “ready” for switchover, the standby RSP becomes the active RSP. The original active RSP attempts to reboot. • If the standby RSP is not in “ready” state, then both RSPs reboot. The first RSP to boot successfully assumes the role of active RSP. RSP Redundancy During RSP Reload The reload command causes the active RSP to reload the Cisco IOS XR software. When an RSP reload occurs, the RSPs respond as follows: • If a standby RSP is installed and “ready” for switchover, the standby RSP becomes the active RSP. The original active RSP reboots and becomes the standby RSP. • If the standby RSP is not in the “ready” state, then both RSPs reboot. The first RSP to boot successfully assumes the role of active RSP. You should not use the reload command to force an RSP switchover because the result could be a significant loss of router operations. Instead, use the redundancy switchover command to fail over to the standby RSP, then use the hw-module location node-id reload command to reload the new standby RSP. Caution Related Topics Reloading, Shutting Down, or Power Cycling a Node, on page 111 Manual Switchover You can force a manualswitchover from the active RSP to the standby RSP using the redundancy switchover command. If a standby RSP is installed and ready for switchover, the standby RSP becomes the active RSP. The original active RSP becomes the standby RSP. In the following example, partial output for a successful redundancy switchover operation is shown: RP/0/RSP0/CPU0:router# show redundancy This node (0/RSP0/CPU0) is in ACTIVE role Partner node (0/RSP1/CPU0) is in STANDBY role Standby node in 0/RSP1/CPU0 is ready RP/0/RSP0/CPU0:router# redundancy switchover Updating Commit Database. Please wait...[OK] Proceed with switchover 0/RSP0/CPU0 -> 0/RSP1/CPU0? [confirm] Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 110 OL-26081-03 Managing the Router Hardware Automatic SwitchoverInitiating switch-over. RP/0/RSP0/CPU0:router# In the preceding example, the Telnet connection is lost when the previously active RP resets. To continue management of the router, you must connect to the newly activated RP as shown in the following example: User Access Verification Username: xxxxx Password: xxxxx Last switch-over Sat Apr 15 12:26:47 2009: 1 minute ago RP/0/RSP1/CPU0:router# If the standby RSP is not in “ready” state, the switchover operation is not allowed. In the following example, partial output for a failed redundancy switchover attempt is shown: RP/0/RSP0/CPU0:router# show redundancy Redundancy information for node 0/RP1/CPU0: ========================================== Node 0/RSP0/CPU0 is in ACTIVE role Partner node (0/RSP1/CPU0) is in UNKNOWN role Reload and boot info ---------------------- RP reloaded Wed Mar 29 17:22:08 2009: 2 weeks, 2 days, 19 hours, 14 minutes ago Active node booted Sat Apr 15 12:27:58 2009: 8 minutes ago Last switch-over Sat Apr 15 12:35:42 2009: 1 minute ago There have been 4 switch-overs since reload RP/0/RSP0/CPU0:router# redundancy switchover Switchover disallowed: Standby node is not ready. Communicating with a Standby RP The active RSP automatically synchronizes all system software, settings, and configurations with the standby RSP. If you connect to the standby RSP through the console port, you can view the status messages for the standby RSP. The standby RSP does not display a CLI prompt, so you cannot manage the standby card while it is in standby mode. If you connect to the standby RSP through the management Ethernet port, the prompt that appears is for the active RSP, and you can manage the router the same asif you had connected through the management Ethernet port on the active RSP. Reloading, Shutting Down, or Power Cycling a Node Use the commands described in this section to reload the Cisco IOS XR software on the active RSP or on any specified node in the system. This section also describes the commands used to administratively shut down a node and power a node on or off. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 111 Managing the Router Hardware Communicating with a Standby RPTable 17: Commands to Reload, Shut Down, or Power Cycle a Node, on page 112 summarizes the commands described in this section. Table 17: Commands to Reload, Shut Down, or Power Cycle a Node Command Description This command administratively turns the power off for a node. It is entered in administration configuration mode. The changes do not take effect until you enter the commit command. To power on a node, use the no form of this command. This command cannot be used to disable power on the RSP from which the command is entered. Note hw-module location node-id power disable This command works in EXEC mode and reloads the Cisco IOS XR software on a specific node or all nodes. To specify all nodes, enter the all keyword in place of the node-id argument. The node reloads with the current running configuration and active software set for that node. hw-module location node-id reload This command must be entered in administration configuration mode and administratively shuts down the specified node. Nodesthat are shut down still have power but cannot load or operate Cisco IOS XR software. To return a node to the up state, use the no form of this command. This command cannot be used to shut down the RSP from which the command is entered. Note hw-module shutdown location node-id Causes the active RSP to reload the Cisco IOS XR software according to the configuration register setting (for example, 0x0 to enter ROMMON bootstrap mode and 0x2102 to reload the RSP to EXEC mode). The reload command can be entered in EXEC or administration EXEC modes, and you can see additional options by entering the reload ? command. See the Reloading the Active RSP , on page 113 for more information. reload Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 112 OL-26081-03 Managing the Router Hardware Reloading, Shutting Down, or Power Cycling a NodeCommand Description Displays the configuration register setting for the router. • Use this command in administration EXEC mode to see the variables for both RSPs. • The configuration register setting determines how the router boots during a system reset. The most common configuration register settings are: ? 0x2102: The active RSP loads the Cisco IOS XR software and default configuration on the next system boot. After logging in, the user can access EXEC mode. ? 0x0: The active RSP enters the bootstrap ROM Monitor (rommon B1>) on the next system boot. show variables boot Reloading the Active RSP The reload command causes the active RSP to reload the Cisco IOS XR software according to the configuration register setting. This setting determines how the active RSP acts when reloaded. This section contains instructions to reload the Cisco IOS XR software and return to EXEC mode. For instructions to use the reload command for entering ROM Monitor bootstrap mode, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Because the reload command causes the active RSP to go off line and either reload the Cisco IOS XR software or enter ROM Monitor mode, the router experiences a loss of service unless a redundant standby RSP is installed and in “ready” state. To display the status of the standby RSP, use the show redundancy command in EXEC mode. Caution SUMMARY STEPS 1. show redundancy 2. admin 3. show variables boot 4. (Optional) config-register 0x2102 5. admin 6. reload Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 113 Managing the Router Hardware Reloading the Active RSPDETAILED STEPS Command or Action Purpose Step 1 show redundancy Displays the RSP redundancy status. Example: RP/0/RSP0/CPU0:router# show redundancy • If a standby RSP is in “ready” redundancy state, the reload command also causes the router to gracefully fail over to the standby RSP. admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 2 Step 3 show variables boot Displays the configuration register setting. Example: RP/0/RSP0/CPU0:router(admin)# show variables boot • Enter this command in administration EXEC mode. • For normal operations, the configuration registersetting is 0x2102, which causes the active RSP to reload the Cisco IOS XR software. • Verify that the configuration register setting is 0x2102. If it is not, complete Step 4, on page 114 to reset the configuration register to 0x2102. For instructions on how to enter ROM Monitor bootstrap mode, see Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide. Note (Optional) Sets the configuration register to 0x2102. This step is necessary only if the register is not set to 0x2102 in the running configuration. config-register 0x2102 Example: RP/0/RSP0/CPU0:router(admin)# config-register 0x2102 Step 4 admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 5 Step 6 reload Reloads the active RSP according to the configuration register setting. Example: RP/0/RSP0/CPU0:router# reload • If the setting is 0x2102, then the RSP reloadsthe Cisco IOS XR software. • If the standby RSP is in “ready” redundancy state, the router switches over to the standby RSP. • If a standby RSP is not installed or not in a “ready” state, the router experiences a loss of service while the active RSP is reloading the Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 114 OL-26081-03 Managing the Router Hardware Reloading the Active RSPFlash Disk Recovery When an RSP is power cycled or experiences an ungraceful reset, the boot disk (PCMCIA flash disk used to boot the card) may experience a file-system corruption. If this occurs, an error message is displayed and the RSP fails to boot. The corrupted flash disk is automatically reformatted and the Cisco IOS XR software is restored from the designated system controller (DSC) for the system. For example, if a flash disk for an RSP is corrupted, the RP fails to boot and the following error message is displayed: ######################################################### Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS XR Software for the Cisco XR Cisco ASR 9000 Series Router-mbirp, Copyright (c) 2009 by Cisco Systems, Inc. Unable to mount /disk0:, filesystem is corrupted. Check fsck log at /tmp/chkfs_fd0.log init: special_commands:wait for disk0: failed If this occurs, then the flash disk is automatically reformatted and the Cisco IOS XR software is restored to the flash disk. If the flash disk is badly damaged and cannot be reformatted, the disk must be replaced. If the corrupted flash disk is the DSC, then the router fails over to the standby DSC. If no standby DSC is installed, then the system fails to boot. Note Using Controller Commands to Manage Hardware Components The controller , controllers , and show controllers commands are used to manage and display settings for various hardware components, including the switch fabric management, Ethernet control plane, and interface manager. These commands are primarily diagnostic and related to driver-level details. The information available with these commands varies widely and is hardware specific. For information on the use of these commands, see Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference. Formatting Hard Drives, Flash Drives, and Other Storage Devices To format a storage device on the router, use the format command in EXEC mode. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 115 Managing the Router Hardware Flash Disk RecoveryCaution Formatting a storage device deletes all data on that device. The following command syntax is used: format filesystem: [options] Table 18: format command Syntax Description, on page 116 describes the format command syntax. Table 18: format command Syntax Description Variable Description Specifiesthe memory device to format. The supported file systems are: • bootflash: • compactflash: • configflash: • harddisk: • harddiska: • disk0: • disk1: Enter format ? to see the devices supported on your router. filesystem Enter format filesystem: ? to see the available options. For more information, see Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference. options In the following example, the format command is used to format the hard disk: RP/0/RSP0/CPU0:router# format harddisk: Removing and Replacing Cards This section describes card replacement issues and procedures. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 116 OL-26081-03 Managing the Router Hardware Removing and Replacing CardsRemoving Line Cards Line cards are designed for online insertion and removal (OIR). A line card is a single card that contains all service processing functions and physical line interfaces. The OIR feature allows you to remove and replace cards without removing power to the card or chassis. Removing a card interrupts all traffic passing through the card, but it does not remove the card configuration. When you remove a card, the configuration remains for all interfaces, but the interfaces do not appear in the output of the show interfaces command. You can view interface configurations by entering the show running-config command. The following example shows how the configuration appears when a card is removed: RP/0/RSP0/CPU0:router# show running-config Building configuration... hostname router router ospf 3269 area 0 interface POS0/3/0/0 cost 20 ! interface preconfigure POS0/3/0/0 ipv4 address 10.10.50.1 255.255.255.0 ! interface preconfigure POS0/3/0/1 description POS0/3/0/1 shutdown ! interface preconfigure POS0/3/0/2 description POS0/3/0/2 shutdown ! interface preconfigure POS0/3/0/3 description POS0/3/0/3 shutdown ! In this example, the line card in slot 3 isremoved, and the interface configuration for all four interfaces changes to “interface preconfigure.” However, the “router ospf” reference to a slot 3 interface does not change. If you replace a line card with another line card that uses the same media type and port count, the configuration becomes active on the replacement card. To remove the configuration for a slot after a card is removed, use the no interface preconfigure command to remove all interface configuration statements for that card in the running configuration. In addition, search the configuration for any references to the removed interfaces, such as the “router ospf” reference to slot 3 in the preceding example. To remove the configuration for a slot when a card is installed, use the no interface command to remove all interface configuration statements for that card in the running configuration. In addition, search the configuration for any references to the removed interfaces. Each line card supports a specific media type (Packet over SONET/SDH [POS] or Ethernet, for example) and port count. If you replace a line card with one that supports a different media type or port count, you should review the configuration and revise it to support the replacement line card. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 117 Managing the Router Hardware Removing Line CardsReplacing a Line Card with the Same Media Type and Port Count When you replace a line card or PLIM with a card that is of the same media type and has the same port count asthe replaced card, the guidelinesin the Removing Line Cards, on page 117 apply. Because the replacement card is of the same media type and port count, no special procedures are required for card removal and replacement. Replacing a Line Card with the Same Media Type and a Different Port Count When you replace a line card with a card that is of the same media type with a different port count, the guidelines in Removing Line Cards , on page 117 apply. If the new card has a greater port count than the replaced card, the configuration applies to the corresponding lower port numbers, and the ports that did not exist on the replaced card have no configuration and come up in the shutdown state. If the new card supports fewer ports, the existing configuration for the corresponding number of ports on the new card set is applied. The previous configuration for the removed ports remains in interface preconfigure state, as shown in the following example: RP/0/RSP0/CPU0:router# show running-config Building configuration... hostname rtp-gsr1 interface POS0/3/0/0 ipv4 address 10.10.50.1 255.255.255.0 ! interface preconfigure POS0/3/0/1 description POS0/3/0/1 shutdown ! interface preconfigure POS0/3/0/2 description POS0/3/0/2 shutdown ! interface preconfigure POS0/3/0/3 description POS0/3/0/3 shutdown ! In the preceding example, a four-port card has been replaced with a single-port card. The configuration from port 1 on the four-port card is applied to the single port on the replacement card, and the remaining port configurations change to “interface preconfigure.” To remove the configuration for the missing interfaces, use the no interface preconfigure command. In addition,search for and remove any configuration references to the removed interfaces. Whenever you replace a line card with the same media type and a different port count, review the running configuration in the router and revise the configuration as necessary. Replacing a Line Card or PLIM with a Different Media Type When you replace a line card or PLIM with a card that is of a different media type (for example, if you replace a POS PLIM with an Ethernet PLIM), the guidelines in Removing Line Cards , on page 117 apply. Review the running configuration in the router and revise the configuration as necessary for the new media type. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 118 OL-26081-03 Managing the Router Hardware Removing Line CardsUpgrading the CPU Controller Bits Use this procedure to upgrade the CPU controller bits on all nodes that are installed in the router or on a specific node. SUMMARY STEPS 1. admin 2. upgrade cpuctrlbits {all | location node-id} DETAILED STEPS Command or Action Purpose admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 1 Step 2 upgrade cpuctrlbits {all | location node-id} Upgrades the CPU controller bits on all nodes in the router. Example: RP/0/RSP0/CPU0:router(admin)# upgrade cpuctrlbits all Use the location node-id keyword and argument to upgrade the CPU controller bits on a specific node. Examples The following example shows how to upgrade the CPU controller bits on all nodes in a router: RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# upgrade cpucrtlbits all Please do not power cycle, reload the router or reset any nodes until all upgrades are completed. Please check the syslog to make sure that all nodes are upgraded successfully. If you need to perform multiple upgrades, please wait for current upgrade to be completed before proceeding to another upgrade. Failure to do so may render the cards under upgrade to be unusable. Additional References The following sections provide references related to hardware management on Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 119 Managing the Router Hardware Upgrading the CPU Controller BitsRelated Documents Related Topic Document Title Hardware Redundancy and Node Administration Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR hardware commands See Cisco Carrier Routing System Install and Upgrade Guides at: http://www.cisco.com/en/US/products/ ps5763/ prod_installation_guides_list.html Cisco IOS XR hardware documentation Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Information about getting started with Cisco IOS XR software Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Guide ROM Monitor Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR command master list Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 120 OL-26081-03 Managing the Router Hardware Additional ReferencesRFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 121 Managing the Router Hardware Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 122 OL-26081-03 Managing the Router Hardware Additional ReferencesC H A P T E R 7 Upgrading FPD on the Cisco ASR 9000 Series Router In general terms, field-programmable devices (FPDs) are hardware devices implemented on router cards thatsupportseparate software upgrades. A field-programmable gate array (FPGA) is a type of programmable memory device that exists on most hardware components of the router. The term FPD has been introduced to collectively and generically describe any type of programmable hardware device on SIPs and shared port adapters(SPAs), including FPGAs and the read-only memory monitor (ROMMON). Cisco IOS XR software provides the Cisco FPD upgrade feature to manage the upgrade of FPD images on SIPs and SPAs. This chapter describes the information that you must know to verify image versions and to perform an upgrade for SPA or SIP FPD images when incompatibilities arise. For complete descriptions of the FPD commands listed in this module, see Related Documents, on page 141. To locate documentation for other commandsthat might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 19: Feature History for Upgrading FPD Software on Cisco IOS XR Software Release Modification Release 3.9.0 Support for FPD upgrades was introduced. This module contains the following topics: • Prerequisites for FPD Image Upgrades, page 124 • Overview of FPD Image Upgrade Support, page 124 • How to Upgrade FPD Images, page 125 • Configuration Examples for FPD Image Upgrade, page 128 • Troubleshooting Problems with FPD Image Upgrades, page 140 • Additional References, page 141 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 123Prerequisites for FPD Image Upgrades Before upgrading the FPD on your router you must install and activate the Cisco ASR 9000 Series Router-fpd.pie. For information about performing this task, see the Upgrading and Managing the Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide. Overview of FPD Image Upgrade Support An FPD image is used to upgrade the software on an FPD. Whenever a Cisco IOS XR Software image is released thatsupports SIPs and SPAs, a companion SIP and SPA FPD image is bundled with the Cisco IOS XR software release. Generally, the FPD image is not automatically upgraded. You must manually upgrade the FPD image running on the SPA or SIP when you upgrade the Cisco IOS XR software image. FPD versions must be compatible with the Cisco IOS XR software that is running on the router; if an incompatibility exists between an FPD version and the Cisco IOS XR software, the device with the FPGA may not operate properly until the incompatibility is resolved. An FPGA incompatibility on a SPA does not necessarily affect the running of the SPA interfaces; an FPD incompatibility on a SIP disables all interfaces for all SPAs in the SIP until the incompatibility is addressed. Use the show hw-module fpd command to determine if an FPD upgrade is required. A value of ‘Yes’ in the Upg/Dng? (upgrade/downgrade) column indicates that an upgrade or downgrade is required. The Cisco ASR 9000 Series Router supports upgrades for FPGA devices on its SIPs and SPAs. FPGA and ROMMON software upgrades are part of an FPD image package that correspondsto a Cisco IOS XR software image. SIPs and SPAs support manual upgrades for FPGA devices using the Cisco FPD upgrade feature that is further described in this chapter. Related Topics show hw-module fpd Command Output: Example, on page 128 Automatic FPD Upgrade By default, the FPD image is not automatically upgraded. Generally, you must manually upgrade the FPD image running on the SPA or SIP when you upgrade the Cisco IOS XR software image. However, if you enable the fpd auto-upgrade command in administration configuration mode, FPD images are automatically updated whenever you perform a software upgrade. For the automatic FPD upgrade to work, the following conditions must be met: • The FPD package installation envelope (PIE) must already be installed on the router. • The FPD PIE must be activated together with the new Cisco IOS XR image. • The fpd auto-upgrade command must be enabled. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 124 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router Prerequisites for FPD Image UpgradesAlthough the FPD upgrade is performed during the install operation, there is no install commit performed. Therefore, once the FPD has been upgraded, if the image is rolled back to the original version, the FPD version is not downgraded to the previous version. Note The automatic FPD upgrade is not performed in the following instances: • Line cards or other cards such as RSPs, SPAs or alarm cards are added to an existing router. • A non-reload software maintenance upgrade (SMU) or PIE installation is performed, even where the FPD image version changes. Since a non-reload installation is, by definition, not supposed to reload the router, and an FPD upgrade requires a router reload, the automatic FPD upgrade is repressed. In all cases where the automatic FPD upgrade is not performed, you must perform a manual FPD upgrade using the upgrade hw-module fpd command. Note How to Upgrade FPD Images You must determine if an FPD image upgrade is needed using the show hw-module fpd command and perform the upgrade, if needed, under the following circumstances: • You migrate the software to a later Cisco IOS XR software release. • You swap SPAs or SIPs from a system running a different Cisco IOS XR software release. • You insert a new SPA or SIP. In the event that there is an FPD incompatibility with your card, you may receive an error message. If you upgrade to a newer version of the Cisco IOS XR software and there is an FPD incompatibility, you receive the following message: LC/0/1/CPU0:Dec 23 16:33:47.945 : spa_192_jacket_v2[203]: %PLATFORM-UPGRADE_FPD-4-DOWN_REV : spa fpga2 instance 0 is down-rev (V0.6), upgrade to (V1.0). Use the "upgrade hw-module fpd" CLI in admin mode. If the FPD image on the card is newer then what is required by the currently running Cisco IOS XR software image on the router, you receive the following error message: LC/0/1/CPU0:Dec 23 16:33:47.955 : spa_192_jacket_v2[203]: %PLATFORM-UPGRADE_FPD-4-UP_REV : spa fpga instance 1 is severely up-rev (V2.1), downgrade to (V1.6). Use the "upgrade hw-module fpd" CLI in admin mode. You should perform the FPD upgrade procedure if you receive such messages. Cards may not function properly if FPD incompatibilities are not resolved. Before You Begin • Before upgrading the FPD, you must install and activate the asr9k-fpd.pie. For information about performing this task, see the Upgrading and Managing Cisco IOS XR Software module. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 125 Upgrading FPD on the Cisco ASR 9000 Series Router How to Upgrade FPD Images• The FPD upgrade procedure is performed while the card is online. At the end of the procedure the card must be reloaded before the FPD upgrade is complete. To automatically reload the card, you can use the hw-module reload command during your next maintenance window. The upgrade procedure is not complete until the card is reloaded. • During the FPD upgrade, you must not do the following: ? Reload, perform an online insertion and removal (OIR) of a line card (LC), or power down the chassis. Doing so may cause the node to enter an unusable state. ? Press Ctrl-C if the console appears to hang without any output. Doing so may abort the upgrade. • If you are not sure whether a card requires an FPD upgrade, you can install the card and use the show hw-module fpd command to determine if the FPD image on the card is compatible with the currently running Cisco IOS XR software release. SUMMARY STEPS 1. show hw-module fpd location {all | node-id} 2. admin 3. (Optional) show fpd package 4. upgrade hw-module fpd {all | fpga-type} [force] location [all | node-id] 5. exit 6. (Optional) hw-module {location node-id | subslot subslot-id} reload 7. show platform DETAILED STEPS Command or Action Purpose Displays the current FPD image versions for the specified card or all cards installed in the router. Use this command to determine if you must upgrade the FPD image on your card. show hw-module fpd location {all | node-id} Example: RP/0/RSP0/CPU0:router# show hw-module fpd location all Step 1 or RP/0/RSP0/CPU0:router# show hw-module fpd location 0/4/cpu0 admin Enters administration EXEC mode. Example: RP/0/RSP0/CPU0:router# admin Step 2 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 126 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router How to Upgrade FPD ImagesCommand or Action Purpose (Optional) Displays which cards are supported with your current Cisco IOS XR software release, which FPD image you need for each card, and what the minimum show fpd package Example: RP/0/RSP0/CPU0:router(admin)# show fpd package Step 3 hardware requirements are for the various modules. (A minimum hardware requirement version of 0.0 indicates that all hardware can support this FPD image version.) If there are multiple FPD imagesfor your card, use this command to determine which FPD image to use if you want to upgrade only a specific FPD type. Upgrades all the current FPD images that must be upgraded on the specified card with new images. upgrade hw-module fpd {all | fpga-type} [force] location [all | node-id] Step 4 Example: RP/0/RSP0/CPU0:router(admin)# upgrade Before continuing to the next step, wait for confirmation that the FPD upgrade has successfully completed. Status messages, similar to these, are displayed to the screen until the FPD upgrade is completed: FPD upgrade started. hw-module fpd all force location 0/3/1 . . FPD upgrade in progress.. . FPD upgrade in progress.. Successfully upgraded 1 FPD for SPA-2XOC48POS/RPR on location 0/3/1 FPD upgrade sent to location xxxx FPD upgrade sent to location yyyy FPD upgrade in progress.. FPD upgrade finished for location xxx FPD upgrade in progress.. FPD upgrade finished for location yyyy FPD upgrade completed. The “FPD upgrade in progress.” message is printed every minute. These logs are information logs, and as such, are displayed if the logging console informational command is configured. If Ctrl-C is pressed while the FPD upgrade isin progress, the following warning message is displayed: FPD upgrade in progress on some hardware, aborting now is not recommended as it might cause HW programming failure and result in RMA of the hardware. Do you want to continue? [Confirm(y/n)] If you confirm that you want to abort the FPD upgrade procedure, this message is displayed: FPD upgrade process has been aborted, please check the status of the hardware and reissue the upgrade command if required. If your card supports multiple FPD images, you can use the show fpd package admin command to determine what specific image to upgrade in the upgrade hw-module fpd command. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 127 Upgrading FPD on the Cisco ASR 9000 Series Router How to Upgrade FPD ImagesCommand or Action Purpose exit Exits administration EXEC mode and returns to EXEC mode. Example: RP/0/RSP0/CPU0:router(admin)# exit Step 5 (Optional) Use the hw-module subslot reload command to reload a SPA and the hw-module location reload command to reload a SIP or line card. hw-module {location node-id | subslot subslot-id} reload Example: RP/0/RSP0/CPU0:router# hw-module subslot 0/3/1 reload Step 6 or RP/0/RSP0/CPU0:router# hw-module location 0/3/cpu0 reload Verifies that the FPD image on the card has been successfully upgraded by displaying the status of all cards in the system. show platform Example: RP/0/RSP0/CPU0:router# show platform Step 7 Configuration Examples for FPD Image Upgrade The following examples indicates the use of commands associated with the FPD image upgrade procedure. show hw-module fpd Command Output: Example Use the show hw-module fpd to display the current version of FPD images on the SPAs, SIPs and other cards installed on your router. This command can be used to identify information about FPDs on any card. If you enter the location of a line card that is not a SPA, the output displays information about any programmable devices on that line card. The following example shows how to display FPD compatibility for all modules in the router: RP/0/RSP1/CPU0:router# show hw-module fpd location all Mon Jun 29 05:38:50.332 PST ===================================== ========================================== Existing Field Programmable Devices ========================================== HW Current SW Upg/ Location Card Type Version Type Subtype Inst Version Dng? ============ ======================== ======= ==== ======= ==== =========== ==== 0/RSP0/CPU0 A9K-RSP-4G 4.8 lc fpga3 0 1.13 No lc fpga1 0 1.5 No lc fpga2 0 1.14 No lc cbc 0 1.2 No Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 128 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router Configuration Examples for FPD Image Upgradelc fpga4 0 1.6 No lc rommon 0 1.0 No -------------------------------------------------------------------------------- 0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 1 4.0 No -------------------------------------------------------------------------------- 0/RSP0/CPU0 ASR-9010-FAN 1.0 lc cbc 2 4.0 No -------------------------------------------------------------------------------- 0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.8 No lc cbc 0 2.2 No lc cpld1 0 0.15 No lc rommon 0 1.0 No -------------------------------------------------------------------------------- 0/1/CPU0 A9K-40GE-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- 0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.10 No lc cbc 0 2.2 No lc cpld2 0 0.7 No lc cpld1 0 0.15 No lc cpld3 0 0.3 No lc rommon 0 1.0 No lc fpga3 0 14.42 No -------------------------------------------------------------------------------- 0/4/CPU0 A9K-8T/4-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- 0/6/CPU0 A9K-4T-B 1.0 lc fpga1 0 0.38 No lc fpga2 0 0.10 No lc cbc 0 2.2 No lc cpld2 0 0.7 No lc cpld1 0 0.15 No lc cpld3 0 0.3 No lc rommon 0 1.0 No lc fpga3 0 14.42 No -------------------------------------------------------------------------------- 0/6/CPU0 A9K-4T-B 1.0 lc fpga1 1 0.38 No -------------------------------------------------------------------------------- The following example shows how to display FPD compatibility for a specific module in the router: RP/0/RSP1/CPU0:router# show hw-module fpd location 0/4/cpu0 Thu Nov 19 21:43:49.599 UTC ===================================== ========================================== Existing Field Programmable Devices ========================================== HW Current SW Upg/ Location Card Type Version Type Subtype Inst Version Dng? ============ ======================== ======= ==== ======= ==== =========== ==== 0/4/CPU0 A9K-SIP-700 1.13 lc fpga1 0 0.22 No lc cbc 0 3.03 No lc hsbi 0 3.00 No lc rommon 0 1.02 No lc fpga2 0 5.14 No lc cpld1 0 0.14 No -------------------------------------------------------------------------------- Table 20: show hw-module fpd Field Descriptions Field Description Location of the module in the rack/slot/module notation. Location Card Type Module part number. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 129 Upgrading FPD on the Cisco ASR 9000 Series Router show hw-module fpd Command Output: ExampleField Description HW Version Hardware model version for the module. Hardware type. Can be one of the following types: • spa—Shared port adapter • lc—Line card Type FPD type. Can be one of the following types: • fabldr—Fabric downloader • fpga1—Field-programmable gate array • fpga2—Field-programmable gate array 2 • fpga3—Field-programmable gate array 3 • fpga4—Field-programmable gate array 4 • fpga5—Field-programmable gate array 5 • rommonA—Read-only memory monitor A • rommon—Read-only memory monitor B Subtype FPD instance. The FPD instance uniquely identifies an FPD and is used by the FPD process to register an FPD. Inst Current SW Version Currently running FPD image version. Specifies whether an FPD upgrade or downgrade is required. A downgrade isrequired in rare cases when the version of the FPD image has a higher major revision than the version of the FPD image in the current Cisco IOS XR software package. Upg/Dng? show fpd package Command Output: Example Use the show fpd package command in administration EXEC mode to find out which SPAs and SIPs are supported with your current Cisco IOS XR software release, which FPD image package you need for each SPA or SIP, and what the minimum hardware requirements are for each module. If multiple FPD images are available for your card, they are listed as Subtype fpga2, fpga3, and so on. The following example shows sample output from the show fpd package command: RP/0/RP1/CPU0:router(admin)# show fpd package Thu Jul 7 04:34:48.351 DST =============================== ================================================ Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 130 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleField Programmable Device Package ================================================ SW Min Req Min Req Card Type FPD Description Type Subtype Version SW Ver HW Vers ==================== ========================== ==== ======= =========== ======== ========= A9K-40GE-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.06 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONA LC2 lc rommonA 1.05 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-4T-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 PHY LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T/4-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 PHY LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-2T20GE-B Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.11 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1 PortCtrl LC2 lc fpga2 0.16 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-40GE-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 131 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExamplePHYCtrl LC2 lc cpld2 0.06 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONA LC2 lc rommonA 1.05 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-4T-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 PHY LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T/4-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 PHY LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-2T20GE-E Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.11 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1 PortCtrl LC2 lc fpga2 0.16 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.11 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 132 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-16T/8-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.04 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.01 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-16T/8-B Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.04 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.01 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1 CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.11 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-16T/8-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.04 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.01 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-16T/8-E Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 133 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleCPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.04 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.01 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-40GE-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.06 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-4T-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 Serdes Upgrade LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T/4-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.03 0.0 0.1 PortCtrl LC2 lc fpga2 0.10 0.0 0.1 Serdes Upgrade LC2 lc fpga3 14.44 0.0 0.1 Bridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-2T20GE-L Can Bus Ctrl (CBC) LC2 lc cbc 2.02 0.0 0.1 CPUCtrl LC2 lc cpld1 1.00 0.0 0.1 PHYCtrl LC2 lc cpld2 0.11 0.0 0.1 LCClkCtrl LC2 lc cpld3 0.09 0.0 0.1 Tomcat LC2 lc fpga2 0.16 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 134 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleBridge LC2 lc fpga1 0.43 0.0 0.1 ROMMONB LC2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T-L Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.08 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.03 0.0 0.1 CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.11 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-16T/8-L Can Bus Ctrl (CBC) LC3 lc cbc 6.02 0.0 0.1 CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.04 0.0 0.1 LCClkCtrl LC3 lc cpld3 0.01 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.01 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ROMMONB LC3 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-SIP-700 Can Bus Ctrl (CBC) LC5 lc cbc 3.05 0.0 0.1 CPUCtrl LC5 lc cpld1 0.15 0.0 0.1 QFPCPUBridge LC5 lc fpga2 5.14 0.0 0.1 NPUXBarBridge LC5 lc fpga1 0.22 0.0 0.1 ROMMONA LC5 lc rommonA 1.03 0.0 0.1 ROMMONB LC5 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-SIP-500 Can Bus Ctrl (CBC) LC5 lc cbc 3.05 0.0 0.1 CPUCtrl LC5 lc cpld1 0.15 0.0 0.1 QFPCPUBridge LC5 lc fpga2 5.14 0.0 0.1 NPUXBarBridge LC5 lc fpga1 0.22 0.0 0.1 ROMMONA LC5 lc rommonA 1.03 0.0 0.1 ROMMONB LC5 lc rommon 1.03 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-RSP-2G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1 CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1 IntCtrl RSP2 lc fpga2 1.15 0.0 0.1 ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 135 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleUTI RSP2 lc fpga4 3.08 0.0 0.1 PUNT RSP2 lc fpga1 1.05 0.0 0.1 HSBI RSP2 lc hsbi 4.00 0.0 0.1 ROMMONA RSP2 lc rommonA 1.05 0.0 0.1 ROMMONB RSP2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-RSP-4G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1 CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1 IntCtrl RSP2 lc fpga2 1.15 0.0 0.1 ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1 UTI RSP2 lc fpga4 3.08 0.0 0.1 PUNT RSP2 lc fpga1 1.05 0.0 0.1 HSBI RSP2 lc hsbi 4.00 0.0 0.1 ROMMONA RSP2 lc rommonA 1.05 0.0 0.1 ROMMONB RSP2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-RSP-8G Can Bus Ctrl (CBC) RSP2 lc cbc 1.02 0.0 0.1 CPUCtrl RSP2 lc cpld2 1.17 0.0 0.1 IntCtrl RSP2 lc fpga2 1.15 0.0 0.1 ClkCtrl RSP2 lc fpga3 1.23 0.0 0.1 UTI RSP2 lc fpga4 3.08 0.0 0.1 PUNT RSP2 lc fpga1 1.05 0.0 0.1 HSBI RSP2 lc hsbi 4.00 0.0 0.1 ROMMONA RSP2 lc rommonA 1.05 0.0 0.1 ROMMONB RSP2 lc rommon 1.05 0.0 0.1 ---------------------------------------------------------------------------------------------- ASR-9010-FAN Can Bus Ctrl (CBC) FAN lc cbc 4.00 0.0 0.1 ---------------------------------------------------------------------------------------------- ASR-9006-FAN Can Bus Ctrl (CBC) FAN lc cbc 5.00 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-BPID2-10-SLOT Can Bus Ctrl (CBC) BP2 lc cbc 7.103 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-BPID2-6-SLOT Can Bus Ctrl (CBC) BP2 lc cbc 7.103 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-ISM-100 Can Bus Ctrl (CBC) LC6 lc cbc 18.05 0.0 0.1 CPUCtrl LC6 lc cpld1 0.01 0.0 0.1 Maintenance LC6 lc fpga2 1.00 0.0 0.1 Amistad LC6 lc fpga1 0.25 0.0 0.20 ROMMONA LC6 lc rommonA 1.02 0.0 0.1 ROMMONB LC6 lc rommon 1.02 0.0 0.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 136 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: Example---------------------------------------------------------------------------------------------- A9K-8T-B CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 PHYCtrl LC3 lc cpld2 0.08 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.11 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ---------------------------------------------------------------------------------------------- A9K-8T-E CPUCtrl LC3 lc cpld1 1.02 0.0 0.1 DB CPUCtrl LC3 lc cpld4 1.03 0.0 0.1 PortCtrl LC3 lc fpga2 0.11 0.0 0.1 Raven LC3 lc fpga1 1.02 0.0 0.1 ---------------------------------------------------------------------------------------------- SPA-4XT3/E3 SPA E3 Subrate FPGA spa fpga2 1.04 0.0 0.0 SPA T3 Subrate FPGA spa fpga3 1.04 0.0 0.0 SPA I/O FPGA spa fpga1 1.01 0.0 0.0 SPA ROMMON spa rommon 2.12 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-2XT3/E3 SPA E3 Subrate FPGA spa fpga2 1.04 0.0 0.0 SPA T3 Subrate FPGA spa fpga3 1.04 0.0 0.0 SPA I/O FPGA spa fpga1 1.01 0.0 0.0 SPA ROMMON spa rommon 2.12 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-4XCT3/DS0 SPA T3 Subrate FPGA spa fpga2 0.11 0.0 0.100 SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.200 SPA I/O FPGA spa fpga1 2.08 0.0 0.100 SPA ROMMON spa rommon 2.12 0.0 0.100 ---------------------------------------------------------------------------------------------- SPA-2XCT3/DS0 SPA T3 Subrate FPGA spa fpga2 0.11 0.0 0.100 SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.200 SPA I/O FPGA spa fpga1 2.08 0.0 0.100 SPA ROMMON spa rommon 2.12 0.0 0.100 ---------------------------------------------------------------------------------------------- SPA-1XCHSTM1/OC3 SPA T3 Subrate FPGA spa fpga2 1.04 0.0 0.0 SPA I/O FPGA spa fpga1 1.08 0.0 0.0 SPA ROMMON spa rommon 2.12 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-1XCHOC48/DS3 SPA I/O FPGA spa fpga2 1.00 0.0 0.49 SPA I/O FPGA spa fpga3 1.00 0.0 0.52 SPA I/O FPGA spa fpga1 1.36 0.0 0.49 SPA ROMMON spa rommon 2.02 0.0 0.49 ---------------------------------------------------------------------------------------------- SPA-2XCHOC12/DS0 SPA FPGA2 swv1.00 spa fpga2 1.00 0.0 0.0 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 137 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleSPA FPGA swv1.36 spa fpga1 1.36 0.0 0.49 SPA ROMMON swv2.2 spa rommon 2.02 0.0 0.49 ---------------------------------------------------------------------------------------------- SPA-8XOC12-POS SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5 ---------------------------------------------------------------------------------------------- SPA-8XCHT1/E1 SPA I/O FPGA spa fpga1 2.08 0.0 0.0 SPA ROMMON spa rommon 2.12 0.0 0.140 ---------------------------------------------------------------------------------------------- SPA-OC192POS-XFP SPA FPGA swv1.2 hwv2 spa fpga1 1.02 0.0 2.0 ---------------------------------------------------------------------------------------------- SPA-2XOC48POS/RPR SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-8XOC3-POS SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5 ---------------------------------------------------------------------------------------------- SPA-10X1GE-V2 SPA FPGA swv1.10 spa fpga1 1.10 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-5X1GE-V2 SPA FPGA swv1.10 spa fpga1 1.10 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-1X10GE-L-V2 SPA FPGA swv1.9 spa fpga1 1.09 0.0 0.0 ---------------------------------------------------------------------------------------------- SPA-4XOC3-POS-V2 SPA FPGA swv1.0 spa fpga1 1.00 0.0 0.5 ---------------------------------------------------------------------------------------------- SPA-1X10GE-WL-V2 SPA FPGA swv1.9 spa fpga1 1.09 0.0 0.0 ---------------------------------------------------------------------------------------------- This table describes the significant fields shown in the display: Table 21: show fpd package Field Descriptions Field Description Card Type Module part number. FPD Description Description of all FPD images available for the SPA. Hardware type. Possible types can be: • spa—Shared port adapter • lc—Line card Type FPD subtype. These values are used in the upgrade hw-module fpd command to indicate a specific FPD image type to upgrade. Subtype FPD software version recommended for the associated module running the current Cisco IOS XR software. SW Version Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 138 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show fpd package Command Output: ExampleField Description Minimum required FPD image software version to operate the card. Version 0.0 indicatesthat a minimum required image was not programmed into the card. Min Req SW Vers Minimum required hardware version for the associated FPD image. A minimum hardware requirement of version 0.0 indicates that all hardware can support this FPD image version. Min Req HW Vers In the show fpd package command output, the “subtype” column shows the FPDs that correspond with each SPA image. To upgrade a specific FPD with the upgrade hw-module fpd command, replace the fpga-type argument with the appropriate FPD from the “subtype” column, as shown in the following example: RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga2 location 0/3/1 reload Note upgrade hw-module fpd Command Output: Example Use the upgrade hw-module fpd command to upgrade the FPD image on a SPA, SIP or line card. The following example shows how to force the update of the FPGA on the SPA at location 0/1/cpu0. RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga force location 0/1/cpu0 Mon Jan 12 05:44:37.611 PST % RELOAD REMINDER: - The upgrade operation of the target module will not interrupt its normal operation. However, for the changes to take effect, the target module will need to be manually reloaded after the upgrade operation. This can be accomplished with the use of "hw-module reload" command. - If automatic reload operation is desired after the upgrade, please use the "reload" option at the end of the upgrade command. - The output of "show hw-module fpd location" command will not display correct version information after the upgrade if the target module is not reloaded. Continue? [confirm] y Starting the upgrade/download of following FPD: =========== ==== ======= ======= =========== ========= Current Upg/Dng Location Type Subtype Upg/Dng Version Version =========== ==== ======= ======= =========== ========= 0/1/CPU0 lc fpga upg 0.40 0.40 ------------------------------------------------------ LC/0/1/CPU0:Jan 12 05:44:43.700 : lc_fpd_upgrade[192]: %PLATFORM-UPGRADE_FPD-6-START : Starting to upgrade fpga subtype image from 0.4 to 0.4 for for this card on location 0/1/CPU0 SP/0/1/SP:Jan 12 05:44:41.150 : upgrade_daemon[280]: programming...with file /net/node0_RP1_CPU0/disk0:/asr9k-fpd-3.9.0.25I/fpd/ucode/fpga_jacket_hw80_sw0.4.xsvf LC/0/1/CPU0:Jan 12 05:44:42.990 : fabricq_mgr[152]: EES:Internal clock detect IDLE period(-106461) more than threshold(1200000) Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 139 Upgrading FPD on the Cisco ASR 9000 Series Router upgrade hw-module fpd Command Output: ExampleLC/0/1/CPU0:Jan 12 05:44:42.990 : ingressq[179]: EES:Internal clock detect IDLE period(-106461) more than threshold(1200000) LC/0/1/CPU0:Jan 12 05:45:09.240 : fabricq_mgr[152]: EES:Internal clock detect IDLE period(-105945) more than threshold(1200000) LC/0/1/CPU0:Jan 12 05:45:09.241 : ingressq[179]: EES:Internal clock detect IDLE period(-105944) more than threshold(1200000) SP/0/1/SP:Jan 12 05:45:16.020 : upgrade_daemon[280]: ...programming... SP/0/1/SP:Jan 12 05:45:16.034 : upgrade_daemon[280]: ...it will take a while... SP/0/1/SP:Jan 12 05:45:16.053 : upgrade_daemon[280]: ...it will take a while... SP/0/1/SP:Jan 12 05:47:42.967 : upgrade_daemon[280]: ...programming... SP/0/1/SP:Jan 12 05:47:42.981 : upgrade_daemon[280]: ...it will take a while... % SLC/0/1/CPU0:Jan 12 05:48:08.737 : lc_fpd_upgrade[192]: %PLATFORM-UPGRADE_FPD-6-PASSED : Successfully upgrade fpga subtype image for for this card on location 0/1/CPU0 show platform Command Output: Example Use the show platform command to verify that the SPA is up and running. RP/0/RSP0/CPU0:router# show platform Sat Jul 25 12:26:38.905 DST Node Type State Config State ----------------------------------------------------------------------------- 0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON 0/FT0/SP FAN TRAY READY 0/FT1/SP FAN TRAY READY 0/1/CPU0 A9K-40GE-B IOS XR RUN PWR,NSHUT,MON 0/4/CPU0 A9K-8T/4-B IOS XR RUN PWR,NSHUT,MON 0/6/CPU0 A9K-4T-B IOS XR RUN PWR,NSHUT,MON 0/PM0/SP A9K-3KW-AC READY PWR,NSHUT,MON 0/PM1/SP A9K-3KW-AC READY PWR,NSHUT,MON 0/PM2/SP A9K-3KW-AC READY PWR,NSHUT,MON Troubleshooting Problems with FPD Image Upgrades This section contains information to help troubleshoot problems that can occur during the upgrade process. Power Failure or Removal of a SPA During an FPD Image Upgrade If the FPD upgrade operation is interrupted by a power failure or the removal of the SPA, it could corrupt the FPD image. This corruption of the FPD image file makes the SPA unusable by the router and the system displays the following messages when it tries to power up the SPA. When it cannot successfully power up the SPA, it places it in the failed state, as shown in the following example: LC/0/3/CPU0:Feb 4 08:23:16.672 : spa_192_jacket[188]: %L2-SPA-5-OIR_INSERTED : SPA discovered in bay 0 LC/0/3/CPU0:Feb 4 08:23:23.349 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): An error occurred (0x1002), error recovery action: reset SPA LC/0/3/CPU0:Feb 4 08:23:26.431 : spa_192_jacket[188]: %L2-SPA-5-OIR_INSERTED : SPA discovered in bay 0 LC/0/3/CPU0:Feb 4 08:23:32.593 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): Too many retries, error recovery stopped LC/0/3/CPU0:Feb 4 08:23:32.593 : spa_192_jacket[188]: %L2-SPA-5-OIR_ERROR : SPA (0): An error occurred (0x1002), error recovery action: hold SPA in reset Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 140 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router show platform Command Output: ExampleWhen a SPA is in the failed state, it may not register itself with the FPD upgrade mechanism. In this case, you do not see the SPA listed when you use the show hw-module fpd command. To verify the state of a SPA, use the show hw-module subslot error command and the show hw-module subslotstatus command. Performing a SPA FPD Recovery Upgrade To recover a SPA from the failed state because of a corrupted FPD image, you must manually shut down the SPA. Use the hw-module subslot subslot-id shutdown command in global configuration mode to administratively shutdown the SPA. After the SPA is shut down, you can use the upgrade hw-module fpd command in administration EXEC mode, with the force option, to restart the FPD upgrade process, asshown in the following example: RP/0/RSP0/CPU0:router# admin RP/0/RSP0/CPU0:router(admin)# upgrade hw-module fpd fpga force location 0/3/0 Performing a SPA FPD recovery upgrade as well as using the force keyword with the upgrade hw-module fpd command works only if the SPA has power. If the SPA is in the SHUT, NPWR state (you can determine the state by checking the output of the show platform command), the upgrade in general, as well as the force keyword,will not work. Note Performing a SIP FPD Recovery Upgrade If a SIP upgrade fails for whatever reason, do not reload the SIP. Try to perform the upgrade procedure again. You can perform the upgrade procedure multiple times, aslong as you do not reload the SIP. The FPD upgrade procedure takes several minutes to complete; do not interrupt the procedure. If you reload the SIP when the FPD image is corrupted, the SIP malfunctions and you must contact Cisco technical support for assistance. To recover a SIP from the failed state because of a corrupted FPD image, you must contact Cisco technical support. To recover a SIP from the failed state because of a corrupted FPD image, you must turn off the automatic reset of the SIP card. Use the hw-module reset auto disable command in administration configuration mode, as shown in the following example: RP/0/RSP0/CPU0:router(admin-config)# hw-module reset auto disable location 0/1/4 Additional References The following sections provide references related to FPD software upgrade. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR command master list Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 141 Upgrading FPD on the Cisco ASR 9000 Series Router Performing a SPA FPD Recovery UpgradeRelated Topic Document Title Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR FPD upgrade-related commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Initial system bootup and configuration information for a router using the Cisco IOS XR Software. Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs for selected platforms using Cisco IOS XR Software, use the Cisco MIB Locator found at the following URL: http://cisco.com/ public/sw-center/netmgmt/cmtk/mibs.shtml There are no applicable MIBs for this module. RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 142 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router Additional ReferencesTechnical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 143 Upgrading FPD on the Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 144 OL-26081-03 Upgrading FPD on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 8 Configuring Manageability on Cisco ASR 9000 Series Router This module describes the configuration required to enable the Extensible Markup Language (XML) agent services. The XML Parser Infrastructure provides parsing and generation of XML documents with Document Object Model (DOM), Simple Application Programming Interface (API) for XML (SAX), and Document Type Definition (DTD) validation capabilities: • DOM allows customers to programmatically create, manipulate, and generate XML documents. • SAX supports user-defined functions for XML tags. • DTD allows for validation of defined document types. Table 22: Feature History for Configuring Manageability on Cisco IOS XR Software Release 3.7.2 This feature was introduced The ability to enable XML requests over Secure Socket Layer (SSL) was introduced. The ability to configure an idle timeout for the XML agent was introduced. Release 3.9.0 The ability to configure a dedicated agent to receive and send messages via a specified VPN routing and forwarding (VRF) instance was introduced. The ability to control CPU time used by the XML agent was introduced. Release 4.0.0 This module contains the following topics: • Information About XML Manageability, page 146 • How to Configure Manageability, page 146 • Configuration Examples for Manageability, page 147 • Additional References, page 148 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 145Information About XML Manageability The Cisco IOS XR Extensible Markup Language (XML) API provides a programmable interface to the router for use by external management applications. This interface provides a mechanism for router configuration and monitoring utilizing XML formatted request and response streams. The XML interface is built on top of the Management Data API (MDA), which provides a mechanism for Cisco IOS XR components to publish their data models through MDA schema definition files. Cisco IOS XR software provides the ability to access the router via XML using a dedicated TCP connection, Secure Socket Layer (SSL), or a specific VPN routing and forwarding (VRF) instance. How to Configure Manageability Configuring the XML Agent SUMMARY STEPS 1. xml agent [ssl] 2. iteration on size iteration-size 3. session timeout timeout 4. throttle {memory size | process-rate tags} 5. vrf { default | vrf-name} [access-list access-list-name] DETAILED STEPS Command or Action Purpose Enables Extensible Markup Language (XML) requests over a dedicated TCP connection and enters XML agent configuration xml agent [ssl] Example: Step 1 mode. Use the ssl keyword to enable XML requests over RP/0/RSP0/CPU0:router:router(config)# xml agent Secure Socket Layer (SSL). Configures the iteration size for large XML agent responses in KBytes. The default is 48. iteration on size iteration-size Example: Step 2 RP/0/RSP0/CPU0:router:router(config-xml-agent)# iteration on size 500 Configures an idle timeout for the XML agent in minutes. By default, there is no timeout. session timeout timeout Example: Step 3 RP/0/RSP0/CPU0:router:router(config-xml-agent)# session timeout 5 Step 4 throttle {memory size | process-rate tags} Configures the XML agent processing capabilities. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 146 OL-26081-03 Configuring Manageability on Cisco ASR 9000 Series Router Information About XML ManageabilityCommand or Action Purpose Example: • Specify the memory size in Mbytes. Values can range from 100 to 600. The default is 300. RP/0/RSP0/CPU0:router:router(config-xml-agent)# throttle memory 300 • Specify the process-rate as the number of tags that the XML agent can process per second. Values can range from 1000 to 30000. By default the process rate is not throttled. Configures the dedicated agent or SSL agent to receive and send messages via the specified VPN routing and forwarding (VRF) instance. vrf { default | vrf-name} [access-list access-list-name] Example: RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf my-vrf Step 5 Configuration Examples for Manageability Enabling VRF on an XML Agent: Examples The following example illustrates how to configure the dedicated XML agent to receive and send messages via VRF1, VRF2 and the default VRF: RP/0/RSP0/CPU0:router:router(config)# xml agent RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF1 RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF2 The following example illustrates how to remove access to VRF2 from the dedicated agent: RP/0/RSP0/CPU0:router:router(config)# xml agent RP/0/RSP0/CPU0:router:router(config-xml-agent)# no vrf VRF2 The following example shows how to configure the XML SSL agent to receive and send messages through VRF1, VRF2 and the default VRF: RP/0/RSP0/CPU0:router:router(config)# xml agent ssl RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF1 RP/0/RSP0/CPU0:router:router(config-xml-agent)# vrf VRF2 The following example removes access for VRF2 from the dedicated XML agent: RP/0/RSP0/CPU0:router:router(config)# xml agent ssl RP/0/RSP0/CPU0:router:router(config-xml-agent)# no vrf VRF2 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 147 Configuring Manageability on Cisco ASR 9000 Series Router Configuration Examples for ManageabilityAdditional References The following sections provide references related to configuring manageability on Cisco IOS XR software. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR commands Configuring AAA Services on Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards and RFCs Standard/RFC Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIB MIBs Link To locate and download MIBsforselected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 148 OL-26081-03 Configuring Manageability on Cisco ASR 9000 Series Router Additional ReferencesTechnical Assistance Description Link The Cisco Support website provides extensive online http://www.cisco.com/support resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 149 Configuring Manageability on Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 150 OL-26081-03 Configuring Manageability on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 9 Configuring Call Home on the Cisco ASR 9000 Series Router This module describes the configuring of the Call Home feature. Table 23: Feature History for Configuring Call Home Release Modification Release 4.1.0 Call Home was introduced This model contains the following topics: • About Call Home, page 151 • Configuring Call Home, page 155 • Configuring Contact Information, page 155 • Configuring and Activating Destination Profiles, page 158 • Associating an Alert Group with a Destination Profile, page 160 • Configuring Email, page 163 • Enabling Call Home, page 165 About Call Home Call Home provides an email-based notification for critical system policies. A range of message formats are available for compatibility with pager services or XML-based automated parsing applications. You can use this feature to page a network support engineer, email a Network Operations Center, or use Cisco Smart Call Home services to generate a case with the Technical Assistance Center. The Call Home feature can deliver alert messages containing information about diagnostics and environmental faults and events. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 151The Call Home feature can deliver alerts to multiple recipients, referred to as Call Home destination profiles. Each profile includes configurable message formats and content categories. A predefined destination profile is provided for sending alerts to the Cisco TAC, but you also can define your own destination profiles. When you configure Call Home to send messages, the appropriate CLI show command is executed and the command output is attached to the message. Call Home messages are delivered in the following formats: • Short text format which provides a one or two line description of the fault that is suitable for pagers or printed reports. • Full text format which provides fully formatted message with detailed information that is suitable for human reading. • XML machine readable format that uses Extensible Markup Language (XML) and Adaptive Messaging Language (AML) XML schema definition (XSD). The AML XSD is published on the Cisco.com website at http://www.cisco.com/. The XML format enables communication with the Cisco Systems Technical Assistance Center. Destination Profiles A destination profile includes the following information: • One or more alert groups—The group of alerts that trigger a specific Call Home message if the alert occurs. • One or more e-mail destinations—The list of recipients for the Call Home messages generated by alert groups assigned to this destination profile. • Message format—The format for the Call Home message (short text, full text, or XML). • Message severity level—The Call Home severity level that the alert must meet before a Call Home message is sent to all e-mail addresses in the destination profile. An alert is not generated if the Call Home severity level of the alert is lower than the message severity level set for the destination profile. You can also configure a destination profile to allow periodic inventory update messages by using the inventory alert group that will send out periodic messages daily, weekly, or monthly. The following predefined destination profiles are supported: • CiscoTAC-1—Supports the Cisco-TAC alert group in XML message format. Call Home Alert Groups An alert group is a predefined subset of alerts or events that Call Home detects and reports to one or more destinations. Alert groups allow you to select the set of alerts that you want to send to a predefined or custom destination profile. Alerts are sent to e-mail destinations in a destination profile only if that alert belongs to one of the alert groups associated with that destination profile and if the alert has a Call Home message severity at or above the message severity set in the destination profile. The following table lists supported alert groups and the default CLI command output included in Call Home messages generated for the alert group. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 152 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Destination ProfilesTable 24: Alert Groups and Executed Commands Alert Group Description Executed Commands show environment show logging show ineventory show environment trace show diag Events related to power, fan, and environment-sensing elementssuch as temperature alarms. Environmental admin show platform admin show version admin show diag admin show inventory oid Inventory status that is provided whenever a unit is cold booted, or when FRUs are inserted or removed. This alert is considered a noncritical event, and the information is used for status and entitlement. Inventory admin show version admin show logging admin show inventory Events generated by specific interesting syslog messages Syslog Call Home maps the syslog severity level to the corresponding Call Home severity level for syslog port group messages. Call Home Message Levels Call Home allows you to filter messages based on their level of urgency. You can associate each destination profile (predefined and user-defined) with a Call Home message level threshold. The Call Home message level rangesfrom 0 (lowest level of urgency) to 9 (highest level of urgency). Call Home messages are generated if they have a severity level equal to or greater than the Call Home message level threshold for the destination profile. Call Home messages that are sent for syslog alert groups have the syslog severity level mapped to the Call Home message level. Note Call Home does not change the syslog message level in the message text. The following table lists each Call Home message level keyword and the corresponding syslog level for the syslog port alert group. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 153 Configuring Call Home on the Cisco ASR 9000 Series Router Call Home Message LevelsTable 25: Severity and syslog Level Mapping Call Home Level Keyword syslog Level Description Network-wide catastrophic failure. 9 Catastrophic N/A Significant network impact. 8 Disaster N/A 7 Fatal Emergency (0) System is unusable. Critical conditions that indicate that immediate attention is needed. 6 Critical Alert (1) 5 Major Critical (2) Major conditions. 4 Minor Error (3) Minor conditions. 3 Warning Warning (4) Warning conditions. Basic notification and informational messages. Possibly independently insignificant. 2 Notification Notice (5) Normal event signifying return to normal state. 1 Normal Information (6) 0 Debugging Debug (7) Debugging messages. Obtaining Smart Call Home If you have a service contract directly with Cisco Systems, you can register your devices for the Smart Call Home service. Smart Call Home providesfast resolution ofsystem problems by analyzing Call Home messages sent from your devices and providing background information and recommendations. For issues that can be identified as known, particularly GOLD diagnostics failures, Automatic Service Requests will be generated with the Cisco-TAC. Smart Call Home offers the following features: • Continuous device health monitoring and real-time diagnostic alerts. • Analysis of Call Home messages from your device and, where appropriate, Automatic Service Request generation, routed to the appropriate TAC team, including detailed diagnostic information to speed problem resolution. • Secure message transport directly from your device or through a downloadable Transport Gateway (TG) aggregation point. You can use a TG aggregation point in cases that require support for multiple devices Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 154 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Obtaining Smart Call Homeor in cases where security requirements mandate that your devices may not be connected directly to the Internet. • Web-based accessto Call Home messages and recommendations, inventory and configuration information for all Call Home devices. Provides accessto associated field notices,security advisories and end-of-life information. You need the following items to register: • The SMARTnet contract number for your device • Your e-mail address • Your Cisco.com ID For more information about Smart Call Home, see the Smart Call Home page at this URL: http:// www.cisco.com/go/smartcall/ Configuring Call Home The tasks in this module describe how to configure the sending of Call Home messages. The following steps are involved: 1 Assign contact information. 2 Configure and enable one or more destination profiles. 3 Associate one or more alert groups to each profile. 4 Configure the email server options. 5 Enable Call Home. Configuring Contact Information Each router must include a contact e-mail address. You can optionally include other identifying information for your system installation. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 155 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring Call HomeSUMMARY STEPS 1. configure 2. call-home 3. contact-email-addr email-address 4. (Optional) contract-id contract-id-string 5. (Optional) customer-id customer-id-string 6. (Optional) phone-number phone-number-string 7. (Optional) street-address street-address 8. (Optional) site-id site-id-string 9. Use one of these commands: • end • commit 10. show call-home DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 call-home Enters call home configuration mode. Example: RP/0/RSP0/CPU0:router(config)# call-home RP/0/RSP0/CPU0:router(config-call-home)# Step 2 Configures the customer email address. Enter up to 200 characters in email address format with no spaces. contact-email-addr email-address Example: RP/0/RSP0/CPU0:router(config-call-home)# contact-email-addr user1@cisco.com Step 3 (Optional) Configures the contract ID. Enter up to 64 characters. If you include spaces, you must enclose the entry in quotes (""). contract-id contract-id-string Example: RP/0/RSP0/CPU0:router(config-call-home)# contract-id Contract-identifier Step 4 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 156 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring Contact InformationCommand or Action Purpose (Optional) Configuresthe customer ID. Enter up to 64 characters. If you include spaces, you must enclose the entry in quotes (""). customer-id customer-id-string Example: RP/0/RSP0/CPU0:router(config-call-home)# customer-id Customer1 Step 5 (Optional) Configures the customer phone number. The number must begin with a plus(+) prefix, and may contain only dashes(-) and numbers. Enter up to 16 characters. phone-number phone-number-string Example: RP/0/RSP0/CPU0:router(config-call-home)# phone-number +405-123-4567 Step 6 (Optional) Configures the customer street address where RMA equipment can be shipped. Enter up to 200 characters. If you include spaces, you must enclose the entry in quotes (""). street-address street-address Example: RP/0/RSP0/CPU0:router(config-call-home)# Step 7 street-address "300 E. Tasman Dr. San Jose, CA 95134" (Optional) Configures the site ID for the system. Enter up to 200 characters. If you include spaces, you must enclose the entry in quotes (""). site-id site-id-string Example: RP/0/RSP0/CPU0:router(config-call-home)# site-id SJ-RouterRoom1 Step 8 Step 9 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 157 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring Contact InformationCommand or Action Purpose show call-home Displays information about the system contacts. Example: RP/0/RSP0/CPU0:router# show call-home Step 10 Configuring and Activating Destination Profiles You must have at least one activated destination profile for Call Home messages to be sent. The CiscoTAC-1 profile exists by default but is not active. SUMMARY STEPS 1. configure 2. call-home 3. profile profile-name 4. destination address email email-address 5. destination message-size-limit max-size 6. destination preferred-msg-format {short-text | long-text | xml} 7. destination transport-method email 8. active 9. Use one of these commands: • end • commit 10. show call-home profile {all | profile-name} DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 158 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring and Activating Destination ProfilesCommand or Action Purpose call-home Enters call home configuration mode. Example: RP/0/RSP0/CPU0:router(config)# call-home RP/0/RSP0/CPU0:router(config-call-home)# Step 2 Enters call home profile configuration mode to configure a new or existing profile. profile profile-name Example: RP/0/RSP0/CPU0:router(config-call-home)# profile Step 3 my_profile RP/0/RSP0/CPU0:router(config-call-home-profile)# Configures an email address to which Call Home messages are sent for this profile. destination address email email-address Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# destination address email support_me@cisco.com Step 4 Configures the maximum size of Call Home messages for this profile. Values can be between 50 and 3145728 characters. destination message-size-limit max-size Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# destination message-size-limit 1000 Step 5 Configures the message format for this profile. The default is xml. destination preferred-msg-format {short-text | long-text | xml} Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# destination preferred-msg-format xml Step 6 Configures the transport method for this profile. Email is the only supported method. destination transport-method email Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# destination transport-method email Step 7 Step 8 active Activates the destination profile. Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# active At least one destination profile must be active for Call Home messages to be sent. Note Step 9 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 159 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring and Activating Destination ProfilesCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show call-home profile {all | profile-name} Displays information about the destination profile. Example: RP/0/RSP0/CPU0:router# show call-home profile all Step 10 Associating an Alert Group with a Destination Profile An alert is sent only to destination profiles that have subscribed to the Call Home alert group. Before You Begin Use the show call-home alert-group command to view available alert groups. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 160 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Associating an Alert Group with a Destination ProfileSUMMARY STEPS 1. configure 2. call-home 3. profile profile-name 4. subscribe-to-alert-group environment [severity severity-level 5. subscribe-to-alert-group inventory [periodic {daily | monthly day-of-month | weekly day-of-week} hh:mm 6. subscribe-to-alert-group syslog severity severity-level pattern string 7. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 call-home Enters call home configuration mode. Example: RP/0/RSP0/CPU0:router(config)# call-home RP/0/RSP0/CPU0:router(config-call-home)# Step 2 Enters call home profile configuration mode to configure a new or existing profile. profile profile-name Example: RP/0/RSP0/CPU0:router(config-call-home)# profile Step 3 my_profile RP/0/RSP0/CPU0:router(config-call-home-profile)# Configures a destination profile to receive messages for the environment alert group. Alerts with a severity the same or greater subscribe-to-alert-group environment [severity severity-level Step 4 than the specified severity level are sent. The default severity is debugging. Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# • catastrophic—Includes network-wide catastrophic events subscribe-to-alert-group environment severity in the alert. This is the highest severity. major • critical—Includes events requiring immediate attention (system log level 1). • debugging—Includes debug events (system log level 7). This is the lowest severity. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 161 Configuring Call Home on the Cisco ASR 9000 Series Router Associating an Alert Group with a Destination ProfileCommand or Action Purpose • disaster—Includes events with significant network impact. • fatal—Includes events where the system is unusable (system log level 0). • major—Includes events classified as major conditions (system log level 2). • minor—Includes events classified as minor conditions (system log level 3) • normal—Specifies the normal state and includes events classified as informational (system log level 6). This is the default. • notification—Includes eventsinformational message events (system log level 5). • warning—Includes events classified as warning conditions (system log level 4). Configures a destination profile to receive messages for the inventory alert group. Either alerts are sent periodically, or any non-normal event triggers an alert. subscribe-to-alert-group inventory [periodic {daily | monthly day-of-month | weekly day-of-week} hh:mm Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# Step 5 subscribe-to-alert-group inventory periodic monthly 1 10:00 Configures a destination profile to receive messages for the syslog alert group. Alerts with a severity the same or greater than the specified severity level are sent. subscribe-to-alert-group syslog severity severity-level pattern string Example: RP/0/RSP0/CPU0:router(config-call-home-profile)# Step 6 • catastrophic—Includes network-wide catastrophic events in the alert. This is the highest severity. subscribe-to-alert-group syslog severity major pattern • critical—Includes events requiring immediate attention (system log level 1). • debugging—Includes debug events (system log level 7). This is the lowest severity. • disaster—Includes events with significant network impact. • fatal—Includes events where the system is unusable (system log level 0). • major—Includes events classified as major conditions (system log level 2). • minor—Includes events classified as minor conditions (system log level 3) Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 162 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Associating an Alert Group with a Destination ProfileCommand or Action Purpose • normal—Specifies the normal state and includes events classified as informational (system log level 6). This is the default. • notification—Includes eventsinformational message events (system log level 5). • warning—Includes events classified as warning conditions (system log level 4). You can specify a pattern to be matched in the syslog message. If the pattern contains spaces, you must enclose it in quotes (""). Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. What to Do Next Use the show call-home profile command to view the profile configurations. Configuring Email Call Home messages are sent via email. You must configure your email server before Call Home messages can be sent. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 163 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring EmailSUMMARY STEPS 1. configure 2. call-home 3. (Optional) sender from email-address 4. (Optional) sender reply-to email-address 5. mail-server address priority priority 6. rate-limit events-count 7. Use one of these commands: • end • commit 8. show call-home mail-server status DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 call-home Enters call home configuration mode. Example: RP/0/RSP0/CPU0:router(config)# call-home RP/0/RSP0/CPU0:router(config-call-home)# Step 2 (Optional) Specifies the email message “from” address. sender from email-address Example: RP/0/RSP0/CPU0:router(config-call-home)# sender from my_email@cisco.com Step 3 (Optional) Specifies the email message “reply-to” address. sender reply-to email-address Example: RP/0/RSP0/CPU0:router(config-call-home)# sender reply-to my_email@cisco.com Step 4 Specifies the mail server to use to send Call Home messages. You can specify an IP address or mail server name. You can specify up mail-server address priority priority Example: RP/0/RSP0/CPU0:router(config-call-home)# mail-server 198.51.100.10 priority 1 Step 5 to five mail servers to use. The server with the lower priority is tried first. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 164 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Configuring EmailCommand or Action Purpose Specifies the maximum trigger rate per minute. The default is five events per minute and the maximum is also five. rate-limit events-count Example: RP/0/RSP0/CPU0:router(config-call-home)# rate-limit 4 Step 6 Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show call-home mail-server status Displays the status of the specified mail server. Example: RP/0/RSP0/CPU0:router# show call-home mail-server status Step 8 Enabling Call Home By default the sending of Call Home messages is disabled. You must peform this task to enable the sending of Call Home messages. Before You Begin Before enabling the sending of Call Home messages, you should complete the configuration tasks described in this module. Specifically, you must have enabled a destination profile for any Call Home messages to be sent. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 165 Configuring Call Home on the Cisco ASR 9000 Series Router Enabling Call HomeSUMMARY STEPS 1. configure 2. call-home 3. service active 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 call-home Enters call home configuration mode. Example: RP/0/RSP0/CPU0:router(config)# call-home RP/0/RSP0/CPU0:router(config-call-home)# Step 2 service active Enables the sending of Call Home messages. Example: RP/0/RSP0/CPU0:router(config-call-home)# service active Step 3 Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 166 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Enabling Call HomeCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 167 Configuring Call Home on the Cisco ASR 9000 Series Router Enabling Call Home Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 168 OL-26081-03 Configuring Call Home on the Cisco ASR 9000 Series Router Enabling Call HomeC H A P T E R 10 Implementing NTP on the Cisco ASR 9000 Series Router Network Time Protocol (NTP) is a protocol designed to time-synchronize devices within a network. Cisco IOS XR software implements NTPv4. NTPv4 retains backwards compatibility with the older versions of NTP, including NTPv3 and NTPv2 but excluding NTPv1, which has been discontinued due to security vulnerabilities. This module describes the tasks you need to implement NTP on the Cisco IOS XR software. For more information about NTP on the Cisco IOS XR software and complete descriptions of the NTP commands listed in this module, see Related Documents, on page 189. To locate documentation for other commands that might appear in the course of running a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 26: Feature History for Implementing NTP on Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. Support was added for IPv6 addresses, VRFs, multicast-based associations, and burst and iburst modes for poll-based associations. Release 3.9.0 This module contains the following topics: • Prerequisites for Implementing NTP on Cisco IOS XR Software, page 170 • Information About Implementing NTP, page 170 • How to Implement NTP on Cisco IOS XR Software, page 171 • Configuration Examples for Implementing NTP, page 186 • Additional References, page 189 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 169Prerequisites for Implementing NTP on Cisco IOS XR Software You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Information About Implementing NTP NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur. NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communication uses Coordinated Universal Time (UTC). An NTP network usually receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other. NTP usesthe concept of a “stratum” to describe how many NTP “hops” away a machine isfrom an authoritative time source. A “stratum 1” time server typically has an authoritative time source (such as a radio or atomic clock, or a GPS time source) directly attached, a “stratum 2” time server receives its time via NTP from a “stratum 1” time server, and so on. NTP avoids synchronizing to a machine whose time may not be accurate, in two ways. First, NTP never synchronizes to a machine that is not synchronized itself. Second, NTP compares the time reported by several machines and does not synchronize to a machine whose time is significantly different than the others, even if its stratum is lower. This strategy effectively builds a self-organizing tree of NTP servers. The Cisco implementation of NTP does not support stratum 1 service; in other words, it is not possible to connect to a radio or atomic clock (for some specific platforms, however, you can connect a GPS time-source device). We recommend that time service for your network be derived from the public NTP servers available in the IP Internet. If the network isisolated from the Internet, the Cisco implementation of NTP allows a machine to be configured so that it acts as though it is synchronized via NTP, when in fact it has determined the time using other means. Other machines can then synchronize to that machine via NTP. Several manufacturers include NTP software for their host systems, and a publicly available version for systemsrunning UNIX and its various derivativesis also available. Thissoftware also allows UNIX-derivative serversto acquire the time directly from an atomic clock, which would subsequently propagate time information along to Cisco routers. The communications between machinesrunning NTP (known as associations) are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is made possible by exchanging NTP messages between each pair of machines with an association. The Cisco implementation of NTP supportstwo waysthat a networking device can obtain NTP time information on a network: • By polling host servers • By listening to NTP broadcasts In a LAN environment, NTP can be configured to use IP broadcast messages. As compared to polling, IP broadcast messagesreduce configuration complexity, because each machine can simply be configured to send Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 170 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Prerequisites for Implementing NTP on Cisco IOS XR Softwareor receive broadcast or multicast messages. However, the accuracy of timekeeping is marginally reduced because the information flow is one-way only. An NTP broadcast client listens for broadcast messages sent by an NTP broadcast server at a designated IPv4 address. The client synchronizes the local clock using the first received broadcast message. The time kept on a machine is a critical resource, so we strongly recommend that you use the security features of NTP to avoid the accidental or malicioussetting of incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism. When multiple sources of time (VINES, hardware clock, manual configuration) are available, NTP is always considered to be more authoritative. NTP time overrides the time set by any other method. How to Implement NTP on Cisco IOS XR Software Configuring Poll-Based Associations Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. You can configure the following types of poll-based associations between the router and other devices (which may also be routers): • Client mode • Symmetric active mode The client and the symmetric active modes should be used when NTP is required to provide a high level of time accuracy and reliability. When a networking device is operating in the client mode, it polls its assigned time serving hosts for the current time. The networking device then picks a host from all the polled time servers to synchronize with. Because the relationship that is established in this case is a client-host relationship, the host does not capture or use any time information sent by the local client device. This mode is most suited for file-server and workstation clients that are not required to provide any form of time synchronization to other local clients. Use the server command to individually specify the time-serving hoststhat you want your networking device to consider synchronizing with and to set your networking device to operate in the client mode. When a networking device is operating in the symmetric active mode, it polls its assigned time-serving hosts for the current time and it responds to polls by its hosts. Because this is a peer-to-peer relationship, the host also retains time-related information about the local networking device that it is communicating with. This mode should be used when there are several mutually redundant servers that are interconnected via diverse network paths. Most stratum 1 and stratum 2 servers on the Internet today adopt this form of network setup. Use the peer command to individually specify the time-serving hosts that you want your networking device to consider synchronizing with and to set your networking device to operate in the symmetric active mode. When the router pollsseveral other devicesfor the time, the routerselects one device with which to synchronize. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 171 Implementing NTP on the Cisco ASR 9000 Series Router How to Implement NTP on Cisco IOS XR SoftwareTo configure a peer-to-peer association between the router and another device, you must also configure the router as a peer on the other device. You can configure multiple peers and servers, but you cannot configure a single IP address as both a peer and a server at the same time. To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration. Note SUMMARY STEPS 1. configure 2. ntp 3. server ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] [burst] [iburst] 4. peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] 5. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Forms a server association with another system. This step can be repeated as necessary to form associations with multiple devices. server ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] [burst] [iburst] Step 3 Example: RP/0/RSP0/CPU0:router(config-ntp)# server 172.16.22.44 minpoll 8 maxpoll 12 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 172 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuring Poll-Based AssociationsCommand or Action Purpose Forms a peer association with another system. This step can be repeated as necessary to form associations with multiple systems. peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] Step 4 To complete the configuration of a peer-to-peer association between the router and the remote device, the router must also be configured as a peer on the remote device. Note Example: RP/0/RSP0/CPU0:router(config-ntp)# peer 192.168.22.33 minpoll 8 maxpoll 12 source pos 0/0/0/1 Step 5 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Broadcast-Based NTP Associates In a broadcast-based NTP association, an NTP server propagates NTP broadcast packetsthroughout a network. Broadcast clients listen for the NTP broadcast packets propagated by the NTP server and do not engage in any polling. Broadcast-based NTP associationsshould be used when time accuracy and reliability requirements are modest and if your network is localized and has a large number of clients (more than 20). Broadcast-based NTP associations also are recommended for use on networks that have limited bandwidth, system memory, or CPU resources. Time accuracy is marginally reduced in broadcast-based NTP associations because information flows only one way. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 173 Implementing NTP on the Cisco ASR 9000 Series Router Configuring Broadcast-Based NTP AssociatesUse the broadcast client command to set your networking device to listen for NTP broadcast packets propagated through a network. For broadcast client mode to work, the broadcast server and its clients must be located on the same subnet. The time server that is transmitting NTP broadcast packets must be enabled on the interface of the given device using the broadcast command. Use the broadcast command to set your networking device to send NTP broadcast packets. Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. SUMMARY STEPS 1. configure 2. ntp 3. (Optional) broadcastdelay microseconds 4. interface type interface-path-id 5. broadcast client 6. broadcast [destination ip-address] [key key-id] [version number] 7. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 (Optional) Adjusts the estimated round-trip delay for NTP broadcasts. broadcastdelay microseconds Example: RP/0/RSP0/CPU0:router(config-ntp)# broadcastdelay 5000 Step 3 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 174 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuring Broadcast-Based NTP AssociatesCommand or Action Purpose interface type interface-path-id Enters NTP interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-ntp)# interface POS 0/1/0/0 Step 4 Step 5 broadcast client Configures the specified interface to receive NTP broadcast packets. Example: RP/0/RSP0/CPU0:router(config-ntp-int)# broadcast client Go to Step 6, on page 175 to configure the interface to send NTP broadcast packets. Note broadcast [destination ip-address] [key key-id] Configures the specified interface to send NTP broadcast packets. [version number] Step 6 Go to Step 5, on page 175 to configure the interface to receive NTP broadcast packets. Note Example: RP/0/RSP0/CPU0:router(config-ntp-int)# broadcast destination 10.50.32.149 Step 7 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp-int)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp-int)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 175 Implementing NTP on the Cisco ASR 9000 Series Router Configuring Broadcast-Based NTP AssociatesConfiguring NTP Access Groups Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. The access list-based restriction scheme allows you to grant or deny certain access privileges to an entire network, a subnet within a network, or a host within a subnet. The access group options are scanned in the following order, from least restrictive to most restrictive: 1 peer—Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access list criteria. 2 serve—Allows time requests and NTP control queries, but does not allow the system to synchronize itself to a system whose address passes the access list criteria. 3 serve-only—Allows only time requests from a system whose address passes the access list criteria. 4 query-only—Allows only NTP control queriesfrom a system whose address passesthe accesslist criteria. If the source IP address matches the access lists for more than one access type, the first type is granted. If no access groups are specified, all access types are granted to all systems. If any access groups are specified, only the specified access types are granted. For details on NTP control queries, see RFC 1305 (NTP version 3). SUMMARY STEPS 1. configure 2. ntp 3. access-group{peer | query-only | serve | serve-only} access-list-name 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 176 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuring NTP Access GroupsCommand or Action Purpose Creates an access group and applies a basic IPv4 or IPv6 access list to it. access-group{peer | query-only | serve | serve-only} access-list-name Example: RP/0/RSP0/CPU0:router(config-ntp)# access-group peer access1 Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring NTP Authentication This task explains how to configure NTP authentication. Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. The encrypted NTP authentication scheme should be used when a reliable form of access control is required. Unlike the access-list-based restriction scheme that is based on IP addresses, the encrypted authentication scheme uses authentication keys and an authentication process to determine if NTP synchronization packets sent by designated peers or servers on a local network are deemed as trusted, before the time information that it carries along is accepted. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 177 Implementing NTP on the Cisco ASR 9000 Series Router Configuring NTP AuthenticationThe authentication process begins from the moment an NTP packet is created. A message authentication code (MAC) is computed using the MD5 Message Digest Algorithm and the MAC is embedded into an NTP synchronization packet. The NTP synchronization packet together with the embedded MAC and key number are transmitted to the receiving client. If authentication is enabled and the key is trusted, the receiving client computes the MAC in the same way. If the computed MAC matches the embedded MAC, the system is allowed to sync to the server that uses this key in its packets. After NTP authentication is properly configured, your networking device only synchronizes with and provides synchronization to trusted time sources. SUMMARY STEPS 1. configure 2. ntp 3. authenticate 4. authentication-key key-number md5 [clear | encrypted] key-name 5. trusted-key key-number 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 authenticate Enables the NTP authentication feature. Example: RP/0/RSP0/CPU0:router(config-ntp)# authenticate Step 3 authentication-key key-number md5 [clear | Defines the authentication keys. encrypted] key-name Step 4 • Each key has a key number, a type, a value, and, optionally, a name. Currently the only key type supported is md5. Example: RP/0/RSP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 178 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuring NTP AuthenticationCommand or Action Purpose Step 5 trusted-key key-number Defines trusted authentication keys. Example: RP/0/RSP0/CPU0:router(config-ntp)# trusted-key 42 • If a key is trusted, this router only synchronizes to a system that uses this key in its NTP packets. Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Disabling NTP Services on a Specific Interface NTP services are disabled on all interfaces by default. NTP is enabled globally when any NTP commands are entered. You can selectively prevent NTP packets from being received through a specific interface by turning off NTP on a given interface. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 179 Implementing NTP on the Cisco ASR 9000 Series Router Disabling NTP Services on a Specific InterfaceSUMMARY STEPS 1. configure 2. ntp 3. Use one of the following commands: • no interface type interface-path-id • interface type interface-path-id disable 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Step 3 Use one of the following commands: Disables NTP services on the specified interface. • no interface type interface-path-id • interface type interface-path-id disable Example: RP/0/RSP0/CPU0:router(config-ntp)# no interface pos 0/0/0/1 or RP/0/RSP0/CPU0:router(config-ntp)# interface POS 0/0/0/1 disable Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 180 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Disabling NTP Services on a Specific InterfaceCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the Source IP Address for NTP Packets By default, the source IP address of an NTP packet sent by the router is the address of the interface through which the NTP packet is sent. Use this procedure to set a different source address. Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. SUMMARY STEPS 1. configure 2. ntp 3. source type interface-path-id 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 181 Implementing NTP on the Cisco ASR 9000 Series Router Configuring the Source IP Address for NTP PacketsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Step 3 source type interface-path-id Configures an interface from which the IP source address is taken. Example: RP/0/RSP0/CPU0:router(config-ntp)# source POS 0/0/0/1 This interface is used for the source address for all packets sent to all destinations. If a source addressisto be used for a specific association, use the source keyword in the peer or server command shown in Configuring Poll-Based Associations, on page 171. Note Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the System as an Authoritative NTP Server You can configure the router to act as an authoritative NTP server, even if the system is not synchronized to an outside time source. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 182 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuring the System as an Authoritative NTP ServerNote No specific command enables NTP; the first NTP configuration command that you issue enables NTP. SUMMARY STEPS 1. configure 2. ntp 3. master stratum 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Step 3 master stratum Makes the router an authoritative NTP server. Example: RP/0/RSP0/CPU0:router(config-ntp)# master 9 Use the master command with caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the master command can cause instability in timekeeping if the machines do not agree on the time. Note Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 183 Implementing NTP on the Cisco ASR 9000 Series Router Configuring the System as an Authoritative NTP ServerCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Updating the Hardware Clock On devices that have hardware clocks (system calendars), you can configure the hardware clock to be periodically updated from the software clock. This is advisable for devices using NTP, because the time and date on the software clock (set using NTP) is more accurate than the hardware clock. The time setting on the hardware clock has the potential to drift slightly over time. Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP. SUMMARY STEPS 1. configure 2. ntp 3. update-calendar 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 184 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Updating the Hardware ClockCommand or Action Purpose ntp Enters NTP configuration mode. Example: RP/0/RSP0/CPU0:router(config)# ntp Step 2 Configuresthe router t o update itssystem calendar from the software clock at periodic intervals. update-calendar Example: RP/0/RSP0/CPU0:router(config-ntp)# update-calendar Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-ntp)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-ntp)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Verifying the Status of the External Reference Clock This task explains how to verify the status of NTP components. Note The commands can be entered in any order. SUMMARY STEPS 1. show ntp associations [detail] [location node-id] 2. show ntp status [location node-id] Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 185 Implementing NTP on the Cisco ASR 9000 Series Router Verifying the Status of the External Reference ClockDETAILED STEPS Command or Action Purpose show ntp associations [detail] [location node-id] Displays the status of NTP associations. Example: RP/0/RSP0/CPU0:router# show ntp associations Step 1 show ntp status [location node-id] Displays the status of NTP. Example: RP/0/RSP0/CPU0:router# show ntp status Step 2 Examples The following is sample output from the show ntp associations command: RP/0/RSP0/CPU0:router# show ntp associations address ref clock st when poll reach delay offset disp +~127.127.1.1 127.127.1.1 5 5 1024 37 0.0 0.00 438.3 *~172.19.69.1 172.24.114.33 3 13 1024 1 2.0 67.16 0.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured The following is sample output from the show ntp status command: RP/0/RSP0/CPU0:router# show ntp status Clock is synchronized, stratum 4, reference is 172.19.69.1 nominal freq is 1000.0000 Hz, actual freq is 999.9988 Hz, precision is 2**26 reference time is C54C131B.9EECF6CA (07:26:19.620 UTC Mon Nov 24 2008) clock offset is 66.3685 msec, root delay is 7.80 msec root dispersion is 950.04 msec, peer dispersion is 3.38 msec Configuration Examples for Implementing NTP Configuring Poll-Based Associations: Example The following example shows an NTP configuration in which the router’s system clock is configured to form a peer association with the time server host at IP address 192.168.22.33, and to allow the system clock to be synchronized by time server hosts at IP address 10.0.2.1 and 172.19.69.1: ntp server 10.0.2.1 minpoll 5 maxpoll 7 peer 192.168.22.33 server 172.19.69.1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 186 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuration Examples for Implementing NTPConfiguring Broadcast-Based Associations: Example The following example shows an NTP client configuration in which Gigabit Ethernet interface 0/2/0/0 is configured to receive NTP broadcast packets, and the estimated round-trip delay between an NTP client and an NTP broadcast server is set to 2 microseconds: ntp interface GigabitEthernet 0/2/0/0 broadcast client exit broadcastdelay 2 The following example shows an NTP server configuration where Gigabit Ethernet interface 0/2/0/2 is configured to be a broadcast server: ntp interface GigabitEthernet 0/2/0/2 broadcast Configuring NTP Access Groups: Example The following example shows a NTP access group configuration where the following access group restrictions are applied: • Peer restrictions are applied to IP addresses that pass the criteria of the access list named peer-acl. • Serve restrictions are applied to IP addresses that pass the criteria of access list named serve-acl. • Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named serve-only-acl. • Query-only restrictions are applied to IP addresses that pass the criteria of the access list named query-only-acl. ntp peer 10.1.1.1 peer 10.1.1.1 peer 10.2.2.2 peer 10.3.3.3 peer 10.4.4.4 peer 10.5.5.5 peer 10.6.6.6 peer 10.7.7.7 peer 10.8.8.8 access-group peer peer-acl access-group serve serve-acl access-group serve-only serve-only-acl access-group query-only query-only-acl exit ipv4 access-list peer-acl 10 permit ip host 10.1.1.1 any 20 permit ip host 10.8.8.8 any exit ipv4 access-list serve-acl 10 permit ip host 10.4.4.4 any 20 permit ip host 10.5.5.5 any exit ipv4 access-list query-only-acl 10 permit ip host 10.2.2.2 any 20 permit ip host 10.3.3.3 any exit ipv4 access-list serve-only-acl 10 permit ip host 10.6.6.6 any 20 permit ip host 10.7.7.7 any Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 187 Implementing NTP on the Cisco ASR 9000 Series Router Configuration Examples for Implementing NTPexit Configuring NTP Authentication: Example The following example shows an NTP authentication configuration. In this example, the following is configured: • NTP authentication is enabled. • Two authentication keys are configured (key 2 and key 3). • The router is configured to allow its software clock to be synchronized with the clock of the peer (or vice versa) at IP address 10.3.32.154 using authentication key 2. • The router is configured to allow its software clock to be synchronized with the clock by the device at IP address 10.32.154.145 using authentication key 3. • The router is configured to synchronize only to systems providing authentication key 3 in their NTP packets. ntp authenticate authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2 Disabling NTP on an Interface: Example The following example shows an NTP configuration in which Gigabit Ethernet 0/2/0/0 interface is disabled: ntp interface GigabitEthernet0/2/0/0 disable exit authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 authenticate trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2 Configuring the Source IP Address for NTP Packets: Example The following example shows an NTP configuration in which Ethernet management interface 0/0/CPU0/0 is configured as the source address for NTP packets: ntp authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 authenticate trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2 source MgmtEth0/0/CPU0/0 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 188 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Configuration Examples for Implementing NTPConfiguring the System as an Authoritative NTP Server: Example The following example shows a NTP configuration in which the router is configured to use its own NTP master clock to synchronize with peers when an external NTP source becomes unavailable: ntp master 6 Updating the Hardware Clock: Example The following example shows an NTP configuration in which the router is configured to update its hardware clock from the software clock at periodic intervals: ntp server 10.3.32.154 update-calendar Additional References The following sections provide references related to implementing NTP on Cisco IOS XR software. Related Documents Related Topic Document Title Clock Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR clock commands NTP Commands on module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR NTP commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Information about getting started with Cisco IOS XR Software Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR master command index Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 189 Implementing NTP on the Cisco ASR 9000 Series Router Additional ReferencesStandards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 1059 Network Time Protocol, Version 1: Specification and Implementation RFC 1119 Network Time Protocol, Version 2: Specification and Implementation Network Time Protocol, Version 3: Specification, Implementation, and Analysis RFC 1305 Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 190 OL-26081-03 Implementing NTP on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 11 Implementing Object Tracking on Cisco IOS XR Software This module describes the configuration of object tracking on your Cisco IOS XR network. For information about its application in IPSec, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide. For complete descriptions of the commands listed in this module, see Related Documents, on page 206. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 27: Feature History for Implementing Object Tracking on Cisco IOS XR Software Contents Release Modification Release 4.2.1 This feature was introduced. This module contains the following topics: • Prerequisites for Implementing Object Tracking, page 191 • Information About Object Tracking, page 192 • How to Implement Object Tracking, page 192 • Configuration Examples for Configuring Object Tracking, page 204 • Additional References, page 206 Prerequisites for Implementing Object Tracking You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 191Information About Object Tracking Object tracking is a mechanism to track an object and to take an action on another object with no relationship to the tracked objects, based on changes to the properties of the object being tracked. Each tracked object is identified by a unique name specified on the tracking command-line interface (CLI). Cisco IOS XR processes then use this name to track a specific object. The tracking process periodically polls the tracked object and reports any changes to its state in terms of its being up or down, either immediately or after a delay, as configured by the user. Multiple objects can also be tracked by means of a list, using a flexible method for combining objects with Boolean logic. This functionality includes: • Boolean AND function—When a tracked list has been assigned a Boolean AND function, each object defined within a subset must be in an up state, so that the tracked object can also be in the up state. • Boolean OR function—When the tracked list has been assigned a Boolean OR function, it means that at least one object defined within a subset must also be in an up state, so that the tracked object can also be in the up state. How to Implement Object Tracking This section describes the various object tracking procedures. Tracking Whether an Interface Is Up or Down Perform this optional task in global configuration mode to track, in increments of from 1 to 10 seconds, whether the state of an interface is up or down. When the tracked object state changes to down, the tracking object (in the case of IPSec, this is the service virtual interface [SVI]) is brought down, which results in the following: • All existing tunnels on the SVI are torn down. • New tunnels cannot be established on this SVI. • All the routes, whether static or dynamic, pointing to the SVI are removed, including reverse-route injections (RRI). SUMMARY STEPS 1. configure 2. track track-name 3. (Optional) delay {up seconds|down seconds} 4. Use one of the following commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 192 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Information About Object TrackingDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. (Optional) Schedules the delay that can occur between tracking whether the object is up or down. delay {up seconds|down seconds} Example: RP/0/RSP0/CPU0:router(config-track)# delay up 10 Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-track)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-track)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Tracking the Line Protocol State of an Interface Perform this task in global configuration mode to track the line protocol state of an interface. A tracked object is considered up when a line protocol of the interface is up. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 193 Implementing Object Tracking on Cisco IOS XR Software Tracking the Line Protocol State of an InterfaceAfter configuring the tracked object, you may associate the interface whose state should be tracked and specify the number of seconds to wait before the tracking object polls the interface for its state. SUMMARY STEPS 1. configure 2. track track-name 3. type line-protocol state 4. interface type interface-path-id 5. (Optional) delay {up seconds|down seconds} 6. interface { service-gre numeric-name | service-ipsec numeric-name} 7. line-protocol track object-name 8. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. type line-protocol state Creates a track based on the line protocol of an interface. Example: RP/0/RSP0/CPU0:router(config-track)# type line-protocol state Step 3 Step 4 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config-track-line-prot)#interface atm 0/2/0/0.1 • type—Specifies the interface type. For more information, use the question mark (?) online help function. • interface-path-id—Identifies a physical interface or a virtual interface. Use the show interfaces command to see a list of all possible interfaces currently configured on the router. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 194 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Tracking the Line Protocol State of an InterfaceCommand or Action Purpose The loopback and null interfaces are always in the up state and, therefore, cannot be tracked. Note (Optional) Schedules the delay that can occur between tracking whether the object is up or down. delay {up seconds|down seconds} Example: RP/0/RSP0/CPU0:router(config-track)# delay up 10 Step 5 Enters the service-ipsec interface mode, in which you associate a service-ipsec interface with the interface interface { service-gre numeric-name | service-ipsec numeric-name} Step 6 whose state should be tracked. For example, if the state Example: RP/0/RSP0/CPU0:router(config-track)# interface service-ipsec 23 of the selected interface, such as, ATM, goes down or up, the state of the service-ipsec interface follows suit. • numeric-name—Numeric name of the service-ipsec interface, which can be from 1-65535. Although service-gre interfaces can be tracked as an interface object, it is currently unsupported as a means to monitor the state of another interface object. Note Associates a specific track to an IP Sec or GRE interface. The state of the interface changes when the state of the track changes. line-protocol track object-name Example: RP/0/RSP0/CPU0:router(config-if)# line-protocol track track12 Step 7 Step 8 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-track)# end before exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-track)# commit configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 195 Implementing Object Tracking on Cisco IOS XR Software Tracking the Line Protocol State of an InterfaceCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Tracking IP Route Reachability When a host or a network goes down on a remote site, routing protocols notify the router and the routing table is updated accordingly. The routing process is configured to notify the tracking process when the route state changes due to a routing update. A tracked object is considered up when a routing table entry exists for the route and the route is accessible. SUMMARY STEPS 1. configure 2. track track-name 3. type route reachability 4. Use one of the following commands: • vrf vrf-table-name • route ipv4 IP-prefix/mask 5. (Optional) delay {up seconds|down seconds} 6. interface { service-gre numeric-name | service-ipsec numeric-name} 7. line-protocol track object-name 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 196 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Tracking IP Route ReachabilityCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. Configures the routing process to notify the tracking process when the state of the route changes due to a routing update. type route reachability Example: RP/0/RSP0/CPU0:router(config-track)# type route reachability vrf internet Step 3 Configures the type of IP route to be tracked, which can consist of either of the following, depending on your router type: Step 4 Use one of the following commands: • vrf vrf-table-name • vrf-table-name—A VRF table name. • route ipv4 IP-prefix/mask • IP-prefix/mask—An IP prefix consisting of the network and subnet mask (for example, 10.56.8.10/16). Example: RP/0/RSP0/CPU0:router(config-track-route)# vrf vrf-table-4 or RP/0/RSP0/CPU0:router(config-track-route)# route ipv4 10.56.8.10/16 (Optional) Schedulesthe delay that can occur between tracking whether the object is up or down. delay {up seconds|down seconds} Example: RP/0/RSP0/CPU0:router(config-track)# delay up 10 Step 5 Enters the service-ipsec interface mode, in which you associate a service-ipsec interface with the interface whose state should be tracked. interface { service-gre numeric-name | service-ipsec numeric-name} Step 6 For example, if the state of the selected interface, such as, ATM, goes down or up, the state of the service-ipsec interface follows suit. Example: RP/0/RSP0/CPU0:router(config-track)# interface service-ipsec 23 • numeric-name—Numeric name of the service-ipsec interface, which can be from 1-65535. Although service-gre interfaces can be tracked as an interface object, it is currently unsupported as a means to monitor the state of another interface object. Note Associates the track with an IPSec or GRE interface. The state of the interface changes when the state of the track changes. line-protocol track object-name Example: RP/0/RSP0/CPU0:router(config-if)# line-protocol track track1 Step 7 Step 8 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 197 Implementing Object Tracking on Cisco IOS XR Software Tracking IP Route ReachabilityCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Building a Track Based on a List of Objects Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are lists of interfaces or prefixes) using a Boolean expression to determine the state of the list. A tracked list contains one or more objects. The Boolean expression enables two types of calculations by using either AND or OR operators. For example, when tracking two interfaces, using the AND operator, up means that both interfaces are up, and down means that either interface is down. An object must exist before it can be added to a tracked list. The NOT operator is specified for one or more objects and negates the state of the object. Note After configuring the tracked object, you must associate the interface whose state should be tracked and you may optionally specify the number of seconds to wait before the tracking object polls the interface for its state. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 198 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of ObjectsSUMMARY STEPS 1. configure 2. track track-name 3. type list boolean { and | or } 4. object object-name [ not ] 5. (Optional) delay {up seconds|down seconds} 6. interface { service-gre numeric-name | service-ipsec numeric-name} 7. line-protocol track object-name 8. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. Step 3 type list boolean { and | or } Configures a Boolean list object and enterstrack list configuration mode. Example: RP/0/RSP0/CPU0:router(config-track-list)# type list boolean and • boolean—Specifies that the state of the tracked list is based on a Boolean calculation. • and—Specifies that the list is up if all objects are up, or down if one or more objects are down. For example when tracking two interfaces, up means that both interfaces are up, and down means that either interface is down. • or—Specifies that the list is up if at least one object is up. For example, when tracking two interfaces, up means that either interface is up, and down means that both interfaces are down. Step 4 object object-name [ not ] Specifies the object to be tracked by the list Example: RP/0/RSP0/CPU0:router(config-track-list)# object 3 not • obect-name—Name of the object to track. • not—Negates the state of the object. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 199 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of ObjectsCommand or Action Purpose (Optional) Schedules the delay that can occur between tracking whether the object is up or down. delay {up seconds|down seconds} Example: RP/0/RSP0/CPU0:router(config-track)# delay up 10 Step 5 Enters the service-ipsec interface mode, in which you associate a service-ipsec interface with the interface whose state should be tracked. interface { service-gre numeric-name | service-ipsec numeric-name} Step 6 For example, if the state of the selected interface, such as, ATM, goes down or up, the state of the service-ipsec interface follows suit. Example: RP/0/RSP0/CPU0:router(config-track)# interface service-ipsec 23 • numeric-name—Numeric name of the service-ipsec interface, which can be from 1-65535. Although service-gre interfaces can be tracked as an interface object, it is currently unsupported as a means to monitor the state of another interface object. Note Associates the track to an IP Sec or GRE interface. The state of the interface changes when the state of the track changes. line-protocol track object-name Example: RP/0/RSP0/CPU0:router(config-if)# line-protocol track track1 Step 7 Step 8 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-track)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-track)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 200 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of ObjectsBuilding a Track Based on a List of Objects - Threshold Percentage Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are lists of interfaces or prefixes) using a threshold percentage to determine the state of the list. SUMMARY STEPS 1. configure 2. track track-name 3. type list threshold percentage 4. object object-name 5. threshold percentage up percentage down percentage 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. type list threshold percentage Configures a track of type threshold percentage list. Example: RP/0/RSP0/CPU0:router(config-track-list)# type list threshold percentage Step 3 Configures object 1, object 2, object 3 and object 4 as members of track type track1. object object-name Example: RP/0/RSP0/CPU0:router(config-track-list-threshold)# Step 4 object 1 RP/0/RSP0/CPU0:router(config-track-list-threshold)# object 2 RP/0/RSP0/CPU0:router(config-track-list-threshold)# object 3 RP/0/RSP0/CPU0:router(config-track-list-threshold)# Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 201 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of Objects - Threshold PercentageCommand or Action Purpose object 4 Configures the percentage of objects that need to be UP or DOWN for the list to be considered UP or Down respectively. threshold percentage up percentage down percentage Example: RP/0/RSP0/CPU0:router(config-track-list-threshold)# threshold percentage up 50 down 33 Step 5 For example, if object 1, object 2, and object 3 are in the UP state and object 4 is in the DOWN state, the list is considered to be in the UP state. Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-track)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-track)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Building a Track Based on a List of Objects - Threshold Weight Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are lists of interfaces or prefixes) using a threshold weight to determine the state of the list. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 202 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of Objects - Threshold WeightSUMMARY STEPS 1. configure 2. track track-name 3. type list threshold weight 4. object object-nameweight weight 5. threshold weight up weight down weight 6. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 track track-name Enters track configuration mode. Example: RP/0/RSP0/CPU0:router(config)# track track1 • track-name—Specifies a name for the object to be tracked. type list threshold weight Configures a a track of type, threshold weighted list. Example: RP/0/RSP0/CPU0:router(config-track-list)# type list threshold weight Step 3 Configures object 1, object 2 and object 3 as members of track t1 and with weights 10, 5 and 3 respectively. object object-nameweight weight Example: Step 4 RP/0/RSP0/CPU0:router(config-track-list-threshold)# object 1 weight 10 RP/0/RSP0/CPU0:router(config-track-list-threshold)# object 2 weight 5 RP/0/RSP0/CPU0:router(config-track-list-threshold)# object 3 weight 3 Configures the range of weights for the objects that need to be UP or DOWN for the list to be considered UP or DOWN threshold weight up weight down weight Example: RP/0/RSP0/CPU0:router(config-track-list-threshold)# threshold weight up 10 down 5 Step 5 respectively. In this example, the list is considered to be in the DOWN state because objects 1 and 2 are in the UP state and the cumulative weight is 15 (not in the 10-5 range). Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 203 Implementing Object Tracking on Cisco IOS XR Software Building a Track Based on a List of Objects - Threshold WeightCommand or Action Purpose Step 6 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-track)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-track)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuration Examples for Configuring Object Tracking For examples illustrating how to use object tracking in a variety of scenarios in IPSec, see the Implementing IPSec Network Security on Cisco IOS XR Software module in Cisco ASR 9000 Series Aggregation Services Router System Monitoring Configuration Guide. Tracking Whether the Interface Is Up or Down: Example track connection100 type list boolean and object object3 not delay up 10 ! interface service-ipsec 23 line-protocol track connection100 ! Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 204 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Configuration Examples for Configuring Object TrackingTracking the Line Protocol State of an Interface: Example In this example, traffic arrives from interface service-ipsec1 and exits through interface GigabitEthernet 0/0/0/3: track IPSec1 type line-protocol state interface gigabitethernet0/0/0/3 ! interface service-ipsec 1 ipv4 address 70.0.0.1 255.255.255.0 profile vrf1_profile_ipsec line-protocol track IPSec1 tunnel source 80.0.0.1 tunnel destination 80.0.0.2 service-location preferred-active 0/0/1 ! Displaying the Line Protocol State of an Interface: Example This example displays the output from the show track command after performing the previous example: RP/0/RSP0/CPU0:router# show track Track IPSec1 Interface GigabitEthernet0_0_0_3 line-protocol ! Line protocol is UP 1 change, last change 10:37:32 UTC Thu Sep 20 2007 Tracked by: service-ipsec1 ! Tracking IP Route Reachability: Example In this example, traffic arriving from interface service-ipsec1 has its destination in network 7.0.0.0/24. This tracking procedure follows the state of the routing protocol prefix to signal when there are changes in the routing table. track PREFIX1 type route reachability route ipv4 7.0.0.0/24 ! interface service-ipsec 1 vrf 1 ipv4 address 70.0.0.2 255.255.255.0 profile vrf_1_ipsec line-protocol track PREFIX1 tunnel source 80.0.0.2 tunnel destination 80.0.0.1 service-location preferred-active 0/2/0 Building a Track Based on a List of Objects: Example In this example, traffic arriving from interface service-ipsec1 exits through interface GigabitEthernet 0/0/0/3 and interface ATM 0/2/0/0.1. The destination of the traffic is at network 7.0.0.0/24. If either one of the interfaces or the remote network goes down, the flow of traffic must stop. To do this, we use a Boolean AND expression. track LIST2 type list boolean and Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 205 Implementing Object Tracking on Cisco IOS XR Software Configuration Examples for Configuring Object Trackingobject IPSec1 object IPSec2 object PREFIX1 ! track IPSec1 type line-protocol state interface GigabitEthernet0/0/0/3 ! track IPSec2 type line-protocol state interface ATM0/2/0.1 ! track PREFIX1 type route reachability route ipv4 7.0.0.0/24 ! interface service-ipsec1 vrf 1 ipv4 address 70.0.0.2 255.255.255.0 profile vrf_1_ipsec line-protocol track LIST2 tunnel source 80.0.0.2 tunnel destination 80.0.0.1 service-location preferred-active 0/2/0 ! Additional References The following sections provide referencesrelated to implementing object tracking for IPSec network security. Related Documents Related Topic Document Title IPSec Network Security Commands on the Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide IPSec network security commands Internet Key Exchange Security Protocol Commands on the Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Security Command Reference Internet Key Exchange (IKE) security protocol commands Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference IP-Sec-related object tracking commands Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 206 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Additional ReferencesMIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 2401 Security Architecture for the Internet Protocol Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 207 Implementing Object Tracking on Cisco IOS XR Software Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 208 OL-26081-03 Implementing Object Tracking on Cisco IOS XR Software Additional ReferencesC H A P T E R 12 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Line templates define standard attribute settings for incoming and outgoing transport over physical and virtual terminal lines (vtys). Vty pools are used to apply template settings to ranges of vtys. Before creating or modifying the vty pools, enable the telnet server using the telnet server command in global configuration mode. See Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference for more information. Note This module describes the new and revised tasks you need to implement physical and virtual terminals on your Cisco IOS XR network. For more information about physical and virtual terminals on the Cisco IOS XR software and complete descriptions of the terminal services commands listed in this module, see Related Documents, on page 219. To locate documentation for other commands that might appear in the course of running a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 28: Feature History for Implementing Physical and Virtual Templates on Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. This module contains the following topics: • Prerequisites for Implementing Physical and Virtual Terminals, page 210 • Information About Implementing Physical and Virtual Terminals, page 210 • How to Implement Physical and Virtual Terminals on Cisco IOS XR Software, page 212 • Configuration Examples for Implementing Physical and Virtual Terminals, page 217 • Additional References, page 219 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 209Prerequisites for Implementing Physical and Virtual Terminals You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Information About Implementing Physical and Virtual Terminals To implement physical and virtual terminals, you need to understand the concepts in this section. Line Templates The following line templates are available in the Cisco IOS XR software. • Default line template—The default line template that applies to a physical and virtual terminal lines. • Console line template—The line template that applies to the console line. • User-defined line templates—User-defined line templatesthat can be applied to a range of virtual terminal lines. Line Template Configuration Mode Changes to line template attributes are made in line template configuration mode. To enter line template configuration mode, issue the line command from global configuration mode, specifying the template to be modified. The line templates that are available to be configured with the line command can be displayed using the online help feature ( ? ): RP/0/RSP0/CPU0:router(config)# line ? console console template default default template template user defined template After you specify a template with the line command, the router will enter line template configuration mode where you can set the terminal attributes that will apply to specified line template. This example shows how to specify the console template and to enter line template configuration mode for the console template: RP/0/RSP0/CPU0:router(config)# line console RP/0/RSP0/CPU0:router(config-line)# From line template configuration mode, the following terminal attribute setting commands can be configured: RP/0/RSP0/CPU0:router# ? absolute-timeout Set absolute timeout for line disconnection. access-class Filter connections based on an IP access list accounting Accounting parameters authorization Authorization parameters clear Clear the uncommitted configuration clear Clear the configuration cli Set the behaviour of cli. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 210 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Prerequisites for Implementing Physical and Virtual Terminalscommit Commit the configuration changes to running databits Set the number of databits. describe Describe a command without taking real actions disconnect-character Define the disconnect character do Run an exec command escape-character Change the current line template's escape character exec-timeout Set EXEC timeout exit Exit from this submode flowcontrol Configure flow control. interactive Interactive behaviour length Set number of lines on a screen. login Line login configuration no Negate a command or set its defaults parity Set the parity used. password Specify the password for the user pwd Commands used to reach current submode root Exit to the global configuration mode secret Provide a secure one way encrypted password session-limit Set the number of outgoing connections session-timeout Set interval for closing connection when there is no input traffic show Show contents of configuration stopbits Set the stopbits used. telnet Telnet protocol-specific configuration timeout Timeouts for the line timestamp To enable timestamp printing before each command. transport Define transport protocols for line users Users characteristics width Set width of the display terminal Line Template Guidelines The following guidelines apply to modifying the console template and to configuring a user-defined template: • Modify the templates for the physical terminal lines on the router (the console port) from line template configuration mode. Use the line console command from global configuration mode to enter line template configuration mode for the console template. • Modify the template for virtual lines by configuring a user-defined template with the line template-name command, configuring the terminal attributes for the user-defined template from line template configuration, and applying the template to a range of virtual terminal lines using the vty pool command. Attributes not defined in the console template, or any virtual template, are taken from the default template. The default settings for the default template are described for all commands in line template configuration mode in the Terminal Services Commands on the Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference. Before creating or modifying the vty pools, enable the telnet server using the telnet server command in global configuration mode. See Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference for more information. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 211 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Line Template GuidelinesTerminal Identification The physical terminal lines for the console port is identified by its location, expressed in the format of rack/slot/module , on the active or standby route processor (RP) where the respective console port resides. For virtual terminals, physical location is not applicable; the Cisco IOS XR software assigns a vty identifier to vtys according to the order in which the vty connection has been established. vty Pools Each virtual line is a member of a pool of connections using a common line template configuration. Multiple vty pools may exist, each containing a defined number of vtys as configured in the vty pool. The Cisco IOS XR software supports the following vty pools by default: • Default vty pool—The default vty pool consists of five vtys (vtys 0 through 4) that each reference the default line template. • Default fault manager pool—The default fault manager pool consists of six vtys (vtys 100 through 105) that each reference the default line template. In addition to the default vty pool and default fault manager pool, you can also configure a user-defined vty pool that can reference the default template or a user-defined template. When configuring vty pools, follow these guidelines: • The vty range for the default vty pool must start at vty 0 and must contain a minimum of five vtys. • The vty range from 0 through 99 can reference the default vty pool. • The vty range from 5 through 99 can reference a user-defined vty pool. • The vty range from 100 is reserved for the fault manager vty pool. • The vty range for fault manager vty pools must start at vty 100 and must contain a minimum of six vtys. • A vty can be a member of only one vty pool. A vty pool configuration will fail if the vty pool includes a vty that is already in another pool. • If you attempt to remove an active vty from the active vty pool when configuring a vty pool, the configuration for that vty pool will fail. How to Implement Physical and Virtual Terminals on Cisco IOS XR Software Modifying Templates Thistask explains how to modify the terminal attributesfor the console and default line templates. The terminal attributes that you set will modify the template settings for the specified template. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 212 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Terminal IdentificationSUMMARY STEPS 1. configure 2. line {console | default} 3. Configure the terminal attribute settings for the specified template using the commands in line template configuration mode. 4. Use one of the following commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 line {console | default} Enters line template configuration mode for the specified line template. Example: RP/0/RSP0/CPU0:router(config)# line console • console—Enters line template configuration mode for the console template. • default —Enters line template configuration mode for the default or line template. RP/0/RSP0/CPU0:router(config)# line default Configure the terminal attribute settings for the — specified template using the commands in line template configuration mode. Step 3 Step 4 Use one of the following commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-line)# end exiting(yes/no/cancel)? [cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-line)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 213 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Modifying TemplatesCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Creating and Modifying vty Pools This task explains how to create and modify vty pools. You can omit Step 3, on page 215 to Step 5, on page 215 if you are configuring the default line template to reference a vty pool. SUMMARY STEPS 1. configure 2. telnet {ipv4 | ipv6} server max-servers limit 3. line template template-name 4. Configure the terminal attribute settingsfor the specified line template using the commandsin line template configuration mode. 5. exit 6. vty-pool {default | pool-name | eem} first-vty last-vty [line-template {default | template-name}] 7. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 214 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Creating and Modifying vty PoolsCommand or Action Purpose Specifies the number of allowable Telnet servers. Up to 100 Telnet servers are allowed. telnet {ipv4 | ipv6} server max-servers limit Example: RP/0/RSP0/CPU0:router(config)# telnet Step 2 By default no Telnet servers are allowed. You must configure this command in order to enable the use of Telnet servers. Note ipv4 server max-servers 10 line template template-name Enters line template configuration mode for a user-defined template. Example: RP/0/RSP0/CPU0:router(config)# line template 1 Step 3 Configure the terminal attribute settings for — the specified line template using the Step 4 commands in line template configuration mode. Exits line template configuration mode and returns the router to global configuration mode. exit Example: RP/0/RSP0/CPU0:router(config-line)# exit Step 5 vty-pool {default | pool-name | eem} first-vty Creates or modifies vty pools. last-vty [line-template {default | template-name}] Step 6 • If you do notspecify a line template with the line-template keyword, a vty pool defaults to the default line template. Example: RP/0/RSP0/CPU0:router(config)# vty-pool • default —Configures the default vty pool. ? The default vty pool must start at vty 0 and must contain a minimum of five vtys (vtys 0 through 4). default 0 5 line-template default or RP/0/RSP0/CPU0:router(config)# vty-pool ? You can resize the default vty pool by increasing the range of vtys that compose the default vty pool. pool1 5 50 line-template template1 • pool-name —Creates a user-defined vty pool. or RP/0/RSP0/CPU0:router(config)# vty-pool ? A user-defined pool must start at least at vty 5, depending on whether the default vty pool has been resized. eem 100 105 line-template template1 ? If the range of vtys for the default vty pool has been resized, use the first range value free from the default line template. For example, if the range of vtys for the default vty pool has been configured to include 10 vtys (vty 0 through 9), the range value for the user-defined vty pool must start with vty 10. • eem —Configures the embedded event manager pool. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 215 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Creating and Modifying vty PoolsCommand or Action Purpose ? The default embedded event manager vty pool must start at vty 100 and must contain a minimum of six vtys (vtys 100 through 105). • line-template template-name —Configures the vty pool to reference a user-defined template. Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Monitoring Terminals and Terminal Sessions Thistask explains how to monitor terminals and terminalsessions using the show EXEC commands available for physical and terminal lines. Note The commands can be entered in any order. SUMMARY STEPS 1. (Optional) show line [aux location node-id | console location node-id | vty number] 2. (Optional) show terminal 3. (Optional) show users Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 216 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Monitoring Terminals and Terminal SessionsDETAILED STEPS Command or Action Purpose (Optional) Displays the terminal parameters of terminal lines. show line [aux location node-id | console location node-id | vty number] Step 1 Example: RP/0/RSP0/CPU0:router# show line • Specifying the show line aux location node-id EXEC command displays the terminal parameters of the auxiliary line. • Specifying the show line console location node-id EXEC command displays the terminal parameters of the console. ? For the location node-id keyword and argument, enter the location of the Route Processor (RP) on which the respective auxiliary or console port resides. ? The node-id argument is expressed in the format of rack/slot/module . • Specifying the show line vty number EXEC command displays the terminal parameters for the specified vty. (Optional) Displays the terminal attribute settings for the current terminal line. show terminal Example: RP/0/RSP0/CPU0:router# show terminal Step 2 (Optional) Displays information about the active lines on the router. show users Example: RP/0/RSP0/CPU0:router# show users Step 3 Configuration Examples for Implementing Physical and Virtual Terminals Modifying the Console Template: Example This configuration example shows how to modify the terminal attribute settings for the console line template: line console exec-timeout 0 0 escape-character 0x5a session-limit 10 disconnect-character 0x59 session-timeout 100 transport input telnet transport output telnet Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 217 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Configuration Examples for Implementing Physical and Virtual TerminalsIn this configuration example, the following terminal attributes are applied to the console line template: • The EXEC time out for terminal sessions is set to 0 minutes, 0 seconds. Setting the EXEC timeout to 0 minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal session will never time out. • The escape character is set to the 0x5a hexadecimal value (the 0x5a hexadecimal value translates into the “Z” character). • The session limit for outgoing terminal sessions is set to 10 connections. • The disconnect character is set to 0x59 hexadecimal value (the 0x59 hexidecimal character translates into the “Y” character). • The session time out for outgoing terminal sessions is set to 100 minutes (1 hour and 40 minutes). • The allowed transport protocol for incoming terminal sessions is Telnet. • The allowed transport protocol for outgoing terminal sessions is Telnet. To verify that the terminal attributes for the console line template have been applied to the console, use the show line command: RP/0/RSP0/CPU0:router# show line console location 0/0/CPU0 Tty Speed Modem Uses Noise Overruns Acc I/O * con0/0/CPU0 9600 - - - 0/0 -/- Line con0_0_CPU0, Location "Unknown", Type "Unknown" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600, 1 parity, 2 stopbits, 8 databits Template: console Config: Allowed transports are telnet. Modifying the Default Template: Example This configuration example shows how to override the terminal settings for the default line template: line default exec-timeout 0 0 width 512 length 512 In this example, the following terminal attributes override the default line template default terminal attribute settings: • The EXEC timeout for terminal sessions is set to 0 minutes and 0 seconds. Setting the EXEC timeout to 0 minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal session will never time out (the default EXEC timeout for the default line template is 10 minutes). • The width of the terminal screen for the terminals referencing the default template is set to 512 characters (the default width for the default line template is 80 characters). • The length, the number of lines that will display at one time on the terminal referencing the default template, is set to 512 lines (the default length for the default line template is 24 lines). Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 218 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Configuration Examples for Implementing Physical and Virtual TerminalsConfiguring a User-Defined Template to Reference the Default vty Pool: Example This configuration example shows how to configure a user-defined line template (named test in this example) for vtys and to configure the line template test to reference the default vty pool: line template test exec-timeout 100 0 width 100 length 100 exit vty-pool default 0 4 line-template test Configuring a User-Defined Template to Reference a User-Defined vty Pool: Example This configuration example shows how to configure a user-defined line template (named test2 in this example) for vtys and to configure the line template test to reference a user-defined vty pool (named pool1 in this example): line template test2 exec-timeout 0 0 session-limit 10 session-timeout 100 transport input all transport output all exit vty-pool pool1 5 50 line-template test2 Configuring a User-Defined Template to Reference the Fault Manager vty Pool: Example This configuration example shows how to configure a user-defined line template (named test3 in this example) for vtys and to configure the line template test to reference the fault manager vty pool: line template test3 width 110 length 100 session-timeout 100 exit vty-pool eem 100 106 line-template test3 Additional References The following sections provide references related to implementing physical and virtual terminals on Cisco IOS XR software. Related Documents Related Topic Document Title Terminal Services Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR terminal services commands Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR command master index Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 219 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Additional ReferencesRelated Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Information about getting started with Cisco IOS XR software Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 220 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Additional ReferencesCisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 221 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 222 OL-26081-03 Implementing Physical and Virtual Terminals on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 13 Implementing SNMP on the Cisco ASR 9000 Series Router Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network. This module describes the new and revised tasks you need to implement SNMP on your Cisco IOS XR network. For detailed conceptual information about SNMP on the Cisco IOS XR software and complete descriptions of the SNMP commandslisted in this module,see Related Documents, on page 251. To locate documentation for other commands that might appear in the course of performing a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 29: Feature History for Implementing SNMP on Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. Support was added for 3DES and AES encryption. The ability to preserve ENTITY-MIB and CISCO-CLASS-BASED-QOS-MIB data was added. Release 3.9.0 Release 4.2.0 Support was added for SNMP over IPv6. This module contains the following topics: • Prerequisites for Implementing SNMP, page 224 • Restrictions for SNMP Use on Cisco IOS XR Software, page 224 • Information About Implementing SNMP, page 224 • How to Implement SNMP on Cisco IOS XR Software, page 231 • Configuration Examples for Implementing SNMP, page 247 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 223• Additional References, page 251 Prerequisites for Implementing SNMP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for SNMP Use on Cisco IOS XR Software SNMP outputs are only 32-bits wide and therefore cannot display any information greater than 2 32 . 2 32 is equal to 4.29 Gigabits. Note that a 10 Gigabit interface is greater than this and so if you are trying to display speed information regarding the interface, you might see concatenated results. Information About Implementing SNMP To implement SNMP, you need to understand the concepts described in this section. SNMP Functional Overview The SNMP framework consists of three parts: • SNMP manager • SNMP agent • Management Information Base (MIB) SNMP Manager The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP. The most common managing system is called a network management system (NMS). The term NMS can be applied to either a dedicated device used for network management, or the applications used on such a device. A variety of network management applications are available for use with SNMP. These features range from simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks 2000 line of products). SNMP Agent The SNMP agent is the software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The agent and MIB reside on the router. To enable the SNMP agent, you must define the relationship between the manager and the agent. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 224 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Prerequisites for Implementing SNMPMIB The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects. Within the MIB there are collections of related objects, defined in MIB modules. MIB modules are written in the SNMP MIB module language, as defined in STD 58, RFC 2578, RFC 2579, and RFC 2580. Note that individual MIB modules are also referred to as MIBs; for example, the Interfaces Group MIB (IF-MIB) is a MIB module within the MIB on your system. The SNMP agent contains MIB variables whose values the SNMP manager can request or change through Get or Set operations. A manager can get a value from an agent or store a value into that agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to manager requests to get or set data. Figure 4: Communication Between an SNMP Agent and Manager, on page 225 illustratesthe communications relationship between the SNMP manager and agent. A manager can send the agent requests to get and set MIB values. The agent can respond to these requests. Independent of this interaction, the agent can send unsolicited notifications (traps) to the manager to notify the manager of network conditions. Figure 4: Communication Between an SNMP Agent and Manager Related Topics Additional References, on page 251 SNMP Notifications A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. On Cisco IOS XR software, unsolicited (asynchronous) notifications can be generated only as traps. Traps are messages alerting the SNMP manager to a condition on the network. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events. Note Inform requests (inform operations) are not supported in Cisco IOS XR software. Traps are less reliable than informs because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does not receive an inform request, it does not send a response. If the sender never receives a response, the inform request can be sent again. Thus, informs are more likely to reach their intended destination. However, traps are often preferred because informs consume more resources in the router and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Also, traps are sent only once, and an inform may be retried Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 225 Implementing SNMP on the Cisco ASR 9000 Series Router SNMP Notificationsseveral times. The retries increase traffic and contribute to a higher overhead on the network. Thus, traps and inform requests provide a trade-off between reliability and resources. In this illustration, the agent router sends a trap to the SNMP manager. Although the manager receives the trap, it does notsend any acknowledgment to the agent. The agent has no way of knowing that the trap reached its destination. Figure 5: Trap Received by the SNMP Manager In this illustration, the agent sends a trap to the manager, but the trap does not reach the manager. Because the agent has no way of knowing that the trap did not reach its destination, the trap is not sent again. The manager never receives the trap. Figure 6: Trap Not Received by the SNMP Manager SNMP Versions Cisco IOS XR software supports the following versions of SNMP: • Simple Network Management Protocol Version 1 (SNMPv1) • Simple Network Management Protocol Version 2c (SNMPv2c) • Simple Network Management Protocol Version 3 (SNMPv3) Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to access the agent MIB is defined by an IP address access control list and password. SNMPv2c support includes a bulk retrieval mechanism and more detailed error message reporting to management stations. The bulk retrieval mechanism supports the retrieval of tables and large quantities of information, minimizing the number of round-trips required. The SNMPv2c improved error handling support includes expanded error codesthat distinguish different kinds of error conditions; these conditions are reported Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 226 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router SNMP Versionsthrough a single error code in SNMPv1. Error return codes now report the error type. Three kinds of exceptions are also reported: no such object exceptions, no such instance exceptions, and end of MIB view exceptions. SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level will determine which security mechanism is employed when an SNMP packet is handled. See Table 31: SNMP Security Models and Levels, on page 228 for a list of security levels available in SNMPv3. The SNMPv3 feature supports RFCs 3411 to 3418. You must configure the SNMP agent to use the version of SNMP supported by the management station. An agent can communicate with multiple managers; for thisreason, you can configure the Cisco IOS-XR software to support communications with one managementstation using the SNMPv1 protocol, one using the SNMPv2c protocol, and another using SMNPv3. Comparison of SNMPv1, v2c, and v3 SNMP v1, v2c, and v3 all support the following operations: • get-request—Retrieves a value from a specific variable. • get-next-request—Retrieves the value following the named variable; this operation is often used to retrieve variables from within a table. With this operation, an SNMP manager does not need to know the exact variable name. The SNMP manager searches sequentially to find the needed variable from within the MIB. • get-response—Operation that replies to a get-request, get-next-request, and set-request sent by an NMS. • set-request—Operation that stores a value in a specific variable. • trap—Unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred. Table 30: SNMPv1, v2c, and v3 Feature Support, on page 227 identifies other key SNMP features supported by the SNMP v1, v2c, and v3. Table 30: SNMPv1, v2c, and v3 Feature Support Feature SNMP v1 SNMP v2c SNMP v3 Get-Bulk Operation No Yes Yes Yes (No on the Cisco IOS XR software) Yes (No on the Cisco IOS XR software) Inform Operation No 64 Bit Counter No Yes Yes Textual Conventions No Yes Yes Authentication No No Yes Privacy (Encryption) No No Yes Authorization and Access No No Yes Controls (Views) Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 227 Implementing SNMP on the Cisco ASR 9000 Series Router SNMP VersionsSecurity Models and Levels for SNMPv1, v2, v3 The security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The various security levels that exist within a security model are as follows: • noAuthNoPriv—Security level that does not provide authentication or encryption. • authNoPriv—Security level that provides authentication but does not provide encryption. • authPriv—Security level that provides both authentication and encryption. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level determine the security mechanism applied when the SNMP message is processed. Table 31: SNMP Security Models and Levels, on page 228 identifies what the combinations ofsecurity models and levels mean. Table 31: SNMP Security Models and Levels Model Level Authentication Encryption What Happens Uses a community string match for authentication. v1 noAuthNoPriv Community string No Uses a community string match for authentication. v2c noAuthNoPriv Community string No Uses a username match for authentication. v3 noAuthNoPriv Username No Provides authentication based on the HMAC 2 -MD5 3 algorithm or the HMAC-SHA 4 . HMAC-MD5 or No HMAC-SHA v3 authNoPriv Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 5 56-bit encryption in addition to authentication based on the CBC 6 DES (DES-56) standard. HMAC-MD5 or DES HMAC-SHA v3 authPriv Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 228 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router SNMP VersionsModel Level Authentication Encryption What Happens Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides 168-bit 3DES 7 level of encryption. HMAC-MD5 or 3DES HMAC-SHA v3 authPriv Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides 128-bit AES 8 level of encryption. HMAC-MD5 or AES HMAC-SHA v3 authPriv 2 Hash-Based Message Authentication Code 3 Message Digest 5 4 Secure Hash Algorithm 5 Data Encryption Standard 6 Cipher Block Chaining 7 Triple Data Encryption Standard 8 Advanced Encryption Standard Use of 3DES and AES encryption standards requires that the security package (k9sec) be installed. For information on installing software packages, see Upgrading and Managing Cisco IOS XR Software. SNMPv3 Benefits SNMPv3 provides secure access to devices by providing authentication, encryption and access control. These added security benefits secure SNMP against the following security threats: • Masquerade—The threat that an SNMP user may assume the identity of another SNMP user to perform management operations for which that SNMP user does not have authorization. • Message stream modification—The threat that messages may be maliciously reordered, delayed, or replayed (to an extent that is greater than can occur through the natural operation of a subnetwork service) to cause SNMP to perform unauthorized management operations. • Disclosure—The threat that exchanges between SNMP engines could be eavesdropped. Protecting against this threat may be required as a matter of local policy. In addition, SNMPv3 provides access control over protocol operations on SNMP managed objects. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 229 Implementing SNMP on the Cisco ASR 9000 Series Router SNMPv3 BenefitsSNMPv3 Costs SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP operations on MIB objects are performed. This cost is far outweighed by the security advantages provided by SNMPv3. Table 32: Order of Response Times from Least to Greatest, on page 230 shows the order of response time (from least to greatest) for the various security model and security level combinations. Table 32: Order of Response Times from Least to Greatest Security Model Security Level SNMPv2c noAuthNoPriv SNMPv3 noAuthNoPriv SNMPv3 authNoPriv SNMPv3 authPriv User-Based Security Model SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following services: • Message integrity—Ensuresthat messages have not been altered or destroyed in an unauthorized manner and that data sequences have not been altered to an extent greater than can occur nonmaliciously. • Message origin authentication—Ensures that the claimed identity of the user on whose behalf received data was originated is confirmed. • Message confidentiality—Ensures that information is not made available or disclosed to unauthorized individuals, entities, or processes. SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages. USM uses two authentication protocols: • HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption. View-Based Access Control Model The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by views. These access policies can be set when user groups are configured with the snmp-server group command. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 230 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router SNMPv3 CostsMIB Views For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset of the management information within the management domain. To provide this capability, access to a management object is controlled through MIB views, which contain the set of managed object types (and, optionally, the specific instances of object types) that can be viewed. Access Policy Access policy determines the access rights of a group. The three types of access rights are as follows: • read-view access—The set of object instances authorized for the group when objects are read. • write-view access—The set of object instances authorized for the group when objects are written. • notify-view access—The set of object instances authorized for the group when objects are sent in a notification. IP Precedence and DSCP Support for SNMP SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are handled in weighted random early detection (WRED). After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes cannot be assigned to different types of SNMP traffic in that router. The IP Precedence value is the first three bits in the type of service (ToS) byte of an IP header. The IP DSCP code point value is the first six bits of the differentiate services (DiffServ Field) byte. You can configure up to eight different IP Precedence markings or 64 different IP DSCP markings. How to Implement SNMP on Cisco IOS XR Software This section describes how to implement SNMP. The snmp-server commands enable SNMP on Management Ethernet interfaces by default. For information on how to enable SNMP server support on other inband interfaces, see the Implementing Management Plane Protection on Cisco IOS XR Software module in Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide. Configuring SNMPv3 This task explains how to configure SNMPv3 for network management and monitoring. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 231 Implementing SNMP on the Cisco ASR 9000 Series Router IP Precedence and DSCP Support for SNMPNo specific command enables SNMPv3; the first snmp-server global configuration command that you issue enables SNMPv3. Therefore, the sequence in which you issue the snmp-server commands for this task does not matter. Note SUMMARY STEPS 1. configure 2. (Optional) snmp-server engineid local engine-id 3. snmp-server view view-name oid-tree {included | excluded} 4. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [access-list-name] 5. snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted} auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name] 6. Use one of these commands: • end • commit 7. (Optional) show snmp 8. (Optional) show snmp engineid 9. (Optional) show snmp group 10. (Optional) show snmp users 11. (Optional) show snmp view DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Specifiesthe identification number of the local SNMP engine. snmp-server engineid local engine-id Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61 snmp-server view view-name oid-tree {included | Creates or modifies a view record. excluded} Step 3 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 232 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMPv3Command or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# snmp-server view view_name 1.3.6.1.2.1.1.5 included Configures a new SNMP group or a table that maps SNMP users to SNMP views. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [access-list-name] Step 4 Example: RP/0/RSP0/CPU0:router(config)# snmp-server group group_name v3 noauth read view_name1 write view_name2 snmp-server user username groupname Configures a new user to an SNMP group. {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted} Step 5 auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name] Example: RP/0/RSP0/CPU0:router(config)# snmp-server user noauthuser group_name v3 Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 233 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMPv3Command or Action Purpose (Optional) Displays information about the status of SNMP. show snmp Example: RP/0/RSP0/CPU0:router# show snmp Step 7 (Optional) Displays information about the local SNMP engine. show snmp engineid Example: RP/0/RSP0/CPU0:router# show snmp engineid Step 8 (Optional) Displaysinformation about each SNMP group on the network. show snmp group Example: RP/0/RSP0/CPU0:router# show snmp group Step 9 (Optional) Displays information about each SNMP username in the SNMP users table. show snmp users Example: RP/0/RSP0/CPU0:router# show snmp users Step 10 (Optional) Displays information about the configured views, including the associated MIB view family name, storage type, and status. show snmp view Example: RP/0/RSP0/CPU0:router# show snmp view Step 11 Configuring SNMP Trap Notifications This task explains how to configure the router to send SNMP trap notifications. You can omit Step 2, on page 232 to Step 4, on page 233 if you have already completed the steps documented under the Configuring SNMPv3, on page 231 task. Note Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 234 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMP Trap NotificationsSUMMARY STEPS 1. configure 2. (Optional) snmp-server engineid local engine-id 3. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [access-list-name] 4. snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted} auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name] 5. snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type] 6. snmp-server traps [notification-type] 7. Use one of these commands: • end • commit 8. (Optional) show snmp host DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Specifies the identification number of the local SNMP engine. snmp-server engineid local engine-id Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61 Configures a new SNMP group or a table that maps SNMP users to SNMP views. snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [access-list-name] Step 3 Example: RP/0/RSP0/CPU0:router(config)# snmp-server group group_name v3 noauth read view_name1 write view_name2 snmp-server user username groupname Configures a new user to an SNMP group. {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted} Step 4 auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name] Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 235 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMP Trap NotificationsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# snmp-server user noauthuser group_name v3 Specifies SNMP trap notifications, the version of SNMP to use, the security level of the notifications, and the recipient (host) of the notifications. snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type] Example: RP/0/RP0/CPU0:router(config)# snmp-server host 12.26.25.61 traps version 3 noauth userV3noauth Step 5 Enables the sending of trap notifications and specifies the type of trap notifications to be sent. snmp-server traps [notification-type] Example: RP/0/RP0/CPU0:router(config)# snmp-server traps bgp Step 6 • If a trap is not specified with the notification-type argument, all supported trap notifications are enabled on the router. To display which trap notifications are available on your router, enter the snmp-server traps ? command. Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. (Optional) Displays information about the configured SNMP notification recipient (host), port number, and security model. show snmp host Example: RP/0/RSP0/CPU0:router# show snmp host Step 8 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 236 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMP Trap NotificationsSetting the Contact, Location, and Serial Number of the SNMP Agent This task explains how to set the system contact string, system location string, and system serial number of the SNMP agent. Note The sequence in which you issue the snmp-server commands for this task does not matter. SUMMARY STEPS 1. configure 2. (Optional) snmp-server contact system-contact-string 3. (Optional) snmp-server location system-location 4. (Optional) snmp-server chassis-id serial-number 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Sets the system contact string. snmp-server contact system-contact-string Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 contact Dial System Operator at beeper # 27345 (Optional) Sets the system location string. snmp-server location system-location Example: RP/0/RSP0/CPU0:router(config)# snmp-server location Building 3/Room 214 Step 3 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 237 Implementing SNMP on the Cisco ASR 9000 Series Router Setting the Contact, Location, and Serial Number of the SNMP AgentCommand or Action Purpose (Optional) Sets the system serial number. snmp-server chassis-id serial-number Example: RP/0/RSP0/CPU0:router(config)# snmp-server chassis-id 1234456 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Defining the Maximum SNMP Agent Packet Size This task shows how to configure the largest SNMP packet size permitted when the SNMP server is receiving a request or generating a reply. Note The sequence in which you issue the snmp-server commands for this task does not matter. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 238 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Defining the Maximum SNMP Agent Packet SizeSUMMARY STEPS 1. configure 2. (Optional) snmp-server packetsize byte-count 3. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Sets the maximum packet size. snmp-server packetsize byte-count Example: RP/0/RSP0/CPU0:router(config)# snmp-server packetsize 1024 Step 2 Step 3 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 239 Implementing SNMP on the Cisco ASR 9000 Series Router Defining the Maximum SNMP Agent Packet SizeChanging Notification Operation Values After SNMP notifications have been enabled, you can specify a value other than the default for the source interface, message queue length, or retransmission interval. This task explains how to specify a source interface for trap notifications, the message queue length for each host, and the retransmission interval. Note The sequence in which you issue the snmp-server commands for this task does not matter. SUMMARY STEPS 1. configure 2. (Optional) snmp-server trap-source type interface-path-id 3. (Optional) snmp-server queue-length length 4. (Optional) snmp-server trap-timeout seconds 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Specifies a source interface for trap notifications. snmp-server trap-source type interface-path-id Example: RP/0/RSP0/CPU0:router(config)# snmp-server trap-source POS 0/0/1/0 Step 2 (Optional) Establishes the message queue length for each notification. snmp-server queue-length length Example: RP/0/RSP0/CPU0:router(config)# snmp-server queue-length 20 Step 3 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 240 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Changing Notification Operation ValuesCommand or Action Purpose (Optional) Defines how often to resend notifications on the retransmission queue. snmp-server trap-timeout seconds Example: RP/0/RSP0/CPU0:router(config)# snmp-server trap-timeout 20 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Setting IP Precedence and DSCP Values This task describes how to configure IP Precedence or IP DSCP for SNMP traffic. Before You Begin SNMP must be configured. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 241 Implementing SNMP on the Cisco ASR 9000 Series Router Setting IP Precedence and DSCP ValuesSUMMARY STEPS 1. configure 2. Use one of the following commands: • snmp-server ipv4 precedence value • snmp-server ipv4 dscp value 3. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Step 2 Use one of the following commands: Configures an IP precedence or IP DSCP value for SNMP traffic. • snmp-server ipv4 precedence value • snmp-server ipv4 dscp value Example: RP/0/RSP0/CPU0:router(config)# snmp-server dscp 24 Step 3 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 242 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Setting IP Precedence and DSCP ValuesCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring MIB Data to be Persistent Many SNMP MIB definitions define arbitrary 32-bit indices for their object tables. MIB implementations often do a mapping from the MIB indices to some internal data structure that is keyed by some other set of data. In these MIB tables the data contained in the table are often other identifiers of the element being modelled. For example, in the ENTITY-MIB, entries in the entPhysicalTable are indexed by the 31-bit value, entPhysicalIndex, but the entities could also be identified by the entPhysicalName or a combination of the other objects in the table. Because of the size of some MIB tables, significant processing is required to discover all the mappings from the 32-bit MIB indices to the other data which the network management station identifies the entry. For this reason, it may be necessary for some MIB indices to be persistent across process restarts, switchovers, or device reloads. The ENTITY-MIB entPhysicalTable and CISCO-CLASS-BASED-QOS-MIB are two such MIBs that often require index values to be persistent. Also, because of query response times and CPU utilization during CISCO-CLASS-BASED-QOS-MIB statistics queries, it is desirable to cache service policy statistics. SUMMARY STEPS 1. (Optional) snmp-server entityindex persist 2. (Optional) snmp-server mibs cbqosmib persist 3. (Optional) snmp-server cbqosmib cache refresh time time 4. (Optional) snmp-server cbqosmib cache service-policy count count 5. snmp-server ifindex persist DETAILED STEPS Command or Action Purpose (Optional) Enables the persistent storage of ENTITY-MIB data. snmp-server entityindex persist Example: RP/0/RSP0/CPU0:router(config)# snmp-server entityindex persist Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 243 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring MIB Data to be PersistentCommand or Action Purpose (Optional) Enables persistent storage of the CISCO-CLASS-BASED-QOS-MIB data. snmp-server mibs cbqosmib persist Example: RP/0/RSP0/CPU0:router(config)# snmp-server mibs cbqosmib persist Step 2 (Optional) Enables QoS MIB caching with a specified cache refresh time. snmp-server cbqosmib cache refresh time time Example: RP/0/RSP0/CPU0:router(config)# snmp-server mibs cbqosmib cache refresh time 45 Step 3 (Optional) Enables QoS MIB caching with a limited number of service policies to cache. snmp-server cbqosmib cache service-policy count count Example: RP/0/RSP0/CPU0:router(config)# snmp-server mibs cbqosmib cache service-policy count 50 Step 4 Enables ifIndex persistence globally on all Simple Network Management Protocol (SNMP) interfaces. snmp-server ifindex persist Example: RP/0/RSP0/CPU0:router(config)# snmp-server ifindex persist Step 5 Configuring LinkUp and LinkDown Traps for a Subset of Interfaces By specifying a regular expression to represent the interfaces for which you are interested in setting traps, you can enable or disable linkUp and linkDown traps for a large number of interfaces simultaneously. Before You Begin SNMP must be configured. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 244 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring LinkUp and LinkDown Traps for a Subset of InterfacesSUMMARY STEPS 1. configure 2. snmp-server interface subset subset-number regular-expression expression 3. notification linkupdown disable 4. Use one of these commands: • end • commit 5. (Optional) show snmp interface notification subset subset-number 6. (Optional) show snmp interface notification regular-expression expression 7. (Optional) show snmp interface notification type interface-path-id DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters snmp-server interface mode for the interfaces identified by the regular expression. snmp-server interface subset subset-number regular-expression expression Step 2 Example: RP/0/RSP0/CPU0:router(config)# snmp-server The subset-number argument identifies the set of interfaces, and also assigns a priority to the subset in the event that an interface is included in more than one subset. Lower numbers have higher priority and their configuration takes precedent over interface subsets with higher numbers. interface subset 10 regular-expression "^Gig[a-zA-Z]+[0-9/]+\." RP/0/RSP0/CPU0:router(config-snmp-if-subset)# The expression argument must be entered surrounded by double quotes. Refer to the Understanding Regular Expressions, Special Characters, and Patterns module in Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide for more information regarding regular expressions. Disables linkUp and linkDown traps for all interfaces being configured. To enable previously disabled interfaces, use the no form of this command. notification linkupdown disable Example: RP/0/RSP0/CPU0:router(config-snmp-if-subset)# notification linkupdown disable Step 3 Step 4 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 245 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring LinkUp and LinkDown Traps for a Subset of InterfacesCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-if)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays the linkUp and linkDown notification status for all interfaces identified by the subset priority. show snmp interface notification subset subset-number Example: RP/0/RSP0/CPU0:router# show snmp interface notification subset 10 Step 5 (Optional) Displays the linkUp and linkDown notification status for all interfaces identified by the regular expression. show snmp interface notification regular-expression expression Example: RP/0/RSP0/CPU0:router# show snmp interface Step 6 notification regular-expression "^Gig[a-zA-Z]+[0-9/]+\." (Optional) Displays the linkUp and linkDown notification status for the specified interface. show snmp interface notification type interface-path-id Example: RP/0/RSP0/CPU0:router# show snmp interface Step 7 notification GigabitEthernet0/4/0/3.10 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 246 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring LinkUp and LinkDown Traps for a Subset of InterfacesConfiguration Examples for Implementing SNMP Configuring SNMPv3: Examples Setting an Engine ID This example shows how to set the identification of the local SNMP engine: snmp-server engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61 Note After the engine ID has been configured, the SNMP agent restarts. Verifying the Identification of the Local SNMP Engines This example shows how to verify the identification of the local SNMP engine: config show snmp engineid SNMP engineID 00000009000000a1ffffffff Creating a View There are two ways to create a view: • You can include the object identifier (OID) of an ASN.1 subtree of a MIB family from a view by using the included keyword of the snmp-server view command. • You can exclude the OID subtree of the ASN.1 subtree of a MIB family from a view by using the excluded keyword of the snmp-server view command. This example shows how to create a view that includes the sysName (1.3.6.1.2.1.1.5) object: config snmp-server view view_name 1.3.6.1.2.1.1.5 included This example shows how to create a view that includes all the OIDs of a system group: config snmp-server view view_name 1.3.6.1.2.1.1 included This example shows how to create a view that includes all the OIDs under the system group except the sysName object (1.3.6.1.2.1.1.5), which has been excluded: config snmp-server view view_name 1.3.6.1.2.1.1 included snmp-server view view_name 1.3.6.1.2.1.1.5 excluded Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 247 Implementing SNMP on the Cisco ASR 9000 Series Router Configuration Examples for Implementing SNMPVerifying Configured Views This example shows how to display information about the configured views: RP/0/RSP0/CPU0:router# show snmp view v1default 1.3.6.1 - included nonVolatile active view_name 1.3.6.1.2.1.1 - included nonVolatile active view_name 1.3.6.1.2.1.1.5 - excluded nonVolatile active Creating Groups If you do not explicitly specify a notify, read, or write view, the Cisco IOS XR software uses the v1 default (1.3.6.1). This example shows how to create a group that utilizes the default view: RP/0/RSP0/CPU0:router(config)# snmp-server group group-name v3 auth The following configuration example shows how to create a group that has read access to all the OIDs in the system except the sysUpTime object (1.3.6.1.2.1.1.3), which has been excluded from the view applied to the group, but write access only to the sysName object (1.3.6.1.2.1.1.5): ! snmp-server view view_name1 1.3.6.1.2.1.1 included snmp-server view view_name1 1.3.6.1.2.1.1.3 excluded snmp-server view view_name2 1.3.6.1.2.1.1.5 included snmp-server group group_name v3 auth read view_name1 write view_name2 ! Verifying Groups This example shows how to verify the attributes of configured groups: RP/0/RSP0/CPU0:router# show snmp group groupname: group_name security model:usm readview : view_name1 writeview: view_name2 notifyview: v1default row status: nonVolatile Creating and Verifying Users Given the following SNMPv3 view and SNMPv3 group configuration: ! snmp-server view view_name1 1.3.6.1.2.1.1 included snmp-server group group_name v3 noauth read view_name write view-name ! This example shows how to create a noAuthNoPriv user with read and write view access to a system group: config snmp-server user noauthuser group_name v3 Note The user must belong to a noauth group before a noAuthNoPriv user can be created. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 248 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMPv3: ExamplesThis example shows how to verify the attributes that apply to the SNMP user: RP/0/RSP0/CPU0:router# show snmp user User name: noauthuser Engine ID: localSnmpID storage-type: nonvolatile active Given the following SNMPv3 view and SNMPv3 group configuration: ! snmp-server view view_name 1.3.6.1.2.1.1 included snmp group group_name v3 priv read view_name write view_name ! This example shows how to create authNoPriv user with read and write view access to a system group: RP/0/RSP0/CPU0:router(config)# snmp-server user authuser group_name v3 auth md5 clear auth_passwd Because the group is configured at a security level of Auth, the user must be configured as “auth” at a minimum to access this group (“priv” users could also access this group). The authNoPriv user configured in this group, authuser, must supply an authentication password to access the view. In the example, auth_passwd is set as the authentication password string. Note that clear keyword is specified before the auth_passwd password string. The clear keyword indicates that the password string being supplied is unencrypted. Note This example shows how to verify the attributes that apply to SNMP user: RP/0/RSP0/CPU0:router# show snmp user User name: authuser Engine ID: localSnmpID storage-type: nonvolatile active Given the following SNMPv3 view and SNMPv3 group configuration: ! snmp view view_name 1.3.6.1.2.1.1 included snmp group group_name v3 priv read view_name write view_name ! This example shows how to create an authPriv user with read and write view access to a system group: config snmp-server user privuser group_name v3 auth md5 clear auth_passwd priv des56 clear priv_passwd Because the group has a security level of Priv, the user must be configured as a “priv” user to access this group. In this example, the user, privuser, must supply both an authentication password and privacy password to access the OIDs in the view. Note This example shows how to verify the attributes that apply to the SNMP user: RP/0/RSP0/CPU0:router# show snmp user Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 249 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring SNMPv3: ExamplesUser name: privuser Engine ID: localSnmpID storage-type: nonvolatile active Configuring Trap Notifications: Example The following example configures an SNMP agent to send out different types of traps. The configuration includes a v2c user, a noAuthNoPriv user, anauthNoPriv user, and an AuthPriv user. The default User Datagram Protocol (UDP) port is 161. If you do not a specify a UDP port with the udp-port keyword and port argument, then the configured SNMP trap notifications are sent to port 161. Note ! snmp-server host 10.50.32.170 version 2c userv2c udp-port 2345 snmp-server host 10.50.32.170 version 3 auth userV3auth udp-port 2345 snmp-server host 10.50.32.170 version 3 priv userV3priv udp-port 2345 snmp-server host 10.50.32.170 version 3 noauth userV3noauth udp-port 2345 snmp-server user userv2c groupv2c v2c snmp-server user userV3auth groupV3auth v3 auth md5 encrypted 140F0A13 snmp-server user userV3priv groupV3priv v3 auth md5 encrypted 021E1C43 priv des56 encrypted 1110001C snmp-server user userV3noauth groupV3noauth v3 LROwner snmp-server view view_name 1.3 included snmp-server community public RW snmp-server group groupv2c v2c read view_name snmp-server group groupV3auth v3 auth read view_name snmp-server group groupV3priv v3 priv read view_name snmp-server group groupV3noauth v3 noauth read view_name ! This example shows how to verify the configuration SNMP trap notification recipients host, the recipients of SNMP trap notifications. The output displays the following information: • IP address of the configured notification host • UDP port where SNMP notification messages are sent • Type of trap configured • Security level of the configured user • Security model configured config show snmp host Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3auth security model: v3 auth Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3noauth security model: v3 noauth Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3priv security model: v3 priv Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userv2c security model: v2c Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 250 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Configuring Trap Notifications: ExampleSetting an IP Precedence Value for SNMP Traffic: Example The following example shows how to set the SNMP IP Precedence value to 7: configure snmp-server ipv4 precedence 7 exit Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y Setting an IP DSCP Value for SNMP Traffic: Example The following example shows how to set the IP DSCP value of SNMP traffic to 45: configure snmp-server ipv4 dscp 45 exit Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y Additional References The following sections provide references related to Implementing SNMP on Cisco IOS XR software. Related Documents Related Topic Document Title SNMP Server Commands on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR SNMP commands Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Getting started with Cisco IOS XR software Configuring AAA Services on the Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide Cisco IOS XR Quality of Service Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 251 Implementing SNMP on the Cisco ASR 9000 Series Router Setting an IP Precedence Value for SNMP Traffic: ExampleStandards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks RFC 3411 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 3412 Simple Network Management Protocol (SNMP) Applications RFC 3413 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 3414 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) RFC 3415 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) RFC 3416 Transport Mappings for the Simple Network Management Protocol (SNMP) RFC 3417 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) RFC 3418 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 252 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Additional ReferencesTechnical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 253 Implementing SNMP on the Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 254 OL-26081-03 Implementing SNMP on the Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 14 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router This document describes how to periodically transfer selected MIB data from your router to a specified Network Management System (NMS). The periodic MIB data collection and transfer feature is also known as bulk statistics. Table 33: Feature History for Periodic MIB Data Collection and Transfer Release Modification The periodic MIB data collection and transfer feature wasintroduced and supported the IF-MIB only. Release 4.2.0 Release 4.2.1 Additional MIBs were supported. This module contains the following topics: • Prerequisites for Periodic MIB Data Collection and Transfer, page 255 • Information About Periodic MIB Data Collection and Transfer, page 256 • How to Configure Periodic MIB Data Collection and Transfer, page 257 • Periodic MIB Data Collection and Transfer: Example, page 265 Prerequisites for Periodic MIB Data Collection and Transfer To use periodic MIB data collection and transfer, you should be familiar with the Simple Network Management Protocol (SNMP) model of management information. You should also know what MIB information you want to monitor on your network devices, and the OIDs or object names for the MIB objects to be monitored. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 255Information About Periodic MIB Data Collection and Transfer SNMP Objects and Instances A type (or class) of SNMP management information is called an object. A specific instance from a type of management information is called an object instance (or SNMP variable). To configure a bulk statistics collection, you must specify the object types to be monitored using a bulk statistics object list and the specific instances of those objects to be collected using a bulk statistics schema. MIBs, MIB tables, MIB objects, and object indices can all be specified using a series of numbers called an object identifier (OID). OIDs are used in configuring a bulk statistics collection in both the bulk statistics object lists (for general objects) and in the bulk statistics schemas (for specific object instances). Bulk Statistics Object Lists To group the MIB objects to be polled, you need to create one or more object lists. A bulk statistics object list is a user-specified set of MIB objects that share the same MIB index. Object lists are identified using a name that you specify. Named bulk statistics object lists allow the same configuration to be reused in different bulk statistics schemas. All the objects in an object list must share the same MIB index. However, the objects do not need to be in the same MIB and do not need to belong to the same MIB table. For example, it is possible to group ifInOctets and a CISCO-IF-EXTENSION-MIB object in the same schema, because the containing tablesfor both objects are indexed by the ifIndex. Bulk Statistics Schemas Data selection for the Periodic MIB Data Collection and Transfer Mechanism requires the definition of a schema with the following information: • Name of an object list. • Instance (specific instance or series of instances defined using a wild card) that needs to be retrieved for objects in the specified object list. • How often the specified instances need to be sampled (polling interval). The default polling interval is 5 minutes. A bulk statistics schema is also identified using a name that you specify. This name is used when configuring the transfer options. Bulk Statistics Transfer Options After configuring the data to be collected, a single virtual file (VFile or bulk statistics file) with all collected data is created. This file can be transferred to a network management station using FTP or TFTP. You can specify how often this file should be transferred. The default transfer interval is once every 30 minutes. You can also configure a secondary destination for the file to be used if, for whatever reason, the file cannot be transferred to the primary network management station. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 256 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Information About Periodic MIB Data Collection and TransferThe value of the transfer interval is also the collection period (collection interval) for the local bulk statistics file. After the collection period ends, the bulk statistics file is frozen, and a new local bulk statistics file is created for storing data. The frozen bulk statistics file is then transferred to the specified destination. By default, the local bulk statistics file is deleted after successful transfer to an network management station. Benefits of Periodic MIB Data Collection and Transfer Periodic MIB data collection and transfer (bulk statistics feature) allows many of the same functions as the bulk file MIB (CISCO-BULK-FILE-MIB.my), but offers some key advantages. The main advantage is that this feature can be configured through the CLI and does not require an external monitoring application. Periodic MIB data collection and transfer is mainly targeted for medium to high-end platforms that have sufficient local storage (volatile or permanent) to store bulk statistics files. Locally storing bulk statistics files helps minimize loss of data during temporary network outages. This feature also has more powerful data selection features than the bulk file MIB; it allows grouping of MIB objectsfrom different tablesinto data groups(object lists). It also incorporates a more flexible instance selection mechanism, where the application is not restricted to fetching an entire MIB table. How to Configure Periodic MIB Data Collection and Transfer Configuring a Bulk Statistics Object List The first step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one or more object lists. SUMMARY STEPS 1. configure 2. snmp-server mib bulkstat object-list list-name 3. add {oid | object-name} 4. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 257 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Benefits of Periodic MIB Data Collection and TransferCommand or Action Purpose Defines an SNMP bulk statistics object list and enters bulk statistics object list configuration mode. snmp-server mib bulkstat object-list list-name Example: snmp-server mib bulkstat object-list ifMib Step 2 Adds a MIB object to the bulk statistics object list. Repeat as desired until all objects to be monitored in this list are added. add {oid | object-name} Example: RP/0/RSP0/CPU0:router(config-bulk-objects)# Step 3 All the objectsin a bulk statistics object list have to be indexed by the same MIB index. However, the objects in the object list do not need to belong to the same MIB or MIB table. When specifying an object name instead of an OID (using the add command), only object names with mappings shown in the show snmp mib object command output can be used. Note add 1.3.6.1.2.1.2.2.1.11 RP/0/RSP0/CPU0:router(config-bulk-objects)# add ifAdminStatus RP/0/RSP0/CPU0:router(config-bulk-objects)# add ifDescr Step 4 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. What to Do Next Configure a bulk statistics schema. Configuring a Bulk Statistics Schema The second step in configuring periodic MIB data collection and transfer is to configure one or more schemas. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 258 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring a Bulk Statistics SchemaBefore You Begin The bulk statistics object list to be used in the schema must be defined. SUMMARY STEPS 1. configure 2. snmp-server mib bulkstat schema schema-name 3. object-list list-name 4. Do one of the following: • instance exact {interface interface-id [sub-if] | oid oid} • instance wild {interface interface-id [sub-if] | oid oid} • instance range start oid end oid • instance repetition oid max repeat-number 5. poll-interval minutes 6. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 snmp-server mib bulkstatschema schema-name Namesthe bulk statisticsschema and enters bulk statisticsschema mode. Example: RP/0/RSP0/CPU0:router(config)# snmp-server Step 2 mib bulkstat schema intE0 RP/0/RSP0/CPU0:router(config-bulk-sc)# Specifies the bulk statistics object list to be included in this schema. Specify only one object list perschema. If multiple object-list commands are executed, the earlier ones are overwritten by newer commands. object-list list-name Example: RP/0/RSP0/CPU0:router(config-bulk-sc)# object-list ifMib Step 3 Step 4 Do one of the following: Specifies the instance information for objects in this schema: • instance exact {interface interface-id [sub-if] | oid oid} • The instance exact command indicatesthat the specified instance, when appended to the object list, represents the complete OID. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 259 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring a Bulk Statistics SchemaCommand or Action Purpose • The instance wild command indicates that all subindices of the specified OID belong to this schema. The wild keyword allows you to specify a partial, “wild carded” instance. • instance wild {interface interface-id [sub-if] | oid oid} • instance range start oid end oid • The instance range command indicates a range of instances on which to collect data. • instance repetition oid max repeat-number • The instance repetition command indicates data collection to repeat for a certain number of instances of a MIB object. Example: RP/0/RSP0/CPU0:router(config-bulk-sc)# instance wild oid 1 Only one instance command can be configured per schema. If multiple instance commands are executed, the earlier ones are overwritten by new commands. Note or RP/0/RSP0/CPU0:router(config-bulk-sc)# instance exact interface FastEthernet 0/1.25 or RP/0/RSP0/CPU0:router(config-bulk-sc)# instance range start 1 end 2 or RP/0/RSP0/CPU0:router(config-bulk-sc)# instance repetition 1 max 4 Sets how often data should be collected from the object instances specified in thisschema, in minutes. The default is once every 5 minutes. The valid range is from 1 to 20000. poll-interval minutes Example: RP/0/RSP0/CPU0:router(config-bulk-sc)# poll-interval 10 Step 5 Step 6 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 260 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring a Bulk Statistics SchemaWhat to Do Next Configure the bulk statistics transfer options. Configuring Bulk Statistics Transfer Options The final step in configuring periodic MIB data collection and transfer is to configure the transfer options. The collected MIB data are kept in a local file-like entity called a VFile (virtual file, referred to as a bulk statisticsfile in this document). Thisfile can be transferred to a remote network managementstation at intervals you specify. Before You Begin The bulk statistics object lists and bulk statistics schemas must be defined before configuring the bulk statistics transfer options. SUMMARY STEPS 1. configure 2. snmp-server mib bulkstat transfer-id transfer-id 3. buffer-size bytes 4. format {bulkBinary | bulkASCII | schemaASCII} 5. schema schema-name 6. transfer-interval minutes 7. url primary url 8. url secondary url 9. retry number 10. retain minutes 11. enable 12. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 261 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose Identifies the transfer configuration with a name (transfer-id argument) and enters bulk statistics transfer configuration mode. snmp-server mib bulkstat transfer-id transfer-id Example: RP/0/RSP0/CPU0:router(config)# snmp-server mib bulkstat transfer bulkstat1 Step 2 (Optional) Specifies the maximum size for the bulk statistics data file, in bytes. The valid range is from 1024 to 2147483647 bytes. The default buffer size is 2048 bytes. buffer-size bytes Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# buffersize 3072 Step 3 If the maximum buffer size for a bulk statistics file is reached before the transfer interval time expires, all additional data received is deleted. To correct this behavior, you can decrease the polling frequency, or increase the size of the bulk statistics buffer. Note (Optional) Specifies the format of the bulk statistics data file (VFile). The default is schemaASCII. format {bulkBinary | bulkASCII | schemaASCII} Step 4 Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# format schemaASCII Transfers can only be performed using schemaASCII (cdcSchemaASCII) format. SchemaASCII is a human-readable format that contains parser-friendly hintsfor parsing data values. Note Specifies the bulk statistics schema to be transferred. Repeat this command as desired. Multiple schemas can be associated with a single schema schema-name Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# Step 5 transfer configuration; all collected data are placed in a single bulk data file (VFile). schema ATM2/0-IFMIB RP/0/RSP0/CPU0:router(config-bulk-tr)# schema ATM2/0-CAR RP/0/RSP0/CPU0:router(config-bulk-tr)# schema Ethernet2/1-IFMIB (Optional) Specifies how often the bulk statistics file are transferred, in minutes. The default value is once every 30 minutes. The transfer interval is the same as the collection interval. transfer-interval minutes Example: RP/0/RSP0/CPU0:router RP/0/RSP0/CPU0:router(config-bulk-tr)# transfer-interval 20 Step 6 Specifies the network management system (host) that the bulk statistics data file is transferred to, and the protocol to use for transfer. The url primary url Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# url primary ftp://user:password@host/folder/bulkstat1 Step 7 destination is specified as a Uniform Resource Locator (URL). FTP or TFTP can be used for the bulk statistics file transfer. (Optional) Specifies a backup transfer destination and protocol for use in the event that transfer to the primary location fails. FTP or TFTP can be used for the bulk statistics file transfer. url secondary url Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# url secondary tftp://10.1.0.1/tftpboot/user/bulkstat1 Step 8 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 262 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose (Optional) Specifiesthe number of transmission retries. The default value is 0 (in other words, no retries). If an attempt to send the bulk statistics retry number Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# retry 1 Step 9 file fails, the system can be configured to attempt to send the file again using this command. One retry includes an attempt first to the primary destination then, if the transmission fails, to the secondary location. For example, if the retry value is 1, an attempt is made first to the primary URL, then to the secondary URL, then to the primary URL again, then to the secondary URL again. The valid range is from 0 to 100. If all retries fail, the next normal transfer occurs after the configured transfer-interval time. (Optional) Specifies how long the bulk statistics file should be kept in system memory, in minutes, after the completion of the collection interval retain minutes Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# retain 60 Step 10 and a transmission attempt is made. The default value is 0. Zero (0) indicatesthat the file is deleted immediately after the transfer is attempted. The valid range is from 0 to 20000. If the retry command is used, you should configure a retain interval larger than 0. The interval between retries is the retain interval divided by the retry number. For example, if retain 10 and retry 2 are configured, two retries are attempted once every 5 minutes. Therefore, if retain 0 is configured, no retries are attempted. Note Begins the bulk statistics data collection and transfer process for this configuration. enable Example: RP/0/RSP0/CPU0:router(config-bulk-tr)# enable Step 11 • For successful execution of this action, at least one schema with non-zero number of objects must be configured. • Periodic collection and file transfer begins only if this command is configured. Conversely, the no enable command stopsthe collection process. A subsequent enable starts the operations again. • Each time the collection process is started using the enable command, data is collected into a new bulk statistics file. When the no enable command is used, the transfer process for any collected data immediately begins(in other words, the existing bulk statistics file is transferred to the specified management station). Step 12 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 263 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Configuring Bulk Statistics Transfer OptionsCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. What to Do Next If the maximum buffer size for a bulk statistics file is reached before the transfer interval time expires, the transfer operation isstill initiated, but any bulk statistics data received after the file wasfull, and before it wastransferred, are deleted. To correct this behavior, you can decrease the polling frequency, or increase the size of the bulk statistics buffer. If retain 0 is configured, no retries are attempted. This is because the interval between retries is the retain value divided by the retry value. For example, if retain 10 and retry 2 are configured, retries are attempted once every 5 minutes. Therefore, if you configure the retry command, you should also configure an appropriate value for the retain command. Note Monitoring Periodic MIB Data Collection and Transfer SUMMARY STEPS 1. show snmp mib bulkstat transfer transfer-name DETAILED STEPS Command or Action Purpose (Optional) The show command for this feature lists all bulk statistics virtual files (VFiles) on the system that have finished collecting data. (Data files that are not complete are not displayed.) show snmp mib bulkstat transfer transfer-name Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 264 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Monitoring Periodic MIB Data Collection and TransferCommand or Action Purpose The output lists all of the completed local bulk statistics files, the remaining time left before the bulk statistics file is deleted (remaining retention period), and the state of the bulk statistics file. The “STATE” of the bulk statistics file is one of the following: • Queued--Indicates that the data collection for this bulk statistics file is completed (in other words, the transfer interval has been met) and that the bulk statistics file is waiting for transfer to the configured destination(s). • Retry--Indicates that one or more transfer attempts have failed and that the file transfer will be attempted again. The number of retry attempts remaining are displayed in parenthesis. • Retained--Indicates that the bulk statistics file has either been successfully transmitted or that the configured number of retries have been completed. To display only the status of a named transfer (as opposed to all configured transfers), specify the name of the transfer in the transfer-name argument. show snmp mib bulkstat transfer Sample Output RP/0/RSP0/CPU0:router# show snmp mib bulkstat transfer Transfer Name : ifmib Retained files File Name : Time Left (in seconds) :STATE --------------------------------------------------------------------- ifmib_Router_020421_100554683 : 173 : Retry (2 Retry attempt(s) Left) Periodic MIB Data Collection and Transfer: Example This example shows how to configure periodic MIB data collection and transfer: snmp-server mib bulkstat object-list cempo add cempMemPoolName add cempMemPoolType ! snmp-server mib bulkstat schema cempWild object-list cempo instance wild oid 8695772 poll-interval 1 ! snmp-server mib bulkstat schema cempRepeat object-list cempo instance repetition 8695772.1 max 4294967295 poll-interval 1 ! snmp-server mib bulkstat transfer-id cempt1 enable url primary tftp://223.255.254.254/auto/tftp-sjc-users3/dseeniva/dumpdcm schema cempWild schema cempRepeat transfer-interval 2 ! Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 265 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Periodic MIB Data Collection and Transfer: ExampleThis example shows sample bulk statistics file content: Schema-def cempt1.cempWild "%u, %s, %s, %d" Epochtime instanceoid 1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2 cempt1.cempWild: 1339491515, 8695772.1, processor, 2 cempt1.cempWild: 1339491515, 8695772.2, reserved, 11 cempt1.cempWild: 1339491515, 8695772.3, image, 12 cempt1.cempWild: 1339491575, 8695772.1, processor, 2 cempt1.cempWild: 1339491575, 8695772.2, reserved, 11 cempt1.cempWild: 1339491575, 8695772.3, image, 12 Schema-def cempt1.cempRepeat "%u, %s, %s, %d" Epochtime instanceoid 1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2 cempt1.cempRepeat: 1339491515, 8695772.1, processor, 2 cempt1.cempRepeat: 1339491515, 8695772.2, reserved, 11 cempt1.cempRepeat: 1339491515, 8695772.3, image, 12 cempt1.cempRepeat: 1339491515, 26932192.1, processor, 2 cempt1.cempRepeat: 1339491515, 26932192.2, reserved, 11 cempt1.cempRepeat: 1339491515, 26932192.3, image, 12 cempt1.cempRepeat: 1339491515, 35271015.1, processor, 2 cempt1.cempRepeat: 1339491515, 35271015.2, reserved, 11 cempt1.cempRepeat: 1339491515, 35271015.3, image, 12 cempt1.cempRepeat: 1339491515, 36631989.1, processor, 2 cempt1.cempRepeat: 1339491515, 36631989.2, reserved, 11 cempt1.cempRepeat: 1339491515, 36631989.3, image, 12 cempt1.cempRepeat: 1339491515, 52690955.1, processor, 2 cempt1.cempRepeat: 1339491515, 52690955.2, reserved, 11 cempt1.cempRepeat: 1339491515, 52690955.3, image, 12 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 266 OL-26081-03 Configuring Periodic MIB Data Collection and Transfer on the Cisco ASR 9000 Series Router Periodic MIB Data Collection and Transfer: ExampleC H A P T E R 15 Implementing CDP on the Cisco ASR 9000 Series Router Cisco Discovery Protocol (CDP) is a media- and protocol-independent protocol that runs on all Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches. Using CDP, you can view information about all the Cisco devices that are directly attached to the device. This module describesthe new and revised tasks you need to implement CDP on your Cisco IOS XR network. For more information about CDP on the Cisco IOS XR software and complete descriptions of the CDP commandslisted in this module, refer to Related Documents, on page 276. To locate documentation for other commands that might appear in the course of running a configuration task, search online in Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Table 34: Feature History for Implementing CDP on Cisco IOS XR Software Release Modification Release 3.7.2 This feature was introduced. This module contains the following topics: • Prerequisites for Implementing CDP, page 267 • Information About Implementing CDP, page 268 • How to Implement CDP on Cisco IOS XR Software, page 269 • Configuration Examples for Implementing CDP, page 275 • Additional References, page 275 Prerequisites for Implementing CDP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 267Information About Implementing CDP CDP is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. CDP can also be used to display information about the interfaces your router uses. CDP is mediaand protocol-independent, and runs on all equipment manufactured by Cisco, including routers, bridges, access servers, and switches. Use of SNMP with the CDP MIB allows network management applications to learn the device type and the SNMP agent address of neighboring devices and to send SNMP queries to those devices. CDP uses the CISCO-CDP-MIB. CDP runs on all media that support Subnetwork Access Protocol (SNAP), including LAN, Frame Relay, and ATM physical media. CDP runs over the data link layer only. Therefore, two systems that support different network-layer protocols can learn about each other. Each device configured for CDP sends periodic messages, known as advertisements, to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain time-to-live, or hold-time, information, which indicates the length of time a receiving device holds CDP information before discarding it. Each device also listens to the periodic CDP messages sent by others to learn about neighboring devices and determine when their interfaces to the media go up or down. CDP Version-2 (CDPv2) is the most recent release of the protocol and provides more intelligent device tracking features. These features include a reporting mechanism that allows for more rapid error tracking, thereby reducing costly downtime. Reported error messages can be sent to the console or to a logging server, and can cover instances of unmatching native VLAN IDs(IEEE 802.1Q) on connecting ports, and unmatching port duplex states between connecting devices. CDPv2 show commands can provide detailed output on VLAN Trunking Protocol (VTP) management domain and duplex modes of neighbor devices, CDP-related counters, and VLAN IDs of connecting ports. Type-length-value fields (TLVs) are blocks of information embedded in CDP advertisements. Table 35: Type-Length-Value Definitions for CDPv2, on page 268 summarizes the TLV definitions for CDP advertisements. Table 35: Type-Length-Value Definitions for CDPv2 TLV Definition Device-ID TLV Identifies the device name in the form of a character string. Contains a list of network addresses of both receiving and sending devices. Address TLV Port-ID TLV Identifies the port on which the CDP packet is sent. Describes the functional capability for the device in the form of a device type; for example, a switch. Capabilities TLV Contains information about the software release version on which the device is running. Version TLV Describes the hardware platform name of the device, for example, Cisco 4500. Platform TLV Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 268 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Information About Implementing CDPTLV Definition Advertises the system’s configured VTP management domain name-string. Used by network operators to verify VTP domain configuration in adjacent network nodes. VTP Management Domain TLV Indicates, per interface, the assumed VLAN for untagged packets on the interface. CDP learns the native VLAN for an interface. This feature is implemented only for interfaces that support the IEEE 802.1Q protocol. Native VLAN TLV Indicates status (duplex configuration) of CDP broadcast interface. Used by network operatorsto diagnose connectivity problems between adjacent network elements. Full/Half Duplex TLV How to Implement CDP on Cisco IOS XR Software Enabling CDP To enable CDP, you must first enable CDP globally on the router and then enable CDP on a per-interface basis. This task explains how to enable CDP globally on the router and then enable CDP on an interface. SUMMARY STEPS 1. configure 2. cdp 3. interface type interface-path-id 4. cdp 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 269 Implementing CDP on the Cisco ASR 9000 Series Router How to Implement CDP on Cisco IOS XR SoftwareCommand or Action Purpose cdp Enables CDP globally. Example: RP/0/RSP0/CPU0:router(config)# cdp Step 2 interface type interface-path-id Enters interface configuration mode. Example: RP/0/RSP0/CPU0:router(config)# interface pos 0/0/0/1 Step 3 cdp Enables CDP on an interface. Example: RP/0/RSP0/CPU0:router(config-if)# cdp Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Modifying CDP Default Settings This task explains how to modify the default version, hold-time setting, and timer settings. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 270 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Modifying CDP Default SettingsNote The commands can be entered in any order. SUMMARY STEPS 1. configure 2. cdp advertise v1 3. cdp holdtime seconds 4. cdp timer seconds 5. Use one of these commands: • end • commit 6. (Optional) show cdp DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Configures CDP to use only version 1 (CDPv1) in communicating with neighboring devices. cdp advertise v1 Example: RP/0/RSP0/CPU0:router(config)# cdp advertise v1 Step 2 • By default, when CDP is enabled, the router sends CDPv2 packets. CDP also sends and receives CDPv1 packetsif the device with which CDP isinteracting does not process CDPv2 packets. • In this example, the router is configured to send and receive only CDPv1 packets. Specifies the amount of time that the receiving networking device will hold a CDP packet sent from the router before discarding it. cdp holdtime seconds Example: RP/0/RSP0/CPU0:router(config)# cdp holdtime 30 Step 3 • By default, when CDP is enabled, the receiving networking device holds a CDP packet for 180 seconds before discarding it. The CDP hold time must be set to a higher number of seconds than the time between CDP transmissions, which is set with the cdp timer command. Note • In this example, the value of hold-time for the seconds argument is set to 30. Step 4 cdp timer seconds Specifies the frequency at which CDP update packets are sent. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 271 Implementing CDP on the Cisco ASR 9000 Series Router Modifying CDP Default SettingsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config)# cdp timer 20 • By default, when CDP is enabled, CDP update packets are sent at a frequency of once every 60 seconds. Note A lower timersetting causes CDP updatesto be sent more frequently. • In this example, CDP update packets are configured to be sent at a frequency of once every 20 seconds. Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC or mode. RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. (Optional) Displays global CDP information. show cdp Example: RP/0/RSP0/CPU0:router# show cdp Step 6 The output displays the CDP version running on the router, the hold time setting, and the timer setting. Monitoring CDP This task shows how to monitor CDP. Note The commands can be entered in any order. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 272 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Monitoring CDPSUMMARY STEPS 1. show cdp entry {* | entry-name} [protocol | version] 2. show cdp interface [type interface-path-id | location node-id] 3. show cdp neighbors [type interface-path-id | location node-id] [detail] 4. show cdp traffic [location node-id] DETAILED STEPS Command or Action Purpose Displays information about a specific neighboring device or all neighboring devices discovered using CDP. show cdp entry {* | entry-name} [protocol | version] Example: RP/0/RSP0/CPU0:router# show cdp entry * Step 1 Displays information about the interfaces on which CDP is enabled. show cdp interface [type interface-path-id | location node-id] Example: RP/0/RSP0/CPU0:router# show cdp interface pos 0/0/0/1 Step 2 Displays detailed information about neighboring devices discovered using CDP. show cdp neighbors [type interface-path-id | location node-id] [detail] Example: RP/0/RSP0/CPU0:router# show cdp neighbors Step 3 Displaysinformation about the traffic gathered between devices using CDP. show cdp traffic [location node-id] Example: RP/0/RSP0/CPU0:router# show cdp traffic Step 4 Examples The following is sample output for the show cdp neighbors command: RP/0/RSP0/CPU0:router# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID router1 Mg0/0/CPU0/0 177 T S WS-C2924M Fa0/12 router2 PO0/4/0/0 157 R 12008/GRP PO0/4/0/1 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 273 Implementing CDP on the Cisco ASR 9000 Series Router Monitoring CDPThe following is sample output for the show cdp neighbors command. In this example, the optional type instance arguments are used in conjunction with the detail optional keyword to display detailed information about a CDP neighbor. The output includes information on both IPv4 and IPv6 addresses. RP/0/RSP0/CPU0:router# show cdp neighbors POS 0/4/0/0 detail ------------------------- Device ID: uut-user SysName : uut-user Entry address(es): IPv4 address: 1.1.1.1 IPv6 address: 1::1 IPv6 address: 2::2 Platform: cisco 12008/GRP, Capabilities: Router Interface: POS0/4/0/3 Port ID (outgoing port): POS0/2/0/3 Holdtime : 177 sec Version : Cisco IOS XR Software, Version 0.0.0[Default] Copyright (c) 2005 by cisco Systems, Inc. advertisement version: 2 The following is sample output for the show cdp entry command. In this example, the optional entry argument is used to display entry information related to a specific CDP neighbor. RP/0/RSP0/CPU0:router# show cdp entry router2 advertisement version: 2 ------------------------- Device ID: router2 SysName : router2 Entry address(es): Platform: cisco 12008/GRP, Capabilities: Router Interface: POS0/4/0/0 Port ID (outgoing port): POS0/4/0/1 Holdtime : 145 sec Version : Cisco IOS XR Software, Version 0.48.0[Default] Copyright (c) 2004 by cisco Systems, Inc. advertisement version: 2 The following is sample output for the show cdp interface command. In this example, CDP information related to Packet over SONET/SDH (POS) interface 0/4/0/0 is displayed. RP/0/RSP0/CPU0:router# show cdp interface pos 0/4/0/0 POS0/4/0/0 is Up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds The following is sample output for the show cdp traffic command: RP/0/RSP0/CPU0:router# show cdp traffic CDP counters : Packets output: 194, Input: 99 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Truncated: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 194, Input: 99 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 274 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Monitoring CDPUnrecognize Hdr version: 0, File open failed: 0 The following is sample output for the show cdp traffic command. In this example, the optional location keyword and node-id argument are used to display information about the traffic gathered between devices using CDP from the specified node. RP/0/RSP0/CPU0:router# show cdp traffic location 0/4/cpu0 CDP counters : Packets output: 16, Input: 13 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Truncated: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 16, Input: 13 Unrecognize Hdr version: 0, File open failed: 0 Configuration Examples for Implementing CDP Enabling CDP: Example The following example shows how to configure CDP globally and then enable CDP on Packet over SONET/SDH (POS) interface 0/3/0/0: cdp interface POS0/3/0/0 cdp Modifying Global CDP Settings: Example The following example shows how to modify global CDP settings. In this example, the timer setting is set to 20 seconds, the hold-time setting is set to 30 seconds, and the version of CDP used to communicate with neighboring devices is set to CDPv1: cdp timer 20 cdp holdtime 30 cdp advertise v1 The following example shows how to use the show cdp command to verify the CDP global settings: RP/0/RSP0/CPU0:router# show cdp Global CDP information: Sending CDP packets every 20 seconds Sending a holdtime value of 30 seconds Sending CDPv2 advertisements is not enabled Additional References The following sections provide references related to implementing CDP on Cisco IOS XR software. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 275 Implementing CDP on the Cisco ASR 9000 Series Router Configuration Examples for Implementing CDPRelated Documents Related Topic Document Title CDP Commands on Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco IOS XR CDP commands Cisco ASR 9000 Series Aggregation Services Router Commands Master List Cisco IOS XR commands Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Getting started with Cisco IOS XR Software Configuring AAA Services on Cisco IOS XR Software module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Information about user groups and task IDs Standards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing RFCs has not been modified by this feature. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 276 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Additional ReferencesTechnical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 277 Implementing CDP on the Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x 278 OL-26081-03 Implementing CDP on the Cisco ASR 9000 Series Router Additional ReferencesI N D E X A access-group command 176, 177 admin configure command 3, 5, 32, 46, 49, 60, 84, 86, 87, 114, 119, 126 admin-config submode, See admin configure command alert group 152, 160 asdf 5 associating an alert group with 160 authenticate command 178 authentication-key command 178 B broadcast client command 174, 175 broadcast command 174, 175 broadcastdelay command 174 bulk statistics 255, 256, 258 object lists 256 prerequisites 255 schema 256, 258 transfer options 256 C call home 154 smart call home feature 154 Call Home 151, 152, 155, 158, 160, 163, 165 alert group 152 contact information 155 configure 155 destination profile 158, 160 associating an alert group with 160 configure and activate 158 email 163 configure 163 enable 165 introduction 151 Call Home messages 153 configuring levels 153 CDP 268, 269, 270, 272 enabling 269 functional overview 268 modifying default settings 270 monitoring 272 cdp (global) command 269, 270 cdp (interface) command 269, 270 cdp advertise v1 command 271 cdp holdtime command 271 cdp timer command 271 Cisco IOS XR Software Selector tool 28 committing packages 49 config-register command 113, 114 controllers command 115 copy ftp command 30 copy rcp command 30 copy tftp command 30 CPU controller bits 119 D Designated Shelf Controller, See DSC destination profile for Call Home 158 configure and activate 158 drives, formatting 115 DSC 12 definition 12 F field programmable device (FPD) images 42, 46 field programmable devices 123 See FPD images 123 File Transfer Protocol (FTP) 29 format command 115 formatting drives 115 FPD images 42, 46, 123, 124, 126, 127, 128, 140, 141 troubleshooting 140, 141 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 IN-1FPD images (continued) upgrade 127, 128 verifying 128 description 123 displaying 126, 127 default information 127 minimum and current versions 126 overview for SPAs 124 upgrade 127, 128 FPGA 124 devices, methods of upgrading 124 FTP 29 H hardware 92 displaying status 92 hw-module reload command 126, 128 I install activate command 42, 44, 51, 52 install rollback to committed command 62, 64 install verify packages command 32, 33 interface preconfigure command 117, 118 L line card 117, 118 removal 117 replacement 118 line command 210 line console command 210, 213 line default command 210 line template command 210, 214, 215 line template configuration submode 210 See also line command description 210 See also line command M master command 183 MIB data collection 255 prerequisites 255 MIB object 256 MIB, description 225 N node 111 power cycle 111 reload 111 shutdown 111 NTP 171, 173, 176, 177, 179, 181, 182, 184 configuring an authoritative NTP server 182 configuring broadcast-based NTP associations 173 configuring NTP access groups 176 configuring NTP authentication 177 configuring poll-based associations 171 configuring the source IP address 181 disabling NTP services on an interface 179 updating the hardware clock 184 O object identifier 256 object instance 256 object lists 256 bulk statistics 256 OID 256 online insertion and removal, See OIR P package 21, 22, 49, 57 addition, introduction 21 deactivation 57 rollback 22 set 49 committing 49 periodic mib data collection and transfer 255 physical terminals 210, 211, 212 aux line template 212 modifying 212 console line template 210, 212 description 210 modifying 212 default line template 210, 212 description 210 modifying 212 line template configuration submode, description 210 line template guidelines 211 PIE files 19 names 19 version numbers 19 PLIM 118 replacement 118 different media type 118 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x IN-2 OL-26081-03 IndexPLIM (continued) replacement (continued) same media type and port count 118 same media type, different port count 118 power cycle 111 R rcp 29 redundancy 108, 109, 110 commands 109 manual switchover 110 primary RP 108 standby RP 109 redundancy switchover command 110 reload command 110, 113 reloading software 111 Remote Copy Protocol (rcp) 29 RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks 252 RFC 3412, Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 252 RFC 3413, Simple Network Management Protocol (SNMP) Applications 252 RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) 252 RFC 3415, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) 252 RFC 3416, Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) 252 RFC 3417, Transport Mappings for the Simple Network Management Protocol (SNMP) 252 RFC 3418, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 252 rollback 22, 62, 63, 64 packages 22, 62, 63, 64 displaying rollback points 62 introduction 22 last committed set 64 rolling back to points 63 ROM Monitor mode 16 RP reload 110 S sample output 128, 130, 139, 140 schema 256 bulk statistics 256 server command 172 SFTP 29 show cdp command 271, 272 show cdp entry command 273 show cdp interface command 273 show cdp neighbors command 273 show cdp traffic command 273 show clock command 32, 34 show controllers command 115 show diag command 92, 95 show environment command 101 show fpd package command 126, 127, 130 show hw-module fpd command 126, 128 show hw-module subslot command 126, 128 show install active command 32 show install pie-info command 32, 33 show install rollback command 62, 63 show interfaces command 117 show line command 216, 217 show platform command 100, 140 administration EXEC mode 100 show redundancy command 104, 113, 114 show running-config command 117 show snmp command 232, 234 show snmp engineid command 232, 234 show snmp group command 232, 234 show snmp host command 235, 236 show snmp users command 232, 234 show snmp view command 232, 234 show system verify command 32, 33, 42, 46, 58, 59 show terminal command 216, 217 show users command 216, 217 show variables boot command 113, 114 show version command 98 shutting down a node 111 smart call home 154 description 154 registration requirements 154 Transport Gateway (TG) aggregation point 154 SMARTnet 154 smart call home registration 154 SMU 17 filenames 17 version numbers 17 SNMP (Simple Network Management Protocol) 224, 225, 226, 227, 228, 229, 230, 231, 234 manager, description 224 agent, description 224 MIB, description 225 trap notifications 234 configuring 234 versions 226, 227, 228, 229, 230, 231 security models and levels 228 SNMPv1,v2c, and v3 comparison 227 SNMPv3 benefits 229 SNMPv3 costs 230 SNMPv3, configuring 231 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x OL-26081-03 IN-3 Indexsnmp-server chassis-id command 237, 238 snmp-server contact command 237 snmp-server enable traps command 235, 236 snmp-server engineid local command 232, 235 snmp-server group command 232, 233, 235 snmp-server host command 235, 236 snmp-server ipv4 dscp command 242 snmp-server ipv4 precedence command 242 snmp-server location command 237 snmp-server packetsize command 239 snmp-server queue-length command 240 snmp-server trap source command 240 snmp-server trap-timeout command 240, 241 snmp-server user command 232, 233, 235 snmp-server view command 232 software packages 17, 19, 20, 23, 24, 27, 28, 49, 63, 64 activation 24, 27 impact on system 24 prerequisites 27 Cisco IOS XR Software Selector tool 28 committing 49 deactivation 24, 27 impact on system 24 prerequisites 27 downgrading 23 impact of version changes 24 management overview 20 rollback 63, 64 SMUs 17 upgrading 23 version numbers 19 source command 181, 182 SPA (shared port adapter) 124, 125 See also FPD images See also FPD images 124 SPA (shared port adapter) (continued) See also FPD images SSH File Transfer Protocol 29 T TFTP 29 trap notifications 225 Trivial File Transfer Protocol (TFTP) 29 trusted-key command 178, 179 U update-calendar command 184, 185 upgrade cpuctrlbits command 119 upgrade hw-module fpd command 126, 127, 139 V virtual terminals 210, 212, 214 default line template 210, 212 description 210 modifying 212 line template configuration submode 210 description 210 user-defined line templates 210 description 210 vty pools 212, 214 description 212 creating 214 modifying 214 vm files 16 Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 4.2.x IN-4 OL-26081-03 Index Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-26048-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S P r e f a c e Preface xxi Changes to This Document xxi Obtaining Documentation and Submitting a Service Request xxi C H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router 1 Prerequisites for Implementing BGP 2 Information About Implementing BGP 3 BGP Functional Overview 3 BGP Router Identifier 3 BGP Default Limits 4 BGP Next Hop Tracking 4 Scoped IPv4/VPNv4 Table Walk 6 Reordered Address Family Processing 6 New Thread for Next-Hop Processing 6 show, clear, and debug Commands 6 Autonomous System Number Formats in BGP 7 2-byte Autonomous System Number Format 7 4-byte Autonomous System Number Format 7 as-format Command 7 BGP Configuration 7 Configuration Modes 7 Router Configuration Mode 8 Router Address Family Configuration Mode 8 Neighbor Configuration Mode 8 Neighbor Address Family Configuration Mode 8 VRF Configuration Mode 8 VRF Address Family Configuration Mode 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 iiiVRF Neighbor Configuration Mode 9 VRF Neighbor Address Family Configuration Mode 9 VPNv4 Address Family Configuration Mode 9 L2VPN Address Family Configuration Mode 9 Neighbor Submode 9 Configuration Templates 10 Template Inheritance Rules 12 Viewing Inherited Configurations 15 show bgp neighbors 15 show bgp af-group 16 show bgp session-group 18 show bgp neighbor-group 18 No Default Address Family 20 Routing Policy Enforcement 20 Table Policy 22 Update Groups 22 BGP Update Generation and Update Groups 23 BGP Update Group 23 BGP Cost Community 23 How BGP Cost Community Influences the Best Path Selection Process 23 Cost Community Support for Aggregate Routes and Multipaths 24 Influencing Route Preference in a Multiexit IGP Network 26 BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links 26 Adding Routes to the Routing Information Base 27 BGP Best Path Algorithm 28 Comparing Pairs of Paths 28 Order of Comparisons 30 Best Path Change Suppression 31 Administrative Distance 31 Multiprotocol BGP 33 Route Dampening 35 Minimizing Flapping 36 BGP Routing Domain Confederation 36 BGP Route Reflectors 36 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x iv OL-26048-02 ContentsDefault Address Family for show Commands 40 Distributed BGP 40 MPLS VPN Carrier Supporting Carrier 41 BGP Keychains 42 BGP Nonstop Routing 42 BGP Prefix Independent Convergence Unipath Primary/Backup 43 BGP Local Label Retention 44 Command Line Interface (CLI) Consistency for BGP Commands 44 BGP Additional Paths 44 iBGP Multipath Load Sharing 45 Accumulated Interior Gateway Protocol Attribute 45 Per VRF and Per CE Label for IPv6 Provider Edge 46 IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 46 IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 46 IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 47 Remove and Replace Private AS Numbers from AS Path in BGP 47 Selective VRF Download 48 Line Card Roles and Filters 48 BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 49 BFD Multihop Support for BGP 49 BGP Multi-Instance/Multi-AS Support 49 BGP Prefix Origin Validation Based on RPKI 49 BGP 3107 PIC Updates for Global Prefixes 50 BGP Prefix Independent Convergence for RIB and FIB 51 How to Implement BGP on Cisco IOS XR Software 51 Enabling BGP Routing 51 Configuring a Routing Domain Confederation for BGP 55 Resetting an eBGP Session Immediately Upon Link Failure 57 Logging Neighbor Changes 57 Adjusting BGP Timers 57 Changing the BGP Default Local Preference Value 59 Configuring the MED Metric for BGP 60 Configuring BGP Weights 62 Tuning the BGP Best-Path Calculation 64 Indicating BGP Back-door Routes 66 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 v ContentsConfiguring Aggregate Addresses 67 Redistributing iBGP Routes into IGP 69 Redistributing Prefixes into Multiprotocol BGP 71 Configuring BGP Route Dampening 73 Applying Policy When Updating the Routing Table 78 Setting BGP Administrative Distance 80 Configuring a BGP Neighbor Group and Neighbors 82 Configuring a Route Reflector for BGP 85 Configuring BGP Route Filtering by Route Policy 87 Configuring BGP Next-Hop Trigger Delay 89 Disabling Next-Hop Processing on BGP Updates 91 Configuring BGP Community and Extended-Community Advertisements 93 Configuring the BGP Cost Community 95 Configuring Software to Store Updates from a Neighbor 99 Configuring Distributed BGP 101 Configuring a VPN Routing and Forwarding Instance in BGP 104 Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers 104 Configuring the Route Distinguisher 106 Configuring PE-PE or PE-RR Interior BGP Sessions 108 Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities 111 Configuring BGP as a PE-CE Protocol 113 Redistribution of IGPs to BGP 118 Configuring Keychains for BGP 121 Disabling a BGP Neighbor 123 Resetting Neighbors Using BGP Inbound Soft Reset 124 Resetting Neighbors Using BGP Outbound Soft Reset 125 Resetting Neighbors Using BGP Hard Reset 126 Clearing Caches, Tables, and Databases 127 Displaying System and Network Statistics 128 Displaying BGP Process Information 129 Monitoring BGP Update Groups 131 Configuring BGP Nonstop Routing 132 Installing Primary Backup Path for Prefix Independent Convergence (PIC) 133 Retaining Allocated Local Label for Primary Path 135 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x vi OL-26048-02 ContentsConfiguring BGP Additional Paths 137 Configuring iBGP Multipath Load Sharing 139 Originating Prefixes with AiGP 141 Enabling BGP Unequal Cost Recursive Load Balancing 143 Configuring RPKI Cache 146 Configuring RPKI Prefix Validation 149 Configuring RPKI Bestpath Computation 150 Configuration Examples for Implementing BGP 152 Enabling BGP: Example 152 Displaying BGP Update Groups: Example 153 BGP Neighbor Configuration: Example 154 BGP Confederation: Example 155 BGP Route Reflector: Example 157 BGP Nonstop Routing Configuration: Example 157 Primary Backup Path Installation: Example 157 Allocated Local Label Retention: Example 157 iBGP Multipath Loadsharing Configuration: Example 158 Configuring BGP Additional Paths: Example 158 Originating Prefixes With AiGP: Example 158 BGP Unequal Cost Recursive Load Balancing: Example 159 Where to Go Next 161 Additional References 161 C H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router 165 Prerequisites for Implementing EIGRP 166 Restrictions for Implementing EIGRP 166 Information About Implementing EIGRP 166 EIGRP Functional Overview 166 EIGRP Features 167 EIGRP Components 167 EIGRP Configuration Grouping 168 EIGRP Configuration Modes 168 EIGRP Interfaces 169 Redistribution for an EIGRP Process 169 Metric Weights for EIGRP Routing 170 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 vii ContentsMismatched K Values 170 Goodbye Message 171 Percentage of Link Bandwidth Used for EIGRP Packets 171 Floating Summary Routes for an EIGRP Process 171 Split Horizon for an EIGRP Process 173 Adjustment of Hello Interval and Hold Time for an EIGRP Process 174 Stub Routing for an EIGRP Process 174 Route Policy Options for an EIGRP Process 175 EIGRP Layer 3 VPN PE-CE Site-of-Origin 176 Router Interoperation with the Site-of-Origin Extended Community 176 EIGRP v4/v6 Authentication Using Keychain 177 How to Implement EIGRP 177 Enabling EIGRP Routing 177 Configuring Route Summarization for an EIGRP Process 180 Redistributing Routes for EIGRP 182 Creating a Route Policy and Attaching It to an EIGRP Process 184 Configuring Stub Routing for an EIGRP Process 187 Configuring EIGRP as a PE-CE Protocol 189 Redistributing BGP Routes into EIGRP 192 Monitoring EIGRP Routing 194 Configuring an EIGRP Authentication Keychain 197 Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF 198 Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF 199 Configuration Examples for Implementing EIGRP 201 Configuring a Basic EIGRP Configuration: Example 201 Configuring an EIGRP Stub Operation: Example 202 Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example 202 Configuring an EIGRP Authentication Keychain: Example 203 Additional References 203 C H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router 205 Prerequisites for Implementing IS-IS 206 Restrictions for Implementing IS-IS 206 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x viii OL-26048-02 ContentsInformation About Implementing IS-IS 206 IS-IS Functional Overview 206 Key Features Supported in the Cisco IOS XR IS-IS Implementation 207 IS-IS Configuration Grouping 207 IS-IS Configuration Modes 207 Router Configuration Mode 207 Router Address Family Configuration Mode 208 Interface Configuration Mode 208 Interface Address Family Configuration Mode 208 IS-IS Interfaces 208 Multitopology Configuration 209 IPv6 Routing and Configuring IPv6 Addressing 209 Limit LSP Flooding 209 Flood Blocking on Specific Interfaces 209 Mesh Group Configuration 210 Maximum LSP Lifetime and Refresh Interval 210 Single-Topology IPv6 Support 210 Multitopology IPv6 Support 210 IS-IS Authentication 210 Nonstop Forwarding 211 Multi-Instance IS-IS 212 Multiprotocol Label Switching Traffic Engineering 212 Overload Bit on Router 212 Overload Bit Configuration During Multitopology Operation 213 IS-IS Overload Bit Avoidance 213 Default Routes 213 Attached Bit on an IS-IS Instance 214 IS-IS Support for Route Tags 214 Multicast-Intact Feature 214 Multicast Topology Support Using IS-IS 215 MPLS Label Distribution Protocol IGP Synchronization 215 MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart 215 MPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding 216 Label Distribution Protocol IGP Auto-configuration 216 MPLS TE Forwarding Adjacency 216 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 ix ContentsMPLS TE Interarea Tunnels 216 IP Fast Reroute 217 How to Implement IS-IS 217 Enabling IS-IS and Configuring Level 1 or Level 2 Routing 217 Configuring Single Topology for IS-IS 219 Configuring Multitopology Routing 225 Restrictions for Configuring Multitopology Routing 225 Information About Multitopology Routing 225 Configuring a Global Topology and Associating It with an Interface 225 Enabling an IS-IS Topology 227 Placing an Interface in a Topology in IS-IS 229 Configuring a Routing Policy 230 Configuring Multitopology for IS-IS 232 Controlling LSP Flooding for IS-IS 232 Configuring Nonstop Forwarding for IS-IS 236 Configuring Authentication for IS-IS 239 Configuring Keychains for IS-IS 241 Configuring MPLS Traffic Engineering for IS-IS 243 Tuning Adjacencies for IS-IS 246 Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration 249 Customizing Routes for IS-IS 252 Configuring MPLS LDP IS-IS Synchronization 255 Enabling Multicast-Intact 256 Tagging IS-IS Interface Routes 258 Setting the Priority for Adding Prefixes to the RIB 260 Configuring IP/LDP Fast Reroute 262 Configuring IS-IS Overload Bit Avoidance 266 Configuration Examples for Implementing IS-IS 266 Configuring Single-Topology IS-IS for IPv6: Example 267 Configuring Multitopology IS-IS for IPv6: Example 267 Redistributing IS-IS Routes Between Multiple Instances: Example 267 Tagging Routes: Example 268 Configuring IS-IS Overload Bit Avoidance: Example 268 Where to Go Next 269 Additional References 269 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x x OL-26048-02 ContentsC H A P T E R 4 Implementing OSPF on Cisco ASR 9000 Series Router 273 Prerequisites for Implementing OSPF 274 Information About Implementing OSPF 274 OSPF Functional Overview 275 Key Features Supported in the Cisco IOS XR Software OSPF Implementation 276 Comparison of Cisco IOS XR Software OSPFv3 and OSPFv2 276 OSPF Hierarchical CLI and CLI Inheritance 277 OSPF Routing Components 277 Autonomous Systems 278 Areas 278 Backbone Area 279 Stub Area 279 Not-so-Stubby Area 279 Routers 279 Area Border Routers 279 Autonomous System Boundary Routers (ASBR) 280 Interior Routers 280 OSPF Process and Router ID 280 Supported OSPF Network Types 281 Route Authentication Methods for OSPF 281 Plain Text Authentication 281 MD5 Authentication 281 Authentication Strategies 281 Key Rollover 282 Neighbors and Adjacency for OSPF 282 Designated Router (DR) for OSPF 282 Default Route for OSPF 282 Link-State Advertisement Types for OSPF Version 2 283 Link-State Advertisement Types for OSPFv3 283 Virtual Link and Transit Area for OSPF 285 OSPFv2 Sham Link Support for MPLS VPN 285 OSPF SPF Prefix Prioritization 287 Route Redistribution for OSPF 289 OSPF Shortest Path First Throttling 289 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xi ContentsNonstop Forwarding for OSPF Version 2 290 Graceful Restart for OSPFv3 290 Modes of Graceful Restart Operation 291 Restart Mode 291 Helper Mode 291 Graceful Restart Requirements and Restrictions 292 Warm Standby and Nonstop Routing for OSPF Version 2 293 Warm Standby for OSPF Version 3 293 Multicast-Intact Support for OSPF 293 Load Balancing in OSPF Version 2 and OSPFv3 294 Multi-Area Adjacency for OSPF Version 2 294 Label Distribution Protocol IGP Auto-configuration for OSPF 295 OSPF Authentication Message Digest Management 295 GTSM TTL Security Mechanism for OSPF 296 Path Computation Element for OSPFv2 296 OSPF IP Fast Reroute Loop Free Alternate 296 Management Information Base (MIB) for OSPFv3 297 How to Implement OSPF 297 Enabling OSPF 297 Configuring Stub and Not-So-Stubby Area Types 300 Configuring Neighbors for Nonbroadcast Networks 303 Configuring Authentication at Different Hierarchical Levels for OSPF Version 2 308 Controlling the Frequency That the Same LSA Is Originated or Accepted for OSPF 312 Creating a Virtual Link with MD5 Authentication to Area 0 for OSPF 314 Examples 318 Summarizing Subnetwork LSAs on an OSPF ABR 319 Redistributing Routes from One IGP into OSPF 321 Configuring OSPF Shortest Path First Throttling 324 Examples 327 Configuring Nonstop Forwarding Specific to Cisco for OSPF Version 2 327 Configuring OSPF Version 2 for MPLS Traffic Engineering 330 Examples 333 Configuring OSPFv3 Graceful Restart 334 Displaying Information About Graceful Restart 336 Configuring an OSPFv2 Sham Link 337 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xii OL-26048-02 ContentsEnabling Nonstop Routing for OSPFv2 341 Enabling Nonstop Routing for OSPFv3 342 Configuring OSPF SPF Prefix Prioritization 343 Enabling Multicast-intact for OSPFv2 346 Associating Interfaces to a VRF 347 Configuring OSPF as a Provider Edge to Customer Edge (PE-CE) Protocol 349 Creating Multiple OSPF Instances (OSPF Process and a VRF) 352 Configuring Multi-area Adjacency 354 Configuring Label Distribution Protocol IGP Auto-configuration for OSPF 356 Configuring LDP IGP Synchronization: OSPF 358 Configuring Authentication Message Digest Management for OSPF 359 Examples 361 Configuring Generalized TTL Security Mechanism (GTSM) for OSPF 363 Examples 365 Verifying OSPF Configuration and Operation 366 Configuring IP Fast Reroute Loop-free Alternate 368 Enabling IPFRR LFA 368 Excluding an Interface From IP Fast Reroute Per-link Computation 370 Configuration Examples for Implementing OSPF 371 Cisco IOS XR Software for OSPF Version 2 Configuration: Example 371 CLI Inheritance and Precedence for OSPF Version 2: Example 372 MPLS TE for OSPF Version 2: Example 373 ABR with Summarization for OSPFv3: Example 374 ABR Stub Area for OSPFv3: Example 374 ABR Totally Stub Area for OSPFv3: Example 374 Configuring OSPF SPF Prefix Prioritization: Example 374 Route Redistribution for OSPFv3: Example 375 Virtual Link Configured Through Area 1 for OSPFv3: Example 376 Virtual Link Configured with MD5 Authentication for OSPF Version 2: Example 376 VPN Backbone and Sham Link Configured for OSPF Version 2: Example 377 Where to Go Next 378 Additional References 378 C H A P T E R 5 Implementing and Monitoring RIB on Cisco ASR 9000 Series Router 381 Prerequisites for Implementing RIB 382 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xiii ContentsInformation About RIB Configuration 382 Overview of RIB 382 RIB Data Structures in BGP and Other Protocols 382 RIB Administrative Distance 383 RIB Support for IPv4 and IPv6 383 RIB Statistics 384 IPv6 Provider Edge IPv6 and IPv6 VPN Provider Edge Transport over MPLS 384 RIB Quarantining 384 Route and Label Consistency Checker (RCC and LCC) 385 System-wide Route Prioritization for IOS XR Software 386 How to Deploy and Monitor RIB 386 Verifying RIB Configuration Using the Routing Table 386 Verifying Networking and Routing Problems 387 Disabling RIB Next-hop Dampening 389 Configuring RCC and LCC 390 Enabling RCC and LCC On-demand Scan 390 Enabling RCC and LCC Background Scan 391 Configuration Examples for RIB Monitoring 393 Output of show route Command: Example 394 Output of show route backup Command: Example 394 Output of show route best-local Command: Example 394 Output of show route connected Command: Example 395 Output of show route local Command: Example 395 Output of show route longer-prefixes Command: Example 395 Output of show route next-hop Command: Example 395 Enabling RCC and LCC: Example 396 Where to Go Next 396 Additional References 397 C H A P T E R 6 Implementing RIP on Cisco ASR 9000 Series Router 399 Prerequisites for Implementing RIP 400 Information About Implementing RIP 400 RIP Functional Overview 400 Split Horizon for RIP 401 Route Timers for RIP 401 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xiv OL-26048-02 ContentsRoute Redistribution for RIP 401 Default Administrative Distances for RIP 402 Routing Policy Options for RIP 403 Authentication Using Keychain in RIP 403 In-bound RIP Traffic on an Interface 404 Out-bound RIP Traffic on an Interface 405 How to Implement RIP 405 Enabling RIP 405 Customizing RIP 407 Control Routing Information 410 Creating a Route Policy for RIP 413 Configuring RIP Authentication Keychain 415 Configuring RIP Authentication Keychain for IPv4 Interface on a Non-default VRF 415 Configuring RIP Authentication Keychain for IPv4 Interface on Default VRF 417 Configuration Examples for Implementing RIP 419 Configuring a Basic RIP Configuration: Example 419 Configuring RIP on the Provider Edge: Example 420 Adjusting RIP Timers for each VRF Instance: Example 420 Configuring Redistribution for RIP: Example 421 Configuring Route Policies for RIP: Example 421 Configuring Passive Interfaces and Explicit Neighbors for RIP: Example 422 Controlling RIP Routes: Example 422 Configuring RIP Authentication Keychain: Example 422 Additional References 423 C H A P T E R 7 Implementing Routing Policy on Cisco ASR 9000 Series Router 425 Prerequisites for Implementing Routing Policy 426 Restrictions for Implementing Routing Policy 426 Information About Implementing Routing Policy 427 Routing Policy Language 427 Routing Policy Language Overview 427 Routing Policy Language Structure 427 Names 428 Sets 428 as-path-set 429 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xv Contentscommunity-set 430 extcommunity-set 431 prefix-set 434 Enhanced Prefix-length Manipulation 435 rd-set 435 Routing Policy Language Components 436 Routing Policy Language Usage 436 Routing Policy Configuration Basics 438 Policy Definitions 438 Parameterization 439 Parameterization at Attach Points 440 Global Parameterization 441 Semantics of Policy Application 441 Boolean Operator Precedence 441 Multiple Modifications of the Same Attribute 442 When Attributes Are Modified 443 Default Drop Disposition 443 Control Flow 443 Policy Verification 444 Range Checking 444 Incomplete Policy and Set References 444 Attached Policy Modification 445 Verification of Attribute Comparisons and Actions 445 Policy Statements 445 Remark 446 Disposition 446 Action 448 If 448 Boolean Conditions 449 apply 450 Attach Points 450 BGP Policy Attach Points 451 Aggregation 451 Dampening 452 Default Originate 453 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xvi OL-26048-02 ContentsNeighbor Export 453 Neighbor Import 454 Network 454 Redistribute 454 Show BGP 455 Table Policy 456 Import 457 Export 457 Retain Route-Target 458 Allocate-Label 459 Neighbor-ORF 459 Next-hop 460 Clear-Policy 460 Debug 460 BGP Attributes and Operators 461 OSPF Policy Attach Points 475 Default-Information Originate 475 Redistribute 475 Area-in 476 Area-out 476 OSPF Attributes and Operators 477 OSPFv3 Policy Attach Points 478 Default-Information Originate 478 Redistribute 478 OSPFv3 Attributes and Operators 479 IS-IS Policy Attach Points 479 Redistribute 479 Default-Information Originate 480 Inter-area-propagate 480 IS-IS Attributes and Operators 480 EIGRP Policy Attach Points 481 Default-Accept-In 481 Default-Accept-Out 482 Policy-In 482 Policy-Out 482 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xvii ContentsIf-Policy-In 483 If-Policy-Out 483 Redistribute 483 EIGRP Attributes and Operators 483 RIP Policy Attach Points 485 Default-Information Originate 485 Redistribute 485 Global-Inbound 486 Global-Outbound 486 Interface-Inbound 486 Interface-Outbound 486 RIP Attributes and Operators 486 PIM Policy Attach Points 488 Attached Policy Modification 488 Nonattached Policy Modification 488 Editing Routing Policy Configuration Elements 488 Editing Routing Policy Configuration Elements Using the Nano Editor 489 Editing Routing Policy Configuration Elements Using the Emacs Editor 489 Editing Routing Policy Configuration Elements Using the Vim Editor 490 Editing Routing Policy Configuration Elements Using the CLI 490 Editing Routing Policy Language set elements Using XML 490 Hierarchical Conditions 491 Apply Condition Policies 491 Nested Wildcard Apply Policy 492 How to Implement Routing Policy 492 Defining a Route Policy 492 Attaching a Routing Policy to a BGP Neighbor 494 Modifying a Routing Policy Using a Text Editor 496 Configuration Examples for Implementing Routing Policy 497 Routing Policy Definition: Example 497 Simple Inbound Policy: Example 497 Modular Inbound Policy: Example 498 Additional References 499 C H A P T E R 8 Implementing Static Routes on Cisco ASR 9000 Series Router 501 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xviii OL-26048-02 ContentsPrerequisites for Implementing Static Routes 502 Information About Implementing Static Routes 502 Static Route Functional Overview 502 Default Administrative Distance 502 Directly Connected Routes 503 Recursive Static Routes 503 Fully Specified Static Routes 504 Floating Static Routes 504 Default VRF 504 IPv4 and IPv6 Static VRF Routes 504 Dynamic ECMP Support for IGP Prefixes 505 How to Implement Static Routes 505 Configuring a Static Route 505 Configuring a Floating Static Route 507 Configuring Static Routes Between PE-CE Routers 508 Changing the Maximum Number of Allowable Static Routes 510 Associating a VRF with a Static Route 512 Enabling Object Tracking for Static Routes 514 Configuration Examples 516 Configuring Traffic Discard: Example 516 Configuring a Fixed Default Route: Example 516 Configuring a Floating Static Route: Example 516 Configuring a Static Route Between PE-CE Routers: Example 516 Additional References 517 C H A P T E R 9 Implementing RCMD on Cisco ASR 9000 Series Router 519 Route Convergence Monitoring and Diagnostics 519 Configuring Route Convergence Monitoring and Diagnostics 520 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xix Contents Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xx OL-26048-02 ContentsPreface The Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide preface contains these sections: • Changes to This Document, page xxi • Obtaining Documentation and Submitting a Service Request, page xxi Changes to This Document This table lists the technical changes made to this document since it was first printed. Table 1: Changes to This Document Revision Date Change Summary Republished with documentation updates for Cisco IOS XR Release 4.2.1 features. OL-26048-02 June, 2012 OL-26048-01 December, 2011 Initial release of this document. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation,submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 xxi Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x xxii OL-26048-02 Preface Obtaining Documentation and Submitting a Service RequestC H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems. An autonomous system is a set of routers under a single technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols (IGPs) to exchange routing information inside the autonomous system and an EGP to route packets outside the autonomous system. This module provides the conceptual and configuration information for BGP on Cisco IOS XR software. For more information about BGP and complete descriptions of the BGP commands listed in this module, see Related Documents, on page 161 section of this module. To locate documentation for other commands that might appear while performing a configuration task, search online in the Cisco ASR 9000 Series Router software master command index. Note Feature History for Implementing BGP Release Modification Release 3.7.2 This feature was introduced. The following features were supported: • BGP Prefix Independent Convergence Unipath Primary Backup • BGP Local Label Retention • Asplain notation for 4-byte Autonomous System Number • BGP Nonstop Routing • Command Line Interface (CLI) consistency for BGP commands • L2VPN Address Family Configuration Mode Release 3.9.0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 1Release Modification The following features were supported: • BGP Add Path Advertisement • Accumulated iGP (AiGP) • Pre-route • IPv4 BGP-Policy Accounting • IPv6 uRPF Release 4.0.0 Release 4.1.0 Support for 5000 BGP NSR sessions was added BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing feature was added Release 4.1.1 The following features were supported: • Selective VRF Download • BGP Multi-Instance/Multi-AS • BFD Multihop Support for BGP Release 4.2.0 The following features were supported: • BGP 3107 PIC Updates for Global Prefixes • BGP Prefix Independent Convergence for RIB and FIB • BGP Prefix Origin Validation Based on RPKI Release 4.2.1 • Prerequisites for Implementing BGP, page 2 • Information About Implementing BGP, page 3 • How to Implement BGP on Cisco IOS XR Software, page 51 • Configuration Examples for Implementing BGP, page 152 • Where to Go Next, page 161 • Additional References, page 161 Prerequisites for Implementing BGP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 2 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Prerequisites for Implementing BGPInformation About Implementing BGP To implement BGP, you need to understand the following concepts: BGP Functional Overview BGP uses TCP as its transport protocol. Two BGP routers form a TCP connection between one another (peer routers) and exchange messages to open and confirm the connection parameters. BGP routers exchange network reachability information. This information is mainly an indication of the full paths (BGP autonomous system numbers) that a route should take to reach the destination network. This information helps construct a graph that shows which autonomous systems are loop free and where routing policies can be applied to enforce restrictions on routing behavior. Any two routersforming a TCP connection to exchange BGP routing information are called peers or neighbors. BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent as the routing table changes. BGP keeps a version number of the BGP table, which is the same for all of its BGP peers. The version number changes whenever BGP updatesthe table due to routing information changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers and notification packets are sent in response to error or special conditions. For information on configuring BGP to distribute Multiprotocol Label Switching (MPLS) Layer 3 virtual private network (VPN) information, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide For information on BGP support for Bidirectional Forwarding Detection (BFD), see the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Configuration Guide and the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Command Reference. Note BGP Router Identifier For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is sent to BGP peers in the OPEN message when a BGP session is established. BGP attempts to obtain a router ID in the following ways (in order of preference): • By means of the address configured using the bgp router-id command in router configuration mode. • By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved loopback address configuration. • By using the primary IPv4 address of the first loopback address that gets configured if there are not any in the saved configuration. If none of these methodsfor obtaining a router ID succeeds, BGP does not have a router ID and cannot establish any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log, and the show bgp summary command displays a router ID of 0.0.0.0. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 3 Implementing BGP on Cisco ASR 9000 Series Router Information About Implementing BGPAfter BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using the rules described) and all established peering sessions are reset. We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes to the router ID (and consequent flapping of BGP sessions). Note BGP Default Limits Cisco IOS XR BGP imposes maximum limits on the number of neighbors that can be configured on the router and on the maximum number of prefixes that are accepted from a peer for a given address family. This limitation safeguards the router from resource depletion caused by misconfiguration, either locally or on the remote neighbor. The following limits apply to BGP configurations: • The default maximum number of peers that can be configured is 4000. The default can be changed using the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure additional peers beyond the maximum limit or set the maximum limit to a number that is less than the number of peers currently configured will fail. • To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes that are accepted from a peer for each supported address family. The default limits can be overridden through configuration of the maximum-prefix limit command for the peer for the appropriate address family. The following default limits are used if the user does not configure the maximum number of prefixes for the address family: ? 512K (524,288) prefixes for IPv4 unicast ? 128K (131,072) prefixes for IPv4 multicast ? 128K (131,072) prefixes for IPv6 unicast ? 512K (524,288) prefixes for VPNv4 unicast A cease notification message is sent to the neighbor and the peering with the neighbor is terminated when the number of prefixes received from the peer for a given address family exceeds the maximum limit (either set by default or configured by the user) for that address family. It is possible that the maximum number of prefixes for a neighbor for a given address family has been configured after the peering with the neighbor has been established and a certain number of prefixes have already been received from the neighbor for that address family. A cease notification message is sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if the configured maximum number of prefixesisfewer than the number of prefixesthat have already been received from the neighbor for the address family. BGP Next Hop Tracking BGP receives notifications from the Routing Information Base (RIB) when next-hop information changes (event-driven notifications). BGP obtains next-hop information from the RIB to: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 4 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Default Limits• Determine whether a next hop is reachable. • Find the fully recursed IGP metric to the next hop (used in the best-path calculation). • Validate the received next hops. • Calculate the outgoing next hops. • Verify the reachability and connectedness of neighbors. BGP is notified when any of the following events occurs: • Next hop becomes unreachable • Next hop becomes reachable • Fully recursed IGP metric to the next hop changes • First hop IP address or first hop interface change • Next hop becomes connected • Next hop becomes unconnected • Next hop becomes a local address • Next hop becomes a nonlocal address Note Reachability and recursed metric events trigger a best-path recalculation. Event notificationsfrom the RIB are classified as critical and noncritical. Notificationsfor critical and noncritical events are sent in separate batches. However, a noncritical event is sent along with the critical events if the noncritical event is pending and there is a request to read the critical events. • Critical events are related to the reachability (reachable and unreachable), connectivity (connected and unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not delayed. • Noncritical eventsinclude only the IGP metric changes. These events are sent at an interval of 3 seconds. A metric change event is batched and sent 3 seconds after the last one was sent. The next-hop trigger delay for critical and noncritical events can be configured to specify a minimum batching interval for critical and noncritical events using the nexthop trigger-delay command. The trigger delay is address family dependent. The BGP next-hop tracking feature allows you to specify that BGP routes are resolved using only next hops whose routes have the following characteristics: • To avoid the aggregate routes, the prefix length must be greater than a specified value. • The source protocol must be from a selected list, ensuring that BGP routes are not used to resolve next hops that could lead to oscillation. This route policy filtering is possible because RIB identifies the source protocol of route that resolved a next hop as well as the mask length associated with the route. The nexthop route-policy command is used to specify the route-policy. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 5 Implementing BGP on Cisco ASR 9000 Series Router BGP Next Hop TrackingFor information on route policy filtering for next hops using the next-hop attach point, see the Implementing Routing Policy Language on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication). Scoped IPv4/VPNv4 Table Walk To determine which address family to process, a next-hop notification is received by first dereferencing the gateway context associated with the next hop, then looking into the gateway context to determine which address families are using the gateway context. The IPv4 unicast and VPNv4 unicast address families share the same gateway context, because they are registered with the IPv4 unicast table in the RIB. As a result, both the global IPv4 unicast table and the VPNv4 table are processed when an IPv4 unicast next-hop notification is received from the RIB. A mask is maintained in the next hop, indicating whether the next hop belongs to IPv4 unicast or VPNv4 unicast, or both. This scoped table walk localizes the processing in the appropriate address family table. Reordered Address Family Processing The Cisco IOS XR software walks address family tables based on the numeric value of the address family. When a next-hop notification batch is received, the order of address family processing is reordered to the following order: • IPv4 tunnel • VPNv4 unicast • IPv4 labeled unicast • IPv4 unicast • IPv4 multicast • IPv6 unicast New Thread for Next-Hop Processing The critical-event thread in the spkr process handles only next-hop, Bidirectional Forwarding Detection (BFD), and fast-external-failover (FEF) notifications. This critical-event thread ensures that BGP convergence is not adversely impacted by other events that may take a significant amount of time. show, clear, and debug Commands The show bgp nexthops command provides statistical information about next-hop notifications, the amount of time spent in processing those notifications, and details about each next hop registered with the RIB. The clear bgp nexthop performance-statistics command ensures that the cumulative statistics associated with the processing part of the next-hop show command can be cleared to help in monitoring. The clear bgp nexthop registration command performs an asynchronous registration of the next hop with the RIB. See the BGP Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Referencefor information on the next-hop show and clear commands. The debug bgp nexthop command displays information on next-hop processing. The out keyword provides debug information only about BGP registration of next hops with RIB. The in keyword displays debug information about next-hop notifications received from RIB. The out keyword displays debug information Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 6 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Next Hop Trackingabout next-hop notifications sent to the RIB. See the BGP Debug Commands on Cisco ASR 9000 Series Aggregation Services Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Debug Command Reference . Autonomous System Number Formats in BGP Autonomous system numbers (ASNs) are globally unique identifiers used to identify autonomous systems (ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in BGP. 2-byte Autonomous System Number Format The 2-byte ASNs are represented in asplain notation. The 2-byte range is 1 to 65535. 4-byte Autonomous System Number Format To prepare for the eventual exhaustion of 2-byte Autonomous System Numbers(ASNs), BGP hasthe capability to support 4-byte ASNs. The 4-byte ASNs are represented both in asplain and asdot notations. The byte range for 4-byte ASNs in asplain notation is 1-4294967295. The AS is represented as a 4-byte decimal number. The 4-byte ASN asplain representation is defined in draft-ietf-idr-as-representation-01.txt. For 4-byte ASNs in asdot format, the 4-byte range is 1.0 to 65535.65535 and the format is: high-order-16-bit-value-in-decimal . low-order-16-bit-value-in-decimal The BGP 4-byte ASN capability is used to propagate 4-byte-based AS path information across BGP speakers that do not support 4-byte AS numbers. See draft-ietf-idr-as4bytes-12.txt for information on increasing the size of an ASN from 2 bytes to 4 bytes. AS is represented as a 4-byte decimal number as-format Command The as-format command configures the ASN notation to asdot. The default value, if the as-format command is not configured, is asplain. BGP Configuration BGP in Cisco IOS XR software follows a neighbor-based configuration model that requires that all configurations for a particular neighbor be grouped in one place under the neighbor configuration. Peer groups are not supported for either sharing configuration between neighbors or for sharing update messages. The concept of peer group has been replaced by a set of configuration groups to be used as templates in BGP configuration and automatically generated update groups to share update messages between neighbors. Configuration Modes BGP configurations are grouped into modes. The following sections show how to enter some of the BGP configuration modes. From a mode, you can enter the ? command to display the commands available in that mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 7 Implementing BGP on Cisco ASR 9000 Series Router Autonomous System Number Formats in BGPRouter Configuration Mode The following example shows how to enter router configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# Router Address Family Configuration Mode The following example shows how to enter router address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-af)# Neighbor Configuration Mode The following example shows how to enter neighbor configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# Neighbor Address Family Configuration Mode The following example shows how to enter neighbor address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# VRF Configuration Mode The following example shows how to enter VPN routing and forwarding (VRF) configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# VRF Address Family Configuration Mode The following example shows how to enter VRF address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 8 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationVRF Neighbor Configuration Mode The following example shows how to enter VRF neighbor configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# VRF Neighbor Address Family Configuration Mode The following example shows how to enter VRF neighbor address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 112 RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# VPNv4 Address Family Configuration Mode The following example shows how to enter VPNv4 address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 152 RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# L2VPN Address Family Configuration Mode The following example shows how to enter L2VPN address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 100 RP/0/RSP0/CPU0:router(config-bgp)# address-family l2vpn vpls-vpws RP/0/RSP0/CPU0:router(config-bgp-af)# Neighbor Submode Cisco IOS XR BGP uses a neighbor submode to make it possible to enter configurations without having to prefix every configuration with the neighbor keyword and the neighbor address: • Cisco IOS XR software has a submode available for neighbors in which it is not necessary for every command to have a “neighbor x.x.x.x” prefix: In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 192.23.1.2 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 2002 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv4 multicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 9 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• An address family configuration submode inside the neighbor configuration submode is available for entering address family-specific neighbor configurations. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 2002::2 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 2023 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv6 unicast RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# next-hop-self RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# route-policy one in • You must enter neighbor-specific IPv4, IPv6, VPNv4, or VPNv6 commands in neighbor address-family configuration submode. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config)# router bgp 109 RP/0/RSP0 /CPU0:router(config-bgp)# neighbor 192.168.40.24 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0 /CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0 /CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000 • You must enter neighbor-specific IPv4 and IPv6 commandsin VRF neighbor address-family configuration submode. In Cisco IOS XR software, the configuration is as follows: RP/0/RSP0 /CPU0:router(config)# router bgp 110 RP/0/RSP0 /CPU0:router(config-bgp)# vrf vrf_A RP/0/RSP0 /CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2 RP/0/RSP0 /CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast RP/0/RSP0 /CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass all in Configuration Templates The af-group, session-group, and neighbor-group configuration commands provide template support for the neighbor configuration in Cisco IOS XR software. The af-group command is used to group address family-specific neighbor commands within an IPv4, IPv6, or VPNv4, address family. Neighbors that have the same address family configuration are able to use the address family group (af-group) name for their address family-specific configuration. A neighbor inherits the configuration from an address family group by way of the use command. If a neighbor is configured to use an address family group, the neighbor (by default) inherits the entire configuration from the address family group. However, a neighbor does not inherit all of the configuration from the address family group if items Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 10 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationare explicitly configured for the neighbor. The address family group configuration is entered under the BGP router configuration mode. The following example shows how to enter address family group configuration mode. RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group afmcast1 address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# The session-group command allows you to create a session group from which neighbors can inherit address family-independent configuration. A neighbor inherits the configuration from a session group by way of the use command. If a neighbor is configured to use a session group, the neighbor (by default) inherits the entire configuration of the session group. A neighbor does not inherit all of the configuration from a session group if a configuration is done directly on that neighbor. The following example shows how to enter session group configuration mode: RP/0/RSP0/CPU0:router# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group session1 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# The neighbor-group command helps you apply the same configuration to one or more neighbors. Neighbor groups can include session groups and address family groups and can comprise the complete configuration for a neighbor. After a neighbor group is configured, a neighbor can inherit the configuration of the group using the use command. If a neighbor is configured to use a neighbor group, the neighbor inherits the entire BGP configuration of the neighbor group. The following example shows how to enter neighbor group configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 123 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# The following example shows how to enter neighbor group address family configuration mode: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# • However, a neighbor does not inherit all of the configuration from the neighbor group if items are explicitly configured for the neighbor. In addition, some part of the configuration of the neighbor group could be hidden if a session group or address family group was also being used. Configuration grouping has the following effects in Cisco IOS XR software: • Commands entered at the session group level define address family-independent commands (the same commands as in the neighbor submode). • Commands entered at the address family group level define address family-dependent commands for a specified addressfamily (the same commands asin the neighbor-addressfamily configuration submode). • Commands entered at the neighbor group level define addressfamily-independent commands and address family-dependent commands for each address family (the same as all available neighbor commands), and define the use command for the address family group and session group commands. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 11 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationTemplate Inheritance Rules In Cisco IOS XR software, BGP neighbors or groups inherit configuration from other configuration groups. For address family-independent configurations: • Neighbors can inherit from session groups and neighbor groups. • Neighbor groups can inherit from session groups and other neighbor groups. • Session groups can inherit from other session groups. • If a neighbor uses a session group and a neighbor group, the configurations in the session group are preferred over the global address family configurations in the neighbor group. For address family-dependent configurations: • Address family groups can inherit from other address family groups. • Neighbor groups can inherit from address family groups and other neighbor groups. • Neighbors can inherit from address family groups and neighbor groups. Configuration group inheritance rules are numbered in order of precedence as follows: 1 If the item is configured directly on the neighbor, that value is used. In the example that follows, the advertisement interval is configured both on the neighbor group and neighbor configuration and the advertisement interval being used is from the neighbor configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# advertisement-interval 20 The following output from the show bgp neighbors command shows that the advertisement interval used is 20 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 10.1.1.1 BGP neighbor is 10.1.1.1, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 20 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:00:14, due to BGP neighbor initialized External BGP neighbor not directly connected. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 12 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration2 Otherwise, if an item is configured to be inherited from a session-group or neighbor-group and on the neighbor directly, then the configuration on the neighbor is used. If a neighbor is configured to be inherited from session-group or af-group, but no directly configured value, then the value in the session-group or af-group is used. In the example that follows, the advertisement interval is configured on a neighbor group and a session group and the advertisement interval value being used is from the session group: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 20 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 BGP neighbor is 192.168.0.1, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:03:23, due to BGP neighbor initialized External BGP neighbor not directly connected. 3 Otherwise, if the neighbor uses a neighbor group and does not use a session group or addressfamily group, the configuration value can be obtained from the neighbor group either directly or through inheritance. In the example that follows, the advertisement interval from the neighbor group is used because it is not configured directly on the neighbor and no session group is used: RP/0/RSP0/CPU0:router(config)# router bgp 150 RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 20 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.1.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.1.1 BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 13 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationRemote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 Inbound path policy configured Policy for incoming advertisements is POLICY_1 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:01:14, due to BGP neighbor initialized External BGP neighbor not directly connected. To illustrate the same rule, the following example shows how to set the advertisement interval to 15 (from the session group) and 25 (from the neighbor group). The advertisement interval set in the session group overrides the one set in the neighbor group. The inbound policy is set to POLICY_1 from the neighbor group. RP/0/RSP0/CPU0:routerconfig)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# session-group ADV RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group ADV_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 25 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.2.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group ADV RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group ADV_2 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.2.2 BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 15 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.1 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:02:03, due to BGP neighbor initialized External BGP neighbor not directly connected. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 14 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration4 Otherwise, the default value is used. In the example that follows, neighbor 10.0.101.5 has the minimum time between advertisement runs set to 30 seconds (default) because the neighbor is not configured to use the neighbor configuration or the neighbor group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group adv_15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 10 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.5 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.10 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group adv_15 The following output from the show bgp neighbors command shows that the advertisement interval used is 30 seconds: RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.5 BGP neighbor is 10.0.101.5, remote AS 1, local AS 140, external link Remote router ID 0.0.0.0 BGP state = Idle Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Minimum time between advertisement runs is 30 seconds For Address Family: IPv4 Unicast BGP neighbor version 0 Update group: 0.2 eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288 Threshold for warning message 75% Connections established 0; dropped 0 Last reset 00:00:25, due to BGP neighbor initialized External BGP neighbor not directly connected. The inheritance rules used when groups are inheriting configuration from other groups are the same as the rules given for neighbors inheriting from groups. Viewing Inherited Configurations You can use the following show commands to view BGP inherited configurations: show bgp neighbors Use the show bgp neighbors command to display information about the BGP configuration for neighbors. • Use the configuration keyword to display the effective configuration for the neighbor, including any settings that have been inherited from session groups, neighbor groups, or address family groups used by this neighbor. • Use the inheritance keyword to display the session groups, neighbor groups, and address family groups from which this neighbor is capable of inheriting configuration. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 15 Implementing BGP on Cisco ASR 9000 Series Router BGP ConfigurationThe show bgp neighbors command examples that follow are based on this sample configuration: RP/0/RSP0/CPU0:router(config)# router bgp 142 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# next-hop-self RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# ebgp-multihop 3 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 multicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# default-originate RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2 RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 200 The following example displayssample output from the show bgp neighbors command using the inheritance keyword. The example shows that the neighbor inherits session parameters from neighbor group GROUP_1, which in turn inherits from session group GROUP_2. The neighbor inherits IPv4 unicast parameters from address family group GROUP_3 and IPv4 multicast parameters from neighbor group GROUP_1: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 inheritance Session: n:GROUP_1 s:GROUP_2 IPv4 Unicast: a:GROUP_3 IPv4 Multicast: n:GROUP_1 The following example displays sample output from the show bgp neighbors command using the configuration keyword. The example shows from where each item of configuration was inherited, or if it was configured directly on the neighbor (indicated by [ ]). For example, the ebgp-multihop 3 command was inherited from neighbor group GROUP_1 and the next-hop-self command was inherited from the address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 configuration neighbor 192.168.0.1 remote-as 2 [] advertisement-interval 15 [n:GROUP_1 s:GROUP_2] ebgp-multihop 3 [n:GROUP_1] address-family ipv4 unicast [] next-hop-self [a:GROUP_3] route-policy POLICY_1 in [a:GROUP_3] weight 200 [] address-family ipv4 multicast [n:GROUP_1] default-originate [n:GROUP_1] show bgp af-group Use the show bgp af-group command to display address family groups: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 16 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• Use the configuration keyword to display the effective configuration for the address family group, including any settings that have been inherited from address family groups used by this address family group. • Use the inheritance keyword to display the addressfamily groupsfrom which this addressfamily group is capable of inheriting configuration. • Use the users keyword to display the neighbors, neighbor groups, and address family groups that inherit configuration from this address family group. The show bgp af-group sample commands that follow are based on this sample configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_1 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# maximum-prefix 2500 75 warning-only RP/0/RSP0/CPU0:router(config-bgp-afgrp)# default-originate RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both The following example displays sample output from the show bgp af-group command using the configuration keyword. This example shows from where each configuration item was inherited. The default-originate command was configured directly on this address family group (indicated by [ ]). The remove-private-as command was inherited from address family group GROUP_2, which in turn inherited from address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 configuration af-group GROUP_1 address-family ipv4 unicast capability orf prefix-list both [a:GROUP_2] default-originate [] maximum-prefix 2500 75 warning-only [] route-policy POLICY_1 in [a:GROUP_2 a:GROUP_3] remove-private-AS [a:GROUP_2 a:GROUP_3] send-community-ebgp [a:GROUP_2] send-extended-community-ebgp [a:GROUP_2] The following example displays sample output from the show bgp af-group command using the users keyword: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_2 users IPv4 Unicast: a:GROUP_1 The following example displays sample output from the show bgp af-group command using the inheritance keyword. This shows that the specified address family group GROUP_1 directly uses the GROUP_2 address family group, which in turn uses the GROUP_3 address family group: RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 inheritance IPv4 Unicast: a:GROUP_2 a:GROUP_3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 17 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationshow bgp session-group Use the show bgp session-group command to display session groups: • Use the configuration keyword to display the effective configuration for the session group, including any settings that have been inherited from session groups used by this session group. • Use the inheritance keyword to display the session groups from which this session group is capable of inheriting configuration. • Use the users keyword to display the session groups, neighbor groups, and neighbors that inherit configuration from this session group. The output from the show bgp session-group command is based on the following session group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 113 RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# update-source Loopback 0 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# ebgp-multihop 2 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# dmz-link-bandwidth The following issample output from the show bgp session-group command with the configuration keyword in EXEC mode: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 configuration session-group GROUP_1 ebgp-multihop 2 [s:GROUP_2] update-source Loopback0 [] dmz-link-bandwidth [s:GROUP_2 s:GROUP_3] The following is sample output from the show bgp session-group command with the inheritance keyword showing that the GROUP_1 session group inherits session parameters from the GROUP_3 and GROUP_2 session groups: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 inheritance Session: s:GROUP_2 s:GROUP_3 The following issample output from the show bgp session-group command with the users keyword showing that both the GROUP_1 and GROUP_2 session groupsinheritsession parametersfrom the GROUP_3 session group: RP/0/RSP0/CPU0:router# show bgp session-group GROUP_3 users Session: s:GROUP_1 s:GROUP_2 show bgp neighbor-group Use the show bgp neighbor-group command to display neighbor groups: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 18 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Configuration• Use the configuration keyword to display the effective configuration for the neighbor group, including any settings that have been inherited from neighbor groups used by this neighbor group. • Use the inheritance keyword to display the address family groups, session groups, and neighbor groups from which this neighbor group is capable of inheriting configuration. • Use the users keyword to display the neighbors and neighbor groups that inherit configuration from this neighbor group. The examples are based on the following group configuration: RP/0/RSP0/CPU0:router(config)# router bgp 140 RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as RP/0/RSP0/CPU0:router(config-bgp-afgrp)# soft-reconfiguration inbound RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# timers 30 90 RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1982 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use neighbor-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit RP/0/RSP0/CPU0:router(config-nbrgrp)# exit RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_3 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast RP/0/RSP0/CPU0:routerconfig-bgp-nbrgrp-af)# use af-group GROUP_2 RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100 The following is sample output from the show bgp neighbor-group command with the configuration keyword. The configuration setting source is shown to the right of each command. In the output shown previously, the remote autonomous system is configured directly on neighbor group GROUP_1, and the send community setting isinherited from neighbor group GROUP_2, which in turn inheritsthe setting from address family group GROUP_3: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 configuration neighbor-group GROUP_1 remote-as 1982 [] timers 30 90 [n:GROUP_2 s:GROUP_3] address-family ipv4 unicast [] capability orf prefix-list both [n:GROUP_2 a:GROUP_2] remove-private-AS [n:GROUP_2 a:GROUP_2 a:GROUP_3] send-community-ebgp [n:GROUP_2 a:GROUP_2] send-extended-community-ebgp [n:GROUP_2 a:GROUP_2] soft-reconfiguration inbound [n:GROUP_2 a:GROUP_2 a:GROUP_3] weight 100 [n:GROUP_2] The following issample output from the show bgp neighbor-group command with the inheritance keyword. This output shows that the specified neighbor group GROUP_1 inherits session (address family-independent) configuration parameters from neighbor group GROUP_2. Neighbor group GROUP_2 inherits its session parameters from session group GROUP_3. It also shows that the GROUP_1 neighbor group inherits IPv4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 19 Implementing BGP on Cisco ASR 9000 Series Router BGP Configurationunicast configuration parameters from the GROUP_2 neighbor group, which in turn inherits them from the GROUP_2 address family group, which itself inherits them from the GROUP_3 address family group: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 inheritance Session: n:GROUP-2 s:GROUP_3 IPv4 Unicast: n:GROUP_2 a:GROUP_2 a:GROUP_3 The following is sample output from the show bgp neighbor-group command with the users keyword. This output shows that the GROUP_1 neighbor group inherits session (address family-independent) configuration parameters from the GROUP_2 neighbor group. The GROUP_1 neighbor group also inherits IPv4 unicast configuration parameters from the GROUP_2 neighbor group: RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_2 users Session: n:GROUP_1 IPv4 Unicast: n:GROUP_1 No Default Address Family BGP does notsupport the concept of a default addressfamily. An addressfamily must be explicitly configured under the BGP router configuration for the address family to be activated in BGP. Similarly, an address family must be explicitly configured under a neighbor for the BGP session to be activated under that address family. It is not required to have any addressfamily configured under the BGP router configuration level for a neighbor to be configured. However, it is a requirement to have an address family configured at the BGP router configuration level for the address family to be configured under a neighbor. Routing Policy Enforcement External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration omission error. This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are accepted or advertised if there is no policy. Note In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no modifications, a simple pass-all policy is configured: RP/0/RSP0/CPU0:router(config)# route-policy pass-all RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# end-policy RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 20 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router No Default Address FamilyUse the route-policy (BGP) command in the neighbor address-family configuration mode to apply the pass-all policy to a neighbor. The following example shows how to allow all IPv4 unicast routes to be received from neighbor 192.168.40.42 and advertise all IPv4 unicast routes back to it: RP/0/RSP0/CPU0:router(config)# router bgp 1 RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 21 RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit Use the show bgp summary command to display eBGP neighbors that do not have both an inbound and outbound policy for every active addressfamily. In the following example,such eBGP neighbors are indicated in the output with an exclamation (!) mark: RP/0/RSP0/CPU0:router# show bgp all all summary Address Family: IPv4 Unicast ============================ BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 41 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 41 41 41 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.0.101.1 0 1 919 925 41 0 0 15:15:08 10 10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle Address Family: IPv4 Multicast ============================== BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 1 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 1 1 1 Some configured eBGP neighbors do not have both inbound and outbound policies configured for IPv4 Multicast address family. These neighbors will default to sending and/or receiving no routes and are marked with ’!’ in the output below. Use the ’show bgp neighbor ’ command for details. Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle! Address Family: IPv6 Unicast ============================ BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 2 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 2 2 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 21 Implementing BGP on Cisco ASR 9000 Series Router Routing Policy EnforcementNeighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 2222::2 0 2 920 918 2 0 0 15:15:11 1 2222::4 0 3 0 0 0 0 0 00:00:00 Idle Address Family: IPv6 Multicast ============================== BGP router identifier 10.0.0.1, local AS number 1 BGP generic scan interval 60 secs BGP main routing table version 1 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RecvTblVer bRIB/RIB SendTblVer Speaker 1 1 1 Some configured eBGP neighbors do not have both inbound and outbound policies configured for IPv6 Multicast address family. These neighbors will default to sending and/or receiving no routes and are marked with ’!’ in the output below. Use the ’show bgp neighbor ’ command for details. Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 2222::2 0 2 920 918 0 0 0 15:15:11 0 2222::4 0 3 0 0 0 0 0 00:00:00 Idle! Table Policy The table policy feature in BGP allows you to configure traffic index values on routes as they are installed in the global routing table. This feature is enabled using the table-policy command and supports the BGP policy accounting feature. BGP policy accounting uses traffic indices that are set on BGP routes to track various counters. See the Implementing Routing Policy on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide for details on table policy use. See the Cisco Express Forwarding Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference for details on BGP policy accounting. Table policy also provides the ability to drop routes from the RIB based on match criteria. This feature can be useful in certain applications and should be used with caution as it can easily create a routing ‘black hole’ where BGP advertises routes to neighbors that BGP does not install in its global routing table and forwarding table. Update Groups The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update groups of neighborsthatshare outbound policies and can share the update messages. The BGP Update Groups feature separates update group replication from peer group configuration, improving convergence time and flexibility of neighbor configuration. To use this feature, you must understand the following concepts: Related Topics BGP Update Generation and Update Groups , on page 23 BGP Update Group , on page 23 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 22 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Table PolicyBGP Update Generation and Update Groups The BGP Update Groups feature separates BGP update generation from neighbor configuration. The BGP Update Groups feature introduces an algorithm that dynamically calculates BGP update group membership based on outbound routing policies. This feature does not require any configuration by the network operator. Update group-based message generation occurs automatically and independently. BGP Update Group When a change to the configuration occurs, the router automatically recalculates update group memberships and applies the changes. For the best optimization of BGP update group generation, we recommend that the network operator keeps outbound routing policy the same for neighbors that have similar outbound policies. This feature contains commands for monitoring BGP update groups. For more information about the commands, see Monitoring BGP Update Groups, on page 131. BGP Cost Community The BGP cost community is a nontransitive extended community attribute that is passed to internal BGP (iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows you to customize the local route preference and influence the best-path selection process by assigning cost values to specific routes. The extended community format defines generic points of insertion (POI) that influence the best-path decision at different points in the best-path algorithm. The cost community attribute is applied to internal routes by configuring the set extcommunity cost command in a route policy. See the Routing Policy Language Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for information on the set extcommunity cost command. The cost community set clause is configured with a cost community ID number (0–255) and cost community number (0–4294967295). The cost community number determines the preference for the path. The path with the lowest cost community number is preferred. Paths that are not specifically configured with the cost community number are assigned a default cost community number of 2147483647 (the midpoint between 0 and 4294967295) and evaluated by the best-path selection process accordingly. When two paths have been configured with the same cost community number, the path selection process prefers the path with the lowest cost community ID. The cost-extended community attribute is propagated to iBGP peers when extended community exchange is enabled. The following commands include the route-policy keyword, which you can use to apply a route policy that is configured with the cost community set clause: • aggregate-address • redistribute • network How BGP Cost Community Influences the Best Path Selection Process The cost community attribute influences the BGP best-path selection process at the point of insertion (POI). By default, the POI follows the Interior Gateway Protocol (IGP) metric comparison. When BGP receives multiple paths to the same destination, it uses the best-path selection process to determine which path is the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 23 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Communitybest path. BGP automatically makesthe decision and installsthe best path in the routing table. The POI allows you to assign a preference to a specific path when multiple equal cost paths are available. If the POI is not valid for local best-path selection, the cost community attribute is silently ignored. Cost communities are sorted first by POI then by community ID. Multiple paths can be configured with the cost community attribute for the same POI. The path with the lowest cost community ID is considered first. In other words, all cost community paths for a specific POI are considered, starting with the one with the lowest cost community. Paths that do not contain the cost community cost (for the POI and community ID being evaluated) are assigned the default community cost value (2147483647). If the cost community values are equal, then cost community comparison proceeds to the next lowest community ID for this POI. To select the path with the lower cost community, simultaneously walk through the cost communities of both paths. Thisis done by maintaining two pointersto the cost community chain, one for each path, and advancing both pointers to the next applicable cost community at each step of the walk for the given POI, in order of community ID, and stop when a best path is chosen or the comparison is a tie. At each step of the walk, the following checks are done: If neither pointer refers to a cost community, Declare a tie; Elseif a cost community is found for one path but not for the other, Choose the path with cost community as best path; Elseif the Community ID from one path is less than the other, Choose the path with the lesser Community ID as best path; Elseif the Cost from one path is less than the other, Choose the path with the lesser Cost as best path; Else Continue. Paths that are not configured with the cost community attribute are considered by the best-path selection process to have the default cost value (half of the maximum value [4294967295] or 2147483647). Note Applying the cost community attribute at the POI allows you to assign a value to a path originated or learned by a peer in any part of the local autonomous system or confederation. The cost community can be used as a “tie breaker” during the best-path selection process. Multiple instances of the cost community can be configured for separate equal cost paths within the same autonomous system or confederation. For example, a lower cost community value can be applied to a specific exit path in a network with multiple equal cost exit points, and the specific exit path is preferred by the BGP best-path selection process. See the scenario described inInfluencing Route Preference in a Multiexit IGP Network, on page 26. The cost community comparison in BGP is enabled by default. Use the bgp bestpath cost-community ignore command to disable the comparison. Note SeeBGP Best Path Algorithm, on page 28 for information on the BGP best-path selection process. Cost Community Support for Aggregate Routes and Multipaths The BGP cost community feature supports aggregate routes and multipaths. The cost community attribute can be applied to either type of route. The cost community attribute is passed to the aggregate or multipath route from component routes that carry the cost community attribute. Only unique IDs are passed, and only the highest cost of any individual component route is applied to the aggregate for each ID. If multiple component routes contain the same ID, the highest configured cost is applied to the route. For example, the following two component routes are configured with the cost community attribute using an inbound route policy: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 24 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Community• 10.0.0.1 ? POI=IGP ? cost community ID=1 ? cost number=100 • 192.168.0.1 ? POI=IGP ? cost community ID=1 ? cost number=200 If these component routes are aggregated or configured as a multipath, the cost value 200 is advertised, because it has the highest cost. If one or more component routes do not carry the cost community attribute or the component routes are configured with different IDs, then the default value (2147483647) is advertised for the aggregate or multipath route. For example, the following three component routes are configured with the cost community attribute using an inbound route policy. However, the component routes are configured with two different IDs. • 10.0.0.1 ? POI=IGP ? cost community ID=1 ? cost number=100 • 172.16.0.1 ? POI=IGP ? cost community ID=2 ? cost number=100 • 192.168.0.1 ? POI=IGP ? cost community ID=1 ? cost number=200 The single advertised path includes the aggregate cost communities as follows: {POI=IGP, ID=1, Cost=2147483647} {POI-IGP, ID=2, Cost=2147483647} Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 25 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost CommunityInfluencing Route Preference in a Multiexit IGP Network This figure shows an IGP network with two autonomous system boundary routers (ASBRs) on the edge. Each ASBR has an equal cost path to network 10.8/16. Figure 1: Multiexit Point IGP Network Both paths are considered to be equal by BGP. If multipath loadsharing is configured, both pathsto the routing table are installed and are used to balance the load of traffic. If multipath load balancing is not configured, the BGP selects the path that was learned first as the best path and installs this path to the routing table. This behavior may not be desirable under some conditions. For example, the path is learned from ISP1 PE2 first, but the link between ISP1 PE2 and ASBR1 is a low-speed link. The configuration of the cost community attribute can be used to influence the BGP best-path selection process by applying a lower-cost community value to the path learned by ASBR2. For example, the following configuration is applied to ASBR2: RP/0/RSP0/CPU0:router(config)# route-policy ISP2_PE1 RP/0/RSP0/CPU0:router(config-rpl)# set extcommunity cost (1:1) The preceding route policy applies a cost community number of 1 to the 10.8.0.0 route. By default, the path learned from ASBR1 is assigned a cost community number of 2147483647. Because the path learned from ASBR2 has a lower-cost community number, the path is preferred. BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links Back-door links in an EIGRP MPLS VPN topology is preferred by BGP if the back-door link is learned first. (A back-door link, or route, is a connection that is configured outside of the VPN between a remote and main site; for example, a WAN leased line that connects a remote site to the corporate network.) The “prebest path” point of insertion (POI) in the BGP cost community feature supports mixed EIGRP VPN network topologies that contain VPN and back-door links. This POI is applied automatically to EIGRP routes that are redistributed into BGP. The “prebest path” POI carries the EIGRP route type and metric. This POI influencesthe best-path calculation process by influencing BGP to consider the POI before any other comparison step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco IOS XR software is installed on a PE, CE, or back-door router. For information about configuring EIGRP MPLS VPNs,see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 26 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost CommunityThis figure shows how cost community can be used to support backdoor links in a network. Figure 2: Network Showing How Cost Community Can be Used to Support Backdoor Links The following sequence of events happens in PE1: 1 PE1 learns IPv4 prefix 10.1.1.0/24 from CE1 through EIGRP running a virtual routing and forwarding (VRF) instance. EIGRP selects and installs the best path in the RIB. It also encodes the cost-extended community and adds the information to the RIB. 2 The route is redistributed into BGP (assuming that IGP-to-BGP redistribution is configured). BGP also receives the cost-extended community from the route through the redistribution process. 3 After BGP has determined the best path for the newly redistributed prefix, the path is advertised to PE peers (PE2). 4 PE2 receives the BGP VPNv4 prefix route_distinguisher:10.1.1.0/24 along with the cost community. It is likely that CE2 advertises the same prefix (because of the back-door link between CE1 and CE2) to PE2 through EIGRP. PE2 BGP would have already learned the CE route through the redistribution process along with the cost community value 5 PE2 has two paths within BGP: one with cost community cost1 through multipath BGP (PE1) and another with cost community cost2 through the EIGRP neighbor (CE2). 6 PE2 runs the enhanced BGP best-path calculation. 7 PE2 installs the best path in the RIB passing the appropriate cost community value. 8 PE2 RIB has two paths for 10.1.1.0/24: one with cost community cost2 added by EIGRP and another with the cost community cost1 added by BGP. Because both the route paths have cost community, RIB compares the costs first. The BGP path has the lower cost community, so it is selected and downloaded to the RIB. 9 PE2 RIB redistributes the BGP path into EIGRP with VRF. EIGRP runs a diffusing update algorithm (DUAL) because there are two paths, and selects the BGP-redistributed path. 10 PE2 EIGRP advertises the path to CE2 making the path the next hop for the prefix to send the traffic over the MPLS network. Adding Routes to the Routing Information Base If a nonsourced path becomes the best path after the best-path calculation, BGP adds the route to the Routing Information Base (RIB) and passes the cost communities along with the other IGP extended communities. When a route with paths is added to the RIB by a protocol, RIB checks the current best paths for the route and the added pathsfor cost extended communities. If cost-extended communities are found, the RIB compares Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 27 Implementing BGP on Cisco ASR 9000 Series Router BGP Cost Communitythe set of cost communities. If the comparison does not result in a tie, the appropriate best path is chosen. If the comparison results in a tie, the RIB proceeds with the remaining steps of the best-path algorithm. If a cost community is not present in either the current best paths or added paths, then the RIB continues with the remaining steps of the best-path algorithm. See BGP Best Path Algorithm, on page 28 for information on the BGP best-path algorithm. BGP Best Path Algorithm BGP routerstypically receive multiple pathsto the same destination. The BGP best-path algorithm determines the best path to install in the IP routing table and to use for forwarding traffic. This section describes the Cisco IOS XR software implementation of BGP best-path algorithm, as specified in Section 9.1 of the Internet Engineering Task Force (IETF) Network Working Group draft-ietf-idr-bgp4-24.txt document. The BGP best-path algorithm implementation is in three parts: • Part 1—Compares two paths to determine which is better. • Part 2—Iterates over all paths and determines which order to compare the paths to select the overall best path. • Part 3—Determines whether the old and new best paths differ enough so that the new best path should be used. The order of comparison determined by Part 2 is important because the comparison operation is not transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and when B and C are compared, B is better, it is not necessarily the case that when A and C are compared, A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among paths from the same neighboring autonomous system (AS) and not among all paths. Note Comparing Pairs of Paths Perform the following steps to compare two paths and determine the better path: 1 If either path isinvalid (for example, a path hasthe maximum possible MED value or it has an unreachable next hop), then the other path is chosen (provided that the path is valid). 2 If the paths have unequal pre-bestpath cost communities, the path with the lower pre-bestpath cost community is selected as the best path. Note See BGP Cost Community, on page 23 for details on how cost communities are compared. 3 If the paths have unequal weights, the path with the highest weight is chosen. The weight is entirely local to the router, and can be set with the weight command or using a routing policy. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 28 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm4 If the paths have unequal local preferences, the path with the higher local preference is chosen. If a local preference attribute was received with the path or was set by a routing policy, then that value is used in this comparison. Otherwise, the default local preference value of 100 is used. The default value can be changed using the bgp default local-preference command. Note 5 If one of the paths is a redistributed path, which results from a redistribute or network command, then it is chosen. Otherwise, if one of the paths is a locally generated aggregate, which results from an aggregate-address command, it is chosen. Note Step 1 through Step 4 implement the “Path Selection with BGP”of RFC 1268. 6 If the paths have unequal AS path lengths, the path with the shorter AS path is chosen. This step is skipped if bgp bestpath as-path ignore command is configured. Note When calculating the length of the AS path, confederation segments are ignored, and AS sets count as 1. eiBGP specifies internal and external BGP multipath peers. eiBGP allows simultaneous use of internal and external paths. Note 7 If the paths have different origins, the path with the lower origin is selected. Interior Gateway Protocol (IGP) is considered lower than EGP, which is considered lower than INCOMPLETE. 8 If appropriate, the MED of the paths is compared. If they are unequal, the path with the lower MED is chosen. A number of configuration options exist that affect whether or not this step is performed. In general, the MED is compared if both paths were received from neighbors in the same AS; otherwise the MED comparison is skipped. However, this behavior is modified by certain configuration options, and there are also some corner cases to consider. If the bgp bestpath med always command is configured, then the MED comparison is always performed, regardless of neighbor AS in the paths. Otherwise, MED comparison depends on the AS paths of the two paths being compared, as follows: • If a path has no AS path or the AS path starts with an AS_SET, then the path is considered to be internal, and the MED is compared with other internal paths. • If the AS path starts with an AS_SEQUENCE, then the neighbor AS is the first AS number in the sequence, and the MED is compared with other paths that have the same neighbor AS. • If the AS path contains only confederation segments or starts with confederation segments followed by an AS_SET, then the MED is not compared with any other path unless the bgp bestpath med confed command is configured. In that case, the path is considered internal and the MED is compared with other internal paths. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 29 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm• If the AS path starts with confederation segmentsfollowed by an AS_SEQUENCE, then the neighbor AS is the first AS number in the AS_SEQUENCE, and the MED is compared with other paths that have the same neighbor AS. If no MED attribute wasreceived with the path, then the MED is considered to be 0 unlessthe bgp bestpath med missing-as-worst command is configured. In that case, if no MED attribute was received, the MED is considered to be the highest possible value. Note 9 If one path is received from an external peer and the other is received from an internal (or confederation) peer, the path from the external peer is chosen. 10 If the paths have different IGP metrics to their next hops, the path with the lower IGP metric is chosen. 11 If the paths have unequal IP cost communities, the path with the lower IP cost community is selected as the best path. Note See the BGP Cost Community, on page 23 for details on how cost communities are compared. 12 If all path parameters in Step 1 through Step 10 are the same, then the router IDs are compared. If the path was received with an originator attribute, then that is used as the router ID to compare; otherwise, the router ID of the neighbor from which the path was received is used. If the paths have different router IDs, the path with the lower router ID is chosen. Where the originator is used as the router ID, it is possible to have two paths with the same router ID. It is also possible to have two BGP sessions with the same peer router, and therefore receive two paths with the same router ID. Note 13 If the paths have different cluster lengths, the path with the shorter cluster length is selected. If a path was not received with a cluster list attribute, it is considered to have a cluster length of 0. 14 Finally, the path received from the neighbor with the lower IP address is chosen. Locally generated paths (for example, redistributed paths) are considered to have a neighbor IP address of 0. Order of Comparisons The second part of the BGP best-path algorithm implementation determines the order in which the paths should be compared. The order of comparison is determined as follows: 1 The paths are partitioned into groups such that within each group the MED can be compared among all paths. The same rules as in Comparing Pairs of Paths, on page 28 are used to determine whether MED can be compared between any two paths. Normally, this comparison resultsin one group for each neighbor AS. If the bgp bestpath med always command is configured, then there is just one group containing all the paths. 2 The best path in each group is determined. Determining the best path is achieved by iterating through all pathsin the group and keeping track of the best one seen so far. Each path is compared with the best-so-far, and if it is better, it becomes the new best-so-far and is compared with the next path in the group. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 30 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Best Path Algorithm3 A set of paths is formed containing the best path selected from each group in Step 2. The overall best path is selected from this set of paths, by iterating through them as in Step 2. Best Path Change Suppression The third part of the implementation is to determine whether the best-path change can be suppressed or not—whether the new best path should be used, or continue using the existing best path. The existing best path can continue to be used if the new one is identical to the point at which the best-path selection algorithm becomes arbitrary (if the router-id is the same). Continuing to use the existing best path can avoid churn in the network. This suppression behavior does not comply with the IETF Networking Working Group draft-ietf-idr-bgp4-24.txt document, but is specified in the IETF Networking Working Group draft-ietf-idr-avoid-transition-00.txt document. Note The suppression behavior can be turned off by configuring the bgp bestpath compare-routerid command. If this command is configured, the new best path is always preferred to the existing one. Otherwise, the following steps are used to determine whether the best-path change can be suppressed: 1 If the existing best path is no longer valid, the change cannot be suppressed. 2 If either the existing or new best paths were received from internal (or confederation) peers or were locally generated (for example, by redistribution), then the change cannot be suppressed. That is, suppression is possible only if both paths were received from external peers. 3 If the paths were received from the same peer (the paths would have the same router-id), the change cannot be suppressed. The router ID is calculated using rules in Comparing Pairs of Paths, on page 28. 4 If the paths have different weights, local preferences, origins, or IGP metrics to their next hops, then the change cannot be suppressed. Note that all these values are calculated using the rules in Comparing Pairs of Paths, on page 28. 5 If the paths have different-length AS paths and the bgp bestpath as-path ignore command is not configured, then the change cannot be suppressed. Again, the AS path length is calculated using the rulesin Comparing Pairs of Paths, on page 28. 6 If the MED of the paths can be compared and the MEDs are different, then the change cannot be suppressed. The decision as to whether the MEDs can be compared is exactly the same as the rules in Comparing Pairs of Paths, on page 28, as is the calculation of the MED value. 7 If all path parameters in Step 1 through Step 6 do not apply, the change can be suppressed. Administrative Distance An administrative distance is a rating of the trustworthiness of a routing information source. In general, the higher the value, the lower the trust rating. For information on specifying the administrative distance for BGP, see the BGP Commands module of the Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Normally, a route can be learned through more than one protocol. Administrative distance is used to discriminate between routes learned from more than one protocol. The route with the lowest administrative distance is Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 31 Implementing BGP on Cisco ASR 9000 Series Router Administrative Distanceinstalled in the IP routing table. By default, BGP uses the administrative distances shown in Table 2: BGP Default Administrative Distances, on page 32. Table 2: BGP Default Administrative Distances Distance Default Value Function Applied to routes learned from eBGP. External 20 Applied to routes learned from iBGP. Internal 200 Applied to routes originated by the router. Local 200 Distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned routes are installed in the IP routing table. Note In most cases, when a route is learned through eBGP, it is installed in the IP routing table because of its distance (20). Sometimes, however, two ASs have an IGP-learned back-door route and an eBGP-learned route. Their policy might be to use the IGP-learned path as the preferred path and to use the eBGP-learned path when the IGP path is down. See Figure 3: Back Door Example , on page 32. Figure 3: Back Door Example In Figure 3: Back Door Example , on page 32, Routers A and C and Routers B and C are running eBGP. Routers A and B are running an IGP (such as Routing Information Protocol [RIP], Interior Gateway Routing Protocol [IGRP], Enhanced IGRP, or Open Shortest Path First [OSPF]). The default distances for RIP, IGRP, Enhanced IGRP, and OSPF are 120, 100, 90, and 110, respectively. All these distances are higher than the default distance of eBGP, which is 20. Usually, the route with the lowest distance is preferred. Router A receives updates about 160.10.0.0 from two routing protocols: eBGP and IGP. Because the default distance for eBGP is lower than the default distance of the IGP, Router A chooses the eBGP-learned route Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 32 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Administrative Distancefrom Router C. If you want Router A to learn about 160.10.0.0 from Router B (IGP), establish a BGP back door. See . In the following example, a network back-door is configured: RP/0/RSP0/CPU0:router(config)# router bgp 100 RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)# network 160.10.0.0/16 backdoor Router A treats the eBGP-learned route as local and installs it in the IP routing table with a distance of 200. The network is also learned through Enhanced IGRP (with a distance of 90), so the Enhanced IGRP route is successfully installed in the IP routing table and is used to forward traffic. If the Enhanced IGRP-learned route goes down, the eBGP-learned route is installed in the IP routing table and is used to forward traffic. Although BGP treats network 160.10.0.0 as a local entry, it does not advertise network 160.10.0.0 asit normally would advertise a local entry. Multiprotocol BGP Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocols and IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast routing. The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM) feature to build data distribution trees. Multiprotocol BGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which resources are used for which traffic. Multiprotocol BGP allows you to have a unicast routing topology different from a multicast routing topology providing more control over your network and resources. In BGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was in place for unicast routing. Perhaps you want all multicast traffic exchanged at one network access point (NAP). If those routers were not multicast capable, or there were differing policies for which you wanted multicast traffic to flow, multicast routing could not be supported without multiprotocol BGP. It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability information (NLRI), but you cannot connect multiprotocol BGP clouds with a BGP cloud. That is, you cannot redistribute multiprotocol BGP routes into BGP. Note Figure 4: Noncongruent Unicast and Multicast Routes, on page 34 illustrates simple unicast and multicast topologies that are incongruent, and therefore are not possible without multiprotocol BGP. Autonomous systems 100, 200, and 300 are each connected to two NAPs that are FDDI rings. One is used for unicast peering (and therefore the exchange of unicast traffic). The Multicast Friendly Interconnect (MFI) Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 33 Implementing BGP on Cisco ASR 9000 Series Router Multiprotocol BGPring is used for multicast peering (and therefore the exchange of multicast traffic). Each router is unicast and multicast capable. Figure 4: Noncongruent Unicast and Multicast Routes Figure 5: Multicast BGP Environment, on page 35 is a topology of unicast-only routers and multicast-only routers. The two routers on the left are unicast-only routers (that is, they do not support or are not configured to perform multicast routing). The two routers on the right are multicast-only routers. Routers A and B support both unicast and multicast routing. The unicast-only and multicast-only routers are connected to a single NAP. In Figure 5: Multicast BGP Environment, on page 35, only unicast traffic can travel from Router A to the unicast routers to Router B and back. Multicast traffic could not flow on that path, so another routing table is required. Multicast traffic uses the path from Router A to the multicast routers to Router B and back. Figure 5: Multicast BGP Environment, on page 35 illustrates a multiprotocol BGP environment with a separate unicast route and multicast route from Router A to Router B. Multiprotocol BGP allows these routes to be incongruent. Both of the autonomous systems must be configured for internal multiprotocol BGP (IMBGP) in the figure. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 34 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Multiprotocol BGPA multicast routing protocol,such as PIM, usesthe multicast BGP database to perform Reverse Path Forwarding (RPF) lookupsfor multicast-capable sources. Thus, packets can be sent and accepted on the multicast topology but not on the unicast topology. Figure 5: Multicast BGP Environment Route Dampening Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then unavailable, and so on. For example, consider a network with three BGP autonomous systems: autonomous system 1, autonomous system 2, and autonomoussystem 3. Suppose the route to network A in autonomoussystem 1 flaps(it becomes unavailable). Under circumstances without route dampening, the eBGP neighbor of autonomous system 1 to autonomous system 2 sends a withdraw message to autonomous system 2. The border router in autonomous system 2, in turn, propagates the withdrawal message to autonomous system 3. When the route to network A reappears, autonomous system 1 sends an advertisement message to autonomous system 2, which sends it to autonomous system 3. If the route to network A repeatedly becomes unavailable, then available, many withdrawal and advertisement messages are sent. Route flapping is a problem in an internetwork connected to the Internet, because a route flap in the Internet backbone usually involves many routes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 35 Implementing BGP on Cisco ASR 9000 Series Router Route DampeningMinimizing Flapping The route dampening feature minimizes the flapping problem as follows. Suppose again that the route to network A flaps. The router in autonomous system 2 (in which route dampening is enabled) assigns network A a penalty of 1000 and moves it to history state. The router in autonomous system 2 continues to advertise the status of the route to neighbors. The penalties are cumulative. When the route flaps so often that the penalty exceeds a configurable suppression limit, the router stops advertising the route to network A, regardless of how many times it flaps. Thus, the route is dampened. The penalty placed on network A is decayed until the reuse limit is reached, upon which the route is once again advertised. At half of the reuse limit, the dampening information for the route to network A is removed. No penalty is applied to a BGP peer reset when route dampening is enabled, even though the reset withdraws the route. Note BGP Routing Domain Confederation One way to reduce the iBGP mesh is to divide an autonomous system into multiple subautonomous systems and group them into a single confederation. To the outside world, the confederation looks like a single autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation. Although the peers in different autonomous systems have eBGP sessions, they exchange routing information as if they were iBGP peers. Specifically, the next hop, MED, and local preference information is preserved. This feature allows you to retain a single IGP for all of the autonomous systems. BGP Route Reflectors BGP requires that all iBGP speakers be fully meshed. However, this requirement does not scale well when there are many iBGP speakers. Instead of configuring a confederation, you can reduce the iBGP mesh by using a route reflector configuration. Figure 6: Three Fully Meshed iBGP Speakers, on page 37 illustrates a simple iBGP configuration with three iBGP speakers(routers A, B, and C). Without route reflectors, when Router A receives a route from an external neighbor, it must advertise it to both routers B and C. Routers B and C do not readvertise the iBGP learned Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 36 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Routing Domain Confederationroute to other iBGP speakers because the routers do not pass on routes learned from internal neighbors to other internal neighbors, thus preventing a routing information loop. Figure 6: Three Fully Meshed iBGP Speakers With route reflectors, all iBGP speakers need not be fully meshed because there is a method to pass learned routes to neighbors. In this model, an iBGP peer is configured to be a route reflector responsible for passing iBGP learned routes to a set of iBGP neighbors. In Figure 7: Simple BGP Model with a Route Reflector, on page 38 , Router B is configured as a route reflector. When the route reflector receives routes advertised from Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 37 Implementing BGP on Cisco ASR 9000 Series Router BGP Route ReflectorsRouter A, it advertisesthem to Router C, and vice versa. Thisscheme eliminatesthe need for the iBGP session between routers A and C. Figure 7: Simple BGP Model with a Route Reflector The internal peers of the route reflector are divided into two groups: client peers and all other routers in the autonomous system (nonclient peers). A route reflector reflects routes between these two groups. The route reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 38 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflectorsclient peers need not be fully meshed. The clients in the cluster do not communicate with iBGP speakers outside their cluster. Figure 8: More Complex BGP Route Reflector Model Figure 8: More Complex BGP Route Reflector Model, on page 39 illustrates a more complex route reflector scheme. Router A is the route reflector in a cluster with routers B, C, and D. Routers E, F, and G are fully meshed, nonclient routers. When the route reflector receives an advertised route, depending on the neighbor, it takesthe following actions: • A route from an external BGP speaker is advertised to all clients and nonclient peers. • A route from a nonclient peer is advertised to all clients. • A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully meshed. Along with route reflector-aware BGP speakers, it is possible to have BGP speakers that do not understand the concept of route reflectors. They can be members of either client or nonclient groups, allowing an easy and gradual migration from the old BGP model to the route reflector model. Initially, you could create a single cluster with a route reflector and a few clients. All other iBGP speakers could be nonclient peers to the route reflector and then more clusters could be created gradually. An autonomous system can have multiple route reflectors. A route reflector treats other route reflectors just like other iBGP speakers. A route reflector can be configured to have other route reflectors in a client group or nonclient group. In a simple configuration, the backbone could be divided into many clusters. Each route Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 39 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflectorsreflector would be configured with other route reflectors as nonclient peers (thus, all route reflectors are fully meshed). The clients are configured to maintain iBGP sessions with only the route reflector in their cluster. Usually, a cluster of clients has a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All route reflectors serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient peers. By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, the route reflector need not reflect routes to clients. As the iBGP learned routes are reflected, routing information may loop. The route reflector model has the following mechanisms to avoid routing loops: • Originator ID is an optional, nontransitive BGP attribute. It is a 4-byte attributed created by a route reflector. The attribute carriesthe router ID of the originator of the route in the local autonomoussystem. Therefore, if a misconfiguration causesrouting information to come back to the originator, the information is ignored. • Cluster-list is an optional, nontransitive BGP attribute. It is a sequence of cluster IDs that the route has passed. When a route reflector reflects a route from its clients to nonclient peers, and vice versa, it appends the local cluster ID to the cluster-list. If the cluster-list is empty, a new cluster-list is created. Using this attribute, a route reflector can identify if routing information is looped back to the same cluster due to misconfiguration. If the local cluster ID is found in the cluster-list, the advertisement is ignored. Default Address Family for show Commands Most of the show commands provide address family (AFI) and subaddress family (SAFI) arguments (see RFC 1700 and RFC 2858 for information on AFI and SAFI). The Cisco IOS XR software parser provides the ability to set the afi and safi so that it is not necessary to specify them while running a show command. The parser commands are: • set default-afi { ipv4 | ipv6 | all } • set default-safi { unicast | multicast | all } The parser automatically sets the default afi value to ipv4 and default safi value to unicast . It is necessary to use only the parser commands to change the default afi value from ipv4 or default safi value from unicast . Any afi or safi keyword specified in a show command overrides the values set using the parser commands. Use the following show default-afi-safi-vrf command to check the currently set value of the afi and safi. Distributed BGP Distributed BGP splits BGP functionality into three process types: • BGP process manager—Responsible for verifying configuration changes and for calculating and publishing the distribution of neighbors among BGP speaker processes. There is a single instance of this process. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 40 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Default Address Family for show Commands• bRIB process—Responsible for performing the best-path calculation of routes (receives partial best paths from the speaker). The best route is installed into the bRIB and is advertised back to all speakers. See the BGP Best Path Algorithm, on page 28 for information on best-path calculation. The bRIB process is also responsible for installing routes in the RIB, and for handling routes redistributed from the RIB. To accommodate route leaking from one RIB to another, bRIB may register for redistribution from multiple RIB routes into a single route in the bRIB process. There is a single instance of this process for each address family. • BGP speaker process—Responsible for handling all BGP connections to peers. The speaker stores received paths in the RIB and performs a partial best-path calculation, advertising the partial best paths to the bRIB (limited best-path calculation). Speakers perform a limited best-path calculation because to compare Multi Exit Discriminators (MEDs), paths need to be compared from the same AS but may not be received on the same speaker. Because BGP speakers do not have access to the entire BGP local RIB, BGP speakers can perform only a limited best-path calculation. (These are Step 1 through Step 7 in the BGP Best Path Algorithm, on page 28.) Only the best paths are advertised to the bRIB to reduce speaker/bRIB interprocess communications (IPC) and to reduce the number of paths to be processed in the bRIB. BGP speakers can only mark a path as active only after learning the result of the full best-path calculation from the bRIB. Neighbor import and export policies are imposed by the speaker. If the bgp bestpath med always command is enabled, complete best-path calculation happens inside speaker process. When the bgp bestpath med always command is not enabled,speakers calculate partial best paths only (performs the best-path steps up to the MED comparison) and send them to bRIB. bRIB calculatesthe final best path (performs all the stepsin the best-path calculation).When the bgp bestpath med always command is enabled, speakers can compare the MED across all ASs, allowing the speaker to calculate a single best path to send it to bRIB. bRIB is the ultimate process that calculates the final best path, but when the bgp bestpath med always command is enabled, the speakers send a single best path instead of potentially sending multiple partial best paths. There are multiple instances of this process in which each instance is responsible for a subset of BGP peer connections. Up to a total 15 speakers for all address families and one bRIB for each address family (IPv4, IPv6, and VPNv4) are supported. Distributed BGP is used to reduce the impact that a fault in one address family has on another address family. For example, you can have one speaker with only IPv6 neighbors (peering to IPv6 addresses) and a separate speaker with only IPv4 neighbors (peering to IPv4 addresses), and yet another speaker with only VPNv4 provider edge (PE) or customer edge (CE) neighbors (peering to IPv4 addresses distinct from the non-VPN neighbors). In this scenario, there is no overlap in processes (bgp, brib, and rib) between IPv4, IPv6, and VPNv4. Therefore, a bgp, brib, or rib process crash affects only one address family. Distributed BGP also allows more CPU capacity for receiving, computing, and sending BGP routing updates. When in distributed BGP mode, you can control the number of distributed speakers that are enabled, as well as which neighbors are assigned to each speaker. If no distributed speakers are enabled, BGP operates in standalone mode. If at least one distributed speaker is enabled, BGP operates in distributed mode. MPLS VPN Carrier Supporting Carrier Carrier supporting carrier (CSC) is a term used to describe a situation in which one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 41 Implementing BGP on Cisco ASR 9000 Series Router MPLS VPN Carrier Supporting CarrierA backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN services. The customer carrier can be either: • An Internet service provider (ISP) (By definition, an ISP does not provide VPN service.) • A BGP/MPLS VPN service provider You can configure a CSC network to enable BGP to transport routes and MPLS labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths. The benefits of using BGP to distribute IPv4 routes and MPLS label routes are: • BGP takes the place of an Interior Gateway Protocol (IGP) and Label Distribution Protocol (LDP) in a VPN routing and forwarding (VRF) table. You can use BGP to distribute routes and MPLS labels. Using a single protocol instead of two simplifies the configuration and troubleshooting. • BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs to use BGP. For detailed information on configuring MPLS VPN CSC with BGP, see the Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. BGP Keychains BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does not work. See the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide for information on keychain management. BGP is able to use the keychain to implement hitless key rollover for authentication. Key rolloverspecification is time based, and in the event of clock skew between the peers, the rollover process is impacted. The configurable tolerance specification allows for the accept window to be extended (before and after) by that margin. This accept window facilitates a hitless key rollover for applications (for example, routing and management protocols). The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the endpoints resulting in no common keys for the session traffic (send or accept). BGP Nonstop Routing The Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables all bgp peerings to maintain the BGP state and ensure continuous packet forwarding during events that could interrupt service. Under NSR, events that might potentially interrupt service are not visible to peer routers. Protocolsessions are not interrupted and routing states are maintained across processrestarts and switchovers. BGP NSR provides nonstop routing during the following events: • Route processor switchover • Process crash or process failure of BGP or TCP Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 42 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP KeychainsIn case of process crash or process failure, NSR will be maintained only if nsr process-failures switchover command is configured. In the event of process failures of active instances, the nsr process-failuresswitchover configuresfailover as a recovery action and switches over to a standby route processor (RP) or a standby distributed route processor (DRP) thereby maintaining NSR. The nsr process-failures switchover command maintains both the NSR and BGP sessions in the event of a BGP or TCP process restart. Without configuring the nsr process-failures switchover, restarting the BGP or TCP process causes BGP flap. This is an expected behavior. Note During route processor switchover and In-Service System Upgrade (ISSU), NSR is achieved by stateful switchover (SSO) of both TCP and BGP. NSR does not force any software upgrades on other routers in the network, and peer routers are not required to support NSR. When a route processor switchover occurs due to a fault, the TCP connections and the BGP sessions are migrated transparently to the standby route processor, and the standby route processor becomes active. The existing protocol state is maintained on the standby route processor when it becomes active, and the protocol state does not need to be refreshed by peers. Events such as soft reconfiguration and policy modifications can trigger the BGP internal state to change. To ensure state consistency between active and standby BGP processes during such events, the concept of post-it is introduced that act as synchronization points. BGP NSR provides the following features: • NSR-related alarms and notifications • Configured and operational NSR states are tracked separately • NSR statistics collection • NSR statistics display using show commands • XML schema support • Auditing mechanisms to verify state synchronization between active and standby instances • CLI commands to enable and disable NSR • Support for 5000 NSR sessions BGP Prefix Independent Convergence Unipath Primary/Backup The Border Gateway Protocol Prefix Independent Convergence Unipath (BGP PIC Unipath) primary/backup feature provides the capability to install a backup path into the forwarding table. Installing the backup path provides prefix independent convergence in the event of a primary PE–CE link failure. The primary/backup path provides a mechanism for BGP to determine a backup best path. The backup best path acts as a backup to the overall best path, which is the primary best path. BGP programs both the paths into the Forwarding Information Base (FIB). The procedure to determine the backup best path is as follows: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 43 Implementing BGP on Cisco ASR 9000 Series Router BGP Prefix Independent Convergence Unipath Primary/Backup1 Determine the best path from the entire set of paths available for a prefix. 2 Eliminate the current best path. 3 Eliminate all the paths that have the same next hop as that of the current best path. 4 Rerun the best path algorithm on the remaining set of paths to determine the backup best path. The PE-CE local convergence is in the order of four to five seconds for 10000 prefixes. Installing a backup path on the linecards, so that the Forwarding Information Base (FIB) can immediately switch to an alternate path, in the event of a primary PE-CE link failure reduces the convergence time. In the case of primary PE-CE link failure, the FIB starts forwarding the received traffic towards the backup PE. FIB will continue forwarding the received traffic towards the backup PE for the duration of the network convergence. Since the approach of using a backup path is independent to the prefixes, Prefix Independent Convergence Unipath functionality provides a prefix independent sub second convergence. The additional-paths selection command installs the backup path in the Forwarding Information Base (FIB) to enable primary backup path. BGP Local Label Retention When a primary PE-CE link fails, BGP withdraws the route corresponding to the primary path along with its local label and programsthe backup path in the Routing Information Base (RIB) and the Forwarding Information Base (FIB), by default. However, until all the internal peers of the primary PE reconverge to use the backup path as the new bestpath, the traffic continues to be forwarded to the primary PE with the local label that was allocated for the primary path. Hence the previously allocated local label for the primary path must be retained on the primary PE for some configurable time after the reconvergence. BGP Local Label Retention feature enables the retention of the local label for a specified period. If no time is specified, the local lable is retained for a default value of five minutes. The retain local-label command enables the retention of the local label until the network is converged. Command Line Interface (CLI) Consistency for BGP Commands From Cisco IOS XR Release 3.9.0 onwards, the Border Gateway Protocol (BGP) commands use disable keyword to disable a feature. The keyword inheritance-disable disables the inheritance of the feature properties from the parent level. BGP Additional Paths The Border Gateway Protocol (BGP) Additional Paths feature modifies the BGP protocol machinery for a BGP speaker to be able to send multiple paths for a prefix. This gives 'path diversity' in the network. The add path enables BGP prefix independent convergence (PIC) at the edge routers. BGP add path enables add path advertisement in an iBGP network and advertises the following types of paths for a prefix: • Backup paths—to enable fast convergence and connectivity restoration. • Group-best paths—to resolve route oscillation. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 44 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Local Label Retention• All paths—to emulate an iBGP full-mesh. Add path is not be supported with MDT, tunnel, and L2VPN addressfamilies and eBGP peerings. Note iBGP Multipath Load Sharing When a Border Gateway Protocol (BGP)speaking router that has no local policy configured, receives multiple network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the router. The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the router. When there are multiple border BGP routers having reachability information heard over eBGP, if no local policy is applied, the border routers will choose their eBGP paths as best. They advertise that bestpath inside the ISP network. For a core router, there can be multiple paths to the same destination, but it will select only one path as best and use that path for forwarding. iBGP multipath load sharing adds the ability to enable load sharing among multiple equi-distant paths. Configuring multiple iBGP best paths enables a router to evenly share the traffic destined for a particular site. The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) with a service provider backbone. For multiple paths to the same destination to be considered as multipaths, the following criteria must be met: • All attributes must be the same. The attributes include weight, local preference, autonomous system path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (iGP) distance. • The next hop router for each multipath must be different. Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router will still designate one of the multipaths as the best path and advertise this best path to its neighbors. Accumulated Interior Gateway Protocol Attribute The Accumulated Interior Gateway Protocol (AiGP)Attribute is an optional non-transitive BGP Path Attribute. The attribute type code for the AiGP Attribute isto be assigned by IANA. The value field of the AiGP Attribute is defined as a set of Type/Length/Value elements (TLVs). The AiGP TLV contains the Accumulated IGP Metric. The AiGP feature is required in the 3107 network to simulate the current OSPF behavior of computing the distance associated with a path. OSPF/LDP carries the prefix/label information only in the local area. Then, BGP carries the prefix/lable to all the remote areas by redistributing the routes into BGP at area boundaries. The routes/labels are then advertised using LSPs. The next hop for the route is changed at each ABR to local router which removes the need to leak OSPF routes across area boundaries. The bandwidth available on each Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 45 Implementing BGP on Cisco ASR 9000 Series Router iBGP Multipath Load Sharingof the core links is mapped to OSPF cost, hence it is imperative that BGP carries this cost correctly between each of the PEs. This functionality is achieved by using the AiGP. Per VRF and Per CE Label for IPv6 Provider Edge The per VRF and per CE label for IPv6 feature makes it possible to save label space by allocating labels per default VRF or per CE nexthop. All IPv6 Provider Edge (6PE) labels are allocated per prefix by default. Each prefix that belongs to a VRF instance is advertised with a single label, causing an additional lookup to be performed in the VRF forwarding table to determine the customer edge (CE) next hop for the packet. However, use the label-allocation-mode command with the per-ce keyword or the per-vrf keyword to avoid the additional lookup on the PE router and conserve label space. Use per-ce keyword to specify that the same label be used for all the routes advertised from a unique customer edge (CE) peer router. Use the per-vrf keyword to specify that the same label be used for all the routes advertised from a unique VRF. IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received from, different peers. Policy accounting is enabled on an individual input or output interface basis. Counters based on parameters such as community list, autonomous system number, or autonomous system path are assigned to identify the IP traffic. Using BGP policy accounting, you can account for traffic according to the route it traverses. Service providers can identify and account for all traffic by customer and bill accordingly. For more information on BGP policy accounting and how to configure BGP policy accounting, refer the Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 Cisco ASR 9000's A9K-SIP-700 provides complete Internet Protocol Version 6 (IPv6) unicast capability. An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast address is delivered to the interface identified by that address. Cisco IOS XR software supports the following IPv6 unicast address types: • Global aggregatable address • Site-local address • Link-local address • IPv4-compatible IPv6 address For more information on IPv6 unicase addressing, refer the Implementing Network Stack IPv4 and IPv6 module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 46 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Per VRF and Per CE Label for IPv6 Provider EdgeIPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 Unicast IPv6 Reverse Path Forwarding (uRPF) mitigates problems caused by the introduction of malformed orspoofed IP source addressesinto a network by discarding IP packetsthat lack a verifiable IP source address. Unicast RPF does this by doing a reverse lookup in the Cisco Express Forwarding (CEF) table. Therefore, uRPF is possible only if CEF is enabled on the router. Use the ipv6 verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping] command in interface configuration mode to enable IPV6 uRPF. For more information on IPv6 uRPF, refer Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference Remove and Replace Private AS Numbers from AS Path in BGP Private autonomous system numbers (ASNs) are used by Internet Service Providers (ISPs) and customer networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the global Internet. Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path calculationsrequire unique AS numbers. Therefore, it might be necessary to remove private AS numbersfrom an AS path before the routes are propagated to a BGP peer. External BGP (eBGP) requires that globally unique AS numbers be used when routing to the global Internet. Using private AS numbers (which are not unique) would prevent access to the global Internet. The remove and replace private AS Numbers from AS Path in BGP feature allows routers that belong to a private AS to accessthe global Internet. A network administrator configuresthe routersto remove private AS numbersfrom the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN of the local router, so that the AS Path length remains unchanged. The ability to remove and replace private AS numbers from the AS Path is implemented in the following ways: • The remove-private-as command removes private AS numbers from the AS path even if the path contains both public and private ASNs. • The remove-private-as command removes private AS numbers even if the AS path contains only private AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP peers only, in which case the AS number of the local router is appended to the AS path. • The remove-private-as command removes private AS numbers even if the private ASNs appear before the confederation segments in the AS path. • The replace-as command replaces the private AS numbers being removed from the path with the local AS number, thereby retaining the same AS path length. The feature can be applied to neighbors per address family (address family configuration mode). Therefore, you can apply the feature for a neighbor in one address family and not on another, affecting update messages on the outbound side for only the address family for which the feature is configured. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 47 Implementing BGP on Cisco ASR 9000 Series Router IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700Use show bgp neighbors and show bgp update-group commands to verify that the that private AS numbers were removed or replaced. Selective VRF Download Selective VRF Download (SVD) feature is a solution to download only those prefixes and labels to a line card that are actively required to forward traffic through that line card. To meet the demand for a consolidated edge MSE platform, the number of VRFs, VRF interfaces, and prefix capacity increases. Convergence timings are different in different line card engines. One of the major factors that determine convergence timing is the time taken to process and program a prefix and its associated data structures. Hence, less number of prefixes and labels ensure better convergence timing. SVD reducesscalability and convergence problems in L3VPNs by enabling selective download of VRF routes to both Engine-3 (E3) and Engine-5 (E5) Linecards. SVD is enabled by default on the line cards. Use selective-vrf-download disable command to disable SVD. Use show svd role and show svd state commands to display the role and state information of SVD on the line cards. For more information on Selective VRF Download, see Cisco white paper, Selective Virtual Routing and Forwarding Table Download: A solution to increase Layer3 VPN scale at this URL http://www.cisco.com/ en/US/technologies/collateral/tk648/tk365/white_paper_c11-681649.html Line Card Roles and Filters In a Selective VRF Download (SVD) context, the line cards have these roles: • Core LC: A line card which has only core facing interfaces (interfaces that connect to other P/PEs • Customer LC: A line card which has one or more customer facing interfaces (interfaces that connect to CEs in different VRFs) The line cards handle these prefixes: • Local Prefix: A prefix that is received from a CE connected to the router in a configured VRF context • Remote Prefix: A prefix received from another PE and is imported to a configured VRF These filters are applicable to each line card type: • A core LC needs all the local prefixes and VRF labels so that the label and/or IP forwarding is set up correctly. • A customer LC needs both the local and remote prefixes for all the VRFs that it is connected to and for any other VRFs that some connected VRF has dependency on (This is based on the import/export RT configuration; VRF ‘A’ may have imported routes from VRF ‘B’, so the imported route in VRF ‘A’ points to a next-hop that is in VRF ‘B’. For route resolution, VRF ‘B’ routes need to be downloaded to each line card that has a VRF ‘A’ interface.) • If a line card is hosting both core facing and customer facing interfaces then it does not need to do any filtering at all. All the tables and all routes will be present on such line cards. These line cards will have a role called “standard”. All RPs and DRPs will have the standard role. • While the IPv4 default table needs to be present an all nodes, to correctly resolve L3VPN routes, if the line card does not have any IPv6 interfaces it can filter out all IPv6 tables and routes. In such a case the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 48 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Selective VRF Downloadline card can be deemed “not interested” in the IPv6 AFI and should behave similar to if IPv6 is not supported by the line card. BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing Border Gateway Protocol demilitarized zone (BGP DMZ) Link Bandwidth for Unequal Cost Recursive Load Balancing provides support for unequal cost load balancing for recursive prefixes on local node using BGP DMZ Link Bandwidth. The unequal load balance is achieved by using the dmz-link-bandwidth command in BGP Neighbor configuration mode and the bandwidth command in Interface configuration mode. BFD Multihop Support for BGP Bi-directional Forwarding Detection Multihop (BFD-MH) support is enabled for BGP. BFD Multihop establishes a BFD session between two addressesthat may span multiple network hops. Cisco IOS XR Software BFD Multihop is based on RFC 5883. For more information on BFD Multihop, refer Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference. BGP Multi-Instance/Multi-AS Support Multi-Instance BGP is support for multiple BGP instances. Each BGP instance is a separate process running on the same or on a different RP/DRP node. The BGP instances do not share any prefix table between them. No need for a common adj-rib-in (bRIB) as is the case with distributed BGP. The BGP instances do not communicate with each other and do not set up peering with each other. Each individual instance can set up peering with another router independently. Multi-AS BGP enables configuring each instance of a multi-instance BGP with a different AS number. Multi-Instance/Multi-AS BGP provides these capabilities: • Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure into a single IOS-XR router. • Mechanism to achieve AF isolation by configuring the different AFs in different BGP instances. • Means to achieve higher session scale by distributing the overall peering sessions between multiple instances. • Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying different BGP tables. • Improved BGP convergence under certain scenarios. • All BGP functionalities including NSR are supported for all the instances. BGP Prefix Origin Validation Based on RPKI A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 49 Implementing BGP on Cisco ASR 9000 Series Router BGP DMZ Link Bandwidth for Unequal Cost Recursive Load BalancingTo help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route) needs to be verified and authorized by the prefix holder. The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running BGP can connect to the RPKI to validate the origin-AS of BGP paths. BGP 3107 PIC Updates for Global Prefixes The BGP 3107 PIC Updates for Global Prefixes feature supports Prefix Independent Convergence (PIC) updates for global IPv4 and IPv6 prefixes in an MPLS VPN provider network. This feature is based on RFC 3107 that describes using BGP to distribute MPLS labels for global IPv4 or IPv6 prefixes. This enables IGP to scale better and also provides PIC updates for fast convergence. RFC 3107 enables routes and labels to be carried in BGP. When BGP is used to distribute a particular route, it can also be used to distribute an MPLS label that is mapped to that route. The label mapping information for a particular route is piggybacked in the same BGP Update message that is used to distribute the route itself. RFC 3107 allows filtering of Next-Hop Loops from OSPF and reduces labels advertised by LDP. This implementation significantly reduces OSPF and LDP database. The 3107 PIC implementation supports the following address-families with additional-path configuration. • address-family ipv4 unicast • address-family ipv6 unicast • address-family vpnv4 unicast • address-family vpnv6 unicast The address-family l2vpn vpls-vpws does not support additional-path. Hence, the l2vpn service that uses address-family l2vpn vpls-vpws does not guarantee PIC convergence time. Note The 3107 PIC implementation supports these Cisco IOS XR features: • PIC Edge for 3107 • Traffic Engineering Fast-reroute (TE FRR)—Traffic convergence for core link failure is guaranteed within 50 milliseconds using verbatim tunnel. • L2VPN Service • L3VPN VPNv4 Service • 6 PE Service • 6 VPE Service • VPLS Service BGP 3107 PIC Updates for Global Prefixes implementation uses a shared recursive Load Info (RLDI) forwarding object in place of a Light-Weight recursive (LW-RLDI) object. The RLDI is shared between Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 50 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP 3107 PIC Updates for Global Prefixesmultiple leaves, while the LW-RLDI is instantiated per leaf. Sharing helps in handling PIC updates since it will be prefix independent. BGP Prefix Independent Convergence for RIB and FIB BGP PIC for RIB and FIB adds support for static recursive as PE-CE and faster backup activation by using fast re-route trigger. The BGP PIC for RIB and FIB feature supports: • FRR-like trigger for faster PE-CE link down detection, to further reduce the convergence time (Fast PIC-edge activation). • PIC-edge for static recursive routes. • BFD single-hop trigger for PIC-Edge without any explicit /32 static route configuration. • Recursive PIC activation at third level and beyond, on failure trigger at the first (IGP) level. • BGP path recursion constraints in FIB to ensure that FIB is in sync with BGP with respect to BGP next-hop resolution. • IPv6 loop-free alternate fast-reroute (LFA FRR) How to Implement BGP on Cisco IOS XR Software Enabling BGP Routing Perform this task to enable BGP routing and establish a BGP routing process. Configuring BGP neighbors is included as part of enabling BGP routing. At least one neighbor and at least one address family must be configured to enable BGP routing. At least one neighbor with both a remote AS and an address family must be configured globally using the address family and remote as commands. Note Before You Begin BGP must be able to obtain a router identifier (for example, a configured loopback address). At least, one address family must be configured in the BGP router configuration and the same address family must also be configured under the neighbor. If the neighbor is configured as an external BGP (eBGP) peer, you must configure an inbound and outbound route policy on the neighbor using the route-policy command. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 51 Implementing BGP on Cisco ASR 9000 Series Router BGP Prefix Independent Convergence for RIB and FIBSUMMARY STEPS 1. configure 2. route-policy route-policy-name 3. end-policy 4. Do one of the following: • end • commit 5. configure 6. router bgp as-number 7. bgp router-id ip-address 8. address-family { ipv4 | ipv6 } unicast 9. exit 10. neighbor ip-address 11. remote-as as-number 12. address-family { ipv4 | ipv6 } unicast 13. route-policy route-policy-name { in | out } 14. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy. route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config)# route-policy Step 2 drop-as-1234 RP/0/RSP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then RP/0/RSP0/CPU0:router(config-rpl)# apply check-communities RP/0/RSP0/CPU0:router(config-rpl)# else RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# endif Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 52 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose (Optional) Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 5 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 6 bgp router-id ip-address Configures the local router with a specified router ID. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24 Step 7 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 53 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 8 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 9 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 10 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 11 Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 12 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). (Optional) Applies the specified policy to inbound IPv4 unicast routes. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in Step 13 Step 14 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 54 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP RoutingCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring a Routing Domain Confederation for BGP Perform this task to configure the routing domain confederation for BGP. This includes specifying a confederation identifier and autonomous systems that belong to the confederation. Configuring a routing domain confederation reducesthe internal BGP (iBGP) mesh by dividing an autonomous system into multiple autonomous systems and grouping them into a single confederation. Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation. The confederation maintains the next hop and local preference information, and that allows you to retain a single Interior Gateway Protocol (IGP) for all autonomous systems. To the outside world, the confederation looks like a single autonomous system. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp confederation identifier as-number 4. bgp confederation peers as-number 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 55 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Routing Domain Confederation for BGPCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router# router bgp 120 Step 2 bgp confederation identifier as-number Specifies a BGP confederation identifier. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation identifier 5 Step 3 Specifies that the BGP autonomous systems belong to a specified BGP confederation identifier. You can associate multiple AS bgp confederation peers as-number Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp Step 4 numbers to the same confederation identifier, as shown in the example. confederation peers 1091 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1092 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1093 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1094 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1095 RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 1096 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 56 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Routing Domain Confederation for BGPCommand or Action Purpose Resetting an eBGP Session Immediately Upon Link Failure By default, if a link goes down, all BGP sessions of any directly adjacent external peers are immediately reset. Use the bgp fast-external-fallover disable command to disable automatic resetting. Turn the automatic reset back on using the no bgp fast-external-fallover disable command. eBGP sessions flap when the node reaches 3500 eBGP sessions with BGP timer values set as 10 and 30. To support more than 3500 eBGP sessions, increase the packet rate by using the lpts pifib hardware police location location-id command. Following is a sample configuration to increase the eBGP sessions: RP/0/RSP0/CPU0:router#configure RP/0/RSP0/CPU0:router(config)#lpts pifib hardware police location 0/2/CPU0 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp configured rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp known rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp default rate 4000 RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#commit Logging Neighbor Changes Logging neighbor changes is enabled by default. Use the log neighbor changes disable command to turn off logging. The no log neighbor changes disable command can also be used to turn logging back on if it has been disabled. Adjusting BGP Timers Perform this task to set the timers for BGP neighbors. BGP uses certain timers to control periodic activities, such as the sending of keepalive messages and the interval after which a neighbor is assumed to be down if no messages are received from the neighbor during the interval. The values set using the timers bgp command in router configuration mode can be overridden on particular neighbors using the timers command in the neighbor configuration mode. SUMMARY STEPS 1. configure 2. router bgp as-number 3. timers bgp keepalive hold-time 4. neighbor ip-address 5. timers keepalive hold-time 6. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 57 Implementing BGP on Cisco ASR 9000 Series Router Resetting an eBGP Session Immediately Upon Link FailureDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 123 Step 2 timers bgp keepalive hold-time Sets a default keepalive time and a default hold time for all neighbors. Example: RP/0/RSP0/CPU0:router(config-bgp)# timers bgp 30 90 Step 3 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 4 (Optional) Sets the keepalive timer and the hold-time timer for the BGP neighbor. timers keepalive hold-time Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 60 220 Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 58 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Adjusting BGP TimersCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Changing the BGP Default Local Preference Value Perform this task to set the default local preference value for BGP paths. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp default local-preference value 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 59 Implementing BGP on Cisco ASR 9000 Series Router Changing the BGP Default Local Preference ValueCommand or Action Purpose Sets the default local preference value from the default of 100, making it either a more preferable path (over 100) or less preferable path (under 100). bgp default local-preference value Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp default local-preference 200 Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the MED Metric for BGP Perform this task to set the multi exit discriminator (MED) to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 60 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the MED Metric for BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. default-metric value 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Sets the default metric, which is used to set the MED to advertise to peers for routes that do not already have a metric set (routes that were received with no MED attribute). default-metric value Example: RP/0/RSP0/CPU0:router(config-bgp)# default metric 10 Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:routerr(config-bgp)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 61 Implementing BGP on Cisco ASR 9000 Series Router Configuring the MED Metric for BGPCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Weights Perform this task to assign a weight to routes received from a neighbor. A weight is a number that you can assign to a path so that you can control the best-path selection process. If you have particular neighbors that you want to prefer for most of your traffic, you can use the weight command to assign a higher weight to all routes learned from that neighbor. Before You Begin Note The clear bgp command must be used for the newly configured weight to take effect. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family { ipv4 | ipv6 } unicast 6. weight weight-value 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 62 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP WeightsCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 Specifies either the IPv4 or IPv6 addressfamily and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). weight weight-value Assigns a weight to all routes learned through the neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 41150 Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 63 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP WeightsCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Tuning the BGP Best-Path Calculation Perform this task to change the default BGP best-path calculation behavior. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp bestpath med missing-as-worst 4. bgp bestpath med always 5. bgp bestpath med confed 6. bgp bestpath as-path ignore 7. bgp bestpath compare-routerid 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 126 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 64 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Tuning the BGP Best-Path CalculationCommand or Action Purpose Directs the BGP software to consider a missing MED attribute in a path as having a value of infinity, making this path the least desirable path. bgp bestpath med missing-as-worst Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med missing-as-worst Step 3 Configures the BGP speaker in the specified autonomous system to compare MEDs among all the paths for the prefix, regardless of the autonomous system from which the paths are received. bgp bestpath med always Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med always Step 4 Enables BGP software to compare MED valuesfor pathslearned from confederation peers. bgp bestpath med confed Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath med confed Step 5 Configures the BGP software to ignore the autonomous system length when performing best-path selection. bgp bestpath as-path ignore Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath as-path ignore Step 6 Configure the BGP speaker in the autonomous system to compare the router IDs of similar paths. bgp bestpath compare-routerid Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp bestpath compare-routerid Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 65 Implementing BGP on Cisco ASR 9000 Series Router Tuning the BGP Best-Path CalculationCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Indicating BGP Back-door Routes Perform this task to set the administrative distance on an external Border Gateway Protocol (eBGP) route to that of a locally sourced BGP route, causing it to be less preferred than an Interior Gateway Protocol (IGP) route. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. network { ip-address / prefix-length | ip-address mask } backdoor 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 66 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Indicating BGP Back-door RoutesCommand or Action Purpose Configures the local router to originate and advertise the specified network. network { ip-address / prefix-length | ip-address mask } backdoor Example: RP/0/RSP0/CPU0:router(config-bgp-af)# network 172.20.0.0/16 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Aggregate Addresses Perform this task to create aggregate entries in a BGP routing table. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 67 Implementing BGP on Cisco ASR 9000 Series Router Configuring Aggregate AddressesSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 addressfamily and enters addressfamily configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-af)# aggregate-address 10.0.0.0/8 as-set • The as-set keyword generates autonomous system set path information and community information from contributing paths. • The as-confed-set keyword generates autonomous system confederation set path information from contributing paths. • The summary-only keyword filters all more specific routes from updates. • The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 68 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Aggregate AddressesCommand or Action Purpose Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing iBGP Routes into IGP Perform this task to redistribute iBGP routes into an Interior Gateway Protocol (IGP), such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF). Use of the bgp redistribute-internal command requires the clear route * command to be issued to reinstall all BGP routes into the IP routing table. Note Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use this command with caution. Caution Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 69 Implementing BGP on Cisco ASR 9000 Series Router Redistributing iBGP Routes into IGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp redistribute-internal 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Allows the redistribution of iBGP routes into an IGP, such as IS-IS or OSPF. bgp redistribute-internal Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp redistribute-internal Step 3 Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 70 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Redistributing iBGP Routes into IGPCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing Prefixes into Multiprotocol BGP Perform this task to redistribute prefixes from another protocol into multiprotocol BGP. Redistribution is the process of injecting prefixes from one routing protocol into another routing protocol. This task shows how to inject prefixes from another routing protocol into multiprotocol BGP. Specifically, prefixes that are redistributed into multiprotocol BGP using the redistribute command are injected into the unicast database, the multicast database, or both. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] 5. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 71 Implementing BGP on Cisco ASR 9000 Series Router Redistributing Prefixes into Multiprotocol BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Causesroutesfrom the specified instance to be redistributed into BGP. Step 4 Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# redistribute ospf 110 Step 5 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 72 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Redistributing Prefixes into Multiprotocol BGPCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Route Dampening Perform this task to configure and monitor BGP route dampening. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 73 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] 5. Do one of the following: • end • commit 6. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics 7. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression 8. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy route-policy-name 9. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask | /prefix-length }} 10. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length } [ longer-prefixes ]]} 11. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics 12. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression 13. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name 14. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length 15. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length 16. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 74 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Dampening17. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either the IPv4 or IPv6 address family and enters addressfamily configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures BGP dampening for the specified address family. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end them before exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 75 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap statistics. ipv6 unicast | all { unicast | multicast | all | labeled-unicast } Step 6 | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics Example: RP/0/RSP0/CPU0:router# show bgp flap statistics Displays BGP flap statistics for all paths that match the regular expression. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { Step 7 unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics regexp _1$ Displays BGP flap statistics for the specified route policy. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name Step 8 | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config)# show bgp flap-statistics route-policy policy_A show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap for the specified prefix. ipv6 unicast | labeled all { unicast | multicast | all | Step 9 labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask | /prefix-length }} Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 76 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose Displays BGP flap statistics for more specific entries for the specified IP address. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 { Step 10 unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length } [ longer-prefixes ]]} Example: RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1 longer-prefixes clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | Clears BGP flap statistics for all routes. ipv6 unicast | all { unicast | multicast | all | labeled-unicast Step 11 } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | labeled-unicast } | ipv6 unicast } } flap-statistics Example: RP/0/RSP0/CPU0:router# clear bgp all all flap-statistics Clears BGP flap statisticsfor all pathsthat match the specified regular expression. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { Step 12 unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics regexp _1$ Clears BGP flap statistics for the specified route policy. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 13 labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics route-policy policy_A Clears BGP flap statistics for the specified network. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 14 labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics 192.168.40.0/24 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 77 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route DampeningCommand or Action Purpose Clears BGP flap statistics for routes received from the specified neighbor. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Step 15 labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics 172.20.1.1 Displaysthe dampened routes, including the time remaining before they are unsuppressed. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all { unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name Step 16 | all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths Example: RP/0/RSP0/CPU0:router# show bgp dampened paths Clears route dampening information and unsuppresses the suppressed routes. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast | multicast | all | labeled-unicast } Step 17 | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast | Always use the clear bgp dampening command for an individual address-family. The all option for address-families with clear bgp dampening should never be used during normal functioning of the system. For example, use clear bgp ipv4 unicast dampening prefix x.x.x./y Caution labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ] Example: RP/0/RSP0/CPU0:router# clear bgp dampening Applying Policy When Updating the Routing Table Perform this task to apply a routing policy to routes being installed into the routing table. Before You Begin See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes and operations that are valid for table policy filtering. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 78 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Applying Policy When Updating the Routing TableSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. table-policy policy-name 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120.6 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Applies the specified policy to routes being installed into the routing table. table-policy policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)# table-policy tbl-plcy-A Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end exiting(yes/no/cancel)?[cancel]: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 79 Implementing BGP on Cisco ASR 9000 Series Router Applying Policy When Updating the Routing TableCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Setting BGP Administrative Distance Perform this task to specify the use of administrative distances that can be used to prefer one class of route over another. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. distance bgp external-distance internal-distance local-distance 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 80 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Setting BGP Administrative DistanceCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Sets the external, internal, and local administrative distances to prefer one class of routes over another. The higher the value, the lower the trust rating. distance bgp external-distance internal-distance local-distance Example: RP/0/RSP0/CPU0:router(config-bgp-af)# distance bgp 20 20 200 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 81 Implementing BGP on Cisco ASR 9000 Series Router Setting BGP Administrative DistanceConfiguring a BGP Neighbor Group and Neighbors Perform thistask to configure BGP neighbor groups and apply the neighbor group configuration to a neighbor. A neighbor group is a template that holds address family-independent and address family-dependent configurations associated with the neighbor. After a neighbor group is configured, each neighbor can inherit the configuration through the use command. If a neighbor is configured to use a neighbor group, the neighbor (by default) inherits the entire configuration of the neighbor group, which includes the address family-independent and address family-dependent configurations. The inherited configuration can be overridden if you directly configure commands for the neighbor or configure session groups or address family groups through the use command. You can configure an address family-independent configuration under the neighbor group. An address family-dependent configuration requires you to configure the address family under the neighbor group to enter address family submode. From neighbor group configuration mode, you can configure address family-independent parameters for the neighbor group. Use the address-family command when in the neighbor group configuration mode. After specifying the neighbor group name using the neighbor group command, you can assign options to the neighbor group. Note All commandsthat can be configured under a specified neighbor group can be configured under a neighbor. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. exit 5. neighbor-group name 6. remote-as as-number 7. address-family { ipv4 | ipv6 } unicast 8. route-policy route-policy-name { in | out } 9. exit 10. exit 11. neighbor ip-address 12. use neighbor-group group-name 13. remote-as as-number 14. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 82 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 4 neighbor-group name Places the router in neighbor group configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbr-grp-A Step 5 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 2002 Step 6 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 7 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). (Optional) Applies the specified policy to inbound IPv4 unicast routes. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy drop-as-1234 in Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 83 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit Step 9 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit Step 10 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 11 (Optional) Specifies that the BGP neighbor inherit configuration from the specified neighbor group. use neighbor-group group-name Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group nbr-grp-A Step 12 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 13 Step 14 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 84 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring a Route Reflector for BGP Perform this task to configure a route reflector for BGP. All the neighbors configured with the route-reflector-clientcommand are members of the client group, and the remaining iBGP peers are members of the nonclient group for the local route reflector. Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector. In such instances, the cluster is identified by the software as the router ID of the route reflector. To increase redundancy and avoid a single point of failure in the network, a cluster can have more than one route reflector. If it does, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. The bgp cluster-id command is used to configure the cluster ID when the cluster has more than one route reflector. SUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp cluster-id cluster-id 4. neighbor ip-address 5. remote-as as-number 6. address-family { ipv4 | ipv6 } unicast 7. route-reflector-client 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 85 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Route Reflector for BGPCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Configures the local router as one of the route reflectors serving the cluster. It is configured with a specified cluster ID to identify the cluster. bgp cluster-id cluster-id Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp cluster-id 192.168.70.1 Step 3 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor Step 4 172.168.40.24 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2003 Step 5 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the router as a BGP route reflector and configures the neighbor as its client. route-reflector-client Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 86 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a Route Reflector for BGPCommand or Action Purpose ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Route Filtering by Route Policy Perform this task to configure BGP routing filtering by route policy. Before You Begin See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes and operations that are valid for inbound and outbound neighbor policy filtering. SUMMARY STEPS 1. configure 2. route-policy name 3. end-policy 4. router bgp as-number 5. neighbor ip-address 6. address-family { ipv4 | ipv6 } unicast 7. route-policy route-policy-name { in | out } 8. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 87 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Filtering by Route PolicyDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 (Optional) Creates a route policy and enters route policy configuration mode, where you can define the route policy. route-policy name Example: RP/0/RSP0/CPU0:router(config)# route-policy Step 2 drop-as-1234 RP/0/RSP0/CPU0:router(config-rpl)# if as-path passes-through '1234' then RP/0/RSP0/CPU0:router(config-rpl)# apply check-communities RP/0/RSP0/CPU0:router(config-rpl)# else RP/0/RSP0/CPU0:router(config-rpl)# pass RP/0/RSP0/CPU0:router(config-rpl)# endif (Optional) Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 3 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 4 Placesthe router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 5 Specifies either an IPv4 or IPv6 addressfamily unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). route-policy route-policy-name { in | out } Applies the specified policy to inbound routes. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy drop-as-1234 in Step 7 Step 8 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 88 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Route Filtering by Route PolicyCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP Next-Hop Trigger Delay Perform this task to configure BGP next-hop trigger delay. The Routing Information Base (RIB) classifies the dampening notifications based on the severity of the changes. Event notifications are classified as critical and noncritical. This task allows you to specify the minimum batching interval for the critical and noncritical events. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. nexthop trigger-delay { critical delay | non-critical delay } 5. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 89 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Next-Hop Trigger DelayDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). nexthop trigger-delay { critical delay | Sets the critical next-hop trigger delay. non-critical delay } Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-af)# nexthop trigger-delay critical 15000 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 90 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Next-Hop Trigger DelayCommand or Action Purpose Disabling Next-Hop Processing on BGP Updates Perform this task to disable next-hop calculation for a neighbor and insert your own address in the next-hop field of BGP updates. Disabling the calculation of the best next hop to use when advertising a route causes all routes to be advertised with the network device as the next hop. Note Next-hop processing can be disabled for addressfamily group, neighbor group, or neighbor addressfamily. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family { ipv4 | ipv6 } unicast 6. next-hop-self 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 91 Implementing BGP on Cisco ASR 9000 Series Router Disabling Next-Hop Processing on BGP UpdatesCommand or Action Purpose Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 206 Step 4 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Sets the next-hop attribute for all routes advertised to the specified neighbor to the address of the local router. Disabling the calculation next-hop-self Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-self Step 6 of the best next hop to use when advertising a route causes all routes to be advertised with the local network device as the next hop. Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 92 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Disabling Next-Hop Processing on BGP UpdatesConfiguring BGP Community and Extended-Community Advertisements Perform this task to specify that community/extended-community attributes should be sent to an eBGP neighbor. These attributes are not sent to an eBGP neighbor by default. By contrast, they are always sent to iBGP neighbors. This section provides examples on how to enable sending community attributes. The send-community-ebgp keyword can be replaced by the send-extended-community-ebgp keyword to enable sending extended-communities. If the send-community-ebgp command is configured for a neighbor group or address family group, all neighbors using the group inherit the configuration. Configuring the command specifically for a neighbor overrides inherited values. BGP community and extended-community filtering cannot be configured for iBGP neighbors. Communities and extended-communities are alwayssent to iBGP neighbors under IPv4, IPv6, VPNv4, and MDT address families. Note SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6 {labeled-unicast | mvpn | unicast}} 6. Use one of these commands: • send-community-ebgp • send-extended-community-ebgp 7. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 93 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 Enters neighbor address family configuration mode for the specified address family. Use either ipv4 or ipv6 address family keyword with one of the specified address family sub mode identifiers. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6 {labeled-unicast | mvpn | unicast}} Step 5 Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv6 unicast IPv6 address family mode supports these sub modes: • labeled-unicast • mvpn • unicast IPv4 address family mode supports these sub modes: • labeled-unicast • mdt • multicast • mvpn • tunnel • unicast Refer the address-family (BGP) command in BGP Commands module of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for more information on the Address Family Submode support. Specifies that the router send community attributes or extended community attributes (which are disabled by default for eBGP neighbors) to a specified eBGP neighbor. Step 6 Use one of these commands: • send-community-ebgp • send-extended-community-ebgp Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 94 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# send-community-ebgp or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# send-extended-community-ebgp Step 7 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the BGP Cost Community Perform this task to configure the BGP cost community. BGP receives multiple paths to the same destination and it uses the best-path algorithm to decide which is the best path to install in RIB. To enable users to determine an exit point after partial comparison, the cost community is defined to tie-break equal paths during the best-path selection process. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 95 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunitySUMMARY STEPS 1. configure 2. route-policy name 3. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ] 4. end-policy 5. router bgp as-number 6. Do one of the following: • default-information originate • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [summary-only ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] 7. Do one of the following: • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute static [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ] • neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast } • route-policy route-policy-name { in | out } 8. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 96 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost Community9. show bgp [ vrf vrf-name ] ip-address DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters route policy configuration mode and specifies the name of the route policy to be configured. route-policy name Example: RP/0/RSP0/CPU0:router(config)# route-policy costA Step 2 Specifiesthe BGP extended community attribute for cost. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ] Example: RP/0/RSP0/CPU0:router(config)# set extcommunity cost cost_A Step 3 Ends the definition of a route policy and exits route policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config)# end-policy Step 4 Enters BGP configuration mode allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 5 Applies the cost community to the attach point (route policy). Step 6 Do one of the following: • default-information originate • aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute isis process-id Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 97 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunityCommand or Action Purpose [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] Step 7 Do one of the following: • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } redistribute static [ metric metric-value ] [ route-policy route-policy-name ] • address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast } network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ] • neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast } • route-policy route-policy-name { in | out } Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit • commit Example: RP/0/RSP0/CPU0:router(config-bgp-af)# end them before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration or RP/0/RSP0/CPU0:router(config-bgp-af)# commit file, exits the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 98 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring the BGP Cost CommunityCommand or Action Purpose EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Displays the cost community in the following format: show bgp [ vrf vrf-name ] ip-address Example: RP/0/RSP0/CPU0:router# show bgp 172.168.40.24 Step 9 Cost: POI : cost-community-ID : cost-number Configuring Software to Store Updates from a Neighbor Perform this task to configure the software to store updates received from a neighbor. The soft-reconfiguration inbound command causes a route refresh request to be sent to the neighbor if the neighbor is route refresh capable. If the neighbor is not route refresh capable, the neighbor must be reset to relearn received routes using the clear bgp soft command. See the Resetting Neighbors Using BGP Inbound Soft Reset, on page 124. Storing updates from a neighbor works only if either the neighbor is route refresh capable or the soft-reconfiguration inbound command is configured. Even if the neighbor is route refresh capable and the soft-reconfiguration inbound command is configured, the original routes are not stored unless the always option is used with the command. The original routes can be easily retrieved with a route refresh request. Route refresh sends a request to the peer to resend itsrouting information. The soft-reconfiguration inbound command stores all pathsreceived from the peer in an unmodified form and refersto these stored paths during the clear. Soft reconfiguration is memory intensive. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 99 Implementing BGP on Cisco ASR 9000 Series Router Configuring Software to Store Updates from a NeighborSUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. address-family { ipv4 | ipv6 } unicast 5. soft-reconfiguration inbound [ always] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 4 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the software to store updates received from a specified neighbor. Soft reconfiguration inbound causes the software to store soft-reconfiguration inbound [ always] Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# soft-reconfiguration inbound always Step 5 the original unmodified route in addition to a route that is modified or filtered. This allows a “soft clear” to be performed after the inbound policy is changed. Soft reconfiguration enables the software to store the incoming updates before apply policy if route refresh is not supported by the peer (otherwise a copy of the update is not stored). The always Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 100 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Software to Store Updates from a NeighborCommand or Action Purpose keyword forcesthe software to store a copy even when route refresh is supported by the peer. Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Distributed BGP Perform this task to configure distributed BGP. Configuring distributed BGP includes starting the speaker process and allocating the speaker process to a neighbor. Before You Begin If BGP is running in standalone mode, the clear bgp current-mode or clear bgp vrf all * command must be used to switch from standalone mode to distributed mode. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 101 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. distributed speaker id 4. commit 5. address-family { ipv4 | ipv6 } unicast 6. exit 7. neighbor ip-address 8. remote-as as-number 9. speaker-id id 10. address-family { ipv4 | ipv6 } unicast 11. end 12. clear bgp current-mode DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 distributed speaker id Specifies the speaker process to start. Example: RP/0/RSP0/CPU0:router(config-bgp)# distributed speaker 2 Step 3 Saves the configuration changes to the running configuration file and remains within the configuration session. commit Example: RP/0/RSP0/CPU0:router(config-bgp)# commit Step 4 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 5 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 102 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPCommand or Action Purpose exit Exits address family mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 6 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 7 Creates a neighbor and assigns a remote autonomous system number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 8 speaker-id id Allocates a neighbor to a specified speaker process. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# speaker-id 2 Step 9 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 10 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 11 end Saves configuration changes. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 103 Implementing BGP on Cisco ASR 9000 Series Router Configuring Distributed BGPCommand or Action Purpose clear bgp current-mode Switches from standalone mode to distributed mode. Example: RP/0/RSP0/CPU0:router# clear bgp current-mode Step 12 Configuring a VPN Routing and Forwarding Instance in BGP Layer 2 and Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3 VPN license for the line card slot on which the feature is being configured. If the advanced IP license is enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be configured on an interface. If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured on the line card. See the Software Entitlement on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide for more information on advanced IP licencing. The following error message appears if the appropriate licence is not enabled: RP/0/RSP0/CPU0:router#LC/0/0/CPU0:Dec 15 17:57:53.653 : rsi_agent[247]: %LICENSE-ASR9K_LICENSE-2-INFRA_VRF_NEEDED : 5 VRF(s) are configured without license A9K-iVRF-LIC in violation of the Software Right To Use Agreement. This feature may be disabled by the system without the appropriate license. Contact Cisco to purchase the license immediately to avoid potential service interruption. The following tasks are used to configure a VPN routing and forwarding (VRF) instance in BGP: Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers Perform this task to define the VPN routing and forwarding (VRF) tables in the provider edge (PE) routers. SUMMARY STEPS 1. configure 2. vrf vrf-name 3. address-family { ipv4 | ipv6 } unicast 4. maximum prefix maximum [ threshold ] 5. import route-policy policy-name 6. import route-target [ as-number : nn | ip-address : nn ] 7. export route-policy policy-name 8. export route-target [ as-number : nn | ip-address : nn ] 9. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 104 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config)# vrf vrf_pe Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Step 4 maximum prefix maximum [ threshold ] Configures a limit to the number of prefixes allowed in a VRF table. Example: RP/0/RSP0/CPU0:router(config-vrf-af)# maximum prefix 2300 A maximum number of routes is applicable only to dynamic routing protocols and not to static or connected routes. You can specify a threshold percentage of the prefix limit using the mid-threshold argument. (Optional) Provides finer control over what gets imported into a VRF. This import filter discards prefixes that do not match the specified policy-name argument. import route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-policy policy_a Step 5 Specifies a list of route target (RT) extended communities. Only prefixes that are associated with the specified import route target extended communities are imported into the VRF. import route-target [ as-number : nn | ip-address : nn ] Example: RP/0/RSP0/CPU0:router(config-vrf-af)# import route-target 234:222 Step 6 (Optional) Provides finer control over what gets exported into a VRF. This export filter discards prefixes that do not match the specified policy-name argument. export route-policy policy-name Example: RP/0/RSP0/CPU0:router(config-vrf-af)# export route-policy policy_b Step 7 Specifies a list of route target extended communities. Export route target communities are associated with prefixes when they are export route-target [ as-number : nn | ip-address : nn ] Step 8 advertised to remote PEs. The remote PEs import them into VRFs Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 105 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Example: RP/0/RSP0/CPU0:routerr(config-vrf-af)# export route-target 123;234 which have import RTs that match these exported route target communities. Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-vrf-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring the Route Distinguisher The route distinguisher (RD) makes prefixes unique across multiple VPN routing and forwarding (VRF) instances. In the L3VPN multipath same route distinguisher (RD)environment, the determination of whether to install a prefix in RIB or not is based on the prefix's bestpath. In a rare misconfiguration situation, where the best pah is not a valid path to be installed in RIB, BGP drops the prefix and does not consider the other paths. The behavior is different for different RD setup, where the non-best multipath will be installed if the best multipath is invalid to be installed in RIB. Perform this task to configure the RD. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 106 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. bgp router-id ip-address 4. vrf vrf-name 5. rd { as-number : nn | ip-address : nn | auto } 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters BGP configuration mode allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 bgp router-id ip-address Configures a fixed router ID for the BGP-speaking router. Example: RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 10.0.0.0 Step 3 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe Step 4 Step 5 rd { as-number : nn | ip-address : nn | auto } Configures the route distinguisher. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd 345:567 Use the auto keyword if you want the router to automatically assign a unique RD to the VRF. Automatic assignment of RDs is possible only if a router ID is configured using the bgp router-id command in router configuration mode. This allows you to configure a globally unique router ID that can be used for automatic RD generation. The router ID for the VRF does not need to be globally unique, and using the VRF router ID Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 107 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose would be incorrect for automatic RD generation. Having a single router ID also helpsin checkpointing RD information for BGP graceful restart, because it is expected to be stable across reboots. Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring PE-PE or PE-RR Interior BGP Sessions To enable BGP to carry VPN reachability information between provider edge (PE) routers you must configure the PE-PE interior BGP (iBGP) sessions. A PE uses VPN information carried from the remote PE router to determine VPN connectivity and the label value to be used so the remote (egress) router can demultiplex the packet to the correct VPN during packet forwarding. The PE-PE, PE-route reflector (RR) iBGP sessions are defined to all PE and RR routers that participate in the VPNs configured in the PE router. Perform this task to configure PE-PE iBGP sessions and to configure global VPN options on a PE. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 108 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. exit 5. neighbor ip-address 6. remote-as as-number 7. description text 8. password { clear | encrypted } password 9. shutdown 10. timers keepalive hold-time 11. update-source type interface-id 12. address-family vpnv4 unicast 13. route-policy route-policy-name in 14. route-policy route-policy-name out 15. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 address-family vpnv4 unicast Enters VPN address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpvn4 unicast Step 3 exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# exit Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 109 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose neighbor ip-address Configures a PE iBGP neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.16.1.1 Step 5 remote-as as-number Assigns the neighbor a remote autonomous system number. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1 Step 6 (Optional) Provides a description of the neighbor. The description is used to save comments and does not affect software function. description text Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# description neighbor 172.16.1.1 Step 7 Enables Message Digest 5 (MD5) authentication on the TCP connection between the two BGP neighbors. password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# password encrypted 123abc Step 8 Terminates any active sessions for the specified neighbor and removes all associated routing information. shutdown Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# shutdown Step 9 timers keepalive hold-time Set the timers for the BGP neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 12000 200 Step 10 Allows iBGP sessions to use the primary IP address from a specific interface as the local address when forming an iBGP session with a neighbor. update-source type interface-id Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source gigabitEthernet 0/1/5/0 Step 11 address-family vpnv4 unicast Enters VPN neighbor address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpvn4 unicast Step 12 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 110 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-in in Step 13 Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-out out Step 14 Step 15 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities A provider edge (PE) needsto hold the routesthat match the import route targets(RTs) of the VPNs configured on it. The PE router can discard all other VPNv4 routes. But, a route reflector (RR) must retain all VPNv4 routes, because it might peer with PE routers and different PEs might require different RT-tagged VPNv4 (making RRs non-scalable). You can configure an RR to only hold routes that have a defined set of RT communities. Also, a number of the RRs can be configured to service a differentset of VPNs(thereby achieving some scalability). A PE is then made to peer with all RRs that service the VRFs configured on the PE. When a new VRF is configured with an RT for which the PE does not already hold routes, the PE issues route refreshes to the RRs and retrieves the relevant VPN routes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 111 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPNote that this process can be more efficient if the PE-RR session supports extended community outbound route filter (ORF). Note Perform this task to configure a reflector to retain routes tagged with specific RTs. SUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family vpnv4 unicast 4. retain route-target { all | route-policy route-policy-name } 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 address-family vpnv4 unicast Enters VPN address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpvn4 unicast Step 3 Configures a reflector to retain routes tagged with particular RTs. Use the route-policy-name argument for the policy name that lists retain route-target { all | route-policy route-policy-name } Step 4 the extended communities that a path should have in order for the RR to retain that path. Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain route-target route-policy rr_ext-comm The all keyword is not required, because thisisthe default behavior of a route reflector. Note Step 5 Do one of the following: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 112 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • end • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring BGP as a PE-CE Protocol Perform this task to configure BGP on the PE and establish PE-CE communication using BGP. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 113 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. vrf vrf-name 4. bgp router-id ip-address 5. label-allocation-mode per-ce 6. address-family { ipv4 | ipv6 } unicast 7. network { ip-address / prefix-length | ip-address mask } 8. aggregate-address address / mask-length 9. exit 10. neighbor ip-address 11. remote-as as-number 12. password { clear | encrypted } password 13. ebgp-multihop [ ttl-value ] 14. Do one of the following: • address-family { ipv4 | ipv6 } unicast • address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast} 15. site-of-origin [ as-number : nn | ip-address : nn ] 16. as-override 17. allowas-in [ as-occurrence-number ] 18. route-policy route-policy-name in 19. route-policy route-policy-name out 20. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 114 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose vrf vrf-name Enables BGP routing for a particular VRF on the PE router. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe_2 Step 3 bgp router-id ip-address Configures a fixed router ID for a BGP-speaking router. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# bgp router-id 172.16.9.9 Step 4 Step 5 label-allocation-mode per-ce • Configures the per-CE label allocation mode to avoid an extra lookup on the PE router and conserve labelspace Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce (per-prefix is the default label allocation mode). In this mode, the PE router allocates one label for every immediate next-hop (in most cases, this would be a CE router). This label is directly mapped to the next hop, so there is no VRF route lookup performed during data forwarding. However, the number of labels allocated would be one for each CE rather than one for each VRF. Because BGP knows all the next hops, it assigns a label for each next hop (not for each PE-CE interface). When the outgoing interface is a multiaccess interface and the media access control (MAC) address of the neighbor is not known, Address Resolution Protocol (ARP) is triggered during packet forwarding. • The per-vrf keyword configures the same label to be used for all the routes advertised from a unique VRF. Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 6 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Originates a network prefix in the address family table in the VRF context. network { ip-address / prefix-length | ip-address mask } Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network Step 7 172.16.5.5/24 Configures aggregation in the VRF address family context to summarize routing information to reduce the state maintained aggregate-address address / mask-length Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/24 Step 8 in the core. This summarization introduces some inefficiency in the PE edge, because an additional lookup is required to determine the ultimate next hop for a packet.When configured, Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 115 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose a summary prefix is advertised instead of a set of component prefixes, which are more specifics of the aggregate. The PE advertises only one label for the aggregate. Because component prefixes could have different next hops to CEs, an additional lookup has to be performed during data forwarding. exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Step 9 Configures a CE neighbor. The ip-address argument must be a private address. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Step 10 remote-as as-number Configures the remote AS for the CE neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2 Step 11 Enable Message Digest 5 (MD5) authentication on a TCP connection between two BGP neighbors. password { clear | encrypted } password Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# password encrypted 234xyz Step 12 Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected. ebgp-multihop [ ttl-value ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop 55 Step 13 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. Step 14 Do one of the following: • address-family { ipv4 | ipv6 } unicast To see a list of all the possible keywords and arguments for this command, use the CLI help (?). • address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast} Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 116 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Configures the site-of-origin (SoO) extended community. Routes that are learned from this CE neighbor are tagged with site-of-origin [ as-number : nn | ip-address : nn ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# site-of-origin 234:111 Step 15 the SoO extended community before being advertised to the rest of the PEs. SoO is frequently used to detect loops when as-override is configured on the PE router. If the prefix is looped back to the same site, the PE detects this and does not send the update to the CE. Configures AS override on the PE router. This causes the PE router to replace the CE’s ASN with its own (PE) ASN. as-override Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# as-override Step 16 This loss of information could lead to routing loops; to avoid loops caused by as-override, use it in conjunction with site-of-origin. Note Allows an AS path with the PE autonomous system number (ASN) a specified number of times. allowas-in [ as-occurrence-number ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 5 Step 17 Hub and spoke VPN networks need the looping back of routing information to the HUB PE through the HUB CE. When this happens, due to the presence of the PE ASN, the looped-back information is dropped by the HUB PE. To avoid this, use the allowas-in command to allow prefixes even if they have the PEs ASN up to the specified number of times. Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name in Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pe_ce_in_policy in Step 18 Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes. route-policy route-policy-name out Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pe_ce_out_policy out Step 19 Step 20 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 117 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistribution of IGPs to BGP Perform this task to configure redistribution of a protocol into the VRF address family. Even if Interior Gateway Protocols (IGPs) are used as the PE-CE protocol, the import logic happens through BGP. Therefore, all IGP routes have to be imported into the BGP VRF table. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 118 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS 1. configure 2. router bgp as-number 3. vrf vrf-name 4. address-family { ipv4 | ipv6 } unicast 5. Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 vrf vrf-name Enables BGP routing for a particular VRF on the PE router. Example: RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_a Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 119 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 4 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures redistribution of a protocol into the VRF address family context. Step 5 Do one of the following: • redistribute connected [ metric metric-value ] [ route-policy route-policy-name ] The redistribute command is used if BGP is not used between the PE-CE routers. If BGP is used between PE-CE routers, the • redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [ route-policy route-policy-name ] IGP that is used has to be redistributed into BGP to establish VPN connectivity with other PE sites. Redistribution is also required for inter-table import and export. • redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy route-policy-name ] • redistribute rip [ metric metric-value ] [ route-policy route-policy-name ] • redistribute static [ metric metric-value ] [ route-policy route-policy-name ] Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# redistribute eigrp 23 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 120 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Keychains for BGP Keychains provide secure authentication by supporting different MAC authentication algorithms and provide graceful key rollover. Perform this task to configure keychains for BGP. This task is optional. If a keychain is configured for a neighbor group or a session group, a neighbor using the group inherits the keychain. Values of commands configured specifically for a neighbor override inherited values. Note SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. remote-as as-number 5. keychain name 6. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 121 Implementing BGP on Cisco ASR 9000 Series Router Configuring Keychains for BGPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 Creates a neighbor and assigns a remote autonomoussystem number to it. remote-as as-number Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002 Step 4 keychain name Configures keychain-based authentication. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# keychain kych_a Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 122 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring Keychains for BGPCommand or Action Purpose ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Disabling a BGP Neighbor Perform this task to administratively shut down a neighbor session without removing the configuration. SUMMARY STEPS 1. configure 2. router bgp as-number 3. neighbor ip-address 4. shutdown 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 127 Step 2 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 123 Implementing BGP on Cisco ASR 9000 Series Router Disabling a BGP NeighborCommand or Action Purpose Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 Step 3 shutdown Disables all active sessions for the specified neighbor. Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# shutdown Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Resetting Neighbors Using BGP Inbound Soft Reset Perform this task to trigger an inbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments. Resetting neighbors is useful if you change the inbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates. If an inbound soft reset is triggered, BGP sends a REFRESH request to the neighbor if the neighbor has advertised the ROUTE_REFRESH capability. To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 124 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Inbound Soft ResetSUMMARY STEPS 1. show bgp neighbors 2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ] DETAILED STEPS Command or Action Purpose Verifies that received route refresh capability from the neighbor is enabled. show bgp neighbors Example: RP/0/RSP0/CPU0:router# show bgp neighbors Step 1 clear bgp { ipv4 { unicast | multicast | all | tunnel } Soft resets a BGP neighbor. | ipv6 unicast | all { unicast | multicast | all | tunnel Step 2 • The * keyword resets all BGP neighbors. } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ] • The ip-address argument specifies the address of the neighbor to be reset. Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.1 soft in • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. Resetting Neighbors Using BGP Outbound Soft Reset Perform this task to trigger an outbound soft reset of the specified address families for the specified group or neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments. Resetting neighbors is useful if you change the outbound policy for the neighbors or any other configuration that affects the sending or receiving of routing updates. If an outbound soft reset is triggered, BGP resends all routes for the address family to the given neighbors. To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors command. SUMMARY STEPS 1. show bgp neighbors 2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | ] Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 125 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Outbound Soft ResetDETAILED STEPS Command or Action Purpose Verifies that received route refresh capability from the neighbor is enabled. show bgp neighbors Example: RP/0/RSP0/CPU0:router# show bgp neighbors Step 1 clear bgp { ipv4 { unicast | multicast | all | tunnel } | Soft resets a BGP neighbor. ipv6 unicast | all { unicast | multicast | all | tunnel Step 2 • The * keyword resets all BGP neighbors. } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * | ip-address | as as-number | external } soft [ in [ prefix-filter ] | ] • The ip-address argument specifies the address of the neighbor to be reset. Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.2 soft out • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. Resetting Neighbors Using BGP Hard Reset Perform this task to reset neighbors using a hard reset. A hard reset removes the TCP connection to the neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the session with the neighbor. If the graceful keyword is specified, the routes from the neighbor are not removed from the BGP table immediately, but are marked as stale. After the session is re-established, any stale route that has not been received again from the neighbor is removed. SUMMARY STEPS 1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * | ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ] DETAILED STEPS Command or Action Purpose clear bgp { ipv4 { unicast | multicast | all | tunnel } | Clears a BGP neighbor. ipv6 unicast | all { unicast | multicast | all | tunnel } Step 1 • The * keyword resets all BGP neighbors. | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * | ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ] • The ip-address argument specifies the address of the neighbor to be reset. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 126 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Resetting Neighbors Using BGP Hard ResetCommand or Action Purpose Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast 10.0.0.3 graceful soft out • The as-number argument specifies that all neighbors that match the autonomous system number be reset. • The external keyword specifies that all external neighbors are reset. The graceful keyword specifies a graceful restart. Clearing Caches, Tables, and Databases Perform this task to remove all contents of a particular cache, table, or database. The clear bgp command resets the sessions of the specified group of neighbors (hard reset); it removes the TCP connection to the neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the session with the neighbor. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become, or are suspected to be, invalid. SUMMARY STEPS 1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address 2. clear bgp external 3. clear bgp * DETAILED STEPS Command or Action Purpose clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast Clears a specified neighbor. | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address Step 1 Example: RP/0/RSP0/CPU0:router# clear bgp ipv4 172.20.1.1 clear bgp external Clears all external peers. Example: RP/0/RSP0/CPU0:router# clear bgp external Step 2 clear bgp * Clears all BGP neighbors. Example: RP/0/RSP0/CPU0:router# clear bgp * Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 127 Implementing BGP on Cisco ASR 9000 Series Router Clearing Caches, Tables, and DatabasesDisplaying System and Network Statistics Perform thistask to display specific statistics,such asthe contents of BGP routing tables, caches, and databases. Information provided can be used to determine resource usage and solve network problems. You can also display information about node reachability and discover the routing path that the packets of your device are taking through the network. SUMMARY STEPS 1. show bgp cidr-only 2. show bgp community community-list [ exact-match ] 3. show bgp regexp regular-expression 4. show bgp 5. show bgp neighbors ip-address [ advertised-routes | dampened-routes | flap-statistics | performance-statistics | received prefix-filter | routes ] 6. show bgp paths 7. show bgp neighbor-group group-name configuration 8. show bgp summary DETAILED STEPS Command or Action Purpose Displays routes with nonnatural network masks (classless interdomain routing [CIDR]) routes. show bgp cidr-only Example: RP/0/RSP0/CPU0:router# show bgp cidr-only Step 1 show bgp community community-list [ Displays routes that match the specified BGP community. exact-match ] Step 2 Example: RP/0/RSP0/CPU0:router# show bgp community 1081:5 exact-match Displaysroutesthat match the specified autonomoussystem path regular expression. show bgp regexp regular-expression Example: RP/0/RSP0/CPU0:router# show bgp regexp "^3 " Step 3 show bgp Displays entries in the BGP routing table. Example: RP/0/RSP0/CPU0:router# show bgp Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 128 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Displaying System and Network StatisticsCommand or Action Purpose Displays information about the BGP connection to the specified neighbor. show bgp neighbors ip-address [ advertised-routes | dampened-routes | Step 5 flap-statistics | performance-statistics | received prefix-filter | routes ] • The advertised-routes keyword displays all routes the router advertised to the neighbor. Example: RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.1 • The dampened-routes keyword displays the dampened routes that are learned from the neighbor. • The flap-statistics keyword displays flap statistics of the routes learned from the neighbor. • The performance-statistics keyword displays performance statistics relating to work done by the BGP process for this neighbor. • The received prefix-filter keyword and argument display the received prefix list filter. • The routes keyword displays routes learned from the neighbor. show bgp paths Displays all BGP paths in the database. Example: RP/0/RSP0/CPU0:router# show bgp paths Step 6 Displays the effective configuration for a specified neighbor group, including any configuration inherited by this neighbor group. show bgp neighbor-group group-name configuration Example: RP/0/RSP0/CPU0:router# show bgp neighbor-group group_1 configuration Step 7 show bgp summary Displays the status of all BGP connections. Example: RP/0/RSP0/CPU0:router# show bgp summary Step 8 Displaying BGP Process Information Perform this task to display specific BGP process information. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 129 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Process InformationSUMMARY STEPS 1. show bgp process 2. show bgp ipv4 unicast summary 3. show bgp vpnv4 unicast summary 4. show bgp vrf ( vrf-name | all } 5. show bgp process detail 6. show bgp summary 7. show placement program bgp 8. show placement program brib DETAILED STEPS Command or Action Purpose Displays status and summary information for the BGP process. The output shows various global and address family-specific BGP show bgp process Example: RP/0/RSP0/CPU0:router# show bgp process Step 1 configurations. A summary of the number of neighbors, update messages, and notification messages sent and received by the process is also displayed. Displays a summary of the neighbors for the IPv4 unicast address family. show bgp ipv4 unicast summary Example: RP/0/RSP0/CPU0:router# show bgp ipv4 unicast summary Step 2 Displays a summary of the neighbors for the VPNv4 unicast address family. show bgp vpnv4 unicast summary Example: RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast summary Step 3 show bgp vrf ( vrf-name | all } Displays BGP VPN virtual routing and forwarding (VRF) information. Example: RP/0/RSP0/CPU0:router# show bgp vrf vrf_A Step 4 Displays detailed process information including the memory used by each of various internal structure types. show bgp process detail Example: RP/0/RSP0/CPU0:router# show bgp processes detail Step 5 show bgp summary Displays the status of all BGP connections. Example: RP/0/RSP0/CPU0:router# show bgp summary Step 6 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 130 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Process InformationCommand or Action Purpose Step 7 show placement program bgp Displays BGP program information. Example: RP/0/RSP0/CPU0:router# show placement program bgp • If a program isshown as having ‘rejected locations’ (for example, locations where program cannot be placed), the locations in question can be viewed using the show placement program bgp command. • If a program has been placed but not started, the amount of elapsed time since the program was placed is displayed in the Waiting to start column. Step 8 show placement program brib Displays bRIB program information. Example: RP/0/RSP0/CPU0:router# show placement program brib • If a program isshown as having ‘rejected locations’ (for example, locations where program cannot be placed), the locations in question can be viewed using the show placement program bgp command. • If a program has been placed but not started, the amount of elapsed time since the program was placed is displayed in the Waiting to start column. Monitoring BGP Update Groups This task displays information related to the processing of BGP update groups. SUMMARY STEPS 1. show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]] DETAILED STEPS Command or Action Purpose show bgp [ ipv4 { unicast | multicast | all | Displays information about BGP update groups. tunnel } | ipv6 { unicast | all } | all { unicast | Step 1 • The ip-address argument displays the update groups to which that neighbor belongs. multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group [ neighbor ip-address | process-id.index [ summary | performance-statistics ]] • The process-id.index argument selects a particular update group to display and is specified as follows: process ID (dot) index. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 131 Implementing BGP on Cisco ASR 9000 Series Router Monitoring BGP Update GroupsCommand or Action Purpose Example: RP/0/RSP0/CPU0:router# show bgp update-group 0.0 Process ID range is from 0 to 254. Index range is from 0 to 4294967295. • The summary keyword displays summary information for neighbors in a particular update group. • If no argument is specified, this command displays information for all update groups (for the specified address family). • The performance-statistics keyword displays performance statistics for an update group. Configuring BGP Nonstop Routing Perform this task to configure BGP Nonstop Routing (NSR). SUMMARY STEPS 1. configure 2. router bgp as-number 3. nsr 4. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number, and enters the BGP configuration mode, for configuring BGP routing processes. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Step 3 nsr Activates BGP Nonstop routing. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 132 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Nonstop RoutingCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-bgp)# nsr BGP supports 5000 NSR sessions. Note Step 4 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Installing Primary Backup Path for Prefix Independent Convergence (PIC) Perform the following tasks to install a backup path into the forwarding table and provide prefix independent convergence (PIC) in case of a PE-CE link failure: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 133 Implementing BGP on Cisco ASR 9000 Series Router Installing Primary Backup Path for Prefix Independent Convergence (PIC)SUMMARY STEPS 1. configure 2. router bgp as-number 3. Do one of the following • address-family {vpnv4 unicast | vpnv6 unicast} • vrf vrf-name {ipv4 unicast | ipv6 unicast} 4. additional-paths selection route-policy route-policy-name 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifiesthe autonomoussystem number and entersthe BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies the address family or VRF address family and enters the address family or VRF address family configuration submode. Step 3 Do one of the following • address-family {vpnv4 unicast | vpnv6 unicast} • vrf vrf-name {ipv4 unicast | ipv6 unicast} Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 134 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Installing Primary Backup Path for Prefix Independent Convergence (PIC)Command or Action Purpose Configures additional paths selection mode for a prefix. Use the additional-pathsselection command with an appropriate route-policy to calculate backup paths and to enable Prefix Independent Convergence (PIC) functionality. Note additional-paths selection route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)# additional-paths selection route-policy ap1 Step 4 The route-policy configuration is a pre-requisite for configuring the additional-pathsselection mode for a prefix . Thisis an example route-policy configuration to use with additional-selection command: route-policy ap1 set path-selection backup 1 install end-policy Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exitsthe configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Retaining Allocated Local Label for Primary Path Perform the following tasks to retain the previously allocated local label for the primary path on the primary PE for some configurable time after reconvergence: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 135 Implementing BGP on Cisco ASR 9000 Series Router Retaining Allocated Local Label for Primary PathSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { vpnv4 unicast | vpnv6 unicast } 4. retain local-label minutes 5. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies the address family and enters the address family configuration submode. address-family { vpnv4 unicast | vpnv6 unicast } Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast Step 3 Retains the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence. retain local-label minutes Example: RP/0/RSP0/CPU0:router(config-bgp-af)# retain local-label 10 Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting (yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-bgp)# end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 136 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Retaining Allocated Local Label for Primary PathCommand or Action Purpose ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-bgp)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session Configuring BGP Additional Paths Perform these tasks to configure BGP Additional Paths capability: SUMMARY STEPS 1. configure 2. route-policy route-policy-name 3. if conditional-expression then action-statement else 4. pass endif 5. end-policy 6. router bgp as-number 7. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws| vpnv4 unicast | vpnv6 unicast } 8. additional-paths receive 9. additional-paths send 10. additional-paths selection route-policy route-policy-name 11. Use one of these commands: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 137 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Additional PathsDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Defines the route policy and enters route-policy configuration mode. route-policy route-policy-name Example: RP/0/RSP0/CPU0:router (config)#route-policy add_path_policy Step 2 if conditional-expression then action-statement else Decidesthe actions and dispositionsfor the given route. Example: RP/0/RSP0/CPU0:router (config-rpl)#if community matches-any (*) then Step 3 set path-selection all advertise else pass endif Passesthe route for processing and endsthe ifstatement. Example: RP/0/RSP0/CPU0:router(config-rpl-else)#pass RP/0/RSP0/CPU0:router(config-rpl-else)#endif Step 4 Ends the route policy definition of the route policy and exits route-policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)#end-policy Step 5 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 6 Specifies the address family and enters address family configuration submode. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast } Step 7 Example: RP/0/RSP0/CPU0:router(config-bgp)#address-family ipv4 unicast Configures receive capability of multiple paths for a prefix to the capable peers. additional-paths receive Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths receive Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 138 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring BGP Additional PathsCommand or Action Purpose Configuressend capability of multiple pathsfor a prefix to the capable peers . additional-paths send Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths send Step 9 Configures additional paths selection capability for a prefix. additional-paths selection route-policy route-policy-name Example: RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths selection route-policy add_path_policy Step 10 Step 11 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config)# commit configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring iBGP Multipath Load Sharing Perform this task to configure the iBGP Multipath Load Sharing: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 139 Implementing BGP on Cisco ASR 9000 Series Router Configuring iBGP Multipath Load SharingSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family {ipv4|ipv6} {unicast|multicast} 4. maximum-paths ibgp number 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 2 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family {ipv4|ipv6} {unicast|multicast} Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast Step 3 Configures the maximum number of iBGP paths for load sharing. maximum-paths ibgp number Example: RP/0/RSP0/CPU0:router(config-bgp-af)# maximum-paths ibgp 30 Step 4 Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 140 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring iBGP Multipath Load SharingCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Originating Prefixes with AiGP Perform this task to configure origination of routes with the AiGP metric: Before You Begin Origination of routes with the accumulated interior gateway protocol (AiGP) metric is controlled by configuration. AiGP attributes are attached to redistributed routes that satisfy following conditions: • The protocol redistributing the route is enabled for AiGP. • The route is an interior gateway protocol (iGP) route redistributed into border gateway protocol (BGP). The value assigned to the AiGP attribute is the value of iGP next hop to the route or as set by a route-policy. • The route is a static route redistributed into BGP. The value assigned is the value of next hop to the route or as set by a route-policy. • The route is imported into BGP through network statement. The value assigned is the value of next hop to the route or as set by a route-policy. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 141 Implementing BGP on Cisco ASR 9000 Series Router Originating Prefixes with AiGPSUMMARY STEPS 1. configure 2. route-policy aigp_policy 3. set aigp-metricigp-cost 4. exit 5. router bgp as-number 6. address-family {ipv4 | ipv6} unicast 7. redistribute ospf osp route-policy plcy_namemetric value 8. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Enters route-policy configuration mode and sets the route-policy route-policy aigp_policy Example: RP/0/RSP0/CPU0:router(config)# route-policy aip_policy Step 2 set aigp-metricigp-cost Sets the internal routing protocol cost as the aigp metric. Example: RP/0/RSP0/CPU0:router(config-rpl)# set aigp-metric igp-cost Step 3 exit Exits route-policy configuration mode. Example: RP/0/RSP0/CPU0:router(config-rpl)# exit Step 4 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 100 Step 5 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode. address-family {ipv4 | ipv6} unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast Step 6 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 142 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Originating Prefixes with AiGPCommand or Action Purpose redistribute ospf osp route-policy plcy_namemetric value Allows the redistribution of AiBGP metric into OSPF. Example: RP/0/RSP0/CPU0:router(config-bgp-af)#redistribute ospf osp route-policy aigp_policy metric 1 Step 7 Step 8 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Enabling BGP Unequal Cost Recursive Load Balancing Perform this task to enable unequal cost recursive load balancing for external BGP (eBGP), interior BGP (iBGP), and eiBGP and to enable BGP to carry link bandwidth attribute of the demilitarized zone (DMZ) link. When the PE router includes the link bandwidth extended community in its updates to the remote PE through the Multiprotocol Interior BGP (MP-iBGP)session (either IPv4 or VPNv4), the remote PE automatically does load balancing if the maximum-paths command is enabled. Unequal cost recursive load balancing happens across maximum eight paths only. Note Enabling BGP unequal cost recursive load balancing feature is not supported on CPP based cards. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 143 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingSUMMARY STEPS 1. configure 2. router bgp as-number 3. address-family { ipv4 | ipv6 } unicast 4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ] 5. exit 6. neighbor ip-address 7. dmz-link-bandwidth 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)# router bgp 120 Step 2 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode. address-family { ipv4 | ipv6 } unicast Example: RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast Step 3 To see a list of all the possible keywords and arguments for this command, use the CLI help (?). Configures the maximum number of parallel routes that BGP installs in the routing table. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ] Step 4 Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# maximum-paths ebgp 3 Valid values for maximum-paths are eight, inclusive. Note • ebgp maximum : Consider only eBGP paths for multipath. • ibgp maximum [ unequal-cost ]: Consider load balancing between iBGP learned paths. • eibgp maximum : Consider both eBGP and iBGP learned pathsfor load balancing. eiBGP load balancing always does unequal-cost load balancing. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 144 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingCommand or Action Purpose When eiBGP is applied, eBGP or iBGP load balancing cannot be configured; however, eBGP and iBGP load balancing can coexist. exit Exits the current configuration mode. Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit Step 5 Configures a CE neighbor. The ip-address argument must be a private address. neighbor ip-address Example: RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0 Step 6 Originates a demilitarized-zone (DMZ) link-bandwidth extended community for the link to an eBGP/iBGP neighbor. dmz-link-bandwidth Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# dmz-link-bandwidth Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# end exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 145 Implementing BGP on Cisco ASR 9000 Series Router Enabling BGP Unequal Cost Recursive Load BalancingConfiguring RPKI Cache Perform this task to configure Resource Public Key Infrastructure (RPKI) cache parameters. Configure the RPKI cache configuration in rpki-cache submode under the router-bgp submode. Use the rpki cache ip_addres command to enter into the rpki-cache submode SUMMARY STEPS 1. configure 2. router bgp as-number 3. rpki cache {host-name | ip-address} 4. Use one of these commands: • transport ssh port port_number • transport tcp port port_number 5. (Optional) username user_name 6. (Optional) password 7. preference preference_value 8. purge-time time 9. Use one of these commands. • refresh-time time • refresh-time off 10. Use one these commands. • response-time time • response-time off 11. shutdown 12. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 146 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Entersrpki-cache submode and enables configuration of RPKI cache parameters. rpki cache {host-name | ip-address} Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki cache 10.2.3.4 Step 3 Step 4 Use one of these commands: Specifies a transport method for the RPKI cache. • ssh—Select ssh to connect to the RPKI cache using SSH. • transport ssh port port_number • transport tcp port port_number • tcp—Select tcp to connect to the RPKI cache using TCP (unencrypted). Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport ssh port 1 • port port_number—Specify a port number for the specified RPKI cache transport. Range for the port number is 1 to 65535 for both ssh and tcp. Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport tcp port 2 You can set the transport to either tcp or ssh. Change of transport causes the cache session to flap. Note (Optional) Specifies a (SSH) username for the RPKI cache. username user_name Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#username ssh_rpki_cache Step 5 (Optional) Specifies a (SSH) password for the RPKI cache. password Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#password ssh_rpki_pass Step 6 The “username” and “password” configurations only apply if the SSH method of transport is active. Note Specifies a preference value for the RPKI cache. Range for the preference value is 1 to 10. Setting a lower preference value is better. preference preference_value Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#preference 1 Step 7 Configures the time BGP waits to keep routes from a cache after the cache session drops. Set purge time purge-time time Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#purge-time 30 Step 8 in seconds. Range for the purge time is 30 to 360 seconds. Configures the time BGP waits in between sending periodic serial queries to the cache. Set refresh-time Step 9 Use one of these commands. • refresh-time time in seconds. Range for the refresh time is 15 to 3600 • refresh-time off seconds. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 147 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose Configure the off option to specify not to send serial-queries periodically. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time 20 Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time off Configures the time BGP waits for a response after sending a serial or reset query. Set response-time in Step 10 Use one these commands. • response-time time seconds. Range for the response time is 15 to 3600 • response-time off seconds. Configure the off option to wait indefinitely for a response. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time 30 Or RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time off shutdown Configures shut down of the RPKI cache. Example: RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#shutdown Step 11 Step 12 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config)# end before exiting(yes/no/cancel)? [cancel]: ? Entering yessaves configuration changes to the running configuration file, exits or RP/0/RSP0/CPU0:router(config)# commit the configuration session, and returnsthe router to EXEC mode. ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 148 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI CacheCommand or Action Purpose configuration file and remain within the configuration session. Configuring RPKI Prefix Validation Perform this task to control the behavior of RPKI prefix validation processing. • SUMMARY STEPS 1. configure 2. router bgp as-number 3. Use one of these commands. • rpki origin-as validation disable • rpki origin-as validation time {off | prefix_validation_time 4. origin-as validity signal ibgp 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Step 3 Use one of these commands. Sets the BGP origin-AS validation parameters. • rpki origin-as validation disable • disable—Use disable option to disable RPKI origin-AS validation. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 149 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Prefix ValidationCommand or Action Purpose • time—Use time option to eitherset prefix validation time (in seconds) or to set off the automatic prefix validation after an RPKI update. • rpki origin-as validation time {off | prefix_validation_time Range for prefix validation time is 5 to 60 seconds. Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation disable Configuring the disable option disables prefix validation for all eBGP paths and all eBGP paths are marked as "valid" by default. The rpki origin-as validation options can also configured in neighbor and neighbor address family submodes. The neighbor must be an ebgp neighbor. If configured at the neighbor or neighor address family level, prefix validation disable or time options will be valid only for that specific neighbor or neighbor address family. Note Or RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation time 50 Or RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validation time off Step 4 origin-as validity signal ibgp Enablesthe iBGP signaling of validity state through an extended-community. Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki origin-as validity signal ibgp This can also be configured in global address family submode. Step 5 Use one of these commands: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring RPKI Bestpath Computation Perform this task to configure RPKI bestpath computation options. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 150 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Bestpath ComputationSUMMARY STEPS 1. configure 2. router bgp as-number 3. rpki bestpath use origin-as validity 4. rpki bestpath origin-as allow invalid 5. Use one of these commands: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. router bgp as-number Example: RP/0/RSP0/CPU0:router(config)#router bgp 100 Step 2 Enables the validity states of BGP paths to affect the path's preference in the BGP bestpath process. This configuration can also be done in router BGP address family submode. rpki bestpath use origin-as validity Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki bestpath use origin-as validity Step 3 Allows all "invalid" paths to be considered for BGP bestpath computation. This configuration can also be done at global address family, neighbor, and neighbor address family submodes. Configuring rpki bestpath origin-as allow invalid in router BGP and address family submodes allow all "invalid" paths to be considered for BGP bestpath computation. By default, all such paths are not bestpath candidates. Configuring pki bestpath origin-as allow invalid in neighbor and neighbor addressfamily submodes allow all "invalid" paths from that specific neighbor or neighbor address family to be considered as bestpath candidates. The neighbor must be an eBGP neighbor. Note rpki bestpath origin-as allow invalid Example: RP/0/RSP0/CPU0:router(config-bgp)#rpki bestpath origin-as allow invalid Step 4 This configuration takes effect only when the rpki bestpath use origin-as validity configuration is enabled. Step 5 Use one of these commands: Saves configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 151 Implementing BGP on Cisco ASR 9000 Series Router Configuring RPKI Bestpath ComputationCommand or Action Purpose • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: • end • commit Example: RP/0/RSP0/CPU0:router(config)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuration Examples for Implementing BGP This section provides the following configuration examples: Enabling BGP: Example The following shows how to enable BGP. prefix-set static 2020::/64, 2012::/64, 10.10.0.0/16, 10.2.0.0/24 end-set route-policy pass-all pass end-policy route-policy set_next_hop_agg_v4 set next-hop 10.0.0.1 end-policy route-policy set_next_hop_static_v4 if (destination in static) then set next-hop 10.1.0.1 else drop endif end-policy route-policy set_next_hop_agg_v6 set next-hop 2003::121 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 152 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Configuration Examples for Implementing BGPend-policy route-policy set_next_hop_static_v6 if (destination in static) then set next-hop 2011::121 else drop endif end-policy router bgp 65000 bgp fast-external-fallover disable bgp confederation peers 65001 65002 bgp confederation identifier 1 bgp router-id 1.1.1.1 address-family ipv4 unicast aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4 aggregate-address 10.3.0.0/24 redistribute static route-policy set_next_hop_static_v4 address-family ipv4 multicast aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4 aggregate-address 10.3.0.0/24 redistribute static route-policy set_next_hop_static_v4 address-family ipv6 unicast aggregate-address 2012::/64 route-policy set_next_hop_agg_v6 aggregate-address 2013::/64 redistribute static route-policy set_next_hop_static_v6 address-family ipv6 multicast aggregate-address 2012::/64 route-policy set_next_hop_agg_v6 aggregate-address 2013::/64 redistribute static route-policy set_next_hop_static_v6 neighbor 10.0.101.60 remote-as 65000 address-family ipv4 unicast address-family ipv4 multicast neighbor 10.0.101.61 remote-as 65000 address-family ipv4 unicast address-family ipv4 multicast neighbor 10.0.101.62 remote-as 3 address-family ipv4 unicast route-policy pass-all in route-policy pass-all out address-family ipv4 multicast route-policy pass-all in route-policy pass-all out neighbor 10.0.101.64 remote-as 5 update-source Loopback0 address-family ipv4 unicast route-policy pass-all in route-policy pass-all out address-family ipv4 multicast route-policy pass-all in route-policy pass-all out Displaying BGP Update Groups: Example The following is sample output from the show bgp update-group command run in EXEC mode: RP/0/RSP0/CPU0:router# show bgp update-group Update group for IPv4 Unicast, index 0.1: Attributes: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 153 Implementing BGP on Cisco ASR 9000 Series Router Displaying BGP Update Groups: ExampleOutbound Route map:rm Minimum advertisement interval:30 Messages formatted:2, replicated:2 Neighbors in this update group: 10.0.101.92 Update group for IPv4 Unicast, index 0.2: Attributes: Minimum advertisement interval:30 Messages formatted:2, replicated:2 Neighbors in this update group: 10.0.101.91 BGP Neighbor Configuration: Example The following example shows how BGP neighbors on an autonomous system are configured to share information. In the example, a BGP router is assigned to autonomous system 109, and two networks are listed as originating in the autonomous system. Then the addresses of three remote routers (and their autonomous systems) are listed. The router being configured shares information about networks 172 .16 .0.0 and 192.168 .7.0 with the neighbor routers. The first router listed is in a different autonomous system; the second neighbor and remote-as commandsspecify an internal neighbor (with the same autonomoussystem number) at address 172 .26 .234.2; and the third neighbor and remote-as commandsspecify a neighbor on a different autonomous system. route-policy pass-all pass end-policy router bgp 109 address-family ipv4 unicast network 172 .16 .0.0 255.255 .0.0 network 192.168 .7.0 255.255 .0.0 neighbor 172 .16 .200.1 remote-as 167 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-out out neighbor 172 .26 .234.2 remote-as 109 exit address-family ipv4 unicast neighbor 172 .26 .64.19 remote-as 99 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 154 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Neighbor Configuration: ExampleBGP Confederation: Example The following is a sample configuration thatshowsseveral peersin a confederation. The confederation consists of three internal autonomous systems with autonomous system numbers 6001, 6002, and 6003. To the BGP speakers outside the confederation, the confederation lookslike a normal autonomoussystem with autonomous system number 666 (specified using the bgp confederation identifier command). In a BGP speaker in autonomous system 6001, the bgp confederation peers command marks the peers from autonomous systems 6002 and 6003 as special eBGP peers. Hence, peers 171.16 .232.55 and 171.16 .232.56 get the local preference, next hop, and MED unmodified in the updates. The router at 171 .19 .69.1 is a normal eBGP speaker, and the updates received by it from this peer are just like a normal eBGP update from a peer in autonomous system 666. router bgp 6001 bgp confederation identifier 666 bgp confederation peers 6002 6003 exit address-family ipv4 unicast neighbor 171.16 .232.55 remote-as 6002 exit address-family ipv4 unicast neighbor 171.16 .232.56 remote-as 6003 exit address-family ipv4 unicast neighbor 171 .19 .69.1 remote-as 777 In a BGP speaker in autonomous system 6002, the peers from autonomous systems 6001 and 6003 are configured as special eBGP peers. Peer 171 .17 .70.1 is a normal iBGP peer, and peer 199.99.99.2 is a normal eBGP peer from autonomous system 700. router bgp 6002 bgp confederation identifier 666 bgp confederation peers 6001 6003 exit address-family ipv4 unicast neighbor 171 .17 .70.1 remote-as 6002 exit address-family ipv4 unicast neighbor 171.19 .232.57 remote-as 6001 exit address-family ipv4 unicast neighbor 171.19 .232.56 remote-as 6003 exit address-family ipv4 unicast neighbor 171 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 155 Implementing BGP on Cisco ASR 9000 Series Router BGP Confederation: Example.19 .99.2 remote-as 700 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out In a BGP speaker in autonomous system 6003, the peers from autonomous systems 6001 and 6002 are configured as special eBGP peers. Peer 192 .168 .200.200 is a normal eBGP peer from autonomous system 701. router bgp 6003 bgp confederation identifier 666 bgp confederation peers 6001 6002 exit address-family ipv4 unicast neighbor 171.19 .232.57 remote-as 6001 exit address-family ipv4 unicast neighbor 171.19 .232.55 remote-as 6002 exit address-family ipv4 unicast neighbor 192 .168 .200.200 remote-as 701 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out The following is a part of the configuration from the BGP speaker 192 .168 .200.205 from autonomoussystem 701 in the same example. Neighbor 171.16 .232.56 is configured as a normal eBGP speaker from autonomous system 666. The internal division of the autonomous system into multiple autonomous systems is not known to the peers external to the confederation. router bgp 701 address-family ipv4 unicast neighbor 172 .16 .232.56 remote-as 666 exit address-family ipv4 unicast route-policy pass-all in route-policy pass-all out exit address-family ipv4 unicast neighbor 192 .168 .200.205 remote-as 701 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 156 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Confederation: ExampleBGP Route Reflector: Example The following example shows how to use an address family to configure internal BGP peer 10.1.1.1 as a route reflector client for both unicast and multicast prefixes: router bgp 140 address-family ipv4 unicast neighbor 10.1.1.1 remote-as 140 address-family ipv4 unicast route-reflector-client exit address-family ipv4 multicast route-reflector-client BGP Nonstop Routing Configuration: Example The following example shows how to enable BGP NSR: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# nsr RP/0/RSP0/CPU0:router(config-bgp)# end The following example shows how to disable BGP NSR: RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)# no nsr RP/0/RSP0/CPU0:router(config-bgp)# end Primary Backup Path Installation: Example The following example shows how to enable installation of primary backup path: router bgp 120 address-family ipv4 unicast additional-paths receive additional-paths send additional-paths selection route-policy bgp_add_path ! ! end Allocated Local Label Retention: Example The following example shows how to retain the previously allocated local label for the primary path on the primary PE for 10 minutes after reconvergence: router bgp 100 address-family l2vpn vpls-vpws retain local-label 10 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 157 Implementing BGP on Cisco ASR 9000 Series Router BGP Route Reflector: Exampleend iBGP Multipath Loadsharing Configuration: Example The following is a sample configuration where 30 paths are used for loadsharing: router bgp 100 address-family ipv4 multicast maximum-paths ibgp 30 ! ! end Configuring BGP Additional Paths: Example This is a sample configuration for enabling BGP Additional Paths send, receive, and selcetion capabilities: route-policy add_path_policy if community matches-any (*) then set path-selection all advertise else pass endif end-policy ! router bgp 100 address-family ipv4 unicast additional-paths receive additional-paths send additional-paths selection route-policy add_path_policy ! ! end Originating Prefixes With AiGP: Example The following is a sample configuration for originating prefixes with the AiGP metric attribute: route-policy aigp-policy set aigp-metric 4 set aigp-metric igp-cost end-policy ! router bgp 100 address-family ipv4 unicast network 10.2.3.4/24 route-policy aigp-policy redistribute ospf osp1 metric 4 route-policy aigp-policy ! ! end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 158 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router iBGP Multipath Loadsharing Configuration: ExampleBGP Unequal Cost Recursive Load Balancing: Example This is a sample configuration for unequal cost recursive load balancing: interface Loopback0 ipv4 address 20.20.20.20 255.255.255.255 ! interface MgmtEth0/RSP0/CPU0/0 ipv4 address 8.43.0.10 255.255.255.0 ! interface TenGigE0/3/0/0 bandwidth 8000000 ipv4 address 11.11.11.11 255.255.255.0 ipv6 address 11:11:0:1::11/64 ! interface TenGigE0/3/0/1 bandwidth 7000000 ipv4 address 11.11.12.11 255.255.255.0 ipv6 address 11:11:0:2::11/64 ! interface TenGigE0/3/0/2 bandwidth 6000000 ipv4 address 11.11.13.11 255.255.255.0 ipv6 address 11:11:0:3::11/64 ! interface TenGigE0/3/0/3 bandwidth 5000000 ipv4 address 11.11.14.11 255.255.255.0 ipv6 address 11:11:0:4::11/64 ! interface TenGigE0/3/0/4 bandwidth 4000000 ipv4 address 11.11.15.11 255.255.255.0 ipv6 address 11:11:0:5::11/64 ! interface TenGigE0/3/0/5 bandwidth 3000000 ipv4 address 11.11.16.11 255.255.255.0 ipv6 address 11:11:0:6::11/64 ! interface TenGigE0/3/0/6 bandwidth 2000000 ipv4 address 11.11.17.11 255.255.255.0 ipv6 address 11:11:0:7::11/64 ! interface TenGigE0/3/0/7 bandwidth 1000000 ipv4 address 11.11.18.11 255.255.255.0 ipv6 address 11:11:0:8::11/64 ! interface TenGigE0/4/0/0 description CONNECTED TO IXIA 1/3 transceiver permit pid all ! interface TenGigE0/4/0/2 ipv4 address 9.9.9.9 255.255.0.0 ipv6 address 9:9::9/64 ipv6 enable ! route-policy pass-all pass end-policy ! router static address-family ipv4 unicast 202.153.144.0/24 8.43.0.1 ! ! Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 159 Implementing BGP on Cisco ASR 9000 Series Router BGP Unequal Cost Recursive Load Balancing: Examplerouter bgp 100 bgp router-id 20.20.20.20 address-family ipv4 unicast maximum-paths eibgp 8 redistribute connected ! neighbor 11.11.11.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.12.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.13.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.14.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.15.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.16.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.17.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! neighbor 11.11.18.12 remote-as 200 dmz-link-bandwidth address-family ipv4 unicast route-policy pass-all in route-policy pass-all out ! ! ! end Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 160 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router BGP Unequal Cost Recursive Load Balancing: ExampleWhere to Go Next For detailed information about BGP commands, see Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Additional References The following sections provide references related to implementing BGP. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference BGP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference Cisco Express Forwarding (CEF) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide MPLS VPN configuration information. Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Bidirectional Forwarding Detection (BFD) Configuring AAA Services on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Task ID information. Standards Standards Title Authentication for TCP-based Routing and Management Protocols, by R. Bonica, B. Weis, S. Viswanathan, A. Lange, O. Wheeler draft-bonica-tcp-auth-05.txt A Border Gateway Protocol 4, by Y. Rekhter, T.Li, S. Hares draft-ietf-idr-bgp4-26.txt Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 161 Implementing BGP on Cisco ASR 9000 Series Router Where to Go NextStandards Title Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4), by J. Hass and S. Hares draft-ietf-idr-bgp4-mib-15.txt Subcodes for BGP Cease Notification Message, by Enke Chen, V. Gillet draft-ietf-idr-cease-subcode-05.txt Avoid BGP Best Path Transitions from One External to Another, by Enke Chen, Srihari Sangli draft-ietf-idr-avoid-transition-00.txt BGP Support for Four-octet AS Number Space, by Quaizar Vohra, Enke Chen draft-ietf-idr-as4bytes-12.txt MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title RFC 1700 Assigned Numbers RFC 1997 BGP Communities Attribute Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2385 RFC 2439 BGP Route Flap Damping Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing RFC 2545 BGP Route Reflection - An Alternative to Full Mesh IBGP RFC 2796 RFC 2858 Multiprotocol Extensions for BGP-4 RFC 2918 Route Refresh Capability for BGP-4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 162 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Additional ReferencesRFCs Title RFC 3065 Autonomous System Confederations for BGP RFC 3392 Capabilities Advertisement with BGP-4 RFC 4271 A Border Gateway Protocol 4 (BGP-4) RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs) RFC 4724 Graceful Restart Mechanism for BGP Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 163 Implementing BGP on Cisco ASR 9000 Series Router Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 164 OL-26048-02 Implementing BGP on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of IGRP developed by Cisco. This module describes the concepts and tasks you need to implement basic EIGRP configuration using Cisco IOS XR software. EIGRP uses distance vector routing technology, which specifies that a router need not know all the router and link relationships for the entire network. Each router advertises destinations with a corresponding distance and upon receiving routes, adjuststhe distance and propagatesthe information to neighboring routes. For EIGRP configuration information related to the following features, see the Related Documents, on page 203 section of this module. • Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) • Site of Origin (SoO) Support For more information about EIGRP on the Cisco IOS XR software and complete descriptions of the EIGRP commandslisted in this module,see the Related Documents, on page 203 section of this module. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco IOS XR software master command index. Note Feature History for Implementing EIGRP on Cisco ASR 9000 Series Router Software Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 No modification. • Prerequisites for Implementing EIGRP, page 166 • Restrictions for Implementing EIGRP , page 166 • Information About Implementing EIGRP, page 166 • How to Implement EIGRP , page 177 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 165• Configuration Examples for Implementing EIGRP , page 201 • Additional References, page 203 Prerequisites for Implementing EIGRP You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for Implementing EIGRP The following restrictions are employed when running EIGRP on this version of Cisco IOS XR software: • Only one instance of an EIGRP process is supported. • Bidirectional Forwarding Detection (BFD) feature and the Simple Network Management Protocol (SNMP) MIB are not supported. • Interface static routes are not automatically redistributed into EIGRP, because there are no network commands. • Metric configuration (either through the default-metric command or a route policy) is required for redistribution of connected and static routes. • Auto summary is disabled by default. • Stub leak maps are not supported. Information About Implementing EIGRP To implement EIGRP, you need to understand the following concepts: EIGRP Functional Overview Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocolsuited for many different topologies and media. EIGRP scales well and provides extremely quick convergence times with minimal network traffic. EIGRP has very low usage of network resources during normal operation. Only hello packets are transmitted on a stable network. When a change in topology occurs, only the routing table changes are propagated and not the entire routing table. Propagation reduces the amount of load the routing protocol itself places on the network. EIGRP also provides rapid convergence times for changes in the network topology. The distance information in EIGRP isrepresented as a composite of available bandwidth, delay, load utilization, and link reliability with improved convergence properties and operating efficiency. The fine-tuning of link characteristics achieves optimal paths. The convergence technology that EIGRP usesis based on research conducted at SRI International and employs an algorithm referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 166 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Prerequisites for Implementing EIGRPoperation at every instant throughout a route computation and allows all devicesinvolved in a topology change to synchronize at the same time. Routers that are not affected by topology changes are not involved in recomputations. The convergence time with DUAL rivals that of any other existing routing protocol. EIGRP Features EIGRP offers the following features: • Fast convergence—The DUAL algorithm allows routing information to converge as quickly as any currently available routing protocol. • Partial updates—EIGRP sends incremental updates when the state of a destination changes, instead of sending the entire contents of the routing table. Thisfeature minimizesthe bandwidth required for EIGRP packets. • Neighbor discovery mechanism—This is a simple hello mechanism used to learn about neighboring routers. It is protocol independent. • Variable-length subnet masks (VLSMs). • Arbitrary route summarization. • Scaling—EIGRP scales to large networks. The following key features are supported in the Cisco IOS XR implementation: • Provider Edge (PE)-Customer Edge (CE) protocolsupport with Site of Origin (SoO) and Border Gateway Protocol (BGP) cost community support. • PECE protocol support for MPLS. EIGRP Components EIGRP has the following four basic components: • Neighbor discovery or neighbor recovery • Reliable transport protocol • DUAL finite state machine • Protocol-dependent modules Neighbor discovery or neighbor recovery is the process that routers use to dynamically learn of other routers on their directly attached networks. Routers must also discover when their neighbors become unreachable or inoperative. Neighbor discovery or neighbor recovery is achieved with low overhead by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS XR software can determine that a neighbor is alive and functioning. After this status is determined, the neighboring routers can exchange routing information. The reliable transport protocol isresponsible for guaranteed, ordered delivery of EIGRP packetsto all neighbors. It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent reliably and others need not be. For efficiency, reliability is provided only when necessary. For example, on a multiaccess network that has multicast capabilities (such as Ethernet) it is not necessary to send hello packets reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello with an indication in Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 167 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Featuresthe packet informing the receivers that the packet need not be acknowledged. Other types of packets (such as updates) require acknowledgment, which is indicated in the packet. The reliable transport has a provision to send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure that convergence time remains low in the presence of various speed links. The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. DUAL uses the distance information (known as a metric) to select efficient, loop-free paths. DUAL selectsroutesto be inserted into a routing table based on a calculation of the feasibility condition. A successor is a neighboring router used for packet forwarding that has a least-cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new successor is determined. The amount of time required to recompute the route affects the convergence time. Recomputation is processor intensive; it is advantageous to avoid unneeded recomputation. When a topology change occurs, DUAL testsfor feasible successors. If there are feasible successors, it uses any it findsto avoid unnecessary recomputation. The protocol-dependent modules are responsible for network layer protocol-specific tasks. An example is the EIGRP module, which is responsible for sending and receiving EIGRP packets that are encapsulated in IP. It is also responsible for parsing EIGRP packets and informing DUAL of the new information received. EIGRP asks DUAL to make routing decisions, but the results are stored in the IP routing table. EIGRP is also responsible for redistributing routes learned by other IP routing protocols. EIGRP Configuration Grouping Cisco IOS XR software groups all EIGRP configuration under router EIGRP configuration mode, including interface configuration portions associated with EIGRP. To display EIGRP configuration in its entirety, use the show running-config router eigrp command. The command output displays the running configuration for the configured EIGRP instance, including the interface assignments and interface attributes. EIGRP Configuration Modes The following examples show how to enter each of the configuration modes. From a mode, you can enter the ? command to display the commands available in that mode. Router Configuration Mode The following example shows how to enter router configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# VRF Configuration Mode The following example shows how to enter VRF configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)# Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 168 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Configuration GroupingIPv4 Address Family Configuration Mode The following example shows how to enter IPv4 address family configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# IPv4 VRF Address Family Configuration Mode The following example shows how to enter IPv4 VRF address family configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# Interface Configuration Mode The following example shows how to enter interface configuration mode in IPv4 addressfamily configuration mode: RP/0/RSP0/CPU0:router# configuration RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)# EIGRP Interfaces EIGRP interfaces can be configured as either of the following types: • Active—Advertises connected prefixes and forms adjacencies. This is the default type for interfaces. • Passive—Advertises connected prefixes but does not form adjacencies. The passive command is used to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes, such as loopback addresses, that need to be injected into the EIGRP domain. If many connected prefixes need to be advertised, then the redistribution of connected routes with the appropriate policy should be used instead. Redistribution for an EIGRP Process Routes from other protocols can be redistributed into EIGRP. A route policy can be configured along with the redistribute command. A metric is required, configured either through the default-metric command or under the route policy configured with the redistribute command to import routes into EIGRP. A route policy allows the filtering of routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. When redistribution is configured under a VRF, EIGRP retrieves extended communities attached to the route in the routing information base (RIB). The SoO is used to filter out routing loops in the presence of MPSL VPN backdoor links. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 169 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP InterfacesMetric Weights for EIGRP Routing EIGRP uses the minimum bandwidth on the path to a destination network and the total delay to compute routing metrics. You can use the metric weights command to adjust the default behavior of EIGRP routing and metric computations. For example, this adjustment allows you to tune system behavior to allow forsatellite transmission. EIGRP metric defaults have been carefully selected to provide optimal performance in most networks. By default, the EIGRP composite metric is a 32-bit quantity that is a sum of the segment delays and lowest segment bandwidth (scaled and inverted) for a given route. For a network of homogeneous media, this metric reduces to a hop count. For a network of mixed media (FDDI, Ethernet, and serial lines running from 9600 bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination. Mismatched K Values Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being established and can negatively impact network convergence. The following example explains this behavior between two EIGRP peers (ROUTER-A and ROUTER-B). The following error message is displayed in the console of ROUTER-B because the K values are mismatched: RP/0/RSP0/CPU0:Mar 13 08:19:55:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE:IP-EIGRP(0) 1:Neighbor 11.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch Two scenarios occur in which this error message can be displayed: • The two routers are connected on the same link and configured to establish a neighbor relationship. However, each router is configured with different K values. The following configuration is applied to ROUTER-A. The K values are changed with the metric weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. The value of 1 is entered for the k3 argument to adjust the delay calculation. hostname ROUTER-A! interface GigabitEthernet0/6/0/0 ipv4 address 10.1.1.1 255.255.255.0 router eigrp 100 metric weights 0 2 0 1 0 0 interface GigabitEthernet0/6/0/0 The following configuration is applied to ROUTER-B. However, the metric weights command is not applied and the default K values are used. The default K values are 1, 0, 1, 0, and 0. hostname ROUTER-B! interface GigabitEthernet0/6/0/1 ipv4 address 10.1.1.2 255.255.255.0 router eigrp 100 interface GigabitEthernet0/6/0/1 The bandwidth calculation is set to 2 on ROUTER-A and set to 1 (by default) on ROUTER-B. This configuration prevents these peers from forming a neighbor relationship. • The K-value mismatch error message can also be displayed if one of the two peers has transmitted a “goodbye” message and the receiving router does not support this message. In this case, the receiving router interprets this message as a K-value mismatch. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 170 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Metric Weights for EIGRP RoutingGoodbye Message The goodbye message is a feature designed to improve EIGRP network convergence. The goodbye message is broadcast when an EIGRP routing process is shut down to inform adjacent peers about the impending topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor relationships more efficiently than would occur if the peers discovered the topology change after the hold timer expired. The following message is displayed by routers that run a supported release when a goodbye message is received: RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.20 (GigabitEthernet0/6/0/0) is down: Interface Goodbye received A Cisco router that runs a software release that does not support the goodbye message can misinterpret the message as a K-value mismatch and display the following message: RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation. The nonsupporting peer terminates the session when the hold timer expires. The sending and receiving routers reconverge normally after the sender reloads. Note Percentage of Link Bandwidth Used for EIGRP Packets By default, EIGRP packets consume a maximum of 50 percent of the link bandwidth, as configured with the bandwidth interface configuration command. You might want to change that value if a different level of link utilization is required or if the configured bandwidth does not match the actual link bandwidth (it may have been configured to influence route metric calculations). Floating Summary Routes for an EIGRP Process You can also use a floating summary route when configuring the summary-address command. The floating summary route is created by applying a default route and administrative distance at the interface level. The following scenario illustrates the behavior of this enhancement. Figure 9: Floating Summary Route Is Applied to Router-B, on page 172 shows a network with three routers, Router-A, Router-B, and Router-C. Router-A learns a default route from elsewhere in the network and then advertises this route to Router-B. Router-B is configured so that only a default summary route is advertised to Router-C. The defaultsummary route is applied to interface 0/1 on Router-B with the following configuration: RP/0/RSP0/CPU0:router(config)# router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 100.0.0.0 0.0.0.0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 171 Implementing EIGRP on Cisco ASR 9000 Series Router Percentage of Link Bandwidth Used for EIGRP PacketsFigure 9: Floating Summary Route Is Applied to Router-B The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-C and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C. However, this configuration also generates a local discard route on Router-B, a route for 0.0.0.0/0 to the null 0 interface with an administrative distance of 5. When this route is created, it overrides the EIGRP learned default route. Router-B is no longer able to reach destinations that it would normally reach through the 0.0.0.0.0/0 route. This problem is resolved by applying a floating summary route to the interface on Router-B that connects to Router-C. The floating summary route is applied by relating an administrative distance to the default summary route on the interface of Router-B with the following statement: RP/0/RSP0/CPU0:router(config-if)# summary-address 100 0.0.0.0 0.0.0.0 250 The administrative distance of 250, applied in the above statement, is now assigned to the discard route generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the local routing table. Routing to Router-C is restored. If Router-A loses the connection to Router-B, Router-B continues to advertise a default route to Router-C, which allows traffic to continue to reach destinations attached to Router-B. However, traffic destined for networks to Router-A or behind Router-A is dropped when the traffic reaches Router-B. Figure 10: Floating Summary Route Applied for Dual-Homed Remotes, on page 173 shows a network with two connectionsfrom the core: Router-A and Router-D. Both routers have floating summary routes configured on the interfaces connected to Router-C. If the connection between Router-E and Router-C fails, the network Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 172 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Floating Summary Routes for an EIGRP Processcontinues to operate normally. All traffic flows from Router-C through Router-B to the hosts attached to Router-A and Router-D. Figure 10: Floating Summary Route Applied for Dual-Homed Remotes However, if the link between Router-D and Router-E fails, the network may dump traffic into a black hole because Router-E continues to advertise the default route (0.0.0.0/0) to Router-C, as long as at least one link (other than the link to Router-C) to Router-E is still active. In this scenario, Router-C still forwards traffic to Router-E, but Router-E drops the traffic creating the black hole. To avoid this problem, you should configure the summary address with an administrative distance on only single-homed remote routers or areas in which only one exit point exists between the segments of the network. If two or more exit points exist (from one segment of the network to another), configuring the floating default route can cause a black hole to form. Split Horizon for an EIGRP Process Split horizon controls the sending of EIGRP update and query packets. When split horizon is enabled on an interface, update and query packets are not sent for destinations for which this interface is the next hop. Controlling update and query packets in this manner reduces the possibility of routing loops. By default, split horizon is enabled on all interfaces. Split horizon blocks route information from being advertised by a router on any interface from which that information originated. This behavior usually optimizes communications among multiple routing devices, particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS), situations can arise for which this behavior islessthan ideal. For these situations, including networksin which you have EIGRP configured, you may want to disable split horizon. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 173 Implementing EIGRP on Cisco ASR 9000 Series Router Split Horizon for an EIGRP ProcessAdjustment of Hello Interval and Hold Time for an EIGRP Process You can adjust the interval between hello packets and the hold time. Routing devices periodically send hello packets to each other to dynamically learn of other routers on their directly attached networks. This information is used to discover neighbors and learn when neighbors become unreachable or inoperative. By default, hello packets are sent every 5 seconds. You can configure the hold time on a specified interface for a particular EIGRP routing process designated by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds. Stub Routing for an EIGRP Process The EIGRP Stub Routing feature improves network stability, reduces resource usage, and simplifies stub router configuration. Stub routing is commonly used in a hub-and-spoke network topology. In a hub-and-spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router is connected to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router need not send anything more than a default route to the remote router. When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP and configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message “inaccessible.” A router that is configured as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution router to send the proper updates to all peers. This figure shows a simple hub-and-spoke configuration. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 174 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Adjustment of Hello Interval and Hold Time for an EIGRP ProcessFigure 11: Simple Hub-and-Spoke Network The stub routing feature by itself does not prevent routes from being advertised to the remote router. In the example in Figure 11: Simple Hub-and-Spoke Network, on page 174 , the remote router can access the corporate network and the Internet through the distribution router only. Having a full route table on the remote router, in this example, would serve no functional purpose because the path to the corporate network and the Internet would always be through the distribution router. The larger route table would only reduce the amount of memory required by the remote router. Bandwidth and memory can be conserved by summarizing and filtering routes in the distribution router. The remote router need not receive routes that have been learned from other networks because the remote router must send all nonlocal traffic, regardless of destination, to the distribution router. If a true stub network is desired, the distribution router should be configured to send only a default route to the remote router. The EIGRP Stub Routing feature does not automatically enable summarization on the distribution router. In most cases, the network administrator needs to configure summarization on the distribution routers. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered orsummarized, a problem might occur. If a route islostsomewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn sends a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router. Route Policy Options for an EIGRP Process Route policies comprise series of statements and expressions that are bracketed with the route-policy and end-policy keywords. Rather than a collection of individual commands (one for each line), the statements within a route policy have context relative to each other. Thus, instead of each line being an individual command, each policy orset is an independent configuration object that can be used, entered, and manipulated as a unit. Each line of a policy configuration is a logical subunit. At least one new line must follow the then , else , and end-policy keywords. A new line must also follow the closing parenthesis of a parameter list and the name string in a reference to an AS path set, community set, extended community set, or prefix set (in the EIGRP context). At least one new line must precede the definition of a route policy or prefix set. A new line must appear at the end of a logical unit of policy expression and may not appear anywhere else. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 175 Implementing EIGRP on Cisco ASR 9000 Series Router Route Policy Options for an EIGRP ProcessThis is the command to set the EIGRP metric in a route policy: RP/0/RSP0/CPU0:router(config-rpl)# set eigrp-metric bandwidth delay reliability loading mtu This is the command to provide EIGRP offset list functionality in a route policy: RP/0/RSP0/CPU0:router(config-rpl)# add eigrp-metric bandwidth delay reliability loading mtu A route policy can be used in EIGRP only if all the statements are applicable to the particular EIGRP attach point. The following commands accept a route policy: • default-information allowed—Match statements are allowed for destination. No set statements are allowed. • route-policy—Match statements are allowed for destination, next hop, and tag. Set statements are allowed for eigrp-metric and tag. • redistribute—Match statements are allowed for destination, next hop,source-protocol, tag and route-type. Set statements are allowed for eigrp-metric and tag. The range for setting a tag is 0 to 255 for internal routes and 0 to 4294967295 for external routes. EIGRP Layer 3 VPN PE-CE Site-of-Origin The EIGRP MPLS and IP VPN PE-CE Site-of-Origin (SoO) feature introduces the capability to filter Multiprotocol Label Switching (MPLS) and IP Virtual Private Network (VPN) traffic on a per-site basis for EIGRP networks. SoO filtering is configured at the interface level and is used to manage MPLS and IP VPN traffic and to prevent transient routing loops from occurring in complex and mixed network topologies. Router Interoperation with the Site-of-Origin Extended Community The configuration of the SoO extended community allows routers that support this feature to identify the site from which each route originated. When this feature is enabled, the EIGRP routing process on the PE or CE router checks each received route for the SoO extended community and filters based on the following conditions: • A received route from BGP or a CE router contains a SoO value that matches the SoO value on the receiving interface: ? If a route is received with an associated SoO value that matches the SoO value that is configured on the receiving interface, the route is filtered out because it was learned from another PE router or from a backdoor link. This behavior is designed to prevent routing loops. • A received route from a CE router is configured with a SoO value that does not match: ? If a route is received with an associated SoO value that does not match the SoO value that is configured on the receiving interface, the route is accepted into the EIGRP topology table so that it can be redistributed into BGP. ? If the route is already installed in the EIGRP topology table but is associated with a different SoO value, the SoO value from the topology table is used when the route is redistributed into BGP. • A received route from a CE router does not contain a SoO value: Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 176 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP Layer 3 VPN PE-CE Site-of-OriginIf a route is received without a SoO value, the route is accepted into the EIGRP topology table, and the SoO value from the interface that is used to reach the next-hop CE router is appended to the route before it is redistributed into BGP. ? When BGP and EIGRP peers that support the SoO extended community receive these routes, they also receive the associated SoO values and pass them to other BGP and EIGRP peers that support the SoO extended community. This filtering is designed to prevent transient routes from being relearned from the originating site, which prevents transient routing loops from occurring. In conjunction with BGP cost community, EIGRP, BGP, and the RIB ensure that paths over the MPLS VPN core are preferred over backdoor links. For MPLS and IP VPN and SoO configuration information, see Implementing MPLS Layer 3 VPNs in the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide. EIGRP v4/v6 Authentication Using Keychain EIGRP authentication using keychain introduces the capability to authenticate EIGRP protocol packets on a per-interface basis. The EIGRP routing authentication provides a mechanism to authenticate all EIGRP protocol traffic on one or more interfaces, based on Message Digest 5 (MD5) authentication. The EIGRP routing authentication uses the Cisco IOS XR software security keychain infrastructure to store and retrieve secret keys and to authenticate incoming and outgoing traffic on a per-interface basis. How to Implement EIGRP This section contains instructions for the following tasks: Note To save configuration changes, you must commit changes when the system prompts you. Enabling EIGRP Routing This task enables EIGRP routing and establishes an EIGRP routing process. Before You Begin Although you can configure EIGRP before you configure an IP address, no EIGRP routing occurs until at least one IP address is configured. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 177 Implementing EIGRP on Cisco ASR 9000 Series Router EIGRP v4/v6 Authentication Using KeychainSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. router-id id 5. default-metric bandwidth delay reliability loading mtu 6. distance internal-distance external-distance 7. interface type interface-path-id 8. holdtime seconds 9. bandwidth-percent percent 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Step 4 router-id id (Optional) Configures a router-id for an EIGRP process. Example: RP/0/RSP0/CPU0:router(config-eigrp)# router-id 172.20.1.1 It is good practice to use the router-id command to explicitly specify a unique 32-bit numeric value for the router ID. This action ensures that EIGRP can function regardless of the interface address configuration. Note default-metric bandwidth delay reliability (Optional) Sets metrics for an EIGRP process. loading mtu Step 5 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 178 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Enabling EIGRP RoutingCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# default-metric 1000 100 250 100 1500 (Optional) Allows the use of two administrative distances—internal and external—that could be a better route to a node. distance internal-distance external-distance Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# distance 80 130 Step 6 interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/1/0/0 Step 7 Step 8 holdtime seconds (Optional) Configures the hold time for an interface. Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# holdtime 30 To ensure nonstop forwarding during RP failovers, as the number of neighbors increase, a higher holdtime than the default value is recommended. With 256 neighbors across all VRFs, we recommend 60 seconds. Note (Optional) Configuresthe percentage of bandwidth that may be used by EIGRP on an interface. bandwidth-percent percent Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# bandwidth-percent 75 Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and or returns the router to EXEC mode. RP/0/RSP0/CPU0:router(config-eigrp-af-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 179 Implementing EIGRP on Cisco ASR 9000 Series Router Enabling EIGRP RoutingCommand or Action Purpose • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Route Summarization for an EIGRP Process This task configures route summarization for an EIGRP process. You can configure a summary aggregate address for a specified interface. If any more specific routes are in the routing table, EIGRP advertisesthe summary addressfrom the interface with a metric equal to the minimum of all more specific routes. Before You Begin You should not use the summary-addresssummarization command to generate the default route (0.0.0.0) from an interface. This command creates an EIGRP summary default route to the null 0 interface with an administrative distance of 5. The low administrative distance of this default route can cause this route to displace default routes learned from other neighbors from the routing table. If the default route learned from the neighbors is displaced by the summary default route or the summary route is the only default route present, all traffic destined for the default route does not leave the router; instead, this traffic is sent to the null 0 interface, where it is dropped. The recommended way to send only the default route from a given interface is to use a route-policy command. Note SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. route-policy name out 5. interface type interface-path-id 6. summary-address ip-address { / length | mask } [ admin-distance ] 7. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 180 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Route Summarization for an EIGRP ProcessDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RRP/0/RSP0/CPU0:router# configure Step 1 Specifies the AS number of the routing process to configure an EIGRP routing process router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy name out Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# route-policy FILTER_DEFAULT out Step 4 interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/1/0/0 Step 5 Configures a summary aggregate addressfor the specified EIGRP interface. summary-address ip-address { / length | mask } [ admin-distance ] Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 192.168.0.0/16 95 Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 181 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Route Summarization for an EIGRP ProcessCommand or Action Purpose or RP/0/RSP0/CPU0:router(config-eigrp-af-if)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing Routes for EIGRP This task explains how to redistribute routes, apply limits on the number of routes, and set timers for nonstop forwarding. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name ] 5. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only ]] 6. timers nsf route-hold seconds 7. maximum paths maximum 8. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only]] 9. Do one of the following: • end • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 182 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing Routes for EIGRPDETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the AS number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Redistributes the routes from the specified protocol and AS number to the EIGRP process. Optionally, the redistributed redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name ] Step 4 routes can be filtered into the EIGRP process by providing the route policy. Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# redistribute bgp 100 Limits the maximum number of prefixes that are redistributed to the EIGRP process. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only ]] Step 5 Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# redistribute maximum-prefix 5000 95 warning-only Sets the timer that determines how long an NSF-aware EIGRP router holds routes for an inactive peer. timers nsf route-hold seconds Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# timers nsf route-hold 120 Step 6 Controls the maximum number of parallel routes that the EIGRP can support. maximum paths maximum Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum paths 10 Step 7 Limits the number of prefixes that are accepted under an address family by EIGRP. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ] [ restart-count number ] | [ warning-only]] Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 183 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing Routes for EIGRPCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum-prefix 50000 Step 9 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Creating a Route Policy and Attaching It to an EIGRP Process This task defines a route policy and shows how to attach it to an EIGRP process. A route policy definition consists of the route-policy command and name argument followed by a sequence of optional policy statements, and then closed with the end-policy command. A route policy is not useful until it is applied to routes of a routing protocol. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 184 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessSUMMARY STEPS 1. configure 2. route-policy name 3. set eigrp-metric bandwidth delay reliability load mtu 4. end-policy 5. Do one of the following: • end • commit 6. configure 7. router eigrp as-number 8. address-family { ipv4 } 9. route-policy route-policy-name { in | out } 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 route-policy name Defines a route policy and enters route-policy configuration mode. Example: RP/0/RSP0/CPU0:router(config)# route-policy IN-IPv4 Step 2 set eigrp-metric bandwidth delay reliability (Optional) Sets the EIGRP metric attribute. load mtu Step 3 Example: RP/0/RSP0/CPU0:router(config-rpl)# set eigrp metric 42 100 200 100 1200 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 185 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose Endsthe definition of a route policy and exitsroute-policy configuration mode. end-policy Example: RP/0/RSP0/CPU0:router(config-rpl)# end-policy Step 4 Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Example: RP/0/RSP0/CPU0:router(config-rpl)# end exiting(yes/no/cancel)?[cancel]: ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-rpl)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router Step 6 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 7 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 186 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# route-policy IN-IPv4 in Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exitsthe configuration session, and returns or the router to EXEC mode. RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Configuring Stub Routing for an EIGRP Process This task configures the distribution and remote routers to use an EIGRP process for stub routing. Before You Begin EIGRP stub routing should be used only on remote routers. A stub router is defined as a router connected to the network core or distribution layer through which core transit traffic should not flow. A stub router should not have any EIGRP neighbors other than distribution routers. Ignoring this restriction causes undesirable behavior. Note Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 187 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Stub Routing for an EIGRP ProcessSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 } 4. stub [ receive-only | {[ connected ] [ redistributed ] [ static ] [ summary ]}] 5. Do one of the following: • end • commit 6. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id | static ] DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RRP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 } Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 stub [ receive-only | {[ connected ] [ Configures a router as a stub for EIGRP. redistributed ] [ static ] [ summary ]}] Step 4 Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# stub receive-only Step 5 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before • commit Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 188 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring Stub Routing for an EIGRP ProcessCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end exiting(yes/no/cancel)?[cancel]: ? Entering yessaves configuration changesto the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Verifies that a remote router has been configured as a stub router with EIGRP. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id | static ] Step 6 The last line of the output shows the stub status of the remote or spoke router. Example: RP/0/RSP0/CPU0:router# show eigrp neighbors detail Configuring EIGRP as a PE-CE Protocol Perform thistask to configure EIGRP on the provider edge (PE) and establish provider edge-to-customer edge (PE-CE) communication using EIGRP. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 189 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 } 5. router-id router-id 6. autonomous-system as-number 7. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] 8. interface type interface-path-id 9. site-of-origin { as-number:number | ip-address : number } 10. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 vrf vrf-name Configures a VPN routing and forwarding (VRF) instance. Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_A Step 3 address-family { ipv4 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 190 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose router-id router-id Configures a router ID for the EIGRP process. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# router-id 33 Step 5 Configures an EIGRP routing process to run within the VRF instance. autonomous-system as-number Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 2 Step 6 You must configure the autonomoussystem under VRF configuration to bring-up the VRF interface. Note redistribute {{ bgp | connected | isis | ospf | ospfv3 Injects routes from one routing domain into EIGRP. | rip | static } [ as-number | instance-name ]} [ route-policy name ] Step 7 Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 100 Configures the interface on which EIGRP the routing protocol runs. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# interface gigabitEthernet 0/1/5/0 Step 8 Configuresthe site-of-origin (SoO) filtering on the EIGRP interface. site-of-origin { as-number:number | ip-address : number } Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 3:4 Step 9 Step 10 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end before exiting(yes/no/cancel)?[cancel]: or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 191 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Redistributing BGP Routes into EIGRP Perform this task to redistribute BGP routes into EIGRP. Typically, EIGRP routes are redistributed into BGP with extended community information appended to the route. BGP carries the route over the VPN backbone with the EIGRP-specific information encoded in the BGP extended community attributes. After the peering customer site receives the route, EIGRP redistributes the BGP route then extractsthe BGP extended community information and reconstructsthe route asit appeared in the original customer site. When redistributing BGP routes into EIGRP, the receiving provider edge (PE) EIGRP router looks for BGP extended community information. If the information is received, it is used to recreate the original EIGRP route. If the information is missing, EIGRP uses the configured default metric value. If the metric values are not derived from the BGP extended community and a default metric is not configured, the route is not advertised to the customer edge (CE) router by the PE EIGRP. When BGP is redistributed into BGP, metrics may not be added to the BGP prefix as extended communities; for example, if EIGRP is not running on the other router. In this case, EIGRP is redistributed into BGP with a “no-metrics” option. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 192 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing BGP Routes into EIGRPSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 } 5. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] 6. route-policy route-policy-name { in | out } 7. default-metric bandwidth delay reliability loading mtu 8. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 vrf vrf-name Configures a VRF instance. Example: RP/0/RSP0/CPU0:router(config-eigrp)# router eigrp 100 Step 3 address-family { ipv4 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 redistribute {{ bgp | connected | isis | ospf | Injects routes from one routing domain into EIGRP. ospfv3 | rip | static } [ as-number | instance-name ]} [ route-policy name ] Step 5 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 193 Implementing EIGRP on Cisco ASR 9000 Series Router Redistributing BGP Routes into EIGRPCommand or Action Purpose Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 100 Applies a routing policy to updates advertised to or received from an EIGRP neighbor. route-policy route-policy-name { in | out } Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# route-policy policy_A in Step 6 default-metric bandwidth delay reliability loading mtu Configures metrics for EIGRP. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# default-metric 1000 100 250 100 1500 Step 7 Step 8 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# commit ? Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session. Monitoring EIGRP Routing The commands in this section are used to log neighbor adjacency changes, monitor the stability of the routing system, and help detect problems. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 194 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingSUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family [ ipv4 ] 4. log-neighbor-changes 5. log-neighbor-warnings 6. Do one of the following: • end • commit 7. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id ] 8. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ] 9. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting 10. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ] 11. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ detail ] [ type interface-path-id | static ] 12. show protocols eigrp [ vrf vrf-name ] 13. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ ip-address mask ] [ active | all-links | detail-links | pending | summary | zero-successors ] 14. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] traffic DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family [ ipv4 ] Enters an address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 195 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingCommand or Action Purpose Enables the logging of changes in EIGRP neighbor adjacencies. log-neighbor-changes Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# log-neighbor-changes Step 4 Enables the logging of EIGRP neighbor warning messages. log-neighbor-warnings Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# log-neighbor-warnings Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-af)# commit configuration session, and returns the router to EXEC mode. ? Entering no exits the configuration session and returnsthe router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Deletes EIGRP and VPN neighbor entries from the appropriate table. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id ] Example: RP/0/RSP0/CPU0:routerr# clear eigrp 20 neighbors GigabitEthernet 0/1/0/0 Step 7 Deletes EIGRP and VRF topology entries from the appropriate tab. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ] Example: RP/0/RSP0/CPU0:router# clear eigrp topology Step 8 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 196 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Monitoring EIGRP RoutingCommand or Action Purpose Displays prefix accounting information for EIGRP processes. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting Example: RP/0/RSP0/CPU0:router# show eigrp vrf all accounting Step 9 Displays information about interfaces configured for EIGRP. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ] Example: RP/0/RSP0/CPU0:router# show eigrp interfaces detail Step 10 show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays the neighbors discovered by EIGRP. neighbors [ detail ] [ type interface-path-id | static ] Step 11 Example: RP/0/RSP0/CPU0:router# show eigrp neighbors 20 detail static Displays information about the EIGRP process configuration. show protocols eigrp [ vrf vrf-name ] Example: RP/0/RSP0/CPU0:router# show protocols eigrp Step 12 show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays entries in the EIGRP topology table. topology [ ip-address mask ] [ active | all-links | detail-links | pending | summary | zero-successors ] Step 13 Example: RP/0/RSP0/CPU0:router# show eigrp topology 10.0.0.1 253.254.255.255 summary show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displaysthe number of EIGRP packetssent and received. traffic Step 14 Example: RP/0/RSP0/CPU0:router# show eigrp traffic Configuring an EIGRP Authentication Keychain Perform the following tasks to configure an authentication keychain on EIGRP interfaces. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 197 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainConfiguring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a default VRF. SUMMARY STEPS 1. configure 2. router eigrp as-number 3. address-family { ipv4 | ipv6 } 4. interface type interface-path-id 5. authentication keychain keychain-name 6. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4 Step 3 Configures the interface on which EIGRP the routing protocol runs. interface type interface-path-id Example: RP/0/RSP0/CPU0:router(config-eigrp-af)# Step 4 interface gigabitEthernet 0/1/5/0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 198 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainCommand or Action Purpose Authenticates all EIGRP protocol traffic on the interface, based on the MD5 algorithm. authentication keychain keychain-name Example: RP/0/RSP0/CPU0:router(config-eigrp-af-if)# authentication keychain Step 5 Step 6 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a nondefault VRF. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 199 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainSUMMARY STEPS 1. configure 2. router eigrp as-number 3. vrf vrf-name 4. address-family { ipv4 | ipv6 } 5. interface type interface-path-id 6. authentication keychain keychain-name 7. Do one of the following: • end • commit DETAILED STEPS Command or Action Purpose configure Enters global configuration mode. Example: RP/0/RSP0/CPU0:router# configure Step 1 Specifies the autonomous system number of the routing process to configure an EIGRP routing process. router eigrp as-number Example: RP/0/RSP0/CPU0:router(config)# router eigrp 100 Step 2 Creates a VRF instance and enters VRF configuration mode. vrf vrf-name Example: RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf1 Step 3 address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4 Step 4 interface type interface-path-id Configures the interface on which EIGRP runs. Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# Step 5 interface gigabitEthernet 0/1/5/0 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 200 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication KeychainCommand or Action Purpose Authenticates all EIGRP protocol traffic on the interface, based on the MD5 algorithm. authentication keychain keychain-name Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# authentication keychain Step 6 Step 7 Do one of the following: Saves configuration changes. • end • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]: • commit Example: RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end ? Entering yes saves configuration changes to the running configuration file, exits the or RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit configuration session, and returns the router to EXEC mode. ? Entering no exitsthe configuration session and returns the router to EXEC mode without committing the configuration changes. ? Entering cancel leavesthe router in the current configuration session without exiting or committing the configuration changes. • Use the commit command to save the configuration changesto the running configuration file and remain within the configuration session. Configuration Examples for Implementing EIGRP This section provides the following configuration examples: Configuring a Basic EIGRP Configuration: Example The following example shows how to configure EIGRP with a policy that filters incoming routes. This is a typical configuration for a router that has just one neighbor, but advertises other connected subnets. router eigrp 144 address-family ipv4 metric maximum-hops 20 router-id 10.10.9.4 route-policy GLOBAL_FILTER_POLICY in log-neighbor-changes Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 201 Implementing EIGRP on Cisco ASR 9000 Series Router Configuration Examples for Implementing EIGRPlog-neighbor-warnings interface Loopback0 ! interface GigabitEthernet 0/2/0/0 passive-interface ! interface GigabitEthernet 0/6/0/0 hello-interval 8 hold-time 30 summary-address 10.0.0.0 255.255.0.0 ! Configuring an EIGRP Stub Operation: Example The following example shows how to configure an EIGRP stub. Stub operation allows only connected, static, and summary routes to be advertised to neighbors. router eigrp 200 address-family ipv4 stub connected static summary router-id 172.16.82.22 log-neighbor-changes log-neighbor-warnings redistribute connected route-policy CONN_POLICY interface GigabitEthernet0/6/0/0 passive-interface neighbor 10.0.0.31 ! interface GigabitEthernet0/6/0/1 passive-interface neighbor 10.0.1.21 ! ! ! Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example The following example shows how to configure EIGRP to operate as a PE-CE protocol on a PE router. The configuration is under VRF CUSTOMER_1. A maximum prefix is typically configured to ensure that one set of customer routes do not overwhelm the EIGRP process. router eigrp 500 vrf CUSTOMER_1 address-family ipv4 timers nsf route-hold 300 router-id 172.16.6.11 maximum-prefix 450 70 default-metric 200000 10000 195 10 1500 log-neighbor-changes log-neighbor-warnings redistribute maximum-prefix 350 70 redistribute bgp 1.65500 route-policy SITE_1_POLICY interface GigabitEthernet 0/4/0/5 neighbor 10.22.1.1 ! ! ! Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 202 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Stub Operation: ExampleConfiguring an EIGRP Authentication Keychain: Example The following example shows how to configure an authentication keychain for an IPv4 interface on a nondefault VRF: RP/0/RSP0/CPU0:router(config)#router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)#vrf vrf1 RP/0/RSP0/CPU0:router(config-eigrp-vrf)#address-family ipv4 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#authentication keychain key1 The following example shows how to configure an authentication keychain for an IPv6 interface on a default VRF: RP/0/RSP0/CPU0:router(config)#router eigrp 100 RP/0/RSP0/CPU0:router(config-eigrp)#address-family ipv6 RP/0/RSP0/CPU0:router(config-eigrp-af)#interface POS 0/1/0/0 RP/0/RSP0/CPU0:router(config-eigrp-af-if)#authentication keychain key2 Additional References The following sections provide references related to implementing EIGRP. Related Documents Related Topic Document Title Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference EIGRP commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Implementing MPLS Layer 3 VPNs module and Implementing MPLS Layer 2 VPNs module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide MPLS VPN support for EIGRP feature information Implementing MPLS Traffic Engineering on Cisco ASR 9000 Series Router module in Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Site of Origin (SoO) support for EIGRP feature information Cisco ASR 9000 Series Aggregation Services Router MIB Specification Guide. MIB Reference Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 203 Implementing EIGRP on Cisco ASR 9000 Series Router Configuring an EIGRP Authentication Keychain: ExampleStandards Standards Title No new or modified standards are supported by this — feature, and support for existing standards has not been modified by this feature. MIBs MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/ sw-center/netmgmt/cmtk/mibs.shtml — RFCs RFCs Title No new or modified RFCs are supported by this — feature, and support for existing standards has not been modified by this feature. Technical Assistance Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 204 OL-26048-02 Implementing EIGRP on Cisco ASR 9000 Series Router Additional ReferencesC H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router Integrated Intermediate System-to-Intermediate System (IS-IS), Internet Protocol Version 4 (IPv4), is a standards-based Interior Gateway Protocol (IGP). Cisco IOS XR software implements the IP routing capabilities described in International Organization for Standardization (ISO)/International Engineering Consortium (IEC) 10589 and RFC 1995, and adds the standard extensions for single topology and multitopology IS-IS for IP Version 6 (IPv6). This module describes how to implement IS-IS (IPv4 and IPv6) on your Cisco IOS XR network. This module describes how to implement IS-IS (IPv4 and IPv6) on Cisco ASR 9000 Series Aggregation Services Routers. For more information about IS-IS on Cisco IOS XR software and complete descriptions of the IS-IS commands listed in this module, refer to the Related Documents, on page 269 section of this module. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List. Note Feature History for Implementing IS-IS Release Modification Release 3.7.2 This feature was introduced. Release 3.9.0 Support for IPv6 and was added. Support was added for the following features: • IP Fast Re-route Per Prefix Computation. • IP Fast Re-route Per Link Computation. Release 4.0.1 • Prerequisites for Implementing IS-IS, page 206 Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x OL-26048-02 205• Restrictions for Implementing IS-IS, page 206 • Information About Implementing IS-IS , page 206 • How to Implement IS-IS, page 217 • Configuration Examples for Implementing IS-IS , page 266 • Where to Go Next, page 269 • Additional References, page 269 Prerequisites for Implementing IS-IS You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance. Restrictions for Implementing IS-IS When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process). Instances may not share an interface. Information About Implementing IS-IS To implement IS-IS you need to understand the following concepts: IS-IS Functional Overview Small IS-IS networks are typically built as a single area that includes all routers in the network. As the network grows larger, it may be reorganized into a backbone area made up of the connected set of all Level 2 routers from all areas, which is in turn connected to local areas. Within a local area, routers know how to reach all system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to reach other areas. The IS-IS routing protocolsupportsthe configuration of backbone Level 2 and Level 1 areas and the necessary support for moving routing information between the areas. Routers establish Level 1 adjacencies to perform routing within a local area (intra-area routing). Routers establish Level 2 adjacencies to perform routing between Level 1 areas (interarea routing). For Cisco IOS XR software software, each IS-IS instance can support either a single Level 1 or Level 2 area, or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing. You can change the level of routing to be performed by a particular routing instance using the is-type command. Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x 206 OL-26048-02 Implementing IS-IS on Cisco ASR 9000 Series Router Prerequisites for Implementing IS-ISKey Features Supported in th